From 7e551443f4ccdb3e85459e5ec26bbc9be955a7f1 Mon Sep 17 00:00:00 2001 From: Tiago Vieira Date: Sat, 16 Aug 2025 16:33:03 +0100 Subject: [PATCH 1/2] feat: Add skip_destroy argument in the aws_s3_bucket_public_access_block and set it to true by default --- README.md | 1 + main.tf | 1 + variables.tf | 6 ++++++ 3 files changed, 8 insertions(+) diff --git a/README.md b/README.md index 42c6bc5..30eea62 100644 --- a/README.md +++ b/README.md @@ -276,6 +276,7 @@ No modules. | [request\_payer](#input\_request\_payer) | (Optional) Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information. | `string` | `null` | no | | [restrict\_public\_buckets](#input\_restrict\_public\_buckets) | Whether Amazon S3 should restrict public bucket policies for this bucket. | `bool` | `true` | no | | [server\_side\_encryption\_configuration](#input\_server\_side\_encryption\_configuration) | Map containing server-side encryption configuration. | `any` | `{}` | no | +| [skip\_destroy\_public\_access\_block](#input\_skip\_destroy\_public\_access\_block) | Whether to skip destroying the S3 Bucket Public Access Block configuration when destroying the bucket. Only used if `public_access_block` is set to true. | `bool` | `true` | no | | [tags](#input\_tags) | (Optional) A mapping of tags to assign to the bucket. | `map(string)` | `{}` | no | | [transition\_default\_minimum\_object\_size](#input\_transition\_default\_minimum\_object\_size) | The default minimum object size behavior applied to the lifecycle configuration. Valid values: all\_storage\_classes\_128K (default), varies\_by\_storage\_class | `string` | `null` | no | | [type](#input\_type) | Bucket type. Valid values: `Directory` | `string` | `"Directory"` | no | diff --git a/main.tf b/main.tf index c254101..989dea1 100644 --- a/main.tf +++ b/main.tf @@ -1148,6 +1148,7 @@ resource "aws_s3_bucket_public_access_block" "this" { block_public_policy = var.block_public_policy ignore_public_acls = var.ignore_public_acls restrict_public_buckets = var.restrict_public_buckets + skip_destroy = var.skip_destroy_public_access_block } resource "aws_s3_bucket_ownership_controls" "this" { diff --git a/variables.tf b/variables.tf index e06d7a8..63f45be 100644 --- a/variables.tf +++ b/variables.tf @@ -328,6 +328,12 @@ variable "block_public_policy" { default = true } +variable "skip_destroy_public_access_block" { + description = "Whether to skip destroying the S3 Bucket Public Access Block configuration when destroying the bucket. Only used if `public_access_block` is set to true." + type = bool + default = true +} + variable "ignore_public_acls" { description = "Whether Amazon S3 should ignore public ACLs for this bucket." type = bool From b10d227fb82c97d1bbaf7f1f82e822a51b3a6f8f Mon Sep 17 00:00:00 2001 From: Kent Paik Date: Mon, 25 Aug 2025 22:32:25 +0900 Subject: [PATCH 2/2] Update main.tf --- wrappers/main.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/wrappers/main.tf b/wrappers/main.tf index 9112f18..6e388ac 100644 --- a/wrappers/main.tf +++ b/wrappers/main.tf @@ -68,6 +68,7 @@ module "wrapper" { request_payer = try(each.value.request_payer, var.defaults.request_payer, null) restrict_public_buckets = try(each.value.restrict_public_buckets, var.defaults.restrict_public_buckets, true) server_side_encryption_configuration = try(each.value.server_side_encryption_configuration, var.defaults.server_side_encryption_configuration, {}) + skip_destroy_public_access_block = try(each.value.skip_destroy_public_access_block, var.defaults.skip_destroy_public_access_block, true) tags = try(each.value.tags, var.defaults.tags, {}) transition_default_minimum_object_size = try(each.value.transition_default_minimum_object_size, var.defaults.transition_default_minimum_object_size, null) type = try(each.value.type, var.defaults.type, "Directory")