Skip to content

Commit d208a62

Browse files
andrucchoandruccho
authored
Fixed deprecated aws_s3_bucket attributes (#293)
* fix deprecated s3 bucket attributes * add missed quotes * fix readme
1 parent 7507780 commit d208a62

File tree

4 files changed

+60
-18
lines changed

4 files changed

+60
-18
lines changed

README.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -433,9 +433,13 @@ Available targets:
433433
| [aws_cloudfront_distribution.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution) | resource |
434434
| [aws_cloudfront_origin_access_identity.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_origin_access_identity) | resource |
435435
| [aws_s3_bucket.origin](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource |
436+
| [aws_s3_bucket_acl.origin](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_acl) | resource |
437+
| [aws_s3_bucket_cors_configuration.origin](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_cors_configuration) | resource |
436438
| [aws_s3_bucket_ownership_controls.origin](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_ownership_controls) | resource |
437439
| [aws_s3_bucket_policy.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_policy) | resource |
438440
| [aws_s3_bucket_public_access_block.origin](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block) | resource |
441+
| [aws_s3_bucket_server_side_encryption_configuration.origin](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_server_side_encryption_configuration) | resource |
442+
| [aws_s3_bucket_versioning.origin](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_versioning) | resource |
439443
| [random_password.referer](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
440444
| [time_sleep.wait_for_aws_s3_bucket_settings](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |
441445
| [aws_iam_policy_document.combined](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
@@ -461,6 +465,7 @@ Available targets:
461465
| <a name="input_allowed_methods"></a> [allowed\_methods](#input\_allowed\_methods) | List of allowed methods (e.g. GET, PUT, POST, DELETE, HEAD) for AWS CloudFront | `list(string)` | <pre>[<br> "DELETE",<br> "GET",<br> "HEAD",<br> "OPTIONS",<br> "PATCH",<br> "POST",<br> "PUT"<br>]</pre> | no |
462466
| <a name="input_attributes"></a> [attributes](#input\_attributes) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,<br>in the order they appear in the list. New attributes are appended to the<br>end of the list. The elements of the list are joined by the `delimiter`<br>and treated as a single ID element. | `list(string)` | `[]` | no |
463467
| <a name="input_block_origin_public_access_enabled"></a> [block\_origin\_public\_access\_enabled](#input\_block\_origin\_public\_access\_enabled) | When set to 'true' the s3 origin bucket will have public access block enabled | `bool` | `false` | no |
468+
| <a name="input_bucket_versioning"></a> [bucket\_versioning](#input\_bucket\_versioning) | State of bucket versioning option | `string` | `"Disabled"` | no |
464469
| <a name="input_cache_policy_id"></a> [cache\_policy\_id](#input\_cache\_policy\_id) | The unique identifier of the existing cache policy to attach to the default cache behavior.<br>If not provided, this module will add a default cache policy using other provided inputs. | `string` | `null` | no |
465470
| <a name="input_cached_methods"></a> [cached\_methods](#input\_cached\_methods) | List of cached methods (e.g. GET, PUT, POST, DELETE, HEAD) | `list(string)` | <pre>[<br> "GET",<br> "HEAD"<br>]</pre> | no |
466471
| <a name="input_cloudfront_access_log_bucket_name"></a> [cloudfront\_access\_log\_bucket\_name](#input\_cloudfront\_access\_log\_bucket\_name) | When `cloudfront_access_log_create_bucket` is `false`, this is the name of the existing S3 Bucket where<br>Cloudfront Access Logs are to be delivered and is required. IGNORED when `cloudfront_access_log_create_bucket` is `true`. | `string` | `""` | no |

