chore(deps): update terraform cloudposse/s3-bucket/aws to v4.9.0 (main)

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
cloudposse/s3-bucket/aws (source)	module	minor	4.2.0 -> 4.9.0

---

Release Notes

cloudposse/terraform-aws-s3-bucket (cloudposse/s3-bucket/aws)

v4.9.0

Compare Source

feat: add s3 request payment config @​nitrocode (#​259)

what

• add s3 request payment config

why

• make requester pay

references

• closes #​156
• https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3\_bucket_request_payment_configuration
• https://docs.aws.amazon.com/AmazonS3/latest/userguide/RequesterPaysBuckets.html

v4.8.0

Compare Source

feat: support eventbridge bucket notification @​nitrocode (#​255)

what

• support eventbridge bucket notification

why

• Emit s3 events to eventbridge

references

• Closes #​254

v4.7.3

Compare Source

🚀 Enhancements

fix: use new destination.bucket key in policy @​nitrocode (#​256)

what

• use new destination.bucket key in policy

why

• Support both deprecated destination_bucket and new destination.bucket
• Previous changes created destination.bucket and left destination_bucket for backwards compatibility, as stated in variables.tf, and forgot to include the new value in the IAM policy

references

• Closes #​215

🐛 Bug Fixes

fix: use new destination.bucket key in policy @​nitrocode (#​256)

what

• use new destination.bucket key in policy

why

• Support both deprecated destination_bucket and new destination.bucket
• Previous changes created destination.bucket and left destination_bucket for backwards compatibility, as stated in variables.tf, and forgot to include the new value in the IAM policy

references

• Closes #​215

v4.7.2

Compare Source

🚀 Enhancements

fix: correct bucket name to fix broken `-replication` role @​amila-ku (#​250)

what

• Fixes replication IAM role name that gets created as '-replication'

why

• Replication IAM role name gets created as '-replication'. This made the replication role unsusable.
• Used Terraform version: 1.8.0

references

• Resolves #​251

v4.7.1

Compare Source

🚀 Enhancements

fix: s3 lambda event notification assignments @​mpajuelofernandez (#​253)

what

It seems there is a typo kind if error here

dynamic "lambda_function" {
    for_each = var.event_notification_details.lambda_list
    content {
      lambda_function_arn = lambda_function.value.arn
      events              = lambda.value.events
      filter_prefix       = lambda_function.value.filter_prefix
      filter_suffix       = lambda_function.value.filter_suffix
    }
  }

I think it should be

dynamic "lambda_function" {
    for_each = var.event_notification_details.lambda_list
    content {
      lambda_function_arn = lambda_function.value.arn
      events              = lambda_function.value.events
      filter_prefix       = lambda_function.value.filter_prefix
      filter_suffix       = lambda_function.value.filter_suffix
    }
  }

why

The S3 notification can not be created unless this is fixed

references

This should fix https://github.com/cloudposse/terraform-aws-s3-bucket/issues/252

🐛 Bug Fixes

fix: s3 lambda event notification assignments @​mpajuelofernandez (#​253)

what

It seems there is a typo kind if error here

dynamic "lambda_function" {
    for_each = var.event_notification_details.lambda_list
    content {
      lambda_function_arn = lambda_function.value.arn
      events              = lambda.value.events
      filter_prefix       = lambda_function.value.filter_prefix
      filter_suffix       = lambda_function.value.filter_suffix
    }
  }

I think it should be

dynamic "lambda_function" {
    for_each = var.event_notification_details.lambda_list
    content {
      lambda_function_arn = lambda_function.value.arn
      events              = lambda_function.value.events
      filter_prefix       = lambda_function.value.filter_prefix
      filter_suffix       = lambda_function.value.filter_suffix
    }
  }

why

The S3 notification can not be created unless this is fixed

references

This should fix https://github.com/cloudposse/terraform-aws-s3-bucket/issues/252

🤖 Automatic Updates

Update terratest to '>= 0.46.0' @​osterman (#​235)

what

• Update terratest >= 0.46.0

why

• Support OpenTofu for testing

References

• https://github.com/gruntwork-io/terratest/releases/tag/v0.46.0
• DEV-374 Add opentofu to all our Terragrunt Testing GHA matrix

