Skip to content

T
terraform-aws-s3-bucket
Commit c56f082f authored by Anton Babenko's avatar Anton Babenko
Browse files
Options

Minor formatting, cleanups, readme

parent dc9864d5
Hide whitespace changes
Inline Side-by-side
Showing with 524 additions and 522 deletions
.chglog/CHANGELOG.tpl.md 0 → 100644
View file @ c56f082f
{{ if .Versions -}}
<a name="unreleased"></a>
## [Unreleased]
{{ if .Unreleased.CommitGroups -}}
{{ range .Unreleased.CommitGroups -}}
### {{ .Title }}
{{ range .Commits -}}
- {{ if .Scope }}**{{ .Scope }}:** {{ end }}{{ .Subject }}
{{ end }}
{{ end -}}
{{ else }}
{{ range .Unreleased.Commits -}}
- {{ if .Scope }}**{{ .Scope }}:** {{ end }}{{ .Subject }}
{{ end }}
{{ end -}}
{{ end -}}
{{ range .Versions }}
<a name="{{ .Tag.Name }}"></a>
## {{ if .Tag.Previous }}[{{ .Tag.Name }}]{{ else }}{{ .Tag.Name }}{{ end }} - {{ datetime "2006-01-02" .Tag.Date }}
{{ if .CommitGroups -}}
{{ range .CommitGroups -}}
### {{ .Title }}
{{ range .Commits -}}
- {{ if .Scope }}**{{ .Scope }}:** {{ end }}{{ .Subject }}
{{ end }}
{{ end -}}
{{ else }}
{{ range .Commits -}}
- {{ if .Scope }}**{{ .Scope }}:** {{ end }}{{ .Subject }}
{{ end }}
{{ end -}}
{{- if .NoteGroups -}}
{{ range .NoteGroups -}}
### {{ .Title }}
{{ range .Notes }}
{{ .Body }}
{{ end }}
{{ end -}}
{{ end -}}
{{ end -}}
{{- if .Versions }}
[Unreleased]: {{ .Info.RepositoryURL }}/compare/{{ $latest := index .Versions 0 }}{{ $latest.Tag.Name }}...HEAD
{{ range .Versions -}}
{{ if .Tag.Previous -}}
[{{ .Tag.Name }}]: {{ $.Info.RepositoryURL }}/compare/{{ .Tag.Previous.Name }}...{{ .Tag.Name }}
{{ end -}}
{{ end -}}
{{ end -}}
\ No newline at end of file
.chglog/config.yml 0 → 100644
View file @ c56f082f
style: github
template: CHANGELOG.tpl.md
info:
title: CHANGELOG
repository_url: https://github.com/terraform-aws-modules/terraform-aws-s3-bucket
options:
header:
pattern: "^(.*)$"
pattern_maps:
- Subject
.editorconfig 0 → 100644
View file @ c56f082f
# EditorConfig is awesome: http://EditorConfig.org
# Uses editorconfig to maintain consistent coding styles
# top-most EditorConfig file
root = true
# Unix-style newlines with a newline ending every file
[*]
charset = utf-8
end_of_line = lf
indent_size = 2
indent_style = space
insert_final_newline = true
max_line_length = 80
trim_trailing_whitespace = true
[*.{tf,tfvars}]
indent_size = 2
indent_style = space
[*.md]
max_line_length = 0
trim_trailing_whitespace = false
[Makefile]
tab_width = 2
indent_style = tab
[COMMIT_EDITMSG]
max_line_length = 0
\ No newline at end of file
.gitignore
View file @ c56f082f
.terraform
# Created by https://www.gitignore.io/api/terraform terraform.tfstate
# Edit at https://www.gitignore.io/?templates=terraform *.tfstate*
terraform.tfvars
### Terraform ###
# Local .terraform directories
**/.terraform/*
# .tfstate files
*.tfstate
*.tfstate.*
# Crash log files
crash.log
# Ignore any .tfvars files that are generated automatically for each Terraform run. Most
# .tfvars files are managed as part of configuration and so should be included in
# version control.
#
# example.tfvars
# Ignore override files as they are usually used to override resources locally and so
# are not checked in
override.tf
override.tf.json
*_override.tf
*_override.tf.json
# Include override files you do wish to add to version control using negated pattern
#
# !example_override.tf
# End of https://www.gitignore.io/api/terraform
.pre-commit-config.yaml 0 → 100644
View file @ c56f082f
repos:
- repo: git://github.com/antonbabenko/pre-commit-terraform
rev: v1.17.0
hooks:
- id: terraform_fmt
- id: terraform_docs
- repo: git://github.com/pre-commit/pre-commit-hooks
rev: v2.2.3
hooks:
- id: check-merge-conflict
LICENSE 0 → 100644
View file @ c56f082f
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Makefile 0 → 100644
View file @ c56f082f
.PHONY: changelog release
changelog:
git-chglog -o CHANGELOG.md --next-tag `semtag final -s minor -o`
release:
semtag final -s minor
README.md
View file @ c56f082f
# terraform-aws-s3-bucket # AWS S3 bucket Terraform module
Terraform module which creates S3 bucket resources on AWS
__terraform-aws-s3-bucket module compatible with terraform 0.12+.__ Terraform module which creates S3 bucket resources on AWS.
This type of resources are supported:
* [S3 bucket](https://www.terraform.io/docs/providers/aws/r/s3_bucket.html)
These S3 Bucket configurations are supported: These S3 Bucket configurations are supported:
...@@ -22,19 +25,31 @@ In Cross Region Replication (in replication_configuration/rules block): ...@@ -22,19 +25,31 @@ In Cross Region Replication (in replication_configuration/rules block):
Object Lock Configuration block(object_lock_configuration) (this configuration block is not supported yet). Object Lock Configuration block(object_lock_configuration) (this configuration block is not supported yet).
``` ```
# Usage: ## Terraform versions
Only Terraform 0.12 is supported.
