Skip to content

Releases: cloudposse/terraform-aws-s3-bucket

v0.42.1

21 Aug 03:14
ea3fcf4
Compare
Choose a tag to compare

🤖 Automatic Updates

Update context.tf @cloudpossebot (#105)

what

This is an auto-generated PR that updates the context.tf file to the latest version from cloudposse/terraform-null-label

why

To support all the features of the context interface.

v0.42.0

11 Aug 03:37
12ac1d8
Compare
Choose a tag to compare
fix privileged_principal_arns not creating bucket policy @avendretter (#101)

what

  • The privileged_principal_arns option is not creating a bucket policy.

why

  • A check at the s3_bucket_policy is missing

references

v0.41.0

20 Jul 18:14
3c2cde9
Compare
Choose a tag to compare
Allow user to enable S3 Transfer Acceleration @alexjurkiewicz (#98)

v0.40.1

06 Jul 12:26
8aed497
Compare
Choose a tag to compare

🐛 Bug Fixes

Properly type the default replication filter object @alexjurkiewicz (#96)

what

Properly type the default replication filter object

why

An error exists — likely introduced during some rewriting in #93 — where the default replication filter object is not properly typed, and causes issues with the ternary operator.

v0.40.0

02 Jul 19:31
54d3caf
Compare
Choose a tag to compare
Feat: Support Allowing Actions from Specific Principal ARNs in Bucket Policy. @korenyoni (#95)

what

  • Support allowing actions from specific principal ARNs in bucket policy.
  • Reorganize examples/complete (split up into multiple files to keep main.tf simple)
  • Misc: use local.enabled where possible

why

  • Some buckets that are used by CI/CD systems may need to allow actions from cross-account IAM principals in their bucket policy.

references

v0.39.0

28 Jun 20:40
a6f9942
Compare
Choose a tag to compare

🚀 Enhancements

S3 Replication Improvements @alexjurkiewicz (#93)

Terraform plan impact

In order to support multiple S3 Bucket replication destinations, we must use the filter in the replication rule, even if there is nothing to filter. The filter, even if empty, conflicts with the prefix attribute of the rule (a v1 feature replaced in v2 with the filter). So we moved all prefix settings into the filter. Therefore, you may see Terraform make a change like this:

Click to show plan
- rules {
  - id       = "replication-test"
  - prefix   = "/main"
  - priority = 0
  - status   = "Enabled"

  - destination {
    - bucket        = "arn:aws:s3:::replication-target"
    - storage_class = "STANDARD"
  }

  - filter {}
- }

+ rules {
    + id       = "replication-test"
    + priority = 0
    + status   = "Enabled"

    + destination {
        + bucket        = "arn:aws:s3:::replication-target"
        + storage_class = "STANDARD"
      }

    + filter {
        + prefix = "/main"
        + tags   = {}
    + }
+ }
This change is harmless and can be applied without impact.

Deprecation

To provide consistency in naming, the replication_rules input has been deprecated in favor of s3_replication_rules. Existing code will continue to work, but new users should use s3_replication_rules and current users of replication_rules should update their code to use s3_replication_rules at their convenience.

what

@alexjurkiewicz

  • Add support for multi-bucket S3 replication
  • Add support for easily adding cross-account replication destination bucket policy statements

@korenyoni

  • Add test for S3 bucket replication configuration to provide better code coverage

@Nuru

  • Convert v1 prefix to v2 filter to support multiple replication destinations
  • Rename replication_rules to s3_replication_rules for consistency
  • Move testing to us-east-2 region because that is where Cloud Posse prefers to do testing

why

  • Module currently does not support multi-bucket S3 replication
  • Adding cross-account replication destination bucket policy statements is currently a manual task with no site-specific uniqueness

references

v0.38.0

07 Jun 16:23
e9eae04
Compare
Choose a tag to compare
Ability to specify website hosting configuration @azec-pdx (#91)

what

  • We already use this module for S3 and want to be able to use it to deploy S3 buckets with static website hosting configs
  • The change in this PR adds that support

why

  • Would like to be able to use cloudposse/terraform-aws-s3-bucket (this module) to deploy buckets that support static website hosting and have very custom-tailored S3 bucket policy.
  • Tried using cloudposse/terraform-aws-s3-website for the same need and hit the roadblock of it not supporting custom bucket policies.
  • Our TF modules (in our org) are pinned down to use cloudposse/terraform-aws-s3-bucket for most S3 bucket needs, so we didn't have interest in using and modifying cloudposse/terraform-aws-s3-website module to support bucket custom bucket policies that are different then the "opinionated" ones that come with cloudposse/terraform-aws-s3-website.

