Skip to content

T
terraform-aws-s3-bucket
Commit dc9864d5 authored by Bruno Amaral's avatar Bruno Amaral Committed by Anton Babenko
Browse files
Options

Initial release of this module (#4) 

* Add .gitignore file.

* Add module files and examples. Update README.md

* Add outputs to README.md

* Update README.md

* Update README.md
parent af7148a2
Expand all Hide whitespace changes
Inline Side-by-side
Showing with 899 additions and 0 deletions
.gitignore 0 → 100644
View file @ dc9864d5
# Created by https://www.gitignore.io/api/terraform
# Edit at https://www.gitignore.io/?templates=terraform
### Terraform ###
# Local .terraform directories
**/.terraform/*
# .tfstate files
*.tfstate
*.tfstate.*
# Crash log files
crash.log
# Ignore any .tfvars files that are generated automatically for each Terraform run. Most
# .tfvars files are managed as part of configuration and so should be included in
# version control.
#
# example.tfvars
# Ignore override files as they are usually used to override resources locally and so
# are not checked in
override.tf
override.tf.json
*_override.tf
*_override.tf.json
# Include override files you do wish to add to version control using negated pattern
#
# !example_override.tf
# End of https://www.gitignore.io/api/terraform
README.md
View file @ dc9864d5
This diff is collapsed.
examples/s3-cors/main.tf 0 → 100644
View file @ dc9864d5
variable "region" {
default = "us-west-2"
}
# Configure the AWS Provider
provider "aws" {
region = var.region
}
// Calling module:
module "aws_s3_bucket" {
source = "../.."
bucket = "s3-tf-example-cors"
acl = "private"
cors_rule_inputs =[
{
allowed_headers = ["*"]
allowed_methods = ["PUT","POST"]
allowed_origins = ["https://s3-website-test.hashicorp.com","https://s3-website-test.hashicorp.io"]
expose_headers = ["ETag"]
max_age_seconds = 3000
},
{
allowed_headers = ["*"]
allowed_methods = ["GET"]
allowed_origins = ["https://s3-website-test.hashicorp.io"]
expose_headers = ["ETag"]
max_age_seconds = 3000
},
]
}
\ No newline at end of file
examples/s3-lifecycle-rule/main.tf 0 → 100644
View file @ dc9864d5
variable "region" {
default = "us-west-2"
}
# Configure the AWS Provider
provider "aws" {
region = var.region
}
// Calling module:
module "aws_s3_bucket" {
source = "../.."
bucket = "s3-tf-example-lifecycle"
acl = "private"
lifecycle_rule_inputs = [{
id = "log"
enabled = true
prefix = "log/"
abort_incomplete_multipart_upload_days = null
tags = {
"rule" = "log"
"autoclean" = "true"
}
expiration_inputs = [{
days = 90
date = null
expired_object_delete_marker = null
},
]
transition_inputs = []
noncurrent_version_transition_inputs = []
noncurrent_version_expiration_inputs = []
},
{
id = "log1"
enabled = true
prefix = "log1/"
abort_incomplete_multipart_upload_days = null
tags = {
"rule" = "log1"
"autoclean" = "true"
}
expiration_inputs = []
transition_inputs = []
noncurrent_version_transition_inputs = [
{
days = 30
storage_class = "STANDARD_IA"
},
{
days = 60
storage_class = "ONEZONE_IA"
},
{
days = 90
storage_class = "GLACIER"
},
]
noncurrent_version_expiration_inputs = []
},
]
}
\ No newline at end of file
examples/s3-logging/main.tf 0 → 100644
View file @ dc9864d5
variable "region" {
default = "us-west-2"
}
# Configure the AWS Provider
provider "aws" {
region = var.region
}
// Calling module:
module "log_bucket" {
source = "../.."
bucket = "s3-tf-example-logger"
acl = "log-delivery-write"
}
module "aws_s3_bucket" {
source = "../.."
bucket = "s3-tf-example-logging"
acl = "private"
logging_inputs = [
{
target_bucket = "s3-tf-example-logger"
target_prefix = "log/"
},
]
}
examples/s3-replication/main.tf 0 → 100644
View file @ dc9864d5
variable "region" {
default = "ca-central-1"
}
# Configure the AWS Provider
provider "aws" {
region = var.region
}
module "bucket" {
source = "../.."
bucket = "s3-tf-example-replication"
acl = "private"
versioning_inputs = [
{
enabled = true
mfa_delete = null
},
]
replication_configuration_inputs = [
