kirby/documentation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
documentation/terraform/modules/applications/buckets.tf

116 lines
4.2 KiB
HCL
Raw Blame History

resource "scaleway_object_bucket" "s3_buckets" {
for_each = (var.buckets_list == null) ? {} : { for b in var.buckets_list : b.bucket_name => b }
name = each.value.bucket_name
tags = each.value.bucket_tags
region = each.value.bucket_region
project_id = var.project_id
versioning {
enabled = each.value.bucket_versioning
}
/* Dans cette section, on ajoute un bloc lifecycle_rule pour chaque
élément présent dans la liste lifecycle_rules de l'objet buckets.
*/
dynamic "lifecycle_rule" {
for_each = each.value.bucket_lifecycle_rules
content {
id = lifecycle_rule.value["id"]
prefix = lifecycle_rule.value["prefix"]
enabled = lifecycle_rule.value["enabled"]
tags = lifecycle_rule.value["tags"]
/* On ajoute les blocs expiration ou transition en fonction
de la présence ou non des variables expiration_days,
transition_days et transition_sc. Au moins l'un de ces blocs
est obligatoire pour que la règle soit valide.
*/
dynamic "expiration" {
for_each = lifecycle_rule.value["expiration_days"] == null ? [] : [1]
content {
days = lifecycle_rule.value["expiration_days"]
}
}
dynamic "transition" {
for_each = (lifecycle_rule.value["transition_days"] == null) && (lifecycle_rule.value["transition_sc"] == null) ? [] : [1]
content {
days = lifecycle_rule.value["transition_days"]
storage_class = lifecycle_rule.value["transition_sc"]
}
}
}
}
depends_on = [
scaleway_iam_api_key.keys
]
}
resource "scaleway_object_bucket_policy" "s3_policies" {
for_each = (var.buckets_list == null) ? {} : { for b in var.buckets_list : b.bucket_name => b }
bucket = each.value.bucket_name
policy = jsonencode({
Version = "2023-04-17",
Id = "${each.value.bucket_name}",
Statement = [
{
Sid = "RW-${each.value.bucket_name}",
Effect = "Allow",
Principal = {
SCW = "application_id:${scaleway_iam_application.apps.id}"
},
Action = "${each.value.bucket_policy_actions}",
Resource = [
"${each.value.bucket_name}",
"${each.value.bucket_name}/*"
],
},
{
Sid = "Other-${each.value.bucket_name}",
Effect = "Allow",
Principal = {
SCW = "${each.value.other_app_access}"
},
Action = "${each.value.other_app_policy_actions}",
Resource = [
"${each.value.bucket_name}",
"${each.value.bucket_name}/*"
],
},
{
Sid = "Admin-${each.value.bucket_name}",
Effect = "Allow",
Principal = {
SCW = var.admins_user_id
},
Action = "s3:*",
Resource = [
"${each.value.bucket_name}",
"${each.value.bucket_name}/*"
],
},
{
Sid = "Readonly-${each.value.bucket_name}",
Effect = "Allow",
Principal = {
SCW = var.readonly_users_id
},
Action = ["s3:*"],
Resource = [
"${each.value.bucket_name}",
"${each.value.bucket_name}/*"
],
"Condition": {
"StringLike": {
"aws:Referer": "https://console.scaleway.com/*"
}
}
}
]
})
depends_on = [
scaleway_object_bucket.s3_buckets
]
}
Reference in New Issue View Git Blame Copy Permalink