This module creates AWS S3 Bucket with custom policies: Read_Only
, WriteRead_Only
, and FullAccess
.
# main.tf
module "s3_bucket" {
source = "git::https://github.com/lpavliuk/Terraform-Modules.git//aws_s3_bucket"
bucket_prefix = "bucket-name-"
enable_versioning = true
create_iam_policies = false
noncurrent_version_expiration_days = 14
}
Name | Version |
---|---|
terraform | < 2.0.0, >= 1.6.6 |
aws | < 6.0, >= 5.22 |
Name | Description | Type | Default | Required |
---|---|---|---|---|
bucket_prefix | Bucket Prefix. The full bucket name will be generated by AWS module | string |
n/a | yes |
is_public | Defines whether the bucket is public. | bool |
false |
no |
enable_versioning | Enable bucket versioning | bool |
false |
no |
create_iam_policies | Create custom IAM Policies: Read_Only , WriteRead_Only , and FullAccess |
bool |
false |
no |
keep_last_versions_number | Number of last non-current versions to retain forever | number |
0 |
no |
current_version_expiration_days | Number of days a current version expires. NOTE: 0 disables the expiration |
number |
0 |
no |
noncurrent_version_expiration_days | Number of days a non-current version expires | number |
30 |
no |
version_transitions | Version Transitions settings. Available storage_class :- GLACIER - STANDARD_IA - ONEZONE_IA - INTELLIGENT_TIERING - DEEP_ARCHIVE - GLACIER_IR |
list(object({ |
[] |
no |
expired_object_delete_marker | Indicates whether Amazon S3 will remove a delete marker with no noncurrent versions. Conflicts with current_version_expiration_days |
bool |
true |
no |
abort_incomplete_multipart_upload_after_days | Days since the initiation of an incomplete multipart upload that Amazon S3 will wait before permanently removing all parts of the upload |
number |
1 |
no |
enable_replication | Enable bucket replication | bool |
false |
no |
replica_bucket_arn | S3 Bucket ARN that objects will be replicating to | string |
"" |
no |
delete_marker_replication | Enable Delete Marker replication | bool |
false |
no |
aws_cli_profile | AWS CLI Profile used for this module. Used to execute AWS CLI local-exec commands absent in Terraform |
string |
"" |
no |
force_destroy | Allow S3 bucket destruction regardless existed objects | bool |
false |
no |
Name | Description |
---|---|
id | Bucket ID |
arn | Bucket ARN |
name | Bucket Name |
domain_name | Bucket Regional Domain Name |
cross_region_replication | Bucket replication enabled status |
replica_bucket_arn | Replica bucket ARN that objects are replicated to |
iam_policy_read_only_arn | Custom Read Only IAM Policy ARN |
iam_policy_write_read_only_arn | Custom Write and Read Only IAM Policy ARN |
iam_policy_full_access_arn | Custom Full Access IAM Policy ARN |
Name | Type |
---|---|
aws_iam_policy.full_access | resource |
aws_iam_policy.read_only | resource |
aws_iam_policy.write_read_only | resource |
aws_iam_role.replication | resource |
aws_iam_role.s3_batch_operation | resource |
aws_s3_bucket.this | resource |
aws_s3_bucket_acl.this | resource |
aws_s3_bucket_lifecycle_configuration.this | resource |
aws_s3_bucket_ownership_controls.this | resource |
aws_s3_bucket_public_access_block.this | resource |
aws_s3_bucket_replication_configuration.replication | resource |
aws_s3_bucket_versioning.this | resource |
null_resource.s3_batch_operation | resource |
aws_caller_identity.current | data source |
aws_iam_policy_document.replica_role | data source |
aws_iam_policy_document.replication | data source |
aws_iam_policy_document.s3_batch_operation | data source |
aws_iam_policy_document.s3_batch_operation_role | data source |
aws_region.current | data source |