## Usage
- **Private Bucket** - **Private Bucket**
``` ```hcl
module "my_bucket" { module "s3_bucket" {
source = "../.." source = "terraform-aws-modules/s3-bucket/aws"
bucket = "my-tf-test-bucket"
bucket = "s3-tf-example-versioning"
acl = "private" acl = "private"
versioning_inputs = [
{
enabled = true
mfa_delete = null
},
]
} }
``` ```
# Examples: ## Examples:
* [S3-CORS](https://github.com/terraform-aws-modules/terraform-aws-s3-bucket/tree/master/examples/s3-cors) * [S3-CORS](https://github.com/terraform-aws-modules/terraform-aws-s3-bucket/tree/master/examples/s3-cors)
* [S3-Lifecycle-Rules](https://github.com/terraform-aws-modules/terraform-aws-s3-bucket/tree/master/examples/s3-lifecycle-rules) * [S3-Lifecycle-Rules](https://github.com/terraform-aws-modules/terraform-aws-s3-bucket/tree/master/examples/s3-lifecycle-rules)
...@@ -43,7 +58,7 @@ Object Lock Configuration block(object_lock_configuration) (this configuration b ...@@ -43,7 +58,7 @@ Object Lock Configuration block(object_lock_configuration) (this configuration b
* [S3-Versioning](https://github.com/terraform-aws-modules/terraform-aws-s3-bucket/tree/master/examples/s3-versioning) * [S3-Versioning](https://github.com/terraform-aws-modules/terraform-aws-s3-bucket/tree/master/examples/s3-versioning)
* [S3-Website](https://github.com/terraform-aws-modules/terraform-aws-s3-bucket/tree/master/examples/s3-website) * [S3-Website](https://github.com/terraform-aws-modules/terraform-aws-s3-bucket/tree/master/examples/s3-website)
# Inputs notes: ## Inputs notes
``` ```
The Terraform "aws_s3_bucket" resource has some nested configuration blocks and this was translated The Terraform "aws_s3_bucket" resource has some nested configuration blocks and this was translated
to this module as lists of objects. Each configuration block was renamed as it follows: to this module as lists of objects. Each configuration block was renamed as it follows:
...@@ -71,152 +86,49 @@ logging { ...@@ -71,152 +86,49 @@ logging {
target_prefix = "log/" target_prefix = "log/"
} }
``` ```
# Inputs:
<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
## Inputs
| Name | Description | Type | Default | Required | | Name | Description | Type | Default | Required |
|------|-------------|:----:|:-----:|:-----:| |------|-------------|:----:|:-----:|:-----:|
| bucket | (Forces new resource) The name of the bucket. If omitted, Terraform will assign a random, unique name. | string | null | no | | acceleration\_status | (Optional) Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended. | string | `"null"` | no |
| bucket_prefix | (Forces new resource) Creates a unique bucket name beginning with the specified prefix. Conflicts with bucket. | string | null | no | | acl | (Optional) The canned ACL to apply. Defaults to 'private'. | string | `"private"` | no |
| acl | The canned ACL to apply. Defaults to "private". | string | null | no | | bucket | (Optional, Forces new resource) The name of the bucket. If omitted, Terraform will assign a random, unique name. | string | `"null"` | no |
| policy | A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), Terraform may view the policy as constantly changing in a terraform plan. In this case, please make sure you use the verbose/specific version of the policy. For more information about building AWS IAM policy documents with Terraform, see the AWS IAM Policy Document Guide | string | null | no | | bucket\_prefix | (Optional, Forces new resource) Creates a unique bucket name beginning with the specified prefix. Conflicts with bucket. | string | `"null"` | no |
| tags | A mapping of tags to assign to the bucket. | map | null | no | | cors\_rule\_inputs | | object | `"null"` | no |
| force_destroy | A boolean that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable. | boolean | false | no | | force\_destroy | (Optional, Default:false ) A boolean that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable. | string | `"false"` | no |
| website_inputs | A website object (documented below). | list(object) | null | no | | lifecycle\_rule\_inputs | | object | `"null"` | no |
| cors_rule_inputs | A rule of Cross-Origin Resource Sharing (documented below). | list(object) | null | no | | logging\_inputs | | object | `"null"` | no |
| versioning_inputs | A state of versioning (documented below) | list(object) | null | no | | object\_lock\_configuration\_inputs | | object | `"null"` | no |
| logging_inputs | A settings of bucket logging (documented below). | list(object) | null | no | | policy | (Optional) A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), Terraform may view the policy as constantly changing in a terraform plan. In this case, please make sure you use the verbose/specific version of the policy. For more information about building AWS IAM policy documents with Terraform, see the AWS IAM Policy Document Guide. | string | `"null"` | no |
| lifecycle_rule_inputs | A configuration of object lifecycle management (documented below). | list(object) | null | no | | region | (Optional) If specified, the AWS region this bucket should reside in. Otherwise, the region used by the callee. | string | `"null"` | no |
| acceleration_status | Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended. | string | null | no | | replication\_configuration\_inputs | | object | `"null"` | no |
| region | If specified, the AWS region this bucket should reside in. Otherwise, the region used by the callee. | string | null | no | | request\_payer | (Optional) Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information. | string | `"null"` | no |
| request_payer | Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information. | string | null | no | | server\_side\_encryption\_configuration\_inputs | | object | `"null"` | no |
| replication_configuration_inputs | A configuration of replication configuration (documented below). | list(object) | null | no | | tags | (Optional) A mapping of tags to assign to the bucket. | map | `{}` | no |
| server_side_encryption_configuration_inputs | A configuration of server-side encryption configuration (documented below) | list(object) | null | no | | versioning\_inputs | | object | `"null"` | no |
| **object_lock_configuration_inputs** | **(Not implemented yet)** A configuration of S3 object locking (documented below) | list(object) | null | no | | website\_inputs | | object | `"null"` | no |
## Outputs
# website_inputs:
| Name | Description | Type | Required |
|------|-------------|:----:|:-----:|
| index_document | Amazon S3 returns this index document when requests are made to the root domain or any of the subfolders. | string | yes (unless using redirect_all_requests_to) |
