Releases: cloudposse/terraform-aws-s3-bucket
v0.42.1
🤖 Automatic Updates
Update context.tf @cloudpossebot (#105)
what
This is an auto-generated PR that updates the context.tf
file to the latest version from cloudposse/terraform-null-label
why
To support all the features of the context
interface.
v0.42.0
fix privileged_principal_arns not creating bucket policy @avendretter (#101)
what
- The
privileged_principal_arns
option is not creating a bucket policy.
why
- A check at the
s3_bucket_policy is missing
references
v0.41.0
Allow user to enable S3 Transfer Acceleration @alexjurkiewicz (#98)
v0.40.1
🐛 Bug Fixes
Properly type the default replication filter object @alexjurkiewicz (#96)
what
Properly type the default replication filter object
why
An error exists — likely introduced during some rewriting in #93 — where the default replication filter object is not properly typed, and causes issues with the ternary operator.
v0.40.0
Feat: Support Allowing Actions from Specific Principal ARNs in Bucket Policy. @korenyoni (#95)
what
- Support allowing actions from specific principal ARNs in bucket policy.
- Reorganize
examples/complete
(split up into multiple files to keepmain.tf
simple) - Misc: use
local.enabled
where possible
why
- Some buckets that are used by CI/CD systems may need to allow actions from cross-account IAM principals in their bucket policy.
references
v0.39.0
🚀 Enhancements
S3 Replication Improvements @alexjurkiewicz (#93)
Terraform plan impact
In order to support multiple S3 Bucket replication destinations, we must use the filter
in the replication rule, even if there is nothing to filter. The filter, even if empty, conflicts with the prefix
attribute of the rule (a v1 feature replaced in v2 with the filter). So we moved all prefix
settings into the filter. Therefore, you may see Terraform make a change like this:
Click to show plan
- rules {
- id = "replication-test"
- prefix = "/main"
- priority = 0
- status = "Enabled"
- destination {
- bucket = "arn:aws:s3:::replication-target"
- storage_class = "STANDARD"
}
- filter {}
- }
+ rules {
+ id = "replication-test"
+ priority = 0
+ status = "Enabled"
+ destination {
+ bucket = "arn:aws:s3:::replication-target"
+ storage_class = "STANDARD"
}
+ filter {
+ prefix = "/main"
+ tags = {}
+ }
+ }
Deprecation
To provide consistency in naming, the replication_rules
input has been deprecated in favor of s3_replication_rules
. Existing code will continue to work, but new users should use s3_replication_rules
and current users of replication_rules
should update their code to use s3_replication_rules
at their convenience.
what
@alexjurkiewicz
- Add support for multi-bucket S3 replication
- Add support for easily adding cross-account replication destination bucket policy statements
@korenyoni
- Add test for S3 bucket replication configuration to provide better code coverage
@Nuru
- Convert v1
prefix
to v2filter
to support multiple replication destinations - Rename
replication_rules
tos3_replication_rules
for consistency - Move testing to
us-east-2
region because that is where Cloud Posse prefers to do testing
why
- Module currently does not support multi-bucket S3 replication
- Adding cross-account replication destination bucket policy statements is currently a manual task with no site-specific uniqueness
references
- Replication was added in #56
- https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket
v0.38.0
Ability to specify website hosting configuration @azec-pdx (#91)
what
- We already use this module for S3 and want to be able to use it to deploy S3 buckets with static website hosting configs
- The change in this PR adds that support
why
- Would like to be able to use cloudposse/terraform-aws-s3-bucket (this module) to deploy buckets that support static website hosting and have very custom-tailored S3 bucket policy.
- Tried using cloudposse/terraform-aws-s3-website for the same need and hit the roadblock of it not supporting custom bucket policies.
- Our TF modules (in our org) are pinned down to use
cloudposse/terraform-aws-s3-bucket
for most S3 bucket needs, so we didn't have interest in using and modifyingcloudposse/terraform-aws-s3-website
module to support bucket custom bucket policies that are different then the "opinionated" ones that come withcloudposse/terraform-aws-s3-website
.
usage
Downstream TF modules using this feature then can specify website configuration as in the example below.
-
file:
profiles/s3_hosting_bucket/main.tf
module "s3_bucket" { source = "git::https://github.com/SkywardIO/terraform-aws-s3-bucket.git//?ref=feature/website-hosting-config" ## Switch to CP release version if PR gets accepted # source = "cloudposse/s3-bucket/aws" # version = "0.38.0" #... # other config of the module #... # website hosting - switchboard specific website_inputs = var.website_inputs }
-
file:
profiles/s3_hosting_bucket/variables.tf
# ... # other variables # ... variable "website_inputs" { type = list(object({ index_document = string error_document = string redirect_all_requests_to = string routing_rules = string # if you need to render valid JSON for this, use var.routing_rules and export such map construct to JSON })) default = null description = "Specifies the static website hosting configuration object." }
-
file:
profiles/website/main.tf
module "website" { source = "../../profiles/s3_hosting_bucket" context = module.this.context region = var.region name = module.this.name #... # other config of the module #... # determines static website hosting of the bucket - we are not interested in any kind of redirects by S3 website_inputs = [ { index_document = "index.html" error_document = "error.html" redirect_all_requests_to = null routing_rules = var.routing_rules == null ? "" : jsonencode(var.routing_rules) } ] # next 4 variables determine "aws_s3_bucket_public_access_block" configuration block_public_acls = var.block_public_acls block_public_policy = var.block_public_policy ignore_public_acls = var.ignore_public_acls restrict_public_buckets = var.restrict_public_buckets }
-
file:
profiles/website/variables.tf
# ... # other variables # ... variable "routing_rules" { type = list(object({ RoutingRuleCondition = object({ KeyPrefixEquals = string HttpErrorCodeReturnedEquals = string }) RedirectRule = object({ HostName = string HttpRedirectCode = string Protocol = string ReplaceKeyPrefixWith = string ReplaceKeyWith = string }) })) default = null description = "Specifies the helper generator for routing_rules key of website_inputs var - to obtain JSON easily." }
references
- Can open an issue in this repo if there is need to further elaborate this.
v0.37.0
Feat: Add Output for Replication IAM Role ARN @korenyoni (#88)
what
- Add output for replication IAM Role ARN
why
- An output for the delegated replication IAM Role does not exist
references
N/A
v0.36.0
Removing policy attribute for S3 bucket @justnom (#86)
what
- Fixing a bug where the bucket policy would flip-flop on Terraform apply if
var.policy
and any ofvar.allow_ssl_requests_only
,var.allow_encrypted_uploads_only
were set
why
- The
aws_s3_bucket.policy
attribute was competing with theaws_s3_bucket_policy
resource
v0.35.0
Add support for multiple lifecycle rules @maeghan-porter (#85)
what
- Add the ability to set multiple lifecycle rules on the bucket.
why
- There are cases where multiple lifecycle rules are desired, which can be made different by tag and/or prefix.