From 537a2a0bdbb51ce97289384537567d83e17c8e3c Mon Sep 17 00:00:00 2001
From: Himanshu Ahirwar <himanshu.ahirwar@clouddrove.com>
Date: Thu, 9 Nov 2023 20:59:22 +0530
Subject: [PATCH] feat: block_http_bucket_policy attribute to provide custome
 block-http bucket-policy

---
 main.tf      | 2 +-
 variables.tf | 6 ++++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/main.tf b/main.tf
index b321cc8..dc96143 100644
--- a/main.tf
+++ b/main.tf
@@ -45,7 +45,7 @@ resource "aws_s3_bucket_policy" "block-http" {
   count  = var.enabled && var.only_https_traffic ? 1 : 0
   bucket = aws_s3_bucket.s3_default[0].id
 
-  policy = jsonencode({
+  policy = var.block_http_bucket_policy != null ? var.block_http_bucket_policy : jsonencode({
     Version = "2012-10-17"
     Id      = "Blockhttp"
     Statement = [
diff --git a/variables.tf b/variables.tf
index 3be0a4a..9d14386 100644
--- a/variables.tf
+++ b/variables.tf
@@ -329,6 +329,12 @@ variable "only_https_traffic" {
   description = "This veriables use for only https traffic."
 }
 
+variable "block_http_bucket_policy" {
+  type        = any
+  default     = null
+  description = "Custome bucket policy to block https traffic"
+}
+
 variable "mfa_delete" {
   type        = string
   default     = "Disabled"