diff options
| author | Trygve Laugstøl <trygvis@inamo.no> | 2021-01-10 22:23:13 +0100 |
|---|---|---|
| committer | Trygve Laugstøl <trygvis@inamo.no> | 2021-01-10 22:23:13 +0100 |
| commit | dcf9d7e3efbbe791db1a21de1dd21abf2ff22f81 (patch) | |
| tree | 4c16e01fed19fa5e5de8902785b450fdcd063ddb /terraform-minio | |
| parent | 16795884f3e915ed6d8b086fd5b6b93fc4858a27 (diff) | |
| download | infra-dcf9d7e3efbbe791db1a21de1dd21abf2ff22f81.tar.gz infra-dcf9d7e3efbbe791db1a21de1dd21abf2ff22f81.tar.bz2 infra-dcf9d7e3efbbe791db1a21de1dd21abf2ff22f81.tar.xz infra-dcf9d7e3efbbe791db1a21de1dd21abf2ff22f81.zip | |
terraform in minio
Diffstat (limited to 'terraform-minio')
| -rw-r--r-- | terraform-minio/README.md | 5 | ||||
| -rw-r--r-- | terraform-minio/main.tf | 29 | ||||
| -rw-r--r-- | terraform-minio/root.tf | 46 |
3 files changed, 80 insertions, 0 deletions
diff --git a/terraform-minio/README.md b/terraform-minio/README.md new file mode 100644 index 0000000..0e54eba --- /dev/null +++ b/terraform-minio/README.md @@ -0,0 +1,5 @@ +Special Terraform setup for creating user's in Minio for keeping other +Terraform setups in Minio. + + export TF_VAR_minio_access_key= + export TF_VAR_minio_secret_key= diff --git a/terraform-minio/main.tf b/terraform-minio/main.tf new file mode 100644 index 0000000..a08c04a --- /dev/null +++ b/terraform-minio/main.tf @@ -0,0 +1,29 @@ +terraform { + required_version = ">= 0.13" + + backend "local" { + path = "state" + } + + required_providers { + minio = { + source = "tidalf/minio" + version = "1.1.1" + } + } +} + +variable "minio_access_key" { + type = string +} + +variable "minio_secret_key" { + type = string +} + +provider "minio" { + minio_server = "minio.trygvis.io:443" + minio_ssl = "true" + minio_access_key = var.minio_access_key + minio_secret_key = var.minio_secret_key +} diff --git a/terraform-minio/root.tf b/terraform-minio/root.tf new file mode 100644 index 0000000..9751f27 --- /dev/null +++ b/terraform-minio/root.tf @@ -0,0 +1,46 @@ +resource "minio_s3_bucket" "terraform" { + bucket = "terraform" + acl = "public-read-write" +} + +resource "minio_iam_policy" "terraform-access" { + name = "terraform-access" + policy= <<EOF +{ + "Version":"2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "s3:ListBucket" + ], + "Resource": "arn:aws:s3:::terraform-trygvis" + }, + { + "Effect": "Allow", + "Action": [ + "s3:ListBucket", + "s3:GetObject", + "s3:PutObject" + ], + "Resource": "arn:aws:s3:::terraform/*" + } + ] +} +EOF +} + +# Users + +resource "minio_iam_user" "terraform-trygvis" { + name = "terraform-trygvis" +} + +resource "minio_iam_user_policy_attachment" "terraform-trygvis" { + user_name = minio_iam_user.terraform-trygvis.id + policy_name = minio_iam_policy.terraform-access.id +} + +output "terraform-trygvis_secret" { + value = minio_iam_user.terraform-trygvis.secret +} |