From 9ec07382e55e66186467aadf49adb6cfc2dd70fe Mon Sep 17 00:00:00 2001 From: Hani Harzallah Date: Fri, 12 May 2023 16:38:44 +0200 Subject: [PATCH 1/2] Update bucket.tf --- modules/thanos/bucket.tf | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/modules/thanos/bucket.tf b/modules/thanos/bucket.tf index 9220145..b0d7968 100644 --- a/modules/thanos/bucket.tf +++ b/modules/thanos/bucket.tf @@ -17,11 +17,10 @@ module "thanos_log" { version = "3.10.1" bucket = format("%s-log", local.service_name) - block_public_acls = true - block_public_policy = true - restrict_public_buckets = true - ignore_public_acls = true + control_object_ownership = true + object_ownership = "ObjectWriter" + acl = "log-delivery-write" force_destroy = true @@ -51,10 +50,9 @@ module "thanos" { version = "3.10.1" bucket = local.service_name - block_public_acls = true - block_public_policy = true - restrict_public_buckets = true - ignore_public_acls = true + + control_object_ownership = true + object_ownership = "ObjectWriter" acl = "private" force_destroy = true From 53b92c0c7fc26724db831b7ef3aac544cb5561a2 Mon Sep 17 00:00:00 2001 From: Hani Harzallah Date: Fri, 12 May 2023 16:45:58 +0200 Subject: [PATCH 2/2] update buckets settings --- modules/loki/bucket.tf | 12 ++++-------- modules/mimir/bucket.tf | 12 ++++-------- modules/tempo/bucket.tf | 12 ++++-------- 3 files changed, 12 insertions(+), 24 deletions(-) diff --git a/modules/loki/bucket.tf b/modules/loki/bucket.tf index c6c32c6..7a37fdb 100644 --- a/modules/loki/bucket.tf +++ b/modules/loki/bucket.tf @@ -17,10 +17,8 @@ module "loki_log" { version = "3.10.1" bucket = format("%s-log", local.service_name) - block_public_acls = true - block_public_policy = true - restrict_public_buckets = true - ignore_public_acls = true + control_object_ownership = true + object_ownership = "ObjectWriter" acl = "log-delivery-write" force_destroy = true @@ -51,10 +49,8 @@ module "loki" { version = "3.10.1" bucket = local.service_name - block_public_acls = true - block_public_policy = true - restrict_public_buckets = true - ignore_public_acls = true + control_object_ownership = true + object_ownership = "ObjectWriter" acl = "private" force_destroy = true diff --git a/modules/mimir/bucket.tf b/modules/mimir/bucket.tf index 9907ee1..d0c32c7 100644 --- a/modules/mimir/bucket.tf +++ b/modules/mimir/bucket.tf @@ -17,10 +17,8 @@ module "mimir_log" { version = "3.10.1" bucket = format("%s-log", local.service_name) - block_public_acls = true - block_public_policy = true - restrict_public_buckets = true - ignore_public_acls = true + control_object_ownership = true + object_ownership = "ObjectWriter" acl = "log-delivery-write" force_destroy = true @@ -51,10 +49,8 @@ module "mimir" { version = "3.10.1" bucket = local.service_name - block_public_acls = true - block_public_policy = true - restrict_public_buckets = true - ignore_public_acls = true + control_object_ownership = true + object_ownership = "ObjectWriter" acl = "private" force_destroy = true diff --git a/modules/tempo/bucket.tf b/modules/tempo/bucket.tf index 1c03406..f4511fc 100644 --- a/modules/tempo/bucket.tf +++ b/modules/tempo/bucket.tf @@ -17,10 +17,8 @@ module "tempo_log" { version = "3.10.1" bucket = format("%s-log", local.service_name) - block_public_acls = true - block_public_policy = true - restrict_public_buckets = true - ignore_public_acls = true + control_object_ownership = true + object_ownership = "ObjectWriter" acl = "log-delivery-write" force_destroy = true @@ -51,10 +49,8 @@ module "tempo" { version = "3.10.1" bucket = local.service_name - block_public_acls = true - block_public_policy = true - restrict_public_buckets = true - ignore_public_acls = true + control_object_ownership = true + object_ownership = "ObjectWriter" acl = "private" force_destroy = true