Merge pull request #83 from rancherfederal/optional-acl

toggle statestore
rancherfederal · Apr 26, 2023 · 8adcb1f · 8adcb1f
2 parents d48d046 + 80aa775
commit 8adcb1f
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 4 deletions.
diff --git a/main.tf b/main.tf
@@ -37,10 +37,11 @@ resource "random_password" "token" {
 }
 
 module "statestore" {
-  source = "./modules/statestore"
-  name   = local.uname
-  token  = random_password.token.result
-  tags   = merge(local.default_tags, var.tags)
+  source     = "./modules/statestore"
+  name       = local.uname
+  create_acl = var.create_acl
+  token      = random_password.token.result
+  tags       = merge(local.default_tags, var.tags)
 
   attach_deny_insecure_transport_policy = var.statestore_attach_deny_insecure_transport_policy
 }

diff --git a/modules/statestore/main.tf b/modules/statestore/main.tf
@@ -18,6 +18,7 @@ resource "aws_s3_bucket_ownership_controls" "bucket_ownership_controls" {
 }
 
 resource "aws_s3_bucket_acl" "acl" {
+  count  = var.create_acl ? 1 : 0
   bucket = aws_s3_bucket.bucket.id
   acl    = "private"
 

diff --git a/modules/statestore/variables.tf b/modules/statestore/variables.tf
@@ -14,3 +14,8 @@ variable "tags" {
 variable "attach_deny_insecure_transport_policy" {
   type = bool
 }
+
+variable "create_acl" {
+  type    = bool
+  default = true
+}
diff --git a/variables.tf b/variables.tf
@@ -230,3 +230,9 @@ variable "statestore_attach_deny_insecure_transport_policy" {
   type        = bool
   default     = true
 }
+
+variable "create_acl" {
+  description = "Toggle creation of ACL for statestore bucket"
+  type        = bool
+  default     = true
+}