Creates a AWS S3 bucket.
module "s3_bucket" {
source = "dod-iac/s3-bucket/aws"
name = format("app-%s-s3-%s", var.application, var.environment)
tags = {
Application = var.application
Environment = var.environment
Automation = "Terraform"
}
}Creates an encrypted AWS S3 bucket.
module "s3_kms_key" {
source = "dod-iac/s3-kms-key/aws"
name = format("alias/app-%s-s3-%s", var.application, var.environment)
description = format("A KMS key used to encrypt objects at rest in S3 for %s:%s.", var.application, var.environment)
principals = ["*"]
tags = {
Application = var.application
Environment = var.environment
Automation = "Terraform"
}
}
module "s3_bucket" {
source = "dod-iac/s3-bucket/aws"
kms_master_key_id = module.s3_kms_key.aws_kms_key_arn
name = format("app-%s-s3-%s", var.application, var.environment)
tags = {
Application = var.application
Environment = var.environment
Automation = "Terraform"
}
}Run all terratest tests using the terratest script. If using aws-vault, you could use aws-vault exec $AWS_PROFILE -- terratest. The AWS_DEFAULT_REGION environment variable is required by the tests. Use TT_SKIP_DESTROY=1 to not destroy the infrastructure created during the tests. Use TT_VERBOSE=1 to log all tests as they are run. Use TT_TIMEOUT to set the timeout for the tests, with the value being in the Go format, e.g., 15m. Use TT_TEST_NAME to run a specific test by name.
Terraform 0.13. Pin module version to ~> 1.0.0 . Submit pull-requests to main branch.
Terraform 0.11 and 0.12 are not supported.
This project constitutes a work of the United States Government and is not subject to domestic copyright protection under 17 USC § 105. However, because the project utilizes code licensed from contributors and other third parties, it therefore is licensed under the MIT License. See LICENSE file for more information.
| Name | Version |
|---|---|
| terraform | >= 0.13 |
| aws | ~> 3.0 |
| Name | Version |
|---|---|
| aws | ~> 3.0 |
No modules.
| Name | Type |
|---|---|
| aws_s3_bucket.main | resource |
| aws_s3_bucket_notification.main | resource |
| aws_s3_bucket_policy.main | resource |
| aws_s3_bucket_public_access_block.main | resource |
| aws_caller_identity.current | data source |
| aws_iam_policy_document.policy | data source |
| aws_partition.current | data source |
| aws_region.current | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| bucket_key_enabled | If true and the "kms_master_key_id" is provided, then the bucket is configured to use Amazon S3 Bucket Keys. | bool |
false |
no |
| grants | List of ACL policy grants. | list(object({ |
[] |
no |
| kms_master_key_id | The default KMS used for server-side encryption. | string |
"" |
no |
| lifecycle_rules | A list of lifecycle rules. | list(object({ |
[] |
no |
| logging_bucket | The name of the bucket that will receive the log objects. | string |
"" |
no |
| logging_prefix | The key prefix to use when logging. Defaults to "s3/[NAME]/" if not specified. | string |
"" |
no |
| name | The name of the AWS S3 bucket. | string |
n/a | yes |
| notifications | List of notifications to configure. | list(object({ |
[] |
no |
| require_acl_bucket_owner_full_control | Require the object ACL be set to "bucket-owner-full-control" on all PutObject API requests. | bool |
false |
no |
| require_tls | Require all API requests to use TLS connections. | bool |
false |
no |
| tags | Tags applied to the AWS S3 bucket. | map(string) |
{} |
no |
| transfer_acceleration_enabled | If true, then AWS S3 Transfer Acceleration is enabled for the bucket. | bool |
false |
no |
| versioning_enabled | Enable versioning. Once you version-enable a bucket, it can never return to an unversioned state. You can, however, suspend versioning on that bucket. | bool |
true |
no |
| Name | Description |
|---|---|
| arn | The Amazon Resource Name (ARN) of the AWS S3 Bucket. |
| bucket_regional_domain_name | The regional domain name of the AWS S3 Bucket. |
| endpoint_transfer_acceleration | If AWS S3 Transfer Acceleration is enabled, then the endpoint to use over IPv4. |
| endpoint_transfer_acceleration_dual_stack | If AWS S3 Transfer Acceleration is enabled, then the dual-stack endpoint to use over IPv4 or IPv6. |
| id | The ID of the AWS S3 Bucket. |