Rewrite S3 resources

Author: ofhouse

README.md

@@ -113,7 +113,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 3.0"
+      version = "~> 4.0"
     }
   }
 }

examples/complete/main.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 3.0"
+      version = "~> 4.0"
     }
   }
 }

examples/next-image/main.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 3.0"
+      version = "~> 4.0"
     }
   }
 }

examples/static/main.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 3.0"
+      version = "~> 4.0"
     }
   }
 }

examples/with-custom-domain/main.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 3.0"
+      version = "~> 4.0"
     }
   }
 }

examples/with-existing-cloudfront/main.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 3.0"
+      version = "~> 4.0"
     }
   }
 }

modules/cloudfront-proxy-config/main.tf

@@ -10,11 +10,15 @@ locals {
 
 resource "aws_s3_bucket" "proxy_config_store" {
   bucket_prefix = "${var.deployment_name}-tfn-config"
-  acl           = "private"
   force_destroy = true
   tags          = merge(var.tags, var.tags_s3_bucket)
 }
 
+resource "aws_s3_bucket_acl" "proxy_config_store" {
+  bucket = aws_s3_bucket.proxy_config_store.id
+  acl    = "private"
+}
+
 data "aws_iam_policy_document" "cf_access" {
   statement {
     actions   = ["s3:GetObject"]

modules/cloudfront-proxy-config/versions.tf

@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 3.0"
+      version = ">= 4.0"
     }
   }
 }

modules/statics-deploy/main.tf

@@ -9,17 +9,24 @@ locals {
 
 resource "aws_s3_bucket" "static_upload" {
   bucket_prefix = "${var.deployment_name}-tfn-deploy"
-  acl           = "private"
   force_destroy = true
 
-  # We are using versioning here to ensure that no file gets overridden at upload
-  versioning {
-    enabled = true
-  }
-
   tags = merge(var.tags, var.tags_s3_bucket)
 }
 
+resource "aws_s3_bucket_acl" "static_upload" {
+  bucket = aws_s3_bucket.static_upload.id
+  acl    = "private"
+}
+
+# We are using versioning here to ensure that no file gets overridden at upload
+resource "aws_s3_bucket_versioning" "static_upload" {
+  bucket = aws_s3_bucket.static_upload.id
+  versioning_configuration {
+    status = "Enabled"
+  }
+}
+
 resource "aws_s3_bucket_notification" "on_create" {
   bucket = aws_s3_bucket.static_upload.id
 
@@ -35,23 +42,35 @@ resource "aws_s3_bucket_notification" "on_create" {
 
 resource "aws_s3_bucket" "static_deploy" {
   bucket_prefix = "${var.deployment_name}-tfn-static"
-  acl           = "private"
   force_destroy = true
 
-  lifecycle_rule {
-    id      = "Expire static assets"
-    enabled = var.expire_static_assets >= 0 # -1 disables the cleanup
+  tags = merge(var.tags, var.tags_s3_bucket)
+}
+
+resource "aws_s3_bucket_acl" "static_deploy" {
+  bucket = aws_s3_bucket.static_deploy.id
+  acl    = "private"
+}
+
+resource "aws_s3_bucket_lifecycle_configuration" "static_deploy" {
+  bucket = aws_s3_bucket.static_deploy.id
 
-    tags = {
-      "tfnextExpire" = "true"
-    }
+  rule {
+    id = "Expire static assets"
 
     expiration {
       days = var.expire_static_assets > 0 ? var.expire_static_assets : 0
     }
-  }
 
-  tags = merge(var.tags, var.tags_s3_bucket)
+    filter {
+      tag {
+        key   = "tfnextExpire"
+        value = "true"
+      }
+    }
+
+    status = var.expire_static_assets >= 0 ? "Enabled" : "Disabled" # -1 disables the cleanup
+  }
 }
 
 # CloudFront permissions for the bucket