Migrate new test account @​osterman (#​248)

what

• Update .github/settings.yml
• Update .github/chatops.yml files

why

• Re-apply .github/settings.yml from org level to get terratest environment
• Migrate to new test account

References

• DEV-388 Automate clean up of test account in new organization
• DEV-387 Update terratest to work on a shared workflow instead of a dispatch action
• DEV-386 Update terratest to use new testing account with GitHub OIDC

Update .github/settings.yml @​osterman (#​247)

what

• Update .github/settings.yml
• Drop .github/auto-release.yml files

why

• Re-apply .github/settings.yml from org level
• Use organization level auto-release settings

references

• DEV-1242 Add protected tags with Repository Rulesets on GitHub

Update .github/settings.yml @​osterman (#​246)

what

• Update .github/settings.yml
• Drop .github/auto-release.yml files

why

• Re-apply .github/settings.yml from org level
• Use organization level auto-release settings

references

• DEV-1242 Add protected tags with Repository Rulesets on GitHub

v4.7.0

Compare Source

Make sure replica_kms_key_id is truly empty @​stephan242 (#​244)

references

closes #​243

v4.6.0

Compare Source

Addition of S3 bucket event notification resource and Addition of S3 directory optional resource @​mayank0202 (#​240)

Issue - GH-239

what

This feature will make s3 event notifications which will have 3 options to trigger lambda or queue or topic so we can define a resource from this documentation.
aws_s3_bucket_notification

we also added s3 directory bucket which is a new feature in aws so addition of optional resource can be done if someone needs to use that with the help of terraform
aws_s3_directory_bucket

why

• Enhanced Event-Driven Architecture: The introduction of S3 event notifications allows the S3 bucket to trigger Lambda functions, SQS queues, or SNS topics. This facilitates seamless integration with other AWS services and enables real-time processing of data, which is crucial for building event-driven architectures.

• New AWS Feature Adoption: The addition of the aws_s3_directory_bucket resource reflects the latest AWS capabilities, ensuring that our infrastructure is up-to-date with current AWS offerings. This optional resource allows users to leverage new AWS features as they become available, promoting flexibility and future-proofing our Terraform configurations.

• Improved Flexibility: By providing options to trigger different AWS services (Lambda, SQS, SNS), the solution becomes more versatile, catering to a wide range of use cases and workflows. This flexibility can lead to more efficient and effective data processing pipelines.

• Reduced Operational Overhead: Automating responses to S3 events using Lambda functions, queues, or topics can significantly reduce manual intervention and operational overhead. This leads to improved efficiency and allows teams to focus on higher-value tasks.

references

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3\_bucket_notification
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3\_directory_bucket
https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-overview.html

v4.5.0

Compare Source

feat: Add missed tags @​MaxymVlasov (#​241)

what

Add tags to resources where they missed

v4.4.0

Compare Source

226: Add Expected Bucket Owner @​houserx-ioannis (#​238)

what

This PR addresses #​226 about not being able to specify expected bucket owner in various S3 resources.

why

From AWS docs:

Because Amazon S3 identifies buckets based on their names, an application that uses an incorrect bucket name in a request could inadvertently perform operations against a different bucket than expected. To help avoid unintentional bucket interactions in situations like this, you can use bucket owner condition. Bucket owner condition enables you to verify that the target bucket is owned by the expected AWS account, providing an additional layer of assurance that your S3 operations are having the effects you intend.

references

#​226

v4.3.0

Compare Source

Enforce the usage of modern TLS versions (1.2 or higher) for S3 connections @​amontalban (#​237)

what

This variables adds a policy to the bucket to deny connections that do not use TLS 1.2 or higher.

why

This is required by our security team.

references

https://repost.aws/knowledge-center/s3-enforce-modern-tls

🚀 Enhancements

Bump github.com/hashicorp/go-getter from 1.7.1 to 1.7.4 in /test/src @​dependabot (#​230)

Bumps github.com/hashicorp/go-getter from 1.7.1 to 1.7.4.

