From da0ae95a315d6047446bf4b110c993f42286cc86 Mon Sep 17 00:00:00 2001 From: Avrohom Gottlieb Date: Fri, 22 Nov 2024 14:09:07 -0500 Subject: [PATCH] update acl private handling on s3 buckets with new acl resources --- infrastructure/s3.tf | 53 +++++++++++++++++++------------------------- 1 file changed, 23 insertions(+), 30 deletions(-) diff --git a/infrastructure/s3.tf b/infrastructure/s3.tf index c89e8ee1..3168ab38 100644 --- a/infrastructure/s3.tf +++ b/infrastructure/s3.tf @@ -1,7 +1,5 @@ resource "aws_s3_bucket" "scpca_portal_bucket" { bucket = "scpca-portal-${var.user}-${var.stage}" - # TODO: remove this when upgrading aws_provider version - acl = "private" force_destroy = var.stage == "prod" ? false : true tags = merge( @@ -13,21 +11,19 @@ resource "aws_s3_bucket" "scpca_portal_bucket" { ) } -# TODO: enable after upgrade -# resource "aws_s3_bucket_ownership_controls" "scpca_portal_bucket" { -# bucket = aws_s3_bucket.scpca_portal_bucket.id -# rule { -# object_ownership = "BucketOwnerPreferred" -# } -#} +resource "aws_s3_bucket_ownership_controls" "scpca_portal_bucket" { + bucket = aws_s3_bucket.scpca_portal_bucket.id + rule { + object_ownership = "BucketOwnerPreferred" + } +} -# TODO: enable after upgrade -# resource "aws_s3_bucket_acl" "scpca_portal_bucket" { -# depends_on = [aws_s3_bucket_ownership_controls.scpca_portal_bucket] -# -# bucket = aws_s3_bucket.scpca_portal_bucket.id -# acl = "private" -#} +resource "aws_s3_bucket_acl" "scpca_portal_bucket" { + depends_on = [aws_s3_bucket_ownership_controls.scpca_portal_bucket] + + bucket = aws_s3_bucket.scpca_portal_bucket.id + acl = "private" +} resource "aws_s3_bucket_public_access_block" "scpca_portal_bucket" { bucket = aws_s3_bucket.scpca_portal_bucket.id @@ -38,8 +34,6 @@ resource "aws_s3_bucket_public_access_block" "scpca_portal_bucket" { resource "aws_s3_bucket" "scpca_portal_cert_bucket" { bucket = "scpca-portal-cert-${var.user}-${var.stage}" - # TODO: remove this when upgrading aws_provider version - acl = "private" force_destroy = var.stage == "prod" ? false : true # TODO: remove lifecycle rule when we upgrade aws_provider version @@ -63,19 +57,18 @@ resource "aws_s3_bucket" "scpca_portal_cert_bucket" { ) } -# TODO: enable after upgrade -# resource "aws_s3_bucket_ownership_controls" "scpca_portal_cert_bucket" { -# bucket = aws_s3_bucket.scpca_portal_cert_bucket.id -# rule { -# object_ownership = "BucketOwnerPreferred" -# } -#} +resource "aws_s3_bucket_ownership_controls" "scpca_portal_cert_bucket" { + bucket = aws_s3_bucket.scpca_portal_cert_bucket.id + rule { + object_ownership = "BucketOwnerPreferred" + } +} -# resource "aws_s3_bucket_acl" "scpca_portal_cert_bucket" { -# depends_on = [aws_s3_bucket_ownership_controls.scpca_portal_cert_bucket] -# bucket = aws_s3_bucket.scpca_portal_cert_bucket.id -# acl = "private" -#} +resource "aws_s3_bucket_acl" "scpca_portal_cert_bucket" { + depends_on = [aws_s3_bucket_ownership_controls.scpca_portal_cert_bucket] + bucket = aws_s3_bucket.scpca_portal_cert_bucket.id + acl = "private" +} # resource "aws_s3_bucket_lifecycle_configuration" "scpca_portal_cert_bucket" { # bucket = aws_s3_bucket.scpca_portal_cert_bucket.id