Skip to content

Instantly share code, notes, and snippets.

@matt-slalom

matt-slalom/plan.json

Created February 2, 2023 18:43
Show Gist options
  • Save matt-slalom/389c7c0490a437ca53a916c3cd21be60 to your computer and use it in GitHub Desktop.
Save matt-slalom/389c7c0490a437ca53a916c3cd21be60 to your computer and use it in GitHub Desktop.
Download ZIP
Deidentified Plan
Raw
plan.json
{
"format_version": "1.1",
"prior_state": {
"format_version": "1.0",
"values": {
"root_module": {
"resources": [
{
"values": {
"id": "99999999999",
"arn": "arn:aws:sts::99999999999:assumed-role/AWS-InnovationLabs-RDT-West-Admins/email@address.com",
"account_id": "99999999999",
"user_id": "XXXXXXXXXXXXXXXXXXXX:email@address.com"
},
"address": "data.aws_caller_identity.current",
"type": "aws_caller_identity",
"sensitive_values": {},
"name": "current",
"mode": "data",
"schema_version": 0,
"provider_name": "registry.terraform.io/hashicorp/aws"
},
{
"values": {
"override_json": null,
"source_policy_documents": null,
"version": "2012-10-17",
"override_policy_documents": null,
"id": "2991017537",
"source_json": null,
"statement": [
{
"not_resources": [],
"effect": "Allow",
"sid": "Enable IAM Permissions",
"condition": [],
"not_principals": [],
"principals": [
{
"type": "AWS",
"identifiers": [
"arn:aws:iam::99999999999:role/AWS-InnovationLabs-RDT-West-Admins"
]
}
],
"resources": [
"*"
],
"actions": [
"kms:*"
],
"not_actions": []
},
{
"not_resources": [],
"effect": "Allow",
"sid": "Allow CloudTrail to use the key",
"condition": [],
"not_principals": [],
"principals": [
{
"type": "Service",
"identifiers": [
"cloudtrail.amazonaws.com",
"s3.amazonaws.com"
]
}
],
"resources": [
"*"
],
"actions": [
"kms:Decrypt",
"kms:DescribeKey",
"kms:Encrypt",
"kms:GenerateDataKey*",
"kms:ReEncrypt*"
],
"not_actions": []
},
{
"not_resources": [],
"effect": "Deny",
"sid": "DenyNotLocalAccount",
"condition": [
{
"values": [
"99999999999"
],
"variable": "kms:CallerAccount",
"test": "StringNotEquals"
},
{
"values": [
"cloudtrail.amazonaws.com",
"s3.amazonaws.com"
],
"variable": "kms:ViaService",
"test": "StringNotEquals"
}
],
"not_principals": [],
"principals": [
{
"type": "AWS",
"identifiers": [
"*"
]
}
],
"resources": [
"*"
],
"actions": [
"kms:Decrypt",
"kms:DescribeKey",
"kms:Encrypt",
"kms:GenerateDataKey*",
"kms:ReEncrypt*"
],
"not_actions": []
},
{
"not_resources": [],
"effect": "Deny",
"sid": "DenyNotPrivateIp",
"condition": [
{
"values": [
"false"
],
"variable": "kms:ViaService",
"test": "Bool"
},
{
"values": [
"10.0.0.0/8",
"172.16.0.0/12",
"192.168.0.0/16"
],
"variable": "aws:SourceIp",
"test": "NotIpAddress"
}
],
"not_principals": [],
"principals": [
{
"type": "AWS",
"identifiers": [
"*"
]
}
],
"resources": [
"*"
],
"actions": [
"kms:Decrypt",
"kms:DescribeKey",
"kms:Encrypt",
"kms:GenerateDataKey*",
"kms:ReEncrypt*"
],
"not_actions": []
}
],
"policy_id": null,
"json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"Enable IAM Permissions\",\n \"Effect\": \"Allow\",\n \"Action\": \"kms:*\",\n \"Resource\": \"*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::99999999999:role/AWS-InnovationLabs-RDT-West-Admins\"\n }\n },\n {\n \"Sid\": \"Allow CloudTrail to use the key\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"kms:ReEncrypt*\",\n \"kms:GenerateDataKey*\",\n \"kms:Encrypt\",\n \"kms:DescribeKey\",\n \"kms:Decrypt\"\n ],\n \"Resource\": \"*\",\n \"Principal\": {\n \"Service\": [\n \"s3.amazonaws.com\",\n \"cloudtrail.amazonaws.com\"\n ]\n }\n },\n {\n \"Sid\": \"DenyNotLocalAccount\",\n \"Effect\": \"Deny\",\n \"Action\": [\n \"kms:ReEncrypt*\",\n \"kms:GenerateDataKey*\",\n \"kms:Encrypt\",\n \"kms:DescribeKey\",\n \"kms:Decrypt\"\n ],\n \"Resource\": \"*\",\n \"Principal\": {\n \"AWS\": \"*\"\n },\n \"Condition\": {\n \"StringNotEquals\": {\n \"kms:CallerAccount\": \"99999999999\",\n \"kms:ViaService\": [\n \"cloudtrail.amazonaws.com\",\n \"s3.amazonaws.com\"\n ]\n }\n }\n },\n {\n \"Sid\": \"DenyNotPrivateIp\",\n \"Effect\": \"Deny\",\n \"Action\": [\n \"kms:ReEncrypt*\",\n \"kms:GenerateDataKey*\",\n \"kms:Encrypt\",\n \"kms:DescribeKey\",\n \"kms:Decrypt\"\n ],\n \"Resource\": \"*\",\n \"Principal\": {\n \"AWS\": \"*\"\n },\n \"Condition\": {\n \"Bool\": {\n \"kms:ViaService\": \"false\"\n },\n \"NotIpAddress\": {\n \"aws:SourceIp\": [\n \"10.0.0.0/8\",\n \"172.16.0.0/12\",\n \"192.168.0.0/16\"\n ]\n }\n }\n }\n ]\n}"
},
"address": "data.aws_iam_policy_document.kms_key_policy",
"type": "aws_iam_policy_document",
"sensitive_values": {
"statement": [
{
"not_resources": [],
"condition": [],
"not_principals": [],
"principals": [
{
"identifiers": [
false
]
}
],
"resources": [
false
],
"actions": [
false
],
"not_actions": []
},
{
"not_resources": [],
"condition": [],
"not_principals": [],
"principals": [
{
"identifiers": [
false,
false
]
}
],
"resources": [
false
],
"actions": [
false,
false,
false,
false,
false
],
"not_actions": []
},
{
"not_resources": [],
"condition": [
{
"values": [
false
]
},
{
"values": [
false,
false
]
}
],
"not_principals": [],
"principals": [
{
"identifiers": [
false
]
}
],
"resources": [
false
],
"actions": [
false,
false,
false,
false,
false
],
"not_actions": []
},
{
"not_resources": [],
"condition": [
{
"values": [
false
]
},
{
"values": [
false,
false,
false
]
}
],
"not_principals": [],
"principals": [
{
"identifiers": [
false
]
}
],
"resources": [
false
],
"actions": [
false,
false,
false,
false,
false
],
"not_actions": []
}
]
},
"name": "kms_key_policy",
"mode": "data",
"schema_version": 0,
"provider_name": "registry.terraform.io/hashicorp/aws"
}
],
"child_modules": [
{
"address": "module.kms_module",
"resources": [
{
"values": {
"id": "alias/saf_s3_demo_std_bucket_cloudtrail_key",
"arn": "arn:aws:kms:us-west-2:99999999999:alias/saf_s3_demo_std_bucket_cloudtrail_key",
"target_key_id": "bb8bb8bb-8bb8-bb8b-b8bb-8bb8bb8bb8b",
"name": "alias/saf_s3_demo_std_bucket_cloudtrail_key",
"name_prefix": "",
"target_key_arn": "arn:aws:kms:us-west-2:99999999999:key/bb8bb8bb-8bb8-bb8b-b8bb-8bb8bb8bb8b"
},
"address": "module.kms_module.aws_kms_alias.key_alias[\"saf_s3_demo_std_bucket_cloudtrail_key\"]",
"type": "aws_kms_alias",
"depends_on": [
"data.aws_caller_identity.current",
"data.aws_iam_policy_document.kms_key_policy",
"module.kms_module.aws_kms_key.the_key"
],
"sensitive_values": {},
"name": "key_alias",
"mode": "managed",
"schema_version": 0,
"provider_name": "registry.terraform.io/hashicorp/aws",
"index": "saf_s3_demo_std_bucket_cloudtrail_key"
},
{
"values": {
"id": "alias/saf_s3_demo_std_bucket_s3_key",
"arn": "arn:aws:kms:us-west-2:99999999999:alias/saf_s3_demo_std_bucket_s3_key",
"target_key_id": "fab4808a-c8b3-45b9-bcfe-87e138fe7592",
"name": "alias/saf_s3_demo_std_bucket_s3_key",
"name_prefix": "",
"target_key_arn": "arn:aws:kms:us-west-2:99999999999:key/fab4808a-c8b3-45b9-bcfe-87e138fe7592"
},
"address": "module.kms_module.aws_kms_alias.key_alias[\"saf_s3_demo_std_bucket_s3_key\"]",
"type": "aws_kms_alias",
"depends_on": [
"data.aws_caller_identity.current",
"data.aws_iam_policy_document.kms_key_policy",
"module.kms_module.aws_kms_key.the_key"
],
"sensitive_values": {},
"name": "key_alias",
"mode": "managed",
"schema_version": 0,
"provider_name": "registry.terraform.io/hashicorp/aws",
"index": "saf_s3_demo_std_bucket_s3_key"
},
{
"values": {
"tags_all": {
"Expire": "31 March 2023",
"CreatorId": "XXXXXXXXXXXXXXXXXXXX",
"CreatorName": "email@address.com",
"Project": "Demo",
"Owner": "Some Guy"
},
"description": "Key for CloudTrail encryption",
"key_id": "bb8bb8bb-8bb8-bb8b-b8bb-8bb8bb8bb8b",
"bypass_policy_lockout_safety_check": false,
"id": "bb8bb8bb-8bb8-bb8b-b8bb-8bb8bb8bb8b",
"enable_key_rotation": true,
"arn": "arn:aws:kms:us-west-2:99999999999:key/bb8bb8bb-8bb8-bb8b-b8bb-8bb8bb8bb8b",
"policy": "{\"Statement\":[{\"Action\":\"kms:*\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::99999999999:role/AWS-InnovationLabs-RDT-West-Admins\"},\"Resource\":\"*\",\"Sid\":\"Enable IAM Permissions\"},{\"Action\":[\"kms:ReEncrypt*\",\"kms:GenerateDataKey*\",\"kms:Encrypt\",\"kms:DescribeKey\",\"kms:Decrypt\"],\"Effect\":\"Allow\",\"Principal\":{\"Service\":[\"s3.amazonaws.com\",\"cloudtrail.amazonaws.com\"]},\"Resource\":\"*\",\"Sid\":\"Allow CloudTrail to use the key\"},{\"Action\":[\"kms:ReEncrypt*\",\"kms:GenerateDataKey*\",\"kms:Encrypt\",\"kms:DescribeKey\",\"kms:Decrypt\"],\"Condition\":{\"Bool\":{\"kms:ViaService\":\"false\"},\"NotIpAddress\":{\"aws:SourceIp\":[\"10.0.0.0/8\",\"172.16.0.0/12\",\"192.168.0.0/16\"]}},\"Effect\":\"Deny\",\"Principal\":{\"AWS\":\"*\"},\"Resource\":\"*\",\"Sid\":\"DenyNotPrivateIp\"}],\"Version\":\"2012-10-17\"}",
"tags": {
"Expire": "31 March 2023",
"CreatorId": "XXXXXXXXXXXXXXXXXXXX",
"CreatorName": "email@address.com",
"Project": "Demo",
"Owner": "Some Guy"
},
"key_usage": "ENCRYPT_DECRYPT",
"multi_region": false,
"customer_master_key_spec": "SYMMETRIC_DEFAULT",
"custom_key_store_id": "",
"is_enabled": true,
"deletion_window_in_days": null
},
"address": "module.kms_module.aws_kms_key.the_key[\"saf_s3_demo_std_bucket_cloudtrail_key\"]",
"type": "aws_kms_key",
"depends_on": [
"data.aws_caller_identity.current",
"data.aws_iam_policy_document.kms_key_policy"
],
"sensitive_values": {
"tags_all": {},
"tags": {}
},
"name": "the_key",
"mode": "managed",
"schema_version": 0,
"provider_name": "registry.terraform.io/hashicorp/aws",
"index": "saf_s3_demo_std_bucket_cloudtrail_key"
},
{
"values": {
"tags_all": {
"Expire": "31 March 2023",
"CreatorId": "XXXXXXXXXXXXXXXXXXXX",
"CreatorName": "email@address.com",
"Project": "Demo",
"Owner": "Some Guy"
},
"description": "Key for S3 encryption",
"key_id": "fab4808a-c8b3-45b9-bcfe-87e138fe7592",
"bypass_policy_lockout_safety_check": false,
"id": "fab4808a-c8b3-45b9-bcfe-87e138fe7592",
"enable_key_rotation": true,
"arn": "arn:aws:kms:us-west-2:99999999999:key/fab4808a-c8b3-45b9-bcfe-87e138fe7592",
"policy": "{\"Statement\":[{\"Action\":\"kms:*\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::99999999999:role/AWS-InnovationLabs-RDT-West-Admins\"},\"Resource\":\"*\",\"Sid\":\"Enable IAM Permissions\"},{\"Action\":[\"kms:ReEncrypt*\",\"kms:GenerateDataKey*\",\"kms:Encrypt\",\"kms:DescribeKey\",\"kms:Decrypt\"],\"Effect\":\"Allow\",\"Principal\":{\"Service\":[\"s3.amazonaws.com\",\"cloudtrail.amazonaws.com\"]},\"Resource\":\"*\",\"Sid\":\"Allow CloudTrail to use the key\"},{\"Action\":[\"kms:ReEncrypt*\",\"kms:GenerateDataKey*\",\"kms:Encrypt\",\"kms:DescribeKey\",\"kms:Decrypt\"],\"Condition\":{\"Bool\":{\"kms:ViaService\":\"false\"},\"NotIpAddress\":{\"aws:SourceIp\":[\"10.0.0.0/8\",\"172.16.0.0/12\",\"192.168.0.0/16\"]}},\"Effect\":\"Deny\",\"Principal\":{\"AWS\":\"*\"},\"Resource\":\"*\",\"Sid\":\"DenyNotPrivateIp\"}],\"Version\":\"2012-10-17\"}",
"tags": {
"Expire": "31 March 2023",
"CreatorId": "XXXXXXXXXXXXXXXXXXXX",
"CreatorName": "email@address.com",
"Project": "Demo",
"Owner": "Some Guy"
},
"key_usage": "ENCRYPT_DECRYPT",
"multi_region": false,
"customer_master_key_spec": "SYMMETRIC_DEFAULT",
"custom_key_store_id": "",
"is_enabled": true,
"deletion_window_in_days": null
},
"address": "module.kms_module.aws_kms_key.the_key[\"saf_s3_demo_std_bucket_s3_key\"]",
