From 5944fa7706537ebb83e1403e98e4eb7c3e530b9c Mon Sep 17 00:00:00 2001
From: Diego Rodriguez <diego.rodriguez@verygoodsecurity.com>
Date: Mon, 5 Feb 2024 23:02:55 -0700
Subject: [PATCH 1/2] Allow setting the full name of the S3 bucket

---
 locals.tf    |  4 ++++
 main.tf      |  6 ++++--
 variables.tf | 12 +++++++++++-
 3 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/locals.tf b/locals.tf
index a741a93..e646acd 100644
--- a/locals.tf
+++ b/locals.tf
@@ -5,6 +5,10 @@ locals {
 
   source_bucket_arn = var.create_s3_bucket ? aws_s3_bucket.mwaa[0].arn : var.source_bucket_arn
 
+  source_bucket_prefix = var.source_bucket_name == null ? format("%s-%s-", "mwaa", data.aws_caller_identity.current.account_id) : (var.use_source_bucket_name_as_prefix ? var.source_bucket_name : null)
+
+  source_bucket_name = local.source_bucket_prefix != null ? null : var.var.source_bucket_name
+
   default_airflow_configuration_options = {
     "logging.logging_level" = "INFO"
   }
diff --git a/main.tf b/main.tf
index f989653..5a73ae2 100644
--- a/main.tf
+++ b/main.tf
@@ -105,8 +105,10 @@ resource "aws_iam_role_policy_attachment" "mwaa" {
 resource "aws_s3_bucket" "mwaa" {
   count = var.create_s3_bucket ? 1 : 0
 
-  bucket_prefix = var.source_bucket_name != null ? var.source_bucket_name : format("%s-%s-", "mwaa", data.aws_caller_identity.current.account_id)
-  tags          = var.tags
+  name          = local.source_bucket_name
+  bucket_prefix = local.source_bucket_prefix
+
+  tags = var.tags
 }
 
 #tfsec:ignore:aws-s3-encryption-customer-key
diff --git a/variables.tf b/variables.tf
index 2d3ac3f..f952ca9 100644
--- a/variables.tf
+++ b/variables.tf
@@ -200,12 +200,22 @@ variable "create_s3_bucket" {
 
 variable "source_bucket_name" {
   description = <<-EOD
-  New bucket will be created with the given name for MWAA when create_s3_bucket=true
+  New bucket will be created with the given name for MWAA when create_s3_bucket=true.
+  If set to null, then the default bucket name prefix will be set, irrespective of the value of `var.use_source_bucket_name_as_prefix`
   EOD
   type        = string
   default     = null
 }
 
+variable "use_source_bucket_name_as_prefix" {
+  description = <<-EOD
+  Whether or not to use the `var.source_bucket_name` as the S3 bucket name prefix
+  EOD
+  type        = bool
+  default     = true
+}
+
+
 variable "source_bucket_arn" {
   description = "(Required) The Amazon Resource Name (ARN) of your Amazon S3 storage bucket. For example, arn:aws:s3:::airflow-mybucketname"
   type        = string

From f606fca1642a9994845232384f4c7e3198f26427 Mon Sep 17 00:00:00 2001
From: Diego Rodriguez <diego.rodriguez@verygoodsecurity.com>
Date: Tue, 6 Feb 2024 00:02:39 -0700
Subject: [PATCH 2/2] fix issues

