From 79ebc1dc2b1cd957ec258fce9f52cbbc16359d72 Mon Sep 17 00:00:00 2001 From: Daniel Tomlinson Date: Fri, 17 Jul 2020 00:32:27 +0100 Subject: [PATCH] Updating terraform with s3 policy --- infrastructure/main.tf | 2 +- .../terraform.tfstate.d/prod-eu-west-1/terraform.tfstate | 2 +- .../prod-eu-west-1/terraform.tfstate.backup | 9 ++++----- infrastructure/variables.tf | 4 ---- infrastructure/variables/prod-eu-west-1.tfvars | 1 - 5 files changed, 6 insertions(+), 12 deletions(-) diff --git a/infrastructure/main.tf b/infrastructure/main.tf index c22396d..9a3a28b 100644 --- a/infrastructure/main.tf +++ b/infrastructure/main.tf @@ -35,7 +35,7 @@ module "cloudfront_s3_cdn" { "Effect":"Allow", "Principal": "*", "Action":["s3:GetObject"], - "Resource": "arn:aws:s3:::${var.bucket_name}/*" + "Resource": "arn:aws:s3:::${module.cloudfront_s3_cdn.s3_bucket}/*" } ] } diff --git a/infrastructure/terraform.tfstate.d/prod-eu-west-1/terraform.tfstate b/infrastructure/terraform.tfstate.d/prod-eu-west-1/terraform.tfstate index 312ecd7..b2e19b7 100644 --- a/infrastructure/terraform.tfstate.d/prod-eu-west-1/terraform.tfstate +++ b/infrastructure/terraform.tfstate.d/prod-eu-west-1/terraform.tfstate @@ -1,7 +1,7 @@ { "version": 4, "terraform_version": "0.12.26", - "serial": 90, + "serial": 97, "lineage": "cda52006-90fc-4aec-a630-42e69057b365", "outputs": { "cf_arn": { diff --git a/infrastructure/terraform.tfstate.d/prod-eu-west-1/terraform.tfstate.backup b/infrastructure/terraform.tfstate.d/prod-eu-west-1/terraform.tfstate.backup index f4171dd..18e8848 100644 --- a/infrastructure/terraform.tfstate.d/prod-eu-west-1/terraform.tfstate.backup +++ b/infrastructure/terraform.tfstate.d/prod-eu-west-1/terraform.tfstate.backup @@ -1,7 +1,7 @@ { "version": 4, "terraform_version": "0.12.26", - "serial": 88, + "serial": 95, "lineage": "cda52006-90fc-4aec-a630-42e69057b365", "outputs": { "cf_arn": { @@ -50,7 +50,7 @@ "attributes": { "id": "1149999058", "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"S3GetObjectForCloudFront\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::${bucket_name}${origin_path}*\",\n \"Principal\": {\n \"AWS\": \"${cloudfront_origin_access_identity_iam_arn}\"\n }\n },\n {\n \"Sid\": \"S3ListBucketForCloudFront\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::${bucket_name}\",\n \"Principal\": {\n \"AWS\": \"${cloudfront_origin_access_identity_iam_arn}\"\n }\n }\n ]\n}", - "override_json": "{\n \"Sid\":\"PublicRead\",\n \"Effect\":\"Allow\",\n \"Principal\": \"*\",\n \"Action\":[\"s3:GetObject\"],\n \"Resource\": \"arn:aws:s3:::prod-panaetius-blog-origin/*\"\n}\n", + "override_json": "{}", "policy_id": null, "source_json": null, "statement": [ @@ -116,7 +116,7 @@ "attributes": { "id": "239689126", "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"S3GetObjectForCloudFront\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::${bucket_name}${origin_path}*\",\n \"Principal\": {\n \"AWS\": \"*\"\n }\n }\n ]\n}", - "override_json": "{\n \"Sid\":\"PublicRead\",\n \"Effect\":\"Allow\",\n \"Principal\": \"*\",\n \"Action\":[\"s3:GetObject\"],\n \"Resource\": \"arn:aws:s3:::prod-panaetius-blog-origin/*\"\n}\n", + "override_json": "{}", "policy_id": null, "source_json": null, "statement": [ @@ -729,11 +729,10 @@ "attributes": { "bucket": "prod-panaetius-blog-origin", "id": "prod-panaetius-blog-origin", - "policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"S3GetObjectForCloudFront\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E21A7YWJ1RT3K5\"},\"Action\":\"s3:GetObject\",\"Resource\":\"arn:aws:s3:::prod-panaetius-blog-origin/*\"},{\"Sid\":\"S3ListBucketForCloudFront\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E21A7YWJ1RT3K5\"},\"Action\":\"s3:ListBucket\",\"Resource\":\"arn:aws:s3:::prod-panaetius-blog-origin\"}]}" + "policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"S3GetObjectForCloudFront\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::prod-panaetius-blog-origin/*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E21A7YWJ1RT3K5\"\n }\n },\n {\n \"Sid\": \"S3ListBucketForCloudFront\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::prod-panaetius-blog-origin\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E21A7YWJ1RT3K5\"\n }\n }\n ]\n}" }, "private": "bnVsbA==", "dependencies": [ - "module.cloudfront_s3_cdn.aws_cloudfront_origin_access_identity.default", "module.cloudfront_s3_cdn.aws_s3_bucket.origin" ] } diff --git a/infrastructure/variables.tf b/infrastructure/variables.tf index 837bbd3..f6ef5db 100644 --- a/infrastructure/variables.tf +++ b/infrastructure/variables.tf @@ -14,10 +14,6 @@ variable "profile" { } -variable "bucket_name" { - -} - variable "acm_certificate_arn" { } diff --git a/infrastructure/variables/prod-eu-west-1.tfvars b/infrastructure/variables/prod-eu-west-1.tfvars index f74486a..d100a69 100644 --- a/infrastructure/variables/prod-eu-west-1.tfvars +++ b/infrastructure/variables/prod-eu-west-1.tfvars @@ -2,7 +2,6 @@ name = "panaetius-blog" region = "eu-west-1" stage = "prod" profile = "admin" -bucket_name = "prod-panaetius-blog-origin" acm_certificate_arn = "arn:aws:acm:us-east-1:745437999005:certificate/60af49f0-07bb-4680-8f5b-3c9a33f756e5" parent_zone_id = "Z05316671VABVSMAAF1RC" aliases = ["panaetius.io"]