From 7507780079d6183087bc9890a658819af949cb99 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 2 Mar 2024 22:12:51 +0100 Subject: [PATCH 01/10] chore(deps): update terraform cloudposse/iam-role/aws to v0.19.0 (main) (#271) * chore(deps): update terraform cloudposse/iam-role/aws to v0.19.0 * Auto-update README.md --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] --- README.md | 286 +++++++++++------------------------- modules/lambda@edge/main.tf | 2 +- 2 files changed, 90 insertions(+), 198 deletions(-) diff --git a/README.md b/README.md index b225651c..447198c3 100644 --- a/README.md +++ b/README.md @@ -1,12 +1,8 @@ - -# terraform-aws-cloudfront-s3-cdn [![Codefresh Build Status](https://g.codefresh.io/api/badges/pipeline/cloudposse/terraform-modules%2Fterraform-aws-cloudfront-s3-cdn?type=cf-1)](https://g.codefresh.io/public/accounts/cloudposse/pipelines/5d169121757962ff25679794) [![Latest Release](https://img.shields.io/github/release/cloudposse/terraform-aws-cloudfront-s3-cdn.svg)](https://travis-ci.org/cloudposse/terraform-aws-cloudfront-s3-cdn/releases) [![Slack Community](https://slack.cloudposse.com/badge.svg)](https://slack.cloudposse.com) +# terraform-aws-cloudfront-s3-cdn +Codefresh Build StatusLatest ReleaseSlack Community -[![README Header][readme_header_img]][readme_header_link] - -[![Cloud Posse][logo]](https://cpco.io/homepage) - - -## Share the Love - -Like this project? Please give it a β˜… on [our GitHub](https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn)! (it helps us **a lot**) - -Are you using this project or any of our other projects? Consider [leaving a testimonial][testimonial]. =) - - - ## Related Projects Check out these related projects. @@ -626,86 +590,89 @@ Check out these related projects. - [terraform-aws-cloudfront-cdn](https://github.com/cloudposse/terraform-aws-cloudfront-cdn) - Terraform Module that implements a CloudFront Distribution (CDN) for a custom origin. - [terraform-aws-s3-log-storage](https://github.com/cloudposse/terraform-aws-s3-log-storage) - S3 bucket with built in IAM policy to allow CloudTrail logs -## Help - -**Got a question?** We got answers. - -File a GitHub [issue](https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn/issues), send us an [email][email] or join our [Slack Community][slack]. - -[![README Commercial Support][readme_commercial_support_img]][readme_commercial_support_link] - -## DevOps Accelerator for Startups +## ✨ Contributing +This project is under active development, and we encourage contributions from our community. +Many thanks to our outstanding contributors: -We are a [**DevOps Accelerator**][commercial_support]. We'll help you build your cloud infrastructure from the ground up so you can own it. Then we'll show you how to operate it and stick around for as long as you need us. + + + -[![Learn More](https://img.shields.io/badge/learn%20more-success.svg?style=for-the-badge)][commercial_support] +### πŸ› Bug Reports & Feature Requests -Work directly with our team of DevOps experts via email, slack, and video conferencing. - -We deliver 10x the value for a fraction of the cost of a full-time engineer. Our track record is not even funny. If you want things done right and you need it done FAST, then we're your best bet. - -- **Reference Architecture.** You'll get everything you need from the ground up built using 100% infrastructure as code. -- **Release Engineering.** You'll have end-to-end CI/CD with unlimited staging environments. -- **Site Reliability Engineering.** You'll have total visibility into your apps and microservices. -- **Security Baseline.** You'll have built-in governance with accountability and audit logs for all changes. -- **GitOps.** You'll be able to operate your infrastructure via Pull Requests. -- **Training.** You'll receive hands-on training so your team can operate what we build. -- **Questions.** You'll have a direct line of communication between our teams via a Shared Slack channel. -- **Troubleshooting.** You'll get help to triage when things aren't working. -- **Code Reviews.** You'll receive constructive feedback on Pull Requests. -- **Bug Fixes.