feat(modules/s3-bucket): statement sids for s3 bucket policies

Author: saumitra-dev

modules/s3-bucket/main.tf

@@ -29,6 +29,7 @@ data "aws_iam_policy_document" "this" {
     for_each = each.value.statements
 
     content {
+      sid       = statement.value.sid
       actions   = statement.value.actions
       effect    = statement.value.effect
       resources = statement.value.resources

modules/s3-bucket/variables.tf

@@ -39,6 +39,7 @@ variable "bucket_policies" {
     id      = optional(string, null)
     version = optional(string, null)
     statements = optional(list(object({
+      sid       = optional(string, null)
       actions   = optional(set(string), [])
       effect    = optional(string, "Allow")
       resources = optional(set(string), [])

tests/s3_bucket_unit_tests.tftest.hcl

@@ -78,6 +78,7 @@ run "iam_policy_document_attributes_match" {
 
         statements = [
           {
+            sid = "example-sid"
             actions = [
               "s3:PutObject"
             ]
@@ -118,6 +119,11 @@ run "iam_policy_document_attributes_match" {
     error_message = "Statement count mismatch"
   }
 
+  assert {
+    condition     = data.aws_iam_policy_document.this["example-policy"].statement[0].sid == var.bucket_policies["example-policy"].statements[0].sid
+    error_message = "Statement sid mismatch"
+  }
+
   assert {
     condition     = data.aws_iam_policy_document.this["example-policy"].statement[0].actions == var.bucket_policies["example-policy"].statements[0].actions
     error_message = "Statement actions mismatch"