Sets up toast

terraform/main.tf

@@ -108,6 +108,33 @@ POLICY
   }
 }
 
+resource "aws_s3_bucket" "toast_bucket" {
+  bucket = "toast.${var.stage}.app.integreatconsult.com"
+}
+
+resource "aws_s3_bucket_policy" "toast_policy" {
+  bucket = aws_s3_bucket.toast_bucket.id
+  policy = data.aws_iam_policy_document.toast_policy_doc.json
+}
+
+data "aws_iam_policy_document" "toast_policy_doc" {
+  statement {
+    principals {
+      type        = "AWS"
+      identifiers = ["${var.task_role_arn}", "arn:aws:iam::679918342773:role/http-proxy"]
+    }
+
+    actions = [
+      "s3:*",
+    ]
+
+    resources = [
+      aws_s3_bucket.toast_bucket.arn,
+      "${aws_s3_bucket.toast_bucket.arn}/*",
+    ]
+  }
+}
+
 resource "aws_sqs_queue" "integreat-mail" {
   name = "integreat-mail-${var.stage}"