| error_document | An absolute path to the document to return in case of a 4XX error. | string | no |
| redirect_all_requests_to | A hostname to redirect all website requests for this bucket to. Hostname can optionally be prefixed with a protocol (http:// or https://) to use when redirecting requests. The default is the protocol that is used in the original request. | string | no |
| routing_rules | A json array containing routing rules describing redirect behavior and when redirects are applied. | string | no |
# cors_rule_inputs:
| Name | Description | Type | Required |
|------|-------------|:----:|:-----:|
| allowed_headers | Specifies which headers are allowed. | list(string) | no |
| allowed_methods | Specifies which methods are allowed. Can be GET, PUT, POST, DELETE or HEAD. | list(string) | yes |
| allowed_origins | Specifies which origins are allowed. | list(string) | yes |
| expose_headers | Specifies expose header in the response. | list(string) | no |
| max_age_seconds | Specifies time in seconds that browser can cache the response for a preflight request. | number | no |'
# versioning_inputs
| Name | Description | Type | Required |
|------|-------------|:----:|:-----:|
| enabled | Enable versioning. Once you version-enable a bucket, it can never return to an unversioned state. You can, however, suspend versioning on that bucket. | boolean | no |
| mfa_delete | Enable MFA delete for either Change the versioning state of your bucket or Permanently delete an object version. Default is false. | boolean | no |
# logging_inputs
| Name | Description | Type | Required |
|------|-------------|:----:|:-----:|
| target_bucket| The name of the bucket that will receive the log objects. | string | yes |
| target_prefix | To specify a key prefix for log objects. | string | no |
---
# lifecycle_rule_inputs
| Name | Description | Type | Required |
|------|-------------|:----:|:-----:|
| id | Unique identifier for the rule. | string | no |
| prefix | Object key prefix identifying one or more objects to which the rule applies. | string | no |
| tags | Specifies object tags key and value. | map | no |
| enabled | Specifies lifecycle rule status. | boolean | yes |
| abort_incomplete_multipart_upload_days | Specifies the number of days after initiating a multipart upload when the multipart be completed. | number | no |
| expiration_inputs | Specifies a period in the object's expire (documented below). | list(object) | no |
| transition_inputs | Specifies a period in the object's transitions (documented below). | list(object) | no |
| noncurrent_version_expiration_inputs | Specifies when noncurrent object versions expire (documented below). | list(object) | no |
| noncurrent_version_transition_inputs | Specifies when noncurrent object versions transitions (documented below). | list(object) | no |
# lifecycle_rule_inputs/expiration_inputs:
| Name | Description | Type | Required |
|------|-------------|:----:|:-----:|
| date | Specifies the date after which you want the corresponding action to take effect. | string | no |
| days | Specifies the number of days after object creation when the specific rule action takes effect. | string | no |
| expired_object_delete_marker | On a versioned bucket (versioning-enabled or versioning-suspended bucket), you can add this element in the lifecycle configuration to direct Amazon S3 to delete expired object delete markers. | string | no |
# lifecycle_rule_inputs/transition_inputs:
| Name | Description | Type | Required |
|------|-------------|:----:|:-----:|
| date | Specifies the date after which you want the corresponding action to take effect. | string | no |
| days | Specifies the number of days after object creation when the specific rule action takes effect. | string | no |
| storage_class | Specifies the Amazon S3 storage class to which you want the object to transition. Can be ONEZONE_IA, STANDARD_IA, INTELLIGENT_TIERING, or GLACIER. | string | yes |
# lifecycle_rule_inputs/noncurrent_version_expiration:
| Name | Description | Type | Required |
|------|-------------|:----:|:-----:|
| days | Specifies the number of days after object creation when the specific rule action takes effect. | string | yes |
# lifecycle_rule_inputs/noncurrent_version_transition:
| Name | Description | Type | Required |
|------|-------------|:----:|:-----:|
| days | Specifies the number of days after object creation when the specific rule action takes effect. | string | yes |
| storage_class | Specifies the Amazon S3 storage class to which you want the object to transition. Can be ONEZONE_IA, STANDARD_IA, INTELLIGENT_TIERING, or GLACIER. | string | yes |
---
# replication_configuration_inputs
| Name | Description | Type | Required |
|------|-------------|:----:|:-----:|
| role | The ARN of the IAM role for Amazon S3 to assume when replicating the objects. | string | yes |
| rules_inputs | Specifies the rules managing the replication (documented below). | list(object) | yes |
# replication_configuration_inputs/rules_inputs:
| Name | Description | Type | Required |
|------|-------------|:----:|:-----:|
| id | Unique identifier for the rule.| string | no |
| destination | Specifies the destination for the rule (documented below).| list(object) | yes |
| source_selection_criteria | Specifies special object selection criteria (documented below).| list(object) | no |
| prefix | Object keyname prefix identifying one or more objects to which the rule applies.| string | no |
| status | The status of the rule. Either Enabled or Disabled. The rule is ignored if status is not Enabled.| string | yes |
<!--| priority | The priority associated with the rule.| string | no |-->
<!--| filter | Filter that identifies subset of objects to which the replication rule applies (documented below). | string | no |-->
# replication_configuration_inputs/rules_inputs/destination_inputs:
| Name | Description | Type | Required |
|------|-------------|:----:|:-----:|
| bucket | The ARN of the S3 bucket where you want Amazon S3 to store replicas of the object identified by the rule. | string | yes |
| storage_class | The class of storage used to store the object. Can be STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, or GLACIER. | string | no |
| replica_kms_key_id | Destination KMS encryption key ARN for SSE-KMS replication. Must be used in conjunction with sse_kms_encrypted_objects source selection criteria. | string | no |
| access_control_translation | Specifies the overrides to use for object owners on replication. Must be used in conjunction with account_id owner override configuration. | list(object) | no |
