From 771582b02e9aa9bf260d6853e78fb7fcd6378024 Mon Sep 17 00:00:00 2001
From: "alexander.miehe" <alexander.miehe@flaconi.de>
Date: Tue, 20 Aug 2024 09:36:27 +0200
Subject: [PATCH] PLT-921 - Move the bucket to a separate module

* move the bucket to a module to ensure latest security features enabled, as mentioned by security hub
* move aws_s3_bucket_object to aws_s3_object as it is deprecated
---
 main.tf      | 22 +++++++++++++---------
 variables.tf |  6 ++++++
 2 files changed, 19 insertions(+), 9 deletions(-)

diff --git a/main.tf b/main.tf
index 9717869..f010323 100644
--- a/main.tf
+++ b/main.tf
@@ -1,3 +1,8 @@
+moved {
+  from = aws_s3_bucket.lambda_newrelic_resource
+  to   = module.lambda_newrelic_resource_bucket.aws_s3_bucket.this[0]
+}
+
 locals {
   name = "newrelic-${random_string.this.result}"
 }
@@ -7,17 +12,16 @@ resource "random_string" "this" {
   special = false
 }
 
-resource "aws_s3_bucket" "lambda_newrelic_resource" {
+module "lambda_newrelic_resource_bucket" {
+  source = "github.com/terraform-aws-modules/terraform-aws-s3-bucket?ref=v4.1.2"
+  tags   = var.tags
+
   bucket_prefix = "lambda-newrelic-resource"
-  acl           = "private"
 
-  tags = {
-    Name = "Created by Terraform"
-  }
 }
 
-resource "aws_s3_bucket_object" "newrelic_log_ingestion_zip" {
-  bucket = aws_s3_bucket.lambda_newrelic_resource.id
+resource "aws_s3_object" "newrelic_log_ingestion_zip" {
+  bucket = module.lambda_newrelic_resource_bucket.s3_bucket_id
   key    = "newrelic-log-ingestion-2.3.5.zip"
   source = "${path.module}/newrelic-log-ingestion.zip"
   etag   = filemd5("${path.module}/newrelic-log-ingestion.zip")
@@ -28,8 +32,8 @@ resource "aws_cloudformation_stack" "newrelic_log_ingestion" {
   template_body = file("${path.module}/newrelic-log-ingestion.yaml")
   capabilities  = ["CAPABILITY_AUTO_EXPAND", "CAPABILITY_IAM", "CAPABILITY_NAMED_IAM"]
   parameters = {
-    Bucket             = aws_s3_bucket.lambda_newrelic_resource.id
-    Key                = aws_s3_bucket_object.newrelic_log_ingestion_zip.id
+    Bucket             = module.lambda_newrelic_resource_bucket.s3_bucket_id
+    Key                = aws_s3_object.newrelic_log_ingestion_zip.id
     NewRelicLicenseKey = data.aws_ssm_parameter.newrelic_license_key.value
   }
 }
diff --git a/variables.tf b/variables.tf
index f46a909..38f69e3 100644
--- a/variables.tf
+++ b/variables.tf
@@ -12,3 +12,9 @@ variable "region" {
   type    = string
   default = "eu-central-1"
 }
+
+variable "tags" {
+  description = "Map of custom tags for the provisioned resources"
+  type        = map(string)
+  default     = {}
+}