| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465 |
- # Create an IAM role for the Web Servers.
- resource "aws_iam_role" "nuxeo_iam_role" {
- name = "${var.stack_name}"
- assume_role_policy = <<EOF
- {
- "Version": "2012-10-17",
- "Statement": [
- {
- "Action": "sts:AssumeRole",
- "Principal": {
- "Service": "ec2.amazonaws.com"
- },
- "Effect": "Allow",
- "Sid": ""
- }
- ]
- }
- EOF
- }
- resource "aws_iam_instance_profile" "nuxeo_instance_profile" {
- name = "${var.stack_name}"
- roles = ["nuxeo_iam_role"]
- }
- resource "aws_iam_role_policy" "nuxeo_iam_role_policy" {
- name = "${var.stack_name}"
- role = "${aws_iam_role.nuxeo_iam_role.id}"
- policy = <<EOF
- {
- "Version": "2012-10-17",
- "Statement": [
- {
- "Effect": "Allow",
- "Action": ["s3:ListBucket"],
- "Resource": ["arn:aws:s3:::bucket-name"]
- },
- {
- "Effect": "Allow",
- "Action": [
- "s3:PutObject",
- "s3:GetObject",
- "s3:DeleteObject"
- ],
- "Resource": [
- "arn:aws:s3:::nuxeo-${sha1("${var.stack_name}")}/*",
- "arn:aws:s3:::nuxeo-backup-${sha1("${var.stack_name}")}/*" <
- ]
- }
- ]
- }
- EOF
- }
- resource "aws_s3_bucket" "apps_bucket" {
- bucket = "bucket-name"
- acl = "private"
- versioning {
- enabled = true
- }
- tags {
- Name = "bucket-name"
- }
- }
|
