module random-suffix {
  source = "../../util/random"
}

resource "aws_s3_bucket" "s3bucket" {
  bucket = var.add-random-suffix ? "${var.bucket-name}-${module.random-suffix.number}" : var.bucket-name
  policy = var.bucket-policy-json

  versioning {
    enabled = var.enable-bucket-versioning
  }

  server_side_encryption_configuration {
    rule {
      apply_server_side_encryption_by_default {
        // kms_master_key_id = aws_kms_key.some-key.arn
        sse_algorithm = "AES256"
      }
    }
  }
  tags = var.default-tags

  lifecycle_rule {
    id = "${var.bucket-name}-ctbucket-lifecycle-rule"
    enabled = true

    transition {
      days = 30
      storage_class = "INTELLIGENT_TIERING"
    }

    expiration {
      days = var.bucket-retain-days
    }
  }
}


resource "aws_s3_bucket_public_access_block" "s3-public-access-settings" {
  bucket = aws_s3_bucket.s3bucket.id

  block_public_acls   = true
  block_public_policy = true
  ignore_public_acls =  true
  restrict_public_buckets = true
}

resource "aws_s3_bucket_ownership_controls" "ctbucket-ownership-setting" {
  bucket = aws_s3_bucket.s3bucket.id

  rule {
    object_ownership = "BucketOwnerPreferred"
  }
}