build: create two buckets one for images, other genral

AshGw · May 10, 2024 · 3b6c792 · 3b6c792
1 parent 362e5c7
commit 3b6c792
Show file tree

Hide file tree

Showing 9 changed files with 282 additions and 74 deletions.
diff --git a/infra/content/public/output.tf b/infra/content/public/output.tf
@@ -0,0 +1,9 @@
+output "bucket_domains" {
+  description = "Domain names of the buckets"
+  value = [
+    for bucket_name, bucket in aws_s3_bucket.buckets : {
+      name     = bucket_name
+      domain   = bucket.website_domain != null ? bucket.website_domain : null
+    } if bucket.website_domain != null
+  ]
+}
diff --git a/infra/public-content/images/s3.tf → infra/content/public/s3.tf b/infra/public-content/images/s3.tf → infra/content/public/s3.tf
@@ -1,9 +1,14 @@
-resource "aws_s3_bucket" "public_bucket" {
-  bucket = var.bucket_name
+
+resource "aws_s3_bucket" "buckets" {
+  for_each = { for idx, name in var.bucket_names : idx => name }
+
+  bucket = each.value
 }
 
-resource "aws_s3_bucket_cors_configuration" "public_bucket" {
-  bucket = aws_s3_bucket.public_bucket.id
+resource "aws_s3_bucket_cors_configuration" "buckets" {
+  for_each = aws_s3_bucket.buckets
+
+  bucket = each.value.id
 
   cors_rule {
     allowed_headers = ["*"]
@@ -14,15 +19,19 @@ resource "aws_s3_bucket_cors_configuration" "public_bucket" {
   }
 }
 
-resource "aws_s3_bucket_acl" "public_bucket" {
-  bucket     = aws_s3_bucket.public_bucket.id
+resource "aws_s3_bucket_acl" "buckets" {
+  for_each = aws_s3_bucket.buckets
+
+  bucket     = each.value.id
   acl        = "public-read"
   depends_on = [aws_s3_bucket_ownership_controls.s3_bucket_acl_ownership]
 }
 
 resource "aws_s3_bucket_ownership_controls" "s3_bucket_acl_ownership" {
-  bucket = aws_s3_bucket.public_bucket.id
-  rule {
+  for_each = aws_s3_bucket.buckets
+
+  bucket = each.value.id
+    rule {
     object_ownership = "BucketOwnerPreferred"
   }
   depends_on = [aws_s3_bucket_public_access_block.example]
@@ -33,40 +42,43 @@ resource "aws_iam_user" "bucket_owner" {
 }
 
 resource "aws_s3_bucket_public_access_block" "example" {
-  bucket = aws_s3_bucket.public_bucket.id
+  for_each = aws_s3_bucket.buckets
+
+  bucket = each.value.id
 
   block_public_acls       = false
   block_public_policy     = false
   ignore_public_acls      = false
   restrict_public_buckets = false
 }
-
 resource "aws_s3_bucket_policy" "prod" {
-  bucket = aws_s3_bucket.public_bucket.id
+  for_each = aws_s3_bucket.buckets
+
+  bucket = each.value.id
+
   policy = jsonencode({
-    Version = "2012-10-17"
+    Version   = "2012-10-17"
     Statement = [
       {
+        Sid       = "PublicListBucket"
+        Effect    = "Allow"
         Principal = "*"
-        Action = [
-          "s3:*",
+        Action    = [
+          "s3:ListBucket"
         ]
-        Effect = "Allow"
-        Resource = [
-          "arn:aws:s3:::${var.bucket_name}",
-          "arn:aws:s3:::${var.bucket_name}/*"
+        Resource  = [
+          "${each.value.arn}",
         ]
       },
       {
-        Sid       = "PublicReadGetObject"
+        Sid       = "PublicGetObject"
+        Effect    = "Allow"
         Principal = "*"
-        Action = [
-          "s3:GetObject",
+        Action    = [
+          "s3:GetObject"
         ]
-        Effect = "Allow"
-        Resource = [
-          "arn:aws:s3:::${var.bucket_name}",
-          "arn:aws:s3:::${var.bucket_name}/*"
+        Resource  = [
+          "${each.value.arn}/*",
         ]
       },
     ]

diff --git a/infra/content/public/variables.tf b/infra/content/public/variables.tf
@@ -0,0 +1,15 @@
+
+variable "bucket_names" {
+  type    = list(string)
+  default = [ "ashgw-blog-public-general", "ashgw-blog-public-images"] 
+}
+
+
+
+variable "bucket_owner" {
+  type = string
+
+  default = "i-own-ashgw-blog-public-content"
+}
+
+
diff --git a/infra/main.tf b/infra/main.tf
@@ -3,8 +3,8 @@ provider "aws" {
   region = var.aws_region
 }
 
-module "images_s3_bucket" {
-  source = "./public-content/images"
+module "public_content" {
+  source = "./content/public"
 }
 
 module "ecr" {

diff --git a/infra/public-content/images/output.tf b/infra/public-content/images/output.tf
diff --git a/infra/public-content/images/variables.tf b/infra/public-content/images/variables.tf