From 86332c0995a5d5335bcd2e4612afa5cad985c915 Mon Sep 17 00:00:00 2001
From: Anton Babenko <anton@antonbabenko.com>
Date: Fri, 27 Jun 2025 12:57:52 +0200
Subject: [PATCH] feat: Added region variable to object and table-bucket
 submodules

---
 modules/object/README.md          | 1 +
 modules/object/main.tf            | 2 ++
 modules/object/variables.tf       | 6 ++++++
 modules/table-bucket/README.md    | 1 +
 modules/table-bucket/main.tf      | 8 ++++++++
 modules/table-bucket/variables.tf | 6 ++++++
 wrappers/object/main.tf           | 1 +
 wrappers/table-bucket/main.tf     | 1 +
 8 files changed, 26 insertions(+)

diff --git a/modules/object/README.md b/modules/object/README.md
index e6e8498c..1f5e0c95 100644
--- a/modules/object/README.md
+++ b/modules/object/README.md
@@ -51,6 +51,7 @@ No modules.
 | <a name="input_object_lock_mode"></a> [object\_lock\_mode](#input\_object\_lock\_mode) | The object lock retention mode that you want to apply to this object. Valid values are GOVERNANCE and COMPLIANCE. | `string` | `null` | no |
 | <a name="input_object_lock_retain_until_date"></a> [object\_lock\_retain\_until\_date](#input\_object\_lock\_retain\_until\_date) | The date and time, in RFC3339 format, when this object's object lock will expire. | `string` | `null` | no |
 | <a name="input_override_default_tags"></a> [override\_default\_tags](#input\_override\_default\_tags) | Ignore provider default\_tags. S3 objects support a maximum of 10 tags. | `bool` | `false` | no |
+| <a name="input_region"></a> [region](#input\_region) | Region where the resource(s) will be managed. Defaults to the region set in the provider configuration | `string` | `null` | no |
 | <a name="input_server_side_encryption"></a> [server\_side\_encryption](#input\_server\_side\_encryption) | Specifies server-side encryption of the object in S3. Valid values are "AES256" and "aws:kms". | `string` | `null` | no |
 | <a name="input_source_hash"></a> [source\_hash](#input\_source\_hash) | Triggers updates like etag but useful to address etag encryption limitations. Set using filemd5("path/to/source") (Terraform 0.11.12 or later). (The value is only stored in state and not saved by AWS.) | `string` | `null` | no |
 | <a name="input_storage_class"></a> [storage\_class](#input\_storage\_class) | Specifies the desired Storage Class for the object. Can be either STANDARD, REDUCED\_REDUNDANCY, ONEZONE\_IA, INTELLIGENT\_TIERING, GLACIER, DEEP\_ARCHIVE, or STANDARD\_IA. Defaults to STANDARD. | `string` | `null` | no |
diff --git a/modules/object/main.tf b/modules/object/main.tf
index cc8ae6d2..779e34ca 100644
--- a/modules/object/main.tf
+++ b/modules/object/main.tf
@@ -1,6 +1,8 @@
 resource "aws_s3_object" "this" {
   count = var.create ? 1 : 0
 
+  region = var.region
+
   bucket        = var.bucket
   key           = var.key
   force_destroy = var.force_destroy
diff --git a/modules/object/variables.tf b/modules/object/variables.tf
index 44d12735..5212b9fe 100644
--- a/modules/object/variables.tf
+++ b/modules/object/variables.tf
@@ -4,6 +4,12 @@ variable "create" {
   default     = true
 }
 
+variable "region" {
+  description = "Region where the resource(s) will be managed. Defaults to the region set in the provider configuration"
+  type        = string
+  default     = null
+}
+
 variable "bucket" {
   description = "The name of the bucket to put the file in. Alternatively, an S3 access point ARN can be specified."
   type        = string
diff --git a/modules/table-bucket/README.md b/modules/table-bucket/README.md
index 1e857fa5..00302c15 100644
--- a/modules/table-bucket/README.md
+++ b/modules/table-bucket/README.md
@@ -39,6 +39,7 @@ No modules.
 | <a name="input_create_table_bucket_policy"></a> [create\_table\_bucket\_policy](#input\_create\_table\_bucket\_policy) | Whether to create s3 table bucket policy | `bool` | `false` | no |
 | <a name="input_encryption_configuration"></a> [encryption\_configuration](#input\_encryption\_configuration) | Map of encryption configurations | `any` | `null` | no |
 | <a name="input_maintenance_configuration"></a> [maintenance\_configuration](#input\_maintenance\_configuration) | Map of table bucket maintenance configurations | `any` | `null` | no |
+| <a name="input_region"></a> [region](#input\_region) | Region where the resource(s) will be managed. Defaults to the region set in the provider configuration | `string` | `null` | no |
 | <a name="input_table_bucket_name"></a> [table\_bucket\_name](#input\_table\_bucket\_name) | Name of the table bucket. Must be between 3 and 63 characters in length. Can consist of lowercase letters, numbers, and hyphens, and must begin and end with a lowercase letter or number | `string` | `null` | no |
 | <a name="input_table_bucket_override_policy_documents"></a> [table\_bucket\_override\_policy\_documents](#input\_table\_bucket\_override\_policy\_documents) | List of IAM policy documents that are merged together into the exported document. In merging, statements with non-blank `sid`s will override statements with the same `sid` | `list(string)` | `[]` | no |
 | <a name="input_table_bucket_policy"></a> [table\_bucket\_policy](#input\_table\_bucket\_policy) | Amazon Web Services resource-based policy document in JSON format | `string` | `null` | no |
diff --git a/modules/table-bucket/main.tf b/modules/table-bucket/main.tf
index bc30d703..aac7beef 100644
--- a/modules/table-bucket/main.tf
+++ b/modules/table-bucket/main.tf
@@ -1,6 +1,8 @@
 resource "aws_s3tables_table_bucket" "this" {
   count = var.create ? 1 : 0
 
