v2.0.2 minor breaking change (awsutils provider config)

Deprecated

The changes introduce in this release were problematic and have been removed in v3.0.0. It is not recommended to use this version or version 2.0.3.

🤖 Automatic Updates

NOTE: This release requires the cloudposse/awsutils Terraform provider to be defined with a region. This can and should be the same region you have configured in your aws provider. The reason for this new provider is due to new functionality with a dependent module (which uses this module which requires cloudposse/awsutils) in this repo. (The new feature allows configuring S3 user AWS access keys to expire.)

provider "awsutils" {
  region = var.region
}

Update Terraform cloudposse/iam-s3-user/aws to v0.15.9 @renovate (#119)

This PR contains the following updates:

Package	Type	Update	Change
cloudposse/iam-s3-user/aws (source)	module	patch	0.15.7 -> 0.15.9

---

v2.0.1

git.io->cloudposse.tools update @dylanbannon (#149)

what and why

Change all references to git.io/build-harness into cloudposse.tools/build-harness, since git.io redirects will stop working on April 29th, 2022.

References

• DEV-143

🚀 Enhancements

Use object lock enabled @nitrocode (#148)

what

• Use object lock enabled

why

• Deprecation of dynamic object_lock_configuration for object_lock_enabled

│ Warning: Argument is deprecated
│
│   with module.bucket.aws_s3_bucket.default,
│   on .terraform/modules/bucket/main.tf line 30, in resource "aws_s3_bucket" "default":
│   30: resource "aws_s3_bucket" "default" {
│
│ Use the top-level parameter object_lock_enabled and the aws_s3_bucket_object_lock_configuration resource instead

references

• https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket#object_lock_enabled
• Previous PR #144 (this did not use object_lock_enabled and only removed the dynamic)

v2.0.0 AWS provider v4/v5 compatibility

Version 2.0 of terraform-aws-s3-bucket is the same as v0.49.0 except for the addition of 2 small bug fixes (see #147). It is labeled v2.0 as part of Cloud Posse's transition to production Semantic Versioning conventions, and to indicate significant changes as compared to v1.0 (essentially version 0.47.1). Additional upgrade information is in the repo Wiki

Breaking change:

• The website_inputs are broken (see #141). When we get them fixed, we will likely deprecate the variable in favor of new variables that include new features available in the provider. If you are using website_inputs, do not upgrade to v2.x until #141 is closed.

Additional notes

There are some quirks to be aware of:

• NO ACTION IS NEEDED to upgrade directly from v0.49.0 to v2.0.0
• Version 1.0 derives from and is compatible with version 0.47.1. Follow the upgrade instructions if upgrading from one of these versions.
• Version 0.48.0 was an interim release that is not recommended for anyone to use. It has incompatibilities with every other version. If you are on v0.48.0, you can upgrade directly to v2.0.0 and if Terraform gives you no complaints, then you are good to go. See the release notes for v0.48.0 and v0.49.0 for information about how to fix any breakage.

Bug fixes @Nuru (#147)

what && why

• Require AWS provider v4.9.0 or later, resolves #137
• Properly consider source_policy_documents input, fixes #145

v1.0.0 Important: Read Relase Notes

Version 1.0.0 is part of Cloud Posse's conversion to production Semantic Versioning, part of Cloud Posse's general policy to convert to production versioning as we make updates to relatively mature modules, especially those where we see breaking changes coming in the near future. In the case of this module, the breaking changes have already been released as v2.0.0. This is a quirk due to not previously using production Semantic Versioning.

TAKE NOTE:

• Despite the 1.0 version designation, it is actually not compatible with the latest previous release (v0.49.0) or the current recommended release (v2.0.0). Because of that, this version is only recommended for people currently using v0.47.1 or earlier.
• This release is the same as v0.47.1 except for additional version pinning allowing it to work with AWS provider v4.
• No maintenance is planned for v1. With the release of AWS provider v4.9.0, the upgrade to v2.0 of this module requires no manual intervention as long as you meet the prerequisites (AWS provider v4.9.0 or later, Terraform v1.0.0 or later). So we recommend upgrading to v2.0 to get any bug fixes or new features.

v0.49.0 (Action Needed) AWS provider v4 support

Manual intervention needed

See Upgrading to v0.48.0 and AWS provider version 4.x for details about actions you will need to take when updating to this version related to upgrading to AWS provider v4.x.

Breaking changes

In order to fix #102 (following Hashicorp's advice), this release changes the privileged_principal_arns input from a map(list(string)) to a list(map(list(string))). Where you previously input one map, like

{
  arn1 = ["prefix1/", "prefix2/"]
  arn2 = ["prefix3/]
}

you now provide a list of maps, each one mapping a single ARN to a list of prefixes:

[{
  arn1 = ["prefix1/", "prefix2/"]
}, {
  arn2 = ["prefix3/]
}]

🚀 Enhancements

Full support for lifecycle configuration

The new lifecycle_configuration_rules input allows you to specify all the options the AWS provider supports. See the example for more details.