{
role = "<ROLE_ARN>" // Place the IAM Role to access the destination bucket
rules_inputs = [
{
id = "foobar"
prefix = "foo"
status = "Enabled"
priority = null
source_selection_criteria_inputs = null
filter_inputs = null
destination_inputs = [
{
bucket = "<DESTINATION_BUCKET>" // Place the destination bicket ARN
storage_class = "STANDARD"
replica_kms_key_id = null
account_id = null
access_control_translation_inputs = null
},
]
},
]
},
]
}
examples/s3-versioning/main.tf 0 → 100644
View file @ dc9864d5
variable "region" {
default = "us-west-2"
}
# Configure the AWS Provider
provider "aws" {
region = var.region
}
// Calling module:
module "aws_s3_bucket" {
source = "../.."
bucket = "s3-tf-example-versioning"
acl = "private"
versioning_inputs = [
{
enabled = true
mfa_delete = null
},
]
}
\ No newline at end of file
examples/s3-website/main.tf 0 → 100644
View file @ dc9864d5
variable "region" {
default = "us-west-2"
}
# Configure the AWS Provider
provider "aws" {
region = var.region
}
// Calling module:
module "aws_s3_bucket" {
source = "../.."
bucket = "s3-tf-example-website"
acl = "private"
website_inputs = [
{
index_document = "index.html"
error_document = "error.html"
redirect_all_requests_to = null
routing_rules = <<EOF
[{
"Condition": {
"KeyPrefixEquals": "docs/"
},
"Redirect": {
"ReplaceKeyPrefixWith": "documents/"
}
}]
EOF
}
]
}
\ No newline at end of file
main.tf 0 → 100644
View file @ dc9864d5
resource "aws_s3_bucket" "this" {
bucket = var.bucket
bucket_prefix = var.bucket_prefix
acl = var.acl
policy = var.policy
tags = var.tags
force_destroy = var.force_destroy
acceleration_status = var.acceleration_status
region = var.region
request_payer = var.request_payer
dynamic "website" {
for_each = var.website_inputs == null ? [] : var.website_inputs
content {
index_document = website.value.index_document
error_document = website.value.error_document
redirect_all_requests_to = website.value.redirect_all_requests_to
routing_rules = website.value.routing_rules
}
}
dynamic "cors_rule" {
for_each = var.cors_rule_inputs == null ? [] : var.cors_rule_inputs
content {
allowed_headers = cors_rule.value.allowed_headers
allowed_methods = cors_rule.value.allowed_methods
allowed_origins = cors_rule.value.allowed_origins
expose_headers = cors_rule.value.expose_headers
max_age_seconds = cors_rule.value.max_age_seconds
}
}
dynamic "versioning" {
for_each = var.versioning_inputs == null ? [] : var.versioning_inputs
content {
enabled = versioning.value.enabled
mfa_delete = versioning.value.mfa_delete
}
}
dynamic "logging" {
for_each = var.logging_inputs == null ? [] : var.logging_inputs
content {
target_bucket = logging.value.target_bucket
target_prefix = logging.value.target_prefix
}
}
dynamic "lifecycle_rule" {
for_each = var.lifecycle_rule_inputs == null ? [] : var.lifecycle_rule_inputs
content {
id = lifecycle_rule.value.id
prefix = lifecycle_rule.value.prefix
tags = lifecycle_rule.value.tags
enabled = lifecycle_rule.value.enabled
abort_incomplete_multipart_upload_days = lifecycle_rule.value.abort_incomplete_multipart_upload_days
dynamic "expiration" {
for_each = lifecycle_rule.value.expiration_inputs == null ? [] : lifecycle_rule.value.expiration_inputs
content {
date = expiration.value.date
days = expiration.value.days
expired_object_delete_marker = expiration.value.expired_object_delete_marker
}
}
dynamic "transition" {
for_each = lifecycle_rule.value.transition_inputs == null ? [] : lifecycle_rule.value.transition_inputs
content {
date = transition.value.date
days = transition.value.days
storage_class = transition.value.storage_class
}
}
dynamic "noncurrent_version_transition" {
for_each = lifecycle_rule.value.noncurrent_version_transition_inputs == null ? [] : lifecycle_rule.value.noncurrent_version_transition_inputs
content {
days = noncurrent_version_transition.value.days
storage_class = noncurrent_version_transition.value.storage_class
}
}
