add IAM policy to jenkins user

Sergio · Sergio · commit 0d79fef6d45e · 2018-03-04T17:59:22.000-05:00
diff --git a/terraform/iam/iam.tf b/terraform/iam/iam.tf
@@ -0,0 +1,35 @@
+variable "region" {}
+
+provider "aws" {
+    region = "${var.region}"
+}
+
+resource "aws_iam_user" "jenkins" {
+  name = "jenkins"
+}
+
+
+resource "aws_iam_policy" "jenkins-s3" {
+    name        = "jenkins-s3"
+    policy      = <<EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "s3:PutObject"
+            ],
+            "Resource": [
+                "arn:aws:s3:::stubbornjava-jenkins/*"
+            ]
+        }
+    ]
+}
+EOF
+}
+
+resource "aws_iam_user_policy_attachment" "jenkins-s3" {
+    user       = "${aws_iam_user.jenkins.name}"
+    policy_arn = "${aws_iam_policy.jenkins-s3.arn}"
+}
diff --git a/terraform/iam/remote_state.tf b/terraform/iam/remote_state.tf
@@ -0,0 +1,7 @@
+terraform {
+  backend "s3" {
+    bucket = "stubbornjava-terraform"
+    key    = "iam/terraform.tfstate"
+    region = "us-east-1"
+  }
+}