| account_id | The Account ID to use for overriding the object owner on replication. Must be used in conjunction with access_control_translation override configuration. | string | no |
# replication_configuration_inputs/rules_inputs/destination_inputs/access_control_translation_inputs:
| Name | Description | Type | Required |
|------|-------------|:----:|:-----:|
| owner | The override value for the owner on replicated objects. Currently only Destination is supported. | string | yes |
# replication_configuration_inputs/rules_inputs/source_selection_criteria_inputs:
| Name | Description | Type | Required |
|------|-------------|:----:|:-----:|
| enabled | Boolean which indicates if this criteria is enabled.(It refers to _sse_kms_encrypted_objects/enabled_ config.) | boolean | yes |
---
# server_side_encryption_configuration_inputs:
| Name | Description | Type | Required |
|------|-------------|:----:|:-----:|
| sse_algorithm | The server-side encryption algorithm to use. Valid values are AES256 and aws:kms (It refers to server_side_encryption_configuration/rule/apply_server_side_encryption_by_default/sse_algorithm ) | string | yes |
| kms_master_key_id | The AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of sse_algorithm as aws:kms. The default aws/s3 AWS KMS master key is used if this element is absent while the sse_algorithm is aws:kms. (It refers to server_side_encryption_configuration/rule/apply_server_side_encryption_by_default/kms_master_key_id ) | string | no |
# outputs
| Name | Description | | Name | Description |
|------|-------------| |------|-------------|
| id | The name of the bucket. |
| arn | The ARN of the bucket. Will be of format arn:aws:s3:::bucketname. | | arn | The ARN of the bucket. Will be of format arn:aws:s3:::bucketname. |
| bucket_domain_name | The bucket domain name. Will be of format bucketname.s3.amazonaws.com. | | bucket\_domain\_name | The bucket domain name. Will be of format bucketname.s3.amazonaws.com. |
| bucket_regional_domain_name | The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL. | | bucket\_regional\_domain\_name | The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL. |
| hosted_zone_id | The Route 53 Hosted Zone ID for this bucket's region. | | hosted\_zone\_id | The Route 53 Hosted Zone ID for this bucket's region. |
| id | The name of the bucket. |
| region | The AWS region this bucket resides in. | | region | The AWS region this bucket resides in. |
| website_endpoint | The website endpoint, if the bucket is configured with a website. If not, this will be an empty string. | | website\_domain | The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records. |
| website_domain | The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records. | website\_endpoint | The website endpoint, if the bucket is configured with a website. If not, this will be an empty string. |
<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
## Authors
Module managed by [Anton Babenko](https://github.com/antonbabenko).
## License
Apache 2 Licensed. See LICENSE for full details.
examples/s3-cors/main.tf
View file @ c56f082f
...@@ -4,7 +4,7 @@ variable "region" { ...@@ -4,7 +4,7 @@ variable "region" {
# Configure the AWS Provider # Configure the AWS Provider
provider "aws" { provider "aws" {
region = var.region region = var.region
} }
// Calling module: // Calling module:
...@@ -14,20 +14,20 @@ module "aws_s3_bucket" { ...@@ -14,20 +14,20 @@ module "aws_s3_bucket" {
bucket = "s3-tf-example-cors" bucket = "s3-tf-example-cors"
acl = "private" acl = "private"
cors_rule_inputs =[ cors_rule_inputs = [
{ {
allowed_headers = ["*"] allowed_headers = ["*"]
allowed_methods = ["PUT","POST"] allowed_methods = ["PUT", "POST"]
allowed_origins = ["https://s3-website-test.hashicorp.com","https://s3-website-test.hashicorp.io"] allowed_origins = ["https://s3-website-test.hashicorp.com", "https://s3-website-test.hashicorp.io"]
expose_headers = ["ETag"] expose_headers = ["ETag"]
max_age_seconds = 3000 max_age_seconds = 3000
}, },
{ {
allowed_headers = ["*"] allowed_headers = ["*"]
allowed_methods = ["GET"] allowed_methods = ["GET"]
allowed_origins = ["https://s3-website-test.hashicorp.io"] allowed_origins = ["https://s3-website-test.hashicorp.io"]
expose_headers = ["ETag"] expose_headers = ["ETag"]
max_age_seconds = 3000 max_age_seconds = 3000
}, },
] ]
......
examples/s3-lifecycle-rule/main.tf
View file @ c56f082f
...@@ -4,7 +4,7 @@ variable "region" { ...@@ -4,7 +4,7 @@ variable "region" {
# Configure the AWS Provider # Configure the AWS Provider
provider "aws" { provider "aws" {
region = var.region region = var.region
} }
// Calling module: // Calling module:
...@@ -15,9 +15,9 @@ module "aws_s3_bucket" { ...@@ -15,9 +15,9 @@ module "aws_s3_bucket" {
acl = "private" acl = "private"
lifecycle_rule_inputs = [{ lifecycle_rule_inputs = [{
id = "log" id = "log"
enabled = true enabled = true
prefix = "log/" prefix = "log/"
abort_incomplete_multipart_upload_days = null abort_incomplete_multipart_upload_days = null
tags = { tags = {
"rule" = "log" "rule" = "log"
...@@ -25,43 +25,43 @@ module "aws_s3_bucket" { ...@@ -25,43 +25,43 @@ module "aws_s3_bucket" {
} }
expiration_inputs = [{ expiration_inputs = [{
days = 90 days = 90
date = null date = null
expired_object_delete_marker = null expired_object_delete_marker = null
}, },
] ]
transition_inputs = [] transition_inputs = []
noncurrent_version_transition_inputs = [] noncurrent_version_transition_inputs = []
noncurrent_version_expiration_inputs = [] noncurrent_version_expiration_inputs = []
}, },
{ {
id = "log1" id = "log1"
enabled = true enabled = true
prefix = "log1/" prefix = "log1/"
abort_incomplete_multipart_upload_days = null abort_incomplete_multipart_upload_days = null
tags = { tags = {
"rule" = "log1" "rule" = "log1"
"autoclean" = "true" "autoclean" = "true"
} }
expiration_inputs = [] expiration_inputs = []
transition_inputs = [] transition_inputs = []
noncurrent_version_transition_inputs = [ noncurrent_version_transition_inputs = [
{ {
days = 30 days = 30
storage_class = "STANDARD_IA" storage_class = "STANDARD_IA"
}, },
{ {
days = 60 days = 60
storage_class = "ONEZONE_IA" storage_class = "ONEZONE_IA"
}, },
{ {
days = 90 days = 90
storage_class = "GLACIER" storage_class = "GLACIER"
}, },
] ]
noncurrent_version_expiration_inputs = [] noncurrent_version_expiration_inputs = []
}, },
] ]
} }
\ No newline at end of file
examples/s3-logging/main.tf
View file @ c56f082f
...@@ -4,13 +4,13 @@ variable "region" { ...@@ -4,13 +4,13 @@ variable "region" {
# Configure the AWS Provider # Configure the AWS Provider
provider "aws" { provider "aws" {
region = var.region region = var.region
} }
// Calling module: // Calling module:
module "log_bucket" { module "log_bucket" {
source = "../.." source = "../.."