---
 README.md | 3 ++-
 locals.tf | 2 +-
 main.tf   | 2 +-
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 97afcb8..764038e 100644
--- a/README.md
+++ b/README.md
@@ -155,11 +155,12 @@ No modules.
 | <a name="input_schedulers"></a> [schedulers](#input\_schedulers) | (Optional) The number of schedulers that you want to run in your environment. | `string` | `null` | no |
 | <a name="input_security_group_ids"></a> [security\_group\_ids](#input\_security\_group\_ids) | Security group IDs for MWAA | `list(string)` | `[]` | no |
 | <a name="input_source_bucket_arn"></a> [source\_bucket\_arn](#input\_source\_bucket\_arn) | (Required) The Amazon Resource Name (ARN) of your Amazon S3 storage bucket. For example, arn:aws:s3:::airflow-mybucketname | `string` | `null` | no |
-| <a name="input_source_bucket_name"></a> [source\_bucket\_name](#input\_source\_bucket\_name) | New bucket will be created with the given name for MWAA when create\_s3\_bucket=true | `string` | `null` | no |
+| <a name="input_source_bucket_name"></a> [source\_bucket\_name](#input\_source\_bucket\_name) | New bucket will be created with the given name for MWAA when create\_s3\_bucket=true.<br>If set to null, then the default bucket name prefix will be set, irrespective of the value of `var.use_source_bucket_name_as_prefix` | `string` | `null` | no |
 | <a name="input_source_cidr"></a> [source\_cidr](#input\_source\_cidr) | (Required) Source CIDR block which will be allowed on MWAA SG to access Airflow UI<br>Used only if `create_security_group=true` | `list(string)` | `[]` | no |
 | <a name="input_startup_script_s3_object_version"></a> [startup\_script\_s3\_object\_version](#input\_startup\_script\_s3\_object\_version) | (Optional) The version of the startup shell script you want to use. You must specify the version ID that Amazon S3 assigns to the file every time you update the script. | `string` | `null` | no |
 | <a name="input_startup_script_s3_path"></a> [startup\_script\_s3\_path](#input\_startup\_script\_s3\_path) | (Optional) The relative path to the script hosted in your bucket. The script runs as your environment starts before starting the Apache Airflow process. Use this script to install dependencies, modify configuration options, and set environment variables. | `string` | `null` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A map of resource tags to associate with the resource | `map(string)` | `{}` | no |
+| <a name="input_use_source_bucket_name_as_prefix"></a> [use\_source\_bucket\_name\_as\_prefix](#input\_use\_source\_bucket\_name\_as\_prefix) | Whether or not to use the `var.source_bucket_name` as the S3 bucket name prefix | `bool` | `true` | no |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | (Required) VPC ID to deploy the MWAA Environment.<br>Mandatory if `create_security_group=true` | `string` | `""` | no |
 | <a name="input_webserver_access_mode"></a> [webserver\_access\_mode](#input\_webserver\_access\_mode) | (Optional) Specifies whether the webserver should be accessible over the internet or via your specified VPC. Possible options: PRIVATE\_ONLY (default) and PUBLIC\_ONLY | `string` | `"PRIVATE_ONLY"` | no |
 | <a name="input_weekly_maintenance_window_start"></a> [weekly\_maintenance\_window\_start](#input\_weekly\_maintenance\_window\_start) | (Optional) Specifies the start date for the weekly maintenance window | `string` | `null` | no |
diff --git a/locals.tf b/locals.tf
index e646acd..8c83d27 100644
--- a/locals.tf
+++ b/locals.tf
@@ -7,7 +7,7 @@ locals {
 
   source_bucket_prefix = var.source_bucket_name == null ? format("%s-%s-", "mwaa", data.aws_caller_identity.current.account_id) : (var.use_source_bucket_name_as_prefix ? var.source_bucket_name : null)
 
-  source_bucket_name = local.source_bucket_prefix != null ? null : var.var.source_bucket_name
+  source_bucket_name = local.source_bucket_prefix != null ? null : var.source_bucket_name
 
   default_airflow_configuration_options = {
     "logging.logging_level" = "INFO"
diff --git a/main.tf b/main.tf
index 5a73ae2..e689ee8 100644
--- a/main.tf
+++ b/main.tf
@@ -105,7 +105,7 @@ resource "aws_iam_role_policy_attachment" "mwaa" {
 resource "aws_s3_bucket" "mwaa" {
   count = var.create_s3_bucket ? 1 : 0
 
-  name          = local.source_bucket_name
+  bucket        = local.source_bucket_name
   bucket_prefix = local.source_bucket_prefix
 
   tags = var.tags