ventx/terraform-aws-stackx-objectstorage
Explore the diagrams »

Report a Bug · Request a Feature · Ask a Question

Table of Contents

• About
  • Built With
• Getting Started
  • Prerequisites
  • Quickstart
• Usage
• Support
• Project assistance
• Contributing
• Authors & contributors
• Security
• License
• Acknowledgements
• Roadmap

---

About

Creates and object storage bucket in AWS S3. Supports common lifecycle patterns for soft and hard deletion/removal. Disabled all public access by default. -- Part of stackx.

ℹ️ Architecture Diagrams

Placeholder	Rover

Built With

Getting Started

Prerequisites

• AWS credentials
• Terraform

Quickstart

To get started, clone the projects, check all configurable Inputs and deploy everything with make.

git clone https://github.com/ventx/stackx-terraform-aws-objectstorage.git
make all # init, validate, plan, apply

Usage

You can run this module in conjunction with other stackx components (recommended) or as single-use (build your own).

Deployment time: around 1 minute

  make apply  2.11s user 0.49s system 6% cpu 37.315 total

stackx (RECOMMENDED)

This is just a bare minimum example of how to use the module. See all available stackx modules here: https://github.com/ventx

  module "aws-objectstorage" {
    source          = "ventx/stackx-objectstorage/aws"
    version     = "0.1.0" // Pinned and tested version, generated by {x-release-please-version}
  }

Single-Use

  module "aws-objectstorage" {
    source = "ventx/stackx-objectstorage/aws"
    version     = "0.1.0" // Pinned and tested version, generated by {x-release-please-version}
    cluster_version = "1.22"
    subnet_ids = ["subnet-1", "subnet-2", "subnet-3"]
  }

Terraform

Features

• Simple and easy to use, just the bare minimum
• Control-Plan logs ingested to CloudWatch via KMS encryption
• IAM OIDC provider to be used with EKS IRSA

Resources

• EKS
• IAM OIDC provider
• SecurityGroup
• SecurityGroup rules
• KMS Key
• KMS Key Alias

Opinions

Our Terraform modules are are highly opionated:

• Keep modules small, focused, simple and easy to understand
• Prefer simple code over complex code
• Prefer KISS > DRY
• Set some sane default values for variables, but do not set a default value if user input is strictly required

These opinions can be seen as some "soft" rules but which are not strictly required.

Requirements

Name	Version
terraform	>= 1.0.0
aws	>= 4.0.0

Providers

Name	Version
aws	4.30.0

Modules

No modules.

Resources

Name	Type
aws_s3_bucket.bucket	resource
aws_s3_bucket_acl.bucket	resource
aws_s3_bucket_lifecycle_configuration.bucket	resource
aws_s3_bucket_logging.bucket	resource
aws_s3_bucket_policy.bucket	resource
aws_s3_bucket_public_access_block.block_public	resource
aws_s3_bucket_server_side_encryption_configuration.bucket	resource
aws_s3_bucket_versioning.bucket	resource

