From 838a943d078baf1b762bc2c589835895953f7ba3 Mon Sep 17 00:00:00 2001 From: Afraz Ahmadzadeh Date: Wed, 26 Apr 2023 19:28:54 +0200 Subject: [PATCH 1/3] Fixed Deprecated aws_s3_bucket Options The following options were deprecated, and have either been updated, or replaced with the new necessary resources: * `override_json` replaced with `override_policy_documents` option * `server_side_encryption_configuration` replaced with `aws_s3_bucket_server_side_encryption_configuration` resource * `versioning` replaced with `aws_s3_bucket_versioning` resource * `cors_rule` replaced with `aws_s3_bucket_cors_configuration` resource * `acl` replaced with `aws_s3_bucket_acl` resource --- main.tf | 56 +++++++++++++++++++++++++++++++++++----------------- variables.tf | 13 +++++++++++- 2 files changed, 50 insertions(+), 19 deletions(-) diff --git a/main.tf b/main.tf index 189e96de..ea53a888 100644 --- a/main.tf +++ b/main.tf @@ -133,7 +133,8 @@ resource "random_password" "referer" { data "aws_iam_policy_document" "s3_origin" { count = local.s3_origin_enabled ? 1 : 0 - override_json = local.override_policy + # override_json = local.override_policy + override_policy_documents = [local.override_policy] statement { sid = "S3GetObjectForCloudFront" @@ -256,26 +257,9 @@ resource "aws_s3_bucket" "origin" { count = local.create_s3_origin_bucket ? 1 : 0 bucket = module.origin_label.id - acl = "private" tags = module.origin_label.tags force_destroy = var.origin_force_destroy - dynamic "server_side_encryption_configuration" { - for_each = var.encryption_enabled ? ["true"] : [] - - content { - rule { - apply_server_side_encryption_by_default { - sse_algorithm = "AES256" - } - } - } - } - - versioning { - enabled = var.versioning_enabled - } - dynamic "logging" { for_each = local.s3_access_log_bucket_name != "" ? [1] : [] content { @@ -293,6 +277,34 @@ resource "aws_s3_bucket" "origin" { routing_rules = lookup(website.value, "routing_rules", null) } } +} + +resource "aws_s3_bucket_versioning" "origin" { + count = local.create_s3_origin_bucket ? 1 : 0 + + bucket = one(aws_s3_bucket.origin).id + + versioning_configuration { + status = var.bucket_versioning + } +} + +resource "aws_s3_bucket_server_side_encryption_configuration" "origin" { + count = var.encryption_enabled && local.create_s3_origin_bucket ? 1 : 0 + + bucket = one(aws_s3_bucket.origin).id + + rule { + apply_server_side_encryption_by_default { + sse_algorithm = "AES256" + } + } +} + +resource "aws_s3_bucket_cors_configuration" "origin" { + count = local.create_s3_origin_bucket ? 1 : 0 + + bucket = one(aws_s3_bucket.origin).id dynamic "cors_rule" { for_each = distinct(compact(concat(var.cors_allowed_origins, var.aliases, var.external_aliases))) @@ -306,6 +318,14 @@ resource "aws_s3_bucket" "origin" { } } +resource "aws_s3_bucket_acl" "origin" { + depends_on = [aws_s3_bucket_ownership_controls.origin] + count = local.create_s3_origin_bucket ? 1 : 0 + + bucket = one(aws_s3_bucket.origin).id + acl = "private" +} + resource "aws_s3_bucket_public_access_block" "origin" { count = (local.create_s3_origin_bucket || local.override_origin_bucket_policy) && var.block_origin_public_access_enabled ? 1 : 0 bucket = local.bucket diff --git a/variables.tf b/variables.tf index f68e3480..a5a64687 100644 --- a/variables.tf +++ b/variables.tf @@ -480,6 +480,17 @@ variable "versioning_enabled" { description = "When set to 'true' the s3 origin bucket will have versioning enabled" } +variable "bucket_versioning" { + type = string + default = "Enabled" + description = "State of bucket versioning option" + + validation { + condition = contains(["Enabled", "Disabled", "Suspended"], var.bucket_versioning) + error_message = "Please choose one of 'Enabled', 'Disabled', or 'Suspended'" + } +} + variable "deployment_principal_arns" { type = map(list(string)) default = {} @@ -679,4 +690,4 @@ variable "http_version" { type = string default = "http2" description = "The maximum HTTP version to support on the distribution. Allowed values are http1.1, http2, http2and3 and http3" -} \ No newline at end of file +} From 4ef985cc08e754a3eeba14e0bf88d6468bf3d224 Mon Sep 17 00:00:00 2001 From: Joe Niland Date: Wed, 17 Jan 2024 08:09:34 +1100 Subject: [PATCH 2/3] update readme --- README.md | 227 +++++++++++++--------------------------------- docs/terraform.md | 5 + 2 files changed, 66 insertions(+), 166 deletions(-) diff --git a/README.md b/README.md index b225651c..973b11ec 100644 --- a/README.md +++ b/README.md @@ -1,11 +1,8 @@ -# terraform-aws-cloudfront-s3-cdn [![Codefresh Build Status](https://g.codefresh.io/api/badges/pipeline/cloudposse/terraform-modules%2Fterraform-aws-cloudfront-s3-cdn?type=cf-1)](https://g.codefresh.io/public/accounts/cloudposse/pipelines/5d169121757962ff25679794) [![Latest Release](https://img.shields.io/github/release/cloudposse/terraform-aws-cloudfront-s3-cdn.svg)](https://travis-ci.org/cloudposse/terraform-aws-cloudfront-s3-cdn/releases) [![Slack Community](https://slack.cloudposse.com/badge.svg)](https://slack.cloudposse.com) +# terraform-aws-cloudfront-s3-cdn [![Codefresh Build Status](https://g.codefresh.io/api/badges/pipeline/cloudposse/terraform-modules%2Fterraform-aws-cloudfront-s3-cdn?type=cf-1)](https://g.codefresh.io/public/accounts/cloudposse/pipelines/5d169121757962ff25679794) [![Latest Release](https://img.shields.io/github/release/cloudposse/terraform-aws-cloudfront-s3-cdn.svg)](https://travis-ci.org/cloudposse/terraform-aws-cloudfront-s3-cdn/releases) [![Slack Community](https://slack.cloudposse.com/badge.svg)](https://slack.cloudposse.com) -[![README Header][readme_header_img]][readme_header_link] - -[![Cloud Posse][logo]](https://cpco.io/homepage) +## Related Projects -## Share the Love +Check out these related projects. -Like this project? Please give it a ★ on [our GitHub](https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn)! (it helps us **a lot**) +- [terraform-aws-cloudfront-cdn](https://github.com/cloudposse/terraform-aws-cloudfront-cdn) - Terraform Module that implements a CloudFront Distribution (CDN) for a custom origin. +- [terraform-aws-s3-log-storage](https://github.com/cloudposse/terraform-aws-s3-log-storage) - S3 bucket with built in IAM policy to allow CloudTrail logs -Are you using this project or any of our other projects? Consider [leaving a testimonial][testimonial]. =) +## ✨ Contributing +This project is under active development, and we encourage contributions from our community. +Many thanks to our outstanding contributors: + + + -## Related Projects +### 🐛 Bug Reports & Feature Requests -Check out these related projects. +Please use the [issue tracker](https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn/issues) to report any bugs or file feature requests. -- [terraform-aws-cloudfront-cdn](https://github.com/cloudposse/terraform-aws-cloudfront-cdn) - Terraform Module that implements a CloudFront Distribution (CDN) for a custom origin. -- [terraform-aws-s3-log-storage](https://github.com/cloudposse/terraform-aws-s3-log-storage) - S3 bucket with built in IAM policy to allow CloudTrail logs +### 💻 Developing -## Help +If you are interested in being a contributor and want to get involved in developing this project or [help out](https://cpco.io/help-out) with Cloud Posse's other projects, we would love to hear from you! Shoot us an [email][email]. -**Got a question?