aws-terraform-s3
This module builds a s3 bucket with varying options.
It will not do s3 origin, which is in another module.
Basic Usage
module "s3" {
source = "[email protected]:rackspace-infrastructure-automation/aws-terraform-s3//?ref=v0.12.3"
bucket_acl = "bucket-owner-full-control"
bucket_logging = false
environment = "Development"
lifecycle_enabled = true
name = "${random_string.s3_rstring.result}-example-s3-bucket"
noncurrent_version_expiration_days = "425"
noncurrent_version_transition_glacier_days = "60"
noncurrent_version_transition_ia_days = "30"
object_expiration_days = "425"
transition_to_glacier_days = "60"
transition_to_ia_days = "30"
versioning = true
website = true
website_error = "error.html"
website_index = "index.html"
tags = {
RightSaid = "Fred"
LeftSaid = "George"
}
}
Full working references are available at examples
Terraform 0.12 upgrade
Several changes were required while adding terraform 0.12 compatibility. The following changes should be
made when upgrading from a previous release to version 0.12.0 or higher.
Module variables
The following module variables were updated to better meet current Rackspace style guides:
bucket_name
->name
kms_master_key_id
->kms_key_id
bucket_tags
->tags
Providers
Name | Version |
---|---|
aws | >= 2.7.0 |
Inputs
Name | Description | Type | Default | Required |
---|---|---|---|---|
allowed_headers | Specifies which headers are allowed. | list(string) |
[] |
no |
allowed_methods | (Required) Specifies which methods are allowed. Can be GET, PUT, POST, DELETE or HEAD. | list(string) |
[] |
no |
allowed_origins | (Required) Specifies which origins are allowed. | list(string) |
[] |
no |
bucket_acl | Bucket ACL. Must be either authenticated-read, aws-exec-read, bucket-owner-read, bucket-owner-full-control, log-delivery-write, private, public-read or public-read-write. For more details https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl | string |
"bucket-owner-full-control" |
no |
bucket_logging | Enable bucket logging. Will store logs in another existing bucket. You must give the log-delivery group WRITE and READ_ACP permissions to the target bucket. i.e. true | false | bool |
false |
no |
environment | Application environment for which this network is being created. must be one of ['Development', 'Integration', 'PreProduction', 'Production', 'QA', 'Staging', 'Test'] | string |
"Development" |
no |
expose_headers | Specifies expose header in the response. | list(string) |
[] |
no |
force_destroy_bucket | A boolean that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable. | bool |
false |
no |
kms_key_id | The AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of sse_algorithm as aws:kms. | string |
"" |
no |
lifecycle_enabled | Enable object lifecycle management. i.e. true | false | bool |
false |
no |
lifecycle_rule_prefix | Object keyname prefix identifying one or more objects to which the rule applies. Set as an empty string to target the whole bucket. | string |
"" |
no |
logging_bucket_name | Name of the existing bucket where the logs will be stored. | string |
"" |
no |
logging_bucket_prefix | Prefix for all log object keys. i.e. logs/ | string |
"" |
no |
max_age_seconds | Specifies time in seconds that browser can cache the response for a preflight request. | number |
600 |
no |
name | The name of the S3 bucket for the access logs. The bucket name can contain only lowercase letters, numbers, periods (.), and dashes (-). Must be globally unique. If changed, forces a new resource. | string |
n/a | yes |
noncurrent_version_expiration_days | Indicates after how many days we are deleting previous version of objects. Set to 0 to disable or at least 365 days longer than noncurrent_version_transition_glacier_days. i.e. 0 to disable, 1-999 otherwise | number |
0 |
no |
noncurrent_version_transition_glacier_days | Indicates after how many days we are moving previous versions to Glacier. Should be 0 to disable or at least 30 days longer than noncurrent_version_transition_ia_days. i.e. 0 to disable, 1-999 otherwise | number |
0 |
no |
noncurrent_version_transition_ia_days | Indicates after how many days we are moving previous version objects to Standard-IA storage. Set to 0 to disable. | number |
0 |
no |
object_expiration_days | Indicates after how many days we are deleting current version of objects. Set to 0 to disable or at least 365 days longer than TransitionInDaysGlacier. i.e. 0 to disable, otherwise 1-999 | number |
0 |
no |
rax_mpu_cleanup_enabled | Enable Rackspace default values for cleanup of Multipart Uploads. | bool |
true |
no |
sse_algorithm | The server-side encryption algorithm to use. Valid values are AES256, aws:kms, and none | string |
"AES256" |
no |
tags | A map of tags to be applied to the Bucket. i.e {Environment='Development'} | map(string) |
{} |
no |
transition_to_glacier_days | Indicates after how many days we are moving current versions to Glacier. Should be 0 to disable or at least 30 days longer than transition_to_ia_days. i.e. 0 to disable, otherwise 1-999 | number |
0 |
no |
transition_to_ia_days | Indicates after how many days we are moving current objects to Standard-IA storage. i.e. 0 to disable, otherwise 1-999 | number |
0 |
no |
versioning | Enable bucket versioning. i.e. true | false | bool |
false |
no |
website | Use bucket as a static website. i.e. true | false | bool |
false |
no |
website_error | Location of Error HTML file. i.e. error.html | string |
"error.html" |
no |
website_index | Location of Index HTML file. i.e index.html | string |
"index.html" |
no |
Outputs
Name | Description |
---|---|
bucket_arn | The ARN of the bucket. Will be of format arn:aws:s3:::bucketname. |
bucket_domain_name | The bucket domain name. Will be of format bucketname.s3.amazonaws.com. |
bucket_hosted_zone_id | The Route 53 Hosted Zone ID for this bucket's region. |
bucket_id | The name of the bucket. |
bucket_region | The AWS region this bucket resides in. |
bucket_website_domain | The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records. |
bucket_website_endpoint | The website endpoint, if the bucket is configured with a website. If not, this will be an empty string. |