From c1d43999a6126855d08dca3169019f2e4d8b3fb7 Mon Sep 17 00:00:00 2001
From: badra001 <donald.e.badrak.ii@census.gov>
Date: Fri, 19 May 2023 12:23:08 -0400
Subject: [PATCH] - common   - change delays to time_delay   - change acl to
 after delay after public accesss block is set and commpleted

---
 CHANGELOG.md        |  5 +++++
 common/resources.tf | 33 +++++++++++++++++++++++++++------
 common/version.tf   |  2 +-
 3 files changed, 33 insertions(+), 7 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 28da2fd..d52be4b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -171,3 +171,8 @@ This works with the Terraform AWS provider 4.x, released 2022-02.
 * 3.3.8 -- 2023-03-14
   - common
     - make bucket_key_enabled=true (default)
+
+* 3.3.9 -- 2023-05-19
+  - common
+    - change delays to time_delay
+    - change acl to after delay after public accesss block is set and commpleted
diff --git a/common/resources.tf b/common/resources.tf
index 8a8b62a..12424b2 100644
--- a/common/resources.tf
+++ b/common/resources.tf
@@ -192,16 +192,25 @@ resource "aws_s3_bucket_public_access_block" "this" {
   depends_on              = [aws_s3_bucket_policy.policy]
 }
 
-resource "null_resource" "policy_delay" {
+resource "time_sleep" "policy_delay" {
   triggers = {
     bucket = aws_s3_bucket.this.id
   }
-  provisioner "local-exec" {
-    when    = create
-    command = "sleep 120"
-  }
+
+  create_duration  = "120s"
+  destroy_duration = "30s"
 }
 
+## resource "null_resource" "policy_delay" {
+##   triggers = {
+##     bucket = aws_s3_bucket.this.id
+##   }
+##   provisioner "local-exec" {
+##     when    = create
+##     command = "sleep 120"
+##   }
+## }
+
 #---
 # new: s3 bucket refactor: aws_s3_object
 #---
@@ -213,7 +222,7 @@ resource "aws_s3_object" "this_objects" {
   source   = "/dev/null"
   metadata = local.metadata_tags
 
-  depends_on = [null_resource.policy_delay]
+  depends_on = [time_sleep.policy_delay]
 }
 
 data "aws_iam_policy_document" "bucket_policy_combined" {
@@ -281,10 +290,22 @@ data "template_file" "policy" {
 # s3 bucket refactor: acl
 #  if bucket_owner == BucketOwnerEnforced, ACLs cannot be set to private, so do not use this
 #---
+resource "time_sleep" "acl_delay" {
+  triggers = {
+    bucket              = aws_s3_bucket.this.id
+    public_access_block = aws_s3_bucket_public_access_block.this.id
+  }
+
+  create_duration  = "30s"
+  destroy_duration = "30s"
+}
+
 resource "aws_s3_bucket_acl" "this" {
   count  = local.bucket_owner == "BucketOwnerEnforced" ? 0 : 1
   bucket = aws_s3_bucket.this.id
   acl    = "private"
+
+  depends_on = [time_sleep.acl_delay]
 }
 
 #---
diff --git a/common/version.tf b/common/version.tf
index ba304cf..ec4c1ff 100644
--- a/common/version.tf
+++ b/common/version.tf
@@ -1,3 +1,3 @@
 locals {
-  _module_version = "3.3.8"
+  _module_version = "3.3.9"
 }