diff --git a/README.md b/README.md
index d5d403bc..c3f40345 100644
--- a/README.md
+++ b/README.md
@@ -213,14 +213,14 @@ Available targets:
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 0.13.0 |
-| [aws](#requirement\_aws) | >= 3.0 |
+| [aws](#requirement\_aws) | >= 3.68.0 |
| [time](#requirement\_time) | >= 0.7 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 3.0 |
+| [aws](#provider\_aws) | >= 3.68.0 |
| [time](#provider\_time) | >= 0.7 |
## Modules
diff --git a/docs/terraform.md b/docs/terraform.md
index ab422b2d..c688ee51 100644
--- a/docs/terraform.md
+++ b/docs/terraform.md
@@ -4,14 +4,14 @@
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 0.13.0 |
-| [aws](#requirement\_aws) | >= 3.0 |
+| [aws](#requirement\_aws) | >= 3.68.0 |
| [time](#requirement\_time) | >= 0.7 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 3.0 |
+| [aws](#provider\_aws) | >= 3.68.0 |
| [time](#provider\_time) | >= 0.7 |
## Modules
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index fa70977f..0f70e147 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -15,7 +15,7 @@ module "s3_bucket" {
allowed_bucket_actions = var.allowed_bucket_actions
bucket_name = var.bucket_name
object_lock_configuration = var.object_lock_configuration
- s3_replication_enabled = local.replication_enabled
+ s3_replication_enabled = local.s3_replication_enabled
s3_replica_bucket_arn = join("", module.s3_bucket_replication_target.*.bucket_arn)
s3_replication_rules = local.s3_replication_rules
privileged_principal_actions = var.privileged_principal_actions
diff --git a/examples/complete/outputs.tf b/examples/complete/outputs.tf
index 70fe0701..ea0db82d 100644
--- a/examples/complete/outputs.tf
+++ b/examples/complete/outputs.tf
@@ -14,12 +14,12 @@ output "bucket_arn" {
}
output "replication_bucket_id" {
- value = local.replication_enabled ? join("", module.s3_bucket_replication_target.*.bucket_id) : null
+ value = local.s3_replication_enabled ? join("", module.s3_bucket_replication_target.*.bucket_id) : null
description = "Replication bucket ID"
}
output "replication_bucket_arn" {
- value = local.replication_enabled ? join("", module.s3_bucket_replication_target.*.bucket_arn) : null
+ value = local.s3_replication_enabled ? join("", module.s3_bucket_replication_target.*.bucket_arn) : null
description = "Replication bucket bucket ARN"
}
diff --git a/examples/complete/replication.tf b/examples/complete/replication.tf
index e8777171..fc9f3638 100644
--- a/examples/complete/replication.tf
+++ b/examples/complete/replication.tf
@@ -1,19 +1,37 @@
locals {
- replication_enabled = length(var.s3_replication_rules) > 0
-
- extra_rule = local.replication_enabled ? {
- id = "replication-test-explicit-bucket"
- status = "Enabled"
- prefix = "/extra"
- priority = 5
- destination_bucket = module.s3_bucket_replication_target_extra[0].bucket_arn
- } : null
-
- s3_replication_rules = local.replication_enabled ? concat(var.s3_replication_rules, [local.extra_rule]) : null
+ s3_replication_enabled = var.s3_replication_enabled
+ s3_replication_rules = local.s3_replication_enabled ? [
+ {
+ id = "replication-test-explicit-bucket"
+ status = "Enabled"
+ prefix = "/extra"
+ priority = 5
+ destination_bucket = module.s3_bucket_replication_target_extra[0].bucket_arn
+ destination = {
+ account_id = local.account_id
+ metrics = {
+ status = null
+ }
+ }
+ },
+ {
+ id = "replication-test-metrics"
+ status = "Enabled"
+ prefix = "/with-metrics"
+ priority = 10
+ destination_bucket = null
+ destination = {
+ account_id = local.account_id
+ metrics = {
+ status = "Enabled"
+ }
+ }
+ }
+ ] : []
}
module "s3_bucket_replication_target" {
- count = local.replication_enabled ? 1 : 0
+ count = local.s3_replication_enabled ? 1 : 0
source = "../../"
@@ -28,7 +46,7 @@ module "s3_bucket_replication_target" {
}
module "s3_bucket_replication_target_extra" {
- count = local.replication_enabled ? 1 : 0
+ count = local.s3_replication_enabled ? 1 : 0
source = "../../"
diff --git a/examples/complete/replication.us-east-2.tfvars b/examples/complete/replication.us-east-2.tfvars
index d0b46961..a3709297 100644
--- a/examples/complete/replication.us-east-2.tfvars
+++ b/examples/complete/replication.us-east-2.tfvars
@@ -28,11 +28,4 @@ allowed_bucket_actions = [
"s3:AbortMultipartUpload",
]
-# Rules will be augmented with an additional bucket rule, so prefix cannot be "/"
-s3_replication_rules = [
- {
- id = "replication-test"
- status = "Enabled"
- prefix = "/main"
- }
-]
+s3_replication_enabled = true
\ No newline at end of file
diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf
index 0f27f4e9..f080d322 100644
--- a/examples/complete/variables.tf
+++ b/examples/complete/variables.tf
@@ -63,9 +63,10 @@ variable "lifecycle_rules" {
description = "A list of lifecycle rules."
}
-variable "s3_replication_rules" {
- default = []
- description = "S3 replication rules"
+variable "s3_replication_enabled" {
+ type = bool
+ default = false
+ description = "Enable or disable S3 replication."
}
variable "policy" {
diff --git a/main.tf b/main.tf
index c45700c7..c0e6ce25 100644
--- a/main.tf
+++ b/main.tf
@@ -186,6 +186,28 @@ resource "aws_s3_bucket" "default" {
replica_kms_key_id = try(rules.value.destination.replica_kms_key_id, null)
account_id = try(rules.value.destination.account_id, null)
+ # https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication-walkthrough-5.html
+ dynamic "metrics" {
+ for_each = try(rules.value.destination.metrics.status, "") == "Enabled" ? [1] : []
+
+ content {
+ status = "Enabled"
+ # Minutes can only have 15 as a valid value.
+ minutes = 15
+ }
+ }
+
+ # This block is required when replication metrics are enabled.
+ dynamic "replication_time" {
+ for_each = try(rules.value.destination.metrics.status, "") == "Enabled" ? [1] : []
+
+ content {
+ status = "Enabled"
+ # Minutes can only have 15 as a valid value.
+ minutes = 15
+ }
+ }
+
dynamic "access_control_translation" {
for_each = try(rules.value.destination.access_control_translation.owner, null) == null ? [] : [rules.value.destination.access_control_translation.owner]
diff --git a/variables.tf b/variables.tf
index e8ebfea2..29b2e87d 100644
--- a/variables.tf
+++ b/variables.tf
@@ -196,6 +196,9 @@ variable "s3_replication_rules" {
# owner = string
# })
# account_id = string
+ # metrics = object({
+ # status = string
+ # })
# })
# source_selection_criteria = object({
# sse_kms_encrypted_objects = object({
diff --git a/versions.tf b/versions.tf
index ac1455dc..749b0eb1 100644
--- a/versions.tf
+++ b/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 3.0"
+ version = ">= 3.68.0"
}
time = {
source = "hashicorp/time"