This works with the Terraform AWS provider 4.x, released 2022-02.

* 3.0.0 -- 2022-03-23 - refactor the S3 resources out of the aws_s3_bucket into their own resources based on [docs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/guides/version-4-upgrade#s3-bucket-refactor) - aws_s3_bucket_acl - aws_s3_bucket_logging - aws_s3_bucket_server_side_encryption_configuration - aws_s3_bucket_versioning - prep new resources (commented) - aws_s3_bucket_lifecycle_configuration - aws_s3_bucket_object_lock_configuration
terraform-modules · Mar 23, 2022 · 51cb6ff · 51cb6ff
1 parent 1bfde83
commit 51cb6ff
Show file tree

Hide file tree

Showing 4 changed files with 103 additions and 21 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -17,6 +17,8 @@ Provides standard and t26 S3 bucket construction.
 
 ## Version 2.x
 
+This works with the Terraform AWS provider 3.x.
+
 * 2.0 -- 20201104
   - change to aws-s3
   - create submodules `standard` and `title26`
@@ -73,3 +75,17 @@ Provides standard and t26 S3 bucket construction.
   - add outputs
     - s3_requested_bucket_name
     - s3_module_settings
+
+## Version 3.x
+
+This works with the Terraform AWS provider 4.x, released 2022-02.
+
+* 3.0.0 -- 2022-03-23
+  - refactor the S3 resources out of the aws_s3_bucket into their own resources based on [docs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/guides/version-4-upgrade#s3-bucket-refactor)
+    - aws_s3_bucket_acl
+    - aws_s3_bucket_logging
+    - aws_s3_bucket_server_side_encryption_configuration
+    - aws_s3_bucket_versioning
+  - prep new resources (commented)
+    - aws_s3_bucket_lifecycle_configuration
+    - aws_s3_bucket_object_lock_configuration
diff --git a/common/resources.tf b/common/resources.tf
@@ -45,31 +45,32 @@ locals {
 
 #---
 # s3 bucket
+#   see: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/guides/version-4-upgrade#s3-bucket-refactor 
 #---
 resource "aws_s3_bucket" "this" {
-  bucket        = local.bucket_name
-  acl           = "private"
+  bucket = local.bucket_name
+  ##  acl           = "private"
   force_destroy = var.force_destroy
 
-  server_side_encryption_configuration {
-    rule {
-      apply_server_side_encryption_by_default {
-        #        kms_master_key_id = aws_kms_key.key.arn
-        kms_master_key_id = local.kms_key_arn
-        sse_algorithm     = "aws:kms"
-      }
-      bucket_key_enabled = var.bucket_key_enabled
-    }
-  }
+  ##   server_side_encryption_configuration {
+  ##     rule {
+  ##       apply_server_side_encryption_by_default {
+  ##         #        kms_master_key_id = aws_kms_key.key.arn
+  ##         kms_master_key_id = local.kms_key_arn
+  ##         sse_algorithm     = "aws:kms"
+  ##       }
+  ##       bucket_key_enabled = var.bucket_key_enabled
+  ##     }
+  ##   }
 
-  versioning {
-    enabled = local.versioning
-  }
+  ##   versioning {
+  ##     enabled = local.versioning
+  ##   }
 
-  logging {
-    target_bucket = var.access_log_bucket
-    target_prefix = format("%s/%s/", var.access_log_bucket_prefix, local.bucket_name)
-  }
+  ##   logging {
+  ##     target_bucket = var.access_log_bucket
+  ##     target_prefix = format("%s/%s/", var.access_log_bucket_prefix, local.bucket_name)
+  ##   }
 
   lifecycle {
     prevent_destroy = false
@@ -242,3 +243,68 @@ data "template_file" "policy" {
     kms_key_arn   = local.kms_key_arn
   }
 }
+
+## #---
+## # new: s3 bucket refactor: lifecycle_configuration
+## #---
+## resource "aws_s3_bucket_lifecycle_configuration" "this" {
+##   bucket        = aws_s3_bucket.this.id
+## }
+
+## #---
+## # new: s3 bucket refactor: object_lock_configuration
+## #---
+## resource "aws_s3_bucket_object_lock_configuration" "this" {
+##   bucket        = aws_s3_bucket.this.id
+## 
+##   rule {
+##     default_retention {
+##       mode = "COMPLIANCE"
+##       days = 3
+##     }
+##   }
+## }
+## 
+
+#---
+# s3 bucket refactor: acl
+#---
+resource "aws_s3_bucket_acl" "this" {
+  bucket = aws_s3_bucket.this.id
+  acl    = "private"
+}
+
+#---
+# s3 bucket refactor: logging
+#---
+resource "aws_s3_bucket_logging" "this" {
+  bucket        = aws_s3_bucket.this.id
+  target_bucket = var.access_log_bucket
+  target_prefix = format("%s/%s/", var.access_log_bucket_prefix, local.bucket_name)
+}
+
+
+#---
+# s3 bucket refactor: server_side_encryption_configuration
+#---
+resource "aws_s3_bucket_server_side_encryption_configuration" "this" {
+  bucket = aws_s3_bucket.this.id
+  rule {
+    apply_server_side_encryption_by_default {
+      #        kms_master_key_id = aws_kms_key.key.arn
+      kms_master_key_id = local.kms_key_arn
+      sse_algorithm     = "aws:kms"
+    }
+    bucket_key_enabled = var.bucket_key_enabled
+  }
+}
+
+#---
+# s3 bucket refactor: versioning
+#---
+resource "aws_s3_bucket_versioning" "this" {
+  bucket = aws_s3_bucket.this.id
+  versioning_configuration {
+    status = local.versioning ? "Enabled" : "Disabld"
+  }
+}
diff --git a/common/version.tf b/common/version.tf
@@ -1,3 +1,3 @@
 locals {
-  _module_version = "2.4.4"
+  _module_version = "3.0.1"
 }
diff --git a/common/versions.tf b/common/versions.tf
@@ -2,7 +2,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 3.0"
+      version = ">= 4.0"
     }
     null = {
       source  = "hashicorp/null"