This module sets up an s3 buckets that is shared across aws accounts.
It's 100% Open Source and licensed under the APACHE2.
It's a very simple module to use . The module file:
module "crossaccountbucket" {
source = "JamesWoolfenden/crossaccountbucket/aws"
version = "0.1.6"
name = var.name
aws_canonical_user_id = data.aws_canonical_user_id.prod.aws_canonical_user_id
Secondary_account_id = data.aws_caller_identity.prod.id
} ```
You will need to provide 2 aws providers:
```hcl
provider "aws" {
region = "eu-west-1"
}
provider "aws" {
region = "eu-west-1"
alias = "prod"
}
and supply the account and canonical id to the module. The example supplies and example resource.
No requirements.
| Name | Version |
|---|---|
| aws | n/a |
| null | n/a |
No modules.
| Name | Type |
|---|---|
| aws_s3_bucket.bucket | resource |
| aws_s3_bucket_policy.bucket | resource |
| aws_s3_bucket_public_access_block.bucket | resource |
| null_resource.crossacount-share | resource |
| aws_caller_identity.current | data source |
| aws_canonical_user_id.dev | data source |
| aws_iam_policy_document.canon | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| Secondary_account_id | The account id of the secondary AWS account | string |
n/a | yes |
| aws_canonical_user_id | The canonical id of the account you want to share to (Secondary) | string |
n/a | yes |
| bucketname | Optional name for the bucket to share | string |
"" |
no |
| mfa_delete | To enable/disable MFA delete | bool |
true |
no |
| name | Prefix to the bucketname | string |
n/a | yes |
| sse_algorithm | The type of encryption algorithm to use | string |
"aws:kms" |
no |
| versioning | Enable Versioning on s3 bucket | bool |
true |
no |
| Name | Description |
|---|---|
| bucket | n/a |
| primary-canonical | n/a |
| secondary-canonical | n/a |
This is the policy required to build this project:
The Terraform resource required is:
resource "aws_iam_policy" "terraform_pike" {
name_prefix = "terraform_pike"
path = "/"
description = "Pike Autogenerated policy from IAC"
policy = jsonencode({
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:CreateBucket",
"s3:DeleteBucket",
"s3:GetAccelerateConfiguration",
"s3:GetBucketAcl",
"s3:GetBucketCORS",
"s3:GetBucketLogging",
"s3:GetBucketObjectLockConfiguration",
"s3:GetBucketPolicy",
"s3:GetBucketPublicAccessBlock",
"s3:GetBucketRequestPayment",
"s3:GetBucketTagging",
"s3:GetBucketVersioning",
"s3:GetBucketWebsite",
"s3:GetEncryptionConfiguration",
"s3:GetLifecycleConfiguration",
"s3:GetObject",
"s3:GetObjectAcl",
"s3:GetReplicationConfiguration",
"s3:ListBucket",
"s3:PutBucketPolicy",
"s3:PutBucketPublicAccessBlock"
],
"Resource": "*"
}
]
})
}
Check out these related projects.
- terraform-aws-codebuild - Making a Build pipeline
Got a question?
File a GitHub issue.
Please use the issue tracker to report any bugs or file feature requests.
Copyright 2019-2022 James Woolfenden
See LICENSE for full details.
Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
https://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
