Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add aws_s3_cors_document resource #6266

Closed
bbnathan opened this issue Oct 25, 2018 · 3 comments
Closed

Add aws_s3_cors_document resource #6266

bbnathan opened this issue Oct 25, 2018 · 3 comments
Labels
enhancement Requests to existing resources that expand the functionality or scope. service/s3 Issues and PRs that pertain to the s3 service. stale Old or inactive issues managed by automation, if no further action taken these will get closed.

Comments

@bbnathan
Copy link

bbnathan commented Oct 25, 2018
edited
Loading

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Currently, an AWS S3 CORS Document is constructed using a collection of cors_rule objects in the aws_s3_bucket resource. In addition, the existence or absence of these rules modifies a CORS Document added to the bucket out-of-band (manually or outside of a Terraform run). Apparently, this is a feature..

Unfortunately, this creates the following situation:

  1. When used in the context of a module repository/library, the user cannot pass a CORS document or rules as variables--neither as a string nor a file on the local filesystem. This makes the resource essentially unusable within this context. The user must modify the library to add the cors_rule objects.
  2. There is no templating mechanism that allows the user to pass parameters into a CORS Document template. (While this is not a particularly good practice, it could be used as a workaround.)
  3. When trying to implement a workaround using, for example, the AWS CLI, the aws_s3_bucket resource modifies or destroys the document added out-of-band.

I propose the addition of an aws_s3_cors_document resource that can be defined and associated with an aws_s3_bucket resource in a fashion similar to how an aws_s3_bucket_policy is associated. The user should have the ability to define the document inline (e.g. routing_rules) or load from a file using the file() function, or use a rendered template.

New or Affected Resource(s)

  • aws_s3_bucket

Potential Terraform Configuration

resource "aws_s3_bucket" "bucket" {

  bucket = "${var.name}"
  region = "${var.region}"
  acl = "${var.acl}"
  tags = "${var.tags}"
  policy = "${var.bucket_policy}"
  force_destroy = "${var.force_destroy}"

  versioning {
    enabled = "${var.versioning}"
    mfa_delete = false
  }

  website {
    index_document = "${var.website_index_document}"
    error_document = "${var.website_error_document}"
  }
}

resource "aws_s3_cors_document" "cors" {
  bucket = "${aws_s3_bucket.bucket.arn}"
  document = <<EOF                                                                                                                                                                                                                                                                       
<CORSConfiguration>                                                                                                                                                                                                                                                                      
 <CORSRule>                                                                                                                                                                                                                                                                              
   <AllowedOrigin>http://www.example1.com</AllowedOrigin>                                                                                                                                                                                                                                
                                                                                                                                                                                                                                                                                         
   <AllowedMethod>PUT</AllowedMethod>                                                                                                                                                                                                                                                    
   <AllowedMethod>POST</AllowedMethod>                                                                                                                                                                                                                                                   
   <AllowedMethod>DELETE</AllowedMethod>                                                                                                                                                                                                                                                 
                                                                                                                                                                                                                                                                                         
   <AllowedHeader>*</AllowedHeader>                                                                                                                                                                                                                                                      
 </CORSRule>                                                                                                                                                                                                                                                                             
 <CORSRule>                                                                                                                                                                                                                                                                              
   <AllowedOrigin>http://www.example2.com</AllowedOrigin>                                                                                                                                                                                                                                
                                                                                                                                                                                                                                                                                         
   <AllowedMethod>PUT</AllowedMethod>                                                                                                                                                                                                                                                    
   <AllowedMethod>POST</AllowedMethod>                                                                                                                                                                                                                                                   
   <AllowedMethod>DELETE</AllowedMethod>                                                                                                                                                                                                                                                 
                                                                                                                                                                                                                                                                                         
   <AllowedHeader>*</AllowedHeader>                                                                                                                                                                                                                                                      
 </CORSRule>                                                                                                                                                                                                                                                                             
 <CORSRule>                                                                                                                                                                                                                                                                              
   <AllowedOrigin>*</AllowedOrigin>                                                                                                                                                                                                                                                      
   <AllowedMethod>GET</AllowedMethod>                                                                                                                                                                                                                                                    
 </CORSRule>                                                                                                                                                                                                                                                                             
</CORSConfiguration>                                                                                                                                                                                                                                                                     
EOF                                                                                                                                                                                                                                                                                      
}

References
@ewbankkit
Copy link
Contributor

Related:

@nywilken nywilken added service/s3 Issues and PRs that pertain to the s3 service. enhancement Requests to existing resources that expand the functionality or scope. labels Feb 1, 2019
@github-actions
Copy link

Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label.

If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!

@github-actions github-actions bot added the stale Old or inactive issues managed by automation, if no further action taken these will get closed. label Jan 21, 2021
@ghost
Copy link

ghost commented Mar 24, 2021

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

@ghost ghost locked as resolved and limited conversation to collaborators Mar 24, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement Requests to existing resources that expand the functionality or scope. service/s3 Issues and PRs that pertain to the s3 service. stale Old or inactive issues managed by automation, if no further action taken these will get closed.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@nywilken @ewbankkit @bbnathan