dynamic "noncurrent_version_expiration" {
for_each = lifecycle_rule.value.noncurrent_version_expiration_inputs == null ? [] : lifecycle_rule.value.noncurrent_version_expiration_inputs
content {
days = noncurrent_version_expiration.value.days
}
}
}
}
dynamic "replication_configuration" {
for_each = var.replication_configuration_inputs == null ? [] : var.replication_configuration_inputs
content {
role = replication_configuration.value.role
dynamic "rules" {
for_each = replication_configuration.value.rules_inputs == null ? [] : replication_configuration.value.rules_inputs
content {
id = rules.value.id
// priority = rules.value.priority
prefix = rules.value.prefix
status = rules.value.status
dynamic "destination" {
for_each = rules.value.destination_inputs == null ? [] : rules.value.destination_inputs
content {
bucket = destination.value.bucket
storage_class = destination.value.storage_class
replica_kms_key_id = destination.value.replica_kms_key_id
account_id = destination.value.account_id
dynamic "access_control_translation" {
for_each = destination.value.access_control_translation_inputs == null ? [] : destination.value.access_control_translation_inputs
content {
owner = access_control_translation.value.owner
}
}
}
}
dynamic "source_selection_criteria" {
for_each = rules.value.source_selection_criteria_inputs == null ? [] : rules.value.source_selection_criteria_inputs
content {
sse_kms_encrypted_objects {
enabled = source_selection_criteria.value.enabled
}
}
}
/*
dynamic "filter" {
for_each = rules.value.filter_inputs == null ? [] : rules.value.filter_inputs
content {
prefix = filter.value.prefix
tags = filter.value.tags
}
}
*/
}
}
}
}
dynamic "server_side_encryption_configuration" {
for_each = var.server_side_encryption_configuration_inputs == null ? [] : var.server_side_encryption_configuration_inputs
content {
rule {
apply_server_side_encryption_by_default {
sse_algorithm = server_side_encryption_configuration.value.sse_algorithm
kms_master_key_id = server_side_encryption_configuration.value.kms_master_key_id
}
}
}
}
/*
dynamic "object_lock_configuration" {
for_each = var.object_lock_configuration_inputs == null ? [] : var.object_lock_configuration_inputs
content {
object_lock_enabled = object_lock_configuration.value.object_lock_enabled
dynamic "rule" {
for_each = object_lock_configuration.value.rule_inputs == null ? [] : object_lock_configuration.value.rule_inputs
content {
default_retention {
mode = rule.value.mode
days = rule.value.days
years = rule.value.years
}
}
}
}
}
*/
}
outputs.tf 0 → 100644
View file @ dc9864d5
output "id" {
description = "The name of the bucket."
value = "${element(concat(aws_s3_bucket.this.*.id, list("")), 0)}"
}
output "arn" {
description = "The ARN of the bucket. Will be of format arn:aws:s3:::bucketname."
value = "${element(concat(aws_s3_bucket.this.*.arn, list("")), 0)}"
}
output "bucket_domain_name" {
description = "The bucket domain name. Will be of format bucketname.s3.amazonaws.com."
value = "${element(concat(aws_s3_bucket.this.*.bucket_domain_name, list("")), 0)}"
}
output "bucket_regional_domain_name" {
description = "The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL."
value = "${element(concat(aws_s3_bucket.this.*.bucket_regional_domain_name, list("")), 0)}"
}
output "hosted_zone_id" {
description = "The Route 53 Hosted Zone ID for this bucket's region."
value = "${element(concat(aws_s3_bucket.this.*.hosted_zone_id, list("")), 0)}"
}
output "region" {
description = "The AWS region this bucket resides in."
value = "${element(concat(aws_s3_bucket.this.*.region, list("")), 0)}"
}
output "website_endpoint" {
description = "The website endpoint, if the bucket is configured with a website. If not, this will be an empty string."
value = "${element(concat(aws_s3_bucket.this.*.website_endpoint, list("")), 0)}"
}
output "website_domain" {
description = "The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records. "
