From 0e99f08f4f62961352a985f8d6a6c05f969bc8c6 Mon Sep 17 00:00:00 2001
From: kuntalkumarbasu <kuntalkumarbasu@gmail.com>
Date: Mon, 14 Mar 2022 15:06:29 -0400
Subject: [PATCH] feat!:BREAKING CHANGE:enable support for aws provider 4.0+

---
 README.md              |  1 +
 logs_monitoring_elb.tf | 78 ++++++++++++++++++++++++------------------
 versions.tf            |  4 +--
 3 files changed, 47 insertions(+), 36 deletions(-)

diff --git a/README.md b/README.md
index b2bae8d..136682b 100644
--- a/README.md
+++ b/README.md
@@ -72,6 +72,7 @@ Cloudwatch log sync are namspaced by module.
 
 ## Module Versions
 
+**Version 3.x.x** and greater require terraform version > 0.13.x and AWS provider > 4.0.0.
 **Version 2.x.x** and greater require terraform version > 0.13.x and AWS provider < 4.0.0.  
 **Version 1.x.x** is the latest version that support terraform version 0.12.x and AWS provider < 4.0.0.  
 When using this module, please be sure to [pin to a compatible version](https://www.terraform.io/docs/configuration/modules.html#module-versions).
diff --git a/logs_monitoring_elb.tf b/logs_monitoring_elb.tf
index 618f18e..86542f2 100644
--- a/logs_monitoring_elb.tf
+++ b/logs_monitoring_elb.tf
@@ -25,48 +25,46 @@ locals {
   elb_logs_s3_bucket = "${var.elb_logs_bucket_prefix}-${var.namespace}-${var.env}-elb-logs"
 }
 
+data aws_iam_policy_document "elb_logs" {
+  statement {
+    actions = [
+      "s3:PutObject"
+    ]
+    resources = [
+      "arn:aws:s3:::${local.elb_logs_s3_bucket}/*",
+    ]
+    principals {
+      type        = "AWS"
+      identifiers = [data.aws_elb_service_account.main.arn]
+    }
+    effect = "Allow"
+  }
+}
+
 resource "aws_s3_bucket" "elb_logs" {
   count  = var.create_elb_logs_bucket ? 1 : 0
   bucket = local.elb_logs_s3_bucket
-  acl    = "private"
-  policy = <<POLICY
-{
-  "Id": "Policy",
-  "Version": "2012-10-17",
-  "Statement": [
-    {
-      "Action": [
-        "s3:PutObject"
-      ],
-      "Effect": "Allow",
-      "Resource": "arn:aws:s3:::${local.elb_logs_s3_bucket}/*",
-      "Principal": {
-        "AWS": [
-          "${data.aws_elb_service_account.main.arn}"
-        ]
-      }
-    }
-  ]
 }
-POLICY
 
-  server_side_encryption_configuration {
-    rule {
-      apply_server_side_encryption_by_default {
-        sse_algorithm = "AES256"
-      }
-    }
-  }
+resource "aws_s3_bucket_policy" "elb_logs" {
+  count  = var.create_elb_logs_bucket ? 1 : 0
+  bucket = aws_s3_bucket.elb_logs[0].id
+  policy = data.aws_iam_policy_document.elb_logs.json
+}
 
-  lifecycle_rule {
-    id      = "log"
-    enabled = true
+resource "aws_s3_bucket_acl" "elb_logs" {
+  count  = var.create_elb_logs_bucket ? 1 : 0
+  bucket = aws_s3_bucket.elb_logs[0].id
+  acl    = "private"
+}
 
-    tags = {
-      "rule"      = "log"
-      "autoclean" = "true"
-    }
+resource "aws_s3_bucket_lifecycle_configuration" "elb_logs" {
+  count  = var.create_elb_logs_bucket ? 1 : 0
+  bucket = aws_s3_bucket.elb_logs[0].id
 
+  # Remove old versions of images after 15 days
+  rule {
+    id = "log"
     transition {
       days          = 30
       storage_class = "STANDARD_IA" # or "ONEZONE_IA"
@@ -80,5 +78,17 @@ POLICY
     expiration {
       days = 365 # store logs for one year
     }
+    status = "Enabled"
+  }
+}
+
+resource "aws_s3_bucket_server_side_encryption_configuration" "elb_logs" {
+  count  = var.create_elb_logs_bucket ? 1 : 0
+  bucket = aws_s3_bucket.elb_logs[0].id
+
+  rule {
+    apply_server_side_encryption_by_default {
+      sse_algorithm = "AES256"
+    }
   }
 }
diff --git a/versions.tf b/versions.tf
index 0aa2fca..062a569 100644
--- a/versions.tf
+++ b/versions.tf
@@ -8,8 +8,8 @@ terraform {
     }
 
     aws = {
-      source = "hashicorp/aws"
-      version = ">= 3.0, < 4"
+      source  = "hashicorp/aws"
+      version = ">= 4.0"
     }
   }
 }