-
-
Notifications
You must be signed in to change notification settings - Fork 839
/
variables.tf
229 lines (192 loc) · 7.34 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
variable "acl" {
type = string
default = "private"
description = "The [canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl) to apply. We recommend `private` to avoid exposing sensitive information. Conflicts with `grants`."
}
variable "grants" {
type = list(object({
id = string
type = string
permissions = list(string)
uri = string
}))
default = null
description = "A list of ACL policy grants. Conflicts with `acl`. Set `acl` to `null` to use this."
}
variable "lifecycle_rules" {
type = list(object({
prefix = string
enabled = bool
tags = map(string)
enable_glacier_transition = bool
enable_deeparchive_transition = bool
enable_standard_ia_transition = bool
enable_current_object_expiration = bool
abort_incomplete_multipart_upload_days = number
noncurrent_version_glacier_transition_days = number
noncurrent_version_deeparchive_transition_days = number
noncurrent_version_expiration_days = number
standard_transition_days = number
glacier_transition_days = number
deeparchive_transition_days = number
expiration_days = number
}))
default = [{
enabled = false
prefix = ""
tags = {}
enable_glacier_transition = true
enable_deeparchive_transition = false
enable_standard_ia_transition = false
enable_current_object_expiration = true
abort_incomplete_multipart_upload_days = 90
noncurrent_version_glacier_transition_days = 30
noncurrent_version_deeparchive_transition_days = 60
noncurrent_version_expiration_days = 90
standard_transition_days = 30
glacier_transition_days = 60
deeparchive_transition_days = 90
expiration_days = 90
}]
description = "A list of lifecycle rules."
}
variable "policy" {
type = string
default = ""
description = "A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), Terraform may view the policy as constantly changing in a terraform plan. In this case, please make sure you use the verbose/specific version of the policy"
}
variable "region" {
type = string
default = ""
description = "If specified, the AWS region this bucket should reside in. Otherwise, the region used by the callee"
}
variable "force_destroy" {
type = bool
default = false
description = "A boolean string that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable"
}
variable "versioning_enabled" {
type = bool
default = false
description = "A state of versioning. Versioning is a means of keeping multiple variants of an object in the same bucket"
}
variable "sse_algorithm" {
type = string
default = "AES256"
description = "The server-side encryption algorithm to use. Valid values are `AES256` and `aws:kms`"
}
variable "kms_master_key_arn" {
type = string
default = ""
description = "The AWS KMS master key ARN used for the `SSE-KMS` encryption. This can only be used when you set the value of `sse_algorithm` as `aws:kms`. The default aws/s3 AWS KMS master key is used if this element is absent while the `sse_algorithm` is `aws:kms`"
}
variable "user_enabled" {
type = bool
default = false
description = "Set to `true` to create an IAM user with permission to access the bucket"
}
variable "allowed_bucket_actions" {
type = list(string)
default = ["s3:PutObject", "s3:PutObjectAcl", "s3:GetObject", "s3:DeleteObject", "s3:ListBucket", "s3:ListBucketMultipartUploads", "s3:GetBucketLocation", "s3:AbortMultipartUpload"]
description = "List of actions the user is permitted to perform on the S3 bucket"
}
variable "allow_encrypted_uploads_only" {
type = bool
default = false
description = "Set to `true` to prevent uploads of unencrypted objects to S3 bucket"
}
variable "lifecycle_rule_enabled" {
type = bool
default = false
description = "Enable or disable lifecycle rule"
}
variable "prefix" {
type = string
default = ""
description = "Prefix identifying one or more objects to which the rule applies"
}
variable "noncurrent_version_transition_days" {
type = number
default = 30
description = "Number of days to persist in the standard storage tier before moving to the glacier tier infrequent access tier"
}
variable "noncurrent_version_expiration_days" {
type = number
default = 90
description = "Specifies when noncurrent object versions expire"
}
variable "cors_rule_inputs" {
type = list(object({
allowed_headers = list(string)
allowed_methods = list(string)
allowed_origins = list(string)
expose_headers = list(string)
max_age_seconds = number
}))
default = null
description = "Specifies the allowed headers, methods, origins and exposed headers when using CORS on this bucket"
}
variable "standard_transition_days" {
type = number
default = 30
description = "Number of days to persist in the standard storage tier before moving to the infrequent access tier"
}
variable "glacier_transition_days" {
type = number
default = 60
description = "Number of days after which to move the data to the glacier storage tier"
}
variable "enable_glacier_transition" {
type = bool
default = true
description = "Enables the transition to AWS Glacier which can cause unnecessary costs for huge amount of small files"
}
variable "enable_standard_ia_transition" {
type = bool
default = false
description = "Enables the transition to STANDARD_IA"
}
variable "expiration_days" {
type = number
default = 90
description = "Number of days after which to expunge the objects"
}
variable "lifecycle_tags" {
type = map(string)
description = "Tags filter. Used to manage object lifecycle events"
default = {}
}
variable "block_public_acls" {
type = bool
default = true
description = "Set to `false` to disable the blocking of new public access lists on the bucket"
}
variable "block_public_policy" {
type = bool
default = true
description = "Set to `false` to disable the blocking of new public policies on the bucket"
}
variable "ignore_public_acls" {
type = bool
default = true
description = "Set to `false` to disable the ignoring of public access lists on the bucket"
}
variable "restrict_public_buckets" {
type = bool
default = true
description = "Set to `false` to disable the restricting of making the bucket public"
}
variable "bucket_name" {
type = string
default = null
description = "Bucket name. If provided, the bucket will be created with this name instead of generating the name from the context"
}
variable "object_lock_configuration" {
type = object({
mode = string # Valid values are GOVERNANCE and COMPLIANCE.
days = number
years = number
})
default = null
description = "A configuration for S3 object locking. With S3 Object Lock, you can store objects using a `write once, read many` (WORM) model. Object Lock can help prevent objects from being deleted or overwritten for a fixed amount of time or indefinitely."
}