TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / ci / terraform / refs/heads/master / . / backups.tf
blob: 49bb6b32d75d5c0dd6cdbb886697bc1b1c68c743 [file] [log] [blame]
Riku Voipiocc7f42f2021-02-17 15:00:32 +0200[diff] [blame]1module "trustedfirmware_backups" {
2 source = "./modules/resources/s3"
3 bucket = "trustedfirmware-backups"
4 acl = "private"
5}
6
7module "s3_backup_policy" {
8 source = "./modules/resources/iam_policy"
9 name = "s3_backup_policy"
10 policy_file = "templates/role_policy.tmpl"
11 actions = [
12 "s3:AbortMultipartUpload",
Riku Voipio3655e9c2021-02-18 10:49:20 +0200[diff] [blame]13 "s3:CreateBucket",
Riku Voipiocc7f42f2021-02-17 15:00:32 +0200[diff] [blame]14 "s3:ListBucket",
15 "s3:ListBucketMultipartUploads",
16 "s3:PutObject",
17 "s3:GetObject",
18 "s3:DeleteObject",
19 "s3:PutObjectAcl"
20 ]
21 resources = [
Riku Voipio3655e9c2021-02-18 10:49:20 +0200[diff] [blame]22 "arn:aws:s3:::trustedfirmware-backups",
23 "arn:aws:s3:::trustedfirmware-backups/*"
Riku Voipiocc7f42f2021-02-17 15:00:32 +0200[diff] [blame]24 ]
25}
26
27module "backup_policy_attach" {
28 source = "./modules/resources/iam_user_policy_attachement"
29 user = "cloud-backups"
30 policy_arn = module.s3_backup_policy.arn
31}
32
33