** We'll rapidly work with you to fix any bugs in our projects. - -## Slack Community - -Join our [Open Source Community][slack] on Slack. It's **FREE** for everyone! Our "SweetOps" community is where you get to talk with others who share a similar vision for how to rollout and manage infrastructure. This is the best place to talk shop, ask questions, solicit feedback, and work together as a community to build totally *sweet* infrastructure. - -## Discourse Forums - -Participate in our [Discourse Forums][discourse]. Here you'll find answers to commonly asked questions. Most questions will be related to the enormous number of projects we support on our GitHub. Come here to collaborate on answers, find solutions, and get ideas about the products and services we value. It only takes a minute to get started! Just sign in with SSO using your GitHub account. +Please use the [issue tracker](https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn/issues) to report any bugs or file feature requests. -## Newsletter +### πŸ’» Developing -Sign up for [our newsletter][newsletter] that covers everything on our technology radar. Receive updates on what we're up to on GitHub as well as awesome new projects we discover. +If you are interested in being a contributor and want to get involved in developing this project or help out with Cloud Posse's other projects, we would love to hear from you! +Hit us up in [Slack](https://cpco.io/slack?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-cloudfront-s3-cdn&utm_content=slack), in the `#cloudposse` channel. -## Office Hours +In general, PRs are welcome. We follow the typical "fork-and-pull" Git workflow. + 1. Review our [Code of Conduct](https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn/?tab=coc-ov-file#code-of-conduct) and [Contributor Guidelines](https://github.com/cloudposse/.github/blob/main/CONTRIBUTING.md). + 2. **Fork** the repo on GitHub + 3. **Clone** the project to your own machine + 4. **Commit** changes to your own branch + 5. **Push** your work back up to your fork + 6. Submit a **Pull Request** so that we can review your changes -[Join us every Wednesday via Zoom][office_hours] for our weekly "Lunch & Learn" sessions. It's **FREE** for everyone! +**NOTE:** Be sure to merge the latest changes from "upstream" before making a pull request! -[![zoom](https://img.cloudposse.com/fit-in/200x200/https://cloudposse.com/wp-content/uploads/2019/08/Powered-by-Zoom.png")][office_hours] +### 🌎 Slack Community -## Contributing +Join our [Open Source Community](https://cpco.io/slack?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-cloudfront-s3-cdn&utm_content=slack) on Slack. It's **FREE** for everyone! Our "SweetOps" community is where you get to talk with others who share a similar vision for how to rollout and manage infrastructure. This is the best place to talk shop, ask questions, solicit feedback, and work together as a community to build totally *sweet* infrastructure. -### Bug Reports & Feature Requests +### πŸ“° Newsletter -Please use the [issue tracker](https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn/issues) to report any bugs or file feature requests. +Sign up for [our newsletter](https://cpco.io/newsletter?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-cloudfront-s3-cdn&utm_content=newsletter) and join 3,000+ DevOps engineers, CTOs, and founders who get insider access to the latest DevOps trends, so you can always stay in the know. +Dropped straight into your Inbox every week β€” and usually a 5-minute read. -### Developing +### πŸ“† Office Hours -If you are interested in being a contributor and want to get involved in developing this project or [help out](https://cpco.io/help-out) with our other projects, we would love to hear from you! Shoot us an [email][email]. +[Join us every Wednesday via Zoom](https://cloudposse.com/office-hours?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-cloudfront-s3-cdn&utm_content=office_hours) for your weekly dose of insider DevOps trends, AWS news and Terraform insights, all sourced from our SweetOps community, plus a _live Q&A_ that you can’t find anywhere else. +It's **FREE** for everyone! -In general, PRs are welcome. We follow the typical "fork-and-pull" Git workflow. +## About - 1. **Fork** the repo on GitHub - 2. **Clone** the project to your own machine - 3. **Commit** changes to your own branch - 4. **Push** your work back up to your fork - 5. Submit a **Pull Request** so that we can review your changes +This project is maintained by Cloud Posse, LLC. + -**NOTE:** Be sure to merge the latest changes from "upstream" before making a pull request! +We are a [**DevOps Accelerator**](https://cpco.io/commercial-support?