Skip to content

blackbird-cloud/terraform-aws-secure-s3-bucket

BranchesTags

Repository files navigation

Requirements

Name Version
terraform >=1.0.9
aws ~> 4

Providers

Name Version
aws 4.36.0

Modules

Name Source Version
bucket terraform-aws-modules/s3-bucket/aws 3.2.0

Resources

Name Type
aws_kms_alias.alias resource
aws_kms_key.kms resource
aws_s3_bucket_policy.bucket resource
aws_caller_identity.current data source
aws_elb_service_account.this data source
aws_iam_policy_document.combined data source
aws_iam_policy_document.deny_insecure_transport data source
aws_iam_policy_document.elb_log_delivery data source
aws_iam_policy_document.kms data source
aws_iam_policy_document.lb_log_delivery data source
aws_iam_policy_document.require_latest_tls data source
aws_iam_policy_document.s3 data source

Inputs

Name Description Type Default Required
acl Bucket ACL string "private" no
attach_elb_log_delivery_policy Attach ELB log delivery policy bool false no
attach_lb_log_delivery_policy Attach LB log delivery policy bool false no
bucket_actions List of bucket actions that the principals are allowed to execute. list(string) 
[
  "s3:ListBucket"
]
 no
bucket_prefix Instead of a bucket name we use a bucket-prefix, also used for KMS key alias prefix. string n/a yes
encrypt_with_aws_managed_keys Encrypt the data with a KMS key bool false no
iam_principals List of IAM principals that can access the bucket. list(string) [] no
kms_actions List of KMS key actions that the principals are allowed to execute. list(string) 
[
  "kms:GenerateDataKey*"
]
 no
kms_key_policy_statements (Optional) Additional KMS key policy statements to add. 
list(object({
    sid : string
    effect : string
    actions : list(string)
    principals : list(object({
      type : string
      identifiers : list(string)
    }))
  }))
 [] no
lifecycle_rule List of maps containing configuration of object lifecycle management. any 
[
  {
    "enabled": true,
    "id": "lifecycle-rule-1",
    "noncurrent_version_expiration": {
      "days": 90
    },
    "transition": [
      {
        "days": 30,
        "storage_class": "ONEZONE_IA"
      },
      {
        "days": 60,
        "storage_class": "GLACIER"
      }
    ]
  }
]
 no
logging Map containing access bucket logging configuration. map(string) {} no
object_actions List of object actions that the principals are allowed to execute. list(string) 
[
  "s3:PutObject"
]
 no
purpose Purpose for the bucket and KMS key, used in the description fields. string n/a yes
replication_configuration Map containing cross-region replication configuration. any {} no
service_principals List of service principals that can access the bucket. list(string) [] no
versioning Object versioning bool true no

Outputs

Name Description
bucket AWS S3 Bucket
kms AWS KMS key
kms_alias AWS KMS key alias

About

Terraform module to create a secure S3 bucket

Topics

aws terraform s3

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases 1

Release v0.1.0 Latest
Jan 31, 2025

Packages

No packages published

Contributors 2

  •  
  •  

Languages