211 lines
4.6 KiB
HCL
211 lines
4.6 KiB
HCL
terraform {
|
|
required_providers {
|
|
aws = {
|
|
source = "hashicorp/aws"
|
|
version = "~> 4.67"
|
|
}
|
|
}
|
|
}
|
|
provider "aws" {
|
|
access_key = var.aws_access_key_id
|
|
secret_key = var.aws_secret_access_key
|
|
region = "us-east-1"
|
|
}
|
|
|
|
variable "aws_secret_access_key" {}
|
|
variable "aws_access_key_id" {}
|
|
variable "domain" {}
|
|
variable "base_url" {}
|
|
variable "invoice_address" {}
|
|
variable "stage" {}
|
|
|
|
data "aws_caller_identity" "current" {}
|
|
|
|
resource "aws_ses_receipt_rule_set" "main" {
|
|
rule_set_name = "default-rule-set-${var.stage}"
|
|
}
|
|
|
|
resource "aws_ses_receipt_rule" "store" {
|
|
depends_on = [aws_ses_receipt_rule_set.main]
|
|
name = "store-${var.stage}"
|
|
rule_set_name = "default-rule-set"
|
|
recipients = [var.invoice_address]
|
|
enabled = true
|
|
scan_enabled = true
|
|
|
|
s3_action {
|
|
bucket_name = aws_s3_bucket.invoices.id
|
|
position = "1"
|
|
}
|
|
}
|
|
|
|
resource "aws_s3_bucket" "invoices" {
|
|
bucket = "integreat-mail-${var.stage}"
|
|
acl = "private"
|
|
policy = <<EOF
|
|
{
|
|
"Version": "2012-10-17",
|
|
"Statement": [
|
|
{
|
|
"Sid": "AllowSESPuts",
|
|
"Effect": "Allow",
|
|
"Principal": {
|
|
"Service": "ses.amazonaws.com"
|
|
},
|
|
"Action": "s3:PutObject",
|
|
"Resource": "arn:aws:s3:::integreat-mail-${var.stage}/*",
|
|
"Condition": {
|
|
"StringEquals": {
|
|
"aws:Referer": "${data.aws_caller_identity.current.account_id}"
|
|
}
|
|
}
|
|
}
|
|
]
|
|
}
|
|
EOF
|
|
}
|
|
|
|
resource "aws_s3_bucket" "data" {
|
|
bucket = "data.${var.stage}.app.integreatconsult.com"
|
|
acl = "private"
|
|
policy = <<POLICY
|
|
{
|
|
"Id": "Policy1526084187222",
|
|
"Version": "2012-10-17",
|
|
"Statement": [
|
|
{
|
|
"Sid": "Stmt1526084185514",
|
|
"Action": [
|
|
"s3:GetObject"
|
|
],
|
|
"Effect": "Allow",
|
|
"Resource": "arn:aws:s3:::data.${var.stage}.app.integreatconsult.com/*",
|
|
"Principal": "*"
|
|
},
|
|
{
|
|
"Action": "s3:*",
|
|
"Effect": "Allow",
|
|
"Principal": {
|
|
"AWS": "${var.task_role_arn}"
|
|
},
|
|
"Resource": "arn:aws:s3:::data.${var.stage}.app.integreatconsult.com",
|
|
"Sid": "AllowReadForProd"
|
|
},
|
|
{
|
|
"Action": "s3:*",
|
|
"Effect": "Allow",
|
|
"Principal": {
|
|
"AWS": "arn:aws:iam::679918342773:role/http-proxy"
|
|
},
|
|
"Resource": "arn:aws:s3:::data.${var.stage}.app.integreatconsult.com",
|
|
"Sid": "AllowReadForProdProxy"
|
|
}
|
|
]
|
|
}
|
|
POLICY
|
|
website {
|
|
index_document = "index.html"
|
|
}
|
|
}
|
|
|
|
resource "aws_sqs_queue" "integreat-mail" {
|
|
name = "integreat-mail-${var.stage}"
|
|
|
|
policy = <<POLICY
|
|
{
|
|
"Version": "2012-10-17",
|
|
"Statement": [
|
|
{
|
|
"Effect": "Allow",
|
|
"Principal": "*",
|
|
"Action": "sqs:SendMessage",
|
|
"Resource": "arn:aws:sqs:*:*:integreat-mail-${var.stage}",
|
|
"Condition": {
|
|
"ArnEquals": { "aws:SourceArn": "${aws_s3_bucket.invoices.arn}" }
|
|
}
|
|
}
|
|
]
|
|
}
|
|
POLICY
|
|
}
|
|
|
|
resource "aws_sqs_queue" "integreat-scheduled-jobs" {
|
|
name = "integreat-scheduled-jobs-${var.stage}"
|
|
policy = <<POLICY
|
|
{
|
|
"Version": "2012-10-17",
|
|
"Statement": [
|
|
{
|
|
"Effect": "Allow",
|
|
"Principal": {
|
|
"AWS": "${var.task_role_arn}"
|
|
},
|
|
"Action": "sqs:*",
|
|
"Resource": "arn:aws:sqs:*:*:integreat-scheduled-jobs-${var.stage}"
|
|
}
|
|
]
|
|
}
|
|
POLICY
|
|
}
|
|
|
|
resource "aws_sqs_queue" "background-request" {
|
|
name = "integreat-background-request-${var.stage}"
|
|
|
|
policy = <<POLICY
|
|
{
|
|
"Version": "2012-10-17",
|
|
"Statement": [
|
|
{
|
|
"Effect": "Allow",
|
|
"Principal": {
|
|
"AWS": "${var.task_role_arn}"
|
|
},
|
|
"Action": "sqs:*",
|
|
"Resource": "arn:aws:sqs:*:*:integreat-background-request-${var.stage}"
|
|
}
|
|
]
|
|
}
|
|
POLICY
|
|
}
|
|
|
|
resource "aws_s3_bucket_notification" "mail_bucket_notification" {
|
|
bucket = aws_s3_bucket.invoices.id
|
|
|
|
queue {
|
|
queue_arn = aws_sqs_queue.integreat-mail.arn
|
|
events = ["s3:ObjectCreated:*"]
|
|
filter_suffix = ""
|
|
}
|
|
}
|
|
|
|
resource "aws_iam_user" "app_user" {
|
|
name = "integreat-${var.stage}"
|
|
}
|
|
|
|
resource "aws_iam_access_key" "app_user" {
|
|
user = aws_iam_user.app_user.name
|
|
}
|
|
|
|
resource "aws_iam_user_policy_attachment" "app_user_policy" {
|
|
user = aws_iam_user.app_user.name
|
|
policy_arn = "arn:aws:iam::aws:policy/AdministratorAccess"
|
|
}
|
|
|
|
output "aws_access_key_id" {
|
|
value = aws_iam_access_key.app_user.id
|
|
sensitive = true
|
|
}
|
|
|
|
output "aws_secret_access_key" {
|
|
value = aws_iam_access_key.app_user.secret
|
|
sensitive = true
|
|
}
|
|
|
|
output "aws_default_region" {
|
|
value = "us-east-1"
|
|
}
|
|
|
|
output "queue_url" {
|
|
value = aws_sqs_queue.integreat-mail.id
|
|
}
|