"type": "aws_kms_key",
"depends_on": [
"data.aws_caller_identity.current",
"data.aws_iam_policy_document.kms_key_policy"
],
"sensitive_values": {
"tags_all": {},
"tags": {}
},
"name": "the_key",
"mode": "managed",
"schema_version": 0,
"provider_name": "registry.terraform.io/hashicorp/aws",
"index": "saf_s3_demo_std_bucket_s3_key"
}
]
},
{
"address": "module.s3_module",
"resources": [
{
"values": {
"tags_all": {
"Expire": "31 March 2023",
"CreatorId": "XXXXXXXXXXXXXXXXXXXX",
"CreatorName": "email@address.com",
"Project": "Demo",
"Owner": "Some Guy"
},
"advanced_event_selector": [
{
"field_selector": [
{
"ends_with": [],
"starts_with": [],
"field": "resources.type",
"equals": [
"AWS::S3::Object"
],
"not_ends_with": [],
"not_equals": [],
"not_starts_with": []
},
{
"ends_with": [],
"starts_with": [],
"field": "eventCategory",
"equals": [
"Data"
],
"not_ends_with": [],
"not_equals": [],
"not_starts_with": []
},
{
"ends_with": [],
"starts_with": [
"arn:aws:s3:::saf-s3-demo-std-bucket-bucket/"
],
"field": "resources.ARN",
"equals": [],
"not_ends_with": [],
"not_equals": [],
"not_starts_with": []
}
],
"name": ""
}
],
"include_global_service_events": false,
"id": "saf-s3-demo-std-bucket-bucket_logging",
"enable_log_file_validation": true,
"kms_key_id": "arn:aws:kms:us-west-2:99999999999:key/bb8bb8bb-8bb8-bb8b-b8bb-8bb8bb8bb8b",
"is_multi_region_trail": false,
"arn": "arn:aws:cloudtrail:us-west-2:99999999999:trail/saf-s3-demo-std-bucket-bucket_logging",
"tags": {
"Expire": "31 March 2023",
"CreatorId": "XXXXXXXXXXXXXXXXXXXX",
"CreatorName": "email@address.com",
"Project": "Demo",
"Owner": "Some Guy"
},
"name": "saf-s3-demo-std-bucket-bucket_logging",
"home_region": "us-west-2",
"insight_selector": [],
"event_selector": [],
"is_organization_trail": false,
"enable_logging": true,
"sns_topic_name": "",
"cloud_watch_logs_role_arn": "",
"s3_key_prefix": "object_logs",
"cloud_watch_logs_group_arn": "",
"s3_bucket_name": "saf-s3-logging-bucket-demo-bucket"
},
"address": "module.s3_module.aws_cloudtrail.object_logging[\"0\"]",
"type": "aws_cloudtrail",
"depends_on": [
"data.aws_iam_policy_document.kms_key_policy",
"module.kms_module.aws_kms_alias.key_alias",
"module.s3_module.aws_s3_bucket.s3_bucket",
"module.s3_module.aws_s3_bucket_policy.other_policies"
],
"sensitive_values": {
"tags_all": {},
"advanced_event_selector": [
{
"field_selector": [
{
"ends_with": [],
"starts_with": [],
"equals": [
false
],
"not_ends_with": [],
"not_equals": [],
"not_starts_with": []
},
{
"ends_with": [],
"starts_with": [],
"equals": [
false
],
"not_ends_with": [],
"not_equals": [],
"not_starts_with": []
},
{
"ends_with": [],
"starts_with": [
false
],
"equals": [],
"not_ends_with": [],
"not_equals": [],
"not_starts_with": []
}
]
}
],
"tags": {},
"insight_selector": [],
"event_selector": []
},
"name": "object_logging",
"mode": "managed",
"schema_version": 0,
"provider_name": "registry.terraform.io/hashicorp/aws",
"index": "0"
},
{
"values": {
"tags_all": {
"Expire": "31 March 2023",
"CreatorId": "XXXXXXXXXXXXXXXXXXXX",
"CreatorName": "email@address.com",
"Project": "Demo",
"Owner": "Some Guy"
},
"description": "",
"permissions_boundary": null,
"id": "saf-s3-demo-std-bucket-bucket",
"assume_role_policy": "{\"Statement\":[{\"Action\":\"sts:AssumeRole\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"s3.amazonaws.com\"},\"Sid\":\"\"}],\"Version\":\"2012-10-17\"}",
"arn": "arn:aws:iam::99999999999:role/saf-s3-demo-std-bucket-bucket",
"tags": {
"Expire": "31 March 2023",
"CreatorId": "XXXXXXXXXXXXXXXXXXXX",
"CreatorName": "email@address.com",
"Project": "Demo",
"Owner": "Some Guy"
},
"force_detach_policies": false,
"name": "saf-s3-demo-std-bucket-bucket",
"inline_policy": [],
"name_prefix": "",
"max_session_duration": 3600,
"create_date": "2023-01-31T23:48:00Z",
"path": "/",
"managed_policy_arns": [],
"unique_id": "AROAZGGUE3TSSATBCWNIV"
},
"address": "module.s3_module.aws_iam_role.bucket_replication_role[\"saf-s3-demo-std-bucket-bucket\"]",
"type": "aws_iam_role",
"depends_on": [
"data.aws_caller_identity.current",
"data.aws_iam_policy_document.kms_key_policy",
"module.kms_module.aws_kms_alias.key_alias",
"module.kms_module.aws_kms_key.the_key",
"module.s3_module.aws_s3_bucket.s3_bucket",
"module.s3_module.data.aws_iam_policy_document.assume_role_policy"
],
"sensitive_values": {
"tags_all": {},
"tags": {},
"inline_policy": [],
"managed_policy_arns": []
},
"name": "bucket_replication_role",
"mode": "managed",
"schema_version": 0,
"provider_name": "registry.terraform.io/hashicorp/aws",
"index": "saf-s3-demo-std-bucket-bucket"
},
{
"values": {
"tags_all": {
"Expire": "31 March 2023",
"CreatorId": "XXXXXXXXXXXXXXXXXXXX",
"CreatorName": "email@address.com",
"Project": "Demo",
"Name": "S3 SAF Demo Bucket",
"Owner": "Some Guy"
},
"server_side_encryption_configuration": [
{
"rule": [
{
"apply_server_side_encryption_by_default": [
{
"kms_master_key_id": "arn:aws:kms:us-west-2:99999999999:key/fab4808a-c8b3-45b9-bcfe-87e138fe7592",
"sse_algorithm": "aws:kms"
}
],
"bucket_key_enabled": true
}
]
}
],
"hosted_zone_id": "Z3BJ6K6RIION7M",
"id": "saf-s3-demo-std-bucket-bucket",
"website": [],
"website_domain": null,
"arn": "arn:aws:s3:::saf-s3-demo-std-bucket-bucket",
"policy": "{\"Statement\":[{\"Action\":\"s3:*\",\"Condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}},\"Effect\":\"Deny\",\"NotPrincipal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":[\"arn:aws:s3:::saf-s3-demo-std-bucket-bucket\",\"arn:aws:s3:::saf-s3-demo-std-bucket-bucket/*\"],\"Sid\":\"\"}],\"Version\":\"2012-10-17\"}",
"region": "us-west-2",
"object_lock_enabled": false,
"object_lock_configuration": [],
"tags": {
"Expire": "31 March 2023",
"CreatorId": "XXXXXXXXXXXXXXXXXXXX",
"CreatorName": "email@address.com",
"Project": "Demo",
"Name": "S3 SAF Demo Bucket",
"Owner": "Some Guy"
},
"logging": [
{
"target_prefix": "s3_logs/",
"target_bucket": "saf-s3-logging-bucket-demo-bucket"
}
],
"bucket_prefix": null,
"request_payer": "BucketOwner",
"cors_rule": [],
"bucket_domain_name": "saf-s3-demo-std-bucket-bucket.s3.amazonaws.com",
"bucket_regional_domain_name": "saf-s3-demo-std-bucket-bucket.s3.us-west-2.amazonaws.com",
"lifecycle_rule": [],
"acceleration_status": "",
"timeouts": null,
"replication_configuration": [],
"grant": [
{
"id": "4664f5415d52feb2d1fc6aaca001ac91de2ee758aacb86c8f788d34e66be08a2",
"type": "CanonicalUser",
"permissions": [
"FULL_CONTROL"
],
"uri": ""
}
],
"bucket": "saf-s3-demo-std-bucket-bucket",
"versioning": [
{
"mfa_delete": false,
"enabled": true
}
],
"acl": null,
"force_destroy": true,
"website_endpoint": null
},
"address": "module.s3_module.aws_s3_bucket.s3_bucket[\"saf-s3-demo-std-bucket-bucket\"]",
"type": "aws_s3_bucket",
"depends_on": [
"data.aws_caller_identity.current",
"data.aws_iam_policy_document.kms_key_policy",
"module.kms_module.aws_kms_alias.key_alias",
"module.kms_module.aws_kms_key.the_key"
],
"sensitive_values": {
"tags_all": {},
"server_side_encryption_configuration": [
{
"rule": [
{
"apply_server_side_encryption_by_default": [
{}
]
}
]
}
],
"website": [],
"object_lock_configuration": [],
"tags": {},
"logging": [
{}
],
"cors_rule": [],
"lifecycle_rule": [],
"replication_configuration": [],
"grant": [
{
"permissions": [
false
]
}
],
"versioning": [
{}
]
},
"name": "s3_bucket",
"mode": "managed",
"schema_version": 0,
"provider_name": "registry.terraform.io/hashicorp/aws",
"index": "saf-s3-demo-std-bucket-bucket"
},
{
"values": {
"id": "saf-s3-demo-std-bucket-bucket",
"access_control_policy": [
{
"owner": [
{
"id": "4664f5415d52feb2d1fc6aaca001ac91de2ee758aacb86c8f788d34e66be08a2",
"display_name": "aws-innovationlabs-rdt-west"
}
],
"grant": [
{
"permission": "FULL_CONTROL",
"grantee": [
{
"id": "4664f5415d52feb2d1fc6aaca001ac91de2ee758aacb86c8f788d34e66be08a2",
"type": "CanonicalUser",
"email_address": "",
"uri": "",
"display_name": "aws-innovationlabs-rdt-west"
}
]
}
]
}
],
"expected_bucket_owner": "",
"bucket": "saf-s3-demo-std-bucket-bucket",
"acl": ""
},
"address": "module.s3_module.aws_s3_bucket_acl.s3_acl[\"saf-s3-demo-std-bucket-bucket\"]",
"type": "aws_s3_bucket_acl",
"depends_on": [
"data.aws_caller_identity.current",
"data.aws_iam_policy_document.kms_key_policy",
"module.kms_module.aws_kms_alias.key_alias",
"module.kms_module.aws_kms_key.the_key",
"module.s3_module.aws_s3_bucket.s3_bucket",
"module.s3_module.data.aws_canonical_user_id.current_user"
],
"sensitive_values": {
"access_control_policy": [
{
"owner": [
{}
],
"grant": [
{
"grantee": [
{}
]
}
]
}
]
},
"name": "s3_acl",
"mode": "managed",
"schema_version": 0,
"provider_name": "registry.terraform.io/hashicorp/aws",
"index": "saf-s3-demo-std-bucket-bucket"
},
{
"values": {
"id": "saf-s3-demo-std-bucket-bucket",
"target_grant": [],
"target_prefix": "s3_logs/",
"target_bucket": "saf-s3-logging-bucket-demo-bucket",
"expected_bucket_owner": "",
"bucket": "saf-s3-demo-std-bucket-bucket"
},
"address": "module.s3_module.aws_s3_bucket_logging.s3_logging[\"0\"]",
"type": "aws_s3_bucket_logging",
"depends_on": [
"data.aws_caller_identity.current",
"data.aws_iam_policy_document.kms_key_policy",
"module.kms_module.aws_kms_alias.key_alias",
"module.kms_module.aws_kms_key.the_key",
"module.s3_module.aws_s3_bucket.s3_bucket"
],
"sensitive_values": {
"target_grant": []
},
"name": "s3_logging",
"mode": "managed",
"schema_version": 0,
"provider_name": "registry.terraform.io/hashicorp/aws",
"index": "0"
},
{
"values": {
"id": "saf-s3-demo-std-bucket-bucket",
"policy": "{\"Statement\":[{\"Action\":\"s3:*\",\"Condition\":{\"Bool\":{\"aws:SecureTransport\":[\"false\"]}},\"Effect\":\"Deny\",\"NotPrincipal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":[\"arn:aws:s3:::saf-s3-demo-std-bucket-bucket\",\"arn:aws:s3:::saf-s3-demo-std-bucket-bucket/*\"],\"Sid\":\"\"}],\"Version\":\"2012-10-17\"}",
"bucket": "saf-s3-demo-std-bucket-bucket"
},
"address": "module.s3_module.aws_s3_bucket_policy.other_policies[\"saf-s3-demo-std-bucket-bucket\"]",
"type": "aws_s3_bucket_policy",
"depends_on": [
"data.aws_caller_identity.current",
"data.aws_iam_policy_document.kms_key_policy",
"module.kms_module.aws_kms_alias.key_alias",
"module.kms_module.aws_kms_key.the_key",
"module.s3_module.aws_s3_bucket.s3_bucket",
"module.s3_module.aws_s3_bucket_public_access_block.s3_bucket_access",
"module.s3_module.data.aws_iam_policy_document.default_bucket_policy"
],
"sensitive_values": {},
"name": "other_policies",
"mode": "managed",
"schema_version": 0,
"provider_name": "registry.terraform.io/hashicorp/aws",
"index": "saf-s3-demo-std-bucket-bucket"
},
{
"values": {
"id": "saf-s3-demo-std-bucket-bucket",
"restrict_public_buckets": true,
"block_public_policy": true,
"block_public_acls": true,
"bucket": "saf-s3-demo-std-bucket-bucket",
"ignore_public_acls": true
},
"address": "module.s3_module.aws_s3_bucket_public_access_block.s3_bucket_access[\"saf-s3-demo-std-bucket-bucket\"]",
"type": "aws_s3_bucket_public_access_block",
"depends_on": [
"data.aws_caller_identity.current",
"data.aws_iam_policy_document.kms_key_policy",
"module.kms_module.aws_kms_alias.key_alias",
"module.kms_module.aws_kms_key.the_key",
