hashicorp / terraform-aws-vault

A Terraform Module for how to run Vault on AWS using Terraform and Packer
Apache License 2.0
659 stars 465 forks source link

Terraform Provider got updated and s3 bucket res changes exists #262

Open T0tt1 opened 2 years ago

T0tt1 commented 2 years ago

https://github.com/hashicorp/terraform-aws-vault/blob/350b705eef67c6437f9043733db750b01a069bec/modules/vault-cluster/main.tf#L283

What we need to do here on Line 283 is to delete section for versioning and move it to another resource

resource "aws_s3_bucket_versioning" "versioning_example" {
  bucket = aws_s3_bucket.example.id
  versioning_configuration {
    status = "Enabled"
  }
T0tt1 commented 2 years ago

Please find how it should looks like

resource "aws_s3_bucket" "vault_storage" {
  count         = var.enable_s3_backend ? 1 : 0
  bucket        = var.s3_bucket_name
  force_destroy = var.force_destroy_s3_bucket

  tags = merge(
    {
      "Description" = "Used for secret storage with Vault. DO NOT DELETE this Bucket unless you know what you are doing."
    },
    var.s3_bucket_tags,
  )

  # aws_launch_configuration.launch_configuration in this module sets create_before_destroy to true, which means
  # everything it depends on, including this resource, must set it as well, or you'll get cyclic dependency errors
  # when you try to do a terraform destroy.
  lifecycle {
    create_before_destroy = true
  }
}

resource "aws_s3_bucket_versioning" "vault_storage" {
  count  = var.enable_s3_backend ? 1 : 0
  bucket = aws_s3_bucket.vault_storage[count.index].id
  versioning_configuration {
    status = var.enable_s3_bucket_versioning
  }
}