From a20de98004e991130c7ecfc75b2bf702214a0af1 Mon Sep 17 00:00:00 2001
From: SteveLinden <stephen.linden@digital.justice.gov.uk>
Date: Thu, 21 Sep 2023 11:31:57 +0100
Subject: [PATCH 1/3] Fixing checkov errors - adding arn for sns

---
 main.tf | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/main.tf b/main.tf
index 8c111ac..f1e7017 100644
--- a/main.tf
+++ b/main.tf
@@ -1,5 +1,10 @@
 data "aws_caller_identity" "current" {}
 
+data "aws_sns_topic" "bucket-arn" {
+  name = "bucket-arn"
+}
+
+
 # Main S3 bucket, that is replicated from (rather than to)
 # KMS Encryption handled by aws_s3_bucket_server_side_encryption_configuration resource
 # Logging handled by aws_s3_bucket_logging resource
@@ -10,10 +15,12 @@ resource "aws_s3_bucket" "default" {
   #checkov:skip=CKV_AWS_18: "Logging handled in logging configuration resource"
   #checkov:skip=CKV_AWS_21: "Versioning handled in Versioning configuration resource"
   #checkov:skip=CKV_AWS_145: "Encryption handled in encryption configuration resource"
+  
 
   bucket        = var.bucket_name
   bucket_prefix = var.bucket_prefix
   force_destroy = var.force_destroy
+  bucket_arn = aws_sns_topic.bucket_arn.arn
 
   tags = var.tags
 }
@@ -37,6 +44,7 @@ resource "aws_s3_bucket_acl" "default" {
 
 # Configure bucket lifecycle rules
 resource "aws_s3_bucket_lifecycle_configuration" "default" {
+  #checkov:skip=CKV_AWS_300: "Ensure S3 lifecycle configuration sets period for aborting failed uploads"
   bucket = aws_s3_bucket.default.id
 
   dynamic "rule" {
@@ -93,6 +101,7 @@ resource "aws_s3_bucket_lifecycle_configuration" "default" {
           storage_class   = noncurrent_version_transition.value.storage_class
         }
       }
+      }
     }
   }
 }
@@ -239,6 +248,7 @@ resource "aws_s3_bucket" "replication" {
   bucket        = (var.bucket_name != null) ? "${var.bucket_name}-replication" : null
   bucket_prefix = (var.bucket_prefix != null) ? "${var.bucket_prefix}-replication" : null
   force_destroy = var.force_destroy
+  bucket_arn = aws_sns_topic.bucket_arn.arn
   tags          = var.tags
 }
 

From ba789edd5b3b9f0851ef12bfc8c97e22292a9fdd Mon Sep 17 00:00:00 2001
From: SteveLinden <stephen.linden@digital.justice.gov.uk>
Date: Thu, 21 Sep 2023 11:36:55 +0100
Subject: [PATCH 2/3] Removing a vurly bracket too many

---
 main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/main.tf b/main.tf
index f1e7017..0ffa185 100644
--- a/main.tf
+++ b/main.tf
@@ -104,7 +104,7 @@ resource "aws_s3_bucket_lifecycle_configuration" "default" {
       }
     }
   }
-}
+
 
 # Configure bucket access logging
 resource "aws_s3_bucket_logging" "default" {

From faa3460769f2b3709c764904d46546078f0a0e4b Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Thu, 21 Sep 2023 10:37:21 +0000
Subject: [PATCH 3/3] terraform-docs: automated action

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index e6ca370..6f5d02e 100644
--- a/README.md
+++ b/README.md
@@ -118,6 +118,7 @@ No modules.
 | [aws_iam_policy_document.bucket_policy_v2](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.replication](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_sns_topic.bucket-arn](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/sns_topic) | data source |
 
 ## Inputs