search

cloudposse / terraform-aws-config-storage

This module creates an S3 bucket suitable for storing AWS Config data
https://cloudposse.com/accelerate
Apache License 2.0
6 stars 9 forks source link

Bug: conflicting s3 bucket policies #14

Open jverhoeks opened 3 years ago

jverhoeks commented 3 years ago

Found a bug? Maybe our Slack Community can help.

Slack Community

Describe the Bug

The s3 bucket policy conflicts with the bucket policy in the storage module. Every apply the policy is changed either one of the policies is active.

Expected Behavior

Changes to the policy are active and the terraform plan is consistent

Steps to Reproduce

Steps to reproduce the behavior: Create module with 

module "aws_config_storage" {
  source = "cloudposse/config-storage/aws"

  access_log_bucket_name  = local.log_bucket
  allow_ssl_requests_only = true
}
  1. Run plan and apply
  2. Run again plan and apply and it keeps changing

Screenshots

If applicable, add screenshots or logs to help explain your problem.

Environment (please complete the following information):

Terraform v0.14.11

Additional Context

Same problem in the flowlogs and cloudtrail bucket modules.

ghost commented 2 years ago

Related issue: this module does not respect the the policy variable. In the terraform-aws-cloudtrail-s3-bucket module, var.policy is incorporated as the source_json in the data document, which is absent in this module.