diff options
| author | Trygve Laugstøl <trygvis@inamo.no> | 2021-01-20 10:29:19 +0100 |
|---|---|---|
| committer | Trygve Laugstøl <trygvis@inamo.no> | 2021-01-20 10:29:19 +0100 |
| commit | d77a2af7acee55457f4cab5f3acc8e3060564196 (patch) | |
| tree | e4c3ffc2af288b7f5b6e1aadc93a147075bb1832 /terraform | |
| parent | ed65919b0327e733c6863d397ba354badf2a280e (diff) | |
| download | infra-d77a2af7acee55457f4cab5f3acc8e3060564196.tar.gz infra-d77a2af7acee55457f4cab5f3acc8e3060564196.tar.bz2 infra-d77a2af7acee55457f4cab5f3acc8e3060564196.tar.xz infra-d77a2af7acee55457f4cab5f3acc8e3060564196.zip | |
Minio + wal-g
Diffstat (limited to 'terraform')
| -rw-r--r-- | terraform/main.tf | 12 | ||||
| -rw-r--r-- | terraform/minio/user.tf | 24 | ||||
| -rw-r--r-- | terraform/modules/minio-pg-backup/main.tf | 63 | ||||
| -rw-r--r-- | terraform/modules/minio-pg-backup/vars.tf | 3 |
4 files changed, 74 insertions, 28 deletions
diff --git a/terraform/main.tf b/terraform/main.tf index 71db6a8..74dc140 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -74,10 +74,14 @@ module "dns" { source = "./dns" } -module "minio" { - source = "./minio" +module "pg-backup-knot" { + source = "./modules/minio-pg-backup" + id = "knot" } -output "secret" { - value = module.minio.secret +output "pg_backup_knot" { + value = { + sender: module.pg-backup-knot.sender, + bucket: module.pg-backup-knot.bucket, + } } diff --git a/terraform/minio/user.tf b/terraform/minio/user.tf index b0148a7..e69de29 100644 --- a/terraform/minio/user.tf +++ b/terraform/minio/user.tf @@ -1,24 +0,0 @@ -resource "minio_iam_user" "knot-postgresql-sender" { - name = "knot-postgresql-sender" -# update_secret = true -} - -output "secret" { - value = minio_iam_user.knot-postgresql-sender.secret -} - -resource "minio_s3_bucket" "knot-postgresql" { - bucket = "knot-postgresql" - acl = "public" -} - -# resource "minio_iam_group_membership" "developer" { -# name = "tf-testing-group-membership" -# -# users = [ -# minio_iam_user.user_one.name, -# minio_iam_user.user_two.name, -# ] -# -# group = minio_iam_group.developer.name -# } diff --git a/terraform/modules/minio-pg-backup/main.tf b/terraform/modules/minio-pg-backup/main.tf new file mode 100644 index 0000000..f9e774a --- /dev/null +++ b/terraform/modules/minio-pg-backup/main.tf @@ -0,0 +1,63 @@ +terraform { + required_providers { + minio = { + source = "tidalf/minio" + version = "1.1.1" + } + } +} + +resource "minio_iam_user" "sender" { + name = "pg-backup-${var.id}-sender" +# update_secret = true +} + +resource "minio_s3_bucket" "bucket" { + bucket = "pg-backup-${var.id}" + acl = "public" +} + +resource "minio_iam_policy" "sender" { + name = minio_iam_user.sender.id + policy= <<EOF +{ + "Version":"2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "s3:ListBucket" + ], + "Resource": "arn:aws:s3:::${minio_s3_bucket.bucket.bucket}" + }, + { + "Effect": "Allow", + "Action": [ + "s3:ListBucket", + "s3:GetObject", + "s3:PutObject" + ], + "Resource": "arn:aws:s3:::${minio_s3_bucket.bucket.bucket}/*" + } + ] +} +EOF +} + +resource "minio_iam_user_policy_attachment" "sender" { + user_name = minio_iam_user.sender.id + policy_name = minio_iam_policy.sender.id +} + +output "sender" { + value = { + access_key: minio_iam_user.sender.name, + secret_key: minio_iam_user.sender.secret, + } +} + +output "bucket" { + value = { + name: minio_s3_bucket.bucket.id, + } +} diff --git a/terraform/modules/minio-pg-backup/vars.tf b/terraform/modules/minio-pg-backup/vars.tf new file mode 100644 index 0000000..f1f47fe --- /dev/null +++ b/terraform/modules/minio-pg-backup/vars.tf @@ -0,0 +1,3 @@ +variable "id" { + type = string +} |