| module "trustedfirmware_backups" { |
| source = "./modules/resources/s3" |
| bucket = "trustedfirmware-backups" |
| acl = "private" |
| } |
| |
| module "s3_backup_policy" { |
| source = "./modules/resources/iam_policy" |
| name = "s3_backup_policy" |
| policy_file = "templates/role_policy.tmpl" |
| actions = [ |
| "s3:AbortMultipartUpload", |
| "s3:CreateBucket", |
| "s3:ListBucket", |
| "s3:ListBucketMultipartUploads", |
| "s3:PutObject", |
| "s3:GetObject", |
| "s3:DeleteObject", |
| "s3:PutObjectAcl" |
| ] |
| resources = [ |
| "arn:aws:s3:::trustedfirmware-backups", |
| "arn:aws:s3:::trustedfirmware-backups/*" |
| ] |
| } |
| |
| module "backup_policy_attach" { |
| source = "./modules/resources/iam_user_policy_attachement" |
| user = "cloud-backups" |
| policy_arn = module.s3_backup_policy.arn |
| } |
| |
| |