"module.s3_module.aws_s3_bucket.s3_bucket"
],
"sensitive_values": {},
"name": "s3_bucket_access",
"mode": "managed",
"schema_version": 0,
"provider_name": "registry.terraform.io/hashicorp/aws",
"index": "saf-s3-demo-std-bucket-bucket"
},
{
"values": {
"id": "saf-s3-demo-std-bucket-bucket",
"rule": [
{
"apply_server_side_encryption_by_default": [
{
"kms_master_key_id": "arn:aws:kms:us-west-2:99999999999:key/fab4808a-c8b3-45b9-bcfe-87e138fe7592",
"sse_algorithm": "aws:kms"
}
],
"bucket_key_enabled": true
}
],
"expected_bucket_owner": "",
"bucket": "saf-s3-demo-std-bucket-bucket"
},
"address": "module.s3_module.aws_s3_bucket_server_side_encryption_configuration.s3_sse[\"saf-s3-demo-std-bucket-bucket\"]",
"type": "aws_s3_bucket_server_side_encryption_configuration",
"depends_on": [
"data.aws_caller_identity.current",
"data.aws_iam_policy_document.kms_key_policy",
"module.kms_module.aws_kms_alias.key_alias",
"module.kms_module.aws_kms_key.the_key",
"module.s3_module.aws_s3_bucket.s3_bucket"
],
"sensitive_values": {
"rule": [
{
"apply_server_side_encryption_by_default": [
{}
]
}
]
},
"name": "s3_sse",
"mode": "managed",
"schema_version": 0,
"provider_name": "registry.terraform.io/hashicorp/aws",
"index": "saf-s3-demo-std-bucket-bucket"
},
{
"values": {
"id": "saf-s3-demo-std-bucket-bucket",
"versioning_configuration": [
{
"mfa_delete": "",
"status": "Enabled"
}
],
"expected_bucket_owner": "",
"bucket": "saf-s3-demo-std-bucket-bucket",
"mfa": null
},
"address": "module.s3_module.aws_s3_bucket_versioning.s3_versioning[\"saf-s3-demo-std-bucket-bucket\"]",
"type": "aws_s3_bucket_versioning",
"depends_on": [
"data.aws_caller_identity.current",
"data.aws_iam_policy_document.kms_key_policy",
"module.kms_module.aws_kms_alias.key_alias",
"module.kms_module.aws_kms_key.the_key",
"module.s3_module.aws_s3_bucket.s3_bucket"
],
"sensitive_values": {
"versioning_configuration": [
{}
]
},
"name": "s3_versioning",
"mode": "managed",
"schema_version": 0,
"provider_name": "registry.terraform.io/hashicorp/aws",
"index": "saf-s3-demo-std-bucket-bucket"
},
{
"values": {
"id": "saf-s3-demo-std-bucket-bucket",
"versioning_configuration": [
{
"mfa_delete": "",
"status": "Enabled"
}
],
"expected_bucket_owner": "",
"bucket": "saf-s3-demo-std-bucket-bucket",
"mfa": null
},
"address": "module.s3_module.aws_s3_bucket_versioning.source_bucket_versioning[\"saf-s3-demo-std-bucket-bucket\"]",
"type": "aws_s3_bucket_versioning",
"depends_on": [
"data.aws_caller_identity.current",
"data.aws_iam_policy_document.kms_key_policy",
"module.kms_module.aws_kms_alias.key_alias",
"module.kms_module.aws_kms_key.the_key",
"module.s3_module.aws_s3_bucket.s3_bucket"
],
"sensitive_values": {
"versioning_configuration": [
{}
]
},
"name": "source_bucket_versioning",
"mode": "managed",
"schema_version": 0,
"provider_name": "registry.terraform.io/hashicorp/aws",
"index": "saf-s3-demo-std-bucket-bucket"
},
{
"values": {
"id": "99999999999",
"arn": "arn:aws:sts::99999999999:assumed-role/AWS-InnovationLabs-RDT-West-Admins/email@address.com",
"account_id": "99999999999",
"user_id": "XXXXXXXXXXXXXXXXXXXX:email@address.com"
},
"address": "module.s3_module.data.aws_caller_identity.current",
"type": "aws_caller_identity",
"sensitive_values": {},
"name": "current",
"mode": "data",
"schema_version": 0,
"provider_name": "registry.terraform.io/hashicorp/aws"
},
{
"values": {
"id": "4664f5415d52feb2d1fc6aaca001ac91de2ee758aacb86c8f788d34e66be08a2",
"display_name": "aws-innovationlabs-rdt-west"
},
"address": "module.s3_module.data.aws_canonical_user_id.current_user",
"type": "aws_canonical_user_id",
"sensitive_values": {},
"name": "current_user",
"mode": "data",
"schema_version": 0,
"provider_name": "registry.terraform.io/hashicorp/aws"
},
{
"values": {
"override_json": null,
"source_policy_documents": null,
"version": "2012-10-17",
"override_policy_documents": null,
"id": "4003806384",
"source_json": null,
"statement": [
{
"not_resources": [],
"effect": "Allow",
"sid": "",
"condition": [],
"not_principals": [],
"principals": [
{
"type": "Service",
"identifiers": [
"s3.amazonaws.com"
]
}
],
"resources": [],
"actions": [
"sts:AssumeRole"
],
"not_actions": []
}
],
"policy_id": null,
"json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"s3.amazonaws.com\"\n }\n }\n ]\n}"
},
"address": "module.s3_module.data.aws_iam_policy_document.assume_role_policy",
"type": "aws_iam_policy_document",
"sensitive_values": {
"statement": [
{
"not_resources": [],
"condition": [],
"not_principals": [],
"principals": [
{
"identifiers": [
false
]
}
],
"resources": [],
"actions": [
false
],
"not_actions": []
}
]
},
"name": "assume_role_policy",
"mode": "data",
"schema_version": 0,
"provider_name": "registry.terraform.io/hashicorp/aws"
},
{
"values": {
"override_json": null,
"source_policy_documents": [
"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Deny\",\n \"NotPrincipal\": {\n \"Service\": \"delivery.logs.amazonaws.com\"\n },\n \"Action\": \"s3:*\",\n \"Resource\": [\n \"arn:aws:s3:::saf-s3-demo-std-bucket-bucket\",\n \"arn:aws:s3:::saf-s3-demo-std-bucket-bucket/*\"\n ],\n \"Condition\": {\n \"Bool\": {\n \"aws:SecureTransport\": \"false\"\n }\n }\n }\n ]\n}\n"
],
"version": "2012-10-17",
"override_policy_documents": null,
"id": "2255316457",
"source_json": null,
"statement": null,
"policy_id": null,
"json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Deny\",\n \"Action\": \"s3:*\",\n \"Resource\": [\n \"arn:aws:s3:::saf-s3-demo-std-bucket-bucket\",\n \"arn:aws:s3:::saf-s3-demo-std-bucket-bucket/*\"\n ],\n \"NotPrincipal\": {\n \"Service\": \"delivery.logs.amazonaws.com\"\n },\n \"Condition\": {\n \"Bool\": {\n \"aws:SecureTransport\": [\n \"false\"\n ]\n }\n }\n }\n ]\n}"
},
"address": "module.s3_module.data.aws_iam_policy_document.default_bucket_policy[\"saf-s3-demo-std-bucket-bucket\"]",
"type": "aws_iam_policy_document",
"sensitive_values": {
"source_policy_documents": [
false
]
},
"name": "default_bucket_policy",
"mode": "data",
"schema_version": 0,
"provider_name": "registry.terraform.io/hashicorp/aws",
"index": "saf-s3-demo-std-bucket-bucket"
},
{
"values": {
"override_json": null,
"source_policy_documents": null,
"version": "2012-10-17",
"override_policy_documents": null,
"id": "3819175256",
"source_json": null,
"statement": [
{
"not_resources": [],
"effect": "Allow",
"sid": "",
"condition": [],
"not_principals": [],
"principals": [],
"resources": [
"arn:aws:s3:::saf-s3-demo-std-bucket-bucket"
],
"actions": [
"s3:GetReplicationConfiguration",
"s3:ListBucket"
],
"not_actions": []
},
{
"not_resources": [],
"effect": "Allow",
"sid": "",
"condition": [],
"not_principals": [],
"principals": [],
"resources": [
"arn:aws:s3:::saf-s3-demo-std-bucket-bucket/*"
],
"actions": [
"s3:GetObjectVersionAcl",
"s3:GetObjectVersionForReplication",
"s3:GetObjectVersionTagging"
],
"not_actions": []
}
],
"policy_id": null,
"json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:ListBucket\",\n \"s3:GetReplicationConfiguration\"\n ],\n \"Resource\": \"arn:aws:s3:::saf-s3-demo-std-bucket-bucket\"\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:GetObjectVersionTagging\",\n \"s3:GetObjectVersionForReplication\",\n \"s3:GetObjectVersionAcl\"\n ],\n \"Resource\": \"arn:aws:s3:::saf-s3-demo-std-bucket-bucket/*\"\n }\n ]\n}"
},
"address": "module.s3_module.data.aws_iam_policy_document.replication_policy[\"saf-s3-demo-std-bucket-bucket\"]",
"type": "aws_iam_policy_document",
"sensitive_values": {
"statement": [
{
"not_resources": [],
"condition": [],
"not_principals": [],
"principals": [],
"resources": [
false
],
"actions": [
false,
false
],
"not_actions": []
},
{
"not_resources": [],
"condition": [],
"not_principals": [],
"principals": [],
"resources": [
false
],
"actions": [
false,
false,
false
],
"not_actions": []
}
]
},
"name": "replication_policy",
"mode": "data",
"schema_version": 0,
"provider_name": "registry.terraform.io/hashicorp/aws",
"index": "saf-s3-demo-std-bucket-bucket"
},
{
"values": {
"description": "US West (Oregon)",
"endpoint": "ec2.us-west-2.amazonaws.com",
"id": "us-west-2",
"name": "us-west-2"
},
"address": "module.s3_module.data.aws_region.current",
"type": "aws_region",
"sensitive_values": {},
"name": "current",
"mode": "data",
"schema_version": 0,
"provider_name": "registry.terraform.io/hashicorp/aws"
},
{
"values": {
"description": "US East (Ohio)",
"endpoint": "ec2.us-east-2.amazonaws.com",
"id": "us-east-2",
"name": "us-east-2"
},
"address": "module.s3_module.data.aws_region.secondary_region",
"type": "aws_region",
"sensitive_values": {},
"name": "secondary_region",
"mode": "data",
"schema_version": 0,
"provider_name": "registry.terraform.io/hashicorp/aws"
}
]
}
]
}
},
"terraform_version": "1.3.7"
},
"relevant_attributes": [
{
"resource": "module.s3_module.aws_s3_bucket.s3_bucket",
"attribute": []
},
{
"resource": "module.s3_module.aws_s3_bucket_policy.other_policies",
"attribute": []
},
{
"resource": "module.s3_module.data.aws_iam_policy_document.default_bucket_policy",
"attribute": []
},
{
"resource": "data.aws_iam_policy_document.kms_key_policy",
"attribute": [
"json"
]
},
{
"resource": "module.kms_module.aws_kms_key.the_key",
"attribute": []
},
{
"resource": "module.kms_module.aws_kms_alias.key_alias",
"attribute": []
}
],
"resource_changes": [
{
"address": "module.kms_module.aws_kms_alias.key_alias[\"saf_s3_demo_std_bucket_cloudtrail_key\"]",
"type": "aws_kms_alias",
"name": "key_alias",
"mode": "managed",
"change": {
"after_unknown": {},
"after_sensitive": {},
"before_sensitive": {},
"before": {
"id": "alias/saf_s3_demo_std_bucket_cloudtrail_key",
"arn": "arn:aws:kms:us-west-2:99999999999:alias/saf_s3_demo_std_bucket_cloudtrail_key",
"target_key_id": "bb8bb8bb-8bb8-bb8b-b8bb-8bb8bb8bb8b",
"name": "alias/saf_s3_demo_std_bucket_cloudtrail_key",
"name_prefix": "",
"target_key_arn": "arn:aws:kms:us-west-2:99999999999:key/bb8bb8bb-8bb8-bb8b-b8bb-8bb8bb8bb8b"
},
"after": {
"id": "alias/saf_s3_demo_std_bucket_cloudtrail_key",
"arn": "arn:aws:kms:us-west-2:99999999999:alias/saf_s3_demo_std_bucket_cloudtrail_key",
"target_key_id": "bb8bb8bb-8bb8-bb8b-b8bb-8bb8bb8bb8b",
"name": "alias/saf_s3_demo_std_bucket_cloudtrail_key",
"name_prefix": "",
"target_key_arn": "arn:aws:kms:us-west-2:99999999999:key/bb8bb8bb-8bb8-bb8b-b8bb-8bb8bb8bb8b"
},
"actions": [
"no-op"
]
},
"provider_name": "registry.terraform.io/hashicorp/aws",
"index": "saf_s3_demo_std_bucket_cloudtrail_key",
"module_address": "module.kms_module"
},
{
"address": "module.kms_module.aws_kms_alias.key_alias[\"saf_s3_demo_std_bucket_s3_key\"]",
"type": "aws_kms_alias",
"name": "key_alias",
"mode": "managed",
"change": {
"after_unknown": {},
"after_sensitive": {},
"before_sensitive": {},
"before": {
"id": "alias/saf_s3_demo_std_bucket_s3_key",
"arn": "arn:aws:kms:us-west-2:99999999999:alias/saf_s3_demo_std_bucket_s3_key",
"target_key_id": "fab4808a-c8b3-45b9-bcfe-87e138fe7592",
"name": "alias/saf_s3_demo_std_bucket_s3_key",
"name_prefix": "",
"target_key_arn": "arn:aws:kms:us-west-2:99999999999:key/fab4808a-c8b3-45b9-bcfe-87e138fe7592"
},
"after": {
"id": "alias/saf_s3_demo_std_bucket_s3_key",
"arn": "arn:aws:kms:us-west-2:99999999999:alias/saf_s3_demo_std_bucket_s3_key",
