This commit is contained in:
31
iam.tf
31
iam.tf
@@ -12,7 +12,6 @@ resource "aws_iam_group_policy_attachment" "administrators" {
|
||||
policy_arn = data.aws_iam_policy.administrator_access.arn
|
||||
}
|
||||
|
||||
|
||||
resource "aws_iam_user" "administrator" {
|
||||
name = "Administrator"
|
||||
}
|
||||
@@ -28,15 +27,15 @@ resource "aws_iam_user_login_profile" "administrator" {
|
||||
}
|
||||
|
||||
resource "aws_iam_access_key" "AccK" {
|
||||
user = aws_iam_user.new_user.name
|
||||
user = aws_iam_user.administrator.name
|
||||
}
|
||||
|
||||
resource "aws_iam_user_policy" "iam" {
|
||||
name = "ListBuckets"
|
||||
user = aws_iam_user.new_user.name
|
||||
user = aws_iam_user.administrator.name
|
||||
policy = <<EOF
|
||||
{
|
||||
"Version": "2022-1-6",
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Effect": "Allow",
|
||||
@@ -47,3 +46,27 @@ resource "aws_iam_user_policy" "iam" {
|
||||
}
|
||||
EOF
|
||||
}
|
||||
|
||||
# Create IAM policy to allow S3 read access
|
||||
resource "aws_iam_policy" "s3_read_policy" {
|
||||
name = "s3_read_policy"
|
||||
description = "Allows read access to files in the specified S3 bucket"
|
||||
policy = <<EOF
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"s3:GetObject",
|
||||
"s3:ListBucket"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:s3:::your-bucket-name/*",
|
||||
"arn:aws:s3:::your-bucket-name"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
EOF
|
||||
}
|
||||
Reference in New Issue
Block a user