Fix for s3 bucket acl & added custom prefix (databricks#95)

* fix s3 bucket acl, add custom prefix * added s3 acl fix for aws modules
anmajuma · Oct 16, 2023 · d651fa5 · d651fa5
1 parent 5918099
commit d651fa5
Show file tree

Hide file tree

Showing 5 changed files with 28 additions and 2 deletions.
diff --git a/modules/aws-exfiltration-protection/s3.tf b/modules/aws-exfiltration-protection/s3.tf
@@ -13,6 +13,13 @@ resource "aws_s3_bucket_versioning" "versioning" {
   }
 }
 
+resource "aws_s3_bucket_ownership_controls" "state" {
+  bucket = aws_s3_bucket.root_storage_bucket.id
+  rule {
+    object_ownership = "BucketOwnerPreferred"
+  }
+}
+
 resource "aws_s3_bucket_acl" "acl" {
   bucket = aws_s3_bucket.root_storage_bucket.id
   acl    = "private"

diff --git a/modules/aws-workspace-basic/main.tf b/modules/aws-workspace-basic/main.tf
@@ -5,5 +5,5 @@ resource "random_string" "naming" {
 }
 
 locals {
-  prefix = "demo${random_string.naming.result}"
-}
+  prefix = var.prefix != "" ? var.prefix : "demo${random_string.naming.result}"
+}
diff --git a/modules/aws-workspace-basic/s3.tf b/modules/aws-workspace-basic/s3.tf
@@ -13,6 +13,13 @@ resource "aws_s3_bucket_versioning" "versioning" {
   }
 }
 
+resource "aws_s3_bucket_ownership_controls" "state" {
+  bucket = aws_s3_bucket.root_storage_bucket.id
+  rule {
+    object_ownership = "BucketOwnerPreferred"
+  }
+}
+
 resource "aws_s3_bucket_acl" "acl" {
   bucket = aws_s3_bucket.root_storage_bucket.id
   acl    = "private"

diff --git a/modules/aws-workspace-basic/variables.tf b/modules/aws-workspace-basic/variables.tf
@@ -10,4 +10,9 @@ variable "cidr_block" {
 
 variable "region" {
   default = "eu-west-1"
+}
+
+variable "prefix" {
+  default = null
+  description = "Default value is demo"
 }
diff --git a/modules/aws-workspace-with-firewall/s3.tf b/modules/aws-workspace-with-firewall/s3.tf
@@ -30,6 +30,13 @@ resource "aws_s3_bucket_policy" "root_bucket_policy" {
   depends_on = [aws_s3_bucket_public_access_block.root_storage_bucket]
 }
 
+resource "aws_s3_bucket_ownership_controls" "state" {
+  bucket = aws_s3_bucket.root_storage_bucket.id
+  rule {
+    object_ownership = "BucketOwnerPreferred"
+  }
+}
+
 resource "aws_s3_bucket_acl" "root_storage_bucket" {
   bucket     = aws_s3_bucket.root_storage_bucket.id
   acl        = "private"