bucket = "s3-tf-example-logger" bucket = "s3-tf-example-logger"
acl = "log-delivery-write" acl = "log-delivery-write"
...@@ -23,10 +23,10 @@ module "aws_s3_bucket" { ...@@ -23,10 +23,10 @@ module "aws_s3_bucket" {
acl = "private" acl = "private"
logging_inputs = [ logging_inputs = [
{ {
target_bucket = "s3-tf-example-logger" target_bucket = "s3-tf-example-logger"
target_prefix = "log/" target_prefix = "log/"
}, },
] ]
} }
examples/s3-replication/main.tf
View file @ c56f082f
...@@ -4,45 +4,45 @@ variable "region" { ...@@ -4,45 +4,45 @@ variable "region" {
# Configure the AWS Provider # Configure the AWS Provider
provider "aws" { provider "aws" {
region = var.region region = var.region
} }
module "bucket" { module "bucket" {
source = "../.." source = "../.."
bucket = "s3-tf-example-replication" bucket = "s3-tf-example-replication"
acl = "private" acl = "private"
versioning_inputs = [ versioning_inputs = [
{ {
enabled = true enabled = true
mfa_delete = null mfa_delete = null
}, },
] ]
replication_configuration_inputs = [ replication_configuration_inputs = [
{ {
role = "<ROLE_ARN>" // Place the IAM Role to access the destination bucket role = "<ROLE_ARN>" // Place the IAM Role to access the destination bucket
rules_inputs = [ rules_inputs = [
{
id = "foobar"
prefix = "foo"
status = "Enabled"
priority = null
source_selection_criteria_inputs = null
filter_inputs = null
destination_inputs = [
{ {
bucket = "<DESTINATION_BUCKET>" // Place the destination bicket ARN id = "foobar"
storage_class = "STANDARD" prefix = "foo"
replica_kms_key_id = null status = "Enabled"
account_id = null priority = null
access_control_translation_inputs = null source_selection_criteria_inputs = null
filter_inputs = null
destination_inputs = [
{
bucket = "<DESTINATION_BUCKET>" // Place the destination bicket ARN
storage_class = "STANDARD"
replica_kms_key_id = null
account_id = null
access_control_translation_inputs = null
},
]
}, },
] ]
}, },
]
},
] ]
} }
examples/s3-versioning/main.tf
View file @ c56f082f
...@@ -4,7 +4,7 @@ variable "region" { ...@@ -4,7 +4,7 @@ variable "region" {
# Configure the AWS Provider # Configure the AWS Provider
provider "aws" { provider "aws" {
region = var.region region = var.region
} }
// Calling module: // Calling module:
...@@ -14,12 +14,12 @@ module "aws_s3_bucket" { ...@@ -14,12 +14,12 @@ module "aws_s3_bucket" {
bucket = "s3-tf-example-versioning" bucket = "s3-tf-example-versioning"
acl = "private" acl = "private"
versioning_inputs = [ versioning_inputs = [
{ {
enabled = true enabled = true
mfa_delete = null mfa_delete = null
}, },
] ]
} }
\ No newline at end of file
examples/s3-website/main.tf
View file @ c56f082f
...@@ -4,7 +4,7 @@ variable "region" { ...@@ -4,7 +4,7 @@ variable "region" {
# Configure the AWS Provider # Configure the AWS Provider
provider "aws" { provider "aws" {
region = var.region region = var.region
} }
// Calling module: // Calling module:
...@@ -14,12 +14,12 @@ module "aws_s3_bucket" { ...@@ -14,12 +14,12 @@ module "aws_s3_bucket" {
bucket = "s3-tf-example-website" bucket = "s3-tf-example-website"
acl = "private" acl = "private"
website_inputs = [ website_inputs = [
{ {
index_document = "index.html" index_document = "index.html"
error_document = "error.html" error_document = "error.html"
redirect_all_requests_to = null redirect_all_requests_to = null
routing_rules = <<EOF routing_rules = <<EOF
[{ [{
"Condition": { "Condition": {
"KeyPrefixEquals": "docs/" "KeyPrefixEquals": "docs/"
...@@ -29,8 +29,8 @@ website_inputs = [ ...@@ -29,8 +29,8 @@ website_inputs = [
} }
}] }]
EOF EOF
} }
] ]
} }
\ No newline at end of file
main.tf
View file @ c56f082f
resource "aws_s3_bucket" "this" { resource "aws_s3_bucket" "this" {
bucket = var.bucket bucket = var.bucket
bucket_prefix = var.bucket_prefix bucket_prefix = var.bucket_prefix
acl = var.acl acl = var.acl
policy = var.policy policy = var.policy
tags = var.tags tags = var.tags
force_destroy = var.force_destroy force_destroy = var.force_destroy
acceleration_status = var.acceleration_status acceleration_status = var.acceleration_status
region = var.region region = var.region
request_payer = var.request_payer request_payer = var.request_payer
dynamic "website" { dynamic "website" {
for_each = var.website_inputs == null ? [] : var.website_inputs for_each = var.website_inputs == null ? [] : var.website_inputs
content {
index_document = website.value.index_document
error_document = website.value.error_document
redirect_all_requests_to = website.value.redirect_all_requests_to
routing_rules = website.value.routing_rules
}
}
content { dynamic "cors_rule" {
index_document = website.value.index_document for_each = var.cors_rule_inputs == null ? [] : var.cors_rule_inputs
error_document = website.value.error_document
redirect_all_requests_to = website.value.redirect_all_requests_to content {
routing_rules = website.value.routing_rules allowed_headers = cors_rule.value.allowed_headers
} allowed_methods = cors_rule.value.allowed_methods
allowed_origins = cors_rule.value.allowed_origins
expose_headers = cors_rule.value.expose_headers
max_age_seconds = cors_rule.value.max_age_seconds
} }
}
dynamic "cors_rule" { dynamic "versioning" {
for_each = var.cors_rule_inputs == null ? [] : var.cors_rule_inputs for_each = var.versioning_inputs == null ? [] : var.versioning_inputs
content { content {
allowed_headers = cors_rule.value.allowed_headers enabled = versioning.value.enabled