** We got answers. +In general, PRs are welcome. We follow the typical "fork-and-pull" Git workflow. -File a GitHub [issue](https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn/issues), send us an [email][email] or join our [Slack Community][slack]. + 1. **Fork** the repo on GitHub + 2. **Clone** the project to your own machine + 3. **Commit** changes to your own branch + 4. **Push** your work back up to your fork + 5. Submit a **Pull Request** so that we can review your changes -[![README Commercial Support][readme_commercial_support_img]][readme_commercial_support_link] +**NOTE:** Be sure to merge the latest changes from "upstream" before making a pull request! -## DevOps Accelerator for Startups +### 🌎 Slack Community +Join our [Open Source Community][slack] on Slack. It's **FREE** for everyone! Our "SweetOps" community is where you get to talk with others who share a similar vision for how to rollout and manage infrastructure. This is the best place to talk shop, ask questions, solicit feedback, and work together as a community to build totally *sweet* infrastructure. + +### 📰 Newsletter + +Sign up for [our newsletter][newsletter] that covers everything on our technology radar. Receive updates on what we're up to on GitHub as well as awesome new projects we discover. + +### 📆 Office Hours + +[Join us every Wednesday via Zoom][office_hours] for our weekly "Lunch & Learn" sessions. It's **FREE** for everyone! + +## About + +This project is maintained and funded by [Cloud Posse, LLC][website]. + We are a [**DevOps Accelerator**][commercial_support]. We'll help you build your cloud infrastructure from the ground up so you can own it. Then we'll show you how to operate it and stick around for as long as you need us. @@ -656,51 +651,7 @@ We deliver 10x the value for a fraction of the cost of a full-time engineer. Our - **Code Reviews.** You'll receive constructive feedback on Pull Requests. - **Bug Fixes.** We'll rapidly work with you to fix any bugs in our projects. -## Slack Community - -Join our [Open Source Community][slack] on Slack. It's **FREE** for everyone! Our "SweetOps" community is where you get to talk with others who share a similar vision for how to rollout and manage infrastructure. This is the best place to talk shop, ask questions, solicit feedback, and work together as a community to build totally *sweet* infrastructure. - -## Discourse Forums - -Participate in our [Discourse Forums][discourse]. Here you'll find answers to commonly asked questions. Most questions will be related to the enormous number of projects we support on our GitHub. Come here to collaborate on answers, find solutions, and get ideas about the products and services we value. It only takes a minute to get started! Just sign in with SSO using your GitHub account. - -## Newsletter - -Sign up for [our newsletter][newsletter] that covers everything on our technology radar. Receive updates on what we're up to on GitHub as well as awesome new projects we discover. - -## Office Hours - -[Join us every Wednesday via Zoom][office_hours] for our weekly "Lunch & Learn" sessions. It's **FREE** for everyone! - -[![zoom](https://img.cloudposse.com/fit-in/200x200/https://cloudposse.com/wp-content/uploads/2019/08/Powered-by-Zoom.png")][office_hours] - -## Contributing - -### Bug Reports & Feature Requests - -Please use the [issue tracker](https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn/issues) to report any bugs or file feature requests. - -### Developing - -If you are interested in being a contributor and want to get involved in developing this project or [help out](https://cpco.io/help-out) with our other projects, we would love to hear from you! Shoot us an [email][email]. - -In general, PRs are welcome. We follow the typical "fork-and-pull" Git workflow. - - 1. **Fork** the repo on GitHub - 2. **Clone** the project to your own machine - 3. **Commit** changes to your own branch - 4. **Push** your work back up to your fork - 5. Submit a **Pull Request** so that we can review your changes - -**NOTE:** Be sure to merge the latest changes from "upstream" before making a pull request! - - -## Copyright - -Copyright © 2017-2023 [Cloud Posse, LLC](https://cpco.io/copyright) - - - +[![README