/terraform-aws-s3-bucket

terraform-aws-s3-bucket

Primary LanguageHCLApache License 2.0Apache-2.0

Version Link Date
4.0.1 https://github.com/terraform-aws-modules/terraform-aws-s3-bucket 17/01/2024

Providers

The following providers are used by this module:

  • aws (>= 5.27)

Modules

No modules.

Resources

The following resources are used by this module:

Required Inputs

No required inputs.

Optional Inputs

The following input variables are optional (have default values):

acceleration_status

Description: (Optional) Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended.

Type: string

Default: null

access_log_delivery_policy_source_accounts

Description: (Optional) List of AWS Account IDs should be allowed to deliver access logs to this bucket.

Type: list(string)

Default: []

access_log_delivery_policy_source_buckets

Description: (Optional) List of S3 bucket ARNs wich should be allowed to deliver access logs to this bucket.

Type: list(string)

Default: []

acl

Description: (Optional) The canned ACL to apply. Conflicts with grant

Type: string

Default: null

allowed_kms_key_arn

Description: The ARN of KMS key which should be allowed in PutObject

Type: string

Default: null

analytics_configuration

Description: Map containing bucket analytics configuration.

Type: any

Default: {}

analytics_self_source_destination

Description: Whether or not the analytics source bucket is also the destination bucket.

Type: bool

Default: false

analytics_source_account_id

Description: The analytics source account id.

Type: string

Default: null

analytics_source_bucket_arn

Description: The analytics source bucket ARN.

Type: string

Default: null

attach_access_log_delivery_policy

Description: Controls if S3 bucket should have S3 access log delivery policy attached

Type: bool

Default: false

attach_analytics_destination_policy

Description: Controls if S3 bucket should have bucket analytics destination policy attached.

Type: bool

Default: false

attach_deny_incorrect_encryption_headers

Description: Controls if S3 bucket should deny incorrect encryption headers policy attached.

Type: bool

Default: false

attach_deny_incorrect_kms_key_sse

Description: Controls if S3 bucket policy should deny usage of incorrect KMS key SSE.

Type: bool

Default: false

attach_deny_insecure_transport_policy

Description: Controls if S3 bucket should have deny non-SSL transport policy attached

Type: bool

Default: false

attach_deny_unencrypted_object_uploads

Description: Controls if S3 bucket should deny unencrypted object uploads policy attached.

Type: bool

Default: false

attach_elb_log_delivery_policy

Description: Controls if S3 bucket should have ELB log delivery policy attached

Type: bool

Default: false

attach_inventory_destination_policy

Description: Controls if S3 bucket should have bucket inventory destination policy attached.

Type: bool

Default: false

attach_lb_log_delivery_policy

Description: Controls if S3 bucket should have ALB/NLB log delivery policy attached

Type: bool

Default: false

attach_policy

Description: Controls if S3 bucket should have bucket policy attached (set to true to use value of policy as bucket policy)

Type: bool

Default: false

attach_public_policy

Description: Controls if a user defined public bucket policy will be attached (set to false to allow upstream to apply defaults to the bucket)

Type: bool

Default: true

attach_require_latest_tls_policy

Description: Controls if S3 bucket should require the latest version of TLS

Type: bool

Default: false

block_public_acls

Description: Whether Amazon S3 should block public ACLs for this bucket.

Type: bool

Default: true

block_public_policy

Description: Whether Amazon S3 should block public bucket policies for this bucket.

Type: bool

Default: true

bucket

Description: (Optional, Forces new resource) The name of the bucket. If omitted, Terraform will assign a random, unique name.

Type: string

Default: null

bucket_prefix

Description: (Optional, Forces new resource) Creates a unique bucket name beginning with the specified prefix. Conflicts with bucket.

Type: string

Default: null

control_object_ownership

Description: Whether to manage S3 Bucket Ownership Controls on this bucket.

Type: bool

Default: false

cors_rule

Description: List of maps containing rules for Cross-Origin Resource Sharing.

