| additional_bucket_polices |
Additional IAM policies block, input as data source or json. Ref: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document. Bucket Policy Statements can be overriden by the statement with the same sid from the latest policy. |
list(string) |
[] |
no |
| additional_kms_key_policies |
Additional IAM policies block, input as data source. Ref: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document |
list(string) |
[] |
no |
| bucket_mode |
Define the bucket mode for s3 valida values are default and log |
string |
"default" |
no |
| bucket_name |
The name of the bucket |
string |
n/a |
yes |
| centralize_hub |
centralize bucket in hub (will add account id to bucket name) |
bool |
true |
no |
| consumer_policy_actions |
Map of multiple S3 consumer policies to be applied to bucket e.g. {EC2Read = [s3:GetObject, s3:ListBucket], FirehoseWrite =[s3:PutObjectAcl]} |
map(list(string)) |
{} |
no |
| cors_rule |
List of core rules to apply to S3 bucket. |
list(object({
id = string
allowed_headers = list(string)
allowed_methods = list(string)
allowed_origins = list(string)
expose_headers = list(string)
max_age_seconds = number
})) |
[] |
no |
| environment |
To manage a resources with tags |
string |
n/a |
yes |
| expected_bucket_owner |
The account ID of the expected bucket owner |
string |
null |
no |
| folder_names |
List of folder names to be created in the S3 bucket. Will create .keep file in each folder. Sub-folders are also supported, use S3 standard forward slash as folder separator |
list(string) |
[] |
no |
| force_s3_destroy |
Force destruction of the S3 bucket when the stack is deleted |
string |
false |
no |
| is_control_object_ownership |
Whether to provides a resource to manage S3 Bucket Ownership Controls. |
bool |
true |
no |
| is_create_consumer_readonly_policy |
Whether to create consumer readonly policy, policy contents: {Bucket Readonly = [s3:ListBucket,s3:GetObject*] |
bool |
false |
no |
| is_enable_s3_hardening_policy |
Whether to create S3 with hardening policy |
bool |
true |
no |
| is_ignore_exist_object |
Whether to provides a resource to manage S3 Bucket Ownership Controls. |
bool |
false |
no |
| is_use_kms_managed_key |
Whether to use kms managed key for server-side encryption. If false sse-s3 managed key will be used. |
bool |
true |
no |
| kms_key_arn |
ARN of the KMS Key to use for object encryption. By default, S3 component will create KMS key and associate it with S3. Use only in restricted cases when custom kms policy is needed and you want to bring your KMS. |
map(string) |
{} |
no |
| lifecycle_rules |
List of lifecycle rules to transition the data. Leave empty to disable this feature. storage_class can be STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, or DEEP_ARCHIVE |
any |
[] |
no |
| object_lock_rule |
Enable Object Lock rule configuration. Default is disabled. If days is set, please set years to null and if years is set, please set days to null. Valid values for mode are GOVERNANCE and COMPLIANCE. |
object({
mode = string # Valid values are GOVERNANCE and COMPLIANCE.
days = number # If days is set, please set years to null.
years = number # If years is set, please set days to null.
}) |
null |
no |
| object_ownership |
Object ownership. Valid values: BucketOwnerEnforced, BucketOwnerPreferred or ObjectWriter. |
string |
"BucketOwnerEnforced" |
no |
| prefix |
The prefix name of customer to be displayed in AWS console and resource |
string |
n/a |
yes |
| source_s3_server_logs |
Source log configuration to enable sending log to this bucket |
map(map(any)) |
{} |
no |
| tags |
Custom tags which can be passed on to the AWS resources. They should be key value pairs having distinct keys. |
map(string) |
{} |
no |
| versioning_enabled |
Should versioning be enabled? (true/false) |
bool |
false |
no |