Commercial Support][readme_commercial_support_img]][readme_commercial_support_link] ## License [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0) @@ -726,58 +677,11 @@ specific language governing permissions and limitations under the License. ``` - - - - - - - - ## Trademarks All other trademarks referenced herein are the property of their respective owners. - -## About - -This project is maintained and funded by [Cloud Posse, LLC][website]. Like it? Please let us know by [leaving a testimonial][testimonial]! - -[![Cloud Posse][logo]][website] - -We're a [DevOps Professional Services][hire] company based in Los Angeles, CA. We ❤️ [Open Source Software][we_love_open_source]. - -We offer [paid support][commercial_support] on all of our projects. - -Check out [our other projects][github], [follow us on twitter][twitter], [apply for a job][jobs], or [hire us][hire] to help with your cloud strategy and implementation. - - - -### Contributors - - -| [![Erik Osterman][osterman_avatar]][osterman_homepage]
[Erik Osterman][osterman_homepage] | [![Andriy Knysh][aknysh_avatar]][aknysh_homepage]
[Andriy Knysh][aknysh_homepage] | [![Jamie Nelson][Jamie-BitFlight_avatar]][Jamie-BitFlight_homepage]
[Jamie Nelson][Jamie-BitFlight_homepage] | [![Clive Zagno][cliveza_avatar]][cliveza_homepage]
[Clive Zagno][cliveza_homepage] | [![David Mattia][dmattia_avatar]][dmattia_homepage]
[David Mattia][dmattia_homepage] | [![RB][nitrocode_avatar]][nitrocode_homepage]
[RB][nitrocode_homepage] | [![John McGehee][jmcgeheeiv_avatar]][jmcgeheeiv_homepage]
[John McGehee][jmcgeheeiv_homepage] | [![Yonatan Koren][korenyoni_avatar]][korenyoni_homepage]
[Yonatan Koren][korenyoni_homepage] | [![Lucas Caparelli][lcaparelli_avatar]][lcaparelli_homepage]
[Lucas Caparelli][lcaparelli_homepage] | -|---|---|---|---|---|---|---|---|---| - - - [osterman_homepage]: https://github.com/osterman - [osterman_avatar]: https://img.cloudposse.com/150x150/https://github.com/osterman.png - [aknysh_homepage]: https://github.com/aknysh - [aknysh_avatar]: https://img.cloudposse.com/150x150/https://github.com/aknysh.png - [Jamie-BitFlight_homepage]: https://github.com/Jamie-BitFlight - [Jamie-BitFlight_avatar]: https://img.cloudposse.com/150x150/https://github.com/Jamie-BitFlight.png - [cliveza_homepage]: https://github.com/cliveza - [cliveza_avatar]: https://img.cloudposse.com/150x150/https://github.com/cliveza.png - [dmattia_homepage]: https://github.com/dmattia - [dmattia_avatar]: https://img.cloudposse.com/150x150/https://github.com/dmattia.png - [nitrocode_homepage]: https://github.com/nitrocode - [nitrocode_avatar]: https://img.cloudposse.com/150x150/https://github.com/nitrocode.png - [jmcgeheeiv_homepage]: https://github.com/jmcgeheeiv - [jmcgeheeiv_avatar]: https://img.cloudposse.com/150x150/https://github.com/jmcgeheeiv.png - [korenyoni_homepage]: https://github.com/korenyoni - [korenyoni_avatar]: https://img.cloudposse.com/150x150/https://github.com/korenyoni.png - [lcaparelli_homepage]: https://github.com/lcaparelli - [lcaparelli_avatar]: https://img.cloudposse.com/150x150/https://github.com/lcaparelli.png - +--- +Copyright © 2017-2024 [Cloud Posse, LLC](https://cpco.io/copyright) [![README Footer][readme_footer_img]][readme_footer_link] [![Beacon][beacon]][website] @@ -788,12 +692,9 @@ Check out [our other projects][github], [follow us on twitter][twitter], [apply [jobs]: https://cpco.io/jobs?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-cloudfront-s3-cdn&utm_content=jobs [hire]: https://cpco.io/hire?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-cloudfront-s3-cdn&utm_content=hire [slack]: https://cpco.io/slack?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-cloudfront-s3-cdn&utm_content=slack - [linkedin]: https://cpco.io/linkedin?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-cloudfront-s3-cdn&utm_content=linkedin [twitter]: https://cpco.io/twitter?