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-cloudfront-s3-cdn&utm_content=commercial_support) for funded startups and enterprises. +Use our ready-to-go terraform architecture blueprints for AWS to get up and running quickly. +We build it with you. You own everything. Your team wins. Plus, we stick around until you succeed. +Learn More -## Copyright +*Your team can operate like a pro today.* -Copyright Β© 2017-2023 [Cloud Posse, LLC](https://cpco.io/copyright) +Ensure that your team succeeds by using our proven process and turnkey blueprints. Plus, we stick around until you succeed. +
+ πŸ“š See What's Included +- **Reference Architecture.** You'll get everything you need from the ground up built using 100% infrastructure as code. +- **Deployment Strategy.** You'll have a battle-tested deployment strategy using GitHub Actions that's automated and repeatable. +- **Site Reliability Engineering.** You'll have total visibility into your apps and microservices. +- **Security Baseline.** You'll have built-in governance with accountability and audit logs for all changes. +- **GitOps.** You'll be able to operate your infrastructure via Pull Requests. +- **Training.** You'll receive hands-on training so your team can operate what we build. +- **Questions.** You'll have a direct line of communication between our teams via a Shared Slack channel. +- **Troubleshooting.** You'll get help to triage when things aren't working. +- **Code Reviews.** You'll receive constructive feedback on Pull Requests. +- **Bug Fixes.** We'll rapidly work with you to fix any bugs in our projects. +
+ ## License -[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0) +License -See [LICENSE](LICENSE) for full details. +
+Preamble to the Apache License, Version 2.0 +
+
+ +Complete license is available in the [`LICENSE`](LICENSE) file. ```text Licensed to the Apache Software Foundation (ASF) under one @@ -725,90 +692,15 @@ KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. ``` - - - - - - - - +
## Trademarks All other trademarks referenced herein are the property of their respective owners. +--- +Copyright © 2017-2024 [Cloud Posse, LLC](https://cpco.io/copyright) -## About - -This project is maintained and funded by [Cloud Posse, LLC][website]. Like it? Please let us know by [leaving a testimonial][testimonial]! - -[![Cloud Posse][logo]][website] - -We're a [DevOps Professional Services][hire] company based in Los Angeles, CA. We ❀️ [Open Source Software][we_love_open_source]. - -We offer [paid support][commercial_support] on all of our projects. - -Check out [our other projects][github], [follow us on twitter][twitter], [apply for a job][jobs], or [hire us][hire] to help with your cloud strategy and implementation. - - - -### Contributors - -| [![Erik Osterman][osterman_avatar]][osterman_homepage]
[Erik Osterman][osterman_homepage] | [![Andriy Knysh][aknysh_avatar]][aknysh_homepage]
[Andriy Knysh][aknysh_homepage] | [![Jamie Nelson][Jamie-BitFlight_avatar]][Jamie-BitFlight_homepage]
[Jamie Nelson][Jamie-BitFlight_homepage] | [![Clive Zagno][cliveza_avatar]][cliveza_homepage]
[Clive Zagno][cliveza_homepage] | [![David Mattia][dmattia_avatar]][dmattia_homepage]
[David Mattia][dmattia_homepage] | [![RB][nitrocode_avatar]][nitrocode_homepage]
[RB][nitrocode_homepage] | [![John McGehee][jmcgeheeiv_avatar]][jmcgeheeiv_homepage]
[John McGehee][jmcgeheeiv_homepage] | [![Yonatan Koren][korenyoni_avatar]][korenyoni_homepage]
[Yonatan Koren][korenyoni_homepage] | [![Lucas Caparelli][lcaparelli_avatar]][lcaparelli_homepage]
