init: copied modules from lawndale-infra

2022-05-26 00:40:29 +02:00
commit 414feb48ee
39 changed files with 1435 additions and 0 deletions
--- a/remote-state/policy.tf
+++ b/remote-state/policy.tf
@@ -0,0 +1,48 @@
+data "aws_iam_policy_document" "access_state" {
+  statement {
+    effect    = "Allow"
+    actions   = ["s3:ListBucket", "s3:GetBucketVersioning"]
+    resources = [module.states_bucket.s3_bucket_arn]
+  }
+
+  statement {
+    effect    = "Allow"
+    actions   = ["s3:GetObject", "s3:PutObject"]
+    resources = ["${module.states_bucket.s3_bucket_arn}/*"]
+  }
+
+  statement {
+    effect = "Allow"
+    actions = [
+      "dynamodb:GetItem",
+      "dynamodb:PutItem",
+      "dynamodb:DeleteItem",
+      "dynamodb:DescribeTable",
+    ]
+    resources = [aws_dynamodb_table.lock.arn]
+  }
+
+  statement {
+    effect = "Allow"
+    actions = [
+      "kms:ListKeys"
+    ]
+    resources = ["*"]
+  }
+
+  statement {
+    effect = "Allow"
+    actions = [
+      "kms:Encrypt",
+      "kms:Decrypt",
+      "kms:DescribeKey",
+      "kms:GenerateDataKey",
+    ]
+    resources = [aws_kms_key.this.arn]
+  }
+}
+
+resource "aws_iam_policy" "terraform" {
+  name   = local.terraform_iam_policy_name
+  policy = data.aws_iam_policy_document.access_state.json
+}