diff --git a/.github/workflows/auto_assignee.yml b/.github/workflows/auto_assignee.yml index 3dbedbd..88ebb73 100644 --- a/.github/workflows/auto_assignee.yml +++ b/.github/workflows/auto_assignee.yml @@ -5,7 +5,7 @@ on: workflow_dispatch: jobs: assignee: - uses: clouddrove/github-shared-workflows/.github/workflows/auto_assignee.yml@1.0.5 + uses: clouddrove/github-shared-workflows/.github/workflows/auto_assignee.yml@1.0.6 secrets: GITHUB: ${{ secrets.GITHUB }} with: diff --git a/.github/workflows/changelog.yml b/.github/workflows/changelog.yml index af14ff7..7d9ffdf 100644 --- a/.github/workflows/changelog.yml +++ b/.github/workflows/changelog.yml @@ -7,7 +7,7 @@ on: workflow_dispatch: jobs: changelog: - uses: clouddrove/github-shared-workflows/.github/workflows/changelog.yml@1.0.5 + uses: clouddrove/github-shared-workflows/.github/workflows/changelog.yml@1.0.6 secrets: inherit with: branch: 'master' diff --git a/.github/workflows/tf-checks.yml b/.github/workflows/tf-checks.yml index 65ccd03..5fcc096 100644 --- a/.github/workflows/tf-checks.yml +++ b/.github/workflows/tf-checks.yml @@ -6,34 +6,34 @@ on: workflow_dispatch: jobs: tf-checks-complete-example: - uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.0.5 + uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.0.6 with: working_directory: './_example/complete/' tf-checks-cors_s3-example: - uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.0.5 + uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.0.6 with: working_directory: './_example/cors_s3/' tf-checks-default-s3-example: - uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.0.5 + uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.0.6 with: working_directory: './_example/default-s3/' tf-checks-encryption-s3-example: - uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master + uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.0.6 with: working_directory: './_example/encryption-s3/' tf-checks-logging-encryption-s3-example: - uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.0.5 + uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.0.6 with: working_directory: './_example/logging-encryption-s3/' tf-checks-logging-s3-example: - uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.0.5 + uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.0.6 with: working_directory: './_example/logging-s3/' tf-checks-s3-replication-example: - uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.0.5 + uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.0.6 with: working_directory: './_example/s3-replication/' tf-checks-website-s3-example: - uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.0.5 + uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.0.6 with: working_directory: './_example/website-s3/' \ No newline at end of file diff --git a/.github/workflows/tflint.yml b/.github/workflows/tflint.yml index a92aebb..7c664c9 100644 --- a/.github/workflows/tflint.yml +++ b/.github/workflows/tflint.yml @@ -6,6 +6,6 @@ on: workflow_dispatch: jobs: tf-lint: - uses: clouddrove/github-shared-workflows/.github/workflows/tf-lint.yml@1.0.5 + uses: clouddrove/github-shared-workflows/.github/workflows/tf-lint.yml@1.0.6 secrets: GITHUB: ${{ secrets.GITHUB }} diff --git a/.github/workflows/tfsec.yml b/.github/workflows/tfsec.yml index afe0d2c..cf75492 100644 --- a/.github/workflows/tfsec.yml +++ b/.github/workflows/tfsec.yml @@ -5,7 +5,7 @@ on: workflow_dispatch: jobs: tfsec: - uses: clouddrove/github-shared-workflows/.github/workflows/tfsec.yml@1.0.5 + uses: clouddrove/github-shared-workflows/.github/workflows/tfsec.yml@1.0.6 secrets: inherit with: working_directory: '.' \ No newline at end of file diff --git a/_example/complete/example.tf b/_example/complete/example.tf index d68cf5a..d008013 100644 --- a/_example/complete/example.tf +++ b/_example/complete/example.tf @@ -1,6 +1,6 @@ -####---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- ## Provider block added, Use the Amazon Web Services (AWS) provider to interact with the many resources supported by AWS. -####---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- provider "aws" { region = "eu-west-1" } @@ -12,9 +12,9 @@ locals { } data "aws_canonical_user_id" "current" {} -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- ## Provides details about a specific S3 bucket. -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- module "logging_bucket" { source = "./../../" @@ -49,9 +49,9 @@ module "subnets" { ipv6_cidr_block = module.vpc.ipv6_cidr_block } -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- ## Below resources will create KMS-KEY and its components. -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- module "kms_key" { source = "clouddrove/kms/aws" version = "1.3.1" @@ -67,9 +67,9 @@ module "kms_key" { policy = data.aws_iam_policy_document.default.json } -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- ## Generates an IAM policy document in JSON format for use with resources that expect policy documents such as aws_iam_policy. -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- data "aws_iam_policy_document" "default" { version = "2012-10-17" statement { @@ -84,9 +84,9 @@ data "aws_iam_policy_document" "default" { } } -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- ## Provides details about a specific S3 bucket. -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- module "s3_bucket" { source = "./../../" diff --git a/_example/cors_s3/example.tf b/_example/cors_s3/example.tf index 8abe526..185868a 100644 --- a/_example/cors_s3/example.tf +++ b/_example/cors_s3/example.tf @@ -1,6 +1,6 @@ -####---------------------------------------------------------------------------------- +####----------------------------------------------------------------------------- ## Provider block added, Use the Amazon Web Services (AWS) provider to interact with the many resources supported by AWS. -####---------------------------------------------------------------------------------- +####----------------------------------------------------------------------------- provider "aws" { region = "eu-west-1" } @@ -10,9 +10,9 @@ locals { label_order = ["name", "environment"] } -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- ## Provides details about a specific S3 bucket. -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- module "s3_bucket" { source = "./../../" diff --git a/_example/default-s3/example.tf b/_example/default-s3/example.tf index edb86d4..feec148 100644 --- a/_example/default-s3/example.tf +++ b/_example/default-s3/example.tf @@ -1,6 +1,6 @@ -####---------------------------------------------------------------------------------- +####----------------------------------------------------------------------------- ## Provider block added, Use the Amazon Web Services (AWS) provider to interact with the many resources supported by AWS. -####---------------------------------------------------------------------------------- +####----------------------------------------------------------------------------- provider "aws" { region = "eu-west-1" } @@ -10,9 +10,9 @@ locals { label_order = ["name", "environment"] } -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- ## Provides details about a default S3 bucket. -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- module "s3_bucket" { source = "./../../" diff --git a/_example/encryption-s3/example.tf b/_example/encryption-s3/example.tf index e64b212..714b557 100644 --- a/_example/encryption-s3/example.tf +++ b/_example/encryption-s3/example.tf @@ -1,6 +1,6 @@ -####---------------------------------------------------------------------------------- +####----------------------------------------------------------------------------- ## Provider block added, Use the Amazon Web Services (AWS) provider to interact with the many resources supported by AWS. -####---------------------------------------------------------------------------------- +####----------------------------------------------------------------------------- provider "aws" { region = "eu-west-1" } @@ -10,9 +10,9 @@ locals { label_order = ["name", "environment"] } -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- ## Below resources will create KMS-KEY and its components. -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- module "kms_key" { source = "clouddrove/kms/aws" version = "1.3.1" @@ -28,9 +28,9 @@ module "kms_key" { policy = data.aws_iam_policy_document.default.json } -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- ## Generates an IAM policy document in JSON format for use with resources that expect policy documents such as aws_iam_policy. -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- data "aws_iam_policy_document" "default" { version = "2012-10-17" statement { @@ -45,9 +45,9 @@ data "aws_iam_policy_document" "default" { } } -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- ## Provides details about a specific S3 bucket. -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- module "s3_bucket" { source = "./../../" diff --git a/_example/logging-encryption-s3/example.tf b/_example/logging-encryption-s3/example.tf index 09020ba..0fb49aa 100644 --- a/_example/logging-encryption-s3/example.tf +++ b/_example/logging-encryption-s3/example.tf @@ -1,6 +1,6 @@ -####---------------------------------------------------------------------------------- +####----------------------------------------------------------------------------- ## Provider block added, Use the Amazon Web Services (AWS) provider to interact with the many resources supported by