"target_key_id": "fab4808a-c8b3-45b9-bcfe-87e138fe7592",
"name": "alias/saf_s3_demo_std_bucket_s3_key",
"name_prefix": "",
"target_key_arn": "arn:aws:kms:us-west-2:99999999999:key/fab4808a-c8b3-45b9-bcfe-87e138fe7592"
},
"actions": [
"no-op"
]
},
"provider_name": "registry.terraform.io/hashicorp/aws",
"index": "saf_s3_demo_std_bucket_s3_key",
"module_address": "module.kms_module"
},
{
"address": "module.kms_module.aws_kms_key.the_key[\"saf_s3_demo_std_bucket_cloudtrail_key\"]",
"type": "aws_kms_key",
"name": "the_key",
"mode": "managed",
"change": {
"after_unknown": {},
"after_sensitive": {
"tags_all": {},
"tags": {}
},
"before_sensitive": {
"tags_all": {},
"tags": {}
},
"before": {
"tags_all": {
"Expire": "31 March 2023",
"CreatorId": "XXXXXXXXXXXXXXXXXXXX",
"CreatorName": "email@address.com",
"Project": "Demo",
"Owner": "Some Guy"
},
"description": "Key for CloudTrail encryption",
"key_id": "bb8bb8bb-8bb8-bb8b-b8bb-8bb8bb8bb8b",
"bypass_policy_lockout_safety_check": false,
"id": "bb8bb8bb-8bb8-bb8b-b8bb-8bb8bb8bb8b",
"enable_key_rotation": true,
"arn": "arn:aws:kms:us-west-2:99999999999:key/bb8bb8bb-8bb8-bb8b-b8bb-8bb8bb8bb8b",
"policy": "{\"Statement\":[{\"Action\":\"kms:*\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::99999999999:role/AWS-InnovationLabs-RDT-West-Admins\"},\"Resource\":\"*\",\"Sid\":\"Enable IAM Permissions\"},{\"Action\":[\"kms:ReEncrypt*\",\"kms:GenerateDataKey*\",\"kms:Encrypt\",\"kms:DescribeKey\",\"kms:Decrypt\"],\"Effect\":\"Allow\",\"Principal\":{\"Service\":[\"s3.amazonaws.com\",\"cloudtrail.amazonaws.com\"]},\"Resource\":\"*\",\"Sid\":\"Allow CloudTrail to use the key\"},{\"Action\":[\"kms:ReEncrypt*\",\"kms:GenerateDataKey*\",\"kms:Encrypt\",\"kms:DescribeKey\",\"kms:Decrypt\"],\"Condition\":{\"Bool\":{\"kms:ViaService\":\"false\"},\"NotIpAddress\":{\"aws:SourceIp\":[\"10.0.0.0/8\",\"172.16.0.0/12\",\"192.168.0.0/16\"]}},\"Effect\":\"Deny\",\"Principal\":{\"AWS\":\"*\"},\"Resource\":\"*\",\"Sid\":\"DenyNotPrivateIp\"}],\"Version\":\"2012-10-17\"}",
"tags": {
"Expire": "31 March 2023",
"CreatorId": "XXXXXXXXXXXXXXXXXXXX",
"CreatorName": "email@address.com",
"Project": "Demo",
"Owner": "Some Guy"
},
"key_usage": "ENCRYPT_DECRYPT",
"multi_region": false,
"customer_master_key_spec": "SYMMETRIC_DEFAULT",
"custom_key_store_id": "",
"is_enabled": true,
"deletion_window_in_days": null
},
"after": {
"tags_all": {
"Expire": "31 March 2023",
"CreatorId": "XXXXXXXXXXXXXXXXXXXX",
"CreatorName": "email@address.com",
"Project": "Demo",
"Owner": "Some Guy"
},
"description": "Key for CloudTrail encryption",
"key_id": "bb8bb8bb-8bb8-bb8b-b8bb-8bb8bb8bb8b",
"bypass_policy_lockout_safety_check": false,
"id": "bb8bb8bb-8bb8-bb8b-b8bb-8bb8bb8bb8b",
"enable_key_rotation": true,
"arn": "arn:aws:kms:us-west-2:99999999999:key/bb8bb8bb-8bb8-bb8b-b8bb-8bb8bb8bb8b",
"policy": "{\"Statement\":[{\"Action\":\"kms:*\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::99999999999:role/AWS-InnovationLabs-RDT-West-Admins\"},\"Resource\":\"*\",\"Sid\":\"Enable IAM Permissions\"},{\"Action\":[\"kms:ReEncrypt*\",\"kms:GenerateDataKey*\",\"kms:Encrypt\",\"kms:DescribeKey\",\"kms:Decrypt\"],\"Effect\":\"Allow\",\"Principal\":{\"Service\":[\"s3.amazonaws.com\",\"cloudtrail.amazonaws.com\"]},\"Resource\":\"*\",\"Sid\":\"Allow CloudTrail to use the key\"},{\"Action\":[\"kms:ReEncrypt*\",\"kms:GenerateDataKey*\",\"kms:Encrypt\",\"kms:DescribeKey\",\"kms:Decrypt\"],\"Condition\":{\"StringNotEquals\":{\"kms:CallerAccount\":\"99999999999\",\"kms:ViaService\":[\"cloudtrail.amazonaws.com\",\"s3.amazonaws.com\"]}},\"Effect\":\"Deny\",\"Principal\":{\"AWS\":\"*\"},\"Resource\":\"*\",\"Sid\":\"DenyNotLocalAccount\"},{\"Action\":[\"kms:ReEncrypt*\",\"kms:GenerateDataKey*\",\"kms:Encrypt\",\"kms:DescribeKey\",\"kms:Decrypt\"],\"Condition\":{\"Bool\":{\"kms:ViaService\":\"false\"},\"NotIpAddress\":{\"aws:SourceIp\":[\"10.0.0.0/8\",\"172.16.0.0/12\",\"192.168.0.0/16\"]}},\"Effect\":\"Deny\",\"Principal\":{\"AWS\":\"*\"},\"Resource\":\"*\",\"Sid\":\"DenyNotPrivateIp\"}],\"Version\":\"2012-10-17\"}",
"tags": {
"Expire": "31 March 2023",
"CreatorId": "XXXXXXXXXXXXXXXXXXXX",
"CreatorName": "email@address.com",
"Project": "Demo",
"Owner": "Some Guy"
},
"key_usage": "ENCRYPT_DECRYPT",
"multi_region": false,
"customer_master_key_spec": "SYMMETRIC_DEFAULT",
"custom_key_store_id": "",
"is_enabled": true,
"deletion_window_in_days": null
},
"actions": [
"update"
]
},
"provider_name": "registry.terraform.io/hashicorp/aws",
"index": "saf_s3_demo_std_bucket_cloudtrail_key",
"module_address": "module.kms_module"
},
{
"address": "module.kms_module.aws_kms_key.the_key[\"saf_s3_demo_std_bucket_s3_key\"]",
"type": "aws_kms_key",
"name": "the_key",
"mode": "managed",
"change": {
"after_unknown": {},
"after_sensitive": {
"tags_all": {},
"tags": {}
},
"before_sensitive": {
"tags_all": {},
"tags": {}
},
"before": {
"tags_all": {
"Expire": "31 March 2023",
"CreatorId": "XXXXXXXXXXXXXXXXXXXX",
"CreatorName": "email@address.com",
"Project": "Demo",
"Owner": "Some Guy"
},
"description": "Key for S3 encryption",
"key_id": "fab4808a-c8b3-45b9-bcfe-87e138fe7592",
"bypass_policy_lockout_safety_check": false,
"id": "fab4808a-c8b3-45b9-bcfe-87e138fe7592",
"enable_key_rotation": true,
"arn": "arn:aws:kms:us-west-2:99999999999:key/fab4808a-c8b3-45b9-bcfe-87e138fe7592",
"policy": "{\"Statement\":[{\"Action\":\"kms:*\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::99999999999:role/AWS-InnovationLabs-RDT-West-Admins\"},\"Resource\":\"*\",\"Sid\":\"Enable IAM Permissions\"},{\"Action\":[\"kms:ReEncrypt*\",\"kms:GenerateDataKey*\",\"kms:Encrypt\",\"kms:DescribeKey\",\"kms:Decrypt\"],\"Effect\":\"Allow\",\"Principal\":{\"Service\":[\"s3.amazonaws.com\",\"cloudtrail.amazonaws.com\"]},\"Resource\":\"*\",\"Sid\":\"Allow CloudTrail to use the key\"},{\"Action\":[\"kms:ReEncrypt*\",\"kms:GenerateDataKey*\",\"kms:Encrypt\",\"kms:DescribeKey\",\"kms:Decrypt\"],\"Condition\":{\"Bool\":{\"kms:ViaService\":\"false\"},\"NotIpAddress\":{\"aws:SourceIp\":[\"10.0.0.0/8\",\"172.16.0.0/12\",\"192.168.0.0/16\"]}},\"Effect\":\"Deny\",\"Principal\":{\"AWS\":\"*\"},\"Resource\":\"*\",\"Sid\":\"DenyNotPrivateIp\"}],\"Version\":\"2012-10-17\"}",
"tags": {
"Expire": "31 March 2023",
"CreatorId": "XXXXXXXXXXXXXXXXXXXX",
"CreatorName": "email@address.com",
"Project": "Demo",
"Owner": "Some Guy"
},
"key_usage": "ENCRYPT_DECRYPT",
"multi_region": false,
"customer_master_key_spec": "SYMMETRIC_DEFAULT",
"custom_key_store_id": "",
"is_enabled": true,
"deletion_window_in_days": null
},
"after": {
"tags_all": {
"Expire": "31 March 2023",
"CreatorId": "XXXXXXXXXXXXXXXXXXXX",
"CreatorName": "email@address.com",
"Project": "Demo",
"Owner": "Some Guy"
},
"description": "Key for S3 encryption",
"key_id": "fab4808a-c8b3-45b9-bcfe-87e138fe7592",
"bypass_policy_lockout_safety_check": false,
"id": "fab4808a-c8b3-45b9-bcfe-87e138fe7592",
"enable_key_rotation": true,
"arn": "arn:aws:kms:us-west-2:99999999999:key/fab4808a-c8b3-45b9-bcfe-87e138fe7592",
"policy": "{\"Statement\":[{\"Action\":\"kms:*\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::99999999999:role/AWS-InnovationLabs-RDT-West-Admins\"},\"Resource\":\"*\",\"Sid\":\"Enable IAM Permissions\"},{\"Action\":[\"kms:ReEncrypt*\",\"kms:GenerateDataKey*\",\"kms:Encrypt\",\"kms:DescribeKey\",\"kms:Decrypt\"],\"Effect\":\"Allow\",\"Principal\":{\"Service\":[\"s3.amazonaws.com\",\"cloudtrail.amazonaws.com\"]},\"Resource\":\"*\",\"Sid\":\"Allow CloudTrail to use the key\"},{\"Action\":[\"kms:ReEncrypt*\",\"kms:GenerateDataKey*\",\"kms:Encrypt\",\"kms:DescribeKey\",\"kms:Decrypt\"],\"Condition\":{\"StringNotEquals\":{\"kms:CallerAccount\":\"99999999999\",\"kms:ViaService\":[\"cloudtrail.amazonaws.com\",\"s3.amazonaws.com\"]}},\"Effect\":\"Deny\",\"Principal\":{\"AWS\":\"*\"},\"Resource\":\"*\",\"Sid\":\"DenyNotLocalAccount\"},{\"Action\":[\"kms:ReEncrypt*\",\"kms:GenerateDataKey*\",\"kms:Encrypt\",\"kms:DescribeKey\",\"kms:Decrypt\"],\"Condition\":{\"Bool\":{\"kms:ViaService\":\"false\"},\"NotIpAddress\":{\"aws:SourceIp\":[\"10.0.0.0/8\",\"172.16.0.0/12\",\"192.168.0.0/16\"]}},\"Effect\":\"Deny\",\"Principal\":{\"AWS\":\"*\"},\"Resource\":\"*\",\"Sid\":\"DenyNotPrivateIp\"}],\"Version\":\"2012-10-17\"}",
"tags": {
"Expire": "31 March 2023",
"CreatorId": "XXXXXXXXXXXXXXXXXXXX",
"CreatorName": "email@address.com",
"Project": "Demo",
"Owner": "Some Guy"
},
"key_usage": "ENCRYPT_DECRYPT",
"multi_region": false,
"customer_master_key_spec": "SYMMETRIC_DEFAULT",
"custom_key_store_id": "",
"is_enabled": true,
"deletion_window_in_days": null
},
"actions": [
"update"
]
},
"provider_name": "registry.terraform.io/hashicorp/aws",
"index": "saf_s3_demo_std_bucket_s3_key",
"module_address": "module.kms_module"
},
{
"address": "module.s3_module.aws_cloudtrail.object_logging[\"0\"]",
"type": "aws_cloudtrail",
"name": "object_logging",
"mode": "managed",
"change": {
"after_unknown": {},
"after_sensitive": {
"tags_all": {},
"advanced_event_selector": [
{
"field_selector": [
{
"ends_with": [],
"starts_with": [],
"equals": [
false
],
"not_ends_with": [],
"not_equals": [],
"not_starts_with": []
},
{
"ends_with": [],
"starts_with": [],
"equals": [
false
],
"not_ends_with": [],
"not_equals": [],
"not_starts_with": []
},
{
"ends_with": [],
"starts_with": [
false
],
"equals": [],
"not_ends_with": [],
"not_equals": [],
"not_starts_with": []
}
]
}
],
"tags": {},
"insight_selector": [],
"event_selector": []
},
"before_sensitive": {
"tags_all": {},
"advanced_event_selector": [
{
"field_selector": [
{
"ends_with": [],
"starts_with": [],
"equals": [
false
],
"not_ends_with": [],
"not_equals": [],
"not_starts_with": []
},
{
"ends_with": [],
"starts_with": [],
"equals": [
false
],
"not_ends_with": [],
"not_equals": [],
"not_starts_with": []
},
{
"ends_with": [],
"starts_with": [
false
],
"equals": [],
"not_ends_with": [],
"not_equals": [],
"not_starts_with": []
}
]
}
],
"tags": {},
"insight_selector": [],
"event_selector": []
},
"before": {
"tags_all": {
"Expire": "31 March 2023",
"CreatorId": "XXXXXXXXXXXXXXXXXXXX",
"CreatorName": "email@address.com",
"Project": "Demo",
"Owner": "Some Guy"
},
"advanced_event_selector": [
{
"field_selector": [
{
"ends_with": [],
"starts_with": [],
"field": "resources.type",
"equals": [
"AWS::S3::Object"
],
"not_ends_with": [],
"not_equals": [],
"not_starts_with": []
},
{
"ends_with": [],
"starts_with": [],
"field": "eventCategory",
"equals": [
"Data"
],
"not_ends_with": [],
"not_equals": [],
"not_starts_with": []
},
{
"ends_with": [],
"starts_with": [
"arn:aws:s3:::saf-s3-demo-std-bucket-bucket/"
],
"field": "resources.ARN",
"equals": [],
"not_ends_with": [],
"not_equals": [],
"not_starts_with": []
}
],
"name": ""
}
],
"include_global_service_events": false,
"id": "saf-s3-demo-std-bucket-bucket_logging",
"enable_log_file_validation": true,
"kms_key_id": "arn:aws:kms:us-west-2:99999999999:key/bb8bb8bb-8bb8-bb8b-b8bb-8bb8bb8bb8b",
"is_multi_region_trail": false,
"arn": "arn:aws:cloudtrail:us-west-2:99999999999:trail/saf-s3-demo-std-bucket-bucket_logging",
"tags": {
"Expire": "31 March 2023",
"CreatorId": "XXXXXXXXXXXXXXXXXXXX",
