Skip to content

v3.1.0 Support new AWS S3 defaults (ACL prohibited)
Compare
Choose a tag to compare
@cloudpossebot cloudpossebot released this 06 May 03:31
3.1.0
8e44ce1
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Note: this version introduced drift detection and correction for Transfer Acceleration. Unfortunately, that change prevents deployment of buckets in regions that do not support Transfer Acceleration. Version 3.1.1 reverts that change so that S3 buckets can be deployed by this module in all regions. It does, however, mean that when var.transfer_acceleration_enabled is false, Terraform does not track or revert changes to Transfer Acceleration made outside of this module.

Make compatible with new S3 defaults. Add user permissions boundary. @Nuru (#178)

what

  • Make compatible with new S3 defaults by setting S3 Object Ownership before setting ACL and disabling ACL if Ownership is "BucketOwnerEnforced"
  • Add optional permissions boundary input for IAM user created by this module
  • Create aws_s3_bucket_accelerate_configuration and aws_s3_bucket_versioning resources even when the feature is disabled, to enable drift detection

why

  • S3 buckets with ACLs were failing to be provisioned because the ACL was set before the bucket ownership was changed
  • Requested feature
  • See #171

references

  • Closes #174
  • Supersedes and closes #175
  • Supersedes and closes #176
Always include `aws_s3_bucket_versioning` resource @mviamari (#172)

what

  • Always create an aws_s3_bucket_versioning resource to track changes made to bucket versioning configuration

why

  • When there is no aws_s3_bucket_versioning, the expectation is that the bucket versioning is disabled/suspend for the bucket. If bucket versioning is turned on outside of terraform (e.g. through the console), the change is not detected by terraform unless the aws_s3_bucket_versioning resource exists.

references

Add support for permission boundaries on replication IAM role @mchristopher (#170)

what

why

  • Our AWS environment enforces permission boundaries on all IAM roles to follow AWS best practices with security.

references

🤖 Automatic Updates

Update README.md and docs @cloudpossebot (#164)

what

This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates

Contributors

mviamari, mchristopher, and 2 other contributors
Assets 2
Loading