Merge pull request #15 from grupoboticario/adjust_bucket_resources

Adjust bucket resources
grupoboticario · Apr 26, 2022 · 6b8c4b8 · 6b8c4b8
2 parents c77b03e + 9bd4c43
commit 6b8c4b8
Show file tree

Hide file tree

Showing 3 changed files with 63 additions and 27 deletions.
diff --git a/site-main/main.tf b/site-main/main.tf
@@ -66,18 +66,69 @@ locals {
 resource "aws_s3_bucket" "website_bucket" {
   count  = var.create_bucket == true ? 1 : 0
   bucket = var.bucket_name
-  policy = var.enable_oai == true ? data.template_file.bucket_policy_oai[0].rendered : data.template_file.bucket_policy.rendered
+
+  tags = var.tags
+}
+
+resource "aws_s3_bucket_acl" "website_bucket" {
+  count  = var.create_bucket == true ? 1 : 0
+  bucket = aws_s3_bucket.website_bucket[0].id
   acl    = "private"
+}
+
+resource "aws_s3_bucket_policy" "website_bucket" {
+  count  = var.create_bucket == true ? 1 : 0
+  bucket = aws_s3_bucket.website_bucket[0].id
+  policy = var.enable_oai == true ? data.template_file.bucket_policy_oai[0].rendered : data.template_file.bucket_policy.rendered
+}
+
+resource "aws_s3_bucket_website_configuration" "website_bucket" {
+  count  = var.create_bucket == true ? 1 : 0
+  bucket = aws_s3_bucket.website_bucket[0].id
+
+  index_document {
+    suffix = "index.html"
+  }
+
+  error_document {
+    key = "404.html"
+  }
+
+  dynamic "routing_rule" {
+    for_each = var.routing_rules
+    content {
+      condition {
+        key_prefix_equals = routing_rule.routing_rules_condition
+      }
+      redirect {
+        replace_key_prefix_with = routing_rule.routing_rules_redirect
+      }
+    }
+  }
+}
 
-  versioning {
-    enabled = var.versioning
+resource "aws_s3_bucket_versioning" "website_bucket" {
+  count  = var.create_bucket == true ? 1 : 0
+  bucket = aws_s3_bucket.website_bucket[0].id
+  versioning_configuration {
+    status = "Enabled"
   }
+}
+
+resource "aws_s3_bucket_server_side_encryption_configuration" "website_bucket" {
+  count  = var.create_bucket == true ? 1 : 0
+  bucket = aws_s3_bucket.website_bucket[0].id
 
-  website {
-    index_document = "index.html"
-    error_document = "404.html"
-    routing_rules  = var.routing_rules
+  rule {
+    apply_server_side_encryption_by_default {
+      sse_algorithm = "AES256"
+    }
   }
+}
+
+resource "aws_s3_bucket_cors_configuration" "website_bucket" {
+  count  = var.create_bucket == true ? 1 : 0
+  bucket = aws_s3_bucket.website_bucket[0].id
 
   dynamic "cors_rule" {
     for_each = var.cors_rule_inputs == null ? [] : var.cors_rule_inputs
@@ -89,17 +140,6 @@ resource "aws_s3_bucket" "website_bucket" {
       expose_headers  = cors_rule.value.expose_headers
     }
   }
-
-  server_side_encryption_configuration {
-    rule {
-      bucket_key_enabled = false
-      apply_server_side_encryption_by_default {
-        sse_algorithm = "AES256"
-      }
-    }
-  }
-
-  tags = var.tags
 }
 
 resource "aws_s3_bucket_public_access_block" "this" {

diff --git a/site-main/variables.tf b/site-main/variables.tf
@@ -32,8 +32,11 @@ variable "acm-certificate-arn" {
 }
 
 variable "routing_rules" {
-  type    = string
-  default = ""
+  type = list(object({
+    routing_rules_condition = string
+    routing_rules_redirect  = string
+  }))
+  default = []
 }
 
 variable "default-root-object" {

diff --git a/site-main/versions.tf b/site-main/versions.tf
@@ -1,10 +1,3 @@
 terraform {
   required_version = ">= 0.13.7"
-
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = "3.74.1"
-    }
-  }
 }