From b6012908e0252157ed1e54b559985e5061dc6ea7 Mon Sep 17 00:00:00 2001
From: Alex Jurkiewicz <alex@jurkiewi.cz>
Date: Wed, 25 Aug 2021 22:58:42 +1000
Subject: [PATCH] Conditionally create aws_s3_bucket_public_access_block (#94)

* Conditionally create aws_s3_bucket_public_access_block

It's not needed if none of its options are enabled.

* Pull out an expression into a local

Co-authored-by: nitrocode <nitrocode@users.noreply.github.com>
---
 main.tf | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/main.tf b/main.tf
index 2c7c5a19..1775017f 100644
--- a/main.tf
+++ b/main.tf
@@ -7,6 +7,8 @@ locals {
   # Deprecate `replication_rules` in favor of `s3_replication_rules` to keep all the replication related
   # inputs grouped under s3_replica[tion]
   s3_replication_rules = var.replication_rules == null ? var.s3_replication_rules : var.replication_rules
+
+  public_access_block_enabled = var.block_public_acls || var.block_public_policy || var.ignore_public_acls || var.restrict_public_buckets
 }
 
 resource "aws_s3_bucket" "default" {
@@ -374,7 +376,7 @@ resource "aws_s3_bucket_policy" "default" {
 # https://www.terraform.io/docs/providers/aws/r/s3_bucket_public_access_block.html
 # for the nuances of the blocking options
 resource "aws_s3_bucket_public_access_block" "default" {
-  count  = local.enabled ? 1 : 0
+  count  = module.this.enabled && local.public_access_block_enabled ? 1 : 0
   bucket = join("", aws_s3_bucket.default.*.id)
 
   block_public_acls       = var.block_public_acls