Skip to content

cn-terraform/terraform-aws-logs-s3-bucket

BranchesTags

Repository files navigation

Terraform Module for AWS

Complete

Usage

Complete

Install pre commit hooks.

Pleas run this command right after cloning the repository.

pre-commit install

For that you may need to install the following tools:

In order to run all checks at any point run the following command:

pre-commit run --all-files

Requirements

Name Version
terraform >= 1.5.7
aws ~>6

Providers

Name Version
aws 6.33.0

Modules

No modules.

Resources

Name Type
aws_s3_bucket.logs resource
aws_s3_bucket_ownership_controls.logs resource
aws_s3_bucket_policy.logs_access_policy resource
aws_s3_bucket_public_access_block.logs resource
aws_s3_bucket_server_side_encryption_configuration.logs resource
aws_s3_bucket_versioning.logs resource
aws_iam_policy_document.allow_log_delivery data source
aws_iam_policy_document.deny_unencrypted data source
aws_iam_policy_document.logs_access_policy_document data source

Inputs

Name Description Type Default Required
bucket_name Name prefix for resources on AWS string n/a yes
bucket_server_side_encryption (Optional) The bucket server side encryption configuration. 
object({
    sse_algorithm     = string
    kms_master_key_id = optional(string)
  })
 
{
  "kms_master_key_id": null,
  "sse_algorithm": "AES256"
}
 no
bucket_versioning value 
object({
    status     = string
    mfa_delete = optional(string)
  })
 
{
  "mfa_delete": "Enabled",
  "status": "Enabled"
}
 no
force_destroy (Optional, Default:false) Boolean that indicates all objects (including any locked objects) should be deleted from the bucket when the bucket is destroyed so that the bucket can be destroyed without error. These objects are not recoverable. This only deletes objects when the bucket is destroyed, not when setting this parameter to true. Once this parameter is set to true, there must be a successful terraform apply run before a destroy is required to update this value in the resource state. Without a successful terraform apply after this parameter is set, this flag will have no effect. If setting this field in the same operation that would require replacing the bucket or destroying the bucket, this flag will not work. Additionally when importing a bucket, a successful terraform apply is required to set this value in state before it will take effect on a destroy operation. bool false no
log_delivery_principals Service principals allowed to deliver logs. Example: ["cloudtrail.amazonaws.com"]. Add ELB, vpc-flow-logs principals as needed. list(string) n/a yes
object_lock_enabled (Optional, Forces new resource) Indicates whether this bucket has an Object Lock configuration enabled. Valid values are true or false. This argument is not supported in all regions or partitions. bool false no
tags Resource tags map(string) {} no

Outputs

Name Description
s3_bucket_arn Logging S3 Bucket ARN
s3_bucket_domain_name Logging S3 Bucket Domain Name
s3_bucket_id Logging S3 Bucket ID

About

AWS S3 bucket for logs delivery

registry.terraform.io/modules/cn-terraform/logs-s3-bucket

Topics

aws terraform aws-s3 logs amazon-web-services terraform-module aws-s3-logs

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

4 stars

Watchers

1 watching

Forks

5 forks
Report repository

Releases 10

2.0.1 Latest
Feb 24, 2026
+ 9 releases

Sponsor this project

Packages

 
 
 

Contributors

Languages

Generated from cn-terraform/terraform-module-template