Skip to content

Commit

Permalink
fix brackets
Browse files Browse the repository at this point in the history
  • Loading branch information
@badra001
badra001 committed Sep 24, 2020
1 parent 8aba073 commit 394d221
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 19 deletions.
1 change: 1 addition & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ No requirements.

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| access\_log\_bucket | Server Access Logging Bucket ID | `string` | n/a | yes |
| access\_log\_bucket\_prefix | Access log bucket prefix, to which the bucket name will be appended to make the target\_prefix | `string` | `"s3"` | no |
| bucket\_folders | List of folders (keys) to create after creation of bucket | `list(string)` | `[]` | no |
| bucket\_name | AWS Bucket Name | `string` | n/a | yes |
Expand Down
37 changes: 18 additions & 19 deletions main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,15 +16,15 @@ locals {
#aws_region = data.aws_region.current.name
#partition = data.aws_arn.current.partition
#name = (var.name != "" && var.name != null) ? var.name : format("k-kms-%v-%v", var.bucket_name, local.aws_region)
name = var.bucket_name
name = var.bucket_name

# kms_key_arn_exists = var.kms_key_arn != "" && var.kms_key_arn != null
kms_key_arn = aws_kms_key.key.arn
kms_key_name = format("%s%s", local._prefixes["kms"], var.bucket_name)

base_tags = {
# "boc:tf_module_version" = var._module_version
"boc:created_by" = "terraform"
# "boc:tf_module_version" = var._module_version
"boc:created_by" = "terraform"
}
}

Expand All @@ -41,7 +41,7 @@ resource "aws_s3_bucket" "this" {
kms_master_key_id = aws_kms_key.key.key_id
#kms_master_key_id = var.kms_key_id
#kms_master_key_id = "k-kms-", var.bucket_name
sse_algorithm = "aws:kms"
sse_algorithm = "aws:kms"
}
}
}
Expand Down Expand Up @@ -98,30 +98,30 @@ data "aws_iam_policy_document" "this" {
values = ["true"]
}
}
statement {
sid = "enforceSSL"
effect = "Deny"
actions = ["s3:*"]
statement {
sid = "enforceSSL"
effect = "Deny"
actions = ["s3:*"]
principals {
type = "AWS"
identifiers = ["*"]
type = "AWS"
identifiers = ["*"]
}
resources = [aws_s3_bucket.this.arn, "${aws_s3_bucket.this.arn}/*"]
resources = [aws_s3_bucket.this.arn, "${aws_s3_bucket.this.arn}/*"]
condition {
test = "Bool"
variable = "aws:SecureTransport"
values = ["false"]
test = "Bool"
variable = "aws:SecureTransport"
values = ["false"]
}
}

}

#---
# apply policy to bucket and public access block policy to bucket
#---
resource "aws_s3_bucket_policy" "policy" {
bucket = aws_s3_bucket.this.bucket
policy = data.aws_iam_policy_document.this.json
# depends_on = [null_resource.policy_delay]
bucket = aws_s3_bucket.this.bucket
policy = data.aws_iam_policy_document.this.json
# depends_on = [null_resource.policy_delay]
}

resource "aws_s3_bucket_public_access_block" "this" {
Expand Down Expand Up @@ -184,4 +184,3 @@ resource "aws_kms_alias" "key" {
name = "alias/${local.kms_key_name}"
target_key_id = aws_kms_key.key.key_id
}
}

0 comments on commit 394d221

Please sign in to comment.