Skip to content

rhythmictech/terraform-aws-s3logging-bucket

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits

.github

.github

 
 

bin

bin

 
 

examples

examples

 
 

.gitignore

.gitignore

 
 

.pre-commit-config.yaml

.pre-commit-config.yaml

 
 

.terraform-version

.terraform-version

 
 

.terraform.lock.hcl

.terraform.lock.hcl

 
 

.tflint.hcl

.tflint.hcl

 
 

.yamllint.yml

.yamllint.yml

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

main.tf

main.tf

 
 

outputs.tf

outputs.tf

 
 

variables.tf

variables.tf

 
 

versions.tf

versions.tf

 
 

Repository files navigation

terraform-aws-s3logging-bucket

tflint tfsec yamllint misspell pre-commit-check follow on Twitter

Create and manage a bucket suitable for access logging for other S3 buckets.

Usage

module "s3logging-bucket" {
  source = "rhythmictech/s3logging-bucket/aws"
}

Requirements

Name Version
terraform >= 1.3
aws >= 4

Providers

Name Version
aws 4.48.0

Modules

No modules.

Resources

Name Type
aws_s3_bucket.this resource
aws_s3_bucket_acl.this resource
aws_s3_bucket_lifecycle_configuration.this resource
aws_s3_bucket_public_access_block.this resource
aws_s3_bucket_server_side_encryption_configuration.this resource
aws_s3_bucket_versioning.this resource
aws_caller_identity.current data source
aws_region.current data source

Inputs

Name Description Type Default Required
bucket_name Name to apply to bucket (use bucket_name or bucket_suffix) string null no
bucket_suffix Suffix to apply to the bucket (use bucket_name or bucket_suffix). When using bucket_suffix, the bucket name will be [account_id]-[region]-s3logging-[bucket_suffix]. string "default" no
kms_key_id KMS key to encrypt bucket with. string null no
lifecycle_rules lifecycle rules to apply to the bucket 
list(object(
    {
      id                            = string
      enabled                       = optional(bool, true)
      expiration                    = optional(number)
      prefix                        = optional(number)
      noncurrent_version_expiration = optional(number)
      transition = optional(list(object({
        days          = number
        storage_class = string
      })))
  }))
 
[
  {
    "id": "expire-noncurrent-objects-after-ninety-days",
    "noncurrent_version_expiration": 90
  },
  {
    "id": "transition-to-IA-after-30-days",
    "transition": [
      {
        "days": 30,
        "storage_class": "STANDARD_IA"
      }
    ]
  },
  {
    "expiration": 2557,
    "id": "delete-after-seven-years"
  }
]
 no
tags Tags to add to supported resources map(string) {} no
versioning_enabled Whether or not to use versioning on the bucket. This can be useful for audit purposes since objects in a logging bucket should not be updated. bool true no

Outputs

Name Description
s3_bucket_arn The ARN of the bucket
s3_bucket_domain_name The domain name of the bucket
s3_bucket_name The name of the bucket

History

Between versions 1.x and 2.x, there were breaking changes. In particular, resource names were changed to follow a this convention. The following commands (with some customization for naming) will automatically migrate existing states:

terraform state mv module.s3logging-bucket.aws_s3_bucket.s3logging_bucket module.s3logging-bucket.aws_s3_bucket.this
terraform state mv module.s3logging-bucket.aws_s3_bucket_public_access_block.block_public_access module.s3logging-bucket.aws_s3_bucket_public_access_block.this

The region var was also been removed.

About

Create and manage a bucket suitable for access logging for other S3 buckets.

registry.terraform.io/modules/rhythmictech/s3logging-bucket/aws

Topics

aws terraform aws-s3 logging terraform-modules terraform-module

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

2 stars

Watchers

2 watching

Forks

2 forks
Report repository

Releases 10

Support disabling bucket ACL Latest
Nov 18, 2023
+ 9 releases

Packages

No packages published

Contributors 5

Languages