diff --git a/CHANGELOG.md b/CHANGELOG.md index 13e2b80..7a56511 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,6 +17,8 @@ Provides standard and t26 S3 bucket construction. ## Version 2.x +This works with the Terraform AWS provider 3.x. + * 2.0 -- 20201104 - change to aws-s3 - create submodules `standard` and `title26` @@ -73,3 +75,17 @@ Provides standard and t26 S3 bucket construction. - add outputs - s3_requested_bucket_name - s3_module_settings + +## Version 3.x + +This works with the Terraform AWS provider 4.x, released 2022-02. + +* 3.0.0 -- 2022-03-23 + - refactor the S3 resources out of the aws_s3_bucket into their own resources based on [docs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/guides/version-4-upgrade#s3-bucket-refactor) + - aws_s3_bucket_acl + - aws_s3_bucket_logging + - aws_s3_bucket_server_side_encryption_configuration + - aws_s3_bucket_versioning + - prep new resources (commented) + - aws_s3_bucket_lifecycle_configuration + - aws_s3_bucket_object_lock_configuration diff --git a/common/resources.tf b/common/resources.tf index ceeafd6..61d2f15 100644 --- a/common/resources.tf +++ b/common/resources.tf @@ -45,31 +45,32 @@ locals { #--- # s3 bucket +# see: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/guides/version-4-upgrade#s3-bucket-refactor #--- resource "aws_s3_bucket" "this" { - bucket = local.bucket_name - acl = "private" + bucket = local.bucket_name + ## acl = "private" force_destroy = var.force_destroy - server_side_encryption_configuration { - rule { - apply_server_side_encryption_by_default { - # kms_master_key_id = aws_kms_key.key.arn - kms_master_key_id = local.kms_key_arn - sse_algorithm = "aws:kms" - } - bucket_key_enabled = var.bucket_key_enabled - } - } + ## server_side_encryption_configuration { + ## rule { + ## apply_server_side_encryption_by_default { + ## # kms_master_key_id = aws_kms_key.key.arn + ## kms_master_key_id = local.kms_key_arn + ## sse_algorithm = "aws:kms" + ## } + ## bucket_key_enabled = var.bucket_key_enabled + ## } + ## } - versioning { - enabled = local.versioning - } + ## versioning { + ## enabled = local.versioning + ## } - logging { - target_bucket = var.access_log_bucket - target_prefix = format("%s/%s/", var.access_log_bucket_prefix, local.bucket_name) - } + ## logging { + ## target_bucket = var.access_log_bucket + ## target_prefix = format("%s/%s/", var.access_log_bucket_prefix, local.bucket_name) + ## } lifecycle { prevent_destroy = false @@ -242,3 +243,68 @@ data "template_file" "policy" { kms_key_arn = local.kms_key_arn } } + +## #--- +## # new: s3 bucket refactor: lifecycle_configuration +## #--- +## resource "aws_s3_bucket_lifecycle_configuration" "this" { +## bucket = aws_s3_bucket.this.id +## } + +## #--- +## # new: s3 bucket refactor: object_lock_configuration +## #--- +## resource "aws_s3_bucket_object_lock_configuration" "this" { +## bucket = aws_s3_bucket.this.id +## +## rule { +## default_retention { +## mode = "COMPLIANCE" +## days = 3 +## } +## } +## } +## + +#--- +# s3 bucket refactor: acl +#--- +resource "aws_s3_bucket_acl" "this" { + bucket = aws_s3_bucket.this.id + acl = "private" +} + +#--- +# s3 bucket refactor: logging +#--- +resource "aws_s3_bucket_logging" "this" { + bucket = aws_s3_bucket.this.id + target_bucket = var.access_log_bucket + target_prefix = format("%s/%s/", var.access_log_bucket_prefix, local.bucket_name) +} + + +#--- +# s3 bucket refactor: server_side_encryption_configuration +#--- +resource "aws_s3_bucket_server_side_encryption_configuration" "this" { + bucket = aws_s3_bucket.this.id + rule { + apply_server_side_encryption_by_default { + # kms_master_key_id = aws_kms_key.key.arn + kms_master_key_id = local.kms_key_arn + sse_algorithm = "aws:kms" + } + bucket_key_enabled = var.bucket_key_enabled + } +} + +#--- +# s3 bucket refactor: versioning +#--- +resource "aws_s3_bucket_versioning" "this" { + bucket = aws_s3_bucket.this.id + versioning_configuration { + status = local.versioning ? "Enabled" : "Disabld" + } +} diff --git a/common/version.tf b/common/version.tf index 59b218e..d61af95 100644 --- a/common/version.tf +++ b/common/version.tf @@ -1,3 +1,3 @@ locals { - _module_version = "2.4.4" + _module_version = "3.0.1" } diff --git a/common/versions.tf b/common/versions.tf index 78f413b..980abd9 100644 --- a/common/versions.tf +++ b/common/versions.tf @@ -2,7 +2,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 3.0" + version = ">= 4.0" } null = { source = "hashicorp/null"