Fix S3 deprecation warnings

README.md

@@ -53,7 +53,7 @@ No modules.
 | <a name="input_bucket_name_prefix"></a> [bucket\_name\_prefix](#input\_bucket\_name\_prefix) | S3 Bucket Name Prefix | `string` | `"S3 Bucket for Terraform Remote State Storage"` | no |
 | <a name="input_custom_policy"></a> [custom\_policy](#input\_custom\_policy) | Custom policy | `string` | `null` | no |
 | <a name="input_enable_default_policy"></a> [enable\_default\_policy](#input\_enable\_default\_policy) | Enable default policy | `bool` | `true` | no |
-| <a name="input_enable_versioning"></a> [enable\_versioning](#input\_enable\_versioning) | Enable bucket versioning | `bool` | `false` | no |
+| <a name="input_enable_versioning"></a> [enable\_versioning](#input\_enable\_versioning) | Enable bucket versioning | `string` | `Disabled` | no |
 | <a name="input_enable_vpc_delivery_service"></a> [enable\_vpc\_delivery\_service](#input\_enable\_vpc\_delivery\_service) | Enable VPC delivery service policy | `bool` | `true` | no |
 | <a name="input_enforce_ssl"></a> [enforce\_ssl](#input\_enforce\_ssl) | Enforce bucket SSL encryption | `bool` | `true` | no |
 | <a name="input_force_destroy"></a> [force\_destroy](#input\_force\_destroy) | Whether to forcefully destroy the bucket or not | `bool` | `false` | no |

main.tf

@@ -14,27 +14,42 @@ resource "aws_flow_log" "this" {
 #
 resource "aws_s3_bucket" "this" {
   bucket = "${var.bucket_name_prefix}-vpc-flowlogs"
-  acl    = "private"
 
-  # Versioning will not be needed for this
-  versioning {
-    enabled = var.enable_versioning
+  tags = var.tags
+
+  force_destroy = var.force_destroy
+}
+
+resource "aws_s3_bucket_acl" "acl" {
+  bucket = aws_s3_bucket.this.id
+  acl    = "private"
+}
+# Versioning will not be needed for this
+resource "aws_s3_bucket_versioning" "versioning" {
+  bucket = aws_s3_bucket.this.id
+  versioning_configuration {
+    status = var.enable_versioning
   }
+}
 
-  # Enable encryption at rest
-  server_side_encryption_configuration {
-    rule {
-      apply_server_side_encryption_by_default {
-        sse_algorithm = "AES256"
-      }
+# Enable encryption at rest
+resource "aws_s3_bucket_server_side_encryption_configuration" "encryption_config" {
+  bucket = aws_s3_bucket.this.id
+  rule {
+    apply_server_side_encryption_by_default {
+      sse_algorithm = "AES256"
     }
   }
+}
 
-  # Enable lifecycle:
-  #   - After 30 days, data is moved to Standard Infrequent Access
-  #   - After 60 days, data is expired
-  lifecycle_rule {
-    enabled = true
+# Enable lifecycle:
+#   - After 30 days, data is moved to Standard Infrequent Access
+#   - After 60 days, data is expired
+resource "aws_s3_bucket_lifecycle_configuration" "lifecycle_config" {
+  bucket = aws_s3_bucket.this.id
+  rule {
+    id     = "vpc-flow-log-rule-1"
+    status = "Enabled"
 
     transition {
       days          = 30
@@ -45,10 +60,6 @@ resource "aws_s3_bucket" "this" {
       days = 60
     }
   }
-
-  tags = var.tags
-
-  force_destroy = var.force_destroy
 }
 
 resource "aws_s3_bucket_public_access_block" "default" {

variables.tf

@@ -54,6 +54,10 @@ variable "enable_default_policy" {
 
 variable "enable_versioning" {
   description = "Enable bucket versioning"
-  type        = bool
-  default     = false
+  type        = string
+  default     = "Disabled"
+  validation {
+    condition     = can(regex("^(Enabled|Disabled|Suspended)$", var.enable_versioning))
+    error_message = "Wrong state. Available only: Enabled, Disabled or Suspended"
+  }
 }