1 # Copyright (C) The Arvados Authors. All rights reserved.
3 # SPDX-License-Identifier: CC-BY-SA-3.0
8 source = "hashicorp/aws"
14 region = local.region_name
17 Arvados = local.cluster_name
22 # S3 bucket and access resources for Keep blocks
23 resource "aws_s3_bucket" "keep_volume" {
24 bucket = "${local.cluster_name}-nyw5e-000000000000000-volume"
27 resource "aws_s3_bucket_acl" "keep_volume_acl" {
28 bucket = aws_s3_bucket.keep_volume.id
32 # Avoid direct public access to Keep blocks
33 resource "aws_s3_bucket_public_access_block" "keep_volume_public_access" {
34 bucket = aws_s3_bucket.keep_volume.id
36 block_public_acls = true
37 block_public_policy = true
38 ignore_public_acls = true
41 resource "aws_iam_role" "keepstore_iam_role" {
42 name = "${local.cluster_name}-keepstore-00-iam-role"
43 assume_role_policy = "${file("../assumerolepolicy.json")}"
46 resource "aws_iam_policy" "s3_full_access" {
47 name = "${local.cluster_name}_s3_full_access"
49 Version: "2012-10-17",
50 Id: "arvados-keepstore policy",
57 "arn:aws:s3:::${local.cluster_name}-nyw5e-000000000000000-volume",
58 "arn:aws:s3:::${local.cluster_name}-nyw5e-000000000000000-volume/*"
64 resource "aws_iam_policy_attachment" "s3_full_access_policy_attachment" {
65 name = "${local.cluster_name}_s3_full_access_attachment"
66 roles = [ aws_iam_role.keepstore_iam_role.name ]
67 policy_arn = aws_iam_policy.s3_full_access.arn