docs/terraform.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -32,9 +32,13 @@
3232
| [aws_cloudfront_distribution.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution) | resource |
3333
| [aws_cloudfront_origin_access_identity.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_origin_access_identity) | resource |
3434
| [aws_s3_bucket.origin](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource |
35+
| [aws_s3_bucket_acl.origin](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_acl) | resource |
36+
| [aws_s3_bucket_cors_configuration.origin](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_cors_configuration) | resource |
3537
| [aws_s3_bucket_ownership_controls.origin](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_ownership_controls) | resource |
3638
| [aws_s3_bucket_policy.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_policy) | resource |
3739
| [aws_s3_bucket_public_access_block.origin](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block) | resource |
40+
| [aws_s3_bucket_server_side_encryption_configuration.origin](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_server_side_encryption_configuration) | resource |
41+
| [aws_s3_bucket_versioning.origin](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_versioning) | resource |
3842
| [random_password.referer](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
3943
| [time_sleep.wait_for_aws_s3_bucket_settings](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |
4044
| [aws_iam_policy_document.combined](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
@@ -60,6 +64,7 @@
6064
| <a name="input_allowed_methods"></a> [allowed\_methods](#input\_allowed\_methods) | List of allowed methods (e.g. GET, PUT, POST, DELETE, HEAD) for AWS CloudFront | `list(string)` | <pre>[<br> "DELETE",<br> "GET",<br> "HEAD",<br> "OPTIONS",<br> "PATCH",<br> "POST",<br> "PUT"<br>]</pre> | no |
6165
| <a name="input_attributes"></a> [attributes](#input\_attributes) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,<br>in the order they appear in the list. New attributes are appended to the<br>end of the list. The elements of the list are joined by the `delimiter`<br>and treated as a single ID element. | `list(string)` | `[]` | no |
6266
| <a name="input_block_origin_public_access_enabled"></a> [block\_origin\_public\_access\_enabled](#input\_block\_origin\_public\_access\_enabled) | When set to 'true' the s3 origin bucket will have public access block enabled | `bool` | `false` | no |
67+
| <a name="input_bucket_versioning"></a> [bucket\_versioning](#input\_bucket\_versioning) | State of bucket versioning option | `string` | `"Disabled"` | no |
6368
| <a name="input_cache_policy_id"></a> [cache\_policy\_id](#input\_cache\_policy\_id) | The unique identifier of the existing cache policy to attach to the default cache behavior.<br>If not provided, this module will add a default cache policy using other provided inputs. | `string` | `null` | no |
6469
| <a name="input_cached_methods"></a> [cached\_methods](#input\_cached\_methods) | List of cached methods (e.g. GET, PUT, POST, DELETE, HEAD) | `list(string)` | <pre>[<br> "GET",<br> "HEAD"<br>]</pre> | no |
6570
| <a name="input_cloudfront_access_log_bucket_name"></a> [cloudfront\_access\_log\_bucket\_name](#input\_cloudfront\_access\_log\_bucket\_name) | When `cloudfront_access_log_create_bucket` is `false`, this is the name of the existing S3 Bucket where<br>Cloudfront Access Logs are to be delivered and is required. IGNORED when `cloudfront_access_log_create_bucket` is `true`. | `string` | `""` | no |

main.tf

Lines changed: 38 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -254,26 +254,9 @@ resource "aws_s3_bucket" "origin" {
254254
count = local.create_s3_origin_bucket ? 1 : 0
255255

256256
bucket = module.origin_label.id
257-
acl = "private"
258257
tags = module.origin_label.tags
259258
force_destroy = var.origin_force_destroy
260259

261-
dynamic "server_side_encryption_configuration" {
262-
for_each = var.encryption_enabled ? ["true"] : []
263-
264-
content {
265-
rule {
266-
apply_server_side_encryption_by_default {
267-
sse_algorithm = "AES256"
268-
}
269-
}
270-
}
271-
}
272-
273-
versioning {
274-
enabled = var.versioning_enabled
275-
}
276-
277260
dynamic "logging" {
278261
for_each = local.s3_access_logging_enabled ? [1] : []
279262
content {
@@ -291,6 +274,35 @@ resource "aws_s3_bucket" "origin" {
291274
routing_rules = lookup(website.value, "routing_rules", null)
292275
}
293276
}
277+
}
278+
279+
280+
resource "aws_s3_bucket_versioning" "origin" {
281+
count = local.create_s3_origin_bucket ? 1 : 0
282+
283+
bucket = one(aws_s3_bucket.origin).id
284+
285+
versioning_configuration {
286+
status = var.bucket_versioning
287+
}
288+
}
289+
290+
resource "aws_s3_bucket_server_side_encryption_configuration" "origin" {
291+
count = var.encryption_enabled && local.create_s3_origin_bucket ? 1 : 0
292+
293+
bucket = one(aws_s3_bucket.origin).id
294+
295+
rule {
296+
apply_server_side_encryption_by_default {
297+
sse_algorithm = "AES256"
298+
}
299+
}
300+
}
301+
302+
resource "aws_s3_bucket_cors_configuration" "origin" {
303+
count = local.create_s3_origin_bucket ? 1 : 0
304+
305+
bucket = one(aws_s3_bucket.origin).id
294306

295307
dynamic "cors_rule" {
296308
for_each = distinct(compact(concat(var.cors_allowed_origins, var.aliases, var.external_aliases)))
@@ -304,6 +316,15 @@ resource "aws_s3_bucket" "origin" {
304316
}
305317
}
306318

319+
resource "aws_s3_bucket_acl" "origin" {
320+
depends_on = [aws_s3_bucket_ownership_controls.origin]
321+
count = local.create_s3_origin_bucket ? 1 : 0
322+
323+
bucket = one(aws_s3_bucket.origin).id
324+
acl = "private"
325+
}
326+
327+
307328
resource "aws_s3_bucket_public_access_block" "origin" {
308329
count = (local.create_s3_origin_bucket || local.override_origin_bucket_policy) ? 1 : 0
309330

variables.tf

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -679,4 +679,15 @@ variable "http_version" {
679679
type = string
680680
default = "http2"
681681
description = "The maximum HTTP version to support on the distribution. Allowed values are http1.1, http2, http2and3 and http3"
682-
}
682+
}
683+
684+
variable "bucket_versioning" {
685+
type = string
686+
default = "Disabled"
687+
description = "State of bucket versioning option"
688+
689+
validation {
690+
condition = contains(["Enabled", "Disabled", "Suspended"], var.bucket_versioning)
691+
error_message = "Please choose one of 'Enabled', 'Disabled', or 'Suspended'"
692+
}
693+
}

0 commit comments

Comments
 (0)