From a7edf7778d9f349449ff1adafa4da9483d9063cf Mon Sep 17 00:00:00 2001 From: magreenbaum Date: Fri, 28 Oct 2022 20:03:03 -0400 Subject: [PATCH 1/4] adding metric configuration support --- README.md | 2 ++ examples/complete/main.tf | 15 +++++++++++++++ main.tf | 22 ++++++++++++++++++---- variables.tf | 6 ++++++ wrappers/main.tf | 1 + 5 files changed, 42 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 4cdeb854..57c8c39e 100644 --- a/README.md +++ b/README.md @@ -141,6 +141,7 @@ No modules. | [aws_s3_bucket_intelligent_tiering_configuration.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_intelligent_tiering_configuration) | resource | | [aws_s3_bucket_lifecycle_configuration.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_lifecycle_configuration) | resource | | [aws_s3_bucket_logging.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_logging) | resource | +| [aws_s3_bucket_metric.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_metric) | resource | | [aws_s3_bucket_object_lock_configuration.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_object_lock_configuration) | resource | | [aws_s3_bucket_ownership_controls.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_ownership_controls) | resource | | [aws_s3_bucket_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_policy) | resource | @@ -184,6 +185,7 @@ No modules. | [intelligent\_tiering](#input\_intelligent\_tiering) | Map containing intelligent tiering configuration. | `any` | `{}` | no | | [lifecycle\_rule](#input\_lifecycle\_rule) | List of maps containing configuration of object lifecycle management. | `any` | `[]` | no | | [logging](#input\_logging) | Map containing access bucket logging configuration. | `map(string)` | `{}` | no | +| [metric\_configuration](#input\_metric\_configuration) | Map containing bucket metric configuration. | `any` | `{}` | no | | [object\_lock\_configuration](#input\_object\_lock\_configuration) | Map containing S3 object locking configuration. | `any` | `{}` | no | | [object\_lock\_enabled](#input\_object\_lock\_enabled) | Whether S3 bucket should have an Object Lock configuration enabled. | `bool` | `false` | no | | [object\_ownership](#input\_object\_ownership) | Object ownership. Valid values: BucketOwnerEnforced, BucketOwnerPreferred or ObjectWriter. 'BucketOwnerEnforced': ACLs are disabled, and the bucket owner automatically owns and has full control over every object in the bucket. 'BucketOwnerPreferred': Objects uploaded to the bucket change ownership to the bucket owner if the objects are uploaded with the bucket-owner-full-control canned ACL. 'ObjectWriter': The uploading account will own the object if the object is uploaded with the bucket-owner-full-control canned ACL. | `string` | `"ObjectWriter"` | no | diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 0f1626ba..4f467590 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -324,4 +324,19 @@ module "s3_bucket" { } } } + + metric_configuration = { + documents = { + prefix = "documents/" + tags = { + priority = "high" + } + } + "other" = { + tags = { + production = true + } + } + } + } diff --git a/main.tf b/main.tf index d93de8a5..29954397 100644 --- a/main.tf +++ b/main.tf @@ -6,10 +6,11 @@ locals { attach_policy = var.attach_require_latest_tls_policy || var.attach_elb_log_delivery_policy || var.attach_lb_log_delivery_policy || var.attach_deny_insecure_transport_policy || var.attach_policy # Variables with type `any` should be jsonencode()'d when value is coming from Terragrunt - grants = try(jsondecode(var.grant), var.grant) - cors_rules = try(jsondecode(var.cors_rule), var.cors_rule) - lifecycle_rules = try(jsondecode(var.lifecycle_rule), var.lifecycle_rule) - intelligent_tiering = try(jsondecode(var.intelligent_tiering), var.intelligent_tiering) + grants = try(jsondecode(var.grant), var.grant) + cors_rules = try(jsondecode(var.cors_rule), var.cors_rule) + lifecycle_rules = try(jsondecode(var.lifecycle_rule), var.lifecycle_rule) + intelligent_tiering = try(jsondecode(var.intelligent_tiering), var.intelligent_tiering) + metric_configuration = try(jsondecode(var.metric_configuration), var.metric_configuration) } resource "aws_s3_bucket" "this" { @@ -719,3 +720,16 @@ resource "aws_s3_bucket_intelligent_tiering_configuration" "this" { } } + +resource "aws_s3_bucket_metric" "this" { + for_each = { for k, v in local.metric_configuration : k => v if local.create_bucket } + + name = each.key + bucket = aws_s3_bucket.this[0].id + + filter { + prefix = try(each.value.prefix, null) + tags = try(each.value.tags, null) + } + +} diff --git a/variables.tf b/variables.tf index c1d09f1b..7cb4d75c 100644 --- a/variables.tf +++ b/variables.tf @@ -160,6 +160,12 @@ variable "object_lock_configuration" { default = {} } +variable "metric_configuration" { + description = "Map containing bucket metric configuration." + type = any + default = {} +} + variable "object_lock_enabled" { description = "Whether S3 bucket should have an Object Lock configuration enabled." type = bool diff --git a/wrappers/main.tf b/wrappers/main.tf index 1d1f7af5..94153f26 100644 --- a/wrappers/main.tf +++ b/wrappers/main.tf @@ -30,6 +30,7 @@ module "wrapper" { server_side_encryption_configuration = try(each.value.server_side_encryption_configuration, var.defaults.server_side_encryption_configuration, {}) intelligent_tiering = try(each.value.intelligent_tiering, var.defaults.intelligent_tiering, {}) object_lock_configuration = try(each.value.object_lock_configuration, var.defaults.object_lock_configuration, {}) + metric_configuration = try(each.value.metric_configuration, var.defaults.metric_configuration, {}) object_lock_enabled = try(each.value.object_lock_enabled, var.defaults.object_lock_enabled, false) block_public_acls = try(each.value.block_public_acls, var.defaults.block_public_acls, false) block_public_policy = try(each.value.block_public_policy, var.defaults.block_public_policy, false) From 024d27db4359b0ccd480f983cca07117b5b291d4 Mon Sep 17 00:00:00 2001 From: magreenbaum Date: Fri, 28 Oct 2022 20:43:02 -0400 Subject: [PATCH 2/4] refactor to make no filter metrics clearer --- examples/complete/main.tf | 29 +++++++++++++++++++---------- main.tf | 12 +++++++----- 2 files changed, 26 insertions(+), 15 deletions(-) diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 4f467590..6e9531b6 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -325,18 +325,27 @@ module "s3_bucket" { } } - metric_configuration = { - documents = { - prefix = "documents/" - tags = { - priority = "high" + metric_configuration = [ + { + name = "documents" + filter = { + prefix = "documents/" + tags = { + priority = "high" + } } - } - "other" = { - tags = { - production = true + }, + { + name = "other" + filter = { + tags = { + production = true + } } + }, + { + name = "all" } - } + ] } diff --git a/main.tf b/main.tf index 29954397..e03657fd 100644 --- a/main.tf +++ b/main.tf @@ -724,12 +724,14 @@ resource "aws_s3_bucket_intelligent_tiering_configuration" "this" { resource "aws_s3_bucket_metric" "this" { for_each = { for k, v in local.metric_configuration : k => v if local.create_bucket } - name = each.key + name = each.value.name bucket = aws_s3_bucket.this[0].id - filter { - prefix = try(each.value.prefix, null) - tags = try(each.value.tags, null) + dynamic "filter" { + for_each = length(try(flatten([each.value.filter]), [])) == 0 ? [] : [true] + content { + prefix = try(each.value.filter.prefix, null) + tags = try(each.value.filter.tags, null) + } } - } From 8df045712bdb50a2b6ca967823056cd412bbdcea Mon Sep 17 00:00:00 2001 From: magreenbaum Date: Fri, 28 Oct 2022 20:53:57 -0400 Subject: [PATCH 3/4] adjust default values --- README.md | 2 +- variables.tf | 2 +- wrappers/main.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 57c8c39e..a044ce75 100644 --- a/README.md +++ b/README.md @@ -185,7 +185,7 @@ No modules. | [intelligent\_tiering](#input\_intelligent\_tiering) | Map containing intelligent tiering configuration. | `any` | `{}` | no | | [lifecycle\_rule](#input\_lifecycle\_rule) | List of maps containing configuration of object lifecycle management. | `any` | `[]` | no | | [logging](#input\_logging) | Map containing access bucket logging configuration. | `map(string)` | `{}` | no | -| [metric\_configuration](#input\_metric\_configuration) | Map containing bucket metric configuration. | `any` | `{}` | no | +| [metric\_configuration](#input\_metric\_configuration) | Map containing bucket metric configuration. | `any` | `[]` | no | | [object\_lock\_configuration](#input\_object\_lock\_configuration) | Map containing S3 object locking configuration. | `any` | `{}` | no | | [object\_lock\_enabled](#input\_object\_lock\_enabled) | Whether S3 bucket should have an Object Lock configuration enabled. | `bool` | `false` | no | | [object\_ownership](#input\_object\_ownership) | Object ownership. Valid values: BucketOwnerEnforced, BucketOwnerPreferred or ObjectWriter. 'BucketOwnerEnforced': ACLs are disabled, and the bucket owner automatically owns and has full control over every object in the bucket. 'BucketOwnerPreferred': Objects uploaded to the bucket change ownership to the bucket owner if the objects are uploaded with the bucket-owner-full-control canned ACL. 'ObjectWriter': The uploading account will own the object if the object is uploaded with the bucket-owner-full-control canned ACL. | `string` | `"ObjectWriter"` | no | diff --git a/variables.tf b/variables.tf index 7cb4d75c..4eb7da13 100644 --- a/variables.tf +++ b/variables.tf @@ -163,7 +163,7 @@ variable "object_lock_configuration" { variable "metric_configuration" { description = "Map containing bucket metric configuration." type = any - default = {} + default = [] } variable "object_lock_enabled" { diff --git a/wrappers/main.tf b/wrappers/main.tf index 94153f26..dac516d0 100644 --- a/wrappers/main.tf +++ b/wrappers/main.tf @@ -30,7 +30,7 @@ module "wrapper" { server_side_encryption_configuration = try(each.value.server_side_encryption_configuration, var.defaults.server_side_encryption_configuration, {}) intelligent_tiering = try(each.value.intelligent_tiering, var.defaults.intelligent_tiering, {}) object_lock_configuration = try(each.value.object_lock_configuration, var.defaults.object_lock_configuration, {}) - metric_configuration = try(each.value.metric_configuration, var.defaults.metric_configuration, {}) + metric_configuration = try(each.value.metric_configuration, var.defaults.metric_configuration, []) object_lock_enabled = try(each.value.object_lock_enabled, var.defaults.object_lock_enabled, false) block_public_acls = try(each.value.block_public_acls, var.defaults.block_public_acls, false) block_public_policy = try(each.value.block_public_policy, var.defaults.block_public_policy, false) From c9cb5d2ed3202f9e4fc3c7cc669732307690d23e Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Sat, 29 Oct 2022 13:20:17 +0200 Subject: [PATCH 4/4] Update examples/complete/main.tf --- examples/complete/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 6e9531b6..99def17b 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -339,7 +339,7 @@ module "s3_bucket" { name = "other" filter = { tags = { - production = true + production = "true" } } },