# # TO BE IMPLEMENTED AT A LATER DATE!
# resource "aws_s3_bucket" "bucket" {
#   bucket        = "xdr-portal-lambda-${var.environment}"
#   force_destroy = true
#   acl           = "private"

#   server_side_encryption_configuration {
#     rule {
#       apply_server_side_encryption_by_default {
#         kms_master_key_id = aws_kms_key.key.arn
#         sse_algorithm     = "aws:kms"
#       }
#     }
#   }
# }

# resource "aws_s3_bucket_public_access_block" "public_access_block" {
#   bucket                  = aws_s3_bucket.bucket.id
#   block_public_acls       = true
#   block_public_policy     = true
#   ignore_public_acls      = true
#   restrict_public_buckets = true

#   # Not technically dependent, but prevents a "Conflicting conditional operation" conflict.
#   # See https://github.com/hashicorp/terraform-provider-aws/issues/7628
#   depends_on = [aws_s3_bucket_policy.policy]
# }

# resource "aws_s3_bucket_policy" "policy" {
#   bucket = aws_s3_bucket.bucket.id
#   policy = data.aws_iam_policy_document.policy_document.json
# }

# data "aws_iam_policy_document" "policy_document" {
#   statement {
#     sid = "AllowS3Access"
#     actions = [ "s3:GetObject", "s3:GetObjectVersion" ]
#     effect = "Allow"
#     resources = [
#         "${aws_s3_bucket.bucket.arn}",
#         "${aws_s3_bucket.bucket.arn}/*"
#       ]
#     principals {
#       type = "AWS"
#       identifiers = [ "arn:${var.aws_partition}:iam::${var.aws_account_id}:root" ]
#     }
#   }
# }

# resource "aws_kms_key" "key" {
#   description             = "Encryption of S3 code for portal-scheduler"
#   policy                  = data.aws_iam_policy_document.kms_policy_document.json
#   enable_key_rotation     = true
#   tags                    = merge(var.standard_tags, var.tags)
# }

# data "aws_iam_policy_document" "kms_policy_document" {
#   statement {
#     sid = "AllowServices"
#     effect = "Allow"
#     principals {
#       type = "AWS"
#       identifiers = [ 
#         "arn:${var.aws_partition}:iam::${var.aws_account_id}:role/user/mdr_terraformer",
#         "arn:${var.aws_partition}:iam::${var.aws_account_id}:user/MDRAdmin"
#         ]
#     }
#     actions   = [ "kms:*" ]
#     resources = [ "*" ]
#   }
#   # allow account to modify/manage key
#   statement {
#     sid = "AllowThisAccount"
#     effect = "Allow"
#     principals {
#       identifiers = ["arn:${var.aws_partition}:iam::${var.aws_account_id}:root"]
#       type = "AWS"
#     }
#     actions = [
#       "kms:*"
#     ]
#     resources = ["*"]
#   }
# }

# resource "aws_kms_alias" "key_alias" {
#   name          = "alias/portal-s3-key"
#   target_key_id = aws_kms_key.key.key_id
# }