Adds CORS policy for S3 bucket

to be tagged v5.1.1

base/codebuild_splunk_docs/s3.tf

@@ -29,4 +29,5 @@ module "artifacts_bucket" {
   aws_account_id                  = var.aws_account_id
   instance_termination_protection = var.instance_termination_protection
   splunk_prefix                   = var.splunk_prefix
+  cors_rules                      = var.cors_rules
 }

base/codebuild_splunk_docs/vars.tf

@@ -41,3 +41,9 @@ variable "webhook_branch_filter" {
   type    = string
   default = "^(master|develop)$"
 }
+
+variable "cors_rules" {
+  description = "Map containing rules for Cross-Origin Resource Sharing."
+  type        = map(any)
+  default     = {}
+}

base/generic_s3_bucket_with_role/s3.tf

@@ -86,3 +86,23 @@ resource "aws_s3_bucket_policy" "s3_bucket_policy" {
 
   policy = data.aws_iam_policy_document.s3_bucket_policy.json
 }
+
+resource "aws_s3_bucket_cors_configuration" "s3_cors_config" {
+  count = length(var.cors_rules) > 0 ? 1 : 0
+
+  bucket                = aws_s3_bucket.bucket.id
+
+  dynamic "cors_rule" {
+    for_each = var.cors_rules
+    iterator = each
+
+    content {
+      id              = try(each.value.id, null)
+      allowed_methods = each.value.allowed_methods
+      allowed_origins = each.value.allowed_origins
+      allowed_headers = try(each.value.allowed_headers, null)
+      expose_headers  = try(each.value.expose_headers, null)
+      max_age_seconds = try(each.value.max_age_seconds, null)
+    }
+  }
+}

base/generic_s3_bucket_with_role/vars.tf

@@ -19,3 +19,9 @@ variable "tags" {
   description = "Tags for the bucket and kms key."
   type        = map(any)
 }
+
+variable "cors_rules" {
+  description = "Map containing rules for Cross-Origin Resource Sharing."
+  type        = map(any)
+  default     = {}
+}