provider "aws" {
region = local.region_name
default_tags {
- tags = {
+ tags = merge(local.custom_tags, {
Arvados = local.cluster_name
- }
+ Terraform = true
+ })
}
}
bucket = "${local.cluster_name}-nyw5e-000000000000000-volume"
}
-resource "aws_s3_bucket_acl" "keep_volume_acl" {
- bucket = aws_s3_bucket.keep_volume.id
- acl = "private"
-}
-
-# Avoid direct public access to Keep blocks
-resource "aws_s3_bucket_public_access_block" "keep_volume_public_access" {
- bucket = aws_s3_bucket.keep_volume.id
-
- block_public_acls = true
- block_public_policy = true
- ignore_public_acls = true
-}
-
resource "aws_iam_role" "keepstore_iam_role" {
name = "${local.cluster_name}-keepstore-00-iam-role"
assume_role_policy = "${file("../assumerolepolicy.json")}"
}
+resource "aws_iam_role" "compute_node_iam_role" {
+ name = "${local.cluster_name}-compute-node-00-iam-role"
+ assume_role_policy = "${file("../assumerolepolicy.json")}"
+}
+
resource "aws_iam_policy" "s3_full_access" {
name = "${local.cluster_name}_s3_full_access"
policy = jsonencode({
resource "aws_iam_policy_attachment" "s3_full_access_policy_attachment" {
name = "${local.cluster_name}_s3_full_access_attachment"
- roles = [ aws_iam_role.keepstore_iam_role.name ]
+ roles = [
+ aws_iam_role.keepstore_iam_role.name,
+ aws_iam_role.compute_node_iam_role.name,
+ ]
policy_arn = aws_iam_policy.s3_full_access.arn
}
projects / arvados.git / blobdiff