Create S3 bucket for Rustup build artifacts

A new S3 bucket is being created as part of the effort to rebuild the
Rustup release process. The bucket will store the build artifacts for
Rustup, which the GitHub Actions in rust-lang/rustup will produce.

Since the bucket is tied to a GitHub repository, only a single bucket in
the production environment is being created.

Author: jdno

terragrunt/accounts/legacy/rustup-prod/rustup/terragrunt.hcl

@@ -0,0 +1,8 @@
+terraform {
+  source = "git::../../../../..//terragrunt/modules/rustup?ref=${trimspace(file("../deployed-ref"))}"
+}
+
+include {
+  path           = find_in_parent_folders()
+  merge_strategy = "deep"
+}

terragrunt/modules/rustup/_terraform.tf

@@ -0,0 +1,11 @@
+terraform {
+  required_version = "~> 1.0"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4.20"
+    }
+  }
+}
+

terragrunt/modules/rustup/s3.tf

@@ -0,0 +1,32 @@
+# The rust-lang/rustup repository on GitHub builds and uploads Rustup artifacts
+# to this S3 bucket.
+resource "aws_s3_bucket" "builds" {
+  provider = aws.us-east-1
+
+  bucket = "rustup-builds"
+}
+
+module "aws_iam_user" {
+  source = "../gha-iam-user"
+  org    = "rust-lang"
+  repo   = "rustup"
+}
+
+data "aws_iam_policy_document" "upload_builds" {
+  statement {
+    sid    = "WriteToRustupBuilds"
+    effect = "Allow"
+
+    actions = [
+      "s3:PutObject",
+    ]
+
+    resources = ["${aws_s3_bucket.builds.arn}/*"]
+  }
+}
+
+resource "aws_iam_user_policy" "upload_builds" {
+  name   = "upload-rustup-builds"
+  user   = module.aws_iam_user.user_name
+  policy = data.aws_iam_policy_document.upload_builds.json
+}