Type: any

Default: []

create_bucket

Description: Controls if S3 bucket should be created

Type: bool

Default: true

expected_bucket_owner

Description: The account ID of the expected bucket owner

Type: string

Default: null

force_destroy

Description: (Optional, Default:false ) A boolean that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.

Type: bool

Default: false

grant

Description: An ACL policy grant. Conflicts with acl

Type: any

Default: []

ignore_public_acls

Description: Whether Amazon S3 should ignore public ACLs for this bucket.

Type: bool

Default: true

intelligent_tiering

Description: Map containing intelligent tiering configuration.

Type: any

Default: {}

inventory_configuration

Description: Map containing S3 inventory configuration.

Type: any

Default: {}

inventory_self_source_destination

Description: Whether or not the inventory source bucket is also the destination bucket.

Type: bool

Default: false

inventory_source_account_id

Description: The inventory source account id.

Type: string

Default: null

inventory_source_bucket_arn

Description: The inventory source bucket ARN.

Type: string

Default: null

lifecycle_rule

Description: List of maps containing configuration of object lifecycle management.

Type: any

Default: []

logging

Description: Map containing access bucket logging configuration.

Type: any

Default: {}

metric_configuration

Description: Map containing bucket metric configuration.

Type: any

Default: []

object_lock_configuration

Description: Map containing S3 object locking configuration.

Type: any

Default: {}

object_lock_enabled

Description: Whether S3 bucket should have an Object Lock configuration enabled.

Type: bool

Default: false

object_ownership

Description: Object ownership. Valid values: BucketOwnerEnforced, BucketOwnerPreferred or ObjectWriter. 'BucketOwnerEnforced': ACLs are disabled, and the bucket owner automatically owns and has full control over every object in the bucket. 'BucketOwnerPreferred': Objects uploaded to the bucket change ownership to the bucket owner if the objects are uploaded with the bucket-owner-full-control canned ACL. 'ObjectWriter': The uploading account will own the object if the object is uploaded with the bucket-owner-full-control canned ACL.

Type: string

Default: "BucketOwnerEnforced"

owner

Description: Bucket owner's display name and ID. Conflicts with acl

Type: map(string)

Default: {}

policy

Description: (Optional) A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), Terraform may view the policy as constantly changing in a terraform plan. In this case, please make sure you use the verbose/specific version of the policy. For more information about building AWS IAM policy documents with Terraform, see the AWS IAM Policy Document Guide.

Type: string

Default: null

putin_khuylo

Description: Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo!

Type: bool

Default: true

replication_configuration

Description: Map containing cross-region replication configuration.

Type: any

Default: {}

request_payer

Description: (Optional) Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information.

Type: string

Default: null

restrict_public_buckets

Description: Whether Amazon S3 should restrict public bucket policies for this bucket.

Type: bool

Default: true

server_side_encryption_configuration

Description: Map containing server-side encryption configuration.

Type: any

Default: {}

tags

Description: (Optional) A mapping of tags to assign to the bucket.

Type: map(string)

Default: {}

versioning

Description: Map containing versioning configuration.

Type: map(string)

Default: {}

website

Description: Map containing static web-site hosting or redirect configuration.

Type: any

Default: {}

Outputs

The following outputs are exported:

s3_bucket_arn

Description: The ARN of the bucket. Will be of format arn:aws:s3:::bucketname.

s3_bucket_bucket_domain_name

Description: The bucket domain name. Will be of format bucketname.s3.amazonaws.com.

s3_bucket_bucket_regional_domain_name

Description: The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.

s3_bucket_hosted_zone_id

Description: The Route 53 Hosted Zone ID for this bucket's region.

s3_bucket_id

Description: The name of the bucket.

s3_bucket_lifecycle_configuration_rules

Description: The lifecycle rules of the bucket, if the bucket is configured with lifecycle rules. If not, this will be an empty string.

s3_bucket_policy

Description: The policy of the bucket, if the bucket is configured with a policy. If not, this will be an empty string.

s3_bucket_region

Description: The AWS region this bucket resides in.

s3_bucket_website_domain

Description: The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.

s3_bucket_website_endpoint

Description: The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.