chore(files): Initial upload

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2017 Aplyca
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,4 @@
+Terraform AWS S3 module
+========================
+
+Create a AWS S3 bickets optimized for static web hosting

data.tf

@@ -0,0 +1,67 @@
+data "aws_iam_policy_document" "access_identity" {
+  count = "${var.access_identity_arn != "" ? 1 : 0}"
+  statement {
+    actions   = ["s3:GetObject"]
+    resources = ["arn:aws:s3:::$${bucket_name}$${origin_path}*"]
+
+    principals {
+      type        = "AWS"
+      identifiers = ["${var.access_identity_arn}"]
+    }
+  }
+
+  statement {
+    actions   = ["s3:ListBucket"]
+    resources = ["arn:aws:s3:::$${bucket_name}"]
+
+    principals {
+      type        = "AWS"
+      identifiers = ["${var.access_identity_arn}"]
+    }
+  }
+}
+
+data "template_file" "access_identity" {
+  count = "${var.access_identity_arn != "" ? 1 : 0}"
+  template = "${data.aws_iam_policy_document.access_identity.json}"
+
+  vars {
+    origin_path = "/"
+    bucket_name = "${aws_s3_bucket.this.id}"
+  }
+}
+
+data "aws_iam_policy_document" "read" {
+  statement {
+    actions = [
+      "${var.read_permissions}"
+    ]
+
+    resources = [
+      "${aws_s3_bucket.this.arn}/*"
+    ]
+  }
+}
+
+data "aws_iam_policy_document" "public" {
+  count = "${var.acl == "public-read" ? 1 : 0}"
+  statement {
+    actions = [
+      "${var.read_permissions}"
+    ]
+
+    principals {
+      type        = "AWS"
+      identifiers = ["*"]
+    }
+
+    resources = [
+      "${aws_s3_bucket.this.arn}/*"
+    ]
+  }
+}
+
+data "template_file" "public" {
+  count = "${var.acl == "public-read" ? 1 : 0}"
+  template = "${data.aws_iam_policy_document.public.json}"
+}

main.tf

@@ -0,0 +1,44 @@
+locals {
+  id = "${replace(var.name, " ", "-")}"
+}
+
+resource "aws_s3_bucket" "this" {
+  bucket        = "${lower(local.id)}"
+  acl           = "${var.acl}"
+  tags          = "${var.tags}"
+
+  cors_rule {
+    allowed_headers = "${var.cors_allowed_headers}"
+    allowed_methods = "${var.cors_allowed_methods}"
+    allowed_origins = "${var.cors_allowed_origins}"
+    expose_headers  = "${var.cors_expose_headers}"
+    max_age_seconds = "${var.cors_max_age_seconds}"
+  }
+
+  website = ["${var.website}"]
+}
+
+resource "aws_s3_bucket_policy" "access_identity" {
+  count = "${var.access_identity_arn != "" ? 1 : 0}"
+  bucket = "${aws_s3_bucket.this.id}"
+  policy = "${data.template_file.access_identity.rendered}"
+}
+
+resource "aws_s3_bucket_policy" "public" {
+  count = "${var.acl == "public-read" ? 1 : 0}"
+  bucket = "${aws_s3_bucket.this.id}"
+  policy = "${data.template_file.public.rendered}"
+}
+
+resource "aws_iam_policy" "read" {
+  count = "${length(var.read_roles) > 0 ? 1 : 0}"
+  name   = "${local.id}-S3-Read"
+  description = "${var.description} Read"
+  policy = "${data.aws_iam_policy_document.read.json}"
+}
+
+resource "aws_iam_role_policy_attachment" "read" {
+  count = "${length(var.read_roles)}"
+  role = "${element(var.read_roles, count.index)}"
+  policy_arn = "${aws_iam_policy.read.arn}"
+}

outputs.tf

@@ -0,0 +1,7 @@
+output "domain" {
+  value = "${aws_s3_bucket.this.bucket_domain_name}"
+}
+
+output "arn" {
+  value = "${aws_s3_bucket.this.arn}"
+}

variables.tf

@@ -0,0 +1,83 @@
+variable "name" {
+  description = "Name prefix for all CloudFront resources."
+  default     = "App"
+}
+
+variable "tags" {
+  type        = "map"
+  default     = {}
+  description = "Additional tags (e.g. map('BusinessUnit`,`XYZ`)"
+}
+
+variable "bucket_domain_format" {
+  default = "%s.s3.amazonaws.com"
+}
+
+variable "cors_allowed_headers" {
+  type    = "list"
+  default = ["*"]
+}
+
+variable "cors_allowed_methods" {
+  type    = "list"
+  default = ["GET"]
+}
+
+variable "cors_allowed_origins" {
+  type    = "list"
+  default = ["*"]
+}
+
+variable "cors_expose_headers" {
+  type    = "list"
+  default = ["ETag"]
+}
+
+variable "cors_max_age_seconds" {
+  default = "0"
+}
+
+variable "access_identity_arn" {
+  default = ""
+}
+
+variable "read_permissions" {
+  default = [
+    "s3:GetObject"
+  ]
+
+  type        = "list"
+  description = "Recieve permissions granted to assumed role"
+}
+
+variable "write_permissions" {
+  default = []
+
+  type        = "list"
+  description = "Send permissions granted to assumed role"
+}
+
+variable "description" {
+  description = "Description of policy"
+  default     = ""
+}
+
+variable "write_roles" {
+  description = "Write permissions roles name"
+  default     = []
+}
+
+variable "read_roles" {
+  description = "Read roles name"
+  default     = []
+}
+
+variable "acl" {
+  description = "ACL"
+  default     = "private"
+}
+
+variable "website" {
+  description = "Website settings"
+  default     = []
+}