Removed deprecated argument object_lock_enabled in aws_s3_bucket

[imran-init]

…bucket in resource aws_s3_bucket_object_lock_configuration.default

what

• Removed deprecated argument object_lock_enabled from aws_s3_bucket.default. object_lock_enabled is enabled for this bucket in resource aws_s3_bucket_object_lock_configuration.default

why

• object_lock_enabled has been deprecated in the bucket resource.

references

• Terraform AWS S3 Bucket resource - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket

[bridgecrew]

Bridgecrew has found infrastructure configuration errors in this PR ⬇️

[osterman]

In the current docs, it does not show as deprecated

[imran-init]

Thanks for the review. Here is from https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket

NOTE on S3 Bucket Object Lock Configuration:

S3 Bucket Object Lock can be configured in either the standalone resource [aws_s3_bucket_object_lock_configuration](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_object_lock_configuration) or with the deprecated parameter object_lock_configuration in the resource aws_s3_bucket. Configuring with both will cause inconsistencies and may overwrite configuration.

[bridgecrew]

  Ensure S3 Bucket has public access blocks
    Resource: aws_s3_bucket.default | ID: BC_AWS_NETWORKING_52

How to Fix

resource "aws_s3_bucket" "bucket_good_1" {
  bucket = "bucket_good"
}

resource "aws_s3_bucket_public_access_block" "access_good_1" {
  bucket = aws_s3_bucket.bucket_good_1.id

  block_public_acls   = true
  block_public_policy = true
}

Description

When you create an S3 bucket, it is good practice to set the additional resource **aws_s3_bucket_public_access_block** to ensure the bucket is never accidentally public.

We recommend you ensure S3 bucket has public access blocks. If the public access block is not attached it defaults to False.

Dependent Resources

Calculating...

[bridgecrew]

⚠️   Due to 7d47803 - updated git config to resolve auto-format/preivilleged checout. - 1 new error was added

Change details

Error ID	Change	Path	Resource
BC_AWS_NETWORKING_52	Added	/main.tf	aws_s3_bucket.default

[nitrocode]

/test all

[nitrocode]

@imran-init makes sense to me. Nice catch!

[nitrocode]

Hmm unfortunately without this, we run into this error

TestExamplesCompleteWithObjectLock 2022-04-15T00:41:18Z logger.go:66: │ Error: error creating S3 bucket (eg-test-s3-object-lock-test-bfujfx) Object Lock configuration: InvalidBucketState: Object Lock configuration cannot be enabled on existing buckets

Have you been able to test this locally ?

[nitrocode]

Ah here is the full description

https://registry.terraform.io/providers/hashicorp%20%20/aws/latest/docs/resources/s3_bucket_object_lock_configuration

This resource does not enable Object Lock for new buckets. It configures a default retention period for objects placed in the specified bucket. Thus, to enable Object Lock for a new bucket, see the Using object lock configuration section in the aws_s3_bucket resource or the Object Lock configuration for a new bucket example below. If you want to enable Object Lock for an existing bucket, contact AWS Support and see the Object Lock configuration for an existing bucket example below.

References:

• https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_object_lock_configuration
• https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObjectLockConfiguration.html

It sounds like the deprecation notice is wrong in the hashicorp/aws provider to be honest so I'm going to close this PR for now until there is a strong reason to bring this back.