Skip to content

Commit

Permalink
Merge pull request #183 from cagov/dof-public-s3-bucket
Browse files Browse the repository at this point in the history 
Create public S3 bucket for building footprint artifacts.
  • Loading branch information
@britt-allen
britt-allen authored Aug 24, 2023
2 parents 475fb87 + 5840e94 commit 1a08ce6
Show file tree
Hide file tree
Showing 2 changed files with 56 additions and 0 deletions.
5 changes: 5 additions & 0 deletions docs/cloud-infrastructure.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -207,10 +207,14 @@ No modules.
| [aws_route_table.public](https://registry.terraform.io/providers/hashicorp/aws/4.56.0/docs/resources/route_table) | resource |
| [aws_route_table_association.private](https://registry.terraform.io/providers/hashicorp/aws/4.56.0/docs/resources/route_table_association) | resource |
| [aws_route_table_association.public](https://registry.terraform.io/providers/hashicorp/aws/4.56.0/docs/resources/route_table_association) | resource |
| [aws_s3_bucket.dof_demographics_public](https://registry.terraform.io/providers/hashicorp/aws/4.56.0/docs/resources/s3_bucket) | resource |
| [aws_s3_bucket.dsa_project](https://registry.terraform.io/providers/hashicorp/aws/4.56.0/docs/resources/s3_bucket) | resource |
| [aws_s3_bucket.mwaa](https://registry.terraform.io/providers/hashicorp/aws/4.56.0/docs/resources/s3_bucket) | resource |
| [aws_s3_bucket.scratch](https://registry.terraform.io/providers/hashicorp/aws/4.56.0/docs/resources/s3_bucket) | resource |
| [aws_s3_bucket_policy.dof_demographics_public_read_access](https://registry.terraform.io/providers/hashicorp/aws/4.56.0/docs/resources/s3_bucket_policy) | resource |
| [aws_s3_bucket_public_access_block.dof_demographics_public](https://registry.terraform.io/providers/hashicorp/aws/4.56.0/docs/resources/s3_bucket_public_access_block) | resource |
| [aws_s3_bucket_public_access_block.mwaa](https://registry.terraform.io/providers/hashicorp/aws/4.56.0/docs/resources/s3_bucket_public_access_block) | resource |
| [aws_s3_bucket_versioning.dof_demographics_public](https://registry.terraform.io/providers/hashicorp/aws/4.56.0/docs/resources/s3_bucket_versioning) | resource |
| [aws_s3_bucket_versioning.dsa_project](https://registry.terraform.io/providers/hashicorp/aws/4.56.0/docs/resources/s3_bucket_versioning) | resource |
| [aws_s3_bucket_versioning.mwaa](https://registry.terraform.io/providers/hashicorp/aws/4.56.0/docs/resources/s3_bucket_versioning) | resource |
| [aws_security_group.batch](https://registry.terraform.io/providers/hashicorp/aws/4.56.0/docs/resources/security_group) | resource |
Expand All @@ -228,6 +232,7 @@ No modules.
| [aws_iam_policy_document.aws_batch_service_policy](https://registry.terraform.io/providers/hashicorp/aws/4.56.0/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.batch_submit_policy_document](https://registry.terraform.io/providers/hashicorp/aws/4.56.0/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.default_ecr_policy_document](https://registry.terraform.io/providers/hashicorp/aws/4.56.0/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.dof_demographics_public_read_access](https://registry.terraform.io/providers/hashicorp/aws/4.56.0/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.mwaa](https://registry.terraform.io/providers/hashicorp/aws/4.56.0/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.s3_dsa_project_policy_document](https://registry.terraform.io/providers/hashicorp/aws/4.56.0/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.s3_list_all_my_buckets](https://registry.terraform.io/providers/hashicorp/aws/4.56.0/docs/data-sources/iam_policy_document) | data source |
Expand Down
51 changes: 51 additions & 0 deletions terraform/aws/modules/infra/s3.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,57 @@ resource "aws_s3_bucket_public_access_block" "mwaa" {
restrict_public_buckets = true
}

##################################
# DSE MDSA Project Buckets #
##################################

resource "aws_s3_bucket" "dof_demographics_public" {
bucket = "dof-demographics-${var.environment}-${var.region}-public"
tags = {
Owner = "dof"
Project = "demographics"
}
}

resource "aws_s3_bucket_versioning" "dof_demographics_public" {
bucket = aws_s3_bucket.dof_demographics_public.bucket
versioning_configuration {
status = "Enabled"
}
}

data "aws_iam_policy_document" "dof_demographics_public_read_access" {
statement {
principals {
type = "AWS"
identifiers = ["*"]
}
actions = [
"s3:GetObject",
"s3:ListBucket",
]

resources = [
aws_s3_bucket.dof_demographics_public.arn,
"${aws_s3_bucket.dof_demographics_public.arn}/*",
]
}
}

resource "aws_s3_bucket_policy" "dof_demographics_public_read_access" {
bucket = aws_s3_bucket.dof_demographics_public.id
policy = data.aws_iam_policy_document.dof_demographics_public_read_access.json
}

resource "aws_s3_bucket_public_access_block" "dof_demographics_public" {
bucket = aws_s3_bucket.dof_demographics_public.id

block_public_acls = false
block_public_policy = false
ignore_public_acls = false
restrict_public_buckets = false
}

##################################
# AAE DSA Project Buckets #
##################################
Expand Down

0 comments on commit 1a08ce6

Please sign in to comment.