Skip to content
/ terraform-aws-s3-bucket Public

Terraform module to create S3 bucket on AWS

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Infrastrukturait/terraform-aws-s3-bucket

BranchesTags

Repository files navigation

terraform-aws-s3-bucket

WeSupportUkraine

About

Terraform base module for creating a secure AWS S3-Bucket.

License

License: MIT

The MIT License (MIT)

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.

Source: <https://opensource.org/licenses/MIT>

See LICENSE for full details.

Authors

Documentation

Requirements

Name Version
terraform >= 1.0
aws >= 4.9.0
time >= 0.9.1

Modules

No modules.

Resources

Name Type
aws_s3_bucket.this resource
aws_s3_bucket_acl.this resource
aws_s3_bucket_lifecycle_configuration.this resource
aws_s3_bucket_ownership_controls.this resource
aws_s3_bucket_policy.this resource
aws_s3_bucket_public_access_block.this resource
aws_s3_bucket_server_side_encryption_configuration.this resource
aws_s3_bucket_versioning.this resource
aws_s3_bucket_website_configuration.this resource
time_sleep.wait_for_aws_s3_bucket_settings resource
aws_canonical_user_id.this data source

Inputs

Name Description Type Default Required
block_public_acls Set to false to disable the blocking of new public access lists on the bucket. bool true no
block_public_policy Set to false to disable the blocking of new public policies on the bucket. bool true no
bucket_acl The canned ACL to apply.
Deprecated by AWS in favor of bucket policies.
Automatically disabled if bucket_object_ownership is set to "BucketOwnerEnforced".
Defaults to "private" for backwards compatibility, but we recommend setting s3_object_ownership to "BucketOwnerEnforced" instead.		 string null no
bucket_grants A list of policy grants for the bucket, taking a list of permissions.
Conflicts with bucket_acl. Set bucket_acl to null to use this.
Deprecated by AWS in favor of bucket policies.
Automatically disabled if s3_object_ownership is set to "BucketOwnerEnforced".		 
list(object({
    id          = string
    type        = string
    permissions = list(string)
    uri         = string
  }))
 [] no
bucket_name Name of the bucket. If omitted, Terraform will assign a random, unique name. string n/a yes
bucket_object_ownership Specifies the S3 object ownership control.
Valid values are ObjectWriter, BucketOwnerPreferred, and 'BucketOwnerEnforced'.
'BucketOwnerEnforced': ACLs are disabled, and the bucket owner automatically owns and has full control over every object in the bucket.
'BucketOwnerPreferred': Objects uploaded to the bucket change ownership to the bucket owner if the objects are uploaded with the bucket-owner-full-control canned ACL.
'ObjectWriter': The uploading account will own the object if the object is uploaded with the bucket-owner-full-control canned ACL.
Defaults to "ObjectWriter" for backwards compatibility, but we recommend setting "BucketOwnerEnforced" instead.		 string "ObjectWriter" no
bucket_policy A bucket policy in JSON format string "" no
encryption_enabled Boolean to enable server-side encryption for S3 bucket. bool false no
encryption_master_kms_key AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of encryption_sse_algorithm as aws:kms
When empty in use is default aws/s3 AWS KMS master key provided by AWS.		 string "" no
encryption_sse_algorithm server-side encryption algorithm to use. Valid values are AES256 and aws:kms string "AES256" no
force_destroy A boolean that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. bool false no
ignore_public_acls Set to false to disable the ignoring of public access lists on the bucket. bool true no
lifecycle_rules List of maps containing configuration of object lifecycle management.
Example to older objects than 60 days to move to GLACIER storage class:
[
  {
    id      = "example1"
    enabled = true
    transition = [
      {
        days          = 60
        storage_class = "GLACIER"
      }
    ]
  }
]
 any [] no
restrict_public_buckets Set to false to disable the restricting of making the bucket public. bool true no
tags Map of tags to assign to bucket. map(string) {} no
versioning Boolean specifying enabled state of versioning or object containing detailed versioning configuration. bool false no
website_enabled Enable static website hosting on bucket. bool false no
website_error_document The name of the index document for the website. string null no
website_index_document The name of the index document for the website. string null no
website_routing_rules Routing rules to website in JSON format
Example routing rule from KeyPrefix equaled to images to folderdeleted.html object:
[
    {
        "Condition": {
            "KeyPrefixEquals": "images/"
        },
        "Redirect": {
            "ReplaceKeyWith": "folderdeleted.html"
        }
    }
]
 string null no

Outputs

Name Description
arn The ARN of the bucket.
bucket_domain_name The domain name of the bucket.
bucket_regional_domain_name The region-specific domain name of the bucket.
id The name of the bucket.

Examples

module "bucket_label" {
  source  = "cloudposse/label/null"
  version = "v0.25.0"

  namespace  = "app"
  stage      = "prod"
  name       = "logs"
  attributes = ["private"]
  delimiter  = "-"

  tags = {
    "BusinessUnit" = "XYZ",
  }
}

module "app_prod_bucket" {
  source                  = "../../"
  bucket_name             = join(module.bucket_label.delimiter, [module.bucket_label.stage, module.bucket_label.name, var.bucket_name])
  bucket_object_ownership = "BucketOwnerEnforced"
  lifecycle_rules = [
    {
      id      = "log"
      enabled = true

      filter = {
        tags = {
          some    = "value"
          another = "value2"
        }
      }

      transition = [
        {
          days          = 30
          storage_class = "ONEZONE_IA"
        },
        {
          days          = 60
          storage_class = "GLACIER"
        }
      ]

      expiration = {
        days                         = 90
        expired_object_delete_marker = true
      }

      noncurrent_version_expiration = {
        newer_noncurrent_versions = 5
        days                      = 30
      }
    }
  ]

  tags = module.bucket_label.tags
}

About

Terraform module to create S3 bucket on AWS

Topics

aws terraform s3 s3-website s3-bucket terraform-module

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 6

v0.6.0 Latest
Jul 20, 2023
+ 5 releases

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages