Generic repository for a terraform module for AWS S3 encrypted Bucket (via AWS KMS key) with access logging enabled
Module that creates:
- KMS key (and respective alias) to encrypt the bucket contents
- S3 bucket pointing to another S3 bucket where it stores access logs
Optionally:
- Enable versioning in bucket
- enable lifecycle rules to move objects to cheaper storage options, such as S3 IA or Glacier
Example usage:
module "dev_s3_encrypted" {
source = "bitbucket.org/geanalytics/terraform-module-aws-storage-s3-logging-encrypted"
version = "v0.0.1"
environment = "dev"
project = "analytics"
region = "eu-west-1"
s3_bucket_name = "mybucket"
s3_bucket_acl = "private"
kms_key_alias = "${var.science_dev_env}-${var.project}-mybucket-key"
target_bucket_id = "access-logs-storing-bucket"
versioning_enabled = true
transition_lifecycle_rule_enabled = false
expiration_lifecycle_rule_enabled = false
}
Whenever you bump this module's version, please add a summary description of the changes performed, so that collaboration across developers becomes easier.
- version v0.0.1 - first module release
To update this module please follow the following proceedure:
- make your changes following the normal git workflow
- after merging the your changes to master, comes the most important part, namely versioning using tags:
git tag v0.0.2
- push the tag to the remote git repository:
git push origin master tag v0.0.2
brew install terraform
- In order to automatic format terraform code (and have it cleaner), we use pre-commit hook. To install pre-commit.
- Run pre-commit install to setup locally hook for terraform code cleanup.
pre-commit install