value = "${element(concat(aws_s3_bucket.this.*.website_domain, list("")), 0)}"
}
\ No newline at end of file
variables.tf 0 → 100644
View file @ dc9864d5
variable "bucket" {
description = "(Optional, Forces new resource) The name of the bucket. If omitted, Terraform will assign a random, unique name."
default = null
}
variable "bucket_prefix" {
description = "(Optional, Forces new resource) Creates a unique bucket name beginning with the specified prefix. Conflicts with bucket."
default = null
}
variable "acl" {
description = "(Optional) The canned ACL to apply. Defaults to 'private'."
default = "private"
}
variable "policy" {
description = "(Optional) A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), Terraform may view the policy as constantly changing in a terraform plan. In this case, please make sure you use the verbose/specific version of the policy. For more information about building AWS IAM policy documents with Terraform, see the AWS IAM Policy Document Guide."
default = null
}
variable "tags" {
description = "(Optional) A mapping of tags to assign to the bucket."
default = {}
}
variable "force_destroy" {
description = "(Optional, Default:false ) A boolean that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable."
default = false
}
variable "acceleration_status" {
description = "(Optional) Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended."
default = null
}
variable "region" {
description = "(Optional) If specified, the AWS region this bucket should reside in. Otherwise, the region used by the callee."
default = null
}
variable "request_payer" {
description = "(Optional) Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information."
default = null
}
variable "website_inputs" {
type = list(object({
index_document = string
error_document = string
redirect_all_requests_to = string
routing_rules = string
}))
default = null
}
variable "cors_rule_inputs" {
type = list(object({
allowed_headers = list(string)
allowed_methods = list(string)
allowed_origins = list(string)
expose_headers = list(string)
max_age_seconds = number
}))
default = null
}
variable "versioning_inputs" {
type = list(object({
enabled = string
mfa_delete = string
}))
default = null
}
variable "logging_inputs" {
type = list(object({
target_bucket = string
target_prefix = string
}))
default = null
}
// Lifecycle rules variables:
variable "lifecycle_rule_inputs" {
type = list(object({
id = string
prefix = string
tags = map(string)
enabled = string
abort_incomplete_multipart_upload_days = string
expiration_inputs = list(object({
date = string
days = number
expired_object_delete_marker = string
}))
transition_inputs = list(object({
date = string
days = number
storage_class = string
}))
noncurrent_version_transition_inputs = list(object({
days = number
storage_class = string
}))
noncurrent_version_expiration_inputs = list(object({
days = number
}))
}))
default = null
}
// Replication configuration variables:
variable "replication_configuration_inputs" {
type = list(object({
role = string
rules_inputs = list(object({
id = string
// priority = number
prefix = string
status = string
destination_inputs = list(object({
bucket = string
storage_class = string
replica_kms_key_id = string
account_id = string
access_control_translation_inputs = list(object({
owner = string
}))
}))
source_selection_criteria_inputs = list(object({
enabled = string
}))
/* filter_inputs = list(object({
prefix = string
tags = map(string)
}))
*/
}))
}))
default = null
}
// Server side encryption config:
variable "server_side_encryption_configuration_inputs" {
type = list(object({
sse_algorithm = string
kms_master_key_id = string
}))
default = null
}
//Object lock config
/*
variable "object_lock_configuration_inputs" {
type = list(object({
object_lock_enabled = string
rule_inputs = list(object({
mode = string
days = number
years = number
}))
}))
default = null
}
*/
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment