/terraform-aws-s3-bucket-1

Terraform module which creates S3 bucket resources on AWS

Primary LanguageHCLOtherNOASSERTION

AWS S3 bucket Terraform module

Terraform module which creates S3 bucket on AWS with all (or almost all) features provided by Terraform AWS provider.

This type of resources are supported:

These features of S3 bucket configurations are supported:

  • static web-site hosting
  • access logging
  • versioning
  • CORS
  • lifecycle rules
  • server-side encryption
  • object locking
  • Cross-Region Replication (CRR)
  • ELB log delivery bucket policy

Terraform versions

Terraform 0.12 and above are supported.

Usage

Private bucket with versioning enabled

module "s3_bucket" {
  source = "terraform-aws-modules/s3-bucket/aws"

  bucket = "my-s3-bucket"
  acl    = "private"

  versioning = {
    enabled = true
  }

}

Bucket with ELB access log delivery policy attached

module "s3_bucket_for_logs" {
  source = "terraform-aws-modules/s3-bucket/aws"

  bucket = "my-s3-bucket-for-logs"
  acl    = "log-delivery-write"

  # Allow deletion of non-empty bucket
  force_destroy = true

  attach_elb_log_delivery_policy = true
}

Conditional creation

Sometimes you need to have a way to create S3 resources conditionally but Terraform does not allow to use count inside module block, so the solution is to specify argument create_bucket.

# This S3 bucket will not be created
module "s3_bucket" {
  source = "terraform-aws-modules/s3-bucket/aws"

  create_bucket = false
  # ... omitted
}

Examples:

Requirements

Name Version
terraform >= 0.12.6, < 0.14
aws ~> 2.35

Providers

Name Version
aws ~> 2.35

Inputs

Name Description Type Default Required
acceleration_status (Optional) Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended. string null no
acl (Optional) The canned ACL to apply. Defaults to 'private'. string "private" no
attach_elb_log_delivery_policy Controls if S3 bucket should have ELB log delivery policy attached bool false no
attach_policy Controls if S3 bucket should have bucket policy attached (set to true to use value of policy as bucket policy) bool false no
attach_public_policy Controls if a user defined public bucket policy will be attached (set to false to allow upstream to apply defaults to the bucket) bool true no
block_public_acls Whether Amazon S3 should block public ACLs for this bucket. bool false no
block_public_policy Whether Amazon S3 should block public bucket policies for this bucket. bool false no
bucket (Optional, Forces new resource) The name of the bucket. If omitted, Terraform will assign a random, unique name. string null no
bucket_prefix (Optional, Forces new resource) Creates a unique bucket name beginning with the specified prefix. Conflicts with bucket. string null no
cors_rule Map containing a rule of Cross-Origin Resource Sharing. any {} no
create_bucket Controls if S3 bucket should be created bool true no
force_destroy (Optional, Default:false ) A boolean that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable. bool false no
ignore_public_acls Whether Amazon S3 should ignore public ACLs for this bucket. bool false no
lifecycle_rule List of maps containing configuration of object lifecycle management. any [] no
logging Map containing access bucket logging configuration. map(string) {} no
object_lock_configuration Map containing S3 object locking configuration. any {} no
policy (Optional) A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), Terraform may view the policy as constantly changing in a terraform plan. In this case, please make sure you use the verbose/specific version of the policy. For more information about building AWS IAM policy documents with Terraform, see the AWS IAM Policy Document Guide. string null no
region (Optional) If specified, the AWS region this bucket should reside in. Otherwise, the region used by the callee. string null no
replication_configuration Map containing cross-region replication configuration. any {} no
request_payer (Optional) Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information. string null no
restrict_public_buckets Whether Amazon S3 should restrict public bucket policies for this bucket. bool false no
server_side_encryption_configuration Map containing server-side encryption configuration. any {} no
tags (Optional) A mapping of tags to assign to the bucket. map(string) {} no
versioning Map containing versioning configuration. map(string) {} no
website Map containing static web-site hosting or redirect configuration. map(string) {} no

Outputs

Name Description
this_s3_bucket_arn The ARN of the bucket. Will be of format arn:aws:s3:::bucketname.
this_s3_bucket_bucket_domain_name The bucket domain name. Will be of format bucketname.s3.amazonaws.com.
this_s3_bucket_bucket_regional_domain_name The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.
this_s3_bucket_hosted_zone_id The Route 53 Hosted Zone ID for this bucket's region.
this_s3_bucket_id The name of the bucket.
this_s3_bucket_region The AWS region this bucket resides in.
this_s3_bucket_website_domain The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.
this_s3_bucket_website_endpoint The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.

Authors

Module managed by Anton Babenko.

License

Apache 2 Licensed. See LICENSE for full details.