AFS
/
xdr-terraform-modules


			
				
					
						
						
							1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556
							#S3 bucket for codebuild output
resource "aws_s3_bucket" "artifacts" {
  bucket        = "xdr-codebuild-artifacts"
  force_destroy = true
}

resource "aws_s3_bucket_acl" "s3_acl_artifacts" {
  bucket = aws_s3_bucket.artifacts.id
  acl    = "private"
}

resource "aws_s3_bucket_server_side_encryption_configuration" "s3_sse_artifacts" {
  bucket = aws_s3_bucket.artifacts.id
  
  rule {
    apply_server_side_encryption_by_default {
      kms_master_key_id = aws_kms_key.s3_codebuild_artifacts.arn
      sse_algorithm     = "aws:kms"
      }
    }
}

resource "aws_s3_bucket_policy" "artifacts" {
  bucket = aws_s3_bucket.artifacts.id
  policy = data.aws_iam_policy_document.artifacts.json
}

data "aws_iam_policy_document" "artifacts" {
  statement {
    sid       = "AllowS3Access"
    actions   = [ "s3:GetObject", "s3:GetObjectVersion" ]
    effect    = "Allow"
    resources = [ "${aws_s3_bucket.artifacts.arn}/*" ]
    principals {
      type        = "AWS"
      identifiers = sort([ for a in var.responsible_accounts[var.environment]: "arn:${var.aws_partition}:iam::${a}:root" ])
    }
  }
}

//AWS Provider outdated arguments <4.4.0
/*resource "aws_s3_bucket" "artifacts" {
  bucket        = "xdr-codebuild-artifacts"
  force_destroy = true
  acl           = "private"

  server_side_encryption_configuration {
    rule {
      apply_server_side_encryption_by_default {
        kms_master_key_id = aws_kms_key.s3_codebuild_artifacts.arn
        sse_algorithm     = "aws:kms"
      }
    }
  }
}
*/