sohalloran · February 9, 2024 15:59
diff --git a/S3_for_DataCloud.tf b/S3_for_DataCloud.tf
 # Creates an S3 bucket
 # Uploads a CSV data file into the S3 bucket
 # Create a user with the necessary roles for Data Cloud to access the data
 # Output the credentials to use in the Data Cloud config
 # (Note the secret will only be visible by reading the .tfstate file)

 terraform {
  required_version = ">= 1.0.0"
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 5.29.0"
    }
  }
 }

 provider "aws" {

 }

 variable "bucket_name" {
  type = string
  default = "my-test-dc-bucket"
 }

 variable "user_name" {
  type = string
  default = "my-test-user"
 }

 variable "file_name" {
  type = string
  default = "contacts.csv"
 }

 resource "aws_s3_bucket" "dc_bucket" {
  bucket = var.bucket_name
  tags = {
    Name      = "Data Cloud S3 Bucket"
    Terraform = true
  }
 }

 resource "aws_s3_object" "file_upload" {
  bucket = aws_s3_bucket.dc_bucket.id
  key    = var.file_name
  source = var.file_name
 }

 resource "aws_s3_bucket_policy" "allow_access_from_another_account" {
  bucket = aws_s3_bucket.dc_bucket.id
  policy = data.aws_iam_policy_document.allow_access_from_another_account.json
 }

 resource "aws_iam_user" "iam-user" {
  name = var.user_name
 }

 resource "aws_iam_user_policy_attachment" "iam_policy" {
  policy_arn = "arn:aws:iam::aws:policy/AmazonS3FullAccess"
  user       = aws_iam_user.iam-user.name
 }

 data "aws_iam_policy_document" "allow_access_from_another_account" {
  statement {
    principals {
      type        = "AWS"
      identifiers = ["${aws_iam_user.iam-user.unique_id}"]
    }
    
    actions = [
      "s3:*",
    ]

    resources = [
      "${aws_s3_bucket.dc_bucket.arn}",
      "${aws_s3_bucket.dc_bucket.arn}/*",
    ]
  }
 }

 resource "aws_iam_access_key" "iam-user" {
  user = var.user_name
 }

 output "access_key" {
  value = aws_iam_access_key.iam-user.id
 }

 output "access_secret" {
  value = aws_iam_access_key.iam-user.secret
  sensitive = true
 }
	# Creates an S3 bucket
	# Uploads a CSV data file into the S3 bucket
	# Create a user with the necessary roles for Data Cloud to access the data
	# Output the credentials to use in the Data Cloud config
	# (Note the secret will only be visible by reading the .tfstate file)

	terraform {
	required_version = ">= 1.0.0"
	required_providers {
	aws = {
	source = "hashicorp/aws"
	version = "~> 5.29.0"
	}
	}
	}

	provider "aws" {

	}

	variable "bucket_name" {
	type = string
	default = "my-test-dc-bucket"
	}

	variable "user_name" {
	type = string
	default = "my-test-user"
	}

	variable "file_name" {
	type = string
	default = "contacts.csv"
	}

	resource "aws_s3_bucket" "dc_bucket" {
	bucket = var.bucket_name
	tags = {
	Name = "Data Cloud S3 Bucket"
	Terraform = true
	}
	}

	resource "aws_s3_object" "file_upload" {
	bucket = aws_s3_bucket.dc_bucket.id
	key = var.file_name
	source = var.file_name
	}

	resource "aws_s3_bucket_policy" "allow_access_from_another_account" {
	bucket = aws_s3_bucket.dc_bucket.id
	policy = data.aws_iam_policy_document.allow_access_from_another_account.json
	}

	resource "aws_iam_user" "iam-user" {
	name = var.user_name
	}

	resource "aws_iam_user_policy_attachment" "iam_policy" {
	policy_arn = "arn:aws:iam::aws:policy/AmazonS3FullAccess"
	user = aws_iam_user.iam-user.name
	}

	data "aws_iam_policy_document" "allow_access_from_another_account" {
	statement {
	principals {
	type = "AWS"
	identifiers = ["${aws_iam_user.iam-user.unique_id}"]
	}

	actions = [
	"s3:*",
	]

	resources = [
	"${aws_s3_bucket.dc_bucket.arn}",
	"${aws_s3_bucket.dc_bucket.arn}/*",
	]
	}
	}

	resource "aws_iam_access_key" "iam-user" {
	user = var.user_name
	}

	output "access_key" {
	value = aws_iam_access_key.iam-user.id
	}

	output "access_secret" {
	value = aws_iam_access_key.iam-user.secret
	sensitive = true
	}