Skip to content

Commit

Permalink
Fix tf for_each issue with multiple s3 buckets
Browse files Browse the repository at this point in the history 
The aws_s3_bucket_public_access_block can not be applied
dynamically using ids that don't yet exist.
So some duplication is necessary.
  • Loading branch information
@binarymist
binarymist committed Feb 21, 2021
1 parent 2ffa329 commit d81c5ac
Showing 1 changed file with 12 additions and 4 deletions.
16 changes: 12 additions & 4 deletions tf/modules/common/aws/storage/s3/s3.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,10 +34,20 @@ resource "aws_s3_bucket_object" "sut_public_keys" {
content = each.value
}

resource "aws_s3_bucket_public_access_block" "sut_public_keys" {
bucket = aws_s3_bucket.sut_public_keys.id
block_public_acls = true
block_public_policy = true
ignore_public_acls = true
restrict_public_buckets = true
}

resource "aws_s3_bucket" "sut_public_keys_log" {
bucket = "sut-public-keys-log"
acl = "log-delivery-write"

force_destroy = true

lifecycle_rule {
abort_incomplete_multipart_upload_days = 1
enabled = true
Expand All @@ -54,10 +64,8 @@ resource "aws_s3_bucket" "sut_public_keys_log" {
}
}

resource "aws_s3_bucket_public_access_block" "sut_public_keys" {
for_each = toset([aws_s3_bucket.sut_public_keys.id, aws_s3_bucket.sut_public_keys_log.id])

bucket = each.value
resource "aws_s3_bucket_public_access_block" "sut_public_keys_log" {
bucket = aws_s3_bucket.sut_public_keys_log.id
block_public_acls = true
block_public_policy = true
ignore_public_acls = true
Expand Down

0 comments on commit d81c5ac

Please sign in to comment.