From b1018f3d39eeb37db68e873c0ce23bab4c5a3728 Mon Sep 17 00:00:00 2001 From: badra001 Date: Thu, 6 Oct 2022 08:19:40 -0400 Subject: [PATCH] - common - add bucket_policy_disabled to not apply a default policy if desired to do the policy differently --- CHANGELOG.md | 4 ++++ common/resources.tf | 1 + common/variables.s3.tf | 6 ++++++ common/version.tf | 2 +- 4 files changed, 12 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 28a9976..1f1322b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -149,3 +149,7 @@ This works with the Terraform AWS provider 4.x, released 2022-02. * 3.3.3 -- 2022-09-21 - common - change aws_s3_bucket_versioning default if disabled to Suspended + +* 3.3.4 -- 2022-10-06 + - common + - add bucket_policy_disabled to not apply a default policy if desired to do the policy differently diff --git a/common/resources.tf b/common/resources.tf index 4243827..645304d 100644 --- a/common/resources.tf +++ b/common/resources.tf @@ -175,6 +175,7 @@ data "aws_iam_policy_document" "this" { # apply policy to bucket and public access block policy to bucket #--- resource "aws_s3_bucket_policy" "policy" { + count = var.bucket_policy_disabled ? 0 : 1 bucket = aws_s3_bucket.this.bucket # policy = data.aws_iam_policy_document.this.json policy = data.aws_iam_policy_document.bucket_policy_combined.json diff --git a/common/variables.s3.tf b/common/variables.s3.tf index 1146232..95ad6f6 100644 --- a/common/variables.s3.tf +++ b/common/variables.s3.tf @@ -108,3 +108,9 @@ variable "object_lock_enabled" { type = bool default = false } + +variable "bucket_policy_disable" { + description = "Flag to enable or disable the default bucket policy. This is used for where we need to create the bucket policy outside of the module to prevent cyclical setup" + type = bool + default = false +} diff --git a/common/version.tf b/common/version.tf index 9fbb33d..44417ff 100644 --- a/common/version.tf +++ b/common/version.tf @@ -1,3 +1,3 @@ locals { - _module_version = "3.3.3" + _module_version = "3.3.4" }