AWS. -####---------------------------------------------------------------------------------- +####----------------------------------------------------------------------------- provider "aws" { region = "eu-west-1" } @@ -10,9 +10,9 @@ locals { label_order = ["name", "environment"] } -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- ## Provides details about a logging S3 bucket. -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- module "logging_bucket" { source = "./../../" @@ -23,9 +23,9 @@ module "logging_bucket" { acl = "log-delivery-write" } -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- ## Below resources will create KMS-KEY and its components. -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- module "kms_key" { source = "clouddrove/kms/aws" version = "1.3.1" @@ -41,9 +41,9 @@ module "kms_key" { policy = data.aws_iam_policy_document.default.json } -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- ## Generates an IAM policy document in JSON format for use with resources that expect policy documents such as aws_iam_policy. -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- data "aws_iam_policy_document" "default" { version = "2012-10-17" statement { @@ -58,9 +58,9 @@ data "aws_iam_policy_document" "default" { } } -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- ## Provides details about a specific S3 bucket. -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- module "s3_bucket" { source = "./../../" diff --git a/_example/logging-s3/example.tf b/_example/logging-s3/example.tf index 2446874..91052d7 100644 --- a/_example/logging-s3/example.tf +++ b/_example/logging-s3/example.tf @@ -1,6 +1,6 @@ -####---------------------------------------------------------------------------------- +####----------------------------------------------------------------------------- ## Provider block added, Use the Amazon Web Services (AWS) provider to interact with the many resources supported by AWS. -####---------------------------------------------------------------------------------- +####----------------------------------------------------------------------------- provider "aws" { region = "eu-west-1" } @@ -10,9 +10,9 @@ locals { label_order = ["name", "environment"] } -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- ## Provides details about a logging S3 bucket. -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- module "logging_bucket" { source = "./../../" @@ -23,9 +23,9 @@ module "logging_bucket" { acl = "log-delivery-write" } -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- ## Provides details about a specific S3 bucket. -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- module "s3_bucket" { source = "./../../" diff --git a/_example/s3-replication/example.tf b/_example/s3-replication/example.tf index be4e5df..b1306cb 100644 --- a/_example/s3-replication/example.tf +++ b/_example/s3-replication/example.tf @@ -1,6 +1,6 @@ -####---------------------------------------------------------------------------------- +####----------------------------------------------------------------------------- ## Provider block added, Use the Amazon Web Services (AWS) provider to interact with the many resources supported by AWS. -####---------------------------------------------------------------------------------- +####----------------------------------------------------------------------------- provider "aws" { region = "eu-west-1" } @@ -17,18 +17,18 @@ locals { label_order = ["name", "environment"] } -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- ## Below resources will create KMS-KEY and its components. -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- resource "aws_kms_key" "replica" { provider = aws.replica description = "S3 bucket replication KMS key" deletion_window_in_days = 7 } -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- ## Provides details about a replica S3 bucket. -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- module "replica_bucket" { source = "../../" @@ -42,9 +42,9 @@ module "replica_bucket" { acl = "private" versioning = true } -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- ## Provides details about a specific S3 bucket. -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- module "s3_bucket" { source = "../../" @@ -137,9 +137,9 @@ module "s3_bucket" { } } -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- ## Provides an IAM role. -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- resource "aws_iam_role" "replication" { name = "s3-bucket-replication-${module.replica_bucket.id}" @@ -160,9 +160,9 @@ resource "aws_iam_role" "replication" { POLICY } -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- ## Generates an IAM policy in JSON format for use with resources that expect policy documents such as aws_iam_policy. -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- resource "aws_iam_policy" "replication" { name = "s3-bucket-replication-${module.replica_bucket.id}" @@ -203,9 +203,9 @@ resource "aws_iam_policy" "replication" { POLICY } -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- ## Attaches a Managed IAM Policy to user(s), role(s), and/or group(s). -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- resource "aws_iam_policy_attachment" "replication" { name = "s3-bucket-replication-${module.replica_bucket.id}" roles = [aws_iam_role.replication.name] diff --git a/_example/website-s3/example.tf b/_example/website-s3/example.tf index 1585b69..4865766 100644 --- a/_example/website-s3/example.tf +++ b/_example/website-s3/example.tf @@ -1,6 +1,6 @@ -####---------------------------------------------------------------------------------- +####----------------------------------------------------------------------------- ## Provider block added, Use the Amazon Web Services (AWS) provider to interact with the many resources supported by AWS. -####---------------------------------------------------------------------------------- +####----------------------------------------------------------------------------- provider "aws" { region = "eu-west-1" } @@ -10,9 +10,9 @@ locals { label_order = ["name", "environment"] } -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- ## Provides details about a specific S3 bucket. -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- module "s3_bucket" { source = "./../../" @@ -94,9 +94,9 @@ module "s3_bucket" { aws_iam_policy_document = data.aws_iam_policy_document.default.json } -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- ## Generates an IAM policy document in JSON format for use with resources that expect policy documents such as aws_iam_policy. -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- data "aws_iam_policy_document" "default" { version = "2012-10-17" statement { diff --git a/main.tf b/main.tf index f0e8541..b321cc8 100644 --- a/main.tf +++ b/main.tf @@ -1,6 +1,6 @@ -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- ## Labels module callled that will be used for naming and tags. -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- module "labels" { source = "clouddrove/labels/aws" version = "1.3.0" @@ -11,9 +11,9 @@ module "labels" { label_order = var.label_order } -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- ## Terraform resource to create S3 bucket with different combination type specific features. -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- #tfsec:ignore:aws-s3-enable-bucket-encryption #tfsec:ignore:aws-s3-encryption-customer-key #tfsec:ignore:aws-s3-enable-bucket-logging @@ -28,9 +28,9 @@ resource "aws_s3_bucket" "s3_default" { tags = module.labels.tags } -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- ## Terraform resource which creates policy for S3 bucket on AWS. -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- resource "aws_s3_bucket_policy" "s3_default" { count = var.bucket_policy == true ? 1 : 0 bucket = join("", aws_s3_bucket.s3_default[*].id) @@ -67,9 +67,9 @@ resource "aws_s3_bucket_policy" "block-http" { ] }) } -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- ## Provides an S3 bucket accelerate configuration resource. -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- resource "aws_s3_bucket_accelerate_configuration" "example" { count = var.enabled && var.acceleration_status == true ? 1 : 0 bucket = join("", aws_s3_bucket.s3_default[*].id) @@ -77,9 +77,9 @@ resource "aws_s3_bucket_accelerate_configuration" "example" { status = var.configuration_status } -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- ## Provides an S3 bucket request payment configuration resource. -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- resource "aws_s3_bucket_request_payment_configuration" "example" { count = var.enabled && var.request_payer == true ? 1 : 0 @@ -88,10 +88,10 @@ resource "aws_s3_bucket_request_payment_configuration" "example" { payer = lower(var.request_payer) == "requester" ? "Requester" : "BucketOwner" } -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- ## Provides a resource for controlling versioning on an S3 bucket. ## Deleting this resource will either suspend versioning on the associated S3 bucket or simply remove the resource from Terraform state if the associated S3 bucket is unversioned. -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- resource "aws_s3_bucket_versioning" "example" { count = var.enabled && var.versioning == true ? 1 : 0 @@ -104,9 +104,9 @@ resource "aws_s3_bucket_versioning" "example" { } } -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- ## Provides an S3 bucket (server access) logging resource. -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- resource "aws_s3_bucket_logging" "example" { count = var.enabled && var.logging == true ? 