-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Support creation of versioned/encrypted s3 buckets
Ben Fortuna
committed
May 6, 2020
1 parent
e13b67f
commit 038d753
Showing
8 changed files
with
218 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
# Created by .ignore support plugin (hsz.mobi) | ||
terraform-aws-s3-bucket.iml | ||
.terraform/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
SHELL:=/bin/bash | ||
|
||
.PHONY: all clean test docs format | ||
|
||
all: test docs format | ||
|
||
clean: | ||
rm -rf .terraform/ | ||
|
||
test: | ||
terraform init && terraform validate | ||
|
||
docs: | ||
docker run --rm -v "${PWD}:/work" tmknom/terraform-docs markdown ./ >./README.md | ||
|
||
format: | ||
terraform fmt -list=true ./ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,26 @@ | ||
# terraform-aws-s3-bucket | ||
S3 bucket creation with predefined templates. | ||
## Requirements | ||
|
||
No requirements. | ||
|
||
## Providers | ||
|
||
| Name | Version | | ||
|------|---------| | ||
| aws | n/a | | ||
|
||
## Inputs | ||
|
||
| Name | Description | Type | Default | Required | | ||
|------|-------------|------|---------|:--------:| | ||
| bucket\_name | Name of the S3 bucket | `any` | n/a | yes | | ||
| encrypted | Enable server-side encryption | `bool` | `false` | no | | ||
| encryption\_key | The KMS master key used for server-side encryption | `string` | `""` | no | | ||
| expiration\_days | Age of bucket objects (days) before they are deleted | `number` | `0` | no | | ||
| noncurrent\_version\_expiration | Age of non-current object versions (days) before they are deleted | `number` | `0` | no | | ||
| prefix\_enabled | Indicates whether to prefix bucket name with the account id | `bool` | `true` | no | | ||
| versioned | Enable bucket versioning | `bool` | `false` | no | | ||
|
||
## Outputs | ||
|
||
No output. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,51 @@ | ||
data "aws_caller_identity" "current" {} | ||
|
||
resource "aws_s3_bucket" "bucket" { | ||
count = var.prefix_enabled ? 0 : 1 | ||
|
||
bucket = var.bucket_name | ||
acl = "private" | ||
|
||
dynamic "lifecycle_rule" { | ||
for_each = var.expiration_days > 0 ? [1] : [] | ||
content { | ||
enabled = true | ||
expiration { | ||
date = var.expiration_days | ||
} | ||
} | ||
} | ||
|
||
versioning { | ||
enabled = var.versioned | ||
} | ||
|
||
dynamic "lifecycle_rule" { | ||
for_each = var.versioned && var.noncurrent_version_expiration > 0 ? [1] : [] | ||
content { | ||
enabled = true | ||
noncurrent_version_expiration { | ||
days = var.noncurrent_version_expiration | ||
} | ||
} | ||
} | ||
|
||
dynamic "server_side_encryption_configuration" { | ||
for_each = var.encrypted ? [1] : [] | ||
content { | ||
rule { | ||
apply_server_side_encryption_by_default { | ||
sse_algorithm = var.encryption_key != "" ? "aws:kms" : "AES256" | ||
kms_master_key_id = var.encryption_key != "" ? var.encryption_key : null | ||
} | ||
} | ||
} | ||
} | ||
} | ||
|
||
resource "aws_s3_bucket_public_access_block" "bucket" { | ||
bucket = aws_s3_bucket.bucket[0].id | ||
restrict_public_buckets = true | ||
block_public_acls = true | ||
block_public_policy = true | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
module "encrypted_bucket" { | ||
source = "../.." | ||
|
||
bucket_name = var.bucket_name | ||
prefix_enabled = var.prefix_enabled | ||
expiration_days = var.expiration_days | ||
versioned = var.versioned | ||
noncurrent_version_expiration = var.noncurrent_version_expiration | ||
encryption_key = var.encryption_key | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
variable "bucket_name" { | ||
description = "Name of the S3 bucket" | ||
} | ||
|
||
variable "prefix_enabled" { | ||
description = "Indicates whether to prefix bucket name with the account id" | ||
type = bool | ||
default = true | ||
} | ||
|
||
variable "expiration_days" { | ||
description = "Age of bucket objects (days) before they are deleted" | ||
type = number | ||
default = 0 | ||
} | ||
|
||
variable "versioned" { | ||
description = "Enable bucket versioning" | ||
type = bool | ||
default = false | ||
} | ||
|
||
variable "noncurrent_version_expiration" { | ||
description = "Age of non-current object versions (days) before they are deleted" | ||
type = number | ||
default = 0 | ||
} | ||
|
||
variable "encryption_key" { | ||
description = "The KMS master key used for server-side encryption" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
resource "aws_s3_bucket" "prefixed_bucket" { | ||
count = var.prefix_enabled ? 1 : 0 | ||
|
||
bucket_prefix = var.bucket_name | ||
acl = "private" | ||
|
||
dynamic "lifecycle_rule" { | ||
for_each = var.expiration_days > 0 ? [1] : [] | ||
content { | ||
enabled = true | ||
expiration { | ||
date = var.expiration_days | ||
} | ||
} | ||
} | ||
|
||
versioning { | ||
enabled = var.versioned | ||
} | ||
|
||
dynamic "lifecycle_rule" { | ||
for_each = var.versioned && var.noncurrent_version_expiration > 0 ? [1] : [] | ||
content { | ||
enabled = true | ||
noncurrent_version_expiration { | ||
days = var.noncurrent_version_expiration | ||
} | ||
} | ||
} | ||
|
||
dynamic "server_side_encryption_configuration" { | ||
for_each = var.encrypted ? [1] : [] | ||
content { | ||
rule { | ||
apply_server_side_encryption_by_default { | ||
sse_algorithm = var.encryption_key != "" ? "aws:kms" : "AES256" | ||
kms_master_key_id = var.encryption_key != "" ? var.encryption_key : null | ||
} | ||
} | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
variable "bucket_name" { | ||
description = "Name of the S3 bucket" | ||
} | ||
|
||
variable "prefix_enabled" { | ||
description = "Indicates whether to prefix bucket name with the account id" | ||
type = bool | ||
default = true | ||
} | ||
|
||
variable "expiration_days" { | ||
description = "Age of bucket objects (days) before they are deleted" | ||
type = number | ||
default = 0 | ||
} | ||
|
||
variable "versioned" { | ||
description = "Enable bucket versioning" | ||
type = bool | ||
default = false | ||
} | ||
|
||
variable "noncurrent_version_expiration" { | ||
description = "Age of non-current object versions (days) before they are deleted" | ||
type = number | ||
default = 0 | ||
} | ||
|
||
variable "encrypted" { | ||
description = "Enable server-side encryption" | ||
type = bool | ||
default = false | ||
} | ||
|
||
variable "encryption_key" { | ||
description = "The KMS master key used for server-side encryption" | ||
default = "" | ||
} |