Conditionally create aws_s3_bucket_public_access_block (#94)

* Conditionally create aws_s3_bucket_public_access_block

It's not needed if none of its options are enabled.

* Pull out an expression into a local

Co-authored-by: nitrocode <[email protected]>

Author: alexjurkiewicz

main.tf

@@ -7,6 +7,8 @@ locals {
   # Deprecate `replication_rules` in favor of `s3_replication_rules` to keep all the replication related
   # inputs grouped under s3_replica[tion]
   s3_replication_rules = var.replication_rules == null ? var.s3_replication_rules : var.replication_rules
+
+  public_access_block_enabled = var.block_public_acls || var.block_public_policy || var.ignore_public_acls || var.restrict_public_buckets
 }
 
 resource "aws_s3_bucket" "default" {
@@ -374,7 +376,7 @@ resource "aws_s3_bucket_policy" "default" {
 # https://www.terraform.io/docs/providers/aws/r/s3_bucket_public_access_block.html
 # for the nuances of the blocking options
 resource "aws_s3_bucket_public_access_block" "default" {
-  count  = local.enabled ? 1 : 0
+  count  = module.this.enabled && local.public_access_block_enabled ? 1 : 0
   bucket = join("", aws_s3_bucket.default.*.id)
 
   block_public_acls       = var.block_public_acls