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-cloudfront-s3-cdn&utm_content=twitter - [testimonial]: https://cpco.io/leave-testimonial?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-cloudfront-s3-cdn&utm_content=testimonial [office_hours]: https://cloudposse.com/office-hours?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-cloudfront-s3-cdn&utm_content=office_hours [newsletter]: https://cpco.io/newsletter?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-cloudfront-s3-cdn&utm_content=newsletter - [discourse]: https://ask.sweetops.com/?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-cloudfront-s3-cdn&utm_content=discourse [email]: https://cpco.io/email?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-cloudfront-s3-cdn&utm_content=email [commercial_support]: https://cpco.io/commercial-support?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-cloudfront-s3-cdn&utm_content=commercial_support [we_love_open_source]: https://cpco.io/we-love-open-source?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-cloudfront-s3-cdn&utm_content=we_love_open_source @@ -804,11 +705,5 @@ Check out [our other projects][github], [follow us on twitter][twitter], [apply [readme_footer_link]: https://cloudposse.com/readme/footer/link?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-cloudfront-s3-cdn&utm_content=readme_footer_link [readme_commercial_support_img]: https://cloudposse.com/readme/commercial-support/img [readme_commercial_support_link]: https://cloudposse.com/readme/commercial-support/link?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-cloudfront-s3-cdn&utm_content=readme_commercial_support_link - [share_twitter]: https://twitter.com/intent/tweet/?text=terraform-aws-cloudfront-s3-cdn&url=https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn - [share_linkedin]: https://www.linkedin.com/shareArticle?mini=true&title=terraform-aws-cloudfront-s3-cdn&url=https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn - [share_reddit]: https://reddit.com/submit/?url=https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn - [share_facebook]: https://facebook.com/sharer/sharer.php?u=https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn - [share_googleplus]: https://plus.google.com/share?url=https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn - [share_email]: mailto:?subject=terraform-aws-cloudfront-s3-cdn&body=https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn [beacon]: https://ga-beacon.cloudposse.com/UA-76589703-4/cloudposse/terraform-aws-cloudfront-s3-cdn?pixel&cs=github&cm=readme&an=terraform-aws-cloudfront-s3-cdn diff --git a/docs/terraform.md b/docs/terraform.md index ff4cf8a0..8fe1dba4 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -32,9 +32,13 @@ | [aws_cloudfront_distribution.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution) | resource | | [aws_cloudfront_origin_access_identity.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_origin_access_identity) | resource | | [aws_s3_bucket.origin](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource | +| [aws_s3_bucket_acl.origin](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_acl) | resource | +| [aws_s3_bucket_cors_configuration.origin](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_cors_configuration) | resource | | [aws_s3_bucket_ownership_controls.origin](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_ownership_controls) | resource | | [aws_s3_bucket_policy.