forked from cloudposse/terraform-aws-s3-bucket
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvariables.tf
220 lines (187 loc) · 6.65 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
variable "acl" {
type = string
default = "private"
description = "The [canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl) to apply. We recommend `private` to avoid exposing sensitive information. Conflicts with `grants`."
}
variable "grants" {
type = list(object({
id = string
type = string
permissions = list(string)
uri = string
}))
default = null
description = "An ACL policy grant. Conflicts with `acl`. Set `acl` to `null` to use this."
}
variable "policy" {
type = string
default = ""
description = "A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), Terraform may view the policy as constantly changing in a terraform plan. In this case, please make sure you use the verbose/specific version of the policy"
}
variable "force_destroy" {
type = bool
default = false
description = "A boolean string that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable"
}
variable "versioning_enabled" {
type = bool
default = false
description = "A state of versioning. Versioning is a means of keeping multiple variants of an object in the same bucket"
}
variable "logging" {
type = object({
bucket_name = string
prefix = string
})
default = null
description = "Bucket access logging configuration."
}
variable "sse_algorithm" {
type = string
default = "AES256"
description = "The server-side encryption algorithm to use. Valid values are `AES256` and `aws:kms`"
}
variable "kms_master_key_arn" {
type = string
default = ""
description = "The AWS KMS master key ARN used for the `SSE-KMS` encryption. This can only be used when you set the value of `sse_algorithm` as `aws:kms`. The default aws/s3 AWS KMS master key is used if this element is absent while the `sse_algorithm` is `aws:kms`"
}
variable "user_enabled" {
type = bool
default = false
description = "Set to `true` to create an IAM user with permission to access the bucket"
}
variable "allowed_bucket_actions" {
type = list(string)
default = ["s3:PutObject", "s3:PutObjectAcl", "s3:GetObject", "s3:DeleteObject", "s3:ListBucket", "s3:ListBucketMultipartUploads", "s3:GetBucketLocation", "s3:AbortMultipartUpload"]
description = "List of actions the user is permitted to perform on the S3 bucket"
}
variable "allow_encrypted_uploads_only" {
type = bool
default = false
description = "Set to `true` to prevent uploads of unencrypted objects to S3 bucket"
}
variable "lifecycle_rule_enabled" {
type = bool
default = false
description = "Enable or disable lifecycle rule"
}
variable "prefix" {
type = string
default = ""
description = "Prefix identifying one or more objects to which the rule applies"
}
variable "noncurrent_version_transition_days" {
type = number
default = 30
description = "Number of days to persist in the standard storage tier before moving to the glacier tier infrequent access tier"
}
variable "noncurrent_version_expiration_days" {
type = number
default = 90
description = "Specifies when noncurrent object versions expire"
}
variable "cors_rule_inputs" {
type = list(object({
allowed_headers = list(string)
allowed_methods = list(string)
allowed_origins = list(string)
expose_headers = list(string)
max_age_seconds = number
}))
default = null
description = "Specifies the allowed headers, methods, origins and exposed headers when using CORS on this bucket"
}
variable "standard_transition_days" {
type = number
default = 30
description = "Number of days to persist in the standard storage tier before moving to the infrequent access tier"
}
variable "glacier_transition_days" {
type = number
default = 60
description = "Number of days after which to move the data to the glacier storage tier"
}
variable "enable_glacier_transition" {
type = bool
default = true
description = "Enables the transition to AWS Glacier which can cause unnecessary costs for huge amount of small files"
}
variable "enable_standard_ia_transition" {
type = bool
default = false
description = "Enables the transition to STANDARD_IA"
}
variable "expiration_days" {
type = number
default = 90
description = "Number of days after which to expunge the objects"
}
variable "abort_incomplete_multipart_upload_days" {
type = number
default = 5
description = "Maximum time (in days) that you want to allow multipart uploads to remain in progress"
}
variable "lifecycle_tags" {
type = map(string)
description = "Tags filter. Used to manage object lifecycle events"
default = {}
}
variable "block_public_acls" {
type = bool
default = true
description = "Set to `false` to disable the blocking of new public access lists on the bucket"
}
variable "block_public_policy" {
type = bool
default = true
description = "Set to `false` to disable the blocking of new public policies on the bucket"
}
variable "ignore_public_acls" {
type = bool
default = true
description = "Set to `false` to disable the ignoring of public access lists on the bucket"
}
variable "restrict_public_buckets" {
type = bool
default = true
description = "Set to `false` to disable the restricting of making the bucket public"
}
variable "s3_replication_enabled" {
type = bool
default = false
description = "Set this to true and specify `s3_replica_bucket_arn` to enable replication. `versioning_enabled` must also be `true`."
}
variable "s3_replica_bucket_arn" {
type = string
default = ""
description = "The ARN of the S3 replica bucket (destination)"
}
variable "replication_rules" {
# type = list(object({
# id = string
# priority = number
# prefix = string
# status = string
# destination = object({
# storage_class = string
# replica_kms_key_id = string
# access_control_translation = object({
# owner = string
# })
# account_id = string
# })
# source_selection_criteria = object({
# sse_kms_encrypted_objects = object({
# enabled = bool
# })
# })
# filter = object({
# prefix = string
# tags = map(string)
# })
# }))
type = list(any)
default = null
description = "Specifies the replication rules if S3 bucket replication is enabled"
}