-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy paths3.tf
80 lines (67 loc) · 1.74 KB
/
s3.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
resource "aws_s3_bucket" "default" {
bucket = "${var.app_name}-storage"
force_destroy = true
tags = {
Name = "${var.app_name}-storage"
name = "onui"
}
}
resource "aws_s3_bucket_versioning" "default" {
bucket = aws_s3_bucket.default.id
versioning_configuration {
status = "Enabled"
}
}
resource "aws_s3_bucket_public_access_block" "default" {
bucket = aws_s3_bucket.default.id
block_public_acls = false
block_public_policy = false
ignore_public_acls = false
restrict_public_buckets = false
}
resource "aws_s3_bucket_policy" "s3_policy" {
bucket = aws_s3_bucket.default.id
policy = data.aws_iam_policy_document.default.json
depends_on = [aws_s3_bucket.default, aws_s3_bucket_public_access_block.default]
}
resource "aws_s3_bucket_cors_configuration" "default" {
bucket = aws_s3_bucket.default.id
cors_rule {
allowed_headers = ["*"]
allowed_methods = ["PUT"]
allowed_origins = ["https://${var.app_name}.${var.domain}"]//나중에 Domain 추가
expose_headers = ["ETag"]
}
cors_rule {
allowed_headers = ["*"]
allowed_methods = ["GET"]
allowed_origins = ["*"]
expose_headers = ["ETag"]
}
}
data "aws_iam_policy_document" "default" {
version = "2012-10-17"
statement {
actions = ["s3:Get*"]
effect = "Allow"
resources = ["${aws_s3_bucket.default.arn}/img/*"]
principals {
identifiers = ["*"]
type = "AWS"
}
}
statement {
actions = ["s3:Put*"]
effect = "Allow"
resources = ["${aws_s3_bucket.default.arn}/img/*"]
principals {
identifiers = ["*"]
type = "AWS"
}
condition {
test = "IpAddress"
variable = "aws:SourceIp"
values = [aws_instance.ec2.public_ip]
}
}
}