Skip to content

Commit

Permalink
Support creation of versioned/encrypted s3 buckets
Browse files Browse the repository at this point in the history
Ben Fortuna committed May 6, 2020
1 parent e13b67f commit 038d753
Showing 8 changed files with 218 additions and 2 deletions.
3 changes: 3 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
# Created by .ignore support plugin (hsz.mobi)
terraform-aws-s3-bucket.iml
.terraform/
17 changes: 17 additions & 0 deletions Makefile
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
SHELL:=/bin/bash

.PHONY: all clean test docs format

all: test docs format

clean:
rm -rf .terraform/

test:
terraform init && terraform validate

docs:
docker run --rm -v "${PWD}:/work" tmknom/terraform-docs markdown ./ >./README.md

format:
terraform fmt -list=true ./
28 changes: 26 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,2 +1,26 @@
# terraform-aws-s3-bucket
S3 bucket creation with predefined templates.
## Requirements

No requirements.

## Providers

| Name | Version |
|------|---------|
| aws | n/a |

## Inputs

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| bucket\_name | Name of the S3 bucket | `any` | n/a | yes |
| encrypted | Enable server-side encryption | `bool` | `false` | no |
| encryption\_key | The KMS master key used for server-side encryption | `string` | `""` | no |
| expiration\_days | Age of bucket objects (days) before they are deleted | `number` | `0` | no |
| noncurrent\_version\_expiration | Age of non-current object versions (days) before they are deleted | `number` | `0` | no |
| prefix\_enabled | Indicates whether to prefix bucket name with the account id | `bool` | `true` | no |
| versioned | Enable bucket versioning | `bool` | `false` | no |

## Outputs

No output.

51 changes: 51 additions & 0 deletions main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
data "aws_caller_identity" "current" {}

resource "aws_s3_bucket" "bucket" {
count = var.prefix_enabled ? 0 : 1

bucket = var.bucket_name
acl = "private"

dynamic "lifecycle_rule" {
for_each = var.expiration_days > 0 ? [1] : []
content {
enabled = true
expiration {
date = var.expiration_days
}
}
}

versioning {
enabled = var.versioned
}

dynamic "lifecycle_rule" {
for_each = var.versioned && var.noncurrent_version_expiration > 0 ? [1] : []
content {
enabled = true
noncurrent_version_expiration {
days = var.noncurrent_version_expiration
}
}
}

dynamic "server_side_encryption_configuration" {
for_each = var.encrypted ? [1] : []
content {
rule {
apply_server_side_encryption_by_default {
sse_algorithm = var.encryption_key != "" ? "aws:kms" : "AES256"
kms_master_key_id = var.encryption_key != "" ? var.encryption_key : null
}
}
}
}
}

resource "aws_s3_bucket_public_access_block" "bucket" {
bucket = aws_s3_bucket.bucket[0].id
restrict_public_buckets = true
block_public_acls = true
block_public_policy = true
}
10 changes: 10 additions & 0 deletions modules/encrypted/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
module "encrypted_bucket" {
source = "../.."

bucket_name = var.bucket_name
prefix_enabled = var.prefix_enabled
expiration_days = var.expiration_days
versioned = var.versioned
noncurrent_version_expiration = var.noncurrent_version_expiration
encryption_key = var.encryption_key
}
31 changes: 31 additions & 0 deletions modules/encrypted/vars.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
variable "bucket_name" {
description = "Name of the S3 bucket"
}

variable "prefix_enabled" {
description = "Indicates whether to prefix bucket name with the account id"
type = bool
default = true
}

variable "expiration_days" {
description = "Age of bucket objects (days) before they are deleted"
type = number
default = 0
}

variable "versioned" {
description = "Enable bucket versioning"
type = bool
default = false
}

variable "noncurrent_version_expiration" {
description = "Age of non-current object versions (days) before they are deleted"
type = number
default = 0
}

variable "encryption_key" {
description = "The KMS master key used for server-side encryption"
}
42 changes: 42 additions & 0 deletions prefixed.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
resource "aws_s3_bucket" "prefixed_bucket" {
count = var.prefix_enabled ? 1 : 0

bucket_prefix = var.bucket_name
acl = "private"

dynamic "lifecycle_rule" {
for_each = var.expiration_days > 0 ? [1] : []
content {
enabled = true
expiration {
date = var.expiration_days
}
}
}

versioning {
enabled = var.versioned
}

dynamic "lifecycle_rule" {
for_each = var.versioned && var.noncurrent_version_expiration > 0 ? [1] : []
content {
enabled = true
noncurrent_version_expiration {
days = var.noncurrent_version_expiration
}
}
}

dynamic "server_side_encryption_configuration" {
for_each = var.encrypted ? [1] : []
content {
rule {
apply_server_side_encryption_by_default {
sse_algorithm = var.encryption_key != "" ? "aws:kms" : "AES256"
kms_master_key_id = var.encryption_key != "" ? var.encryption_key : null
}
}
}
}
}
38 changes: 38 additions & 0 deletions vars.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
variable "bucket_name" {
description = "Name of the S3 bucket"
}

variable "prefix_enabled" {
description = "Indicates whether to prefix bucket name with the account id"
type = bool
default = true
}

variable "expiration_days" {
description = "Age of bucket objects (days) before they are deleted"
type = number
default = 0
}

variable "versioned" {
description = "Enable bucket versioning"
type = bool
default = false
}

variable "noncurrent_version_expiration" {
description = "Age of non-current object versions (days) before they are deleted"
type = number
default = 0
}

variable "encrypted" {
description = "Enable server-side encryption"
type = bool
default = false
}

variable "encryption_key" {
description = "The KMS master key used for server-side encryption"
default = ""
}

0 comments on commit 038d753

Please sign in to comment.