HomeTerraform Modules3-bucket

s3-bucket

cloudposse/s3-bucket/aws

Terraform Module HCL AWS

Terraform module that creates an S3 bucket with an optional IAM user for external CI/CD systems

Install
module "s3-bucket" {
source = "cloudposse/s3-bucket/aws"
version = "4.11.0"
}
plain text: /constructs/tfmod-cloudposse-s3-bucket-aws/install.txt
⭐ Source on GitHub 📦 Registry page
README

This module creates an S3 bucket with support for versioning, lifecycles, object locks, replication, encryption, ACL, bucket object policies, and static website hosting. For backward compatibility, it sets the S3 bucket ACL to private and the s3_object_ownership to ObjectWriter. Moving forward, setting s3_object_ownership to BucketOwnerEnforced is recommended, and doing so automatically disables the ACL. This module blocks public access to the bucket by default. See block_public_acls, block_public_policy, ignore_public_acls, and restrict_public_buckets to change the settings. See AWS documentation for more details. This module can optionally create an IAM User with access to the S3 bucket. This is inherently insecure in that to enable anyone to become the User, access keys must be generate

Inputs (50)
NameTypeDescriptionDefault
intelligent_tiering_configurationlist(object({ name = strA list of S3 Intelligent-Tiering configurations for the bucket. Each configurati[]
tagsmap(string)Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`). Neither the tag keys nor the t{}
id_length_limitnumberLimit `id` to this many characters (minimum 6). Set to `0` for unlimited length.null
minimum_tls_versionstringSet the minimum TLS version for in-transit trafficnull
ignore_public_aclsboolSet to `false` to disable the ignoring of public access lists on the buckettrue
stagestringID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'bunull
label_key_casestringControls the letter case of the `tags` keys (label names) for tags generated by null
user_permissions_boundary_arnstringPermission boundary ARN for the IAM user created to access the bucket.null
access_key_enabledboolSet to `true` to create an IAM Access Key for the created IAM usertrue
force_destroyboolWhen `true`, permits a non-empty S3 bucket to be deleted by first deleting all ofalse
kms_master_key_arnstringThe AWS KMS master key ARN used for the `SSE-KMS` encryption. This can only be u""
s3_object_ownershipstringSpecifies the S3 object ownership control. Valid values are `ObjectWriter`, `Buc"ObjectWriter"
availability_zone_idstringThe ID of the availability zone.""
enabledboolSet to false to prevent the module from creating any resourcesnull
label_orderlist(string)The order in which the labels (ID elements) appear in the `id`. Defaults to ["nanull
grantslist(object({ id A list of policy grants for the bucket, taking a list of permissions. Conflicts []
sse_algorithmstringThe server-side encryption algorithm to use. Valid values are `AES256` and `aws:"AES256"
store_access_key_in_ssmboolSet to `true` to store the created IAM user's access key in SSM Parameter Store,false
allow_ssl_requests_onlyboolSet to `true` to require requests to use Secure Socket Layer (HTTPS/SSL). This wfalse
transfer_acceleration_enabledboolSet this to `true` to enable S3 Transfer Acceleration for the bucket. Note: Whenfalse
… and 10 more inputs
Outputs (17)
bucket_domain_name — FQDN of bucket
bucket_id — Bucket Name (aka ID)
bucket_arn — Bucket ARN
bucket_region — Bucket region
enabled — Is module enabled
user_name — Normalized IAM user name
secret_access_key_ssm_path — The SSM Path under which the S3 User's secret access key is stored
user_enabled — Is user creation enabled
user_arn — The ARN assigned by AWS for the user
user_unique_id — The user unique ID assigned by AWS
replication_role_arn — The ARN of the replication IAM Role
access_key_id_ssm_path — The SSM Path under which the S3 User's access key ID is stored
access_key_id — The access key ID, if `var.user_enabled && var.access_key_enabled`. While sensitive, it does not nee
bucket_regional_domain_name — The bucket region-specific domain name
bucket_website_endpoint — The bucket website endpoint, if website is enabled
bucket_website_domain — The bucket website domain, if website is enabled
secret_access_key — The secret access key will be output if created and not stored in SSM. However, the secret access ke
Resources (22)
aws_iam_policyaws_iam_roleaws_iam_role_policy_attachmentaws_s3_bucketaws_s3_bucket_accelerate_configurationaws_s3_bucket_aclaws_s3_bucket_cors_configurationaws_s3_bucket_intelligent_tiering_configurationaws_s3_bucket_lifecycle_configurationaws_s3_bucket_loggingaws_s3_bucket_notificationaws_s3_bucket_object_lock_configurationaws_s3_bucket_ownership_controlsaws_s3_bucket_policyaws_s3_bucket_public_access_blockaws_s3_bucket_replication_configurationaws_s3_bucket_request_payment_configurationaws_s3_bucket_server_side_encryption_configurationaws_s3_bucket_versioningaws_s3_bucket_website_configurationaws_s3_directory_buckettime_sleep
Topics & Tags
hcl2circleciterraformcicdiam-useriamartifacts-repositoryartifactscodefreshs3terraform-moduletravis-cibucket
Details
FrameworkTerraform Module
LanguageHCL
Version4.11.0
Cloud AWS
★ Stars175
Forks868
Total downloads18.7M
Inputs50
Outputs17
Resources22
Examples1
LicenseApache-2.0
Namespacecloudposse
Updated
Similar packages
caf-enterprise-scale

Azure landing zones Terraform module

★ 952terraform
caf

Terraform supermodule for the Terraform platform engineering for Azure

★ 581terraform
lz-vending

Terraform module to deploy landing zone subscriptions (and much more) in Azure

★ 210terraform-module
label

Terraform Module to define a consistent naming convention by (namespace, stage,

★ 702hcl2
Tools
⚖ Compare with another construct → 📋 View data schema