Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sync with upstream #2

Merged
merged 4 commits into from
Nov 18, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -248,6 +248,7 @@ Available targets:
| [aws_s3_bucket_policy.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_policy) | resource |
| [aws_s3_bucket_public_access_block.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block) | resource |
| [aws_s3_bucket_replication_configuration.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_replication_configuration) | resource |
| [aws_s3_bucket_request_payment_configuration.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_request_payment_configuration) | resource |
| [aws_s3_bucket_server_side_encryption_configuration.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_server_side_encryption_configuration) | resource |
| [aws_s3_bucket_versioning.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_versioning) | resource |
| [aws_s3_bucket_website_configuration.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_website_configuration) | resource |
Expand Down Expand Up @@ -284,7 +285,7 @@ Available targets:
| <a name="input_descriptor_formats"></a> [descriptor\_formats](#input\_descriptor\_formats) | Describe additional descriptors to be output in the `descriptors` output map.<br/>Map of maps. Keys are names of descriptors. Values are maps of the form<br/>`{<br/> format = string<br/> labels = list(string)<br/>}`<br/>(Type is `any` so the map values can later be enhanced to provide additional options.)<br/>`format` is a Terraform format string to be passed to the `format()` function.<br/>`labels` is a list of labels, in order, to pass to `format()` function.<br/>Label values will be normalized before being passed to `format()` so they will be<br/>identical to how they appear in `id`.<br/>Default is `{}` (`descriptors` output will be empty). | `any` | `{}` | no |
| <a name="input_enabled"></a> [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no |
| <a name="input_environment"></a> [environment](#input\_environment) | ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no |
| <a name="input_event_notification_details"></a> [event\_notification\_details](#input\_event\_notification\_details) | (optional) S3 event notification details | <pre>object({<br/> enabled = bool<br/> lambda_list = optional(list(object({<br/> lambda_function_arn = string<br/> events = optional(list(string), ["s3:ObjectCreated:*"])<br/> filter_prefix = string<br/> filter_suffix = string<br/> })), [])<br/><br/> queue_list = optional(list(object({<br/> queue_arn = string<br/> events = optional(list(string), ["s3:ObjectCreated:*"])<br/> })), [])<br/><br/> topic_list = optional(list(object({<br/> topic_arn = string<br/> events = optional(list(string), ["s3:ObjectCreated:*"])<br/> })), [])<br/><br/> })</pre> | <pre>{<br/> "enabled": false<br/>}</pre> | no |
| <a name="input_event_notification_details"></a> [event\_notification\_details](#input\_event\_notification\_details) | S3 event notification details | <pre>object({<br/> enabled = bool<br/> eventbridge = optional(bool, false)<br/> lambda_list = optional(list(object({<br/> lambda_function_arn = string<br/> events = optional(list(string), ["s3:ObjectCreated:*"])<br/> filter_prefix = string<br/> filter_suffix = string<br/> })), [])<br/><br/> queue_list = optional(list(object({<br/> queue_arn = string<br/> events = optional(list(string), ["s3:ObjectCreated:*"])<br/> })), [])<br/><br/> topic_list = optional(list(object({<br/> topic_arn = string<br/> events = optional(list(string), ["s3:ObjectCreated:*"])<br/> })), [])<br/> })</pre> | <pre>{<br/> "enabled": false<br/>}</pre> | no |
| <a name="input_expected_bucket_owner"></a> [expected\_bucket\_owner](#input\_expected\_bucket\_owner) | Account ID of the expected bucket owner. <br/>More information: https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-owner-condition.html | `string` | `null` | no |
| <a name="input_force_destroy"></a> [force\_destroy](#input\_force\_destroy) | When `true`, permits a non-empty S3 bucket to be deleted by first deleting all objects in the bucket.<br/>THESE OBJECTS ARE NOT RECOVERABLE even if they were versioned and stored in Glacier. | `bool` | `false` | no |
| <a name="input_grants"></a> [grants](#input\_grants) | A list of policy grants for the bucket, taking a list of permissions.<br/>Conflicts with `acl`. Set `acl` to `null` to use this.<br/>Deprecated by AWS in favor of bucket policies.<br/>Automatically disabled if `s3_object_ownership` is set to "BucketOwnerEnforced". | <pre>list(object({<br/> id = string<br/> type = string<br/> permissions = list(string)<br/> uri = string<br/> }))</pre> | `[]` | no |
Expand Down Expand Up @@ -314,6 +315,7 @@ Available targets:
| <a name="input_s3_replication_permissions_boundary_arn"></a> [s3\_replication\_permissions\_boundary\_arn](#input\_s3\_replication\_permissions\_boundary\_arn) | Permissions boundary ARN for the created IAM replication role. | `string` | `null` | no |
| <a name="input_s3_replication_rules"></a> [s3\_replication\_rules](#input\_s3\_replication\_rules) | Specifies the replication rules for S3 bucket replication if enabled. You must also set s3\_replication\_enabled to true. | <pre>list(object({<br/> id = optional(string)<br/> priority = optional(number)<br/> prefix = optional(string)<br/> status = optional(string, "Enabled")<br/> # delete_marker_replication { status } had been flattened for convenience<br/> delete_marker_replication_status = optional(string, "Disabled")<br/> # Add the configuration as it appears in the resource, for consistency<br/> # this nested version takes precedence if both are provided.<br/> delete_marker_replication = optional(object({<br/> status = string<br/> }))<br/><br/> # destination_bucket is specified here rather than inside the destination object because before optional<br/> # attributes, it made it easier to work with the Terraform type system and create a list of consistent type.<br/> # It is preserved for backward compatibility, but the nested version takes priority if both are provided.<br/> destination_bucket = optional(string) # destination bucket ARN, overrides s3_replica_bucket_arn<br/><br/> destination = object({<br/> bucket = optional(string) # destination bucket ARN, overrides s3_replica_bucket_arn<br/> storage_class = optional(string, "STANDARD")<br/> # replica_kms_key_id at this level is for backward compatibility, and is overridden by the one in `encryption_configuration`<br/> replica_kms_key_id = optional(string, "")<br/> encryption_configuration = optional(object({<br/> replica_kms_key_id = string<br/> }))<br/> access_control_translation = optional(object({<br/> owner = string<br/> }))<br/> # account_id is for backward compatibility, overridden by account<br/> account_id = optional(string)<br/> account = optional(string)<br/> # For convenience, specifying either metrics or replication_time enables both<br/> metrics = optional(object({<br/> event_threshold = optional(object({<br/> minutes = optional(number, 15) # Currently 15 is the only valid number<br/> }), { minutes = 15 })<br/> status = optional(string, "Enabled")<br/> }), { status = "Disabled" })<br/> # To preserve backward compatibility, Replication Time Control (RTC) is automatically enabled<br/> # when metrics are enabled. To enable metrics without RTC, you must explicitly configure<br/> # replication_time.status = "Disabled".<br/> replication_time = optional(object({<br/> time = optional(object({<br/> minutes = optional(number, 15) # Currently 15 is the only valid number<br/> }), { minutes = 15 })<br/> status = optional(string)<br/> }))<br/> })<br/><br/> source_selection_criteria = optional(object({<br/> replica_modifications = optional(object({<br/> status = string # Either Enabled or Disabled<br/> }))<br/> sse_kms_encrypted_objects = optional(object({<br/> status = optional(string)<br/> }))<br/> }))<br/> # filter.prefix overrides top level prefix<br/> filter = optional(object({<br/> prefix = optional(string)<br/> tags = optional(map(string), {})<br/> }))<br/> }))</pre> | `null` | no |
| <a name="input_s3_replication_source_roles"></a> [s3\_replication\_source\_roles](#input\_s3\_replication\_source\_roles) | Cross-account IAM Role ARNs that will be allowed to perform S3 replication to this bucket (for replication within the same AWS account, it's not necessary to adjust the bucket policy). | `list(string)` | `[]` | no |
| <a name="input_s3_request_payment_configuration"></a> [s3\_request\_payment\_configuration](#input\_s3\_request\_payment\_configuration) | S3 request payment configuration | <pre>object({<br/> enabled = bool<br/> expected_bucket_owner = optional(string)<br/> payer = string<br/> })</pre> | <pre>{<br/> "enabled": false,<br/> "payer": "BucketOwner"<br/>}</pre> | no |
| <a name="input_source_ip_allow_list"></a> [source\_ip\_allow\_list](#input\_source\_ip\_allow\_list) | List of IP addresses to allow to perform all actions to the bucket | `list(string)` | `[]` | no |
| <a name="input_source_policy_documents"></a> [source\_policy\_documents](#input\_source\_policy\_documents) | List of IAM policy documents (in JSON) that are merged together into the exported document.<br/>Statements defined in source\_policy\_documents must have unique SIDs.<br/>Statement having SIDs that match policy SIDs generated by this module will override them. | `list(string)` | `[]` | no |
| <a name="input_sse_algorithm"></a> [sse\_algorithm](#input\_sse\_algorithm) | The server-side encryption algorithm to use. Valid values are `AES256` and `aws:kms` | `string` | `"AES256"` | no |
Expand Down
Loading