[Lucas Caparelli][lcaparelli_homepage] | -|---|---|---|---|---|---|---|---|---| - +README footer - [osterman_homepage]: https://github.com/osterman - [osterman_avatar]: https://img.cloudposse.com/150x150/https://github.com/osterman.png - [aknysh_homepage]: https://github.com/aknysh - [aknysh_avatar]: https://img.cloudposse.com/150x150/https://github.com/aknysh.png - [Jamie-BitFlight_homepage]: https://github.com/Jamie-BitFlight - [Jamie-BitFlight_avatar]: https://img.cloudposse.com/150x150/https://github.com/Jamie-BitFlight.png - [cliveza_homepage]: https://github.com/cliveza - [cliveza_avatar]: https://img.cloudposse.com/150x150/https://github.com/cliveza.png - [dmattia_homepage]: https://github.com/dmattia - [dmattia_avatar]: https://img.cloudposse.com/150x150/https://github.com/dmattia.png - [nitrocode_homepage]: https://github.com/nitrocode - [nitrocode_avatar]: https://img.cloudposse.com/150x150/https://github.com/nitrocode.png - [jmcgeheeiv_homepage]: https://github.com/jmcgeheeiv - [jmcgeheeiv_avatar]: https://img.cloudposse.com/150x150/https://github.com/jmcgeheeiv.png - [korenyoni_homepage]: https://github.com/korenyoni - [korenyoni_avatar]: https://img.cloudposse.com/150x150/https://github.com/korenyoni.png - [lcaparelli_homepage]: https://github.com/lcaparelli - [lcaparelli_avatar]: https://img.cloudposse.com/150x150/https://github.com/lcaparelli.png - -[![README Footer][readme_footer_img]][readme_footer_link] -[![Beacon][beacon]][website] - - [logo]: https://cloudposse.com/logo-300x69.svg - [docs]: https://cpco.io/docs?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-cloudfront-s3-cdn&utm_content=docs - [website]: https://cpco.io/homepage?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-cloudfront-s3-cdn&utm_content=website - [github]: https://cpco.io/github?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-cloudfront-s3-cdn&utm_content=github - [jobs]: https://cpco.io/jobs?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-cloudfront-s3-cdn&utm_content=jobs - [hire]: https://cpco.io/hire?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-cloudfront-s3-cdn&utm_content=hire - [slack]: https://cpco.io/slack?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-cloudfront-s3-cdn&utm_content=slack - [linkedin]: https://cpco.io/linkedin?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-cloudfront-s3-cdn&utm_content=linkedin - [twitter]: https://cpco.io/twitter?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-cloudfront-s3-cdn&utm_content=twitter - [testimonial]: https://cpco.io/leave-testimonial?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-cloudfront-s3-cdn&utm_content=testimonial - [office_hours]: https://cloudposse.com/office-hours?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-cloudfront-s3-cdn&utm_content=office_hours - [newsletter]: https://cpco.io/newsletter?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-cloudfront-s3-cdn&utm_content=newsletter - [discourse]: https://ask.sweetops.com/?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-cloudfront-s3-cdn&utm_content=discourse - [email]: https://cpco.io/email?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-cloudfront-s3-cdn&utm_content=email - [commercial_support]: https://cpco.io/commercial-support?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-cloudfront-s3-cdn&utm_content=commercial_support - [we_love_open_source]: https://cpco.io/we-love-open-source?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-cloudfront-s3-cdn&utm_content=we_love_open_source - [terraform_modules]: https://cpco.io/terraform-modules?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-cloudfront-s3-cdn&utm_content=terraform_modules - [readme_header_img]: https://cloudposse.com/readme/header/img - [readme_header_link]: https://cloudposse.com/readme/header/link?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-cloudfront-s3-cdn&utm_content=readme_header_link - [readme_footer_img]: https://cloudposse.com/readme/footer/img - [readme_footer_link]: https://cloudposse.com/readme/footer/link?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-cloudfront-s3-cdn&utm_content=readme_footer_link - [readme_commercial_support_img]: https://cloudposse.com/readme/commercial-support/img - [readme_commercial_support_link]: https://cloudposse.com/readme/commercial-support/link?