[Chore] Replace S3 deprecated syntax (#68)

* [WIP] Replace deprecated syntax for s3-private * [WIP] Replace deprecated syntax for s3-public * [WIP] Sanitize the string using replace function * [WIP] Add extensions recommendations * [WIP] Turn on formatOnSave for terraform file in the repo * [WIP] Update gitignore
dbl-works · Apr 14, 2022 · d3840ef · d3840ef
1 parent 8b95b42
commit d3840ef
Show file tree

Hide file tree

Showing 6 changed files with 78 additions and 35 deletions.
diff --git a/.gitignore b/.gitignore
@@ -16,7 +16,6 @@
 !/tmp/pids/.keep
 
 # Special\Personal dev setup
-.vscode/*
 /.idea
 
 # os

diff --git a/.vscode/extensions.json b/.vscode/extensions.json
@@ -0,0 +1,3 @@
+{
+  "recommendations": ["hashicorp.terraform"]
+}
diff --git a/.vscode/settings.json b/.vscode/settings.json
@@ -0,0 +1,13 @@
+{
+  "[terraform]": {
+    "editor.defaultFormatter": "hashicorp.terraform",
+    "editor.formatOnSave": true,
+    "editor.formatOnSaveMode": "file"
+  },
+
+  "[terraform-vars]": {
+    "editor.defaultFormatter": "hashicorp.terraform",
+    "editor.formatOnSave": true,
+    "editor.formatOnSaveMode": "file"
+  }
+}
diff --git a/kms-key/kms-aliases.tf b/kms-key/kms-aliases.tf
@@ -1,4 +1,4 @@
 resource "aws_kms_alias" "a" {
-  name          = "alias/${var.project}/${var.environment}/${var.alias}"
+  name          = replace("alias/${var.project}/${var.environment}/${var.alias}", "/[^a-zA-Z0-9:///_-]+/", "-")
   target_key_id = aws_kms_key.key.key_id
 }
diff --git a/s3-private/s3.tf b/s3-private/s3.tf
@@ -1,39 +1,57 @@
 resource "aws_s3_bucket" "main" {
   bucket = var.bucket_name
-  acl    = "private"
 
-  versioning {
-    enabled = var.versioning
+  tags = {
+    Name        = var.bucket_name
+    Project     = var.project
+    Environment = var.environment
   }
+}
 
-  lifecycle_rule {
-    enabled = var.primary_storage_class_retention == 0 ? false : false
+resource "aws_s3_bucket_lifecycle_configuration" "main-bucket-lifecycle-rule" {
+  bucket = aws_s3_bucket.main.id
 
+  rule {
+    id     = "primary-storage-class-retention"
+    status = var.primary_storage_class_retention == 0 ? "Disabled" : "Enabled"
     noncurrent_version_transition {
-      days          = var.primary_storage_class_retention == 0 ? 365 : var.primary_storage_class_retention
-      storage_class = "STANDARD_IA"
-    }
-  }
-  server_side_encryption_configuration {
-    rule {
-      apply_server_side_encryption_by_default {
-        kms_master_key_id = module.kms-key-s3.arn
-        sse_algorithm     = "aws:kms"
-      }
+      noncurrent_days = var.primary_storage_class_retention == 0 ? 365 : var.primary_storage_class_retention
+      storage_class   = "STANDARD_IA"
     }
   }
+}
+
+resource "aws_s3_bucket_cors_configuration" "main-bucket-cors-configuration" {
+  bucket = aws_s3_bucket.main.bucket
 
   cors_rule {
     allowed_headers = ["*"]
     allowed_methods = ["PUT"]
     allowed_origins = ["*"]
     expose_headers  = ["ETag"]
   }
+}
 
-  tags = {
-    Name        = var.bucket_name
-    Project     = var.project
-    Environment = var.environment
+resource "aws_s3_bucket_versioning" "main-bucket-versioning" {
+  bucket = aws_s3_bucket.main.id
+  versioning_configuration {
+    status = var.versioning ? "Enabled" : "Disabled"
+  }
+}
+
+resource "aws_s3_bucket_acl" "main-bucket-data-acl" {
+  bucket = aws_s3_bucket.main.id
+  acl    = "private"
+}
+
+resource "aws_s3_bucket_server_side_encryption_configuration" "main-bucket-sse-configuration" {
+  bucket = aws_s3_bucket.main.bucket
+
+  rule {
+    apply_server_side_encryption_by_default {
+      kms_master_key_id = module.kms-key-s3.arn
+      sse_algorithm     = "aws:kms"
+    }
   }
 }
 

diff --git a/s3-public/s3.tf b/s3-public/s3.tf
@@ -1,24 +1,34 @@
 resource "aws_s3_bucket" "main" {
   bucket = var.bucket_name
-  acl    = "public-read"
+  tags = {
+    Name        = var.bucket_name
+    Project     = var.project
+    Environment = var.environment
+  }
+}
 
-  versioning {
-    enabled = var.versioning
+resource "aws_s3_bucket_versioning" "main-bucket-versioning" {
+  bucket = aws_s3_bucket.main.id
+  versioning_configuration {
+    status = var.versioning ? "Enabled" : "Disabled"
   }
+}
 
-  # Move data to a cheaper storage class after a period of time
-  lifecycle_rule {
-    enabled = var.primary_storage_class_retention == 0 ? false : false
+resource "aws_s3_bucket_acl" "main-bucket-data-acl" {
+  bucket = aws_s3_bucket.main.id
+  acl    = "public-read"
+}
+
+# Move data to a cheaper storage class after a period of time
+resource "aws_s3_bucket_lifecycle_configuration" "main-bucket-lifecycle-rule" {
+  bucket = aws_s3_bucket.main.id
 
+  rule {
+    id     = "primary-storage-class-retention"
+    status = var.primary_storage_class_retention == 0 ? "Disabled" : "Enabled"
     noncurrent_version_transition {
-      days          = var.primary_storage_class_retention == 0 ? 365 : var.primary_storage_class_retention
-      storage_class = "STANDARD_IA"
+      noncurrent_days = var.primary_storage_class_retention == 0 ? 365 : var.primary_storage_class_retention
+      storage_class   = "STANDARD_IA"
     }
   }
-
-  tags = {
-    Name        = var.bucket_name
-    Project     = var.project
-    Environment = var.environment
-  }
 }
-Original file line number
+Diff line change
@@ Expand Up / @@ -16,7 +16,6 @@ @@
     !/tmp/pids/.keep
     # Special\Personal dev setup
-    .vscode/*
     /.idea
     # os
@@ Expand Down @@