Fix website support, remove awsutils depenencies

[Nuru]

Breaking changes

This release has what can be considered breaking changes, but mostly because it either reverts breaking changes introduced in v2.0.2 or fixes features that were previously broken and unusable.

• If an IAM user and access key is created by this module, the AWS Access Key does not expire, restoring the behavior in and prior to v2.0.1. In v2.0.2 and v2.0.3, keys expired in 30 days.
• The website_inputs input is replaced by website_configuration and website_redirect_all_requests_to. The cors_rule_inputs input is replaced by cors_configuration. Thanks to @jurgen-weber-deltatre for helping with this.

New Features

• The breaking change introduced in v2.0.2 that required you to initialize the cloudposse/awsutils Terraform provider with the AWS region and been reverted. This module no longer uses that provider.
• Support for S3 static websites is greatly improved. Configure with website_configuration and cors_configuration, or with website_redirect_all_requests_to. The website endpoint and base domain are now available as outputs.
• You can now store the IAM user's access key in SSM via store_access_key_in_ssm. When stored in SSM, the secret key is not output by this module as a Terraform output, preventing it from being stored unencrypted in the Terraform state file.
• You can now create a user but not create an access key by setting access_key_enabled = false. You can also use this feature to rotate an access key by setting it to false and applying to delete the key, then setting it to true and applying to create a new one.

Note that in general we now recommend against creating an IAM user, and recommend using AWS OIDC to create an authentication path for users and systems that do not have native IAM credentials. Also note that you can assign permissions to existing AWS users and roles via grants or privileged_principal_arns.

what && why

• Update terraform-aws-s3-user to v1.0.0 and add inputs access_key_enabled, store_access_key_in_ssm, and ssm_base_path in order to
  • Make creating an IAM key for the S3 user optional
  • Enable saving the IAM key in SSM Parmeter store and omitting it from Terraform state
  • Remove dependency on cloudposse/awsutils Terraform provider. See terraform-aws-iam-system-user v1.0.0 Release Notes for further details and justification.
• Replace input website_inputs (which never worked) with website_configuration and website_redirect_all_requests_to. See dynamically create website inputs with the new provider and its colli… #142 for further details and justification.
• Replace input cors_rule_inputs with cors_configuration to match resource name.

references

• Implements and closes Enhancement: store iam user credentials in ssm parameter #3
• Fixes Unable to use website inputs #141
• Supersedes and closes dynamically create website inputs with the new provider and its colli… #142
• Obsoletes and closes Docs regarding the awsutils provider #151
• Supersedes and closes Update README.md and docs #154
• Obsoletes and closes Update Terraform cloudposse/iam-s3-user/aws module initialization - a… #155
• Supersedes and closes Update Terraform cloudposse/iam-s3-user/aws to v1 #157

[Nuru]

/test all

[aknysh]

please see comments

[Nuru]

/test all

[Nuru]

/test all

[jurgenweber]

Cool! Thank you!

[jurgen-weber-deltatre]

argh, wrong user. Thanks! :P