allowed_methods = cors_rule.value.allowed_methods mfa_delete = versioning.value.mfa_delete
allowed_origins = cors_rule.value.allowed_origins
expose_headers = cors_rule.value.expose_headers
max_age_seconds = cors_rule.value.max_age_seconds
}
} }
}
dynamic "logging" {
for_each = var.logging_inputs == null ? [] : var.logging_inputs
content {
target_bucket = logging.value.target_bucket
target_prefix = logging.value.target_prefix
}
}
dynamic "lifecycle_rule" {
for_each = var.lifecycle_rule_inputs == null ? [] : var.lifecycle_rule_inputs
dynamic "versioning" { content {
for_each = var.versioning_inputs == null ? [] : var.versioning_inputs id = lifecycle_rule.value.id
prefix = lifecycle_rule.value.prefix
tags = lifecycle_rule.value.tags
enabled = lifecycle_rule.value.enabled
abort_incomplete_multipart_upload_days = lifecycle_rule.value.abort_incomplete_multipart_upload_days
dynamic "expiration" {
for_each = lifecycle_rule.value.expiration_inputs == null ? [] : lifecycle_rule.value.expiration_inputs
content { content {
enabled = versioning.value.enabled date = expiration.value.date
mfa_delete = versioning.value.mfa_delete days = expiration.value.days
expired_object_delete_marker = expiration.value.expired_object_delete_marker
} }
} }
dynamic "logging" { dynamic "transition" {
for_each = var.logging_inputs == null ? [] : var.logging_inputs for_each = lifecycle_rule.value.transition_inputs == null ? [] : lifecycle_rule.value.transition_inputs
content { content {
target_bucket = logging.value.target_bucket date = transition.value.date
target_prefix = logging.value.target_prefix days = transition.value.days
storage_class = transition.value.storage_class
} }
} }
dynamic "lifecycle_rule" { dynamic "noncurrent_version_transition" {
for_each = var.lifecycle_rule_inputs == null ? [] : var.lifecycle_rule_inputs for_each = lifecycle_rule.value.noncurrent_version_transition_inputs == null ? [] : lifecycle_rule.value.noncurrent_version_transition_inputs
content { content {
id = lifecycle_rule.value.id days = noncurrent_version_transition.value.days
prefix = lifecycle_rule.value.prefix storage_class = noncurrent_version_transition.value.storage_class
tags = lifecycle_rule.value.tags }
enabled = lifecycle_rule.value.enabled }
abort_incomplete_multipart_upload_days = lifecycle_rule.value.abort_incomplete_multipart_upload_days
dynamic "expiration" {
for_each = lifecycle_rule.value.expiration_inputs == null ? [] : lifecycle_rule.value.expiration_inputs
content {
date = expiration.value.date
days = expiration.value.days
expired_object_delete_marker = expiration.value.expired_object_delete_marker
}
}
dynamic "transition" { dynamic "noncurrent_version_expiration" {
for_each = lifecycle_rule.value.transition_inputs == null ? [] : lifecycle_rule.value.transition_inputs for_each = lifecycle_rule.value.noncurrent_version_expiration_inputs == null ? [] : lifecycle_rule.value.noncurrent_version_expiration_inputs
content {
date = transition.value.date
days = transition.value.days
storage_class = transition.value.storage_class
}
}
dynamic "noncurrent_version_transition" {
for_each = lifecycle_rule.value.noncurrent_version_transition_inputs == null ? [] : lifecycle_rule.value.noncurrent_version_transition_inputs
content {
days = noncurrent_version_transition.value.days
storage_class = noncurrent_version_transition.value.storage_class
}
}
dynamic "noncurrent_version_expiration" { content {
for_each = lifecycle_rule.value.noncurrent_version_expiration_inputs == null ? [] : lifecycle_rule.value.noncurrent_version_expiration_inputs days = noncurrent_version_expiration.value.days
content {
days = noncurrent_version_expiration.value.days
}
}
} }
}
} }
}
dynamic "replication_configuration" {
for_each = var.replication_configuration_inputs == null ? [] : var.replication_configuration_inputs dynamic "replication_configuration" {
for_each = var.replication_configuration_inputs == null ? [] : var.replication_configuration_inputs
content {
role = replication_configuration.value.role
dynamic "rules" {
for_each = replication_configuration.value.rules_inputs == null ? [] : replication_configuration.value.rules_inputs
content { content {
role = replication_configuration.value.role id = rules.value.id
dynamic "rules" { // priority = rules.value.priority
for_each = replication_configuration.value.rules_inputs == null ? [] : replication_configuration.value.rules_inputs prefix = rules.value.prefix
status = rules.value.status
content {
id = rules.value.id
// priority = rules.value.priority
prefix = rules.value.prefix
status = rules.value.status
dynamic "destination" {
for_each = rules.value.destination_inputs == null ? [] : rules.value.destination_inputs
content {
bucket = destination.value.bucket
storage_class = destination.value.storage_class
replica_kms_key_id = destination.value.replica_kms_key_id
account_id = destination.value.account_id
dynamic "access_control_translation" {
for_each = destination.value.access_control_translation_inputs == null ? [] : destination.value.access_control_translation_inputs
content {
owner = access_control_translation.value.owner
}
}
}
}
dynamic "source_selection_criteria" { dynamic "destination" {
for_each = rules.value.source_selection_criteria_inputs == null ? [] : rules.value.source_selection_criteria_inputs for_each = rules.value.destination_inputs == null ? [] : rules.value.destination_inputs
content { content {