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_policy) | resource | | [aws_s3_bucket_public_access_block.origin](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block) | resource | +| [aws_s3_bucket_server_side_encryption_configuration.origin](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_server_side_encryption_configuration) | resource | +| [aws_s3_bucket_versioning.origin](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_versioning) | resource | | [random_password.referer](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource | | [time_sleep.wait_for_aws_s3_bucket_settings](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource | | [aws_iam_policy_document.combined](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | @@ -60,6 +64,7 @@ | [allowed\_methods](#input\_allowed\_methods) | List of allowed methods (e.g. GET, PUT, POST, DELETE, HEAD) for AWS CloudFront | `list(string)` | 
[
  "DELETE",
  "GET",
  "HEAD",
  "OPTIONS",
  "PATCH",
  "POST",
  "PUT"
]
| no | | [attributes](#input\_attributes) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,
in the order they appear in the list. New attributes are appended to the
end of the list. The elements of the list are joined by the `delimiter`
and treated as a single ID element. | `list(string)` | `[]` | no | | [block\_origin\_public\_access\_enabled](#input\_block\_origin\_public\_access\_enabled) | When set to 'true' the s3 origin bucket will have public access block enabled | `bool` | `false` | no | +| [bucket\_versioning](#input\_bucket\_versioning) | State of bucket versioning option | `string` | `"Enabled"` | no | | [cache\_policy\_id](#input\_cache\_policy\_id) | The unique identifier of the existing cache policy to attach to the default cache behavior.
If not provided, this module will add a default cache policy using other provided inputs. | `string` | `null` | no | | [cached\_methods](#input\_cached\_methods) | List of cached methods (e.g. GET, PUT, POST, DELETE, HEAD) | `list(string)` | 
[
  "GET",
  "HEAD"
]
| no | | [cloudfront\_access\_log\_bucket\_name](#input\_cloudfront\_access\_log\_bucket\_name) | When `cloudfront_access_log_create_bucket` is `false`, this is the name of the existing S3 Bucket where
Cloudfront Access Logs are to be delivered and is required. IGNORED when `cloudfront_access_log_create_bucket` is `true`. | `string` | `""` | no | From 028951931dc2797681f01c66e1ecee16765ca1c5 Mon Sep 17 00:00:00 2001 From: Afraz Ahmadzadeh Date: Thu, 29 Feb 2024 20:21:40 +0100 Subject: [PATCH 3/3] Fixed formatting issues in main.tf --- main.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/main.tf b/main.tf index bddd3080..057b7067 100644 --- a/main.tf +++ b/main.tf @@ -4,7 +4,7 @@ locals { # Encapsulate logic here so that it is not lost/scattered among the configuration website_enabled = local.enabled && var.website_enabled website_password_enabled = local.website_enabled && var.s3_website_password_enabled - s3_origin_enabled = local.enabled && ! var.website_enabled + s3_origin_enabled = local.enabled && !var.website_enabled create_s3_origin_bucket = local.enabled && var.origin_bucket == null s3_access_logging_enabled = local.enabled && (var.s3_access_logging_enabled == null ? length(var.s3_access_log_bucket_name) > 0 : var.s3_access_logging_enabled) create_cf_log_bucket = local.cloudfront_access_logging_enabled && local.cloudfront_access_log_create_bucket @@ -47,7 +47,7 @@ locals { override_origin_bucket_policy = local.enabled && var.override_origin_bucket_policy - lookup_cf_log_bucket = local.cloudfront_access_logging_enabled && ! local.cloudfront_access_log_create_bucket + lookup_cf_log_bucket = local.cloudfront_access_logging_enabled && !local.cloudfront_access_log_create_bucket cf_log_bucket_domain = local.cloudfront_access_logging_enabled ? ( local.lookup_cf_log_bucket ? data.aws_s3_bucket.cf_logs[0].bucket_domain_name : module.logs.bucket_domain_name ) : "" @@ -460,7 +460,7 @@ resource "aws_cloudfront_distribution" "default" { origin_path = var.origin_path dynamic "s3_origin_config" { - for_each = ! var.website_enabled ? [1] : [] + for_each = !var.website_enabled ? [1] : [] content { origin_access_identity = local.cf_access.path }