diff --git a/README.md b/README.md index 6eb4b67..9783d1c 100644 --- a/README.md +++ b/README.md @@ -248,6 +248,7 @@ Available targets: | [aws_s3_bucket_policy.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_policy) | resource | | [aws_s3_bucket_public_access_block.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block) | resource | | [aws_s3_bucket_replication_configuration.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_replication_configuration) | resource | +| [aws_s3_bucket_request_payment_configuration.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_request_payment_configuration) | resource | | [aws_s3_bucket_server_side_encryption_configuration.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_server_side_encryption_configuration) | resource | | [aws_s3_bucket_versioning.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_versioning) | resource | | [aws_s3_bucket_website_configuration.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_website_configuration) | resource | @@ -314,6 +315,7 @@ Available targets: | [s3\_replication\_permissions\_boundary\_arn](#input\_s3\_replication\_permissions\_boundary\_arn) | Permissions boundary ARN for the created IAM replication role. | `string` | `null` | no | | [s3\_replication\_rules](#input\_s3\_replication\_rules) | Specifies the replication rules for S3 bucket replication if enabled. You must also set s3\_replication\_enabled to true. | 
list(object({
    id       = optional(string)
    priority = optional(number)
    prefix   = optional(string)
    status   = optional(string, "Enabled")
    # delete_marker_replication { status } had been flattened for convenience
    delete_marker_replication_status = optional(string, "Disabled")
    # Add the configuration as it appears in the resource, for consistency
    # this nested version takes precedence if both are provided.
    delete_marker_replication = optional(object({
      status = string
    }))

    # destination_bucket is specified here rather than inside the destination object because before optional
    # attributes, it made it easier to work with the Terraform type system and create a list of consistent type.
    # It is preserved for backward compatibility, but the nested version takes priority if both are provided.
    destination_bucket = optional(string) # destination bucket ARN, overrides s3_replica_bucket_arn

    destination = object({
      bucket        = optional(string) # destination bucket ARN, overrides s3_replica_bucket_arn
      storage_class = optional(string, "STANDARD")
      # replica_kms_key_id at this level is for backward compatibility, and is overridden by the one in `encryption_configuration`
      replica_kms_key_id = optional(string, "")
      encryption_configuration = optional(object({
        replica_kms_key_id = string
      }))
      access_control_translation = optional(object({
        owner = string
      }))
      # account_id is for backward compatibility, overridden by account
      account_id = optional(string)
      account    = optional(string)
      # For convenience, specifying either metrics or replication_time enables both
      metrics = optional(object({
        event_threshold = optional(object({
          minutes = optional(number, 15) # Currently 15 is the only valid number
        }), { minutes = 15 })
        status = optional(string, "Enabled")
      }), { status = "Disabled" })
      # To preserve backward compatibility, Replication Time Control (RTC) is automatically enabled
      # when metrics are enabled. To enable metrics without RTC, you must explicitly configure
      # replication_time.status = "Disabled".
      replication_time = optional(object({
        time = optional(object({
          minutes = optional(number, 15) # Currently 15 is the only valid number
        }), { minutes = 15 })
        status = optional(string)
      }))
    })

    source_selection_criteria = optional(object({
      replica_modifications = optional(object({
        status = string # Either Enabled or Disabled
      }))
      sse_kms_encrypted_objects = optional(object({
        status = optional(string)
      }))
    }))
    # filter.prefix overrides top level prefix
    filter = optional(object({
      prefix = optional(string)
      tags   = optional(map(string), {})
    }))
  }))
| `null` | no | | [s3\_replication\_source\_roles](#input\_s3\_replication\_source\_roles) | Cross-account IAM Role ARNs that will be allowed to perform S3 replication to this bucket (for replication within the same AWS account, it's not necessary to adjust the bucket policy). | `list(string)` | `[]` | no | +| [s3\_request\_payment\_configuration](#input\_s3\_request\_payment\_configuration) | S3 request payment configuration | 
object({
    enabled               = bool
    expected_bucket_owner = optional(string)
    payer                 = string
  })
| 
{
  "enabled": false,
  "payer": "BucketOwner"
}
| no | | [source\_ip\_allow\_list](#input\_source\_ip\_allow\_list) | List of IP addresses to allow to perform all actions to the bucket | `list(string)` | `[]` | no | | [source\_policy\_documents](#input\_source\_policy\_documents) | List of IAM policy documents (in JSON) that are merged together into the exported document.
Statements defined in source\_policy\_documents must have unique SIDs.
Statement having SIDs that match policy SIDs generated by this module will override them. | `list(string)` | `[]` | no | | [sse\_algorithm](#input\_sse\_algorithm) | The server-side encryption algorithm to use. Valid values are `AES256` and `aws:kms` | `string` | `"AES256"` | no |