Release notes

Sourced from github.com/hashicorp/go-getter's releases.

v1.7.4

What's Changed

• Escape user-provided strings in git commands hashicorp/go-getter#483
• Fixed a bug in .netrc handling if the file does not exist hashicorp/go-getter#433

Full Changelog: https://github.com/hashicorp/go-getter/compare/v1.7.3...v1.7.4

v1.7.3

What's Changed

• SEC-090: Automated trusted workflow pinning (2023-04-21) by @​​hashicorp-tsccr in hashicorp/go-getter#432
• SEC-090: Automated trusted workflow pinning (2023-09-11) by @​​hashicorp-tsccr in hashicorp/go-getter#454
• SEC-090: Automated trusted workflow pinning (2023-09-18) by @​​hashicorp-tsccr in hashicorp/go-getter#458
• don't change GIT_SSH_COMMAND when there is no sshKeyFile by @​​jbardin in hashicorp/go-getter#459

New Contributors

• @​​hashicorp-tsccr made their first contribution in hashicorp/go-getter#432

Full Changelog: https://github.com/hashicorp/go-getter/compare/v1.7.2...v1.7.3

v1.7.2

What's Changed

• Don't override GIT_SSH_COMMAND when not needed by @​​nl-brett-stime hashicorp/go-getter#300

Full Changelog: https://github.com/hashicorp/go-getter/compare/v1.7.1...v1.7.2

Commits

• 268c11c escape user provide string to git (#​483)
• 975961f Merge pull request #​433 from adrian-bl/netrc-fix
• 0298a22 Merge pull request #​459 from hashicorp/jbardin/setup-git-env
• c70d9c9 don't change GIT_SSH_COMMAND if there's no keyfile
• 3d5770f Merge pull request #​458 from hashicorp/tsccr-auto-pinning/trusted/2023-09-18
• 0688979 Result of tsccr-helper -log-level=info -pin-all-workflows .
• e66f244 Merge pull request #​454 from hashicorp/tsccr-auto-pinning/trusted/2023-09-11
• e80b3dc Result of tsccr-helper -log-level=info -pin-all-workflows .
• 2d49e24 Merge pull request #​432 from hashicorp/tsccr-auto-pinning/trusted/2023-04-21
• 5ccb39a Make addAuthFromNetrc ignore ENOTDIR errors
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

🤖 Automatic Updates

Bump github.com/hashicorp/go-getter from 1.7.1 to 1.7.4 in /test/src @​dependabot (#​230)

Bumps github.com/hashicorp/go-getter from 1.7.1 to 1.7.4.

Release notes

Sourced from github.com/hashicorp/go-getter's releases.

v1.7.4

What's Changed

• Escape user-provided strings in git commands hashicorp/go-getter#483
• Fixed a bug in .netrc handling if the file does not exist hashicorp/go-getter#433

Full Changelog: https://github.com/hashicorp/go-getter/compare/v1.7.3...v1.7.4

v1.7.3

What's Changed

• SEC-090: Automated trusted workflow pinning (2023-04-21) by @​​hashicorp-tsccr in hashicorp/go-getter#432
• SEC-090: Automated trusted workflow pinning (2023-09-11) by @​​hashicorp-tsccr in hashicorp/go-getter#454
• SEC-090: Automated trusted workflow pinning (2023-09-18) by @​​hashicorp-tsccr in hashicorp/go-getter#458
• don't change GIT_SSH_COMMAND when there is no sshKeyFile by @​​jbardin in hashicorp/go-getter#459

