Skip to content

Commit

Permalink
feat(infra): create media bucket (#1536)
Browse files Browse the repository at this point in the history
* chore: rename testcase.tf file

* feat: create media s3 bucket

* chore: connect media bucket and admin cluster
  • Loading branch information
k1g99 authored Mar 4, 2024
1 parent 4780930 commit 04da950
Show file tree
Hide file tree
Showing 4 changed files with 69 additions and 0 deletions.
11 changes: 11 additions & 0 deletions infra/modules/codedang-infra/backend/admin-task-definition.tftpl
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,17 @@
{
"name" : "TESTCASE_SECRET_KEY",
"value" : "${testcase_secret_key}"
},
"name" : "MEDIA_BUCKET_NAME",
"value" : "${media_bucket_name}"
},
{
"name" : "MEDIA_ACCESS_KEY",
"value" : "${media_access_key}"
},
{
"name" : "MEDIA_SECRET_KEY",
"value" : "${media_secret_key}"
}
],
"logConfiguration": {
Expand Down
3 changes: 3 additions & 0 deletions infra/modules/codedang-infra/ecs-api-admin.tf
Original file line number Diff line number Diff line change
Expand Up @@ -113,6 +113,9 @@ resource "aws_ecs_task_definition" "admin_api" {
testcase_bucket_name = aws_s3_bucket.testcase.id,
testcase_access_key = aws_iam_access_key.testcase.id,
testcase_secret_key = aws_iam_access_key.testcase.secret,
media_bucket_name = aws_s3_bucket.media.id,
media_access_key = aws_iam_access_key.media.id,
media_secret_key = aws_iam_access_key.media.secret,
loki_url = var.loki_url,
})
execution_role_arn = aws_iam_role.ecs_task_execution_role.arn
Expand Down
55 changes: 55 additions & 0 deletions infra/modules/codedang-infra/s3-media.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
resource "aws_s3_bucket" "media" {
bucket = "codedang-media"

tags = {
Name = "Codedang-Media"
}
}

# public access for objects
resource "aws_s3_bucket_public_access_block" "block_public_access" {
bucket = aws_s3_bucket.media.id
block_public_acls = false
block_public_policy = false
ignore_public_acls = false
restrict_public_buckets = false
}

data "aws_iam_policy_document" "media_permissions" {
statement {
actions = ["s3:GetObject"]
resources = ["${aws_s3_bucket.media.arn}/*"]

principals {
type = "*"
identifiers = ["*"]
}
}
}

resource "aws_s3_bucket_policy" "media" {
bucket = aws_s3_bucket.media.id
policy = data.aws_iam_policy_document.media_permissions.json
}

# user for admin api
resource "aws_iam_user" "media" {
name = "user-codedang-media"
}

data "aws_iam_policy_document" "media_s3" {
statement {
actions = ["s3:GetObject", "s3:PutObject", "s3:DeleteObject"]
resources = ["${aws_s3_bucket.media.arn}/*"]
}
}

resource "aws_iam_user_policy" "media_s3" {
name = "codedang-media-s3"
user = aws_iam_user.media.name
policy = data.aws_iam_policy_document.media_s3.json
}

resource "aws_iam_access_key" "media" {
user = aws_iam_user.media.name
}
File renamed without changes.

0 comments on commit 04da950

Please sign in to comment.