-
-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathoutputs.tf
148 lines (132 loc) · 4.79 KB
/
outputs.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
output "name" {
description = "The name of the bucket."
value = aws_s3_bucket.this.bucket
}
output "id" {
description = "The ID of the bucket."
value = aws_s3_bucket.this.id
}
output "arn" {
description = "The ARN of the bucket."
value = aws_s3_bucket.this.arn
}
output "region" {
description = "The AWS region this bucket resides in."
value = aws_s3_bucket.this.region
}
output "hosted_zone_id" {
description = "The Route 53 Hosted Zone ID for this bucket's region."
value = aws_s3_bucket.this.hosted_zone_id
}
output "domain_name" {
description = "The bucket domain name. Will be of format `bucketname.s3.amazonaws.com`."
value = aws_s3_bucket.this.bucket_domain_name
}
output "regional_domain_name" {
description = "The bucket region-specific domain name. The bucket domain name including the region name."
value = aws_s3_bucket.this.bucket_regional_domain_name
}
output "object_lock" {
description = "The configuration for the S3 Object Lock of the bucket."
value = {
enabled = var.object_lock.enabled
default_retention = var.object_lock.default_retention
}
}
output "versioning" {
description = "The versioning configuration for the bucket."
value = {
status = {
for k, v in local.versioning_status :
v => k
}[aws_s3_bucket_versioning.this.versioning_configuration[0].status]
mfa_deletion = var.versioning.mfa_deletion
}
}
output "lifecycle_rules" {
description = "The lifecycle configuration for the bucket."
value = {
for rule in try(aws_s3_bucket_lifecycle_configuration.this[0].rule, []) :
rule.id => {
id = rule.id
enabled = rule.status == "Enabled"
filter = {
prefix = try(local.lifecycle_rules[rule.id].prefix, null)
tags = try(local.lifecycle_rules[rule.id].tags, {})
min_object_size = try(local.lifecycle_rules[rule.id].min_object_size, null)
max_object_size = try(local.lifecycle_rules[rule.id].max_object_size, null)
}
}
}
}
output "encryption" {
description = "The configuration for the S3 bucket Server-Side Encryption."
value = {
type = var.encryption.type
kms_key = try(one(aws_s3_bucket_server_side_encryption_configuration.this.rule[*]).apply_server_side_encryption_by_default[0].kms_master_key_id, null)
bucket_key_enabled = one(aws_s3_bucket_server_side_encryption_configuration.this.rule[*]).bucket_key_enabled
}
}
output "access_control" {
description = "The configuration for the S3 bucket access control."
value = {
object_ownership = aws_s3_bucket_ownership_controls.this.rule[0].object_ownership
acl = {
enabled = aws_s3_bucket_ownership_controls.this.rule[0].object_ownership != "BucketOwnerEnforced"
grants = local.grants
}
block_public_access = {
block_public_acls_enabled = aws_s3_bucket_public_access_block.this.block_public_acls
ignore_public_acls_enabled = aws_s3_bucket_public_access_block.this.ignore_public_acls
block_public_policy_enabled = aws_s3_bucket_public_access_block.this.block_public_policy
restrict_public_buckets_enabled = aws_s3_bucket_public_access_block.this.restrict_public_buckets
}
cors_rules = {
for rule in try(one(aws_s3_bucket_cors_configuration.this[*]).cors_rule, []) :
rule.id => {
allowed_headers = rule.allowed_headers
allowed_methods = rule.allowed_methods
allowed_origins = rule.allowed_origins
expose_headers = rule.expose_headers
max_age = rule.max_age_seconds
}
}
}
}
output "logging" {
description = "The logging configuration for the bucket."
value = {
enabled = var.logging.enabled
s3_bucket = one(aws_s3_bucket_logging.this[*].target_bucket)
s3_key_prefix = one(aws_s3_bucket_logging.this[*].target_prefix)
is_target_bucket = var.logging.is_target_bucket
allowed_source_buckets = var.logging.allowed_source_buckets
}
}
output "monitoring" {
description = "The monitoring configuration for the bucket."
value = {
request_metrics = [
for name, metric in aws_s3_bucket_metric.this : {
name = name
filter = one(metric.filter[*])
}
]
}
}
output "requester_payment" {
description = "The configuration for the S3 bucket request payment."
value = {
enabled = aws_s3_bucket_request_payment_configuration.this.payer == "Requester"
}
}
output "transfer_acceleration" {
description = "The configuration for the S3 Transfer Acceleration of the bucket."
value = {
enabled = var.transfer_acceleration_enabled
endpoints = {
ipv4 = "${aws_s3_bucket.this.bucket}.s3-accelerate.amazonaws.com"
dualstack = "${aws_s3_bucket.this.bucket}.s3-accelerate.dualstack.amazonaws.com"
}
}
}