Merge pull request #26 from Snowflake-Labs/fix-s3-bucket-policy

sfc-gh-pkommini · web-flow · commit 4b18b44e4566 · 2023-10-26T20:03:57.000-07:00
Fix S3 bucket policy
diff --git a/s3.tf b/s3.tf
@@ -21,12 +21,9 @@ resource "aws_s3_bucket_acl" "logs_bucket_acl" {
   depends_on = [aws_s3_bucket_ownership_controls.logs_bucket_ownership[0]]
 }
 
-resource "aws_s3_bucket_policy" "allow_access_from_eks" {
-  bucket = aws_s3_bucket.logs_bucket[0].id
-  policy = data.aws_iam_policy_document.allow_access_from_eks.json
-}
-
 data "aws_iam_policy_document" "allow_access_from_eks" {
+  count = var.create_logs_bucket == true ? 1 : 0
+
   statement {
     effect = "Allow"
 
@@ -43,3 +40,10 @@ data "aws_iam_policy_document" "allow_access_from_eks" {
     ]
   }
 }
+
+resource "aws_s3_bucket_policy" "allow_access_from_eks" {
+  count = var.create_logs_bucket == true ? 1 : 0
+
+  bucket = aws_s3_bucket.logs_bucket[0].id
+  policy = data.aws_iam_policy_document.allow_access_from_eks[0].json
+}

Original file line number	Diff line number	Diff line change
`@@ -21,12 +21,9 @@ resource "aws_s3_bucket_acl" "logs_bucket_acl" {`
`21`	`21`	`depends_on = [aws_s3_bucket_ownership_controls.logs_bucket_ownership[0]]`
`22`	`22`	`}`
`23`	`23`
`24`		`-resource "aws_s3_bucket_policy" "allow_access_from_eks" {`
`25`		`- bucket = aws_s3_bucket.logs_bucket[0].id`
`26`		`- policy = data.aws_iam_policy_document.allow_access_from_eks.json`
`27`		`-}`
`28`		`-`
`29`	`24`	`data "aws_iam_policy_document" "allow_access_from_eks" {`
	`25`	`+ count = var.create_logs_bucket == true ? 1 : 0`
	`26`	`+`
`30`	`27`	`statement {`
`31`	`28`	`effect = "Allow"`
`32`	`29`
`@@ -43,3 +40,10 @@ data "aws_iam_policy_document" "allow_access_from_eks" {`
`43`	`40`	`]`
`44`	`41`	`}`
`45`	`42`	`}`
	`43`	`+`
	`44`	`+resource "aws_s3_bucket_policy" "allow_access_from_eks" {`
	`45`	`+ count = var.create_logs_bucket == true ? 1 : 0`
	`46`	`+`
	`47`	`+ bucket = aws_s3_bucket.logs_bucket[0].id`
	`48`	`+ policy = data.aws_iam_policy_document.allow_access_from_eks[0].json`
	`49`	`+}`