add object_lock_enabled

CHANGELOG.md

@@ -108,3 +108,6 @@ This works with the Terraform AWS provider 4.x, released 2022-02.
 
 * 3.0.4 -- 2022-03-25
   - add links to versions.tf
+
+* 3.1.0. -- 2022-04-01
+  - add object_lock_enabled flag for bucket creation

common/resources.tf

@@ -51,7 +51,8 @@ resource "aws_s3_bucket" "this" {
   bucket = local.bucket_name
   # remove (acl) when separate resources work
   ## acl           = "private"
-  force_destroy = var.force_destroy
+  force_destroy       = var.force_destroy
+  object_lock_enabled = var.object_lock_enabled
 
   # remove (server_side_encryption_configuration) when separate resources work
   ##   server_side_encryption_configuration {
@@ -314,3 +315,20 @@ resource "aws_s3_bucket_versioning" "this" {
     status = local.versioning ? "Enabled" : "Disabled"
   }
 }
+
+#---
+# s3 bucket refactor: object_lock_configuration
+# this is not handled in this module
+#   https://registry.terraform.io/providers/hashicorp%20%20/aws/4.7.0/docs/resources/s3_bucket_object_lock_configuration
+# below is example code from TF docs
+#---
+## resource "aws_s3_bucket_object_lock_configuration" "this" {
+##   bucket = aws_s3_bucket.this.id
+##   rule {
+##     default_retention {
+##       mode = "COMPLIANCE"
+##       days = 5
+##     }
+##   }
+## }
+## 

common/variables.s3.tf

@@ -102,3 +102,9 @@ variable "name_enforce_region_compact" {
   type        = bool
   default     = false
 }
+
+variable "object_lock_enabled" {
+  description = "Flag to enable object lock. This can only be set on bucket creation. See AWS documentation at https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-overview.html"
+  type        = bool
+  default     = false
+}

common/version.tf

@@ -1,3 +1,3 @@
 locals {
-  _module_version = "3.0.4"
+  _module_version = "3.1.0"
 }