From ccb6e1d4fc515ea71b9004a17957493540245781 Mon Sep 17 00:00:00 2001
From: justnom <justnom@users.noreply.github.com>
Date: Mon, 26 Apr 2021 22:59:08 -0400
Subject: [PATCH] Removing policy attribute for S3 bucket (#86)

Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com>
---
 README.md | 3 +--
 main.tf   | 2 +-
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 58abfe46..40641e8a 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,4 @@
+
 <!-- markdownlint-disable -->
 # terraform-aws-s3-bucket [![GitHub Action Tests](https://github.com/cloudposse/terraform-aws-s3-bucket/workflows/test/badge.svg?branch=master)](https://github.com/cloudposse/terraform-aws-s3-bucket/actions) [![Latest Release](https://img.shields.io/github/release/cloudposse/terraform-aws-s3-bucket.svg)](https://github.com/cloudposse/terraform-aws-s3-bucket/releases/latest) [![Slack Community](https://slack.cloudposse.com/badge.svg)](https://slack.cloudposse.com)
 <!-- markdownlint-restore -->
@@ -37,7 +38,6 @@ We do not recommend creating IAM users this way for any other purpose.
 It blocks public access to the bucket by default.
 https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html
 
-
 ---
 
 This project is part of our comprehensive ["SweetOps"](https://cpco.io/sweetops) approach towards DevOps.
@@ -68,7 +68,6 @@ We literally have [*hundreds of terraform modules*][terraform_modules] that are
 
 
 
-
 ## Security & Compliance [<img src="https://cloudposse.com/wp-content/uploads/2020/11/bridgecrew.svg" width="250" align="right" />](https://bridgecrew.io/)
 
 Security scanning is graciously provided by Bridgecrew. Bridgecrew is the leading fully hosted, cloud-native solution providing continuous Terraform security and compliance.
diff --git a/main.tf b/main.tf
index 4de26537..4efcd3c4 100644
--- a/main.tf
+++ b/main.tf
@@ -6,11 +6,11 @@ resource "aws_s3_bucket" "default" {
   #bridgecrew:skip=BC_AWS_S3_13:Skipping `Enable S3 Bucket Logging` because we do not have good defaults
   #bridgecrew:skip=CKV_AWS_52:Skipping `Ensure S3 bucket has MFA delete enabled` due to issue in terraform (https://github.com/hashicorp/terraform-provider-aws/issues/629).
   #bridgecrew:skip=BC_AWS_S3_16:Skipping `Ensure S3 bucket versioning is enabled` because dynamic blocks are not supported by checkov
+  #bridgecrew:skip=BC_AWS_S3_14:Skipping `Ensure all data stored in the S3 bucket is securely encrypted at rest` because variables are not understood
   count         = module.this.enabled ? 1 : 0
   bucket        = local.bucket_name
   acl           = try(length(var.grants), 0) == 0 ? var.acl : null
   force_destroy = var.force_destroy
-  policy        = var.policy
   tags          = module.this.tags
 
   versioning {