From 173b8fceba5c3affb0f57d8396d74f2cb4bd1395 Mon Sep 17 00:00:00 2001
From: bds-congnguyen <67733377+bds-congnguyen@users.noreply.github.com>
Date: Fri, 4 Jul 2025 16:32:03 +0700
Subject: [PATCH] Update main.tf

Remove the `object_lock_enabled` attribute from the `aws_s3_bucket` resource, as it will force the creation of a new bucket and cannot be applied to an existing bucket.
To enable object lock, using the `aws_s3_bucket_object_lock_configuration` resource alone is sufficient.
---
 main.tf | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/main.tf b/main.tf
index 697aef1a..7270accf 100644
--- a/main.tf
+++ b/main.tf
@@ -31,7 +31,6 @@ resource "aws_s3_bucket" "this" {
   bucket_prefix = var.bucket_prefix
 
   force_destroy       = var.force_destroy
-  object_lock_enabled = var.object_lock_enabled
   tags                = var.tags
 }
 
@@ -391,6 +390,8 @@ resource "aws_s3_bucket_lifecycle_configuration" "this" {
 resource "aws_s3_bucket_object_lock_configuration" "this" {
   count = local.create_bucket && var.object_lock_enabled && try(var.object_lock_configuration.rule.default_retention, null) != null ? 1 : 0
 
+  # Must have bucket versionign enabled first
+  depends_on = [aws_s3_bucket_versioning.this]
   region = var.region
 
   bucket                = aws_s3_bucket.this[0].id