github.com/darmach/terratest@v0.34.8-0.20210517103231-80931f95e3ff/examples/terraform-aws-s3-example/main.tf (about) 1 # --------------------------------------------------------------------------------------------------------------------- 2 # PIN TERRAFORM VERSION TO >= 0.12 3 # The examples have been upgraded to 0.12 syntax 4 # --------------------------------------------------------------------------------------------------------------------- 5 6 terraform { 7 # This module is now only being tested with Terraform 0.13.x. However, to make upgrading easier, we are setting 8 # 0.12.26 as the minimum version, as that version added support for required_providers with source URLs, making it 9 # forwards compatible with 0.13.x code. 10 required_version = ">= 0.12.26" 11 } 12 13 # --------------------------------------------------------------------------------------------------------------------- 14 # DEPLOY A S3 BUCKET WITH VERSIONING ENABLED INCLUDING TAGS 15 # See test/terraform_aws_s3_example_test.go for how to write automated tests for this code. 16 # --------------------------------------------------------------------------------------------------------------------- 17 18 data "aws_iam_policy_document" "s3_bucket_policy" { 19 statement { 20 effect = "Allow" 21 principals { 22 # TF-UPGRADE-TODO: In Terraform v0.10 and earlier, it was sometimes necessary to 23 # force an interpolation expression to be interpreted as a list by wrapping it 24 # in an extra set of list brackets. That form was supported for compatibility in 25 # v0.11, but is no longer supported in Terraform v0.12. 26 # 27 # If the expression in the following list itself returns a list, remove the 28 # brackets to avoid interpretation as a list of lists. If the expression 29 # returns a single list item then leave it as-is and remove this TODO comment. 30 identifiers = [local.aws_account_id] 31 type = "AWS" 32 } 33 actions = ["*"] 34 resources = ["${aws_s3_bucket.test_bucket.arn}/*"] 35 } 36 37 statement { 38 effect = "Deny" 39 principals { 40 identifiers = ["*"] 41 type = "AWS" 42 } 43 actions = ["*"] 44 resources = ["${aws_s3_bucket.test_bucket.arn}/*"] 45 46 condition { 47 test = "Bool" 48 variable = "aws:SecureTransport" 49 values = [ 50 "false", 51 ] 52 } 53 } 54 } 55 56 resource "aws_s3_bucket" "test_bucket_logs" { 57 bucket = "${local.aws_account_id}-${var.tag_bucket_name}-logs" 58 acl = "log-delivery-write" 59 60 tags = { 61 Name = "${local.aws_account_id}-${var.tag_bucket_name}-logs" 62 Environment = var.tag_bucket_environment 63 } 64 65 force_destroy = true 66 } 67 68 resource "aws_s3_bucket" "test_bucket" { 69 bucket = "${local.aws_account_id}-${var.tag_bucket_name}" 70 acl = "private" 71 72 versioning { 73 enabled = true 74 } 75 76 logging { 77 target_bucket = aws_s3_bucket.test_bucket_logs.id 78 target_prefix = "TFStateLogs/" 79 } 80 81 tags = { 82 Name = var.tag_bucket_name 83 Environment = var.tag_bucket_environment 84 } 85 } 86 87 resource "aws_s3_bucket_policy" "bucket_access_policy" { 88 count = var.with_policy ? 1 : 0 89 bucket = aws_s3_bucket.test_bucket.id 90 policy = data.aws_iam_policy_document.s3_bucket_policy.json 91 } 92 93 # --------------------------------------------------------------------------------------------------------------------- 94 # LOCALS 95 # Used to represent any data that requires complex expressions/interpolations 96 # --------------------------------------------------------------------------------------------------------------------- 97 98 data "aws_caller_identity" "current" { 99 } 100 101 locals { 102 aws_account_id = data.aws_caller_identity.current.account_id 103 } 104