Support enabling cors for S3 bucket

Author: BryanFauble

deployments/stacks/dpe-k8s/main.tf

@@ -54,4 +54,5 @@ module "synapse_dataset_to_crossiant_metadata" {
   cluster_name = var.cluster_name
   cluster_oidc_provider_arn = module.sage-aws-eks.cluster_oidc_provider_arn
   public_access = true
+  enable_cors = true
 }

modules/s3-bucket/main.tf

@@ -41,6 +41,8 @@ resource "aws_s3_bucket_policy" "my_bucket_policy" {
   count = var.public_access ? 1 : 0
   bucket = aws_s3_bucket.bucket.bucket
 
+  depends_on = [ aws_s3_bucket_acl.bucket_acl, aws_s3_bucket_public_access_block.access_block ]
+
   policy = jsonencode({
     Version = "2012-10-17",
     Statement = [
@@ -54,6 +56,16 @@ resource "aws_s3_bucket_policy" "my_bucket_policy" {
   })
 }
 
+resource "aws_s3_bucket_cors_configuration" "example" {
+  count = var.enable_cors ? 1 : 0
+  bucket = aws_s3_bucket.bucket.id
+
+  cors_rule {
+    allowed_methods = ["GET"]
+    allowed_origins = ["*"]
+  }
+}
+
 resource "aws_s3_bucket_versioning" "versioning" {
   bucket = aws_s3_bucket.bucket.id
   versioning_configuration {

modules/s3-bucket/variables.tf

@@ -36,4 +36,10 @@ variable "public_access" {
   description = "Enable/block public access to the bucket"
   type        = bool
   default     = false
+}
+
+variable "enable_cors" {
+  description = "Enable CORS on the bucket"
+  type        = bool
+  default     = false
 }