| acceleration_status |
Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended |
bool |
false |
no |
| acl |
Canned ACL to apply to the S3 bucket. |
string |
null |
no |
| acl_grants |
A list of policy grants for the bucket. Conflicts with acl. Set acl to null to use this. |
list(object({
id = string
type = string
permission = string
uri = string
})) |
null |
no |
| analytics_configuration |
Map containing bucket analytics configuration. |
any |
{} |
no |
| attach_public_policy |
Controls if a user defined public bucket policy will be attached (set to false to allow upstream to apply defaults to the bucket) |
bool |
true |
no |
| aws_iam_policy_document |
The text of the policy. Although this is a bucket policy rather than an IAM policy, the aws_iam_policy_document data source may be used, so long as it specifies a principal. For more information about building AWS IAM policy documents with Terraform, see the AWS IAM Policy Document Guide. Note: Bucket policies are limited to 20 KB in size. |
string |
"" |
no |
| block_http_bucket_policy |
Custome bucket policy to block https traffic |
any |
null |
no |
| block_public_acls |
Whether Amazon S3 should block public ACLs for this bucket. |
bool |
true |
no |
| block_public_policy |
Whether Amazon S3 should block public bucket policies for this bucket. |
bool |
true |
no |
| bucket_policy |
Conditionally create S3 bucket policy. |
bool |
false |
no |
| bucket_prefix |
(Optional, Forces new resource) Creates a unique bucket name beginning with the specified prefix. |
string |
null |
no |
| configuration_status |
Versioning state of the bucket. Valid values: Enabled, Suspended, or Disabled. Disabled should only be used when creating or importing resources that correspond to unversioned S3 buckets. |
string |
"Enabled" |
no |
| control_object_ownership |
Whether to manage S3 Bucket Ownership Controls on this bucket. |
bool |
false |
no |
| cors_rule |
CORS Configuration specification for this bucket |
list(object({
allowed_headers = list(string)
allowed_methods = list(string)
allowed_origins = list(string)
expose_headers = list(string)
max_age_seconds = number
})) |
null |
no |
| enable_kms |
Enable enable_server_side_encryption |
bool |
false |
no |
| enable_lifecycle_configuration_rules |
enable or disable lifecycle_configuration_rules |
bool |
false |
no |
| enable_server_side_encryption |
Enable enable_server_side_encryption |
bool |
false |
no |
| enabled |
Conditionally create S3 bucket. |
bool |
true |
no |
| environment |
Environment (e.g. prod, dev, staging). |
string |
"" |
no |
| expected_bucket_owner |
The account ID of the expected bucket owner |
string |
null |
no |
| force_destroy |
A boolean that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable. |
bool |
false |
no |
| grants |
ACL Policy grant.conflict with acl.set acl null to use this |
list(object({
id = string
type = string
permissions = list(string)
uri = string
})) |
null |
no |
| ignore_public_acls |
Whether Amazon S3 should ignore public ACLs for this bucket. |
bool |
true |
no |
| intelligent_tiering |
Map containing intelligent tiering configuration. |
any |
{} |
no |
| inventory_configuration |
Map containing S3 inventory configuration. |
any |
{} |
no |
| kms_master_key_id |
The AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of sse_algorithm as aws:kms. The default aws/s3 AWS KMS master key is used if this element is absent while the sse_algorithm is aws:kms. |
string |
"" |
no |
| label_order |
Label order, e.g. name,application. |
list(any) |
[] |
no |
| lifecycle_configuration_rules |
A list of lifecycle rules |
list(object({
id = string
enabled = bool
filter = any
enable_glacier_transition = bool
enable_deeparchive_transition = bool
enable_standard_ia_transition = bool
enable_current_object_expiration = bool
enable_noncurrent_version_expiration = bool
abort_incomplete_multipart_upload_days = number
noncurrent_version_glacier_transition_days = number
noncurrent_version_deeparchive_transition_days = number
noncurrent_version_expiration_days = number
standard_transition_days = number
glacier_transition_days = number
deeparchive_transition_days = number
expiration_days = number
})) |
null |
no |
| logging |
Logging Object to enable and disable logging |
bool |
false |
no |
| managedby |
ManagedBy, eg 'CloudDrove'. |
string |
"[email protected]" |
no |
| metric_configuration |
Map containing bucket metric configuration. |
any |
[] |
no |
| mfa |
Optional, Required if versioning_configuration mfa_delete is enabled) Concatenation of the authentication device's serial number, a space, and the value that is displayed on your authentication device. |
string |
null |
no |
| mfa_delete |
Specifies whether MFA delete is enabled in the bucket versioning configuration. Valid values: Enabled or Disabled. |
string |
"Disabled" |
no |
| name |
Name (e.g. app or cluster). |
string |
"" |
no |
| object_lock_configuration |
With S3 Object Lock, you can store objects using a write-once-read-many (WORM) model. Object Lock can help prevent objects from being deleted or overwritten for a fixed amount of time or indefinitely. |
object({
mode = string #Valid values are GOVERNANCE and COMPLIANCE.
days = number
years = number
}) |
null |
no |
| object_lock_enabled |
Whether S3 bucket should have an Object Lock configuration enabled. |
bool |
false |
no |
| object_ownership |
Object ownership. Valid values: BucketOwnerEnforced, BucketOwnerPreferred or ObjectWriter. 'BucketOwnerEnforced': ACLs are disabled, and the bucket owner automatically owns and has full control over every object in the bucket. 'BucketOwnerPreferred': Objects uploaded to the bucket change ownership to the bucket owner if the objects are uploaded with the bucket-owner-full-control canned ACL. 'ObjectWriter': The uploading account will own the object if the object is uploaded with the bucket-owner-full-control canned ACL. |
string |
"ObjectWriter" |
no |
| only_https_traffic |
This veriables use for only https traffic. |
bool |
true |
no |
| owner |
Bucket owner's display name and ID. Conflicts with acl |
map(string) |
{} |
no |
| owner_id |
The canonical user ID associated with the AWS account. |
string |
"" |
no |
| replication_configuration |
Map containing cross-region replication configuration. |
any |
{} |
no |
| repository |
Terraform current module repo |
string |
"https://github.com/clouddrove/terraform-aws-s3" |
no |
| request_payer |
(Optional) Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information. |
string |
null |
no |
| restrict_public_buckets |
Whether Amazon S3 should restrict public bucket policies for this bucket. |
bool |
true |
no |
| s3_name |
name of s3 bucket |
string |
null |
no |
| sse_algorithm |
The server-side encryption algorithm to use. Valid values are AES256 and aws:kms. |
string |
"AES256" |
no |
| target_bucket |
The bucket where you want Amazon S3 to store server access logs. |
string |
"" |
no |
| target_prefix |
A prefix for all log object keys. |
string |
"" |
no |
| timeouts |
Define maximum timeout for creating, updating, and deleting VPC endpoint resources |
map(string) |
{} |
no |
| versioning |
Enable Versioning of S3. |
bool |
true |
no |
| versioning_status |
Required if versioning_configuration mfa_delete is enabled) Concatenation of the authentication device's serial number, a space, and the value that is displayed on your authentication device. |
string |
"Enabled" |
no |
| vpc_endpoints |
n/a |
any |
[] |
no |
| website |
Map containing static web-site hosting or redirect configuration. |
any |
{} |
no |