refactor for aws provider v4

terraform-modules · May 7, 2022 · 16e308b · 16e308b
1 parent f6aac36
commit 16e308b
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 13 deletions.
diff --git a/s3-flow-logs/README.md b/s3-flow-logs/README.md
@@ -58,8 +58,12 @@ No modules.
 | Name | Type |
 |------|------|
 | [aws_s3_bucket.flowlogs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource |
+| [aws_s3_bucket_acl.flowlogs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_acl) | resource |
+| [aws_s3_bucket_ownership_controls.flowlogs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_ownership_controls) | resource |
 | [aws_s3_bucket_policy.flowlogs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_policy) | resource |
 | [aws_s3_bucket_public_access_block.flowlogs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block) | resource |
+| [aws_s3_bucket_server_side_encryption_configuration.flowlogs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_server_side_encryption_configuration) | resource |
+| [aws_s3_bucket_versioning.flowlogs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_versioning) | resource |
 | [null_resource.policy_delay](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
 | [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |

diff --git a/s3-flow-logs/main.tf b/s3-flow-logs/main.tf
@@ -64,19 +64,6 @@ resource "aws_s3_bucket" "flowlogs" {
   # need to create the inf_ key used for infrastucture things like
   # vpc flow, cloudtrail, config, sns, sqs
 
-  server_side_encryption_configuration {
-    rule {
-      apply_server_side_encryption_by_default {
-        #        kms_master_key_id = local.inf_key_arn
-        sse_algorithm = "aws:kms"
-      }
-    }
-  }
-
-  versioning {
-    enabled = false
-  }
-
   lifecycle {
     prevent_destroy = true
     ignore_changes  = [tags["boc:tf_module_version"]]
@@ -121,3 +108,39 @@ resource "null_resource" "policy_delay" {
     command = "sleep 120"
   }
 }
+
+resource "aws_s3_bucket_ownership_controls" "flowlogs" {
+  bucket = aws_s3_bucket.flowlogs.id
+  rule {
+    object_ownership = "BucketOwnerEnforced"
+  }
+}
+
+resource "aws_s3_bucket_acl" "flowlogs" {
+  count  = 0
+  bucket = aws_s3_bucket.flowlogs.id
+  acl    = "private"
+}
+
+## resource "aws_s3_bucket_logging" "flowlogs" {
+##   bucket        = aws_s3_bucket.flowlogs.id
+##   target_bucket = var.access_log_bucket
+##   target_prefix = format("%s/%s/", var.access_log_bucket_prefix, local.bucket_name)
+## }
+
+
+resource "aws_s3_bucket_server_side_encryption_configuration" "flowlogs" {
+  bucket = aws_s3_bucket.flowlogs.id
+  rule {
+    apply_server_side_encryption_by_default {
+      sse_algorithm = "aws:kms"
+    }
+  }
+}
+
+resource "aws_s3_bucket_versioning" "flowlogs" {
+  bucket = aws_s3_bucket.flowlogs.id
+  versioning_configuration {
+    status = "Disabled"
+  }
+}