This module will create an S3 bucket and associated IAM policies. The created policies can then be attached to an externally created IAM user.
Bucket versioning and lifecycle rules have been separated into independent sections (IA, Glacier, expire objects) for different app needs.
| Name | Source | Version |
|---|---|---|
| label | github.com/mitlibraries/tf-mod-name | 0.13 |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| acl | (Optional) The canned ACL to apply. We recommend log-delivery-write for compatibility with AWS services | string |
"log-delivery-write" |
no |
| expiration_days | Number of days after which to expunge the objects | string |
"90" |
no |
| expire_objects_enabled | Specifies expiration lifecycle rule status. | string |
"false" |
no |
| expire_objects_prefix | Object key prefix identifying one or more objects to which the lifecycle rule applies. | string |
"" |
no |
| force_destroy | (Optional, Default:false ) A boolean that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable. | string |
"false" |
no |
| glacier_object_prefix | Object key prefix identifying one or more objects to which the lifecycle rule applies. | string |
"" |
no |
| glacier_transition_days | Number of days after which to move the data to the glacier storage tier | string |
"60" |
no |
| glacier_transition_enabled | Specifies Glacier transition lifecycle rule status. | string |
"false" |
no |
| kms_master_key_id | The AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of sse_algorithm as aws:kms. The default aws/s3 AWS KMS master key is used if this element is absent while the sse_algorithm is aws:kms | string |
"" |
no |
| lifecycle_rule_enabled | (Optional) enable lifecycle events on this bucket | string |
"false" |
no |
| name | Name (e.g. app or db) |
string |
n/a | yes |
| noncurrent_rules_enabled | Specifies noncurrent lifecycle rule status. | string |
"false" |
no |
| noncurrent_rules_prefix | Object key prefix identifying one or more objects to which the lifecycle rule applies. | string |
"" |
no |
| noncurrent_version_expiration_days | (Optional) Specifies when noncurrent object versions expire. | string |
"90" |
no |
| noncurrent_version_transition_days | (Optional) Specifies when noncurrent object versions transitions | string |
"30" |
no |
| policy | A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), Terraform may view the policy as constantly changing in a terraform plan. In this case, please make sure you use the verbose/specific version of the policy. | string |
"" |
no |
| prefix | (Optional) Key prefix. Used to manage object lifecycle events. | string |
"" |
no |
| region | (Optional) If specified, the AWS region this bucket should reside in. Otherwise, the region used by the callee. | string |
"" |
no |
| sse_algorithm | The server-side encryption algorithm to use. Valid values are AES256 and aws:kms | string |
"AES256" |
no |
| standard_object_prefix | Object key prefix identifying one or more objects to which the lifecycle rule applies. | string |
"" |
no |
| standard_transition_days | Number of days to persist in the standard storage tier before moving to the infrequent access tier | string |
"30" |
no |
| standard_transition_enabled | Specifies infrequent storage transition lifecycle rule status. | string |
"false" |
no |
| tags | Additional tags (e.g. map('BusinessUnit,XYZ) |
map(string) |
{} |
no |
| versioning_enabled | (Optional) A state of versioning. Versioning is a means of keeping multiple variants of an object in the same bucket. | string |
"false" |
no |
| Name | Description |
|---|---|
| admin_arn | ARN of admin Policy |
| bucket_arn | Bucket ARN |
| bucket_domain_name | FQDN of bucket |
| bucket_id | Bucket Name (aka ID) |
| readonly_arn | ARN of readonly Policy |
| readwrite_arn | ARN of readwrite Policy |