Serialise origin bucket modifications

You can't modify an S3 bucket's policy & public access block at the same time, AWS API will complain: OperationAborted: A conflicting conditional operation is currently in progress against this resource Serialise operations to the origin bucket so we don't run into this error. The suggested fix is from hashicorp/terraform-provider-aws#7628
alexjurkiewicz · Mar 8, 2021 · c8a3d18 · c8a3d18
1 parent 764fcd9
commit c8a3d18
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/main.tf b/main.tf
@@ -94,7 +94,7 @@ data "template_file" "default" {
 
 resource "aws_s3_bucket_policy" "default" {
   count  = ! local.using_existing_origin || var.override_origin_bucket_policy ? 1 : 0
-  bucket = local.bucket
+  bucket = aws_s3_bucket.origin.bucket
   policy = data.template_file.default.rendered
 }
 
@@ -161,6 +161,10 @@ resource "aws_s3_bucket_public_access_block" "origin" {
   block_public_policy     = true
   ignore_public_acls      = true
   restrict_public_buckets = true
+
+  # Don't ty and modify this bucket in two ways at the same time, S3 API will
+  # complain.
+  depends_on = [ aws_s3_bucket_policy.default ]
 }
 
 module "logs" {