github.com/terraform-modules-krish/terratest@v0.29.0/examples/terraform-aws-s3-example/main.tf

github.com/terraform-modules-krish/terratest@v0.29.0/examples/terraform-aws-s3-example/main.tf (about)

     1  # ---------------------------------------------------------------------------------------------------------------------
     2  # PIN TERRAFORM VERSION TO >= 0.12
     3  # The examples have been upgraded to 0.12 syntax
     4  # ---------------------------------------------------------------------------------------------------------------------
     5  
     6  terraform {
     7    required_version = ">= 0.12"
     8  }
     9  
    10  # ---------------------------------------------------------------------------------------------------------------------
    11  # DEPLOY A S3 BUCKET WITH VERSIONING ENABLED INCLUDING TAGS
    12  # See test/terraform_aws_s3_example_test.go for how to write automated tests for this code.
    13  # ---------------------------------------------------------------------------------------------------------------------
    14  
    15  data "aws_iam_policy_document" "s3_bucket_policy" {
    16    statement {
    17      effect = "Allow"
    18      principals {
    19        # TF-UPGRADE-TODO: In Terraform v0.10 and earlier, it was sometimes necessary to
    20        # force an interpolation expression to be interpreted as a list by wrapping it
    21        # in an extra set of list brackets. That form was supported for compatibility in
    22        # v0.11, but is no longer supported in Terraform v0.12.
    23        #
    24        # If the expression in the following list itself returns a list, remove the
    25        # brackets to avoid interpretation as a list of lists. If the expression
    26        # returns a single list item then leave it as-is and remove this TODO comment.
    27        identifiers = [local.aws_account_id]
    28        type        = "AWS"
    29      }
    30      actions   = ["*"]
    31      resources = ["${aws_s3_bucket.test_bucket.arn}/*"]
    32    }
    33  
    34    statement {
    35      effect = "Deny"
    36      principals {
    37        identifiers = ["*"]
    38        type        = "AWS"
    39      }
    40      actions   = ["*"]
    41      resources = ["${aws_s3_bucket.test_bucket.arn}/*"]
    42  
    43      condition {
    44        test     = "Bool"
    45        variable = "aws:SecureTransport"
    46        values = [
    47          "false",
    48        ]
    49      }
    50    }
    51  }
    52  
    53  resource "aws_s3_bucket" "test_bucket" {
    54    bucket = "${local.aws_account_id}-${var.tag_bucket_name}"
    55    acl    = "private"
    56  
    57    versioning {
    58      enabled = true
    59    }
    60  
    61    tags = {
    62      Name        = var.tag_bucket_name
    63      Environment = var.tag_bucket_environment
    64    }
    65  }
    66  
    67  resource "aws_s3_bucket_policy" "bucket_access_policy" {
    68    count  = var.with_policy ? 1 : 0
    69    bucket = aws_s3_bucket.test_bucket.id
    70    policy = data.aws_iam_policy_document.s3_bucket_policy.json
    71  }
    72  
    73  # ---------------------------------------------------------------------------------------------------------------------
    74  # LOCALS
    75  # Used to represent any data that requires complex expressions/interpolations
    76  # ---------------------------------------------------------------------------------------------------------------------
    77  
    78  data "aws_caller_identity" "current" {
    79  }
    80  
    81  locals {
    82    aws_account_id = data.aws_caller_identity.current.account_id
    83  }
    84