fix!: converts bucket_id to list(string) (fix #41) + removes label

cloudposse · Feb 24, 2024 · 5b1cec4 · 5b1cec4
1 parent 04a8b2e
commit 5b1cec4
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 17 deletions.
diff --git a/ssm_log_bucket.tf b/ssm_log_bucket.tf
@@ -1,20 +1,11 @@
 locals {
   account_id        = join("", data.aws_caller_identity.current[*].account_id)
   aws_partition     = join("", data.aws_partition.current[*].partition)
-  create_log_bucket = local.enabled && var.bucket_id == null
-  bucket_id         = var.bucket_id != null ? var.bucket_id : module.ssm_patch_log_s3_bucket_label.id
+  create_log_bucket = local.enabled && length(var.bucket_id) > 0
+  bucket_id         = local.create_log_bucket ? var.bucket_id[0] : module.this.id
   bucket_policy     = var.ssm_bucket_policy != null ? var.ssm_bucket_policy : try(data.aws_iam_policy_document.bucket_policy[0].json, "")
 }
 
-
-module "ssm_patch_log_s3_bucket_label" {
-  source  = "cloudposse/label/null"
-  version = "0.25.0"
-
-  enabled = local.create_log_bucket
-  # attributes = ["scan-window"]
-  context = module.this.context
-}
 data "aws_iam_policy_document" "bucket_policy" {
   count = local.create_log_bucket ? 1 : 0
   statement {
@@ -27,8 +18,8 @@ data "aws_iam_policy_document" "bucket_policy" {
     ]
 
     resources = [
-      format("arn:%s:s3:::%s", local.aws_partition, module.ssm_patch_log_s3_bucket_label.id),
-      format("arn:%s:s3:::%s/*", local.aws_partition, module.ssm_patch_log_s3_bucket_label.id)
+      format("arn:%s:s3:::%s", local.aws_partition, module.this.id),
+      format("arn:%s:s3:::%s/*", local.aws_partition, module.this.id)
     ]
 
     principals {
@@ -46,5 +37,5 @@ module "ssm_patch_log_s3_bucket" {
   acl                     = "private"
   versioning_enabled      = var.ssm_bucket_versioning_enable
   source_policy_documents = [local.bucket_policy]
-  context                 = module.ssm_patch_log_s3_bucket_label.context
+  context                 = module.this.context
 }
diff --git a/variables.tf b/variables.tf
@@ -211,9 +211,9 @@ variable "ssm_bucket_policy" {
 }
 
 variable "bucket_id" {
-  type        = string
-  description = "The bucket ID to use for the patch log. If no bucket ID is provided, the module will create a new one."
-  default     = null
+  type        = list(string)
+  description = "The bucket ID to use for the patch log. If no bucket ID is provided, the module will create a new one. This is of type `list(string)` to work around #41 / https://github.com/hashicorp/terraform/issues/28962."
+  default     = []
 }
 
 variable "ssm_bucket_versioning_enable" {