diff --git a/terraform/core/10-aws-s3-buckets.tf b/terraform/core/10-aws-s3-buckets.tf index a9892c9b2..6eb0bf238 100644 --- a/terraform/core/10-aws-s3-buckets.tf +++ b/terraform/core/10-aws-s3-buckets.tf @@ -436,17 +436,6 @@ module "rds_export_storage" { bucket_identifier = "rds-shapshot-export-storage" } -resource "aws_s3_bucket_server_side_encryption_configuration" "rds_export_storage_encryption" { - bucket = module.rds_export_storage.bucket_id - - rule { - apply_server_side_encryption_by_default { - sse_algorithm = "aws:kms" - } - bucket_key_enabled = true - } -} - module "deprecated_rds_export_storage" { source = "../modules/s3-bucket" @@ -458,17 +447,6 @@ module "deprecated_rds_export_storage" { bucket_identifier = "rds-export-storage" } -resource "aws_s3_bucket_server_side_encryption_configuration" "deprecated_rds_export_storage_encryption" { - bucket = module.deprecated_rds_export_storage.bucket_id - - rule { - apply_server_side_encryption_by_default { - sse_algorithm = "aws:kms" - } - bucket_key_enabled = true - } -} - module "addresses_api_rds_export_storage" { source = "../modules/s3-bucket" diff --git a/terraform/modules/s3-bucket/10-s3-bucket.tf b/terraform/modules/s3-bucket/10-s3-bucket.tf index 058fb2a37..8fb8cf9c1 100644 --- a/terraform/modules/s3-bucket/10-s3-bucket.tf +++ b/terraform/modules/s3-bucket/10-s3-bucket.tf @@ -34,15 +34,15 @@ data "aws_iam_policy_document" "key_policy" { } } - dynamic statement { + dynamic "statement" { for_each = var.bucket_key_policy_statements - - content { + + content { sid = lookup(statement.value, "sid", "") effect = lookup(statement.value, "effect", "") actions = lookup(statement.value, "actions", []) resources = ["*"] - + principals { type = lookup(statement.value.principals, "type", "") identifiers = lookup(statement.value.principals, "identifiers", []) @@ -83,15 +83,15 @@ data "aws_iam_policy_document" "bucket_policy_document" { } } - dynamic statement { + dynamic "statement" { for_each = var.bucket_policy_statements - - content { + + content { sid = lookup(statement.value, "sid", "") effect = lookup(statement.value, "effect", "") actions = lookup(statement.value, "actions", []) resources = lookup(statement.value, "resources", []) - + principals { type = lookup(statement.value.principals, "type", "") identifiers = lookup(statement.value.principals, "identifiers", []) @@ -107,17 +107,25 @@ resource "aws_s3_bucket" "bucket" { force_destroy = (var.environment == "dev") - server_side_encryption_configuration { - rule { - apply_server_side_encryption_by_default { - kms_master_key_id = aws_kms_key.key.arn - sse_algorithm = "aws:kms" - } +} + +resource "aws_s3_bucket_server_side_encryption_configuration" "bucket" { + bucket = aws_s3_bucket.bucket.id + + rule { + apply_server_side_encryption_by_default { + kms_master_key_id = aws_kms_key.key.arn + sse_algorithm = "aws:kms" } + bucket_key_enabled = true } +} - versioning { - enabled = true +resource "aws_s3_bucket_versioning" "bucket" { + bucket = aws_s3_bucket.bucket.id + versioning_configuration { + status = "Enabled" + mfa_delete = "Disabled" } }