Skip to content

Commit

Permalink
adding build_user
Browse files Browse the repository at this point in the history
  • Loading branch information
@arnol377
arnol377 committed Aug 30, 2024
1 parent 9335f7f commit e465c10
Show file tree
Hide file tree
Showing 4 changed files with 44 additions and 22 deletions.
34 changes: 17 additions & 17 deletions .terraform.lock.hcl
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

10 changes: 5 additions & 5 deletions docker.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ module "docker" {
}
]
packer_source_type = "S3"
packer_config = "docker-base.pkr.hcl"
packer_config = "docker-base.pkr.hcl"
packer_bucket = {
name = aws_s3_bucket.assets_bucket.bucket
key = "docker-image-pipeline.zip"
Expand All @@ -58,7 +58,7 @@ module "docker" {
key = "image-pipeline-ansible-playbooks.zip"
}
playbook = "ubuntu-base.yaml"
goss_profile = "docker-base"
goss_profile = "docker-base"
goss_source_type = "S3"
goss_bucket = {
name = aws_s3_bucket.assets_bucket.bucket
Expand All @@ -73,8 +73,8 @@ module "docker" {
source_tag = "24.10"
source_docker_repo = "docker-image-pipeline"
# destination image metadata
dest_image = "pipeline-test"
dest_tag = "latest"
dest_docker_repo = "docker-image-pipeline"
dest_image = "pipeline-test"
dest_tag = "latest"
dest_docker_repo = "docker-image-pipeline"
}
}
1 change: 1 addition & 0 deletions linux.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ module "amazon_linux" {
ssh_user = "ec2-user"
terraform_version = "1.8.5"
build_permissions_iam_doc = data.aws_iam_policy_document.s3_access
build_user_iam_policy = data.aws_iam_policy_document.build_user_policy_document.json
build_environment_variables = [
for proxy_var in keys(local.proxy_env_vars) :
{
Expand Down
21 changes: 21 additions & 0 deletions main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,27 @@ data "aws_iam_policy_document" "assets_bucket_policy_document" {
}


data "aws_iam_policy_document" "build_user_policy_document" {
statement {
actions = [
"s3:Get*",
"s3:List*",
"s3:ReplicateObject",
"s3:PutObject",
"s3:RestoreObject",
"s3:PutObjectVersionTagging",
"s3:PutObjectTagging",
"s3:PutObjectAcl"
]

resources = [
aws_s3_bucket.assets_bucket.arn,
"${aws_s3_bucket.assets_bucket.arn}/*",
]
}
}


resource "aws_s3_bucket_server_side_encryption_configuration" "state_bucket_encryption" {
for_each = tomap({
state_bucket = aws_s3_bucket.state_bucket.bucket
Expand Down

0 comments on commit e465c10

Please sign in to comment.