Support Bucket Replication #10
Conversation
README.md
Outdated
| @@ -68,7 +68,7 @@ module "website_with_cname" { | |||
| | `logs_standard_transition_days` | `30` | Number of days to persist in the standard storage tier before moving to the glacier tier | No | | |||
| | `logs_glacier_transition_days` | `60` | Number of days after which to move the data to the glacier storage tier | No | | |||
| | `logs_expiration_days` | `90` | Number of days after which to expunge the objects | No | | |||
|
|
|||
| | `masters` | `{}` | Source bucket name and AWS IAM ID of owner for replication. In format map { "$id" = "$bucket_name" } | No | | |||
There was a problem hiding this comment.
let's rename what you call $id to $aws_account_id
There was a problem hiding this comment.
Should we invert the map? Bucket names are globally unique, but multiple buckets might exist in the same account. To permit multiple masters in the same account, we should invert.
osterman
changed the title
| ] | ||
|
|
||
| resources = [ | ||
| "${aws_s3_bucket.default.arn}", |
There was a problem hiding this comment.
In the original version, this was the source bucket arn. Now this is the destination bucket arn.
There was a problem hiding this comment.
main.tf
Outdated
| statement = ["${flatten(data.aws_iam_policy_document.master.*.statement)}"] | ||
| } | ||
|
|
||
| data "aws_iam_policy_document" "master" { |
There was a problem hiding this comment.
I can't see where you associate this policy with the bucket.
Also, heads up: hashicorp/terraform#10543 (comment)
There was a problem hiding this comment.
Here it is #10 (diff)
We do not attach policy, we get array of statements and include it to default policy document
README.md
Outdated
| @@ -68,6 +68,7 @@ module "website_with_cname" { | |||
| | `logs_standard_transition_days` | `30` | Number of days to persist in the standard storage tier before moving to the glacier tier | No | | |||
| | `logs_glacier_transition_days` | `60` | Number of days after which to move the data to the glacier storage tier | No | | |||
| | `logs_expiration_days` | `90` | Number of days after which to expunge the objects | No | | |||
| | `master_aws_account_ids | `[]` | List of AWS IAM ID of owner for replication source bucket. | No | | |||
There was a problem hiding this comment.
I prefer we use ARNs for consistency. See deployment_arns
What
Why