Terraform module for creating enhanced aws s3 buckets
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Quentin Vallin d45f6efd42
doc: update changelog
5 months ago
examples/default doc: update changelog 5 months ago
.gitignore fix/ missing output and missing pre-commit 11 months ago
.pre-commit-config.yaml fix/ Server Side encryption 7 months ago
AUTHORS breaking: terraform 0.12 upgrade and new features 9 months ago
CHANGELOG.md doc: update changelog 5 months ago
Jenkinsfile breaking: terraform 0.12 upgrade and new features 9 months ago
README.md fix: s3 bucket reference when empty 5 months ago
main.tf fix: s3 bucket reference when empty 5 months ago
outputs.tf breaking: terraform 0.12 upgrade and new features 9 months ago
variables.tf breaking: terraform 0.12 upgrade and new features 9 months ago
versions.tf breaking: terraform 0.12 upgrade and new features 9 months ago

README.md

terraform-module-aws-s3-bucket

Generic module create a S3 bucket, kms encrypted, with 2 base policies that allow read only and full right access.

Work only with terraform 0.11.x

Requirements

Name Version
terraform >= 0.12

Providers

Name Version
aws n/a

Inputs

Name Description Type Default Required
acl The canned ACL to apply. string "private" no
apply_bucket_policy Apply the policy ‘bucket_policy_json’ to the bucket string "false" no
apply_kms_policy Apply the policy kms_key_policy_json to the kms key. Valid only if toggle kms_key_create is set. string "false" no
block_public_acls Whether Amazon S3 should block public ACLs for this bucket. bool false no
block_public_policy Whether Amazon S3 should block public bucket policies for this bucket. bool false no
bucket_policy_json A valid bucket policy JSON document if ‘apply_bucket_policy’ is enable. string "" no
bucket_tags Map of tags that will be added on the bucket object. map {} no
cors_rules A data structure that configures CORS rules
list(object({
allowed_headers = list(string)
allowed_methods = list(string)
allowed_origins = list(string)
expose_headers = list(string)
max_age_seconds = number
}))
[] no
enabled Enable this module bool true no
force_destroy When set to true, will delete the bucket even if it is not empty. bool false no
iam_policy_create Create read only and read write policy to get an access to S3 bucket. bool false no
iam_policy_full_description Description of the IAM full policy. string "" no
iam_policy_full_name Name of the IAM read write access to S3 bucket. string "" no
iam_policy_path Path in which to create the policies. string "/" no
iam_policy_read_description Description of the IAM read policy. string "" no
iam_policy_read_name Name of the IAM read only access to S3 bucket. string "" no
ignore_public_acls Whether Amazon S3 should ignore public ACLs for this bucket. bool false no
kms_key_alias_name Alias of the kms key if toggle kms_key_create is set string "" no
kms_key_arn ARN of the kms key if toggle kms_key_create is disable. string "" no
kms_key_create Create a kms key for secure string parameters. bool false no
kms_key_name Name of the kms key if toggle kms_key_create is set string "" no
kms_key_policy_json A valid policy JSON document. string "" no
kms_tags Tags that will be merged with variable tags for the kms key map {} no
lifecycle_rules A data structure to create lifcycle rules
list(object({
id = string
prefix = string
tags = map(string)
enabled = bool
abort_incomplete_multipart_upload_days = number
expiration_config = list(object({
days = number
expired_object_delete_marker = bool
}))
noncurrent_version_expiration_config = list(object({
days = number
}))
transitions_config = list(object({
days = number
storage_class = string
}))
noncurrent_version_transitions_config = list(object({
days = number
storage_class = string
}))
}))
[] no
logging Configure logging on bucket object.
list(object({
target_bucket = string
target_prefix = string
}))
[] no
name Name of the bucket to create. string n/a yes
object_lock_configuration Configure an object lock configuration on the bucket object.
list(object({
object_lock_enabled = string
rule_config = list(object({
mode = string
days = number
years = number
}))

}))
[] no
region If specified, the AWS region this bucket should reside in. Otherwise, the region used by the caller. string null no
request_payer Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester string "BucketOwner" no
restrict_public_buckets Whether Amazon S3 should restrict public bucket policies for this bucket. bool false no
sse_config Configures server side encryption for the bucket. The sse_key should either be set to S3 or a KMS Key ID
list(object({
sse_key = string
}))
[] no
static_website_config A data structure that configures the bucket to host a static website list(map(string)) [] no
tags Global tags for resources map {} no
versioning_config Configure versioning on bucket object. Once you version-enable a bucket, it can never return to an unversioned state. You can, however, suspend versioning on that bucket list(map(string)) [] no

Outputs

Name Description
arn The ARN of the bucket. Will be of format arn:aws:s3:::bucketname.
bucket_domain_name The bucket domain name. Will be of format bucketname.s3.amazonaws.com.
bucket_regional_domain_name The bucket region-specific domain name. The bucket domain name including the region name.
hosted_zone_id The Route 53 Hosted Zone ID for this bucket's region.
iam_policy_full_arn ARN of the full right policy
iam_policy_full_description The description of the full right policy
iam_policy_full_id ID of the full right policy
iam_policy_full_name The name of the full right policy
iam_policy_full_policy_document The policy document
iam_policy_read_only_arn ARN of the read only policy
iam_policy_read_only_description The description of the read only policy
iam_policy_read_only_id ID of the read only policy
iam_policy_read_only_name The name of the read only policy
iam_policy_read_only_policy_document The policy document
id The name of the bucket.
kms_alias_arn The Amazon Resource Name (ARN) of the key alias
kms_alias_target_key_arn The Amazon Resource Name (ARN) of the target key identifier
kms_key_arn The Amazon Resource Name (ARN) of the key
kms_key_id Globally unique identifier for the key
region The AWS region this bucket resides in.