Please vote on this issue by adding a š reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment
Description
Now that S3 configuration options have been broken out into their own resources it seems like a natural progression to use Terraform to enforce rules on a group of S3 buckets that may be created outside of Terraform. To do this a new data source that can collect a set of buckets based on some sort of filtering would be needed. I used the existing aws_iam_roles data source as inspiration.
Using this data source you could enforce encryption on buckets as in the example below, or manage a myriad of other options without having to either create the buckets yourself or have foreknowledge of all the bucket names.
Community Note
Description
Now that S3 configuration options have been broken out into their own resources it seems like a natural progression to use Terraform to enforce rules on a group of S3 buckets that may be created outside of Terraform. To do this a new data source that can collect a set of buckets based on some sort of filtering would be needed. I used the existing
aws_iam_roles
data source as inspiration.Using this data source you could enforce encryption on buckets as in the example below, or manage a myriad of other options without having to either create the buckets yourself or have foreknowledge of all the bucket names.
New or Affected Resource(s)
Potential Terraform Configuration
References