Merge pull request #13 from globeandmail/2.0

v2.0 - requires AWS provider 4.0
Mather-Sophi · Apr 19, 2022 · dad4287 · dad4287
2 parents 737f764 + 7b2359e
commit dad4287
Show file tree

Hide file tree

Showing 4 changed files with 29 additions and 18 deletions.
diff --git a/README.md b/README.md
@@ -6,7 +6,7 @@ Creates a codebuild project and S3 artifact bucket to be used with codepipeline.
 
 ```hcl
 module "codebuild_project" {
-  source = "github.com/globeandmail/aws-codebuild-project?ref=1.9"
+  source = "github.com/globeandmail/aws-codebuild-project?ref=2.0"
 
   name        = var.name
   deploy_type = var.deploy_type

diff --git a/main.tf b/main.tf
@@ -10,28 +10,35 @@ locals {
 resource "aws_s3_bucket" "artifact" {
   # S3 bucket cannot be longer than 63 characters
   bucket = lower(trimsuffix(substr("codepipeline-${local.aws_region}-${local.account_id}-${var.name}", 0, 63), "-"))
-  acl    = "private"
-
-  lifecycle_rule {
-    enabled = true
-    expiration {
-      days = 90
-    }
-  }
-
+
   tags = var.tags
 }
 
 resource "aws_s3_bucket_public_access_block" "artifact" {
   count  = var.s3_block_public_access ? 1 : 0
   bucket = aws_s3_bucket.artifact.id
 
-  block_public_acls   = true
-  block_public_policy = true
-  ignore_public_acls  = true
-  restrict_public_buckets  = true
+  block_public_acls       = true
+  block_public_policy     = true
+  ignore_public_acls      = true
+  restrict_public_buckets = true
 }
 
+resource "aws_s3_bucket_acl" "artifact" {
+  bucket = aws_s3_bucket.artifact.id
+  acl    = "private"
+}
+
+resource "aws_s3_bucket_lifecycle_configuration" "artifact" {
+  bucket = aws_s3_bucket.artifact.id
+  rule {
+    id     = "expire"
+    status = "Enabled"
+    expiration {
+      days = 90
+    }
+  }
+}
 
 resource "aws_cloudwatch_log_group" "group" {
   name              = "/aws/codebuild/${var.name}"
@@ -214,7 +221,7 @@ resource "aws_codebuild_project" "project" {
       content {
         name  = "REPO_ACCESS_GITHUB_TOKEN_SECRETS_ID"
         value = var.svcs_account_github_token_aws_secret_arn
-        type = "SECRETS_MANAGER"
+        type  = "SECRETS_MANAGER"
       }
     }
   }

diff --git a/variables.tf b/variables.tf
@@ -56,7 +56,7 @@ variable "privileged_mode" {
 
 }
 variable "tags" {
-  type        = map
+  type        = map(any)
   description = "(Optional) A mapping of tags to assign to the resource"
   default     = {}
 }
@@ -91,7 +91,7 @@ variable "svcs_account_github_token_aws_kms_cmk_arn" {
 }
 
 variable "s3_block_public_access" {
-  type = bool
+  type        = bool
   description = "(Optional) Enable the S3 block public access setting for the artifact bucket."
-  default = false
+  default     = false
 }
diff --git a/versions.tf b/versions.tf
@@ -1,3 +1,7 @@
 terraform {
   required_version = ">= 0.12"
+
+  required_providers {
+    aws = "~> 4.0"
+  }
 }