terraform-aws-s3-bucket-replication

Description

Terraform module for enabling S3 replication between two buckets.

Will be used for HashiTalks: Africa 2023.

Features:

  • Enable S3 replication between buckets
  • Allow cross-region replication
  • Allow cross-account replication
  • Multiple destinations are supported

AWS documentation


Prerequisites

You will need to create 2 S3 buckets. The examples show possible ways to achieve this.


Usage

See examples dropdown on Terraform Cloud, or browse here.


Testing

This module is tested during development using pytest and tftest. See the tests folder for further details, and in particular the testing readme.


Notes

This repo was created from terraform-aws-template


Known issues

This project is currently unlicenced. Please contact the maintaining team to add a licence.


Contributing

Direct contributions are welcome.

See CONTRIBUTING.md for further information.


Documentation


Inputs

Name Description Type Default Required
aws_iam_role_permissions_boundary AWS IAM Role permissions boundary. string null no
create_iam_resources Whether to create IAM resources. bool true no
name_for_created_iam_resources Name for created IAM resources. string n/a yes
replication_configuration Replication configuration, in priority order. See the comments in variables.tf for usage.
list(object({

destination_bucket_name = string

# S3 bucket prefix to replicate.
prefix = string # coalesced to ""

# Destination S3 bucket KMS Key ARN if applicable.
destination_bucket_kms_key_arn = string

# Destination AWS Account ID. Only use for cross-account replication. When specified, replica object ownership will be set to this account.
destination_aws_account_id = string

# Destination S3 bucket region. If unspecified, then the provider region is used.
destination_bucket_region = string

# Whether delete markers are replicated.
enable_delete_marker_replication = bool # coalesced to true

# Whether to enable S3 Replication Time Control (S3 RTC) and Replication Metrics.
enable_replication_time_control_and_metrics = bool # coalesced to false
})
)
n/a yes
replication_role_arn IAM Role ARN for replication role. string null no
source_bucket_kms_key_arn Source S3 bucket KMS Key ARN string null no
source_bucket_name Source S3 bucket name string n/a yes
source_bucket_region Source S3 bucket region. If unspecified, then the provider region is used. string null no
tags Map of additional tags to assign to created resources. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level. map(string) n/a yes

Modules

No modules.


Outputs

No outputs.


Providers

Name Version
aws ~> 5.0

Requirements

Name Version
terraform >= 0.15.5
aws ~> 5.0

Resources

Name Type
aws_iam_policy.this resource
aws_iam_role.this resource
aws_iam_role_policy_attachment.this resource
aws_s3_bucket_replication_configuration.this resource
aws_iam_policy_document.replication_role_assume_role_policy data source
aws_iam_policy_document.replication_role_policy_document data source
aws_region.current data source