"CreatorName": "email@address.com",
"Project": "Demo",
"Owner": "Some Guy"
},
"name": "saf-s3-demo-std-bucket-bucket_logging",
"home_region": "us-west-2",
"insight_selector": [],
"event_selector": [],
"is_organization_trail": false,
"enable_logging": true,
"sns_topic_name": "",
"cloud_watch_logs_role_arn": "",
"s3_key_prefix": "object_logs",
"cloud_watch_logs_group_arn": "",
"s3_bucket_name": "saf-s3-logging-bucket-demo-bucket"
},
"after": {
"tags_all": {
"Expire": "31 March 2023",
"CreatorId": "XXXXXXXXXXXXXXXXXXXX",
"CreatorName": "email@address.com",
"Project": "Demo",
"Owner": "Some Guy"
},
"advanced_event_selector": [
{
"field_selector": [
{
"ends_with": [],
"starts_with": [],
"field": "resources.type",
"equals": [
"AWS::S3::Object"
],
"not_ends_with": [],
"not_equals": [],
"not_starts_with": []
},
{
"ends_with": [],
"starts_with": [],
"field": "eventCategory",
"equals": [
"Data"
],
"not_ends_with": [],
"not_equals": [],
"not_starts_with": []
},
{
"ends_with": [],
"starts_with": [
"arn:aws:s3:::saf-s3-demo-std-bucket-bucket/"
],
"field": "resources.ARN",
"equals": [],
"not_ends_with": [],
"not_equals": [],
"not_starts_with": []
}
],
"name": ""
}
],
"include_global_service_events": false,
"id": "saf-s3-demo-std-bucket-bucket_logging",
"enable_log_file_validation": true,
"kms_key_id": "arn:aws:kms:us-west-2:99999999999:alias/saf_s3_demo_std_bucket_cloudtrail_key",
"is_multi_region_trail": false,
"arn": "arn:aws:cloudtrail:us-west-2:99999999999:trail/saf-s3-demo-std-bucket-bucket_logging",
"tags": {
"Expire": "31 March 2023",
"CreatorId": "XXXXXXXXXXXXXXXXXXXX",
"CreatorName": "email@address.com",
"Project": "Demo",
"Owner": "Some Guy"
},
"name": "saf-s3-demo-std-bucket-bucket_logging",
"home_region": "us-west-2",
"insight_selector": [],
"event_selector": [],
"is_organization_trail": false,
"enable_logging": true,
"sns_topic_name": "",
"cloud_watch_logs_role_arn": "",
"s3_key_prefix": "object_logs",
"cloud_watch_logs_group_arn": "",
"s3_bucket_name": "saf-s3-logging-bucket-demo-bucket"
},
"actions": [
"update"
]
},
"provider_name": "registry.terraform.io/hashicorp/aws",
"index": "0",
"module_address": "module.s3_module"
},
{
"address": "module.s3_module.aws_iam_role.bucket_replication_role[\"saf-s3-demo-std-bucket-bucket\"]",
"type": "aws_iam_role",
"name": "bucket_replication_role",
"mode": "managed",
"change": {
"after_unknown": {},
"after_sensitive": {
"tags_all": {},
"tags": {},
"inline_policy": [],
"managed_policy_arns": []
},
"before_sensitive": {
"tags_all": {},
"tags": {},
"inline_policy": [],
"managed_policy_arns": []
},
"before": {
"tags_all": {
"Expire": "31 March 2023",
"CreatorId": "XXXXXXXXXXXXXXXXXXXX",
"CreatorName": "email@address.com",
"Project": "Demo",
"Owner": "Some Guy"
},
"description": "",
"permissions_boundary": null,
"id": "saf-s3-demo-std-bucket-bucket",
"assume_role_policy": "{\"Statement\":[{\"Action\":\"sts:AssumeRole\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"s3.amazonaws.com\"},\"Sid\":\"\"}],\"Version\":\"2012-10-17\"}",
"arn": "arn:aws:iam::99999999999:role/saf-s3-demo-std-bucket-bucket",
"tags": {
"Expire": "31 March 2023",
"CreatorId": "XXXXXXXXXXXXXXXXXXXX",
"CreatorName": "email@address.com",
"Project": "Demo",
"Owner": "Some Guy"
},
"force_detach_policies": false,
"name": "saf-s3-demo-std-bucket-bucket",
"inline_policy": [],
"name_prefix": "",
"max_session_duration": 3600,
"create_date": "2023-01-31T23:48:00Z",
"path": "/",
"managed_policy_arns": [],
"unique_id": "AROAZGGUE3TSSATBCWNIV"
},
"after": {
"tags_all": {
"Expire": "31 March 2023",
"CreatorId": "XXXXXXXXXXXXXXXXXXXX",
"CreatorName": "email@address.com",
"Project": "Demo",
"Owner": "Some Guy"
},
"description": "",
"permissions_boundary": null,
"id": "saf-s3-demo-std-bucket-bucket",
"assume_role_policy": "{\"Statement\":[{\"Action\":\"sts:AssumeRole\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"s3.amazonaws.com\"},\"Sid\":\"\"}],\"Version\":\"2012-10-17\"}",
"arn": "arn:aws:iam::99999999999:role/saf-s3-demo-std-bucket-bucket",
"tags": {
"Expire": "31 March 2023",
"CreatorId": "XXXXXXXXXXXXXXXXXXXX",
"CreatorName": "email@address.com",
"Project": "Demo",
"Owner": "Some Guy"
},
"force_detach_policies": false,
"name": "saf-s3-demo-std-bucket-bucket",
"inline_policy": [],
"name_prefix": "",
"max_session_duration": 3600,
"create_date": "2023-01-31T23:48:00Z",
"path": "/",
"managed_policy_arns": [],
"unique_id": "AROAZGGUE3TSSATBCWNIV"
},
"actions": [
"no-op"
]
},
"provider_name": "registry.terraform.io/hashicorp/aws",
"index": "saf-s3-demo-std-bucket-bucket",
"module_address": "module.s3_module"
},
{
"address": "module.s3_module.aws_s3_bucket.s3_bucket[\"saf-s3-demo-std-bucket-bucket\"]",
"type": "aws_s3_bucket",
"name": "s3_bucket",
"mode": "managed",
"change": {
"after_unknown": {},
"after_sensitive": {
"tags_all": {},
"server_side_encryption_configuration": [
{
"rule": [
{
"apply_server_side_encryption_by_default": [
{}
]
}
]
}
],
"website": [],
"object_lock_configuration": [],
"tags": {},
"logging": [
{}
],
"cors_rule": [],
"lifecycle_rule": [],
"replication_configuration": [],
"grant": [
{
"permissions": [
false
]
}
],
"versioning": [
{}
]
},
"before_sensitive": {
"tags_all": {},
"server_side_encryption_configuration": [
{
"rule": [
{
"apply_server_side_encryption_by_default": [
{}
]
}
]
}
],
"website": [],
"object_lock_configuration": [],
"tags": {},
"logging": [
{}
],
"cors_rule": [],
"lifecycle_rule": [],
"replication_configuration": [],
"grant": [
{
"permissions": [
false
]
}
],
"versioning": [
{}
]
},
"before": {
"tags_all": {
"Expire": "31 March 2023",
"CreatorId": "XXXXXXXXXXXXXXXXXXXX",
"CreatorName": "email@address.com",
"Project": "Demo",
"Name": "S3 SAF Demo Bucket",
"Owner": "Some Guy"
},
"server_side_encryption_configuration": [
{
"rule": [
{
"apply_server_side_encryption_by_default": [
{
"kms_master_key_id": "arn:aws:kms:us-west-2:99999999999:key/fab4808a-c8b3-45b9-bcfe-87e138fe7592",
"sse_algorithm": "aws:kms"
}
],
"bucket_key_enabled": true
}
]
}
],
"hosted_zone_id": "Z3BJ6K6RIION7M",
"id": "saf-s3-demo-std-bucket-bucket",
"website": [],
"website_domain": null,
"arn": "arn:aws:s3:::saf-s3-demo-std-bucket-bucket",
"policy": "{\"Statement\":[{\"Action\":\"s3:*\",\"Condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}},\"Effect\":\"Deny\",\"NotPrincipal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":[\"arn:aws:s3:::saf-s3-demo-std-bucket-bucket\",\"arn:aws:s3:::saf-s3-demo-std-bucket-bucket/*\"],\"Sid\":\"\"}],\"Version\":\"2012-10-17\"}",
"region": "us-west-2",
"object_lock_enabled": false,
"object_lock_configuration": [],
"tags": {
"Expire": "31 March 2023",
"CreatorId": "XXXXXXXXXXXXXXXXXXXX",
"CreatorName": "email@address.com",
"Project": "Demo",
"Name": "S3 SAF Demo Bucket",
"Owner": "Some Guy"
},
"logging": [
{
"target_prefix": "s3_logs/",
"target_bucket": "saf-s3-logging-bucket-demo-bucket"
}
],
"bucket_prefix": null,
"request_payer": "BucketOwner",
"cors_rule": [],
"bucket_domain_name": "saf-s3-demo-std-bucket-bucket.s3.amazonaws.com",
"bucket_regional_domain_name": "saf-s3-demo-std-bucket-bucket.s3.us-west-2.amazonaws.com",
"lifecycle_rule": [],
"acceleration_status": "",
"timeouts": null,
"replication_configuration": [],
"grant": [
{
"id": "4664f5415d52feb2d1fc6aaca001ac91de2ee758aacb86c8f788d34e66be08a2",
"type": "CanonicalUser",
"permissions": [
"FULL_CONTROL"
],
"uri": ""
}
],
"bucket": "saf-s3-demo-std-bucket-bucket",
"versioning": [
{
"mfa_delete": false,
"enabled": true
}
],
"acl": null,
"force_destroy": true,
"website_endpoint": null
},
"after": {
"tags_all": {
"Expire": "31 March 2023",
"CreatorId": "XXXXXXXXXXXXXXXXXXXX",
"CreatorName": "email@address.com",
"Project": "Demo",
"Name": "S3 SAF Demo Bucket",
"Owner": "Some Guy"
},
"server_side_encryption_configuration": [
{
"rule": [
{
"apply_server_side_encryption_by_default": [
{
"kms_master_key_id": "arn:aws:kms:us-west-2:99999999999:key/fab4808a-c8b3-45b9-bcfe-87e138fe7592",
"sse_algorithm": "aws:kms"
}
],
"bucket_key_enabled": true
}
]
}
],
"hosted_zone_id": "Z3BJ6K6RIION7M",
"id": "saf-s3-demo-std-bucket-bucket",
"website": [],
"website_domain": null,
"arn": "arn:aws:s3:::saf-s3-demo-std-bucket-bucket",
"policy": "{\"Statement\":[{\"Action\":\"s3:*\",\"Condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}},\"Effect\":\"Deny\",\"NotPrincipal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":[\"arn:aws:s3:::saf-s3-demo-std-bucket-bucket\",\"arn:aws:s3:::saf-s3-demo-std-bucket-bucket/*\"],\"Sid\":\"\"}],\"Version\":\"2012-10-17\"}",
"region": "us-west-2",
"object_lock_enabled": false,
"object_lock_configuration": [],
"tags": {
"Expire": "31 March 2023",
"CreatorId": "XXXXXXXXXXXXXXXXXXXX",
"CreatorName": "email@address.com",
"Project": "Demo",
"Name": "S3 SAF Demo Bucket",
"Owner": "Some Guy"
},
"logging": [
{
"target_prefix": "s3_logs/",
"target_bucket": "saf-s3-logging-bucket-demo-bucket"
}
],
"bucket_prefix": null,
"request_payer": "BucketOwner",
"cors_rule": [],
"bucket_domain_name": "saf-s3-demo-std-bucket-bucket.s3.amazonaws.com",
"bucket_regional_domain_name": "saf-s3-demo-std-bucket-bucket.s3.us-west-2.amazonaws.com",
"lifecycle_rule": [],
"acceleration_status": "",
"timeouts": null,
"replication_configuration": [],
"grant": [
{
"id": "4664f5415d52feb2d1fc6aaca001ac91de2ee758aacb86c8f788d34e66be08a2",
"type": "CanonicalUser",
"permissions": [
"FULL_CONTROL"
],
"uri": ""
}
],
"bucket": "saf-s3-demo-std-bucket-bucket",
"versioning": [
{
"mfa_delete": false,
"enabled": true
}
],
"acl": null,
"force_destroy": true,
"website_endpoint": null
},
"actions": [
"no-op"
]
},
"provider_name": "registry.terraform.io/hashicorp/aws",
"index": "saf-s3-demo-std-bucket-bucket",
"module_address": "module.s3_module"
},
{
"address": "module.s3_module.aws_s3_bucket_acl.s3_acl[\"saf-s3-demo-std-bucket-bucket\"]",
"type": "aws_s3_bucket_acl",
"name": "s3_acl",
"mode": "managed",
"change": {
"after_unknown": {},
"after_sensitive": {
"access_control_policy": [
{
"owner": [
{}
],
"grant": [
{
"grantee": [
{}
]
}
]
}
]
},
"before_sensitive": {
"access_control_policy": [
{
"owner": [
{}
],
"grant": [
{
"grantee": [
{}
]
}
]
}
]
},
"before": {
"id": "saf-s3-demo-std-bucket-bucket",
"access_control_policy": [
{
"owner": [
{
"id": "4664f5415d52feb2d1fc6aaca001ac91de2ee758aacb86c8f788d34e66be08a2",
"display_name": "aws-innovationlabs-rdt-west"
}
],
"grant": [
{
"permission": "FULL_CONTROL",
"grantee": [
{
"id": "4664f5415d52feb2d1fc6aaca001ac91de2ee758aacb86c8f788d34e66be08a2",
"type": "CanonicalUser",
"email_address": "",
"uri": "",
"display_name": "aws-innovationlabs-rdt-west"
}
]
}
]
}
],
"expected_bucket_owner": "",
"bucket": "saf-s3-demo-std-bucket-bucket",
"acl": ""
},
"after": {
"id": "saf-s3-demo-std-bucket-bucket",
"access_control_policy": [
{
"owner": [
{
"id": "4664f5415d52feb2d1fc6aaca001ac91de2ee758aacb86c8f788d34e66be08a2",
"display_name": "aws-innovationlabs-rdt-west"
}
],
"grant": [
{
"permission": "FULL_CONTROL",
"grantee": [
{
"id": "4664f5415d52feb2d1fc6aaca001ac91de2ee758aacb86c8f788d34e66be08a2",
"type": "CanonicalUser",
"email_address": "",
"uri": "",
"display_name": "aws-innovationlabs-rdt-west"
