-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvariables.tf
156 lines (135 loc) · 4.33 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
variable "name" {
type = string
description = "Bucket name."
}
variable "acl" {
type = string
default = "private"
description = "The acl config for bucket, NOTE: 'acl' conflicts with 'grant' and 'owner'."
}
variable "control_object_ownership" {
type = bool
default = false
description = "Manage S3 Bucket Ownership Controls on this bucket or not."
}
variable "object_ownership" {
type = string
default = "BucketOwnerPreferred"
description = "Object ownership."
}
variable "ignore_public_acls" {
description = "Whether Amazon S3 should ignore public ACLs for this bucket."
type = bool
default = false
}
variable "restrict_public_buckets" {
description = "Whether Amazon S3 should restrict public bucket policies for this bucket."
type = bool
default = false
}
variable "block_public_acls" {
description = "Whether Amazon S3 should block public ACLs for this bucket."
type = bool
default = false
}
variable "block_public_policy" {
description = "Whether Amazon S3 should block public bucket policies for this bucket."
type = bool
default = false
}
variable "grant" {
type = any
default = []
description = "The ACL policy grant. NOTE: conflicts with 'acl'."
}
variable "owner" {
type = map(string)
default = {}
description = "The Bucket owner's display name and ID. NOTE: Conflicts with 'acl'."
}
variable "create_iam_user" {
type = bool
default = false
description = "Whether to create specific api access user to this created bucket."
}
variable "iam_user_actions" {
type = list(string)
default = [
"s3:PutObject",
"s3:ListBucket",
"s3:GetObject",
"s3:GetObjectVersion",
"s3:GetBucketAcl",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutLifecycleConfiguration",
"s3:PutObjectAcl"
]
description = "The allowed actions that created user can perform on this created bucket."
}
variable "iam_user_name" {
type = string
default = ""
description = "The name of user, NOTE: this is optional and if it is not passed in use place the name will be generated based on bucket name."
}
variable "versioning" {
type = map(string)
default = {}
description = "The versioning configuration for the created bucket."
}
variable "website" {
type = map(string)
default = {}
description = "The website configuration for the created bucket."
}
variable "create_index_html" {
type = bool
default = false
description = "Whether to create and initial index.html file with default data."
}
variable "bucket_files" {
type = object({
path = string
})
default = {
path = ""
}
description = "Initial content for bucket, use acl and pattern params if you need more control."
}
variable "cors_rule" {
description = "List of maps containing rules for Cross-Origin Resource Sharing."
type = any
default = []
}
variable "event_notification_config" {
type = object({
target_type = string, // Target type for the S3 event notification, can be "sqs" or "null". Other target types can be implemented in the future.
name_suffix = string, // Suffix to add to the target name.
filter_prefix = string, // Prefix to filter object key names for the event notification.
events = optional(list(string), ["s3:ObjectCreated:*"]) // List of S3 events that trigger the notification. Defaults to "s3:ObjectCreated:*".
})
default = {
target_type = "null"
name_suffix = "event"
filter_prefix = "test/"
events = ["s3:ObjectCreated:*"]
}
}
variable "bucket_iam_policy" {
type = list(object({
effect = optional(string, "Allow") # Effect of the policy (Allow or Deny)
actions = list(string) # Actions like sts:AssumeRole
principals = any # Principals (e.g., AWS, Service, Federated)
conditions = optional(any, []) # Optional conditions for assume role
}))
description = "AWS bucket policy"
default = []
}
variable "bucket_intelligent_tiering" {
type = list(object({
tier = string
days = number
}))
default = []
description = "Intelligent lifecycle policy"
}