Add the ability to specify cors-rules (#16)

jjungnickel · maximmi · web-flow · commit 8aea7810435d · 2020-05-20T00:56:16.000-07:00
* Add the ability to specify cors-rules

* Update readme, description

Co-authored-by: Maxim Mironenko &lt;maxim@cloudposse.com&gt;
diff --git a/README.md b/README.md
@@ -128,6 +128,7 @@ Available targets:
 | allow_encrypted_uploads_only | Set to `true` to prevent uploads of unencrypted objects to S3 bucket | bool | `false` | no |
 | allowed_bucket_actions | List of actions the user is permitted to perform on the S3 bucket | list(string) | `<list>` | no |
 | attributes | Additional attributes (e.g. `1`) | list(string) | `<list>` | no |
+| cors_rule_inputs | Specifies the allowed headers, methods, origins and exposed headers when using CORS on this bucket | object | `null` | no |
 | delimiter | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes` | string | `-` | no |
 | enable_glacier_transition | Enables the transition to AWS Glacier which can cause unnecessary costs for huge amount of small files | bool | `true` | no |
 | enable_standard_ia_transition | Enables the transition to STANDARD_IA | bool | `false` | no |
diff --git a/docs/terraform.md b/docs/terraform.md
@@ -7,6 +7,7 @@
 | allow_encrypted_uploads_only | Set to `true` to prevent uploads of unencrypted objects to S3 bucket | bool | `false` | no |
 | allowed_bucket_actions | List of actions the user is permitted to perform on the S3 bucket | list(string) | `<list>` | no |
 | attributes | Additional attributes (e.g. `1`) | list(string) | `<list>` | no |
+| cors_rule_inputs | Specifies the allowed headers, methods, origins and exposed headers when using CORS on this bucket | object | `null` | no |
 | delimiter | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes` | string | `-` | no |
 | enable_glacier_transition | Enables the transition to AWS Glacier which can cause unnecessary costs for huge amount of small files | bool | `true` | no |
 | enable_standard_ia_transition | Enables the transition to STANDARD_IA | bool | `false` | no |
diff --git a/main.tf b/main.tf
@@ -78,6 +78,18 @@ resource "aws_s3_bucket" "default" {
   }
 
   tags = module.label.tags
+  dynamic "cors_rule" {
+    for_each = var.cors_rule_inputs == null ? [] : var.cors_rule_inputs
+
+    content {
+      allowed_headers = cors_rule.value.allowed_headers
+      allowed_methods = cors_rule.value.allowed_methods
+      allowed_origins = cors_rule.value.allowed_origins
+      expose_headers  = cors_rule.value.expose_headers
+      max_age_seconds = cors_rule.value.max_age_seconds
+    }
+  }
+
 }
 
 module "s3_user" {
diff --git a/variables.tf b/variables.tf
@@ -130,6 +130,19 @@ variable "noncurrent_version_expiration_days" {
   description = "Specifies when noncurrent object versions expire"
 }
 
+variable "cors_rule_inputs" {
+  type = list(object({
+    allowed_headers = list(string)
+    allowed_methods = list(string)
+    allowed_origins = list(string)
+    expose_headers  = list(string)
+    max_age_seconds = number
+  }))
+  default = null
+
+  description = "Specifies the allowed headers, methods, origins and exposed headers when using CORS on this bucket"
+}
+
 variable "standard_transition_days" {
   type        = number
   default     = 30
@@ -171,4 +184,3 @@ variable "lifecycle_tags" {
   description = "Tags filter. Used to manage object lifecycle events"
   default     = {}
 }
-
