fix: Added apiary_extra_tags_s3 variable to the s3 checkpoint bucke…

…t to add extra tags

common.tf

@@ -42,6 +42,7 @@ locals {
   enable_apiary_s3_log_management = var.apiary_log_bucket == "" ? true : false
   enable_apiary_s3_log_hive       = var.apiary_log_bucket == "" && var.enable_apiary_s3_log_hive ? true : false
   apiary_s3_logs_bucket           = local.enable_apiary_s3_log_management ? "${local.apiary_bucket_prefix}-s3-logs" : ""
+  apiary_s3_logs_checkpoint_bucket= "${local.apiary_bucket_prefix}-s3-logs-checkpoint"
   apiary_s3_hive_logs_bucket      = local.enable_apiary_s3_log_management ? "${local.apiary_s3_logs_bucket}-hive" : ""
   apiary_system_bucket            = "${local.apiary_bucket_prefix}-${replace(var.system_schema_name, "_", "-")}"
 

s3-other.tf

@@ -138,6 +138,47 @@ EOF
   }
 }
 
+resource "aws_s3_bucket" "s3_logs_checkpoint" {
+  bucket = local.apiary_s3_logs_checkpoint_bucket
+  acl    = "log-delivery-write"
+  tags   = merge(tomap({"Name"="s3_logs_checkpoint"}), var.apiary_tags, var.apiary_extra_tags_s3)
+  policy = <<EOF
+{
+  "Version":"2012-10-17",
+  "Statement":[
+    {
+      "Sid": "DenyUnSecureCommunications",
+      "Effect": "Deny",
+      "Principal": {"AWS": "*"},
+      "Action": "s3:*",
+      "Resource": [
+        "arn:aws:s3:::s3_logs_checkpoint",
+        "arn:aws:s3:::s3_logs_checkpoint/*"
+        ],
+      "Condition": {
+        "Bool": {
+          "aws:SecureTransport": "false"
+        }
+      }
+    }
+  ]
+}
+EOF
+  server_side_encryption_configuration {
+    rule {
+      apply_server_side_encryption_by_default {
+        sse_algorithm = "AES256"
+      }
+    }
+  }
+
+  lifecycle_rule {
+    enabled = true
+
+    abort_incomplete_multipart_upload_days = var.s3_lifecycle_abort_incomplete_multipart_upload_days
+  }
+}
+
 resource "aws_s3_bucket_public_access_block" "apiary_managed_logs_bucket" {
   count  = local.enable_apiary_s3_log_management ? 1 : 0
   bucket = aws_s3_bucket.apiary_managed_logs_bucket[0].bucket