Inputs

Name	Description	Type	Default	Required
block_public_acls	Whether Amazon S3 should block public ACLs for this bucket.	bool	true	no
block_public_policy	Whether Amazon S3 should block public bucket policies for this bucket	bool	true	no
bucket_acl	The canned ACL to apply. We recommend private to avoid exposing sensitive information	string	"private"	no
bucket_policy	A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), Terraform may view the policy as constantly changing in a terraform plan. In this case, please make sure you use the verbose/specific version of the policy	string	""	no
current_expiration_days	Specifies when noncurrent object versions expire (e.g. '365' => 365d => 1y)	number	365	no
current_expiration_enabled	Enable or disable the expiration (deletion) lifecycle rule	bool	false	no
current_expiration_prefix	Prefix identifying one or more objects to which the expiration rule applies	string	""	no
current_hard_prefix	Prefix identifying one or more objects to which the hard rule applies	string	""	no
current_hard_rule_enabled	Enable or disable the hard lifecycle rule	bool	false	no
current_hard_transition_days	Number of days to persist in the standard storage tier before moving to another (e.g. Glacier) tier (e.g. '180' => 180d => 6m)	number	180	no
current_hard_transition_storage_class	Storage Class to move objects after noncurrent_version_hard_transition_days (e.g. 'GLACIER', 'STANDARD_IA')	string	"GLACIER"	no
current_soft_prefix	Prefix identifying one or more objects to which the soft rule applies (e.g. '*' applies to all )	string	""	no
current_soft_rule_enabled	Enable or disable the soft lifecycle rule	bool	false	no
current_soft_transition_days	Number of days to persist in the standard storage tier before moving to another (e.g. IA) tier (e.g. '90' => 90d => 3m)	number	90	no
current_soft_transition_storage_class	Storage Class to move objects after noncurrent_version_soft_transition_days (e.g. 'GLACIER', 'STANDARD_IA')	string	"STANDARD_IA"	no
force_destroy	A boolean string that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable	bool	false	no
ignore_public_acls	Whether Amazon S3 should ignore public ACLs for this bucket	bool	true	no
name	Base Name for all resources (preferably generated by terraform-null-label)	string	"stackx-bucket"	no
noncurrent_expiration_days	Noncurrent versions: Specifies when noncurrent object versions expire (e.g. '365' => 365d => 1y)	number	365	no
noncurrent_expiration_enabled	Noncurrent versions: Enable or disable the expiration (deletion) lifecycle rule	bool	false	no
noncurrent_expiration_prefix	Noncurrent versions: Prefix identifying one or more objects to which the expiration rule applies	string	""	no
noncurrent_hard_prefix	Noncurrent versions: Prefix identifying one or more objects to which the hard rule applies	string	""	no
noncurrent_hard_rule_enabled	Noncurrent versions: Enable or disable the hard lifecycle rule	bool	false	no
noncurrent_hard_transition_days	Noncurrent versions: Number of days to persist in the standard storage tier before moving to another (e.g. Glacier) tier (e.g. '180' => 180d => 6m)	number	180	no
noncurrent_hard_transition_storage_class	Noncurrent versions: Storage Class to move objects after noncurrent_version_hard_transition_days (e.g. 'GLACIER', 'STANDARD_IA')	string	"GLACIER"	no
noncurrent_soft_prefix	Noncurrent versions: Prefix identifying one or more objects to which the soft rule applies	string	""	no
noncurrent_soft_rule_enabled	Noncurrent versions: Enable or disable the soft lifecycle rule	bool	false	no
noncurrent_soft_transition_days	Noncurrent versions: Number of days to persist in the standard storage tier before moving to another (e.g. IA) tier (e.g. '90' => 90d => 3m)	number	90	no
noncurrent_soft_transition_storage_class	Noncurrent versions: Storage Class to move objects after noncurrent_version_soft_transition_days (e.g. 'GLACIER', 'STANDARD_IA')	string	"STANDARD_IA"	no
restrict_public_buckets	Whether Amazon S3 should restrict public bucket policies for this bucket	bool	true	no
sse_algorithm	The server-side encryption algorithm to use. Valid values are AES256 and aws:kms	string	"AES256"	no
static_unique_id	Static unique ID, defined in the root module once, to be suffixed to all resources for uniqueness (if you choose uuid / longer id, some resources will be cut of at max length - empty means disable and NOT add unique suffix)	string	""	no
tags	User specific Tags / Labels to attach to resources (will be merged with module tags)	map(string)	{}	no
target_bucket	Bucket to use for bucket logging as the target to send logs to	string	""	no
target_prefix	Bucket Logging prefix to use - if empty it will be set to var.name/ (name of the bucket)	string	""	no
versioning_enabled	A state of versioning. Versioning is a means of keeping multiple variants of an object in the same bucket	bool	true	no

Outputs

Name	Description
s3_bucket_arn	Bucket ARN
s3_bucket_domain_name	FQDN of Bucket
s3_bucket_id	Bucket Name (aka ID)
s3_bucket_region	AWS Region of Bucket
s3_bucket_regional_domain_name	Regional FQDN_ of Bucket

Support

If you need professional support directly by the maintainers of the project, don't hesitate to contact us:

• GitHub issues
• Contact options listed on this GitHub profile

Project assistance

If you want to say thank you or/and support active development of terraform-aws-stackx-objectstorage:

• Add a GitHub Star to the project.
• Tweet about the terraform-aws-stackx-objectstorage.
• Write interesting articles about the project on Dev.to, Medium or your personal blog.

Together, we can make terraform-aws-stackx-objectstorage better!

Contributing

First off, thanks for taking the time to contribute! Contributions are what make the open-source community such an amazing place to learn, inspire, and create. Any contributions you make will benefit everybody else and are greatly appreciated.

Please read our contribution guidelines, and thank you for being involved!

Security

terraform-aws-stackx-objectstorage follows good practices of security, but 100% security cannot be assured. terraform-aws-stackx-objectstorage is provided "as is" without any warranty. Use at your own risk.

For more information and to report security issues, please refer to our security documentation.

License

This project is licensed under the Apache 2.0 license.

See LICENSE for more information.

Acknowledgements

• All open source contributors who made this possible

Roadmap

See the open issues for a list of proposed features (and known issues).

• Top Feature Requests (Add your votes using the 👍 reaction)
• Top Bugs (Add your votes using the 👍 reaction)
• Newest Bugs