}
]
}
]
}
],
"expected_bucket_owner": "",
"bucket": "saf-s3-demo-std-bucket-bucket",
"acl": ""
},
"actions": [
"no-op"
]
},
"provider_name": "registry.terraform.io/hashicorp/aws",
"index": "saf-s3-demo-std-bucket-bucket",
"module_address": "module.s3_module"
},
{
"address": "module.s3_module.aws_s3_bucket_logging.s3_logging[\"0\"]",
"type": "aws_s3_bucket_logging",
"name": "s3_logging",
"mode": "managed",
"change": {
"after_unknown": {},
"after_sensitive": {
"target_grant": []
},
"before_sensitive": {
"target_grant": []
},
"before": {
"id": "saf-s3-demo-std-bucket-bucket",
"target_grant": [],
"target_prefix": "s3_logs/",
"target_bucket": "saf-s3-logging-bucket-demo-bucket",
"expected_bucket_owner": "",
"bucket": "saf-s3-demo-std-bucket-bucket"
},
"after": {
"id": "saf-s3-demo-std-bucket-bucket",
"target_grant": [],
"target_prefix": "s3_logs/",
"target_bucket": "saf-s3-logging-bucket-demo-bucket",
"expected_bucket_owner": "",
"bucket": "saf-s3-demo-std-bucket-bucket"
},
"actions": [
"no-op"
]
},
"provider_name": "registry.terraform.io/hashicorp/aws",
"index": "0",
"module_address": "module.s3_module"
},
{
"address": "module.s3_module.aws_s3_bucket_policy.other_policies[\"saf-s3-demo-std-bucket-bucket\"]",
"type": "aws_s3_bucket_policy",
"name": "other_policies",
"mode": "managed",
"change": {
"after_unknown": {},
"after_sensitive": {},
"before_sensitive": {},
"before": {
"id": "saf-s3-demo-std-bucket-bucket",
"policy": "{\"Statement\":[{\"Action\":\"s3:*\",\"Condition\":{\"Bool\":{\"aws:SecureTransport\":[\"false\"]}},\"Effect\":\"Deny\",\"NotPrincipal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":[\"arn:aws:s3:::saf-s3-demo-std-bucket-bucket\",\"arn:aws:s3:::saf-s3-demo-std-bucket-bucket/*\"],\"Sid\":\"\"}],\"Version\":\"2012-10-17\"}",
"bucket": "saf-s3-demo-std-bucket-bucket"
},
"after": {
"id": "saf-s3-demo-std-bucket-bucket",
"policy": "{\"Statement\":[{\"Action\":\"s3:*\",\"Condition\":{\"Bool\":{\"aws:SecureTransport\":[\"false\"]}},\"Effect\":\"Deny\",\"NotPrincipal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":[\"arn:aws:s3:::saf-s3-demo-std-bucket-bucket\",\"arn:aws:s3:::saf-s3-demo-std-bucket-bucket/*\"],\"Sid\":\"\"}],\"Version\":\"2012-10-17\"}",
"bucket": "saf-s3-demo-std-bucket-bucket"
},
"actions": [
"no-op"
]
},
"provider_name": "registry.terraform.io/hashicorp/aws",
"index": "saf-s3-demo-std-bucket-bucket",
"module_address": "module.s3_module"
},
{
"address": "module.s3_module.aws_s3_bucket_public_access_block.s3_bucket_access[\"saf-s3-demo-std-bucket-bucket\"]",
"type": "aws_s3_bucket_public_access_block",
"name": "s3_bucket_access",
"mode": "managed",
"change": {
"after_unknown": {},
"after_sensitive": {},
"before_sensitive": {},
"before": {
"id": "saf-s3-demo-std-bucket-bucket",
"restrict_public_buckets": true,
"block_public_policy": true,
"block_public_acls": true,
"bucket": "saf-s3-demo-std-bucket-bucket",
"ignore_public_acls": true
},
"after": {
"id": "saf-s3-demo-std-bucket-bucket",
"restrict_public_buckets": true,
"block_public_policy": true,
"block_public_acls": true,
"bucket": "saf-s3-demo-std-bucket-bucket",
"ignore_public_acls": true
},
"actions": [
"no-op"
]
},
"provider_name": "registry.terraform.io/hashicorp/aws",
"index": "saf-s3-demo-std-bucket-bucket",
"module_address": "module.s3_module"
},
{
"address": "module.s3_module.aws_s3_bucket_server_side_encryption_configuration.s3_sse[\"saf-s3-demo-std-bucket-bucket\"]",
"type": "aws_s3_bucket_server_side_encryption_configuration",
"name": "s3_sse",
"mode": "managed",
"change": {
"after_unknown": {},
"after_sensitive": {
"rule": [
{
"apply_server_side_encryption_by_default": [
{}
]
}
]
},
"before_sensitive": {
"rule": [
{
"apply_server_side_encryption_by_default": [
{}
]
}
]
},
"before": {
"id": "saf-s3-demo-std-bucket-bucket",
"rule": [
{
"apply_server_side_encryption_by_default": [
{
"kms_master_key_id": "arn:aws:kms:us-west-2:99999999999:key/fab4808a-c8b3-45b9-bcfe-87e138fe7592",
"sse_algorithm": "aws:kms"
}
],
"bucket_key_enabled": true
}
],
"expected_bucket_owner": "",
"bucket": "saf-s3-demo-std-bucket-bucket"
},
"after": {
"id": "saf-s3-demo-std-bucket-bucket",
"rule": [
{
"apply_server_side_encryption_by_default": [
{
"kms_master_key_id": "arn:aws:kms:us-west-2:99999999999:key/fab4808a-c8b3-45b9-bcfe-87e138fe7592",
"sse_algorithm": "aws:kms"
}
],
"bucket_key_enabled": true
}
],
"expected_bucket_owner": "",
"bucket": "saf-s3-demo-std-bucket-bucket"
},
"actions": [
"no-op"
]
},
"provider_name": "registry.terraform.io/hashicorp/aws",
"index": "saf-s3-demo-std-bucket-bucket",
"module_address": "module.s3_module"
},
{
"address": "module.s3_module.aws_s3_bucket_versioning.s3_versioning[\"saf-s3-demo-std-bucket-bucket\"]",
"type": "aws_s3_bucket_versioning",
"name": "s3_versioning",
"mode": "managed",
"change": {
"after_unknown": {},
"after_sensitive": {
"versioning_configuration": [
{}
]
},
"before_sensitive": {
"versioning_configuration": [
{}
]
},
"before": {
"id": "saf-s3-demo-std-bucket-bucket",
"versioning_configuration": [
{
"mfa_delete": "",
"status": "Enabled"
}
],
"expected_bucket_owner": "",
"bucket": "saf-s3-demo-std-bucket-bucket",
"mfa": null
},
"after": {
"id": "saf-s3-demo-std-bucket-bucket",
"versioning_configuration": [
{
"mfa_delete": "",
"status": "Enabled"
}
],
"expected_bucket_owner": "",
"bucket": "saf-s3-demo-std-bucket-bucket",
"mfa": null
},
"actions": [
"no-op"
]
},
"provider_name": "registry.terraform.io/hashicorp/aws",
"index": "saf-s3-demo-std-bucket-bucket",
"module_address": "module.s3_module"
},
{
"address": "module.s3_module.aws_s3_bucket_versioning.source_bucket_versioning[\"saf-s3-demo-std-bucket-bucket\"]",
"type": "aws_s3_bucket_versioning",
"name": "source_bucket_versioning",
"mode": "managed",
"change": {
"after_unknown": {},
"after_sensitive": {
"versioning_configuration": [
{}
]
},
"before_sensitive": {
"versioning_configuration": [
{}
]
},
"before": {
"id": "saf-s3-demo-std-bucket-bucket",
"versioning_configuration": [
{
"mfa_delete": "",
"status": "Enabled"
}
],
"expected_bucket_owner": "",
"bucket": "saf-s3-demo-std-bucket-bucket",
"mfa": null
},
"after": {
"id": "saf-s3-demo-std-bucket-bucket",
"versioning_configuration": [
{
"mfa_delete": "",
"status": "Enabled"
}
],
"expected_bucket_owner": "",
"bucket": "saf-s3-demo-std-bucket-bucket",
"mfa": null
},
"actions": [
"no-op"
]
},
"provider_name": "registry.terraform.io/hashicorp/aws",
"index": "saf-s3-demo-std-bucket-bucket",
"module_address": "module.s3_module"
}
],
"configuration": {
"provider_config": {
"aws.us-east-2": {
"expressions": {
"region": {
"constant_value": "us-east-2"
}
},
"alias": "us-east-2",
"name": "aws",
"full_name": "registry.terraform.io/hashicorp/aws"
},
"aws": {
"expressions": {
"region": {
"references": [
"var.default_region"
]
}
},
"name": "aws",
"full_name": "registry.terraform.io/hashicorp/aws"
},
"aws.us-west-2": {
"expressions": {
"region": {
"constant_value": "us-west-2"
}
},
"alias": "us-west-2",
"name": "aws",
"full_name": "registry.terraform.io/hashicorp/aws"
}
},
"root_module": {
"resources": [
{
"address": "data.aws_caller_identity.current",
"type": "aws_caller_identity",
"name": "current",
"mode": "data",
"provider_config_key": "aws",
"schema_version": 0
},
{
"expressions": {
"statement": [
{
"effect": {
"constant_value": "Allow"
},
"sid": {
"constant_value": "Enable IAM Permissions"
},
"principals": [
{
"type": {
"constant_value": "AWS"
},
"identifiers": {
"references": [
"local.kms_key_admin_arn"
]
}
}
],
"resources": {
"constant_value": [
"*"
]
},
"actions": {
"constant_value": [
"kms:*"
]
}
},
{
"effect": {
"constant_value": "Allow"
},
"sid": {
"constant_value": "Allow CloudTrail to use the key"
},
"principals": [
{
"type": {
"constant_value": "Service"
},
"identifiers": {
"constant_value": [
"cloudtrail.amazonaws.com",
"s3.amazonaws.com"
]
}
}
],
"resources": {
"constant_value": [
"*"
]
},
"actions": {
"constant_value": [
"kms:Encrypt",
"kms:Decrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*",
"kms:DescribeKey"
]
}
},
{
"effect": {
"constant_value": "Deny"
},
"sid": {
"constant_value": "DenyNotLocalAccount"
},
"condition": [
{
"values": {
"references": [
"local.current_account_number"
]
},
"variable": {
"constant_value": "kms:CallerAccount"
},
"test": {
"constant_value": "StringNotEquals"
}
},
{
"values": {
"constant_value": [
"cloudtrail.amazonaws.com",
"s3.amazonaws.com"
]
},
"variable": {
"constant_value": "kms:ViaService"
},
"test": {
"constant_value": "StringNotEquals"
}
}
],
"principals": [
{
"type": {
"constant_value": "AWS"
},
"identifiers": {
"constant_value": [
"*"
]
}
}
],
"resources": {
"constant_value": [
"*"
]
},
"actions": {
"constant_value": [
"kms:Encrypt",
"kms:Decrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*",
"kms:DescribeKey"
]
}
},
{
"effect": {
"constant_value": "Deny"
},
"sid": {
"constant_value": "DenyNotPrivateIp"
},
"condition": [
{
"values": {
"constant_value": [
"10.0.0.0/8",
"172.16.0.0/12",
"192.168.0.0/16"
]
},
"variable": {
"constant_value": "aws:SourceIp"
},
"test": {
"constant_value": "NotIpAddress"
}
},
{
"values": {
"constant_value": [
"false"
]
},
"variable": {
"constant_value": "kms:ViaService"
},
"test": {
"constant_value": "Bool"
}
}
],
"principals": [
{
"type": {
"constant_value": "AWS"
},
"identifiers": {
"constant_value": [
"*"
]
}
}
],
"resources": {
"constant_value": [
"*"
]
},
"actions": {
"constant_value": [
"kms:Encrypt",
"kms:Decrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*",
"kms:DescribeKey"
]
}
}
]
},
"address": "data.aws_iam_policy_document.kms_key_policy",
"type": "aws_iam_policy_document",
"name": "kms_key_policy",
"mode": "data",
"provider_config_key": "aws",
"schema_version": 0
}
],
"module_calls": {
"kms_module": {
"expressions": {
"key_data": {
"references": [
"local.kms_key_data"
]
},
"tags": {
"references": [
"local.global_tags"
]
}
},
"module": {
"outputs": {
"kms_key_aliases": {
"expression": {
"references": [
"aws_kms_alias.key_alias"
]
}
},
"kms_keys": {
"expression": {
"references": [
"aws_kms_key.the_key"
]
}
}
},
"resources": [
{
"expressions": {
"target_key_id": {
"references": [
"aws_kms_key.the_key",
"each.key"
]
},
"name": {
"references": [
"each.key"
]
}
},
"address": "aws_kms_alias.key_alias",
"type": "aws_kms_alias",
"name": "key_alias",
"mode": "managed",
"for_each_expression": {
"references": [
"var.key_data"
]
},
"provider_config_key": "aws",
"schema_version": 0
},
{
"expressions": {
"description": {
"references": [
"each.value.description",
"each.value"
]
},
"enable_key_rotation": {
"constant_value": true
},
"policy": {
"references": [
"each.value.policy",
"each.value"
]
},
"tags": {
"references": [
"var.tags"
]
},
"multi_region": {
"constant_value": false
}
},
"address": "aws_kms_key.the_key",
"type": "aws_kms_key",
"name": "the_key",
"mode": "managed",
"for_each_expression": {
"references": [
"var.key_data"
]
},
"provider_config_key": "aws",
"schema_version": 0
}
],
"variables": {
"key_data": {
"description": "The configuration of the KMS key(s) to bne created. Please See example."
},
"tags": {
"description": "A list of common tags to be applied to all objects that support tags."