Full support for lifecycle configuration @Nuru (#135)

what && why

• Breaking change: convert privileged_principal_arns input to list.
  • Fixes #102
• Add lifecycle_configuration_rules input closely matching Terraform provider arguments to fully support features.
  • Resolves #87
  • Resolves #130
• Remove acl_grants input added in #131, because the old grants input is more convenient and more powerful.

references

• Upgrade instructions
• hashicorp/terraform-provider-aws#23375

v0.47.1 Pin to AWS provider v3, Add lifecycle IDs

• Ease refactoring by adding backward compatible lifecycle IDs (#134)
• Pin AWS Provider to version 3.x

v0.48.0 (Action Needed) Update to AWS provider v4.x

This release is an early release in order to unblock people who are blocked because v0.47.0 does not work with AWS Provider v4. However, the newly introduced lifecycle_configuration_rules will be replaced in the next release with a more flexible (and completely incompatible) structure that supports the evolving variety of storage options AWS provides. For this reason, we recommend users continue to use the Deprecated lifecycle_rules input for now, and anticipate it will be supported for a considerable length of time going forward.

See Upgrading to v0.48.0 and AWS provider version 4.x for details about actions you will need to take when updating to this version.

🚀 Enhancements

Upgrade to v4 aws provider @nitrocode (#131)

what

• Upgrade to v4 aws provider
• Deprecated policy in favor of source_policy_documents, closes #124
• Deprecated grants in favor of acl_grants
• Deprecated lifecycle_rules in favor of lifecycle_configuration_rules
• All tests pass
  • Current tests pass
  • Tests do not check website inputs. The website_inputs is unavailable in the tests.
  • Tests do not check cors. The cors_rule_inputs is available but unused.
• Backwards compatible - Is it possible to make it backwards compatible ?
  • Generate the lifecycle rule ids ?
  • Translate the grant.permissions into separate grant.permission blocks ?
• Migration document in this repo's Wiki

why

• Current version incompatible with AWS provider v4.x

│ Error: Unsupported attribute
│ 
│   on .terraform-mdev/modules/s3_bucket/main.tf line 166, in resource "aws_s3_bucket" "default":
│  166:         for_each = local.s3_replication_rules == null ? [] : local.s3_replication_rules
│ 
│ This object does not have an attribute named "s3_replication_rules".

• One upgraded to version 4.x, module no longer works with AWS provider 3.x
• Pin to >= 4.2.0 because of relevant bug fixes needed by this module

references

• Closes #132
• https://registry.terraform.io/providers/hashicorp/aws/latest/docs/guides/version-4-upgrade
• https://github.com/hashicorp/terraform-provider-aws/releases/tag/v4.0.0
• Versions
  • https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket
  • https://registry.terraform.io/providers/hashicorp/aws/3.74.1/docs/resources/s3_bucket
• Some of the individual resources
  • https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_cors_configuration
  • https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_website_configuration

notes

• grants is now deprecated, but still supported. New input replacing it is acl_grants. The only difference is that grants takes a list of permissions and acl_grants takes a single permission. The only reason we are making grants deprecated is so that our inputs track the AWS resource inputs.
• lifecycle_rules is now deprecated but still supported, replaced with lifecycle_configuration_rules, which is identical except that lifecycle_configuration_rules has an id for each rule, which is now required by the AWS resource (doc). This module supplies an id for lifecycle_rules.
• aws_s3_bucket_lifecycle_configuration requires a static rules.filter element due to hashicorp/terraform-provider-aws#23299

v0.47.0

🚀 Enhancements

Feat: Enable Replication Metrics @max-lobur (#116)

what

• Enable replication metrics by default
• Allow override via variables

AWS provider requirements update due to: hashicorp/terraform-provider-aws#21901

why

• To be able to track replication status

references

https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication-metrics.html

v0.46.0

🚀 Enhancements

Enable bucket key for reducing the cost of SSE-KMS with Amazon S3 @bkmnaidu (#115)

Signed-off-by: Krishna Mohan Bandi [email protected]

what

• Allow S3 bucket key to be enabled to reduce the cost of SSE-KMS usage with Amazon S3

why

• When KMS encryption is enabled for an Amazon S3 bucket, there is a limit on the number of KMS API calls that can be made. Enabling bucket key not only allows to reduce the number of KMS API calls but also reduces the cost of SSE-KMS with Amazon S3.

references

• https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-key.html
• closes #114

🐛 Bug Fixes

Fix: Change `s3_object_ownership` Description to Reflect All Possible Values @korenyoni (#127)

what

• Fix s3_object_ownership description to reflect all possible values.

why

• The s3_object_ownership variable description does not reflect all possible values.

references

• N/A

Remove unused variable `abort_incomplete_multipart_upload_days` @adamantike (#92)

What

Remove variable abort_incomplete_multipart_upload_days.

Why

The abort_incomplete_multipart_upload_days variable isn't being used since the introduction of lifecycle_rules in #85.

Notes

closes #128

v0.45.0

feat: add delete_marker_replication_status in replication rules @DesmondH0 (#126)

what

• There are no control ability for enable Delete marker replication in this module

why

• The reason of this was because empty filter would always be generated in this line
• And this will disable the Delete marker replication option in replication rule

references

• https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket#delete_marker_replication_status