TF: add backup S3 bucket For LSS-2109 Signed-off-by: Riku Voipio <riku.voipio@linaro.org> Change-Id: Iede061f0bc186ea6405a8fd400a7dd905000aeab

commit: cc7f42f9690b793d50ba20e7467c0c7b19404903 [log] [tgz]
author: Riku Voipio <riku.voipio@linaro.org> Wed Feb 17 15:00:32 2021 +0200
committer: Riku Voipio <riku.voipio@linaro.org> Wed Feb 17 13:52:43 2021 +0000
tree: 8fa2589480079dbbdd9bba916e396090bf7730df
parent: 01d132b335c22dc143987f74f5e4ad41cc407ccb [diff] [blame]
diff --git a/backups.tf b/backups.tf
new file mode 100644
index 0000000..cec2e99
--- /dev/null
+++ b/backups.tf

@@ -0,0 +1,32 @@
+module "trustedfirmware_backups" {
+  source = "./modules/resources/s3"
+  bucket = "trustedfirmware-backups"
+  acl = "private"
+}
+
+module "s3_backup_policy" {
+  source      = "./modules/resources/iam_policy"
+  name        = "s3_backup_policy"
+  policy_file = "templates/role_policy.tmpl"
+  actions = [
+                "s3:AbortMultipartUpload",
+                "s3:CompleteMultipartUpload",
+                "s3:ListBucket",
+                "s3:ListBucketMultipartUploads",
+                "s3:PutObject",
+                "s3:GetObject",
+                "s3:DeleteObject",
+                "s3:PutObjectAcl"
+  ]
+  resources = [
+                "arn:aws:s3:::trustedfirmware-backups-*/*"
+  ]
+}
+
+module "backup_policy_attach" {
+  source     = "./modules/resources/iam_user_policy_attachement"
+  user       = "cloud-backups"
+  policy_arn = module.s3_backup_policy.arn
+}
+
+
commit	cc7f42f9690b793d50ba20e7467c0c7b19404903	[log] [tgz]
author	Riku Voipio <riku.voipio@linaro.org>	Wed Feb 17 15:00:32 2021 +0200
committer	Riku Voipio <riku.voipio@linaro.org>	Wed Feb 17 13:52:43 2021 +0000
tree	8fa2589480079dbbdd9bba916e396090bf7730df
parent	01d132b335c22dc143987f74f5e4ad41cc407ccb [diff] [blame]