add resources

packages/app/docker/codebuild/main.tf

@@ -14,6 +14,15 @@ provider "aws" {
   region  = "ap-northeast-1"
 }
 
+resource "aws_s3_bucket" "growi-official-image-builder-cache" {
+  bucket = "growi-official-image-builder-cache"
+}
+
+resource "aws_s3_bucket_acl" "growi-official-image-builder-cache" {
+  bucket = aws_s3_bucket.growi-official-image-builder-cache.id
+  acl    = "private"
+}
+
 resource "aws_iam_role" "growi-official-image-builder" {
   name = "growi-official-image-builder"
 
@@ -33,6 +42,55 @@ resource "aws_iam_role" "growi-official-image-builder" {
 EOF
 }
 
+resource "aws_iam_role_policy" "growi-official-image-builder" {
+  role = aws_iam_role.growi-official-image-builder.name
+
+  policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Resource": [
+        "*"
+      ],
+      "Action": [
+        "logs:CreateLogGroup",
+        "logs:CreateLogStream",
+        "logs:PutLogEvents"
+      ]
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:*"
+      ],
+      "Resource": [
+        "${aws_s3_bucket.growi-official-image-builder-cache.arn}",
+        "${aws_s3_bucket.growi-official-image-builder-cache.arn}/*"
+      ]
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "codebuild:StartBuild",
+        "codebuild:StopBuild",
+        "codebuild:RetryBuild",
+        "codebuild:CreateReportGroup",
+        "codebuild:CreateReport",
+        "codebuild:UpdateReport",
+        "codebuild:BatchPutTestCases",
+        "codebuild:BatchPutCodeCoverages"
+      ],
+      "Resource": [
+        "*"
+      ]
+    }
+  ]
+}
+POLICY
+}
+
 resource "aws_codebuild_project" "growi-official-image-builder" {
   name           = "growi-official-image-builder"
   description    = "The CodeBuild Project for GROWI official docker image"

packages/app/docker/codebuild/terraform.tfstate

@@ -1,7 +1,7 @@
 {
   "version": 4,
   "terraform_version": "1.3.7",
-  "serial": 6,
+  "serial": 11,
   "lineage": "7413839f-c67c-02f5-4933-fcb84251bb29",
   "outputs": {},
   "resources": [
@@ -153,6 +153,133 @@
           "private": "bnVsbA=="
         }
       ]
+    },
+    {
+      "mode": "managed",
+      "type": "aws_iam_role_policy",
+      "name": "growi-official-image-builder",
+      "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "id": "growi-official-image-builder:terraform-20230112185553389000000001",
+            "name": "terraform-20230112185553389000000001",
+            "name_prefix": null,
+            "policy": "{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [\n    {\n      \"Effect\": \"Allow\",\n      \"Resource\": [\n        \"*\"\n      ],\n      \"Action\": [\n        \"logs:CreateLogGroup\",\n        \"logs:CreateLogStream\",\n        \"logs:PutLogEvents\"\n      ]\n    },\n    {\n      \"Effect\": \"Allow\",\n      \"Action\": [\n        \"s3:*\"\n      ],\n      \"Resource\": [\n        \"arn:aws:s3:::growi-official-image-builder-cache\",\n        \"arn:aws:s3:::growi-official-image-builder-cache/*\"\n      ]\n    },\n    {\n      \"Effect\": \"Allow\",\n      \"Action\": [\n        \"codebuild:StartBuild\",\n        \"codebuild:StopBuild\",\n        \"codebuild:RetryBuild\",\n        \"codebuild:CreateReportGroup\",\n        \"codebuild:CreateReport\",\n        \"codebuild:UpdateReport\",\n        \"codebuild:BatchPutTestCases\",\n        \"codebuild:BatchPutCodeCoverages\"\n      ],\n      \"Resource\": [\n        \"*\"\n      ]\n    }\n  ]\n}\n",
+            "role": "growi-official-image-builder"
+          },
+          "sensitive_attributes": [],
+          "private": "bnVsbA==",
+          "dependencies": [
+            "aws_iam_role.growi-official-image-builder",
+            "aws_s3_bucket.growi-official-image-builder-cache"
+          ]
+        }
+      ]
+    },
+    {
+      "mode": "managed",
+      "type": "aws_s3_bucket",
+      "name": "growi-official-image-builder-cache",
+      "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "acceleration_status": "",
+            "acl": null,
+            "arn": "arn:aws:s3:::growi-official-image-builder-cache",
+            "bucket": "growi-official-image-builder-cache",
+            "bucket_domain_name": "growi-official-image-builder-cache.s3.amazonaws.com",
+            "bucket_prefix": null,
+            "bucket_regional_domain_name": "growi-official-image-builder-cache.s3.ap-northeast-1.amazonaws.com",
+            "cors_rule": [],
+            "force_destroy": false,
+            "grant": [
+              {
+                "id": "16ace6e62ff20a38d91b231ba787c479a9d92a5863a4b9434d692324b9f2d255",
+                "permissions": [
+                  "FULL_CONTROL"
+                ],
+                "type": "CanonicalUser",
+                "uri": ""
+              }
+            ],
+            "hosted_zone_id": "Z2M4EHUR26P7ZW",
+            "id": "growi-official-image-builder-cache",
+            "lifecycle_rule": [],
+            "logging": [],
+            "object_lock_configuration": [],
+            "object_lock_enabled": false,
+            "policy": "",
+            "region": "ap-northeast-1",
+            "replication_configuration": [],
+            "request_payer": "BucketOwner",
+            "server_side_encryption_configuration": [],
+            "tags": null,
+            "tags_all": {},
+            "timeouts": null,
+            "versioning": [
+              {
+                "enabled": false,
+                "mfa_delete": false
+              }
+            ],
+            "website": [],
+            "website_domain": null,
+            "website_endpoint": null
+          },
+          "sensitive_attributes": [],
+          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjM2MDAwMDAwMDAwMDAsInJlYWQiOjEyMDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH19"
+        }
+      ]
+    },
+    {
+      "mode": "managed",
+      "type": "aws_s3_bucket_acl",
+      "name": "growi-official-image-builder-cache",
+      "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "access_control_policy": [
+              {
+                "grant": [
+                  {
+                    "grantee": [
+                      {
+                        "display_name": "yukiws",
+                        "email_address": "",
+                        "id": "16ace6e62ff20a38d91b231ba787c479a9d92a5863a4b9434d692324b9f2d255",
+                        "type": "CanonicalUser",
+                        "uri": ""
+                      }
+                    ],
+                    "permission": "FULL_CONTROL"
+                  }
+                ],
+                "owner": [
+                  {
+                    "display_name": "yukiws",
+                    "id": "16ace6e62ff20a38d91b231ba787c479a9d92a5863a4b9434d692324b9f2d255"
+                  }
+                ]
+              }
+            ],
+            "acl": "private",
+            "bucket": "growi-official-image-builder-cache",
+            "expected_bucket_owner": "",
+            "id": "growi-official-image-builder-cache,private"
+          },
+          "sensitive_attributes": [],
+          "private": "bnVsbA==",
+          "dependencies": [
+            "aws_s3_bucket.growi-official-image-builder-cache"
+          ]
+        }
+      ]
     }
   ],
   "check_results": null