v0.81.0

Feat: Add Support for S3 Object Ownership Controls @korenyoni (#209)

what

• Add support for S3 object ownership controls.
• Misc: add BridgeCrew exceptions.

why

S3 object ownership controls should be configurable for the origin bucket behind the CloudFront distribution. If the origin bucket is used within CI pipelines, cross-account writes to the bucket will result in the object being owned by that account. This can result in 403's when attempting to access content in the CF distribution, unless the S3 object ownership setting is set to BucketOwnerEnforced.

By default, when another AWS account uploads an object to your S3 bucket, that account (the object writer) owns the object, has access to it, and can grant other users access to it through ACLs.

The new S3 object ownership variable has as a default value that has the same effect if the new s3_bucket_ownership_controls were not to exist at all. Thus, this is a backwards-compatible release.

references

• https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html
• cloudposse/terraform-aws-s3-bucket#109

fix: set viewer_certificate.ssl_support_method to a non-empty value @syphernl (#208)

what

• Sets the viewer_certificate.ssl_support_method to a non-empty value

why

• Since AWS Provider 3.71.0 the viewer_certificate.ssl_support_method is being validated on plan-time and can no longer be an empty string but must be sni-only or vip (of which the latter incurs costs)

references

• https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution#ssl_support_method