From 50c32eff531d0854f7d6ef4cc21c11b86a07e415 Mon Sep 17 00:00:00 2001
From: Alex Jurkiewicz <alex@jurkiewi.cz>
Date: Mon, 28 Jun 2021 14:35:59 +1000
Subject: [PATCH 1/2] Conditionally create aws_s3_bucket_public_access_block

It's not needed if none of its options are enabled.
---
 main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/main.tf b/main.tf
index bcde03a6..ec289229 100644
--- a/main.tf
+++ b/main.tf
@@ -309,7 +309,7 @@ resource "aws_s3_bucket_policy" "default" {
 # https://www.terraform.io/docs/providers/aws/r/s3_bucket_public_access_block.html
 # for the nuances of the blocking options
 resource "aws_s3_bucket_public_access_block" "default" {
-  count  = module.this.enabled ? 1 : 0
+  count  = module.this.enabled && (var.block_public_acls || var.block_public_policy || var.ignore_public_acls || var.restrict_public_buckets) ? 1 : 0
   bucket = join("", aws_s3_bucket.default.*.id)
 
   block_public_acls       = var.block_public_acls

From 76e70f1886825425306191428c1103f004d8c592 Mon Sep 17 00:00:00 2001
From: Alex Jurkiewicz <alex@jurkiewi.cz>
Date: Tue, 17 Aug 2021 12:03:45 +1000
Subject: [PATCH 2/2] Pull out an expression into a local

---
 main.tf | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/main.tf b/main.tf
index ec7ae466..64f676d1 100644
--- a/main.tf
+++ b/main.tf
@@ -7,6 +7,8 @@ locals {
   # Deprecate `replication_rules` in favor of `s3_replication_rules` to keep all the replication related
   # inputs grouped under s3_replica[tion]
   s3_replication_rules = var.replication_rules == null ? var.s3_replication_rules : var.replication_rules
+
+  public_access_block_enabled = var.block_public_acls || var.block_public_policy || var.ignore_public_acls || var.restrict_public_buckets
 }
 
 resource "aws_s3_bucket" "default" {
@@ -374,7 +376,7 @@ resource "aws_s3_bucket_policy" "default" {
 # https://www.terraform.io/docs/providers/aws/r/s3_bucket_public_access_block.html
 # for the nuances of the blocking options
 resource "aws_s3_bucket_public_access_block" "default" {
-  count  = local.enabled && (var.block_public_acls || var.block_public_policy || var.ignore_public_acls || var.restrict_public_buckets) ? 1 : 0
+  count  = module.this.enabled && local.public_access_block_enabled ? 1 : 0
   bucket = join("", aws_s3_bucket.default.*.id)
 
   block_public_acls       = var.block_public_acls