Limit bucket name to 63 chars (#33)

* Limit bucket name to 63 chars As per S3 specs, buckets cannot be more than 63 characters long * bucket name added to be able to override it Co-authored-by: Andriy Knysh <aknysh@users.noreply.github.com> Co-authored-by: Maxim Mironenko <simixido@gmail.com>
cloudposse · Feb 24, 2020 · d39f19c · d39f19c
1 parent c991644
commit d39f19c
Show file tree

Hide file tree

Showing 5 changed files with 15 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -182,6 +182,7 @@ Available targets:
 | region | AWS Region the S3 bucket should reside in | string | - | yes |
 | restrict_public_buckets | Whether Amazon S3 should restrict public bucket policies for this bucket | bool | `true` | no |
 | role_arn | The role to be assumed | string | `` | no |
+| s3_bucket_name | S3 bucket name. If not provided, the name will be generated by the label module in the format namespace-stage-name | string | `` | no |
 | stage | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | string | `` | no |
 | tags | Additional tags (e.g. `map('BusinessUnit','XYZ')` | map(string) | `<map>` | no |
 | terraform_backend_config_file_name | Name of terraform backend config file | string | `terraform.tf` | no |

diff --git a/docs/terraform.md b/docs/terraform.md
@@ -26,6 +26,7 @@
 | region | AWS Region the S3 bucket should reside in | string | - | yes |
 | restrict_public_buckets | Whether Amazon S3 should restrict public bucket policies for this bucket | bool | `true` | no |
 | role_arn | The role to be assumed | string | `` | no |
+| s3_bucket_name | S3 bucket name. If not provided, the name will be generated by the label module in the format namespace-stage-name | string | `` | no |
 | stage | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | string | `` | no |
 | tags | Additional tags (e.g. `map('BusinessUnit','XYZ')` | map(string) | `<map>` | no |
 | terraform_backend_config_file_name | Name of terraform backend config file | string | `terraform.tf` | no |

diff --git a/examples/complete/fixtures.us-west-1.tfvars b/examples/complete/fixtures.us-west-1.tfvars
@@ -5,3 +5,5 @@ namespace = "eg"
 stage = "test"
 
 name = "terraform-tfstate-backend"
+
+s3_bucket_name = "tfstate-backend-test-bucket"
diff --git a/main.tf b/main.tf
@@ -11,6 +11,8 @@ locals {
     var.terraform_backend_config_file_path,
     var.terraform_backend_config_file_name
   )
+
+  bucket_name = var.s3_bucket_name != "" ? var.s3_bucket_name : module.s3_bucket_label.id
 }
 
 module "base_label" {
@@ -51,7 +53,7 @@ data "aws_iam_policy_document" "prevent_unencrypted_uploads" {
     ]
 
     resources = [
-      "arn:aws:s3:::${module.s3_bucket_label.id}/*",
+      "arn:aws:s3:::${local.bucket_name}/*",
     ]
 
     condition {
@@ -79,7 +81,7 @@ data "aws_iam_policy_document" "prevent_unencrypted_uploads" {
     ]
 
     resources = [
-      "arn:aws:s3:::${module.s3_bucket_label.id}/*",
+      "arn:aws:s3:::${local.bucket_name}/*",
     ]
 
     condition {
@@ -94,7 +96,7 @@ data "aws_iam_policy_document" "prevent_unencrypted_uploads" {
 }
 
 resource "aws_s3_bucket" "default" {
-  bucket        = module.s3_bucket_label.id
+  bucket        = substr(local.bucket_name, 0, 63)
   acl           = var.acl
   region        = var.region
   force_destroy = var.force_destroy

diff --git a/variables.tf b/variables.tf
@@ -202,3 +202,9 @@ variable "terraform_state_file" {
   default     = "terraform.tfstate"
   description = "The path to the state file inside the bucket"
 }
+
+variable "s3_bucket_name" {
+  type        = string
+  default     = ""
+  description = "S3 bucket name. If not provided, the name will be generated by the label module in the format namespace-stage-name"
+}
Original file line number	Diff line number	Diff line change
Expand Up		@@ -5,3 +5,5 @@ namespace = "eg"
		stage = "test"

		name = "terraform-tfstate-backend"

		s3_bucket_name = "tfstate-backend-test-bucket"