feat: add vault terraform user

infrastructure/main.tf

@@ -0,0 +1,25 @@
+terraform {
+  required_providers {
+    minio = {
+      source  = "aminueza/minio"
+      version = ">= 1.0.0"
+    }
+  }
+  backend "s3" {
+    bucket                      = "vault-state"
+    key                         = "terraform.tfstate"
+    region                      = "eu-west-1"
+    endpoint                    = "api-minio.front.kjuulh.io"
+    skip_credentials_validation = true
+    #skip_metadata_api_check     = true
+    force_path_style = true
+  }
+  required_version = ">= 0.13"
+}
+
+provider "minio" {
+  minio_server   = var.minio_server
+  minio_region   = var.minio_region
+  minio_user     = var.minio_user
+  minio_password = var.minio_password
+}

infrastructure/variables.tf

@@ -0,0 +1,17 @@
+variable "minio_region" {
+  description = "Default MINIO region"
+  default     = "us-east-1"
+}
+
+variable "minio_server" {
+  description = "Default MINIO host and port"
+  default     = "api-minio.front.kjuulh.io:443"
+}
+
+variable "minio_user" {
+  description = "MINIO user"
+}
+
+variable "minio_password" {
+  description = "MINIO password"
+}

infrastructure/vault.tf

@@ -0,0 +1,26 @@
+resource "minio_iam_user" "vault" {
+  name = "vault_user"
+}
+
+resource "minio_s3_bucket" "vault" {
+  bucket = "vault"
+  acl    = "private"
+}
+
+resource "minio_s3_bucket_policy" "vault" {
+  depends_on = [minio_s3_bucket.vault]
+  bucket     = minio_s3_bucket.vault.bucket
+  policy     = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {"AWS": ["*"]},
+      "Resource": ["${minio_s3_bucket.vault.arn}"],
+      "Action": ["s3:ListBucket"]
+    }
+  ]
+}
+EOF
+}