feat: Add skip_destroy argument in the aws_s3_bucket_public_access_block and set it to true by default

tiago-vieira-sqills · tiago-vieira-sqills · commit 7e551443f4cc · 2025-08-24T23:03:56.000+01:00
diff --git a/README.md b/README.md
@@ -276,6 +276,7 @@ No modules.
 | <a name="input_request_payer"></a> [request\_payer](#input\_request\_payer) | (Optional) Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information. | `string` | `null` | no |
 | <a name="input_restrict_public_buckets"></a> [restrict\_public\_buckets](#input\_restrict\_public\_buckets) | Whether Amazon S3 should restrict public bucket policies for this bucket. | `bool` | `true` | no |
 | <a name="input_server_side_encryption_configuration"></a> [server\_side\_encryption\_configuration](#input\_server\_side\_encryption\_configuration) | Map containing server-side encryption configuration. | `any` | `{}` | no |
+| <a name="input_skip_destroy_public_access_block"></a> [skip\_destroy\_public\_access\_block](#input\_skip\_destroy\_public\_access\_block) | Whether to skip destroying the S3 Bucket Public Access Block configuration when destroying the bucket. Only used if `public_access_block` is set to true. | `bool` | `true` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A mapping of tags to assign to the bucket. | `map(string)` | `{}` | no |
 | <a name="input_transition_default_minimum_object_size"></a> [transition\_default\_minimum\_object\_size](#input\_transition\_default\_minimum\_object\_size) | The default minimum object size behavior applied to the lifecycle configuration. Valid values: all\_storage\_classes\_128K (default), varies\_by\_storage\_class | `string` | `null` | no |
 | <a name="input_type"></a> [type](#input\_type) | Bucket type. Valid values: `Directory` | `string` | `"Directory"` | no |
diff --git a/main.tf b/main.tf
@@ -1148,6 +1148,7 @@ resource "aws_s3_bucket_public_access_block" "this" {
   block_public_policy     = var.block_public_policy
   ignore_public_acls      = var.ignore_public_acls
   restrict_public_buckets = var.restrict_public_buckets
+  skip_destroy            = var.skip_destroy_public_access_block
 }
 
 resource "aws_s3_bucket_ownership_controls" "this" {
diff --git a/variables.tf b/variables.tf
@@ -328,6 +328,12 @@ variable "block_public_policy" {
   default     = true
 }
 
+variable "skip_destroy_public_access_block" {
+  description = "Whether to skip destroying the S3 Bucket Public Access Block configuration when destroying the bucket. Only used if `public_access_block` is set to true."
+  type        = bool
+  default     = true
+}
+
 variable "ignore_public_acls" {
   description = "Whether Amazon S3 should ignore public ACLs for this bucket."
   type        = bool

Original file line number	Diff line number	Diff line change
`@@ -1148,6 +1148,7 @@ resource "aws_s3_bucket_public_access_block" "this" {`
`1148`	`1148`	`block_public_policy = var.block_public_policy`
`1149`	`1149`	`ignore_public_acls = var.ignore_public_acls`
`1150`	`1150`	`restrict_public_buckets = var.restrict_public_buckets`
	`1151`	`+ skip_destroy = var.skip_destroy_public_access_block`
`1151`	`1152`	`}`
`1152`	`1153`
`1153`	`1154`	`resource "aws_s3_bucket_ownership_controls" "this" {`