New Contributors

• @​​hashicorp-tsccr made their first contribution in hashicorp/go-getter#432

Full Changelog: https://github.com/hashicorp/go-getter/compare/v1.7.2...v1.7.3

v1.7.2

What's Changed

• Don't override GIT_SSH_COMMAND when not needed by @​​nl-brett-stime hashicorp/go-getter#300

Full Changelog: https://github.com/hashicorp/go-getter/compare/v1.7.1...v1.7.2

Commits

• 268c11c escape user provide string to git (#​483)
• 975961f Merge pull request #​433 from adrian-bl/netrc-fix
• 0298a22 Merge pull request #​459 from hashicorp/jbardin/setup-git-env
• c70d9c9 don't change GIT_SSH_COMMAND if there's no keyfile
• 3d5770f Merge pull request #​458 from hashicorp/tsccr-auto-pinning/trusted/2023-09-18
• 0688979 Result of tsccr-helper -log-level=info -pin-all-workflows .
• e66f244 Merge pull request #​454 from hashicorp/tsccr-auto-pinning/trusted/2023-09-11
• e80b3dc Result of tsccr-helper -log-level=info -pin-all-workflows .
• 2d49e24 Merge pull request #​432 from hashicorp/tsccr-auto-pinning/trusted/2023-04-21
• 5ccb39a Make addAuthFromNetrc ignore ENOTDIR errors
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Update release workflow to allow pull-requests: write @​osterman (#​234)

what

• Update workflow (.github/workflows/release.yaml) to have permission to comment on PR

why

• So we can support commenting on PRs with a link to the release

Update GitHub Workflows to use shared workflows from '.github' repo @​osterman (#​233)

what

• Update workflows (.github/workflows) to use shared workflows from .github repo

why

• Reduce nested levels of reusable workflows

Update GitHub Workflows to Fix ReviewDog TFLint Action @​osterman (#​232)

what

• Update workflows (.github/workflows) to add issue: write permission needed by ReviewDog tflint action

why

• The ReviewDog action will comment with line-level suggestions based on linting failures

Update GitHub workflows @​osterman (#​231)

what

• Update workflows (.github/workflows/settings.yaml)

why

• Support new readme generation workflow.
• Generate banners

Bump golang.org/x/net from 0.8.0 to 0.23.0 in /test/src @​dependabot (#​229)

Bumps golang.org/x/net from 0.8.0 to 0.23.0.

Commits

• c48da13 http2: fix TestServerContinuationFlood flakes
• 762b58d http2: fix tipos in comment
• ba87210 http2: close connections when receiving too many headers
• ebc8168 all: fix some typos
• 3678185 http2: make TestCanonicalHeaderCacheGrowth faster
• 448c44f http2: remove clientTester
• c7877ac http2: convert the remaining clientTester tests to testClientConn
• d8870b0 http2: use synthetic time in TestIdleConnTimeout
• d73acff http2: only set up deadline when Server.IdleTimeout is positive
• 89f602b http2: validate client/outgoing trailers
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Use GitHub Action Workflows from `cloudposse/.github` Repo @​osterman (#​227)

what

• Install latest GitHub Action Workflows

why

• Use shared workflows from cldouposse/.github repository
• Simplify management of workflows from centralized hub of configuration

Add GitHub Settings @​osterman (#​221)

what

• Install a repository config (.github/settings.yaml)

why

• Programmatically manage GitHub repo settings

Update README.md and docs @​cloudpossebot (#​218)

what

This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates

Update Scaffolding @​osterman (#​219)

what

• Reran make readme to rebuild README.md from README.yaml
• Migrate to square badges
• Add scaffolding for repo settings and Mergify

why

• Upstream template changed in the .github repo
• Work better with repository rulesets
• Modernize look & feel

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[mergify]

/terratest