security

terraform/main.tf

@@ -0,0 +1,73 @@
+provider "aws" {}
+
+data "aws_caller_identity" "current" {}
+
+resource "aws_ses_receipt_rule_set" "main" {
+  rule_set_name = "default-rule-set"
+}
+
+resource "aws_ses_receipt_rule" "store" {
+  depends_on = ["aws_ses_receipt_rule_set.main"]
+  name          = "store"
+  rule_set_name = "default-rule-set"
+  recipients    = ["invoices@mail.integreat.aws.brycecovertoperations.com"]
+  enabled       = true
+  scan_enabled  = true
+
+  s3_action {
+    bucket_name = "${aws_s3_bucket.invoices.id}"
+    position = 0
+  }
+}
+
+resource "aws_s3_bucket" "invoices" {
+  bucket = "integreat-mail-prod"
+  acl    = "private"
+  policy = <<EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "AllowSESPuts",
+            "Effect": "Allow",
+            "Principal": {
+                "Service": "ses.amazonaws.com"
+            },
+            "Action": "s3:PutObject",
+            "Resource": "arn:aws:s3:::integreat-mail-prod/*",
+            "Condition": {
+                "StringEquals": {
+                    "aws:Referer": "${data.aws_caller_identity.current.account_id}"
+                }
+            }
+        }
+    ]
+}
+EOF
+}
+
+resource "aws_iam_user" "app_user" {
+  name = "integreat"
+}
+
+resource "aws_iam_access_key" "app_user" {
+  user    = "${aws_iam_user.app_user.name}"
+}
+
+resource "aws_iam_user_policy_attachment" "app_user_policy" {
+    user       = "${aws_iam_user.app_user.name}"
+    policy_arn = "arn:aws:iam::aws:policy/AdministratorAccess"
+}
+
+output "aws_access_key_id" {
+  value = "${aws_iam_access_key.app_user.id}"
+}
+
+output "aws_secret_access_key" {
+  value = "${aws_iam_access_key.app_user.secret}"
+}
+
+output "aws_default_region" {
+  value = "us-east-1"
+}
+