e5069332e5
Infrastructure components: - VPC with single public subnet (10.0.0.0/16) - Security group (SSH/HTTP/HTTPS from anywhere) - EC2 instance (t3.medium, Ubuntu 24.04, 30GB encrypted gp3) - S3 bucket for backups (versioned, encrypted) - IAM role with S3FullAccess for EC2 - Route 53 DNS (gitea.poll-streams.com → EC2) - Ed25519 SSH key generation via Terraform
27 lines
515 B
HCL
27 lines
515 B
HCL
# S3 Bucket for Backups
|
|
resource "aws_s3_bucket" "backups" {
|
|
bucket = "${var.project_name}-backups"
|
|
|
|
tags = {
|
|
Name = "${var.project_name}-backups"
|
|
}
|
|
}
|
|
|
|
resource "aws_s3_bucket_versioning" "backups" {
|
|
bucket = aws_s3_bucket.backups.id
|
|
|
|
versioning_configuration {
|
|
status = "Enabled"
|
|
}
|
|
}
|
|
|
|
resource "aws_s3_bucket_server_side_encryption_configuration" "backups" {
|
|
bucket = aws_s3_bucket.backups.id
|
|
|
|
rule {
|
|
apply_server_side_encryption_by_default {
|
|
sse_algorithm = "AES256"
|
|
}
|
|
}
|
|
}
|