Hello, I believe there is an error with the configuration that is currently on:
In specific, the issue is in this block in main.tf:
resource "aws_s3_bucket" "site" {
bucket = var.site_domain
acl = "public-read"
policy = aws_s3_bucket_policy.public_read
website {
index_document = "index.html"
error_document = "index.html"
}
}
resource "aws_s3_bucket" "www" {
bucket = "www.${var.site_domain}"
acl = "private"
policy = ""
website {
redirect_all_requests_to = "https://${var.site_domain}"
}
}
resource "aws_s3_bucket_policy" "public_read" {
bucket = aws_s3_bucket.site.id
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Sid = "PublicReadGetObject"
Effect = "Allow"
Principal = "*"
Action = "s3:GetObject"
Resource = [
aws_s3_bucket.site.arn,
"${aws_s3_bucket.site.arn}/*",
]
},
]
})
}
This configuration creates a cyclical dependency since aws_s3_bucket.site references in the policy argument aws_s3_bucket_policy.public_read which in-turn depends on the aws_s3_bucket.site arn.
That policy argument should be removed and the configuration should be as such:
resource "aws_s3_bucket" "site" {
bucket = var.site_domain
acl = "public-read"
website {
index_document = "index.html"
error_document = "index.html"
}
}
resource "aws_s3_bucket" "www" {
bucket = "www.${var.site_domain}"
acl = "private"
policy = ""
website {
redirect_all_requests_to = "https://${var.site_domain}"
}
}
resource "aws_s3_bucket_policy" "public_read" {
bucket = aws_s3_bucket.site.id
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Sid = "PublicReadGetObject"
Effect = "Allow"
Principal = "*"
Action = "s3:GetObject"
Resource = [
aws_s3_bucket.site.arn,
"${aws_s3_bucket.site.arn}/*",
]
},
]
})
}
The current configuration does raise a Cycle error using the plan.