resource "minio_s3_bucket" "overlay" { depends_on = [var.wait_on] bucket = var.name acl = "private" } resource "minio_s3_bucket_policy" "overlay" { bucket = minio_s3_bucket.overlay.bucket policy = jsonencode({ "Version" : "2012-10-17", "Statement" : [ { "Effect" : "Allow", "Principal" : { "AWS" : [ "*" ] }, "Action" : [ "s3:GetBucketLocation" ], "Resource" : [ "arn:aws:s3:::bouwroute" ] }, { "Effect" : "Allow", "Principal" : { "AWS" : [ "*" ] }, "Action" : [ "s3:ListBucket" ], "Resource" : [ "arn:aws:s3:::bouwroute" ], "Condition" : { "StringEquals" : { "s3:prefix" : [ "*" ] } } }, { "Effect" : "Allow", "Principal" : { "AWS" : [ "*" ] }, "Action" : [ "s3:GetObject" ], "Resource" : [ "arn:aws:s3:::bouwroute/**" ] } ] }) } resource "minio_iam_user" "overlay" { name = var.name } resource "minio_iam_policy" "overlay" { name = minio_s3_bucket.overlay.bucket policy = jsonencode({ Version = "2012-10-17" Statement = [ { Effect = "Allow" Action = ["s3:ListBucket"] Resource = ["arn:aws:s3:::${var.name}"] }, { Effect = "Allow" Action = [ "s3:GetObject", "s3:PutObject", "s3:DeleteObject" ] Resource = ["arn:aws:s3:::${var.name}/*"] } ] }) } resource "minio_iam_user_policy_attachment" "overlay" { user_name = minio_iam_user.overlay.id policy_name = minio_iam_policy.overlay.id } resource "minio_iam_service_account" "overlay" { target_user = minio_iam_user.overlay.name policy = jsonencode({ Version = "2012-10-17" Statement = [ { Effect = "Allow" Action = ["s3:ListBucket"] Resource = ["arn:aws:s3:::${var.name}"] }, { Effect = "Allow" Action = [ "s3:GetObject", "s3:PutObject", "s3:DeleteObject" ] Resource = ["arn:aws:s3:::${var.name}/*"] } ] }) } output "access_key" { value = minio_iam_service_account.overlay.access_key sensitive = true } output "secret_key" { value = minio_iam_service_account.overlay.secret_key sensitive = true }