}
}
},
"source": "../../../modules/kms"
},
"s3_module": {
"expressions": {
"s3_bucket": {
"references": [
"local.s3_bucket_info"
]
},
"tags": {
"references": [
"local.global_tags"
]
},
"kms_keys": {
"references": [
"module.kms_module.kms_key_aliases",
"module.kms_module"
]
}
},
"module": {
"outputs": {
"s3_bucket_info": {
"expression": {
"references": [
"aws_s3_bucket.s3_bucket"
]
}
},
"s3_other_policy_attached": {
"expression": {
"references": [
"aws_s3_bucket_policy.other_policies"
]
}
}
},
"resources": [
{
"expressions": {
"advanced_event_selector": [
{
"field_selector": [
{
"field": {
"constant_value": "eventCategory"
},
"equals": {
"constant_value": [
"Data"
]
}
},
{
"starts_with": {
"references": [
"each.value.bucket",
"each.value"
]
},
"field": {
"constant_value": "resources.ARN"
}
},
{
"field": {
"constant_value": "resources.type"
},
"equals": {
"constant_value": [
"AWS::S3::Object"
]
}
}
]
}
],
"include_global_service_events": {
"constant_value": false
},
"enable_log_file_validation": {
"constant_value": true
},
"kms_key_id": {
"references": [
"each.value.kms_key",
"each.value"
]
},
"tags": {
"references": [
"var.tags"
]
},
"name": {
"references": [
"each.value.bucket",
"each.value"
]
},
"s3_key_prefix": {
"references": [
"each.value.prefix",
"each.value"
]
},
"s3_bucket_name": {
"references": [
"each.value.target_bucket",
"each.value"
]
}
},
"address": "aws_cloudtrail.object_logging",
"type": "aws_cloudtrail",
"depends_on": [
"aws_s3_bucket.s3_bucket",
"aws_s3_bucket_policy.other_policies"
],
"name": "object_logging",
"mode": "managed",
"for_each_expression": {
"references": [
"local.object_logging_destinations"
]
},
"provider_config_key": "aws",
"schema_version": 0
},
{
"expressions": {
"assume_role_policy": {
"references": [
"data.aws_iam_policy_document.assume_role_policy.json",
"data.aws_iam_policy_document.assume_role_policy"
]
},
"tags": {
"references": [
"var.tags"
]
},
"name": {
"references": [
"each.key"
]
}
},
"address": "aws_iam_role.bucket_replication_role",
"type": "aws_iam_role",
"depends_on": [
"aws_s3_bucket.s3_bucket"
],
"name": "bucket_replication_role",
"mode": "managed",
"for_each_expression": {
"references": [
"var.s3_bucket"
]
},
"provider_config_key": "aws",
"schema_version": 0
},
{
"expressions": {
"tags": {
"references": [
"var.tags",
"var.s3_bucket",
"each.key"
]
},
"bucket": {
"references": [
"each.key"
]
},
"force_destroy": {
"constant_value": true
}
},
"address": "aws_s3_bucket.s3_bucket",
"type": "aws_s3_bucket",
"name": "s3_bucket",
"mode": "managed",
"for_each_expression": {
"references": [
"var.s3_bucket"
]
},
"provider_config_key": "aws",
"schema_version": 0
},
{
"expressions": {
"bucket": {
"references": [
"each.key"
]
}
},
"address": "aws_s3_bucket_acl.s3_acl",
"type": "aws_s3_bucket_acl",
"depends_on": [
"aws_s3_bucket.s3_bucket"
],
"name": "s3_acl",
"mode": "managed",
"for_each_expression": {
"references": [
"var.s3_bucket"
]
},
"provider_config_key": "aws",
"schema_version": 0
},
{
"expressions": {
"target_prefix": {
"references": [
"each.value.prefix",
"each.value"
]
},
"target_bucket": {
"references": [
"each.value.target_bucket",
"each.value"
]
},
"bucket": {
"references": [
"each.value.bucket",
"each.value"
]
}
},
"address": "aws_s3_bucket_logging.s3_logging",
"type": "aws_s3_bucket_logging",
"depends_on": [
"aws_s3_bucket.s3_bucket"
],
"name": "s3_logging",
"mode": "managed",
"for_each_expression": {
"references": [
"local.logging_destinations"
]
},
"provider_config_key": "aws",
"schema_version": 0
},
{
"expressions": {
"policy": {
"references": [
"data.aws_iam_policy_document.default_bucket_policy",
"each.key"
]
},
"bucket": {
"references": [
"each.key"
]
}
},
"address": "aws_s3_bucket_policy.other_policies",
"type": "aws_s3_bucket_policy",
"depends_on": [
"aws_s3_bucket.s3_bucket",
"aws_s3_bucket_public_access_block.s3_bucket_access"
],
"name": "other_policies",
"mode": "managed",
"for_each_expression": {
"references": [
"var.s3_bucket"
]
},
"provider_config_key": "aws",
"schema_version": 0
},
{
"expressions": {
"restrict_public_buckets": {
"constant_value": true
},
"block_public_policy": {
"constant_value": true
},
"block_public_acls": {
"constant_value": true
},
"bucket": {
"references": [
"aws_s3_bucket.s3_bucket",
"each.key"
]
},
"ignore_public_acls": {
"constant_value": true
}
},
"address": "aws_s3_bucket_public_access_block.s3_bucket_access",
"type": "aws_s3_bucket_public_access_block",
"depends_on": [
"aws_s3_bucket.s3_bucket"
],
"name": "s3_bucket_access",
"mode": "managed",
"for_each_expression": {
"references": [
"aws_s3_bucket.s3_bucket"
]
},
"provider_config_key": "aws",
"schema_version": 0
},
{
"expressions": {
"bucket": {
"references": [
"each.key"
]
},
"role": {
"references": [
"aws_iam_role.bucket_replication_role",
"each.key"
]
}
},
"address": "aws_s3_bucket_replication_configuration.bucket_replication",
"type": "aws_s3_bucket_replication_configuration",
"depends_on": [
"aws_s3_bucket.s3_bucket"
],
"name": "bucket_replication",
"mode": "managed",
"for_each_expression": {
"references": [
"var.s3_bucket"
]
},
"provider_config_key": "aws",
"schema_version": 0
},
{
"expressions": {
"rule": [
{
"apply_server_side_encryption_by_default": [
{
"kms_master_key_id": {
"references": [
"local.kms_key_lookup",
"each.value.kms_key_name",
"each.value",
"local.kms_key_lookup",
"each.value.kms_key_name",
"each.value"
]
},
"sse_algorithm": {
"references": [
"local.kms_key_lookup",
"each.value.kms_key_name",
"each.value"
]
}
}
],
"bucket_key_enabled": {
"constant_value": true
}
}
],
"bucket": {
"references": [
"each.key"
]
}
},
"address": "aws_s3_bucket_server_side_encryption_configuration.s3_sse",
"type": "aws_s3_bucket_server_side_encryption_configuration",
"depends_on": [
"aws_s3_bucket.s3_bucket"
],
"name": "s3_sse",
"mode": "managed",
"for_each_expression": {
"references": [
"var.s3_bucket"
]
},
"provider_config_key": "aws",
"schema_version": 0
},
{
"expressions": {
"versioning_configuration": [
{
"status": {
"references": [
"each.value.versioning_enabled",
"each.value",
"each.value.versioning_enabled",
"each.value"
]
}
}
],
"bucket": {
"references": [
"each.key"
]
}
},
"address": "aws_s3_bucket_versioning.s3_versioning",
"type": "aws_s3_bucket_versioning",
"depends_on": [
"aws_s3_bucket.s3_bucket"
],
"name": "s3_versioning",
"mode": "managed",
"for_each_expression": {
"references": [
"var.s3_bucket"
]
},
"provider_config_key": "aws",
"schema_version": 0
},
{
"expressions": {
"versioning_configuration": [
{
"status": {
"references": [
"each.value.versioning_enabled",
"each.value",
"each.value.versioning_enabled",
"each.value"
]
}
}
],
"bucket": {
"references": [
"aws_s3_bucket.s3_bucket",
"each.key"
]
}
},
"address": "aws_s3_bucket_versioning.source_bucket_versioning",
"type": "aws_s3_bucket_versioning",
"depends_on": [
"aws_s3_bucket.s3_bucket"
],
"name": "source_bucket_versioning",
"mode": "managed",
"for_each_expression": {
"references": [
"var.s3_bucket"
]
},
"provider_config_key": "aws",
"schema_version": 0
},
{
"address": "data.aws_caller_identity.current",
"type": "aws_caller_identity",
"name": "current",
"mode": "data",
"provider_config_key": "aws",
"schema_version": 0
},
{
"address": "data.aws_canonical_user_id.current_user",
"type": "aws_canonical_user_id",
"name": "current_user",
"mode": "data",
"provider_config_key": "aws",
"schema_version": 0
},
{
"expressions": {
"statement": [
{
"effect": {
"constant_value": "Allow"
},
"principals": [
{
"type": {
"constant_value": "Service"
},
"identifiers": {
"constant_value": [
"s3.amazonaws.com"
]
}
}
],
"actions": {
"constant_value": [
"sts:AssumeRole"
]
}
}
]
},
"address": "data.aws_iam_policy_document.assume_role_policy",
"type": "aws_iam_policy_document",
"name": "assume_role_policy",
"mode": "data",
"provider_config_key": "aws",
"schema_version": 0
},
{
"expressions": {
"source_policy_documents": {
"references": [
"each.value.original_statement",
"each.value",
"each.value.saf_statement",
"each.value"
]
}
},
"address": "data.aws_iam_policy_document.default_bucket_policy",
"type": "aws_iam_policy_document",
"name": "default_bucket_policy",
"mode": "data",
"for_each_expression": {
"references": [
"local.enhanced_bucket_policy"
]
},
"provider_config_key": "aws",
"schema_version": 0
},
{
"expressions": {
"statement": [
{
"effect": {
"constant_value": "Allow"
},
"resources": {
"references": [
"aws_s3_bucket.s3_bucket",
"each.key"
]
},
"actions": {
"constant_value": [
"s3:GetReplicationConfiguration",
"s3:ListBucket"
]
}
},
{
"effect": {
"constant_value": "Allow"
},
"resources": {
"references": [
"aws_s3_bucket.s3_bucket",
"each.key"
]
},
"actions": {
"constant_value": [
"s3:GetObjectVersionForReplication",
"s3:GetObjectVersionAcl",
"s3:GetObjectVersionTagging"
]
}
}
]
},
"address": "data.aws_iam_policy_document.replication_policy",
"type": "aws_iam_policy_document",
"depends_on": [
"aws_s3_bucket.s3_bucket"
],
"name": "replication_policy",
"mode": "data",
"for_each_expression": {
"references": [
"var.s3_bucket"
]
},
"provider_config_key": "aws",
"schema_version": 0
},
{
"address": "data.aws_region.current",
"type": "aws_region",
"name": "current",
"mode": "data",
"provider_config_key": "aws",
"schema_version": 0
},
{
"address": "data.aws_region.secondary_region",
"type": "aws_region",
"name": "secondary_region",
"mode": "data",
"provider_config_key": "aws.us-east-2",
"schema_version": 0
}
],
"variables": {
"s3_bucket": {},
"tags": {},
"kms_keys": {}
}
},
"source": "../../../modules/s3"
}
},
"variables": {
"dst_region": {
"default": "us-east-2"
},
"profile": {
"default": "rdt"
},
"src_region": {
"default": "us-west-2"
},
"default_region": {
"default": "us-west-2"
}
}
}
},
"terraform_version": "1.3.7",
"variables": {
"dst_region": {
"value": "us-east-2"
},
"profile": {
"value": "rdt"
},
"src_region": {
"value": "us-west-2"
},
"default_region": {
"value": "us-west-2"
}
},
"planned_values": {
"root_module": {
"child_modules": [
{
"address": "module.kms_module",
"resources": [
{
"values": {
"id": "alias/saf_s3_demo_std_bucket_cloudtrail_key",
"arn": "arn:aws:kms:us-west-2:99999999999:alias/saf_s3_demo_std_bucket_cloudtrail_key",
"target_key_id": "bb8bb8bb-8bb8-bb8b-b8bb-8bb8bb8bb8b",
"name": "alias/saf_s3_demo_std_bucket_cloudtrail_key",
"name_prefix": "",
"target_key_arn": "arn:aws:kms:us-west-2:99999999999:key/bb8bb8bb-8bb8-bb8b-b8bb-8bb8bb8bb8b"
},
"address": "module.kms_module.aws_kms_alias.key_alias[\"saf_s3_demo_std_bucket_cloudtrail_key\"]",
"type": "aws_kms_alias",
"sensitive_values": {},
"name": "key_alias",
"mode": "managed",
"schema_version": 0,
"provider_name": "registry.terraform.io/hashicorp/aws",
"index": "saf_s3_demo_std_bucket_cloudtrail_key"
},
{
"values": {
"id": "alias/saf_s3_demo_std_bucket_s3_key",
"arn": "arn:aws:kms:us-west-2:99999999999:alias/saf_s3_demo_std_bucket_s3_key",
"target_key_id": "fab4808a-c8b3-45b9-bcfe-87e138fe7592",
"name": "alias/saf_s3_demo_std_bucket_s3_key",
"name_prefix": "",
"target_key_arn": "arn:aws:kms:us-west-2:99999999999:key/fab4808a-c8b3-45b9-bcfe-87e138fe7592"
},
"address": "module.kms_module.aws_kms_alias.key_alias[\"saf_s3_demo_std_bucket_s3_key\"]",
"type": "aws_kms_alias",
"sensitive_values": {},
"name": "key_alias",
"mode": "managed",
"schema_version": 0,
"provider_name": "registry.terraform.io/hashicorp/aws",
"index": "saf_s3_demo_std_bucket_s3_key"
},
{
"values": {
"tags_all": {
"Expire": "31 March 2023",
"CreatorId": "XXXXXXXXXXXXXXXXXXXX",
"CreatorName": "email@address.com",
"Project": "Demo",
"Owner": "Some Guy"
},
"description": "Key for CloudTrail encryption",
"key_id": "bb8bb8bb-8bb8-bb8b-b8bb-8bb8bb8bb8b",
"bypass_policy_lockout_safety_check": false,
"id": "bb8bb8bb-8bb8-bb8b-b8bb-8bb8bb8bb8b",
"enable_key_rotation": true,
"arn": "arn:aws:kms:us-west-2:99999999999:key/bb8bb8bb-8bb8-bb8b-b8bb-8bb8bb8bb8b",
"policy": "{\"Statement\":[{\"Action\":\"kms:*\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::99999999999:role/AWS-InnovationLabs-RDT-West-Admins\"},\"Resource\":\"*\",\"Sid\":\"Enable IAM Permissions\"},{\"Action\":[\"kms:ReEncrypt*\",\"kms:GenerateDataKey*\",\"kms:Encrypt\",\"kms:DescribeKey\",\"kms:Decrypt\"],\"Effect\":\"Allow\",\"Principal\":{\"Service\":[\"s3.amazonaws.com\",\"cloudtrail.amazonaws.com\"]},\"Resource\":\"*\",\"Sid\":\"Allow CloudTrail to use the key\"},{\"Action\":[\"kms:ReEncrypt*\",\"kms:GenerateDataKey*\",\"kms:Encrypt\",\"kms:DescribeKey\",\"kms:Decrypt\"],\"Condition\":{\"StringNotEquals\":{\"kms:CallerAccount\":\"99999999999\",\"kms:ViaService\":[\"cloudtrail.amazonaws.com\",\"s3.amazonaws.com\"]}},\"Effect\":\"Deny\",\"Principal\":{\"AWS\":\"*\"},\"Resource\":\"*\",\"Sid\":\"DenyNotLocalAccount\"},{\"Action\":[\"kms:ReEncrypt*\",\"kms:GenerateDataKey*\",\"kms:Encrypt\",\"kms:DescribeKey\",\"kms:Decrypt\"],\"Condition\":{\"Bool\":{\"kms:ViaService\":\"false\"},\"NotIpAddress\":{\"aws:SourceIp\":[\"10.0.0.0/8\",\"172.16.0.0/12\",\"192.168.0.0/16\"]}},\"Effect\":\"Deny\",\"Principal\":{\"AWS\":\"*\"},\"Resource\":\"*\",\"Sid\":\"DenyNotPrivateIp\"}],\"Version\":\"2012-10-17\"}",
"tags": {
"Expire": "31 March 2023",
"CreatorId": "XXXXXXXXXXXXXXXXXXXX",
"CreatorName": "email@address.com",
"Project": "Demo",
"Owner": "Some Guy"
},
"key_usage": "ENCRYPT_DECRYPT",
"multi_region": false,
"customer_master_key_spec": "SYMMETRIC_DEFAULT",
"custom_key_store_id": "",
"is_enabled": true,
"deletion_window_in_days": null
},
"address": "module.kms_module.aws_kms_key.the_key[\"saf_s3_demo_std_bucket_cloudtrail_key\"]",
"type": "aws_kms_key",
"sensitive_values": {
"tags_all": {},
"tags": {}
},
"name": "the_key",
"mode": "managed",
"schema_version": 0,
"provider_name": "registry.terraform.io/hashicorp/aws",
