feat: Made it clear that we stand with Ukraine

README.md

@@ -2,6 +2,8 @@
 
 Terraform module which creates S3 bucket on AWS with all (or almost all) features provided by Terraform AWS provider.
 
+[![SWUbanner](https://raw.githubusercontent.com/vshymanskyy/StandWithUkraine/main/banner2-direct.svg)](https://github.com/vshymanskyy/StandWithUkraine/blob/main/docs/README.md)
+
 These features of S3 bucket configurations are supported:
 
 - static web-site hosting
@@ -162,6 +164,7 @@ No modules.
 | <a name="input_object_lock_configuration"></a> [object\_lock\_configuration](#input\_object\_lock\_configuration) | Map containing S3 object locking configuration. | `any` | `{}` | no |
 | <a name="input_object_ownership"></a> [object\_ownership](#input\_object\_ownership) | Object ownership. Valid values: BucketOwnerEnforced, BucketOwnerPreferred or ObjectWriter. 'BucketOwnerEnforced': ACLs are disabled, and the bucket owner automatically owns and has full control over every object in the bucket. 'BucketOwnerPreferred': Objects uploaded to the bucket change ownership to the bucket owner if the objects are uploaded with the bucket-owner-full-control canned ACL. 'ObjectWriter': The uploading account will own the object if the object is uploaded with the bucket-owner-full-control canned ACL. | `string` | `"ObjectWriter"` | no |
 | <a name="input_policy"></a> [policy](#input\_policy) | (Optional) A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), Terraform may view the policy as constantly changing in a terraform plan. In this case, please make sure you use the verbose/specific version of the policy. For more information about building AWS IAM policy documents with Terraform, see the AWS IAM Policy Document Guide. | `string` | `null` | no |
+| <a name="input_putin_khuylo"></a> [putin\_khuylo](#input\_putin\_khuylo) | Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo! | `bool` | `true` | no |
 | <a name="input_replication_configuration"></a> [replication\_configuration](#input\_replication\_configuration) | Map containing cross-region replication configuration. | `any` | `{}` | no |
 | <a name="input_request_payer"></a> [request\_payer](#input\_request\_payer) | (Optional) Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information. | `string` | `null` | no |
 | <a name="input_restrict_public_buckets"></a> [restrict\_public\_buckets](#input\_restrict\_public\_buckets) | Whether Amazon S3 should restrict public bucket policies for this bucket. | `bool` | `false` | no |
@@ -191,3 +194,10 @@ Module is maintained by [Anton Babenko](https://github.com/antonbabenko) with he
 ## License
 
 Apache 2 Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-aws-s3-bucket/tree/master/LICENSE) for full details.
+
+## Additional terms of use for users from Russia and Belarus
+
+By using the code provided in this repository you agree with the following:
+* Russia has [illegally annexed Crimea in 2014](https://en.wikipedia.org/wiki/Annexation_of_Crimea_by_the_Russian_Federation) and [brought the war in Donbas](https://en.wikipedia.org/wiki/War_in_Donbas) followed by [full-scale invasion of Ukraine in 2022](https://en.wikipedia.org/wiki/2022_Russian_invasion_of_Ukraine).
+* Russia has brought sorrow and devastations to millions of Ukrainians, killed hundreds of innocent people, damaged thousands of buildings, and forced several million people to flee.
+* [Putin khuylo!](https://en.wikipedia.org/wiki/Putin_khuylo!)

