From 57d5410e0d0f9cc536736de9a2d85d0d2eff4b31 Mon Sep 17 00:00:00 2001 From: Andy Singleton Date: Wed, 19 Jun 2024 11:06:31 +0100 Subject: [PATCH] Overhaul bucket management to public module --- aws_cloudfront_distribution.tf | 2 +- data_aws_s3_cloudfront_origin_bucket.tf | 2 +- example/module_cloudfront_example.tf | 2 +- module_s3_bucket_cloudfront_logging.tf | 37 +++++++++++++++---------- outputs.tf | 2 +- variables.tf | 2 +- 6 files changed, 28 insertions(+), 19 deletions(-) diff --git a/aws_cloudfront_distribution.tf b/aws_cloudfront_distribution.tf index 6d9fdbf..6184e0c 100644 --- a/aws_cloudfront_distribution.tf +++ b/aws_cloudfront_distribution.tf @@ -33,7 +33,7 @@ resource "aws_cloudfront_distribution" "s3_distribution" { ] logging_config { - bucket = module.bucket_cloudwatch_logs_backup.bucket_domain_name + bucket = module.bucket_cloudwatch_logs_backup.s3_bucket_bucket_domain_name include_cookies = false prefix = "cloudfront/" } diff --git a/data_aws_s3_cloudfront_origin_bucket.tf b/data_aws_s3_cloudfront_origin_bucket.tf index f4e4fe3..675951b 100644 --- a/data_aws_s3_cloudfront_origin_bucket.tf +++ b/data_aws_s3_cloudfront_origin_bucket.tf @@ -1,3 +1,3 @@ data "aws_s3_bucket" "origin_bucket" { - bucket = var.s3_source_bukcet_name + bucket = var.s3_source_bucket_name } \ No newline at end of file diff --git a/example/module_cloudfront_example.tf b/example/module_cloudfront_example.tf index d4a400e..2419348 100644 --- a/example/module_cloudfront_example.tf +++ b/example/module_cloudfront_example.tf @@ -1,6 +1,6 @@ module "cloudfront_example" { source = "git::ssh://git@github.com/osodevops/aws-terraform-module-cloudfront-s3.git" - s3_source_bukcet_name = local.example_bucket_name + s3_source_bucket_name = local.example_bucket_name distribution_fqdn = "example.domain-name.com" distribution_name = "example" hosted_zone_name = "domain-name.com" diff --git a/module_s3_bucket_cloudfront_logging.tf b/module_s3_bucket_cloudfront_logging.tf index b152838..b92e3bf 100644 --- a/module_s3_bucket_cloudfront_logging.tf +++ b/module_s3_bucket_cloudfront_logging.tf @@ -1,9 +1,17 @@ module "bucket_cloudwatch_logs_backup" { - source = "git::ssh://git@github.com/osodevops/aws-terraform-module-s3.git" - s3_bucket_name = local.logging_bucket_name - s3_bucket_force_destroy = false - s3_bucket_policy = "" - common_tags = var.common_tags + source = "terraform-aws-modules/s3-bucket/aws" + version = "~>3.0" + + bucket = local.logging_bucket_name + force_destroy = false + tags = var.common_tags + grant = [ + { + type = "CanonicalUser" + permission = "FULL_CONTROL" + id = data.aws_canonical_user_id.current.id + } + ] # Bucket public access restrict_public_buckets = true @@ -12,16 +20,17 @@ module "bucket_cloudwatch_logs_backup" { ignore_public_acls = true versioning = { - status = "Enabled" + status = "Suspended" mfa_delete = "Disabled" } - cors_rule = { - allowed_headers = ["Authorization"] - allowed_methods = ["GET"] - allowed_origins = ["*"] - expose_headers = [] - max_age_seconds = 3000 - } + server_side_encryption_configuration = { + rule = { + bucket_key_enabled = false -} \ No newline at end of file + apply_server_side_encryption_by_default = { + sse_algorithm = "AES256" + } + } + } +} diff --git a/outputs.tf b/outputs.tf index 694c8fa..f135447 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,5 +1,5 @@ output "logging_bucket" { - value = module.bucket_cloudwatch_logs_backup.s3_id + value = module.bucket_cloudwatch_logs_backup.s3_bucket_id } output "distribution" { diff --git a/variables.tf b/variables.tf index 620685e..86444eb 100644 --- a/variables.tf +++ b/variables.tf @@ -67,7 +67,7 @@ variable "price_class" { default = "PriceClass_100" } -variable "s3_source_bukcet_name" { +variable "s3_source_bucket_name" { type = string }