Skip to content

Commit

Permalink
Merge pull request #377 from Mark-Simulacrum/sqs-s3
Browse files Browse the repository at this point in the history
Initial SQS queue + user policy
  • Loading branch information
jdno authored Jan 9, 2024
2 parents d168242 + 0929263 commit bbab800
Showing 1 changed file with 72 additions and 0 deletions.
72 changes: 72 additions & 0 deletions terragrunt/modules/crates-io-logs/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
resource "aws_sqs_queue" "log_event_queue" {
name = "cdn-log-queue"
receive_wait_time_seconds = 20
}

resource "aws_sqs_queue_policy" "s3_push" {
queue_url = aws_sqs_queue.log_event_queue.id
policy = data.aws_iam_policy_document.s3_push_to_queue.json
}

data "aws_iam_policy_document" "s3_push_to_queue" {
statement {
sid = "allow-s3-to-push-events"
effect = "Allow"
principals {
type = "Service"
identifiers = ["s3.amazonaws.com"]
}

actions = ["sqs:SendMessage"]

resources = [aws_sqs_queue.log_event_queue.arn]
condition {
test = "ArnLike"
variable = "aws:SourceArn"
values = [data.aws_arn.src_bucket.arn]
}
condition {
test = "StringEquals"
variable = "aws:SourceAccount"
values = [data.aws_arn.src_bucket.account]
}
}
}

data "aws_arn" "src_bucket" {
arn = var.src_log_bucket_arn
}

variable "src_log_bucket_arn" {
type = string
description = "Bucket ARN which will send events to the SQS queue"
}

resource "aws_iam_user" "heroku_access" {
name = "crates-io-heroku-access"
}

resource "aws_iam_access_key" "crates_io" {
user = aws_iam_user.heroku_access
}

resouce "aws_iam_user_policy" "sqs_read" {
name = "heroku-access"
user = aws_iam_user.heroku_access.name
}

data "aws_iam_policy_document" "heroku_access" {
statement {
sid = "allow-sqs"
effect = "Allow"

actions = [
"sqs:GetQueueAttributes",
"sqs:DeleteMessage",
"sqs:DeleteMessageBatch",
"sqs:ReceiveMessage",
]

resources = [aws_sqs_queue.log_event_queue.arn]
}
}

0 comments on commit bbab800

Please sign in to comment.