From d81c5ac33e537ce63ee5e6faecf1c169b7720ec6 Mon Sep 17 00:00:00 2001
From: Kim Carter <Kim.Carter@binarymist.net>
Date: Sun, 21 Feb 2021 15:41:08 +1300
Subject: [PATCH] Fix tf for_each issue with multiple s3 buckets

The aws_s3_bucket_public_access_block can not be applied
dynamically using ids that don't yet exist.
So some duplication is necessary.
---
 tf/modules/common/aws/storage/s3/s3.tf | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/tf/modules/common/aws/storage/s3/s3.tf b/tf/modules/common/aws/storage/s3/s3.tf
index 07f110e..9d1587a 100644
--- a/tf/modules/common/aws/storage/s3/s3.tf
+++ b/tf/modules/common/aws/storage/s3/s3.tf
@@ -34,10 +34,20 @@ resource "aws_s3_bucket_object" "sut_public_keys" {
   content = each.value
 }
 
+resource "aws_s3_bucket_public_access_block" "sut_public_keys" {
+  bucket = aws_s3_bucket.sut_public_keys.id
+  block_public_acls   = true
+  block_public_policy = true
+  ignore_public_acls = true
+  restrict_public_buckets = true
+}
+
 resource "aws_s3_bucket" "sut_public_keys_log" {
   bucket = "sut-public-keys-log"
   acl    = "log-delivery-write"
 
+  force_destroy = true
+
   lifecycle_rule {
     abort_incomplete_multipart_upload_days = 1
     enabled = true
@@ -54,10 +64,8 @@ resource "aws_s3_bucket" "sut_public_keys_log" {
   }
 }
 
-resource "aws_s3_bucket_public_access_block" "sut_public_keys" {
-  for_each = toset([aws_s3_bucket.sut_public_keys.id, aws_s3_bucket.sut_public_keys_log.id])
-
-  bucket = each.value
+resource "aws_s3_bucket_public_access_block" "sut_public_keys_log" {
+  bucket = aws_s3_bucket.sut_public_keys_log.id
   block_public_acls   = true
   block_public_policy = true
   ignore_public_acls = true