22504b886b
- Deployed PostgreSQL 18.4 + Gitea 1.22.6 via Docker Compose - Configured Nginx reverse proxy with Let's Encrypt SSL - Created Ansible playbooks for full automation (site.yml) - Database credentials in AWS Secrets Manager - Production deployment at https://gitea.poll-streams.com
55 lines
1.2 KiB
HCL
55 lines
1.2 KiB
HCL
# IAM Role for EC2 to access S3
|
|
resource "aws_iam_role" "ec2_role" {
|
|
name = "${var.project_name}-ec2-role"
|
|
|
|
assume_role_policy = jsonencode({
|
|
Version = "2012-10-17"
|
|
Statement = [
|
|
{
|
|
Action = "sts:AssumeRole"
|
|
Effect = "Allow"
|
|
Principal = {
|
|
Service = "ec2.amazonaws.com"
|
|
}
|
|
}
|
|
]
|
|
})
|
|
|
|
tags = {
|
|
Name = "${var.project_name}-ec2-role"
|
|
}
|
|
}
|
|
|
|
resource "aws_iam_role_policy_attachment" "s3_full_access" {
|
|
role = aws_iam_role.ec2_role.name
|
|
policy_arn = "arn:aws:iam::aws:policy/AmazonS3FullAccess"
|
|
}
|
|
|
|
resource "aws_iam_role_policy" "secrets_manager_read" {
|
|
name = "${var.project_name}-secrets-manager-read"
|
|
role = aws_iam_role.ec2_role.id
|
|
|
|
policy = jsonencode({
|
|
Version = "2012-10-17"
|
|
Statement = [
|
|
{
|
|
Effect = "Allow"
|
|
Action = [
|
|
"secretsmanager:GetSecretValue",
|
|
"secretsmanager:DescribeSecret"
|
|
]
|
|
Resource = aws_secretsmanager_secret.db_credentials.arn
|
|
}
|
|
]
|
|
})
|
|
}
|
|
|
|
resource "aws_iam_instance_profile" "ec2_profile" {
|
|
name = "${var.project_name}-ec2-profile"
|
|
role = aws_iam_role.ec2_role.name
|
|
|
|
tags = {
|
|
Name = "${var.project_name}-ec2-profile"
|
|
}
|
|
}
|