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-cloudfront-s3-cdn&utm_content=readme_commercial_support_link - [share_twitter]: https://twitter.com/intent/tweet/?text=terraform-aws-cloudfront-s3-cdn&url=https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn - [share_linkedin]: https://www.linkedin.com/shareArticle?mini=true&title=terraform-aws-cloudfront-s3-cdn&url=https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn - [share_reddit]: https://reddit.com/submit/?url=https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn - [share_facebook]: https://facebook.com/sharer/sharer.php?u=https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn - [share_googleplus]: https://plus.google.com/share?url=https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn - [share_email]: mailto:?subject=terraform-aws-cloudfront-s3-cdn&body=https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn - [beacon]: https://ga-beacon.cloudposse.com/UA-76589703-4/cloudposse/terraform-aws-cloudfront-s3-cdn?pixel&cs=github&cm=readme&an=terraform-aws-cloudfront-s3-cdn - +Beacon diff --git a/modules/lambda@edge/main.tf b/modules/lambda@edge/main.tf index c5187667..985ecf7a 100644 --- a/modules/lambda@edge/main.tf +++ b/modules/lambda@edge/main.tf @@ -48,7 +48,7 @@ module "role" { for_each = local.functions source = "cloudposse/iam-role/aws" - version = "0.16.0" + version = "0.19.0" use_fullname = true policy_description = "Allow ${module.function_label[each.key].id} Lambda function to write to CloudWatch Logs" From d208a626342fb61d39f8e6dd9386e93ed26ad098 Mon Sep 17 00:00:00 2001 From: Andrey D Date: Mon, 4 Mar 2024 13:37:57 +0300 Subject: [PATCH 02/10] Fixed deprecated aws_s3_bucket attributes (#293) * fix deprecated s3 bucket attributes * add missed quotes * fix readme --- README.md | 5 +++++ docs/terraform.md | 5 +++++ main.tf | 55 ++++++++++++++++++++++++++++++++--------------- variables.tf | 13 ++++++++++- 4 files changed, 60 insertions(+), 18 deletions(-) diff --git a/README.md b/README.md index 447198c3..51df8a7c 100644 --- a/README.md +++ b/README.md @@ -433,9 +433,13 @@ Available targets: | [aws_cloudfront_distribution.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution) | resource | | [aws_cloudfront_origin_access_identity.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_origin_access_identity) | resource | | [aws_s3_bucket.origin](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource | +| [aws_s3_bucket_acl.origin](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_acl) | resource | +| [aws_s3_bucket_cors_configuration.origin](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_cors_configuration) | resource | | [aws_s3_bucket_ownership_controls.origin](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_ownership_controls) | resource | | [aws_s3_bucket_policy.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_policy) | resource | | [aws_s3_bucket_public_access_block.origin](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block) | resource | +| [aws_s3_bucket_server_side_encryption_configuration.origin](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_server_side_encryption_configuration) | resource | +| [aws_s3_bucket_versioning.origin](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_versioning) | resource | | [random_password.referer](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource | | [time_sleep.wait_for_aws_s3_bucket_settings](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource | | [aws_iam_policy_document.combined](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | @@ -461,6 +465,7 @@ Available targets: | [allowed\_methods](#input\_allowed\_methods) | List of allowed methods (e.g. GET, PUT, POST, DELETE, HEAD) for AWS CloudFront | `list(string)` | 
[
  "DELETE",
  "GET",
  "HEAD",
  "OPTIONS",
  "PATCH",
  "POST",
  "PUT"
]
| no | | [attributes](#input\_attributes) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,
in the order they appear in the list. New attributes are appended to the
end of the list. The elements of the list are joined by the `delimiter`
and treated as a single ID element. | `list(string)` | `[]` | no | | [block\_origin\_public\_access\_enabled](#input\_block\_origin\_public\_access\_enabled) | When set to 'true' the s3 origin bucket will have public access block enabled | `bool` | `false` | no | +| [bucket\_versioning](#input\_bucket\_versioning) | State of bucket versioning option | `string` | `"Disabled"` | no | | [cache\_policy\_id](#input\_cache\_policy\_id) | The unique identifier of the existing cache policy to attach to the default cache behavior.
