Fix non supported list of bucket policies (!18) · Merge requests · safrangrp / publiccloud / landingzone / shared-modules / terraform-aws-s3

Emmanuel QUEVILLON requested to merge safrangrp/s279/datasaa/datasaa-infra-modules/terraform-aws-s3:fix/allow-merge-bucket-policies into main Feb 29, 2024

The way the aws_s3_bucket_policy is built (using count) does not allow to pass multiple JSON policy document to be merge. For example, this code sample

module "s3" {
  source = "..."
  ...
  bucket_policy = [
    data.aws_iam_policy_document.ssl_policy.json,
    data.aws_iam_polict_document.cloudwatch_policy.json
  ]
}

will only attach the last policy cloudwatch_policy to the bucket and the both.

This MR is intended to fix this issue by merging all policy documents passed as input to bucket_policy. ⚠ When doing do, the user must be warned that policies with the same SID will override and only the last one will be applied. For more explanation, please have a look at https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#override_policy_documents this is the method used to merge policies at once.

Fix non supported list of bucket policies

Merge request reports