Use this URL for the source of the module. See the usage examples below for more details.
github.com/pbs/terraform-aws-s3-module?ref=4.0.14
More information can be found on these install methods and more in the documentation here.
This module provisions an S3 bucket.
The bucket will be AES256
encrypted, without the option to adjust that.
By default, the bucket will be versioned. This can be adjusted by using the is_versioned
parameter.
If your use case requires adjusting the CORS configuration of the bucket, that is exposed through the cors_rules
parameter.
Integrate this module like so:
module "s3" {
source = "github.com/pbs/terraform-aws-s3-module?ref=4.0.14"
# Tagging Parameters
organization = var.organization
environment = var.environment
product = var.product
repo = var.repo
# Optional Parameters
}
It is highly recommended that you integrate an inventory prefix when using this module.
Do this like so:
module "s3" {
source = "../modules/s3"
# Tagging Parameters
organization = var.organization
environment = var.environment
product = var.product
repo = var.repo
# Optional Parameters
inventory_bucket = var.inventory_bucket
}
If this repo is added as a subtree, then the version of the module should be close to the version shown here:
4.0.14
Note, however that subtrees can be altered as desired within repositories.
Further documentation on usage can be found here.
Below is automatically generated documentation on this Terraform module using terraform-docs
Name | Version |
---|---|
terraform | >= 1.3.2 |
aws | >= 4.5.0 |
Name | Version |
---|---|
aws | 5.24.0 |
Name | Source | Version |
---|---|---|
s3_policy | github.com/pbs/terraform-aws-s3-bucket-policy-module | 1.0.21 |
Name | Type |
---|---|
aws_iam_role.replication_role | resource |
aws_iam_role_policy.replication_policy | resource |
aws_s3_bucket.bucket | resource |
aws_s3_bucket_acl.acl | resource |
aws_s3_bucket_cors_configuration.cors_configuration | resource |
aws_s3_bucket_inventory.inventory_prefix | resource |
aws_s3_bucket_lifecycle_configuration.lifecycle_configuration | resource |
aws_s3_bucket_ownership_controls.ownership_controls | resource |
aws_s3_bucket_public_access_block.public_access_block | resource |
aws_s3_bucket_replication_configuration.replication | resource |
aws_s3_bucket_server_side_encryption_configuration.encryption | resource |
aws_s3_bucket_versioning.versioning | resource |
aws_caller_identity.current | data source |
aws_default_tags.common_tags | data source |
aws_iam_policy_document.s3_assume_role_policy | data source |
Name | Description | Type | Default | Required |
---|---|---|---|---|
environment | Environment (sharedtools, dev, staging, qa, prod) | string |
n/a | yes |
organization | Organization using this module. Used to prefix tags so that they are easily identified as being from your organization | string |
n/a | yes |
product | Tag used to group resources according to product | string |
n/a | yes |
repo | Tag used to point to the repo using this module | string |
n/a | yes |
acl | ACL configuration for the bucket. If an ACL is not provided, the bucket will be created with ACLs disabled | object({ |
null |
no |
allow_anonymous_vpce_access | Create bucket policy that allows anonymous VPCE access. | bool |
false |
no |
block_public_acls | Whether Amazon S3 should block public ACLs for this bucket. | bool |
true |
no |
block_public_policy | Whether Amazon S3 should block public bucket policies for this bucket. | bool |
true |
no |
bucket_policy | Policy to apply to the bucket. If null, one will be guessed based on other variables. | string |
null |
no |
cloudfront_oac_access_statements | List of objects that define the CloudFront origin access identity access statement. Each object must have a cloudfront_arn and path key. |
list(object({ |
[] |
no |
cors_rules | CORS Rules | set(object({ |
[] |
no |
create_bucket_policy | Create a bucket policy for the bucket | bool |
true |
no |
force_destroy | Allow destruction of an S3 bucket without clearing out the contents first | bool |
false |
no |
force_tls | Deny HTTP requests that are made to the bucket without TLS. | bool |
true |
no |
ignore_public_acls | Whether Amazon S3 should ignore public ACLs for this bucket. | bool |
true |
no |
inventory_config | Inventory configuration | object({ |
null |
no |
is_versioned | Is versioning enabled? | bool |
true |
no |
lifecycle_rules | List of maps containing configuration of object lifecycle management. | list(object({ |
[ |
no |
name | Name to use for the bucket. If null, will default to product. | string |
null |
no |
override_policy_documents | List of IAM policy documents that are merged together into the exported document. In merging, statements with non-blank sids will override statements with the same sid from earlier documents in the list. Statements with non-blank sids will also override statements with the same sid from documents provided in the source_json and source_policy_documents arguments. Non-overriding statements will be added to the exported document. | list(string) |
null |
no |
replication_configuration_set | Set of (single) replication that needs to be managed by this bucket. If empty, no replication takes place. | set(object({ |
[] |
no |
replication_configuration_shortcut | Shorthand version of the configuration used in replication_configuration_set. Is overridden by replication_configuration_set if defined. | object({ |
null |
no |
replication_source | The account number and role for the source bucket in a replication configuration. | object({ |
null |
no |
restrict_public_buckets | Whether Amazon S3 should restrict public bucket policies for this bucket. | bool |
true |
no |
source_policy_documents | List of IAM policy documents that are merged together into the exported document. Statements defined in source_policy_documents or source_json must have unique sids. Statements with the same sid from documents assigned to the override_json and override_policy_documents arguments will override source statements. | list(string) |
null |
no |
tags | Extra tags | map(string) |
{} |
no |
use_prefix | Create bucket with prefix instead of explicit name | bool |
true |
no |
vpce | Name of the VPC endpoint that should have access to this bucket. Only used when allow_anonymous_vpce_access is true. |
string |
null |
no |
Name | Description |
---|---|
arn | ARN of the bucket |
name | Name of the bucket |
regional_domain_name | Regional domain name |
replication_role | Replication role if exists |