v2.0.0

Breaking Changes

• This release removes the kms_key_id option, due to its incompatibility with ALB logging. Existing buckets will have their encryption settings changed to SSE-S3. Users of previous versions of this module should evaluate their existing configuration for any negative impact of this change before upgrading.
• This releases uses a dedicated aws_s3_bucket_lifecycle_configuration resource. Existing deployments will need to explicitly import the lifecycle configuration into state when upgrading using an import block:

import {
  to   = module.MODULE_NAME.aws_s3_bucket_lifecycle_configuration.this
  from = my_elblogging_bucket_name
}

• The default behavior of the new source_accounts options is to restrict bucket access to the same account. Set this to an empty list to revert to the old behavior.

Features

• Uses newer bucket policy for ALB logging. Legacy policy can be enabled with the use_legacy_elb_policy option.
• May restrict bucket access to one of source_accounts or source_organizations list. Defaults to the current account, following AWS security best practices.

Changes

• Moves the S3 lifecycle configuration out of the bucket resource, due to that option being deprecated
• Defaults to modern bucket policy for ALB logging
• Bucket policy now restricts access to the current account by default.
• Removes option for using customer-managed keys due to incompatibility with ALB logging
• Required AWS provider v5+

Fix Athena behavior

Change Athena to be disabled by default and to handle that state gracefully. This may create breaking changes if you are expecting Athena to be enabled.

remove acl bugfix

Full Changelog: v1.0.1...v1.0.3

Remove canned ACL

Remove canned private ACL from Athena bucket to allow object ownership setting

v1.5.1

What's Changed

• update ci by @sblack4 in #11

Full Changelog: v1.5.0...v1.5.1

v1.5.0

What's Changed

• enable SSE-S3 encryption or kms by @sblack4 in #10

Full Changelog: v1.4.0...v1.5.0

v1.4.0

What's Changed

• create workgroup and minimal iam policy for users by @sblack4 in #9

Full Changelog: v1.3.0...v1.4.0

v1.3.0

What's Changed

• add Athena logging option by @sblack4 in #8

New Contributors

• @sblack4 made their first contribution in #8

Full Changelog: v1.2.0...v1.3.0

Support partitions

Detect the current partition for usage in GovCloud

NLB Logging support

Now supports NLB logging. Also note that a potentially breaking change occurred. Previously bucket_name was ignored and the computed bucket name was always used. This is now fixed. Additionally, a data source is now used to source the ELB logging account ID for a given region. Since cross-region logging is not supported, this should have no meaningful impact.