- common

- change delays to time_delay - change acl to after delay after public accesss block is set and commpleted
terraform-modules · May 19, 2023 · c1d4399 · c1d4399
1 parent 8fce01a
commit c1d4399
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 7 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -171,3 +171,8 @@ This works with the Terraform AWS provider 4.x, released 2022-02.
 * 3.3.8 -- 2023-03-14
   - common
     - make bucket_key_enabled=true (default)
+
+* 3.3.9 -- 2023-05-19
+  - common
+    - change delays to time_delay
+    - change acl to after delay after public accesss block is set and commpleted
diff --git a/common/resources.tf b/common/resources.tf
@@ -192,16 +192,25 @@ resource "aws_s3_bucket_public_access_block" "this" {
   depends_on              = [aws_s3_bucket_policy.policy]
 }
 
-resource "null_resource" "policy_delay" {
+resource "time_sleep" "policy_delay" {
   triggers = {
     bucket = aws_s3_bucket.this.id
   }
-  provisioner "local-exec" {
-    when    = create
-    command = "sleep 120"
-  }
+
+  create_duration  = "120s"
+  destroy_duration = "30s"
 }
 
+## resource "null_resource" "policy_delay" {
+##   triggers = {
+##     bucket = aws_s3_bucket.this.id
+##   }
+##   provisioner "local-exec" {
+##     when    = create
+##     command = "sleep 120"
+##   }
+## }
+
 #---
 # new: s3 bucket refactor: aws_s3_object
 #---
@@ -213,7 +222,7 @@ resource "aws_s3_object" "this_objects" {
   source   = "/dev/null"
   metadata = local.metadata_tags
 
-  depends_on = [null_resource.policy_delay]
+  depends_on = [time_sleep.policy_delay]
 }
 
 data "aws_iam_policy_document" "bucket_policy_combined" {
@@ -281,10 +290,22 @@ data "template_file" "policy" {
 # s3 bucket refactor: acl
 #  if bucket_owner == BucketOwnerEnforced, ACLs cannot be set to private, so do not use this
 #---
+resource "time_sleep" "acl_delay" {
+  triggers = {
+    bucket              = aws_s3_bucket.this.id
+    public_access_block = aws_s3_bucket_public_access_block.this.id
+  }
+
+  create_duration  = "30s"
+  destroy_duration = "30s"
+}
+
 resource "aws_s3_bucket_acl" "this" {
   count  = local.bucket_owner == "BucketOwnerEnforced" ? 0 : 1
   bucket = aws_s3_bucket.this.id
   acl    = "private"
+
+  depends_on = [time_sleep.acl_delay]
 }
 
 #---

diff --git a/common/version.tf b/common/version.tf
@@ -1,3 +1,3 @@
 locals {
-  _module_version = "3.3.8"
+  _module_version = "3.3.9"
 }