[#277] Fix S3 configuration

nimblehq · Feb 5, 2024 · 074a76a · 074a76a
1 parent 9a60812
commit 074a76a
Showing 1 changed file with 15 additions and 1 deletion.
diff --git a/templates/addons/aws/modules/s3/main.tf b/templates/addons/aws/modules/s3/main.tf
@@ -1,14 +1,28 @@
 data "aws_elb_service_account" "elb_service_account" {}
 
-# tfsec:ignore:aws-s3-enable-versioning tfsec:ignore:aws-s3-enable-bucket-logging tfsec:ignore:aws-s3-encryption-customer-key tfsec:ignore:aws-s3-enable-bucket-encryption
+# tfsec:ignore:aws-s3-enable-versioning
+# tfsec:ignore:aws-s3-enable-bucket-logging
+# tfsec:ignore:aws-s3-encryption-customer-key
+# tfsec:ignore:aws-s3-enable-bucket-encryption
 resource "aws_s3_bucket" "alb_log" {
   bucket        = "${var.env_namespace}-alb-log"
   force_destroy = true
 }
 
+resource "aws_s3_bucket_ownership_controls" "alb_log" {
+  bucket = aws_s3_bucket.alb_log.id
+  rule {
+    object_ownership = "ObjectWriter"
+  }
+}
+
 resource "aws_s3_bucket_acl" "alb_log_bucket_acl" {
   bucket = aws_s3_bucket.alb_log.id
   acl    = "private"
+
+  depends_on = [
+    aws_s3_bucket_ownership_controls.alb_log
+  ]
 }
 
 resource "aws_s3_bucket_public_access_block" "alb_log" {