feat: switch to public s3 module

2026-02-13 18:52:25 +08:00
parent 958e4977e9
commit 688eda84c6
2 changed files with 22 additions and 11 deletions
@@ -14,14 +14,14 @@ module "lambda_archive" {

  pip_packages         = "pandas numpy pytz openpyxl"
  upload_archive_to_s3 = true
-  s3_bucket_name       = module.s3.bucket_name
+  s3_bucket_name       = module.s3.s3_bucket_id
  pip_path             = "/my/work/xpk-git/venv314/bin/pip3"
 }

 # create lambda layer
 resource "aws_lambda_layer_version" "pandas" {
  description         = "Python packages pandas numpy pytz openpyxl"
-  s3_bucket           = module.s3.bucket_name
+  s3_bucket           = module.s3.s3_bucket_id
  s3_key              = module.lambda_archive.s3_object_key
  source_code_hash    = module.lambda_archive.s3_object_hash
  layer_name          = "py_packages"
@@ -30,13 +30,24 @@ resource "aws_lambda_layer_version" "pandas" {

 # s3 bucket required for uploading python package zip
 module "s3" {
-  source                  = "../modules/storage/s3_bucket_2023"
-  bucket_name             = "lab-lambdalayer-${random_uuid.this.result}"
-  bucket_force_destroy    = true
-  enable_bucket_logging   = false
-  enable_bucket_lifecycle = false
-  enable_versioning       = false
-  enable_encryption       = true
+  source  = "terraform-aws-modules/s3-bucket/aws"
+  version = "5.10.0"
+
+  bucket = "lab-lambdalayer-${random_uuid.this.result}"
+
+  server_side_encryption_configuration = {
+    rule = {
+      bucket_key_enabled = true
+      apply_server_side_encryption_by_default = {
+        sse_algorithm     = "aws:kms"
+        kms_master_key_id = "alias/aws/s3"
+      }
+    }
+  }
+
+  attach_deny_insecure_transport_policy = true
+  block_public_policy                   = true
+  force_destroy                         = true
 }

 resource "random_uuid" "this" {}