module "s3_replicated_bucket" {
source = "./modules/core_s3"
providers = {
aws.us_east_1 = aws.us_east_1
aws.us_east_2 = aws.us_east_2
}
bucket_name = "example"
enable_versioning = true
encrypt_with_kms = true
kms_key = var.default_s3_kms_key
replica_kms_key = aws_kms_key.s3_replica_key.arn
bucket_acl = "private"
block_public_acls = true
block_public_policy = true
ignore_public_acls = true
restrict_public_buckets = true
origin_region = "us-east-1"
replica_region = "us-east-2"
bucket_policy_json = jsonencode({
"Id" : "ExamplePolicy",
"Version" : "2012-10-17",
"Statement" : [
{
"Sid" : "AllowSSLRequestsOnly",
"Action" : "s3:*",
"Effect" : "Deny",
"Resource" : [
"arn:aws:s3:::example",
"arn:aws:s3:::example/*"
],
"Condition" : {
"Bool" : {
"aws:SecureTransport" : "false"
}
},
"Principal" : "*"
}
]
})
tags = var.default_tags
}
| Name | Version |
|---|---|
| aws | n/a |
| aws.us_east_1 | n/a |
| aws.us_east_2 | n/a |
| Name | Type |
|---|---|
| aws_iam_policy.replication | resource |
| aws_iam_policy_attachment.replication | resource |
| aws_iam_role.replication | resource |
| aws_s3_bucket.this | resource |
| aws_s3_bucket.this_replica | resource |
| aws_s3_bucket_policy.this | resource |
| aws_s3_bucket_policy.this_replica | resource |
| aws_s3_bucket_public_access_block.this | resource |
| aws_s3_bucket_public_access_block.this_replica | resource |
| aws_caller_identity.current | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| bucket_acl | KMS key to use for bucket encryption | string |
n/a | yes |
| bucket_name | The Name of the S3 bucket | string |
n/a | yes |
| bucket_policy_json | KMS key to use for bucket encryption | string |
n/a | yes |
| enable_versioning | Should versioning be enabled on the bucket | string |
n/a | yes |
| encrypt_with_kms | Should we use a KMS CMK? If false we will use SSE AES256 | string |
n/a | yes |
| origin_region | The Name of the Origin region | string |
n/a | yes |
| replica_region | The Name of the Origin region | string |
n/a | yes |
| tags | Map to pass in tags to the resources | map(string) |
n/a | yes |
| block_public_acls | KMS key to use for bucket encryption | bool |
true |
no |
| block_public_policy | KMS key to use for bucket encryption | bool |
true |
no |
| ignore_public_acls | KMS key to use for bucket encryption | bool |
true |
no |
| kms_key | KMS key to use for bucket encryption | string |
"" |
no |
| logging_bucket | What bucket should we target for logging? | string |
"" |
no |
| logging_enabled | Should we enable logging dynamic block? | bool |
false |
no |
| logging_prefix | What prefix key should we use for logging? | string |
"" |
no |
| replica_kms_key | KMS key to use for bucket encryption at destiniation | string |
"" |
no |
| restrict_public_buckets | KMS key to use for bucket encryption | bool |
true |
no |
| Name | Description |
|---|---|
| arn | n/a |
| domain_name | n/a |
| id | n/a |
| replica_arn | n/a |
| replica_domain_name | n/a |
| replica_id | n/a |