Skip to content

Commit 6cd44e6

Browse files
gkatziouragkatzioura
committed
Added terraform deployment scripts
1 parent 73e3f68 commit 6cd44e6

File tree

2 files changed

+81
-0
lines changed

2 files changed

+81
-0
lines changed

S3StorageWagon/deploy/README.md

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
By executing this file certain resources are going to be created.
2+
3+
A bucket in order to use as a repository
4+
5+
A policy in order to read, write to the bucket and list the files available
6+
7+
A role in order to attach it to your ec2-instance or ci/cd jobs
8+
9+
A group to attach to the users in order to be able to execute requests

S3StorageWagon/deploy/s3_repository_bucket.tf

Lines changed: 72 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,72 @@
1+
variable "bucket_name" {
2+
}
3+
4+
resource "aws_s3_bucket" "cloud_storage_maven_repo" {
5+
bucket = "${var.bucket_name}"
6+
acl = "private"
7+
8+
tags = {
9+
CloudStorageMaven = ""
10+
}
11+
}
12+
13+
resource "aws_iam_policy" "cloud_storage_maven_repo_policy" {
14+
name = "${var.bucket_name}-policy"
15+
path = "/"
16+
description = "Cloud Storage Maven Repository Bucket Policy"
17+
18+
policy = <<EOF
19+
{
20+
"Version": "2012-10-17",
21+
"Statement": [
22+
{
23+
"Effect": "Allow",
24+
"Action": [
25+
"s3:PutObject",
26+
"s3:GetObject",
27+
"s3:ListBucket",
28+
"s3:DeleteObject"
29+
],
30+
"Resource": "arn:aws:s3:::${var.bucket_name}/*"
31+
}
32+
]
33+
}
34+
EOF
35+
}
36+
37+
resource "aws_iam_role" "cloud_storage_maven_role" {
38+
name = "${var.bucket_name}-role"
39+
path = "/"
40+
description = "Cloud Storage Maven Repository Bucket Role"
41+
42+
assume_role_policy = <<EOF
43+
{
44+
"Version": "2012-10-17",
45+
"Statement": [
46+
{
47+
"Action": "sts:AssumeRole",
48+
"Principal": {
49+
"Service": "ec2.amazonaws.com"
50+
},
51+
"Effect": "Allow",
52+
"Sid": ""
53+
}
54+
]
55+
}
56+
EOF
57+
58+
}
59+
60+
resource "aws_iam_role_policy_attachment" "cloud_storage_maven_role_attach_policy" {
61+
role = "${aws_iam_role.cloud_storage_maven_role.name}"
62+
policy_arn = "${aws_iam_policy.cloud_storage_maven_repo_policy.arn}"
63+
}
64+
65+
resource "aws_iam_group" "cloud_storage_maven_group" {
66+
name = "${var.bucket_name}-group"
67+
}
68+
69+
resource "aws_iam_group_policy_attachment" "cloud_storage_maven_group_attach_policy" {
70+
group = "${aws_iam_group.cloud_storage_maven_group.name}"
71+
policy_arn = "${aws_iam_policy.cloud_storage_maven_repo_policy.arn}"
72+
}

0 commit comments

Comments
 (0)