Skip to content

Commit

Permalink
Merge pull request #3 from fillup/develop
Browse files Browse the repository at this point in the history
New deployment_user_arn feature for bucket policy
  • Loading branch information
fillup authored Jan 2, 2020
2 parents dc90619 + f6286ea commit a94f104
Show file tree
Hide file tree
Showing 4 changed files with 27 additions and 7 deletions.
12 changes: 7 additions & 5 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ supports S3 redirects. This module helps keep setup consistent for multiple Hugo
- `aliases` - A list of hostname aliases for CloudFront to listen on
- `bucket_name` - Name of bucket to use, must be globally unique
- `cert_domain` - Domain name on existing Amazon Certificate Manager certificate to use with CloudFront
- `deployment_user_arn` - ARN to a user to be given permission to put objects into the bucket

## Optional Inputs

Expand All @@ -31,17 +32,18 @@ supports S3 redirects. This module helps keep setup consistent for multiple Hugo

```hcl
module "hugosite" {
source = "github.com/fillup/terraform-hugo-s3-cloudfront"
aliases = ["www.domain.com", "domain.com"]
bucket_name = "www.domain.com"
cert_domain = "*.domain.com"
source = "github.com/fillup/terraform-hugo-s3-cloudfront"
aliases = ["www.domain.com", "domain.com"]
bucket_name = "www.domain.com"
cert_domain = "*.domain.com"
deployment_user_arn = "arn:aws:iam::111122223333:person"
}
```

## License - MIT
MIT License

Copyright (c) 2018 Phillip Shipley
Copyright (c) 2020 Phillip Shipley

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
Expand Down
14 changes: 13 additions & 1 deletion bucket-policy.json
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,23 @@
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AddPerm",
"Sid": "PublicRead",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::${bucket_name}/public/*"
},
{
"Sid": "PutWebsite",
"Effect": "Allow",
"Principal": {
"AWS": ["${deployment_user_arn}"]
},
"Action": [
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource": "arn:aws:s3:::${bucket_name}/public/*"
}
]
}
3 changes: 2 additions & 1 deletion main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,8 @@ data "template_file" "bucket_policy" {
template = "${file("${path.module}/bucket-policy.json")}"

vars {
bucket_name = "${var.bucket_name}"
bucket_name = "${var.bucket_name}"
deployment_user_arn = "${var.deployment_user_arn}"
}
}

Expand Down
5 changes: 5 additions & 0 deletions vars.tf
Original file line number Diff line number Diff line change
Expand Up @@ -106,3 +106,8 @@ variable "viewer_protocol_policy" {
type = "string"
default = "redirect-to-https"
}

variable "deployment_user_arn" {
description = "ARN for user who is able to put objects into S3 bucket"
type = "string"
}

0 comments on commit a94f104

Please sign in to comment.