usage

Downstream TF modules using this feature then can specify website configuration as in the example below.

  • file: profiles/s3_hosting_bucket/main.tf

     module "s3_bucket" {
          source = "git::https://github.com/SkywardIO/terraform-aws-s3-bucket.git//?ref=feature/website-hosting-config"
          
          ## Switch to CP release version if PR gets accepted
          # source  = "cloudposse/s3-bucket/aws"
          # version = "0.38.0"
        
          #...
          # other config of the module
          #...
        
          
          # website hosting - switchboard specific
          website_inputs = var.website_inputs
     }
  • file: profiles/s3_hosting_bucket/variables.tf

    # ...
    # other variables
    # ...
    variable "website_inputs" {
    
        type = list(object({
          index_document           = string
          error_document           = string
          redirect_all_requests_to = string
          routing_rules            = string # if you need to render valid JSON for this, use var.routing_rules and export such map construct to JSON
        }))
        default = null
      
        description = "Specifies the static website hosting configuration object."
    }
  • file: profiles/website/main.tf

    module "website" {
      source     = "../../profiles/s3_hosting_bucket"
      context    = module.this.context
      region     = var.region
      name       = module.this.name
      
      #...
      # other config of the module
      #...
      
      # determines static website hosting of the bucket - we are not interested in any kind of redirects by S3
      website_inputs = [
        {
          index_document           = "index.html"
          error_document           = "error.html"
          redirect_all_requests_to = null
          routing_rules            = var.routing_rules == null ? "" : jsonencode(var.routing_rules)
        }
      ]
      # next 4 variables determine "aws_s3_bucket_public_access_block" configuration
      block_public_acls       = var.block_public_acls
      block_public_policy     = var.block_public_policy
      ignore_public_acls      = var.ignore_public_acls
      restrict_public_buckets = var.restrict_public_buckets
      
    }
  • file: profiles/website/variables.tf

    # ...
    # other variables
    # ...
    variable "routing_rules" {
       type = list(object({
         RoutingRuleCondition = object({
           KeyPrefixEquals             = string
           HttpErrorCodeReturnedEquals = string
         })
         RedirectRule = object({
           HostName             = string
           HttpRedirectCode     = string
           Protocol             = string
           ReplaceKeyPrefixWith = string
           ReplaceKeyWith       = string
         })
       }))
       default = null
     
       description = "Specifies the helper generator for routing_rules key of website_inputs var - to obtain JSON easily."
    }

references

  • Can open an issue in this repo if there is need to further elaborate this.

v0.37.0

24 May 17:44
1d52711
Compare
Choose a tag to compare
Feat: Add Output for Replication IAM Role ARN @korenyoni (#88)

what

  • Add output for replication IAM Role ARN

why

  • An output for the delegated replication IAM Role does not exist

references

N/A

v0.36.0

27 Apr 02:59
ccb6e1d
Compare
Choose a tag to compare
Removing policy attribute for S3 bucket @justnom (#86)

what

  • Fixing a bug where the bucket policy would flip-flop on Terraform apply if var.policy and any of var.allow_ssl_requests_only, var.allow_encrypted_uploads_only were set

why

  • The aws_s3_bucket.policy attribute was competing with the aws_s3_bucket_policy resource

v0.35.0

09 Apr 18:06
d8ebed8
Compare
Choose a tag to compare
Add support for multiple lifecycle rules @maeghan-porter (#85)

what

  • Add the ability to set multiple lifecycle rules on the bucket.

why

  • There are cases where multiple lifecycle rules are desired, which can be made different by tag and/or prefix.