sse_kms_encrypted_objects { bucket = destination.value.bucket
enabled = source_selection_criteria.value.enabled storage_class = destination.value.storage_class
} replica_kms_key_id = destination.value.replica_kms_key_id
} account_id = destination.value.account_id
}
/* dynamic "access_control_translation" {
for_each = destination.value.access_control_translation_inputs == null ? [] : destination.value.access_control_translation_inputs
content {
owner = access_control_translation.value.owner
}
}
}
}
dynamic "source_selection_criteria" {
for_each = rules.value.source_selection_criteria_inputs == null ? [] : rules.value.source_selection_criteria_inputs
content {
sse_kms_encrypted_objects {
enabled = source_selection_criteria.value.enabled
}
}
}
/*
dynamic "filter" { dynamic "filter" {
for_each = rules.value.filter_inputs == null ? [] : rules.value.filter_inputs for_each = rules.value.filter_inputs == null ? [] : rules.value.filter_inputs
...@@ -152,24 +152,24 @@ resource "aws_s3_bucket" "this" { ...@@ -152,24 +152,24 @@ resource "aws_s3_bucket" "this" {
} }
} }
*/ */
} }
} }
}
} }
}
dynamic "server_side_encryption_configuration" { dynamic "server_side_encryption_configuration" {
for_each = var.server_side_encryption_configuration_inputs == null ? [] : var.server_side_encryption_configuration_inputs for_each = var.server_side_encryption_configuration_inputs == null ? [] : var.server_side_encryption_configuration_inputs
content { content {
rule { rule {
apply_server_side_encryption_by_default { apply_server_side_encryption_by_default {
sse_algorithm = server_side_encryption_configuration.value.sse_algorithm sse_algorithm = server_side_encryption_configuration.value.sse_algorithm
kms_master_key_id = server_side_encryption_configuration.value.kms_master_key_id kms_master_key_id = server_side_encryption_configuration.value.kms_master_key_id
}
}
} }
}
} }
/* }
/*
dynamic "object_lock_configuration" { dynamic "object_lock_configuration" {
for_each = var.object_lock_configuration_inputs == null ? [] : var.object_lock_configuration_inputs for_each = var.object_lock_configuration_inputs == null ? [] : var.object_lock_configuration_inputs
......
outputs.tf
View file @ c56f082f
output "id" { output "id" {
description = "The name of the bucket." description = "The name of the bucket."
value = "${element(concat(aws_s3_bucket.this.*.id, list("")), 0)}" value = element(concat(aws_s3_bucket.this.*.id, list("")), 0)
} }
output "arn" { output "arn" {
description = "The ARN of the bucket. Will be of format arn:aws:s3:::bucketname." description = "The ARN of the bucket. Will be of format arn:aws:s3:::bucketname."
value = "${element(concat(aws_s3_bucket.this.*.arn, list("")), 0)}" value = element(concat(aws_s3_bucket.this.*.arn, list("")), 0)
} }
output "bucket_domain_name" { output "bucket_domain_name" {
description = "The bucket domain name. Will be of format bucketname.s3.amazonaws.com." description = "The bucket domain name. Will be of format bucketname.s3.amazonaws.com."
value = "${element(concat(aws_s3_bucket.this.*.bucket_domain_name, list("")), 0)}" value = element(concat(aws_s3_bucket.this.*.bucket_domain_name, list("")), 0)
} }
output "bucket_regional_domain_name" { output "bucket_regional_domain_name" {
description = "The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL." description = "The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL."
value = "${element(concat(aws_s3_bucket.this.*.bucket_regional_domain_name, list("")), 0)}" value = element(concat(aws_s3_bucket.this.*.bucket_regional_domain_name, list("")), 0)
} }
output "hosted_zone_id" { output "hosted_zone_id" {
description = "The Route 53 Hosted Zone ID for this bucket's region." description = "The Route 53 Hosted Zone ID for this bucket's region."
value = "${element(concat(aws_s3_bucket.this.*.hosted_zone_id, list("")), 0)}" value = element(concat(aws_s3_bucket.this.*.hosted_zone_id, list("")), 0)
} }
output "region" { output "region" {
description = "The AWS region this bucket resides in." description = "The AWS region this bucket resides in."
value = "${element(concat(aws_s3_bucket.this.*.region, list("")), 0)}" value = element(concat(aws_s3_bucket.this.*.region, list("")), 0)
} }
output "website_endpoint" { output "website_endpoint" {
description = "The website endpoint, if the bucket is configured with a website. If not, this will be an empty string." description = "The website endpoint, if the bucket is configured with a website. If not, this will be an empty string."
value = "${element(concat(aws_s3_bucket.this.*.website_endpoint, list("")), 0)}" value = element(concat(aws_s3_bucket.this.*.website_endpoint, list("")), 0)
} }
output "website_domain" { output "website_domain" {
description = "The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records. " description = "The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records. "
value = "${element(concat(aws_s3_bucket.this.*.website_domain, list("")), 0)}" value = element(concat(aws_s3_bucket.this.*.website_domain, list("")), 0)
} }
\ No newline at end of file
variables.tf
View file @ c56f082f
variable "bucket" { variable "bucket" {
description = "(Optional, Forces new resource) The name of the bucket. If omitted, Terraform will assign a random, unique name." description = "(Optional, Forces new resource) The name of the bucket. If omitted, Terraform will assign a random, unique name."