"index": "saf_s3_demo_std_bucket_cloudtrail_key"
},
{
"values": {
"tags_all": {
"Expire": "31 March 2023",
"CreatorId": "XXXXXXXXXXXXXXXXXXXX",
"CreatorName": "email@address.com",
"Project": "Demo",
"Owner": "Some Guy"
},
"description": "Key for S3 encryption",
"key_id": "fab4808a-c8b3-45b9-bcfe-87e138fe7592",
"bypass_policy_lockout_safety_check": false,
"id": "fab4808a-c8b3-45b9-bcfe-87e138fe7592",
"enable_key_rotation": true,
"arn": "arn:aws:kms:us-west-2:99999999999:key/fab4808a-c8b3-45b9-bcfe-87e138fe7592",
"policy": "{\"Statement\":[{\"Action\":\"kms:*\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::99999999999:role/AWS-InnovationLabs-RDT-West-Admins\"},\"Resource\":\"*\",\"Sid\":\"Enable IAM Permissions\"},{\"Action\":[\"kms:ReEncrypt*\",\"kms:GenerateDataKey*\",\"kms:Encrypt\",\"kms:DescribeKey\",\"kms:Decrypt\"],\"Effect\":\"Allow\",\"Principal\":{\"Service\":[\"s3.amazonaws.com\",\"cloudtrail.amazonaws.com\"]},\"Resource\":\"*\",\"Sid\":\"Allow CloudTrail to use the key\"},{\"Action\":[\"kms:ReEncrypt*\",\"kms:GenerateDataKey*\",\"kms:Encrypt\",\"kms:DescribeKey\",\"kms:Decrypt\"],\"Condition\":{\"StringNotEquals\":{\"kms:CallerAccount\":\"99999999999\",\"kms:ViaService\":[\"cloudtrail.amazonaws.com\",\"s3.amazonaws.com\"]}},\"Effect\":\"Deny\",\"Principal\":{\"AWS\":\"*\"},\"Resource\":\"*\",\"Sid\":\"DenyNotLocalAccount\"},{\"Action\":[\"kms:ReEncrypt*\",\"kms:GenerateDataKey*\",\"kms:Encrypt\",\"kms:DescribeKey\",\"kms:Decrypt\"],\"Condition\":{\"Bool\":{\"kms:ViaService\":\"false\"},\"NotIpAddress\":{\"aws:SourceIp\":[\"10.0.0.0/8\",\"172.16.0.0/12\",\"192.168.0.0/16\"]}},\"Effect\":\"Deny\",\"Principal\":{\"AWS\":\"*\"},\"Resource\":\"*\",\"Sid\":\"DenyNotPrivateIp\"}],\"Version\":\"2012-10-17\"}",
"tags": {
"Expire": "31 March 2023",
"CreatorId": "XXXXXXXXXXXXXXXXXXXX",
"CreatorName": "email@address.com",
"Project": "Demo",
"Owner": "Some Guy"
},
"key_usage": "ENCRYPT_DECRYPT",
"multi_region": false,
"customer_master_key_spec": "SYMMETRIC_DEFAULT",
"custom_key_store_id": "",
"is_enabled": true,
"deletion_window_in_days": null
},
"address": "module.kms_module.aws_kms_key.the_key[\"saf_s3_demo_std_bucket_s3_key\"]",
"type": "aws_kms_key",
"sensitive_values": {
"tags_all": {},
"tags": {}
},
"name": "the_key",
"mode": "managed",
"schema_version": 0,
"provider_name": "registry.terraform.io/hashicorp/aws",
"index": "saf_s3_demo_std_bucket_s3_key"
}
]
},
{
"address": "module.s3_module",
"resources": [
{
"values": {
"tags_all": {
"Expire": "31 March 2023",
"CreatorId": "XXXXXXXXXXXXXXXXXXXX",
"CreatorName": "email@address.com",
"Project": "Demo",
"Owner": "Some Guy"
},
"advanced_event_selector": [
{
"field_selector": [
{
"ends_with": [],
"starts_with": [],
"field": "resources.type",
"equals": [
"AWS::S3::Object"
],
"not_ends_with": [],
"not_equals": [],
"not_starts_with": []
},
{
"ends_with": [],
"starts_with": [],
"field": "eventCategory",
"equals": [
"Data"
],
"not_ends_with": [],
"not_equals": [],
"not_starts_with": []
},
{
"ends_with": [],
"starts_with": [
"arn:aws:s3:::saf-s3-demo-std-bucket-bucket/"
],
"field": "resources.ARN",
"equals": [],
"not_ends_with": [],
"not_equals": [],
"not_starts_with": []
}
],
"name": ""
}
],
"include_global_service_events": false,
"id": "saf-s3-demo-std-bucket-bucket_logging",
"enable_log_file_validation": true,
"kms_key_id": "arn:aws:kms:us-west-2:99999999999:alias/saf_s3_demo_std_bucket_cloudtrail_key",
"is_multi_region_trail": false,
"arn": "arn:aws:cloudtrail:us-west-2:99999999999:trail/saf-s3-demo-std-bucket-bucket_logging",
"tags": {
"Expire": "31 March 2023",
"CreatorId": "XXXXXXXXXXXXXXXXXXXX",
"CreatorName": "email@address.com",
"Project": "Demo",
"Owner": "Some Guy"
},
"name": "saf-s3-demo-std-bucket-bucket_logging",
"home_region": "us-west-2",
"insight_selector": [],
"event_selector": [],
"is_organization_trail": false,
"enable_logging": true,
"sns_topic_name": "",
"cloud_watch_logs_role_arn": "",
"s3_key_prefix": "object_logs",
"cloud_watch_logs_group_arn": "",
"s3_bucket_name": "saf-s3-logging-bucket-demo-bucket"
},
"address": "module.s3_module.aws_cloudtrail.object_logging[\"0\"]",
"type": "aws_cloudtrail",
"sensitive_values": {
"tags_all": {},
"advanced_event_selector": [
{
"field_selector": [
{
"ends_with": [],
"starts_with": [],
"equals": [
false
],
"not_ends_with": [],
"not_equals": [],
"not_starts_with": []
},
{
"ends_with": [],
"starts_with": [],
"equals": [
false
],
"not_ends_with": [],
"not_equals": [],
"not_starts_with": []
},
{
"ends_with": [],
"starts_with": [
false
],
"equals": [],
"not_ends_with": [],
"not_equals": [],
"not_starts_with": []
}
]
}
],
"tags": {},
"insight_selector": [],
"event_selector": []
},
"name": "object_logging",
"mode": "managed",
"schema_version": 0,
"provider_name": "registry.terraform.io/hashicorp/aws",
"index": "0"
},
{
"values": {
"tags_all": {
"Expire": "31 March 2023",
"CreatorId": "XXXXXXXXXXXXXXXXXXXX",
"CreatorName": "email@address.com",
"Project": "Demo",
"Owner": "Some Guy"
},
"description": "",
"permissions_boundary": null,
"id": "saf-s3-demo-std-bucket-bucket",
"assume_role_policy": "{\"Statement\":[{\"Action\":\"sts:AssumeRole\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"s3.amazonaws.com\"},\"Sid\":\"\"}],\"Version\":\"2012-10-17\"}",
"arn": "arn:aws:iam::99999999999:role/saf-s3-demo-std-bucket-bucket",
"tags": {
"Expire": "31 March 2023",
"CreatorId": "XXXXXXXXXXXXXXXXXXXX",
"CreatorName": "email@address.com",
"Project": "Demo",
"Owner": "Some Guy"
},
"force_detach_policies": false,
"name": "saf-s3-demo-std-bucket-bucket",
"inline_policy": [],
"name_prefix": "",
"max_session_duration": 3600,
"create_date": "2023-01-31T23:48:00Z",
"path": "/",
"managed_policy_arns": [],
"unique_id": "AROAZGGUE3TSSATBCWNIV"
},
"address": "module.s3_module.aws_iam_role.bucket_replication_role[\"saf-s3-demo-std-bucket-bucket\"]",
"type": "aws_iam_role",
"sensitive_values": {
"tags_all": {},
"tags": {},
"inline_policy": [],
"managed_policy_arns": []
},
"name": "bucket_replication_role",
"mode": "managed",
"schema_version": 0,
"provider_name": "registry.terraform.io/hashicorp/aws",
"index": "saf-s3-demo-std-bucket-bucket"
},
{
"values": {
"tags_all": {
"Expire": "31 March 2023",
"CreatorId": "XXXXXXXXXXXXXXXXXXXX",
"CreatorName": "email@address.com",
"Project": "Demo",
"Name": "S3 SAF Demo Bucket",
"Owner": "Some Guy"
},
"server_side_encryption_configuration": [
{
"rule": [
{
"apply_server_side_encryption_by_default": [
{
"kms_master_key_id": "arn:aws:kms:us-west-2:99999999999:key/fab4808a-c8b3-45b9-bcfe-87e138fe7592",
"sse_algorithm": "aws:kms"
}
],
"bucket_key_enabled": true
}
]
}
],
"hosted_zone_id": "Z3BJ6K6RIION7M",
"id": "saf-s3-demo-std-bucket-bucket",
"website": [],
"website_domain": null,
"arn": "arn:aws:s3:::saf-s3-demo-std-bucket-bucket",
"policy": "{\"Statement\":[{\"Action\":\"s3:*\",\"Condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}},\"Effect\":\"Deny\",\"NotPrincipal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":[\"arn:aws:s3:::saf-s3-demo-std-bucket-bucket\",\"arn:aws:s3:::saf-s3-demo-std-bucket-bucket/*\"],\"Sid\":\"\"}],\"Version\":\"2012-10-17\"}",
"region": "us-west-2",
"object_lock_enabled": false,
"object_lock_configuration": [],
"tags": {
"Expire": "31 March 2023",
"CreatorId": "XXXXXXXXXXXXXXXXXXXX",
"CreatorName": "email@address.com",
"Project": "Demo",
"Name": "S3 SAF Demo Bucket",
"Owner": "Some Guy"
},
"logging": [
{
"target_prefix": "s3_logs/",
"target_bucket": "saf-s3-logging-bucket-demo-bucket"
}
],
"bucket_prefix": null,
"request_payer": "BucketOwner",
"cors_rule": [],
"bucket_domain_name": "saf-s3-demo-std-bucket-bucket.s3.amazonaws.com",
"bucket_regional_domain_name": "saf-s3-demo-std-bucket-bucket.s3.us-west-2.amazonaws.com",
"lifecycle_rule": [],
"acceleration_status": "",
"timeouts": null,
"replication_configuration": [],
"grant": [
{
"id": "4664f5415d52feb2d1fc6aaca001ac91de2ee758aacb86c8f788d34e66be08a2",
"type": "CanonicalUser",
"permissions": [
"FULL_CONTROL"
],
"uri": ""
}
],
"bucket": "saf-s3-demo-std-bucket-bucket",
"versioning": [
{
"mfa_delete": false,
"enabled": true
}
],
"acl": null,
"force_destroy": true,
"website_endpoint": null
},
"address": "module.s3_module.aws_s3_bucket.s3_bucket[\"saf-s3-demo-std-bucket-bucket\"]",
"type": "aws_s3_bucket",
"sensitive_values": {
"tags_all": {},
"server_side_encryption_configuration": [
{
"rule": [
{
"apply_server_side_encryption_by_default": [
{}
]
}
]
}
],
"website": [],
"object_lock_configuration": [],
"tags": {},
"logging": [
{}
],
"cors_rule": [],
"lifecycle_rule": [],
"replication_configuration": [],
"grant": [
{
"permissions": [
false
]
}
],
"versioning": [
{}
]
},
"name": "s3_bucket",
"mode": "managed",
"schema_version": 0,
"provider_name": "registry.terraform.io/hashicorp/aws",
"index": "saf-s3-demo-std-bucket-bucket"
},
{
"values": {
"id": "saf-s3-demo-std-bucket-bucket",
"access_control_policy": [
{
"owner": [
{
"id": "4664f5415d52feb2d1fc6aaca001ac91de2ee758aacb86c8f788d34e66be08a2",
"display_name": "aws-innovationlabs-rdt-west"
}
],
"grant": [
{
"permission": "FULL_CONTROL",
"grantee": [
{
"id": "4664f5415d52feb2d1fc6aaca001ac91de2ee758aacb86c8f788d34e66be08a2",
"type": "CanonicalUser",
"email_address": "",
"uri": "",
"display_name": "aws-innovationlabs-rdt-west"
}
]
}
]
}
],
"expected_bucket_owner": "",
"bucket": "saf-s3-demo-std-bucket-bucket",
"acl": ""
},
"address": "module.s3_module.aws_s3_bucket_acl.s3_acl[\"saf-s3-demo-std-bucket-bucket\"]",
"type": "aws_s3_bucket_acl",
"sensitive_values": {
"access_control_policy": [
{
"owner": [
{}
],
"grant": [
{
"grantee": [
{}
]
}
]
}
]
},
"name": "s3_acl",
"mode": "managed",
"schema_version": 0,
"provider_name": "registry.terraform.io/hashicorp/aws",
"index": "saf-s3-demo-std-bucket-bucket"
},
{
"values": {
"id": "saf-s3-demo-std-bucket-bucket",
"target_grant": [],
"target_prefix": "s3_logs/",
"target_bucket": "saf-s3-logging-bucket-demo-bucket",
"expected_bucket_owner": "",
"bucket": "saf-s3-demo-std-bucket-bucket"
},
"address": "module.s3_module.aws_s3_bucket_logging.s3_logging[\"0\"]",
"type": "aws_s3_bucket_logging",
"sensitive_values": {
"target_grant": []
},
"name": "s3_logging",
"mode": "managed",
"schema_version": 0,
"provider_name": "registry.terraform.io/hashicorp/aws",
"index": "0"
},
{
"values": {
"id": "saf-s3-demo-std-bucket-bucket",
"policy": "{\"Statement\":[{\"Action\":\"s3:*\",\"Condition\":{\"Bool\":{\"aws:SecureTransport\":[\"false\"]}},\"Effect\":\"Deny\",\"NotPrincipal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Resource\":[\"arn:aws:s3:::saf-s3-demo-std-bucket-bucket\",\"arn:aws:s3:::saf-s3-demo-std-bucket-bucket/*\"],\"Sid\":\"\"}],\"Version\":\"2012-10-17\"}",
"bucket": "saf-s3-demo-std-bucket-bucket"
},
"address": "module.s3_module.aws_s3_bucket_policy.other_policies[\"saf-s3-demo-std-bucket-bucket\"]",
"type": "aws_s3_bucket_policy",
"sensitive_values": {},
"name": "other_policies",
"mode": "managed",
"schema_version": 0,
"provider_name": "registry.terraform.io/hashicorp/aws",
"index": "saf-s3-demo-std-bucket-bucket"
},
{
"values": {
"id": "saf-s3-demo-std-bucket-bucket",
"restrict_public_buckets": true,
"block_public_policy": true,
"block_public_acls": true,
"bucket": "saf-s3-demo-std-bucket-bucket",
"ignore_public_acls": true
},
"address": "module.s3_module.aws_s3_bucket_public_access_block.s3_bucket_access[\"saf-s3-demo-std-bucket-bucket\"]",
"type": "aws_s3_bucket_public_access_block",
"sensitive_values": {},
"name": "s3_bucket_access",
"mode": "managed",
"schema_version": 0,
"provider_name": "registry.terraform.io/hashicorp/aws",
"index": "saf-s3-demo-std-bucket-bucket"
},
{
"values": {
"id": "saf-s3-demo-std-bucket-bucket",
"rule": [
{
"apply_server_side_encryption_by_default": [
{
"kms_master_key_id": "arn:aws:kms:us-west-2:99999999999:key/fab4808a-c8b3-45b9-bcfe-87e138fe7592",
"sse_algorithm": "aws:kms"
}
],
"bucket_key_enabled": true
}
],
"expected_bucket_owner": "",
"bucket": "saf-s3-demo-std-bucket-bucket"
},
"address": "module.s3_module.aws_s3_bucket_server_side_encryption_configuration.s3_sse[\"saf-s3-demo-std-bucket-bucket\"]",
"type": "aws_s3_bucket_server_side_encryption_configuration",
"sensitive_values": {
"rule": [
{
"apply_server_side_encryption_by_default": [
{}
]
}
]
},
"name": "s3_sse",
"mode": "managed",
"schema_version": 0,
"provider_name": "registry.terraform.io/hashicorp/aws",
"index": "saf-s3-demo-std-bucket-bucket"
},
{
"values": {
"id": "saf-s3-demo-std-bucket-bucket",
"versioning_configuration": [
{
"mfa_delete": "",
"status": "Enabled"
}
],
"expected_bucket_owner": "",
"bucket": "saf-s3-demo-std-bucket-bucket",
"mfa": null
},
"address": "module.s3_module.aws_s3_bucket_versioning.s3_versioning[\"saf-s3-demo-std-bucket-bucket\"]",
"type": "aws_s3_bucket_versioning",
"sensitive_values": {
"versioning_configuration": [
{}
]
},
"name": "s3_versioning",
"mode": "managed",
"schema_version": 0,
"provider_name": "registry.terraform.io/hashicorp/aws",
"index": "saf-s3-demo-std-bucket-bucket"
},
{
"values": {
"id": "saf-s3-demo-std-bucket-bucket",
"versioning_configuration": [
{
"mfa_delete": "",
"status": "Enabled"
}
],
"expected_bucket_owner": "",
"bucket": "saf-s3-demo-std-bucket-bucket",
"mfa": null
},
"address": "module.s3_module.aws_s3_bucket_versioning.source_bucket_versioning[\"saf-s3-demo-std-bucket-bucket\"]",
"type": "aws_s3_bucket_versioning",
"sensitive_values": {
"versioning_configuration": [
{}
]
},
"name": "source_bucket_versioning",
"mode": "managed",
"schema_version": 0,
"provider_name": "registry.terraform.io/hashicorp/aws",
"index": "saf-s3-demo-std-bucket-bucket"
}
]
}
]
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment