BATIAI-1679: Updating the dependent resources to have deterministic n…

…ames at create-time (#11)

main.tf

@@ -22,16 +22,20 @@ locals {
 }
 
 resource "aws_s3_bucket_ownership_controls" "landing_zone_buckets" {
-  for_each = aws_s3_bucket.landing_zone_buckets
-  bucket   = each.value.id
+  ## Iterate over the list from var's to avoid some chicken/egg problems
+  for_each      = toset(var.s3_bucket_names)
+  ## Refer to the id from the bucket resource to retain the dependency
+  bucket   = aws_s3_bucket.landing_zone_buckets[each.value].id
   rule {
     object_ownership = "BucketOwnerEnforced"
   }
 }
 
 resource "aws_s3_bucket_public_access_block" "landing_zone_buckets" {
-  for_each = aws_s3_bucket.landing_zone_buckets
-  bucket   = each.value.id
+  ## Iterate over the list from var's to avoid some chicken/egg problems
+  for_each      = toset(var.s3_bucket_names)
+  ## Refer to the id from the bucket resource to retain the dependency
+  bucket   = aws_s3_bucket.landing_zone_buckets[each.value].id
 
   block_public_acls       = true
   block_public_policy     = true
@@ -40,16 +44,20 @@ resource "aws_s3_bucket_public_access_block" "landing_zone_buckets" {
 }
 
 resource "aws_s3_bucket_versioning" "bucket_versioning" {
-  for_each = var.versioning_enabled ? aws_s3_bucket.landing_zone_buckets : {}
-  bucket   = each.value.id
+  ## Iterate over the list from var's to avoid some chicken/egg problems
+  for_each = var.versioning_enabled ? toset(var.s3_bucket_names) : []
+  ## Refer to the id from the bucket resource to retain the dependency
+  bucket   = aws_s3_bucket.landing_zone_buckets[each.value].id
   versioning_configuration {
     status = "Enabled"
   }
 }
 
 resource "aws_s3_bucket_policy" "bucket" {
-  for_each = aws_s3_bucket.landing_zone_buckets
-  bucket   = each.value.id
+  ## Iterate over the list from var's to avoid some chicken/egg problems
+  for_each = toset(var.s3_bucket_names)
+  ## Refer to the id from the bucket resource to retain the dependency
+  bucket   = aws_s3_bucket.landing_zone_buckets[each.value].id
 
   policy = jsonencode({
     Version = "2012-10-17"
@@ -61,8 +69,8 @@ resource "aws_s3_bucket_policy" "bucket" {
         Principal = "*"
         Action    = "s3:*"
         Resource = [
-          "${each.value.arn}/*",
-          "${each.value.arn}",
+          "${aws_s3_bucket.landing_zone_buckets[each.value].arn}/*",
+          "${aws_s3_bucket.landing_zone_buckets[each.value].arn}",
         ]
         Condition = {
           Bool = {
@@ -76,8 +84,8 @@ resource "aws_s3_bucket_policy" "bucket" {
         Principal = "*"
         Action    = "s3:*"
         Resource = [
-          "${each.value.arn}/*",
-          "${each.value.arn}",
+          "${aws_s3_bucket.landing_zone_buckets[each.value].arn}/*",
+          "${aws_s3_bucket.landing_zone_buckets[each.value].arn}",
         ]
         Condition = {
           NumericLessThan = {
@@ -95,7 +103,7 @@ resource "aws_s3_bucket_policy" "bucket" {
           }
           Action = ["s3:ReplicateObject", "s3:ReplicateDelete", "s3:ReplicateTags"]
           Resource = [
-            "${each.value.arn}/*",
+            "${aws_s3_bucket.landing_zone_buckets[each.value].arn}/*",
           ]
         },
         {
@@ -106,7 +114,7 @@ resource "aws_s3_bucket_policy" "bucket" {
           }
           Action = ["s3:GetReplicationConfiguration", "s3:ListBucket"]
           Resource = [
-            "${each.value.arn}",
+            "${aws_s3_bucket.landing_zone_buckets[each.value].arn}",
           ]
         }
       ]
@@ -115,8 +123,10 @@ resource "aws_s3_bucket_policy" "bucket" {
 }
 
 resource "aws_s3_bucket_server_side_encryption_configuration" "bucket" {
-  for_each = aws_s3_bucket.landing_zone_buckets
-  bucket   = each.value.id
+  ## Iterate over the list from var's to avoid some chicken/egg problems
+  for_each = toset(var.s3_bucket_names)
+  ## Refer to the id from the bucket resource to retain the dependency
+  bucket   = aws_s3_bucket.landing_zone_buckets[each.value].id
 
   rule {
     apply_server_side_encryption_by_default {
@@ -128,9 +138,10 @@ resource "aws_s3_bucket_server_side_encryption_configuration" "bucket" {
 
 # Lifecycle configuration for the dev buckets to remove all objects older than var.lifecycle_expiration_days.
 resource "aws_s3_bucket_lifecycle_configuration" "lifecycle_expiration_days" {
-  for_each = var.lifecycle_expiration_days > 0 ? aws_s3_bucket.landing_zone_buckets : {}
-
-  bucket = each.value.id
+  ## Iterate over the list from var's to avoid some chicken/egg problems
+  for_each = var.lifecycle_expiration_days > 0 ? toset(var.s3_bucket_names) : []
+  ## Refer to the id from the bucket resource to retain the dependency
+  bucket   = aws_s3_bucket.landing_zone_buckets[each.value].id
 
   dynamic "rule" {
     for_each = var.lifecycle_expiration_days > 0 ? [1] : []
@@ -146,4 +157,4 @@ resource "aws_s3_bucket_lifecycle_configuration" "lifecycle_expiration_days" {
       }
     }
   }
-}
+}