+  region = var.region
+
   name                      = var.table_bucket_name
   encryption_configuration  = var.encryption_configuration
   maintenance_configuration = var.maintenance_configuration
@@ -9,6 +11,8 @@ resource "aws_s3tables_table_bucket" "this" {
 resource "aws_s3tables_table_bucket_policy" "this" {
   count = var.create && var.create_table_bucket_policy ? 1 : 0
 
+  region = var.region
+
   resource_policy  = var.table_bucket_policy != null ? var.table_bucket_policy : data.aws_iam_policy_document.table_bucket_policy[0].json
   table_bucket_arn = aws_s3tables_table_bucket.this[0].arn
 }
@@ -64,6 +68,8 @@ data "aws_iam_policy_document" "table_bucket_policy" {
 resource "aws_s3tables_table" "this" {
   for_each = { for k, v in var.tables : k => v if var.create }
 
+  region = var.region
+
   format                    = each.value.format
   name                      = try(each.value.table_name, each.key)
   namespace                 = each.value.namespace
@@ -75,6 +81,8 @@ resource "aws_s3tables_table" "this" {
 resource "aws_s3tables_table_policy" "this" {
   for_each = { for k, v in var.tables : k => v if var.create && try(v.create_table_policy, false) }
 
+  region = var.region
+
   name             = aws_s3tables_table.this[each.key].name
   namespace        = each.value.namespace
   resource_policy  = data.aws_iam_policy_document.table_policy[each.key].json
diff --git a/modules/table-bucket/variables.tf b/modules/table-bucket/variables.tf
index d6f2a392..3b823f5a 100644
--- a/modules/table-bucket/variables.tf
+++ b/modules/table-bucket/variables.tf
@@ -4,6 +4,12 @@ variable "create" {
   default     = true
 }
 
+variable "region" {
+  description = "Region where the resource(s) will be managed. Defaults to the region set in the provider configuration"
+  type        = string
+  default     = null
+}
+
 variable "table_bucket_name" {
   description = "Name of the table bucket. Must be between 3 and 63 characters in length. Can consist of lowercase letters, numbers, and hyphens, and must begin and end with a lowercase letter or number"
   type        = string
diff --git a/wrappers/object/main.tf b/wrappers/object/main.tf
index c9d408aa..3c3ee5ce 100644
--- a/wrappers/object/main.tf
+++ b/wrappers/object/main.tf
@@ -24,6 +24,7 @@ module "wrapper" {
   object_lock_mode              = try(each.value.object_lock_mode, var.defaults.object_lock_mode, null)
   object_lock_retain_until_date = try(each.value.object_lock_retain_until_date, var.defaults.object_lock_retain_until_date, null)
   override_default_tags         = try(each.value.override_default_tags, var.defaults.override_default_tags, false)
+  region                        = try(each.value.region, var.defaults.region, null)
   server_side_encryption        = try(each.value.server_side_encryption, var.defaults.server_side_encryption, null)
   source_hash                   = try(each.value.source_hash, var.defaults.source_hash, null)
   storage_class                 = try(each.value.storage_class, var.defaults.storage_class, null)
diff --git a/wrappers/table-bucket/main.tf b/wrappers/table-bucket/main.tf
index 89b98331..0119df8f 100644
--- a/wrappers/table-bucket/main.tf
+++ b/wrappers/table-bucket/main.tf
@@ -7,6 +7,7 @@ module "wrapper" {
   create_table_bucket_policy             = try(each.value.create_table_bucket_policy, var.defaults.create_table_bucket_policy, false)
   encryption_configuration               = try(each.value.encryption_configuration, var.defaults.encryption_configuration, null)
   maintenance_configuration              = try(each.value.maintenance_configuration, var.defaults.maintenance_configuration, null)
+  region                                 = try(each.value.region, var.defaults.region, null)
   table_bucket_name                      = try(each.value.table_bucket_name, var.defaults.table_bucket_name, null)
   table_bucket_override_policy_documents = try(each.value.table_bucket_override_policy_documents, var.defaults.table_bucket_override_policy_documents, [])
   table_bucket_policy                    = try(each.value.table_bucket_policy, var.defaults.table_bucket_policy, null)