From f6aac36f9eb8895551f3ab6c0c00ad6ad53abf1d Mon Sep 17 00:00:00 2001
From: badra001 <donald.e.badrak.ii@census.gov>
Date: Fri, 6 May 2022 20:00:19 -0400
Subject: [PATCH] refactor for aws provider v4

---
 config/README.md |  4 ++++
 config/s3.tf     | 50 ++++++++++++++++++++++++++++++++++--------------
 2 files changed, 40 insertions(+), 14 deletions(-)

diff --git a/config/README.md b/config/README.md
index e1570a4..bf15395 100644
--- a/config/README.md
+++ b/config/README.md
@@ -54,7 +54,11 @@ No modules.
 | [aws_iam_role.config](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
 | [aws_iam_role_policy_attachment.config](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
 | [aws_s3_bucket.config](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource |
+| [aws_s3_bucket_acl.config](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_acl) | resource |
+| [aws_s3_bucket_ownership_controls.config](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_ownership_controls) | resource |
 | [aws_s3_bucket_public_access_block.config](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block) | resource |
+| [aws_s3_bucket_server_side_encryption_configuration.config](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_server_side_encryption_configuration) | resource |
+| [aws_s3_bucket_versioning.config](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_versioning) | resource |
 | [aws_sns_topic.config](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic) | resource |
 | [aws_sns_topic_policy.config](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic_policy) | resource |
 | [aws_sns_topic_subscription.config](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic_subscription) | resource |
diff --git a/config/s3.tf b/config/s3.tf
index 0b8ea57..2c2f0fb 100644
--- a/config/s3.tf
+++ b/config/s3.tf
@@ -3,20 +3,7 @@
 #---
 resource "aws_s3_bucket" "config" {
   bucket = local.bucket_name
-  acl    = "private"
-
-  # uses aws/kms key so log delivery works properly
-  server_side_encryption_configuration {
-    rule {
-      apply_server_side_encryption_by_default {
-        sse_algorithm = "aws:kms"
-      }
-    }
-  }
-
-  versioning {
-    enabled = false
-  }
+  #  acl    = "private"
 
   lifecycle {
     prevent_destroy = true
@@ -46,3 +33,38 @@ resource "aws_s3_bucket_public_access_block" "config" {
   restrict_public_buckets = true
 }
 
+
+resource "aws_s3_bucket_ownership_controls" "config" {
+  bucket = aws_s3_bucket.config.id
+  rule {
+    object_ownership = "BucketOwnerEnforced"
+  }
+}
+
+resource "aws_s3_bucket_acl" "config" {
+  count  = 0
+  bucket = aws_s3_bucket.config.id
+  acl    = "private"
+}
+
+## resource "aws_s3_bucket_logging" "config" {
+##   bucket        = aws_s3_bucket.config.id
+##   target_bucket = var.access_log_bucket
+##   target_prefix = format("%s/%s/", var.access_log_bucket_prefix, local.bucket_name)
+## }
+
+resource "aws_s3_bucket_server_side_encryption_configuration" "config" {
+  bucket = aws_s3_bucket.config.id
+  rule {
+    apply_server_side_encryption_by_default {
+      sse_algorithm = "aws:kms"
+    }
+  }
+}
+
+resource "aws_s3_bucket_versioning" "config" {
+  bucket = aws_s3_bucket.config.id
+  versioning_configuration {
+    status = "Disabled"
+  }
+}