forked from cloudposse/terraform-aws-s3-bucket
-
Notifications
You must be signed in to change notification settings - Fork 0
/
outputs.tf
92 lines (76 loc) · 2.97 KB
/
outputs.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
output "bucket_domain_name" {
value = local.enabled ? join("", aws_s3_bucket.default[*].bucket_domain_name) : ""
description = "FQDN of bucket"
}
output "bucket_regional_domain_name" {
value = local.enabled ? join("", aws_s3_bucket.default[*].bucket_regional_domain_name) : ""
description = "The bucket region-specific domain name"
}
output "bucket_website_domain" {
value = join("", aws_s3_bucket_website_configuration.default[*].website_domain, aws_s3_bucket_website_configuration.redirect[*].website_domain)
description = "The bucket website domain, if website is enabled"
}
output "bucket_website_endpoint" {
value = join("", aws_s3_bucket_website_configuration.default[*].website_endpoint, aws_s3_bucket_website_configuration.redirect[*].website_endpoint)
description = "The bucket website endpoint, if website is enabled"
}
output "bucket_id" {
value = local.enabled ? join("", aws_s3_bucket.default[*].id) : ""
description = "Bucket Name (aka ID)"
}
output "bucket_arn" {
value = local.enabled ? join("", aws_s3_bucket.default[*].arn) : ""
description = "Bucket ARN"
}
output "bucket_region" {
value = local.enabled ? join("", aws_s3_bucket.default[*].region) : ""
description = "Bucket region"
}
output "enabled" {
value = local.enabled
description = "Is module enabled"
}
output "user_enabled" {
value = var.user_enabled
description = "Is user creation enabled"
}
output "user_name" {
value = module.s3_user.user_name
description = "Normalized IAM user name"
}
output "user_arn" {
value = module.s3_user.user_arn
description = "The ARN assigned by AWS for the user"
}
output "user_unique_id" {
value = module.s3_user.user_unique_id
description = "The user unique ID assigned by AWS"
}
output "replication_role_arn" {
value = local.enabled && local.replication_enabled ? join("", aws_iam_role.replication[*].arn) : ""
description = "The ARN of the replication IAM Role"
}
output "access_key_id" {
sensitive = true
value = module.s3_user.access_key_id
description = <<-EOT
The access key ID, if `var.user_enabled && var.access_key_enabled`.
While sensitive, it does not need to be kept secret, so this is output regardless of `var.store_access_key_in_ssm`.
EOT
}
output "secret_access_key" {
sensitive = true
value = module.s3_user.secret_access_key
description = <<-EOT
The secret access key, if `var.user_enabled && var.access_key_enabled && !var.store_access_key_in_ssm`.
This will be written to the state file unencrypted, so using `store_access_key_in_ssm` is recommended"
EOT
}
output "access_key_id_ssm_path" {
value = module.s3_user.access_key_id_ssm_path
description = "The SSM Path under which the S3 User's access key ID is stored"
}
output "secret_access_key_ssm_path" {
value = module.s3_user.secret_access_key_ssm_path
description = "The SSM Path under which the S3 User's secret access key is stored"
}