default = null default = null
} }
variable "bucket_prefix" { variable "bucket_prefix" {
description = "(Optional, Forces new resource) Creates a unique bucket name beginning with the specified prefix. Conflicts with bucket." description = "(Optional, Forces new resource) Creates a unique bucket name beginning with the specified prefix. Conflicts with bucket."
default = null default = null
} }
variable "acl" { variable "acl" {
description = "(Optional) The canned ACL to apply. Defaults to 'private'." description = "(Optional) The canned ACL to apply. Defaults to 'private'."
default = "private" default = "private"
} }
variable "policy" { variable "policy" {
description = "(Optional) A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), Terraform may view the policy as constantly changing in a terraform plan. In this case, please make sure you use the verbose/specific version of the policy. For more information about building AWS IAM policy documents with Terraform, see the AWS IAM Policy Document Guide." description = "(Optional) A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), Terraform may view the policy as constantly changing in a terraform plan. In this case, please make sure you use the verbose/specific version of the policy. For more information about building AWS IAM policy documents with Terraform, see the AWS IAM Policy Document Guide."
default = null default = null
} }
variable "tags" { variable "tags" {
description = "(Optional) A mapping of tags to assign to the bucket." description = "(Optional) A mapping of tags to assign to the bucket."
default = {} default = {}
} }
variable "force_destroy" { variable "force_destroy" {
description = "(Optional, Default:false ) A boolean that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable." description = "(Optional, Default:false ) A boolean that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable."
default = false default = false
} }
variable "acceleration_status" { variable "acceleration_status" {
description = "(Optional) Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended." description = "(Optional) Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended."
default = null default = null
} }
variable "region" { variable "region" {
description = "(Optional) If specified, the AWS region this bucket should reside in. Otherwise, the region used by the callee." description = "(Optional) If specified, the AWS region this bucket should reside in. Otherwise, the region used by the callee."
default = null default = null
} }
variable "request_payer" { variable "request_payer" {
description = "(Optional) Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information." description = "(Optional) Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information."
default = null default = null
} }
variable "website_inputs" { variable "website_inputs" {
type = list(object({ type = list(object({
index_document = string index_document = string
error_document = string error_document = string
redirect_all_requests_to = string redirect_all_requests_to = string
routing_rules = string routing_rules = string
})) }))
default = null default = null
} }
variable "cors_rule_inputs" { variable "cors_rule_inputs" {
type = list(object({ type = list(object({
allowed_headers = list(string) allowed_headers = list(string)
allowed_methods = list(string) allowed_methods = list(string)
allowed_origins = list(string) allowed_origins = list(string)
expose_headers = list(string) expose_headers = list(string)
max_age_seconds = number max_age_seconds = number
})) }))
default = null default = null
} }
variable "versioning_inputs" { variable "versioning_inputs" {
type = list(object({ type = list(object({
enabled = string enabled = string
mfa_delete = string mfa_delete = string
})) }))
default = null default = null
} }
variable "logging_inputs" { variable "logging_inputs" {
type = list(object({ type = list(object({
target_bucket = string target_bucket = string
target_prefix = string target_prefix = string
})) }))
default = null default = null
} }
// Lifecycle rules variables: // Lifecycle rules variables:
variable "lifecycle_rule_inputs" { variable "lifecycle_rule_inputs" {
type = list(object({ type = list(object({
id = string id = string
prefix = string prefix = string
tags = map(string) tags = map(string)
enabled = string enabled = string
abort_incomplete_multipart_upload_days = string abort_incomplete_multipart_upload_days = string
expiration_inputs = list(object({ expiration_inputs = list(object({
date = string date = string
days = number days = number
expired_object_delete_marker = string expired_object_delete_marker = string
}))
transition_inputs = list(object({
date = string
days = number
storage_class = string
}))
noncurrent_version_transition_inputs = list(object({
days = number
storage_class = string
}))
noncurrent_version_expiration_inputs = list(object({
days = number
}))
})) }))
default = null transition_inputs = list(object({
date = string
days = number
storage_class = string
}))
noncurrent_version_transition_inputs = list(object({
days = number
storage_class = string
}))
noncurrent_version_expiration_inputs = list(object({
days = number
}))
}))
default = null
} }
// Replication configuration variables: // Replication configuration variables:
variable "replication_configuration_inputs" { variable "replication_configuration_inputs" {
type = list(object({ type = list(object({
role = string role = string
rules_inputs = list(object({ rules_inputs = list(object({
id = string id = string
// priority = number // priority = number
prefix = string prefix = string
status = string status = string
destination_inputs = list(object({ destination_inputs = list(object({
bucket = string bucket = string
storage_class = string storage_class = string
replica_kms_key_id = string replica_kms_key_id = string
account_id = string account_id = string
access_control_translation_inputs = list(object({ access_control_translation_inputs = list(object({
owner = string owner = string
}))
}))
source_selection_criteria_inputs = list(object({
enabled = string
})) }))
}))
source_selection_criteria_inputs = list(object({
enabled = string
}))
/* filter_inputs = list(object({ /* filter_inputs = list(object({
prefix = string prefix = string
tags = map(string) tags = map(string)
})) }))
*/ */
}))
})) }))
default = null }))
default = null
} }
// Server side encryption config: // Server side encryption config:
variable "server_side_encryption_configuration_inputs" { variable "server_side_encryption_configuration_inputs" {
type = list(object({ type = list(object({
sse_algorithm = string sse_algorithm = string
kms_master_key_id = string kms_master_key_id = string
})) }))
default = null default = null
} }
//Object lock config //Object lock config
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment