Terraform the tfstate bucket

It's terraform all the way down
2020-02-22 23:41:01 +00:00 · 2020-02-22 23:41:01 +00:00 · a307c53808
commit a307c53808
parent a80cc472cc
2 changed files with 40 additions and 0 deletions
--- a/terraform/providers.tf
+++ b/terraform/providers.tf
@ -8,3 +8,7 @@ provider "cloudflare" {
  email   = "hosting+cloudflare@theorangeone.net"
  api_key = var.cloudflare_api_key
 }
+
+provider "aws" {
+  region = "eu-west-2"
+}
--- a/terraform/state.tf
+++ b/terraform/state.tf
@ -0,0 +1,36 @@
+resource "aws_iam_user" "terraform" {
+  name = "terraform"
+}
+
+resource "aws_s3_bucket" "tfstate" {
+    bucket = "0rng-terraform"
+    acl = "private"
+}
+
+resource "aws_iam_user_policy" "terraform" {
+    name = "terraform"
+    user = aws_iam_user.terraform.name
+
+    policy = <<EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": "iam:*",
+            "Resource": "${aws_iam_user.terraform.arn}"
+        },
+        {
+            "Sid": "VisualEditor1",
+            "Effect": "Allow",
+            "Action": "s3:*",
+            "Resource": [
+                "${aws_s3_bucket.tfstate.arn}",
+                "${aws_s3_bucket.tfstate.arn}/*"
+            ]
+        }
+    ]
+}
+EOF
+}