Skip to content

Latest commit

 

History

History
145 lines (113 loc) · 9.21 KB

README.md

File metadata and controls

145 lines (113 loc) · 9.21 KB

aws S3 bucket and iam user with access to it

Creates AWS S3 bucket and if there is need IAM user with appropriated accesses to list/get/put/delete objects in it.

Use Cases

Case 1: simple use case with minimal params

module "my_bucket" {
  source = "dasmeta/s3/aws"
  version = "1.2.1"

  name = "my-files-bucket"
}

output "iam_access_key_id" {
  description = "The access key ID"
  value       = module.my_bucket.iam_access_key_id
}

output "iam_user_arn" {
  description = "The ARN assigned by AWS for this user"
  value       = module.my_bucket.iam_user_arn
}

Case 2: with some additional params, by disabling iam user creation

module "my_bucket" {
  source = "dasmeta/s3/aws"
  version = "1.2.1"

  name = "my-files-bucket"

  acl    = "public"

  versioning = {
    enabled = true
  }

  website = {
    index_document = "index.html"
    error_document = "index.html"
  }
}

Case 3: website with initial index.html and "/images/**" content

module "my_bucket" {
  source = "dasmeta/s3/aws"
  version = "1.2.1"

  name = "my-website"

  versioning = {
    enabled = true
  }

  website = {
    index_document = "index.html"
    error_document = "index.html"
  }

  create_index_html = true
  bucket_files = "{module.path}/images"
}

Requirements

Name Version
aws ~> 5.0

Providers

Name Version
aws ~> 5.0

Modules

Name Source Version
bucket terraform-aws-modules/s3-bucket/aws 4.1.2
bucket_files ./objects n/a
iam_user dasmeta/modules/aws//modules/aws-iam-user 0.36.1

Resources

Name Type
aws_s3_bucket_intelligent_tiering_configuration.bucket_intelligent_tiering resource
aws_s3_bucket_notification.bucket_notification resource
aws_s3_object.index resource
aws_sqs_queue.queue resource
aws_iam_policy_document.bucket_policy data source
aws_iam_policy_document.public data source
aws_iam_policy_document.queue data source

Inputs

Name Description Type Default Required
acl The acl config for bucket, NOTE: 'acl' conflicts with 'grant' and 'owner'. string "private" no
block_public_acls Whether Amazon S3 should block public ACLs for this bucket. bool false no
block_public_policy Whether Amazon S3 should block public bucket policies for this bucket. bool false no
bucket_files Initial content for bucket, use acl and pattern params if you need more control. 
object({
    path = string
  })
 
{
  "path": ""
}
 no
bucket_iam_policy AWS bucket policy 
list(object({
    effect     = optional(string, "Allow") # Effect of the policy (Allow or Deny)
    actions    = list(string)              # Actions like sts:AssumeRole
    principals = any                       # Principals (e.g., AWS, Service, Federated)
    conditions = optional(any, [])         # Optional conditions for assume role
  }))
 [] no
bucket_intelligent_tiering Intelligent lifecycle policy 
list(object({
    tier = string
    days = number
  }))
 [] no
control_object_ownership Manage S3 Bucket Ownership Controls on this bucket or not. bool false no
cors_rule List of maps containing rules for Cross-Origin Resource Sharing. any [] no
create_iam_user Whether to create specific api access user to this created bucket. bool false no
create_index_html Whether to create and initial index.html file with default data. bool false no
event_notification_config n/a 
object({
    target_type   = string,                                        // Target type for the S3 event notification, can be "sqs" or "null". Other target types can be implemented in the future.
    name_suffix   = string,                                        // Suffix to add to the target name.
    filter_prefix = string,                                        // Prefix to filter object key names for the event notification.
    events        = optional(list(string), ["s3:ObjectCreated:"]) // List of S3 events that trigger the notification. Defaults to "s3:ObjectCreated:".
  })
 
{
  "events": [
    "s3:ObjectCreated:*"
  ],
  "filter_prefix": "test/",
  "name_suffix": "event",
  "target_type": "null"
}
 no
grant The ACL policy grant. NOTE: conflicts with 'acl'. any [] no
iam_user_actions The allowed actions that created user can perform on this created bucket. list(string) 
[
  "s3:PutObject",
  "s3:ListBucket",
  "s3:GetObject",
  "s3:GetObjectVersion",
  "s3:GetBucketAcl",
  "s3:DeleteObject",
  "s3:DeleteObjectVersion",
  "s3:PutLifecycleConfiguration",
  "s3:PutObjectAcl"
]
 no
iam_user_name The name of user, NOTE: this is optional and if it is not passed in use place the name will be generated based on bucket name. string "" no
ignore_public_acls Whether Amazon S3 should ignore public ACLs for this bucket. bool false no
name Bucket name. string n/a yes
object_ownership Object ownership. string "BucketOwnerPreferred" no
owner The Bucket owner's display name and ID. NOTE: Conflicts with 'acl'. map(string) {} no
restrict_public_buckets Whether Amazon S3 should restrict public bucket policies for this bucket. bool false no
versioning The versioning configuration for the created bucket. map(string) {} no
website The website configuration for the created bucket. map(string) {} no

Outputs

Name Description
bucket_regional_domain_name The bucket regional domain name
iam_access_key_id The access key ID
iam_access_key_secret The access key secret
iam_user_arn The ARN assigned by AWS for this user
iam_user_name The user's name
s3_bucket_arn The bucket arn
s3_bucket_id The bucket name
s3_bucket_website_endpoint The website endpoint associated to created s3 bucket