If not provided, this module will add a default cache policy using other provided inputs. | `string` | `null` | no | | [cached\_methods](#input\_cached\_methods) | List of cached methods (e.g. GET, PUT, POST, DELETE, HEAD) | `list(string)` | 
[
  "GET",
  "HEAD"
]
| no | | [cloudfront\_access\_log\_bucket\_name](#input\_cloudfront\_access\_log\_bucket\_name) | When `cloudfront_access_log_create_bucket` is `false`, this is the name of the existing S3 Bucket where
Cloudfront Access Logs are to be delivered and is required. IGNORED when `cloudfront_access_log_create_bucket` is `true`. | `string` | `""` | no | diff --git a/docs/terraform.md b/docs/terraform.md index ff4cf8a0..d4f2f718 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -32,9 +32,13 @@ | [aws_cloudfront_distribution.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution) | resource | | [aws_cloudfront_origin_access_identity.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_origin_access_identity) | resource | | [aws_s3_bucket.origin](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource | +| [aws_s3_bucket_acl.origin](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_acl) | resource | +| [aws_s3_bucket_cors_configuration.origin](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_cors_configuration) | resource | | [aws_s3_bucket_ownership_controls.origin](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_ownership_controls) | resource | | [aws_s3_bucket_policy.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_policy) | resource | | [aws_s3_bucket_public_access_block.origin](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block) | resource | +| [aws_s3_bucket_server_side_encryption_configuration.origin](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_server_side_encryption_configuration) | resource | +| [aws_s3_bucket_versioning.origin](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_versioning) | resource | | [random_password.referer](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource | | [time_sleep.wait_for_aws_s3_bucket_settings](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource | | [aws_iam_policy_document.combined](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | @@ -60,6 +64,7 @@ | [allowed\_methods](#input\_allowed\_methods) | List of allowed methods (e.g. GET, PUT, POST, DELETE, HEAD) for AWS CloudFront | `list(string)` | 
[
  "DELETE",
  "GET",
  "HEAD",
  "OPTIONS",
  "PATCH",
  "POST",
  "PUT"
]
| no | | [attributes](#input\_attributes) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,
in the order they appear in the list. New attributes are appended to the
end of the list. The elements of the list are joined by the `delimiter`
and treated as a single ID element. | `list(string)` | `[]` | no | | [block\_origin\_public\_access\_enabled](#input\_block\_origin\_public\_access\_enabled) | When set to 'true' the s3 origin bucket will have public access block enabled | `bool` | `false` | no | +| [bucket\_versioning](#input\_bucket\_versioning) | State of bucket versioning option | `string` | `"Disabled"` | no | | [cache\_policy\_id](#input\_cache\_policy\_id) | The unique identifier of the existing cache policy to attach to the default cache behavior.
If not provided, this module will add a default cache policy using other provided inputs. | `string` | `null` | no | | [cached\_methods](#input\_cached\_methods) | List of cached methods (e.g. GET, PUT, POST, DELETE, HEAD) | `list(string)` | 
[
  "GET",
  "HEAD"
]
| no | | [cloudfront\_access\_log\_bucket\_name](#input\_cloudfront\_access\_log\_bucket\_name) | When `cloudfront_access_log_create_bucket` is `false`, this is the name of the existing S3 Bucket where
Cloudfront Access Logs are to be delivered and is required. IGNORED when `cloudfront_access_log_create_bucket` is `true`. | `string` | `""` | no | diff --git a/main.tf b/main.tf index 7ba9c1e3..a658b492 100644 --- a/main.tf +++ b/main.tf @@ -254,26 +254,9 @@ resource "aws_s3_bucket" "origin" { count = local.create_s3_origin_bucket ? 1 : 0 bucket = module.origin_label.id - acl = "private" tags = module.origin_label.tags force_destroy = var.origin_force_destroy - dynamic "server_side_encryption_configuration" { - for_each = var.encryption_enabled ? ["true"] : [] - - content { - rule { - apply_server_side_encryption_by_default { - sse_algorithm = "AES256" - } - } - } - } - - versioning { - enabled = var.versioning_enabled - } - dynamic "logging" { for_each = local.s3_access_logging_enabled ? [1] : [] content { @@ -291,6 +274,35 @@ resource "aws_s3_bucket" "origin" { routing_rules = lookup(website.value, "routing_rules", null) } } +} + + +resource "aws_s3_bucket_versioning" "origin" { + count = local.create_s3_origin_bucket ? 