Home

Awesome

terraform-aws-s3

Build Status Latest Release GitHub tag (latest SemVer) Terraform Version Infrastructure Tests pre-commit checkov Infrastructure Tests

This ia a Terraform module to provision a secure Terraform S3 bucket. It also has a provisioning test included in its' Github actions so you can be sure each labelled version works.

It's 100% Open Source and licensed under the APACHE2.

Usage

Include this repository as a module in your existing Terraform code:

module "s3" {
  source                  = "JamesWoolfenden/s3/aws"
  version                 = "0.4.0"
  s3_bucket_force_destroy = var.s3_bucket_force_destroy
  s3_bucket_name          = var.s3_bucket_name
  s3_bucket_policy        = data.aws_iam_policy_document.s3_policy.json
}

This creates an S3 bucket with policy and applies the default tags scheme.

<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

Requirements

No requirements.

Providers

NameVersion
<a name="provider_aws"></a> awsn/a

Modules

No modules.

Resources

NameType
aws_s3_bucket.bucketresource
aws_s3_bucket_acl.bucketresource
aws_s3_bucket_logging.bucketresource
aws_s3_bucket_policy.bucketresource
aws_s3_bucket_public_access_block.bucketresource
aws_s3_bucket_replication_configuration.bucketresource
aws_s3_bucket_server_side_encryption_configuration.bucketresource
aws_s3_bucket_versioning.bucketresource
aws_caller_identity.currentdata source

Inputs

NameDescriptionTypeDefaultRequired
<a name="input_access_block"></a> access_blockSettings for the public access blockmap(any)<pre>{<br> "block_public_acls": true,<br> "block_public_policy": true,<br> "ignore_public_acls": true,<br> "restrict_public_buckets": true<br>}</pre>no
<a name="input_kms_key_id"></a> kms_key_idn/astringn/ayes
<a name="input_logging"></a> loggingn/alist(string)[]no
<a name="input_mfa_delete"></a> mfa_deleteTo enable/disable MFA deletestring"Disable"no
<a name="input_role"></a> roleReplication configurationlist[]no
<a name="input_s3_bucket_acl"></a> s3_bucket_aclAcl on the bucketstring"private"no
<a name="input_s3_bucket_force_destroy"></a> s3_bucket_force_destroyString Boolean to set bucket to be undeletable (well more difficult anyway)stringn/ayes
<a name="input_s3_bucket_name"></a> s3_bucket_nameThe name of the bucketstringn/ayes
<a name="input_s3_bucket_policy"></a> s3_bucket_policyThe IAM policy for the bucketstringn/ayes
<a name="input_sse_algorithm"></a> sse_algorithmThe type of encryption algorithm to usestring"aws:kms"no
<a name="input_versioning"></a> versioningTo enable/disable Versioningstring"Enabled"no

Outputs

NameDescription
<a name="output_account_id"></a> account_idThe AWS account number in use
<a name="output_bucket"></a> bucketThe bucket
<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

Policy

This is the policy required to build this project:

<!-- BEGINNING OF PRE-COMMIT-PIKE DOCS HOOK -->

The Terraform resource required is:

resource "aws_iam_policy" "terraform_pike" {
  name_prefix = "terraform_pike"
  path        = "/"
  description = "Pike Autogenerated policy from IAC"

  policy = jsonencode({
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "s3:CreateBucket",
                "s3:DeleteBucket",
                "s3:GetAccelerateConfiguration",
                "s3:GetBucketAcl",
                "s3:GetBucketCORS",
                "s3:GetBucketLogging",
                "s3:GetBucketObjectLockConfiguration",
                "s3:GetBucketPolicy",
                "s3:GetBucketPublicAccessBlock",
                "s3:GetBucketRequestPayment",
                "s3:GetBucketTagging",
                "s3:GetBucketVersioning",
                "s3:GetBucketWebsite",
                "s3:GetEncryptionConfiguration",
                "s3:GetLifecycleConfiguration",
                "s3:GetObject",
                "s3:GetObjectAcl",
                "s3:GetReplicationConfiguration",
                "s3:ListAllMyBuckets",
                "s3:ListBucket",
                "s3:PutBucketAcl",
                "s3:PutBucketLogging",
                "s3:PutBucketPolicy",
                "s3:PutBucketPublicAccessBlock",
                "s3:PutBucketVersioning",
                "s3:PutEncryptionConfiguration"
            ],
            "Resource": "*"
        }
    ]
})
}
<!-- END OF PRE-COMMIT-PIKE DOCS HOOK -->

Related Projects

Check out these related projects.

Help

Got a question?

File a GitHub issue.

Contributing

Bug Reports & Feature Requests

Please use the issue tracker to report any bugs or file feature requests.

Copyrights

Copyright © 2019-2022 James Woolfenden

License

License

See LICENSE for full details.

Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

https://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Contributors

James Woolfenden<br/>James Woolfenden