fix: updated S3 resource as per AWS 4.0 version

Author: shashidhar087

.github/workflows/terraform.yml

@@ -55,7 +55,7 @@ jobs:
     steps:
       - uses: actions/checkout@v2
       - name: terraform init
-        run: terraform init -get -backend=false -input=false
+        run: terraform init -upgrade -get -backend=false -input=false
       - if: contains(matrix.terraform, '1.1.')
         name: check terraform formatting
         run: terraform fmt -recursive -check=true -write=false

modules/runner-binaries-syncer/main.tf

@@ -4,44 +4,55 @@ locals {
 
 resource "aws_s3_bucket" "action_dist" {
   bucket        = var.distribution_bucket_name
-  acl           = "private"
   force_destroy = true
   tags          = var.tags
+}
 
-  # Max 1 block - server_side_encryption_configuration
-  dynamic "server_side_encryption_configuration" {
-    for_each = length(keys(var.server_side_encryption_configuration)) == 0 ? [] : [var.server_side_encryption_configuration]
-
-    content {
-
-      dynamic "rule" {
-        for_each = length(keys(lookup(server_side_encryption_configuration.value, "rule", {}))) == 0 ? [] : [lookup(server_side_encryption_configuration.value, "rule", {})]
+resource "aws_s3_bucket_acl" "action_dist_acl" {
+  bucket = aws_s3_bucket.action_dist.id
+  acl    = "private"
+}
 
-        content {
-          bucket_key_enabled = lookup(rule.value, "bucket_key_enabled", null)
+resource "aws_s3_bucket_lifecycle_configuration" "bucket-config" {
+  bucket = aws_s3_bucket.action_dist.id
 
-          dynamic "apply_server_side_encryption_by_default" {
-            for_each = length(keys(lookup(rule.value, "apply_server_side_encryption_by_default", {}))) == 0 ? [] : [
-            lookup(rule.value, "apply_server_side_encryption_by_default", {})]
+  rule {
+    id     = "lifecycle_config"
+    status = "Enabled"
 
-            content {
-              sse_algorithm     = apply_server_side_encryption_by_default.value.sse_algorithm
-              kms_master_key_id = lookup(apply_server_side_encryption_by_default.value, "kms_master_key_id", null)
-            }
-          }
-        }
-      }
+    abort_incomplete_multipart_upload {
+      days_after_initiation = 7
     }
-  }
-
-  lifecycle_rule {
-    enabled                                = true
-    abort_incomplete_multipart_upload_days = 7
 
     transition {
       days          = 35
       storage_class = "INTELLIGENT_TIERING"
     }
+
+
+  }
+}
+
+resource "aws_s3_bucket_server_side_encryption_configuration" "action_dist" {
+  bucket = aws_s3_bucket.action_dist.id
+
+
+  dynamic "rule" {
+    for_each = length(keys(lookup(var.server_side_encryption_configuration, "rule", {}))) == 0 ? [] : [lookup(var.server_side_encryption_configuration, "rule", {})]
+
+    content {
+      bucket_key_enabled = lookup(rule.value, "bucket_key_enabled", null)
+
+      dynamic "apply_server_side_encryption_by_default" {
+        for_each = length(keys(lookup(rule.value, "apply_server_side_encryption_by_default", {}))) == 0 ? [] : [
+        lookup(rule.value, "apply_server_side_encryption_by_default", {})]
+
+        content {
+          sse_algorithm     = apply_server_side_encryption_by_default.value.sse_algorithm
+          kms_master_key_id = lookup(apply_server_side_encryption_by_default.value, "kms_master_key_id", null)
+        }
+      }
+    }
   }
 }
 

modules/runner-binaries-syncer/runner-binaries-syncer.tf

@@ -118,7 +118,7 @@ resource "aws_lambda_permission" "syncer" {
 ### Extra trigger to trigger from S3 to execute the lambda after first deployment
 ###################################################################################
 
-resource "aws_s3_bucket_object" "trigger" {
+resource "aws_s3_object" "trigger" {
   bucket = aws_s3_bucket.action_dist.id
   key    = "triggers/${aws_lambda_function.syncer.id}-trigger.json"
   source = "${path.module}/trigger.json"