main.tf

@@ -1,9 +1,11 @@
 locals {
+  create_bucket = var.create_bucket && var.putin_khuylo
+
   attach_policy = var.attach_require_latest_tls_policy || var.attach_elb_log_delivery_policy || var.attach_lb_log_delivery_policy || var.attach_deny_insecure_transport_policy || var.attach_policy
 }
 
 resource "aws_s3_bucket" "this" {
-  count = var.create_bucket ? 1 : 0
+  count = local.create_bucket ? 1 : 0
 
   bucket        = var.bucket
   bucket_prefix = var.bucket_prefix
@@ -263,14 +265,14 @@ resource "aws_s3_bucket" "this" {
 }
 
 resource "aws_s3_bucket_policy" "this" {
-  count = var.create_bucket && local.attach_policy ? 1 : 0
+  count = local.create_bucket && local.attach_policy ? 1 : 0
 
   bucket = aws_s3_bucket.this[0].id
   policy = data.aws_iam_policy_document.combined[0].json
 }
 
 data "aws_iam_policy_document" "combined" {
-  count = var.create_bucket && local.attach_policy ? 1 : 0
+  count = local.create_bucket && local.attach_policy ? 1 : 0
 
   source_policy_documents = compact([
     var.attach_elb_log_delivery_policy ? data.aws_iam_policy_document.elb_log_delivery[0].json : "",
@@ -283,11 +285,11 @@ data "aws_iam_policy_document" "combined" {
 
 # AWS Load Balancer access log delivery policy
 data "aws_elb_service_account" "this" {
-  count = var.create_bucket && var.attach_elb_log_delivery_policy ? 1 : 0
+  count = local.create_bucket && var.attach_elb_log_delivery_policy ? 1 : 0
 }
 
 data "aws_iam_policy_document" "elb_log_delivery" {
-  count = var.create_bucket && var.attach_elb_log_delivery_policy ? 1 : 0
+  count = local.create_bucket && var.attach_elb_log_delivery_policy ? 1 : 0
 
   statement {
     sid = ""
@@ -312,7 +314,7 @@ data "aws_iam_policy_document" "elb_log_delivery" {
 # ALB/NLB
 
 data "aws_iam_policy_document" "lb_log_delivery" {
-  count = var.create_bucket && var.attach_lb_log_delivery_policy ? 1 : 0
+  count = local.create_bucket && var.attach_lb_log_delivery_policy ? 1 : 0
 
   statement {
     sid = "AWSLogDeliveryWrite"
@@ -361,7 +363,7 @@ data "aws_iam_policy_document" "lb_log_delivery" {
 }
 
 data "aws_iam_policy_document" "deny_insecure_transport" {
-  count = var.create_bucket && var.attach_deny_insecure_transport_policy ? 1 : 0
+  count = local.create_bucket && var.attach_deny_insecure_transport_policy ? 1 : 0
 
   statement {
     sid    = "denyInsecureTransport"
@@ -392,7 +394,7 @@ data "aws_iam_policy_document" "deny_insecure_transport" {
 }
 
 data "aws_iam_policy_document" "require_latest_tls" {
-  count = var.create_bucket && var.attach_require_latest_tls_policy ? 1 : 0
+  count = local.create_bucket && var.attach_require_latest_tls_policy ? 1 : 0
 
   statement {
     sid    = "denyOutdatedTLS"
@@ -423,7 +425,7 @@ data "aws_iam_policy_document" "require_latest_tls" {
 }
 
 resource "aws_s3_bucket_public_access_block" "this" {
-  count = var.create_bucket && var.attach_public_policy ? 1 : 0
+  count = local.create_bucket && var.attach_public_policy ? 1 : 0
 
   # Chain resources (s3_bucket -> s3_bucket_policy -> s3_bucket_public_access_block)
   # to prevent "A conflicting conditional operation is currently in progress against this resource."
@@ -438,7 +440,7 @@ resource "aws_s3_bucket_public_access_block" "this" {
 }
 
 resource "aws_s3_bucket_ownership_controls" "this" {
-  count = var.create_bucket && var.control_object_ownership ? 1 : 0
+  count = local.create_bucket && var.control_object_ownership ? 1 : 0
 
   bucket = local.attach_policy ? aws_s3_bucket_policy.this[0].id : aws_s3_bucket.this[0].id
 

variables.tf

@@ -177,3 +177,9 @@ variable "object_ownership" {
   type        = string
   default     = "ObjectWriter"
 }
+
+variable "putin_khuylo" {
+  description = "Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo!"
+  type        = bool
+  default     = true
+}