1 : 0 + + bucket = one(aws_s3_bucket.origin).id + + versioning_configuration { + status = var.bucket_versioning + } +} + +resource "aws_s3_bucket_server_side_encryption_configuration" "origin" { + count = var.encryption_enabled && local.create_s3_origin_bucket ? 1 : 0 + + bucket = one(aws_s3_bucket.origin).id + + rule { + apply_server_side_encryption_by_default { + sse_algorithm = "AES256" + } + } +} + +resource "aws_s3_bucket_cors_configuration" "origin" { + count = local.create_s3_origin_bucket ? 1 : 0 + + bucket = one(aws_s3_bucket.origin).id dynamic "cors_rule" { for_each = distinct(compact(concat(var.cors_allowed_origins, var.aliases, var.external_aliases))) @@ -304,6 +316,15 @@ resource "aws_s3_bucket" "origin" { } } +resource "aws_s3_bucket_acl" "origin" { + depends_on = [aws_s3_bucket_ownership_controls.origin] + count = local.create_s3_origin_bucket ? 1 : 0 + + bucket = one(aws_s3_bucket.origin).id + acl = "private" +} + + resource "aws_s3_bucket_public_access_block" "origin" { count = (local.create_s3_origin_bucket || local.override_origin_bucket_policy) ? 1 : 0 diff --git a/variables.tf b/variables.tf index 256a445b..8eb42800 100644 --- a/variables.tf +++ b/variables.tf @@ -679,4 +679,15 @@ variable "http_version" { type = string default = "http2" description = "The maximum HTTP version to support on the distribution. Allowed values are http1.1, http2, http2and3 and http3" -} \ No newline at end of file +} + +variable "bucket_versioning" { + type = string + default = "Disabled" + description = "State of bucket versioning option" + + validation { + condition = contains(["Enabled", "Disabled", "Suspended"], var.bucket_versioning) + error_message = "Please choose one of 'Enabled', 'Disabled', or 'Suspended'" + } +} From 32c0dc2cd19744a256f1b02196148ec4f14baecb Mon Sep 17 00:00:00 2001 From: "Erik Osterman (CEO @ Cloud Posse)" Date: Fri, 8 Mar 2024 22:15:06 -0600 Subject: [PATCH 03/10] chore: Update Scaffolding (#298) --- .github/mergify.yml | 77 +------------------------ README.md | 135 ++++++++++++++++++++++---------------------- README.yaml | 84 +++++++++++---------------- 3 files changed, 101 insertions(+), 195 deletions(-) diff --git a/.github/mergify.yml b/.github/mergify.yml index 148d85c0..526045d4 100644 --- a/.github/mergify.yml +++ b/.github/mergify.yml @@ -1,76 +1 @@ -# https://docs.mergify.io/conditions.html -# https://docs.mergify.io/actions.html -pull_request_rules: -- name: "approve automated PRs that have passed checks" - conditions: - - "author~=^(cloudpossebot|renovate\\[bot\\])$" - - "-closed" - - "head~=^(auto-update|renovate)/.*" - - "check-success=test/bats" - - "check-success=test/readme" - - "check-success=test/terratest" - - "check-success=validate-codeowners" - - or: - - "base=master" - - "base=main" - - "base~=^release/v\\d{1,2}$" - - actions: - review: - type: "APPROVE" - bot_account: "cloudposse-mergebot" - message: "We've automatically approved this PR because the checks from the automated Pull Request have passed." - -- name: "merge automated PRs when approved and tests pass" - conditions: - - "author~=^(cloudpossebot|renovate\\[bot\\])$" - - "-closed" - - "head~=^(auto-update|renovate)/.*" - - "check-success=test/bats" - - "check-success=test/readme" - - "check-success=test/terratest" - - "check-success=validate-codeowners" - - "#approved-reviews-by>=1" - - "#changes-requested-reviews-by=0" - - "#commented-reviews-by=0" - - or: - - "base=master" - - "base=main" - - "base~=^release/v\\d{1,2}$" - - actions: - merge: - method: "squash" - -- name: "delete the head branch after merge" - conditions: - - "merged" - actions: - delete_head_branch: {} - -- name: "ask to resolve conflict" - conditions: - - "conflict" - - "-closed" - actions: - comment: - message: "This pull request is now in conflict. Could you fix it @{{author}}? πŸ™" - -- name: "remove outdated reviews" - conditions: - - or: - - "base=master" - - "base=main" - - "base~=^release/v\\d{1,2}$" - actions: - dismiss_reviews: - changes_requested: true - approved: true - message: "This Pull Request has been updated, so we're dismissing all reviews." - -- name: "close Pull Requests without files changed" - conditions: - - "#files=0" - actions: - close: - message: "This pull request has been automatically closed by Mergify because there are no longer any changes." +extends: .github diff --git a/README.md b/README.md index 51df8a7c..764d0048 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,8 @@ + + # terraform-aws-cloudfront-s3-cdn -Codefresh Build StatusLatest ReleaseSlack Community +Latest ReleaseLast UpdatedSlack Community