This module creates an S3 bucket for file uploads. The bucket is configured with logging, encryption, verisioning and a lifecycle configuration.
Add this module to your main.tf (or appropriate) file and configure the inputs
to match your desired configuration. For example:
module "module_name" {
source = "github.com/codeforamerica/tofu-modules-aws-s3-uploads-bucket?ref=1.0.0"
project = "my-project"
environment = "development"
logging-bucket = "my-logging-bucket"
name = "documents"
}Make sure you re-run tofu init after adding the module to your configuration.
tofu init
tofu planTo update the source for this module, pass -upgrade to tofu init:
tofu init -upgrade| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| logging_bucket | S3 bucket to send access logs to. | string |
n/a | yes |
| name | Name of the bucket. The project and environment will be prepended to this automatically. | string |
n/a | yes |
| project | Project that these resources are supporting. This is used in the prefix to all resource names. | string |
n/a | yes |
| abort_incomplete_multipart_upload_days | Number of days to abort incomplete multipart uploads. | number |
7 |
no |
| allowed_principals | List of AWS principal ARNs to allow to use the KMS key. This is used to grant access to other resources that need to use the key, such as ECS task roles. | list(string) |
[] |
no |
| encryption_key_arn | ARN of the KMS key to use for S3 bucket encryption. If not provided, a new KMS key will be created. | string |
null |
no |
| environment | The environment for the deployment. This is used in the prefix to all resource names. | string |
"development" |
no |
| force_delete | Whether to force delete the bucket and its contents. Must be set to true and applied before the bucket can be deleted. |
bool |
false |
no |
| key_recovery_period | Number of days to recover the created KMS key after deletion. Must be between 7 and 30. |
number |
30 |
no |
| noncurrent_version_expiration_days | Number of days to expire noncurrent versions of objects. | number |
30 |
no |
| storage_class_transitions | List of storage class transitions to apply to the buckets lifecycle configuration. | list(object) |
[{days = 30, storage_class = "STANDARD_IA"}] |
no |
| tags | Optional tags to be applied to all resources. | map(string) |
{} |
no |
You can define multiple storage class transitions for the objects in the S3 bucket. This allows you to use a reduced cost storage option for objects that need to be retained for a longer time, but won't be regularly accessed.
By default, objects added to the bucket will transition to the infrequent access
storage tier after 30 days. To disable transitions entirely, you can set this
input to an empty list ([]).
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| days | Number of days | number |
n/a | yes |
| storage_class | Storage class to transition objects to. | string |
n/a | yes |
Possible values for storage_class are DEEP_ARCHIVE, GLACIER, GLACIER_IR,
INTELLIGENT_TIERING, ONEZONE_IA, STANDARD_IA. For more information on the
different storage classes, see the Amazon S3 documentation.
| Name | Description | Type |
|---|---|---|
| bucket_name | Name of the created bucket. | string |
| bucket_arn | Full ARN of the created bucket. | string |
| bucket_domain_name | Domain name of the created bucket, in the format bucketname.s3.amazonaws.com. |
string |
| kms_key_arn | ARN of the KMS key used for bucket encryption. | string |
Follow the contributing guidelines to contribute to this repository.