1 : 0 bucket = join("", aws_s3_bucket.s3_default[*].id) @@ -115,9 +115,9 @@ resource "aws_s3_bucket_logging" "example" { target_prefix = var.target_prefix } -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- ## Provides a S3 bucket server-side encryption configuration resource. -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- resource "aws_s3_bucket_server_side_encryption_configuration" "example" { count = var.enabled && var.enable_server_side_encryption == true ? 1 : 0 bucket = join("", aws_s3_bucket.s3_default[*].id) @@ -131,9 +131,9 @@ resource "aws_s3_bucket_server_side_encryption_configuration" "example" { } } -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- ## Provides an S3 bucket Object Lock configuration resource. -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- resource "aws_s3_bucket_object_lock_configuration" "example" { count = var.enabled && var.object_lock_enabled && var.object_lock_configuration != null ? 1 : 0 @@ -150,9 +150,9 @@ resource "aws_s3_bucket_object_lock_configuration" "example" { } } -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- ## Provides an S3 bucket CORS configuration resource. -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- resource "aws_s3_bucket_cors_configuration" "example" { count = var.enabled && var.cors_rule != null ? 1 : 0 @@ -173,9 +173,9 @@ resource "aws_s3_bucket_cors_configuration" "example" { } } -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- ## Provides an S3 bucket website configuration resource. -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- resource "aws_s3_bucket_website_configuration" "this" { count = var.enabled && length(keys(var.website)) > 0 ? 1 : 0 @@ -245,9 +245,9 @@ locals { ]) } -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- ## Provides an S3 bucket ACL resource. -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- resource "aws_s3_bucket_acl" "default" { count = var.enabled ? var.grants != null ? var.acl != null ? 1 : 0 : 0 : 0 bucket = join("", aws_s3_bucket.s3_default[*].id) @@ -281,9 +281,9 @@ resource "aws_s3_bucket_acl" "default" { } } -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- ## Provides an independent configuration resource for S3 bucket lifecycle configuration. -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- resource "aws_s3_bucket_lifecycle_configuration" "default" { count = var.enabled && var.enable_lifecycle_configuration_rules == true ? 1 : 0 bucket = join("", aws_s3_bucket.s3_default[*].id) @@ -391,9 +391,9 @@ resource "aws_s3_bucket_lifecycle_configuration" "default" { ] } -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- ## Provides an independent configuration resource for S3 bucket replication configuration. -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- resource "aws_s3_bucket_replication_configuration" "this" { count = var.enabled && length(keys(var.replication_configuration)) > 0 ? 1 : 0 @@ -558,9 +558,9 @@ resource "aws_s3_bucket_replication_configuration" "this" { depends_on = [aws_s3_bucket_versioning.example] } -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- ## Manages S3 bucket-level Public Access Block configuration. -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- resource "aws_s3_bucket_public_access_block" "this" { count = var.enabled && var.attach_public_policy ? 1 : 0 bucket = aws_s3_bucket.s3_default[0].id @@ -570,9 +570,9 @@ resource "aws_s3_bucket_public_access_block" "this" { restrict_public_buckets = var.restrict_public_buckets } -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- ## Provides a resource to manage S3 Bucket Ownership Controls. -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- resource "aws_s3_bucket_ownership_controls" "this" { count = var.enabled && var.control_object_ownership ? 1 : 0 @@ -589,9 +589,9 @@ resource "aws_s3_bucket_ownership_controls" "this" { ] } -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- ## Tiering automatically stores objects in three access tiers: one tier optimized for frequent access, a lower-cost tier optimized for infrequent access, and a very-low-cost tier optimized for rarely accessed data. -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- resource "aws_s3_bucket_intelligent_tiering_configuration" "this" { for_each = { for k, v in var.intelligent_tiering : k => v if var.enabled } @@ -724,9 +724,9 @@ resource "aws_s3_bucket_analytics_configuration" "default" { } } -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- ## VPC Endpoint resource for S3. -##---------------------------------------------------------------------------------- +##----------------------------------------------------------------------------- data "aws_vpc_endpoint_service" "s3" { for_each = { for ep in var.vpc_endpoints : ep.endpoint_count => ep } service = "s3"