From 9ca4f19d354a2fa7d1fb947e49379719ac98fbe8 Mon Sep 17 00:00:00 2001
From: Garland Kan <garland@managedkube.com>
Date: Wed, 15 Jun 2022 16:06:46 -0700
Subject: [PATCH] AWS S3 updates (#312)

---
 terraform-modules/aws/s3_bucket/main.tf      | 20 +++++++++++++
 terraform-modules/aws/s3_bucket/variables.tf | 30 ++++++++++++++++++++
 2 files changed, 50 insertions(+)

diff --git a/terraform-modules/aws/s3_bucket/main.tf b/terraform-modules/aws/s3_bucket/main.tf
index e7b689fd8..48da48c4d 100644
--- a/terraform-modules/aws/s3_bucket/main.tf
+++ b/terraform-modules/aws/s3_bucket/main.tf
@@ -37,3 +37,23 @@ resource "aws_s3_bucket_policy" "bucket_policy" {
   bucket = aws_s3_bucket.bucket.id
   policy = var.policy
 }
+
+resource "aws_s3_bucket_versioning" "versioning" {
+  count = var.enable_versioning ? 1 : 0
+
+  bucket = aws_s3_bucket.bucket.id
+  versioning_configuration {
+    status = var.versioning
+  }
+}
+
+resource "aws_s3_bucket_logging" "logging" {
+  count = var.enable_logging ? 1 : 0
+
+  # Bucket to enable logging on
+  bucket = aws_s3_bucket.bucket.id
+
+  # (Required) The name of the bucket where you want Amazon S3 to store server access logs.
+  target_bucket = var.logging_bucket_name
+  target_prefix = "log/"
+}
diff --git a/terraform-modules/aws/s3_bucket/variables.tf b/terraform-modules/aws/s3_bucket/variables.tf
index 4fa5e6828..2ffb39c85 100644
--- a/terraform-modules/aws/s3_bucket/variables.tf
+++ b/terraform-modules/aws/s3_bucket/variables.tf
@@ -49,3 +49,33 @@ variable "deletion_window_in_days" {
   description = "(Optional) The waiting period, specified in number of days. After the waiting period ends, AWS KMS deletes the KMS key."
   default     = 10
 }
+
+variable "enable_versioning" {
+  type        = bool
+  description = "Enable S3 versioning"
+  default     = true
+}
+
+variable "versioning" {
+  type        = string
+  description = "(Required) The versioning state of the bucket. Valid values: Enabled, Suspended, or Disabled. Disabled should only be used when creating or importing resources that correspond to unversioned S3 buckets."
+  default     = "Enabled"
+}
+
+variable "enable_logging" {
+  type        = bool
+  description = "Enable S3 logging"
+  default     = false
+}
+
+variable "logging_bucket_name" {
+  type        = string
+  description = "(Required) The name of the bucket where you want Amazon S3 to store server access logs.  Could be the same as the bucket name."
+  default     = "can-be-the-same-as-the-bucket-name"
+}
+
+variable "logging_bucket_prefix" {
+  type        = string
+  description = "The prefix to add to the logs"
+  default     = "s3-log/"
+}