kubukoz · July 30, 2025 20:56
diff --git a/Main.scala b/Main.scala
 import besom.api.aws.iam._
 import besom.api.aws.s3._
 import besom._
 import besom.api.aws.s3.inputs.BucketLifecycleRuleArgs
 import besom.api.aws.s3.inputs.BucketLifecycleRuleExpirationArgs
 import besom.json._
 import besom.api.aws.s3.inputs.BucketLifecycleRuleTransitionArgs

 @main def main = Pulumi.run {
  val bucket = Bucket(
    "ha-backups",
    BucketArgs(
      lifecycleRules = Some(
        List(
          BucketLifecycleRuleArgs(
            enabled = true,
            expiration = Some(BucketLifecycleRuleExpirationArgs(days = 30)),
            id = Some("expire-old-backups"),
            transitions = Some(
              List(
                // move to Glacier Immediate Retrieval immediately
                BucketLifecycleRuleTransitionArgs(
                  days = 0,
                  storageClass = "GLACIER_IR"
                )
              )
            )
          )
        )
      )
    )
  )

  val haUser = User("home-assistant-backup-user")

  val policy = Policy(
    "ha-s3-backup-policy",
    PolicyArgs(
      policy = json"""{
        "Version": "2012-10-17",
        "Statement": [
          {
            "Sid": "AllowS3BackupOperations",
            "Effect": "Allow",
            "Action": [
              "s3:ListBucket",
              "s3:GetObject",
              "s3:PutObject",
              "s3:DeleteObject",
              "s3:AbortMultipartUpload"
            ],
            "Resource": [
              ${bucket.arn},
              ${bucket.arn.map(_ + "/*")}
            ]
          }
        ]
      }""".map(_.prettyPrint)
    )
  )

  val attachment = UserPolicyAttachment(
    "ha-backup-user-policy-attachment",
    UserPolicyAttachmentArgs(
      user = haUser.name,
      policyArn = policy.arn
    )
  )

  val accessKey = AccessKey(
    "ha-user-access-key",
    AccessKeyArgs(
      user = haUser.name
    )
  )

  Stack(attachment).exports(
    bucketId = bucket.id,
    accessKeyId = accessKey.id,
    secretAccessKey = accessKey.secret
  )
 }
	import besom.api.aws.iam._
	import besom.api.aws.s3._
	import besom._
	import besom.api.aws.s3.inputs.BucketLifecycleRuleArgs
	import besom.api.aws.s3.inputs.BucketLifecycleRuleExpirationArgs
	import besom.json._
	import besom.api.aws.s3.inputs.BucketLifecycleRuleTransitionArgs

	@main def main = Pulumi.run {
	val bucket = Bucket(
	"ha-backups",
	BucketArgs(
	lifecycleRules = Some(
	List(
	BucketLifecycleRuleArgs(
	enabled = true,
	expiration = Some(BucketLifecycleRuleExpirationArgs(days = 30)),
	id = Some("expire-old-backups"),
	transitions = Some(
	List(
	// move to Glacier Immediate Retrieval immediately
	BucketLifecycleRuleTransitionArgs(
	days = 0,
	storageClass = "GLACIER_IR"
	)
	)
	)
	)
	)
	)
	)
	)

	val haUser = User("home-assistant-backup-user")

	val policy = Policy(
	"ha-s3-backup-policy",
	PolicyArgs(
	policy = json"""{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Sid": "AllowS3BackupOperations",
	"Effect": "Allow",
	"Action": [
	"s3:ListBucket",
	"s3:GetObject",
	"s3:PutObject",
	"s3:DeleteObject",
	"s3:AbortMultipartUpload"
	],
	"Resource": [
	${bucket.arn},
	${bucket.arn.map(_ + "/*")}
	]
	}
	]
	}""".map(_.prettyPrint)
	)
	)

	val attachment = UserPolicyAttachment(
	"ha-backup-user-policy-attachment",
	UserPolicyAttachmentArgs(
	user = haUser.name,
	policyArn = policy.arn
	)
	)

	val accessKey = AccessKey(
	"ha-user-access-key",
	AccessKeyArgs(
	user = haUser.name
	)
	)

	Stack(attachment).exports(
	bucketId = bucket.id,
	accessKeyId = accessKey.id,
	secretAccessKey = accessKey.secret
	)
	}