init: copied modules from lawndale-infra

remote-state-access/outputs.tf

@@ -0,0 +1,9 @@
+output "role_arn" {
+  type  = string
+  value = var.create_role ? aws_iam_role.this.arn : null
+}
+
+output "policy_arn" {
+  type  = string
+  value = var.create_policy ? aws_iam_policy.this.arn : null
+}

remote-state-access/policy.tf

@@ -0,0 +1,59 @@
+data "aws_iam_policy_document" "this" {
+  statement {
+    effect = "Allow"
+    actions = [
+      "s3:ListBucket"
+    ]
+
+    resources = [
+      "arn:aws:s3:::${var.bucket_name}",
+    ]
+  }
+  statement {
+    effect = "Allow"
+    actions = [
+      "s3:GetObject",
+      "s3:PutObject",
+      "s3:DeleteObject",
+    ]
+
+    resources = [
+      "arn:aws:s3:::${var.bucket_name}",
+    ]
+
+    condition {
+      test     = "StringLike"
+      variable = "s3:prefix"
+
+      values = var.prefixes
+    }
+  }
+  statement {
+    effect = "Allow"
+    actions = [
+      "dynamodb:GetItem",
+      "dynamodb:PutItem",
+      "dynamodb:DeleteItem",
+    ]
+    resources = [
+      "arn:aws:dynamodb:*:*:table/${var.dynamodb_table}",
+    ]
+  }
+}
+
+
+resource "aws_iam_role" "this" {
+  count = var.create_role ? 1 : 0
+  name  = var.role_name
+
+  inline_policy {
+    name   = "Allow access for remote states s3 and dynamo"
+    policy = data.aws_iam_policy_document.this.json
+  }
+}
+
+resource "aws_iam_policy" "this" {
+  count = var.create_policy ? 1 : 0
+  name  = var.policy_name
+  path  = var.policy_path
+}

remote-state-access/provider.tf

@@ -0,0 +1,8 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4.9"
+    }
+  }
+}

remote-state-access/variables.tf

@@ -0,0 +1,35 @@
+variable "bucket_name" {
+  type = string
+}
+
+variable "dynamo_table" {
+  type = string
+}
+
+variable "prefixes" {
+  type = list(string)
+}
+
+variable "role_name" {
+  type    = string
+  default = null
+}
+
+variable "policy_name" {
+  type    = string
+  default = null
+}
+variable "policy_path" {
+  type    = string
+  default = "/"
+}
+
+variable "create_role" {
+  type    = bool
+  default = false
+}
+
+variable "create_policy" {
+  type    = bool
+  default = false
+}