Merge pull request #34 from controlshift/aws_4

Migrate resources to Terraform's AWS provider v4
controlshift · Mar 25, 2022 · c906074 · c906074
2 parents 675cd35 + 2330b68
commit c906074
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 21 deletions.
diff --git a/glue_job.tf b/glue_job.tf
@@ -18,14 +18,19 @@ resource "aws_glue_crawler" "signatures_crawler" {
 
 resource "aws_s3_bucket" "glue_resources" {
   bucket = var.glue_scripts_bucket_name
-  region = var.aws_region
+}
 
-  acl = "private"
-  server_side_encryption_configuration {
-    rule {
-      apply_server_side_encryption_by_default {
-        sse_algorithm = "AES256"
-      }
+resource "aws_s3_bucket_acl" "glue_resources" {
+  bucket = aws_s3_bucket.glue_resources.id
+  acl    = "private"
+}
+
+resource "aws_s3_bucket_server_side_encryption_configuration" "glue_resources" {
+  bucket = aws_s3_bucket.glue_resources.bucket
+
+  rule {
+    apply_server_side_encryption_by_default {
+      sse_algorithm     = "AES256"
     }
   }
 }
@@ -40,7 +45,7 @@ data "template_file" "signatures_script" {
   }
 }
 
-resource "aws_s3_bucket_object" "signatures_script" {
+resource "aws_s3_object" "signatures_script" {
   bucket = aws_s3_bucket.glue_resources.id
   key = "${var.controlshift_environment}/signatures_job.py"
   acl = "private"

diff --git a/s3.tf b/s3.tf
@@ -7,30 +7,38 @@ provider "aws" {
 resource "aws_s3_bucket" "manifest" {
   provider = aws.controlshift
   bucket = var.manifest_bucket_name
-  acl    = "private"
-  region = var.controlshift_aws_region
 
-  server_side_encryption_configuration {
-    rule {
-      apply_server_side_encryption_by_default {
-        sse_algorithm = "AES256"
-      }
-    }
-  }
   tags = {
     Name = "ControlShift puts import manifests here"
   }
+}
+
+resource "aws_s3_bucket_lifecycle_configuration" "manifest" {
+  bucket = aws_s3_bucket.manifest.id
 
   # expire the ingested manifests after 5 days after they have been processed to save disk space while providing enough
   # time to analyze things that might have gone wrong.
-  lifecycle_rule {
-    id      = "expire-manifests"
-    enabled = true
+  rule {
+    id = "expire-manifests"
+    status = "Enabled"
 
     expiration {
       days = 5
     }
   }
 }
 
+resource "aws_s3_bucket_acl" "manifest" {
+  bucket = aws_s3_bucket.manifest.id
+  acl    = "private"
+}
+
+resource "aws_s3_bucket_server_side_encryption_configuration" "manifest" {
+  bucket = aws_s3_bucket.manifest.bucket
 
+  rule {
+    apply_server_side_encryption_by_default {
+      sse_algorithm     = "AES256"
+    }
+  }
+}
diff --git a/versions.tf b/versions.tf
@@ -6,7 +6,7 @@ terraform {
     }
     aws = {
       source = "hashicorp/aws"
-      version = "~> 2.0"
+      version = "~> 4.0"
     }
     http = {
       source = "hashicorp/http"