Merge pull request #23624 from alexb-dd/f-replconfig-token

r/s3_bucket_replication_configuration: Add token parameter for x-amz-bucket-object-lock-token
hashicorp · Mar 11, 2022 · 538c633 · 538c633
2 parents 79a092a + beac59f
commit 538c633
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 0 deletions.
diff --git a/.changelog/23624.txt b/.changelog/23624.txt
@@ -0,0 +1,5 @@
+```release-note:enhancement
+resource/aws_s3_bucket_replication_configuration: Add `token` field to specify
+x-amz-bucket-object-lock-token for enabling replication on object lock enabled
+buckets or enabling object lock on an existing bucket.
+```
diff --git a/internal/service/s3/bucket_replication_configuration.go b/internal/service/s3/bucket_replication_configuration.go
@@ -38,6 +38,11 @@ func ResourceBucketReplicationConfiguration() *schema.Resource {
 				Required:     true,
 				ValidateFunc: verify.ValidARN,
 			},
+			"token": {
+				Type:      schema.TypeString,
+				Optional:  true,
+				Sensitive: true,
+			},
 			"rule": {
 				Type:     schema.TypeSet,
 				Required: true,
@@ -311,6 +316,10 @@ func resourceBucketReplicationConfigurationCreate(d *schema.ResourceData, meta i
 		ReplicationConfiguration: rc,
 	}
 
+	if v, ok := d.GetOk("token"); ok {
+		input.Token = aws.String(v.(string))
+	}
+
 	err := resource.Retry(propagationTimeout, func() *resource.RetryError {
 		_, err := conn.PutBucketReplication(input)
 		if tfawserr.ErrCodeEquals(err, s3.ErrCodeNoSuchBucket) || tfawserr.ErrMessageContains(err, "InvalidRequest", "Versioning must be 'Enabled' on the bucket") {
@@ -387,6 +396,10 @@ func resourceBucketReplicationConfigurationUpdate(d *schema.ResourceData, meta i
 		ReplicationConfiguration: rc,
 	}
 
+	if v, ok := d.GetOk("token"); ok {
+		input.Token = aws.String(v.(string))
+	}
+
 	err := resource.Retry(propagationTimeout, func() *resource.RetryError {
 		_, err := conn.PutBucketReplication(input)
 		if tfawserr.ErrCodeEquals(err, s3.ErrCodeNoSuchBucket) || tfawserr.ErrMessageContains(err, "InvalidRequest", "Versioning must be 'Enabled' on the bucket") {

diff --git a/website/docs/r/s3_bucket_replication_configuration.html.markdown b/website/docs/r/s3_bucket_replication_configuration.html.markdown
@@ -219,6 +219,8 @@ The following arguments are supported:
 * `bucket` - (Required) The name of the source S3 bucket you want Amazon S3 to monitor.
 * `role` - (Required) The ARN of the IAM role for Amazon S3 to assume when replicating the objects.
 * `rule` - (Required) Set of configuration blocks describing the rules managing the replication [documented below](#rule).
+* `token` - (Optional) A token to allow replication to be enabled on an Object Lock-enabled bucket. You must contact AWS support for the bucket's "Object Lock token".
+For more details, see [Using S3 Object Lock with replication](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-managing.html#object-lock-managing-replication).
 
 ### rule