Skip to content

ultratendency/terraform-aws-secure-s3-bucket

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

799 Commits
.github
.github
 
 
examples
examples
 
 
.editorconfig
.editorconfig
 
 
.gitignore
.gitignore
 
 
.release-please-manifest.json
.release-please-manifest.json
 
 
.sonarcloud.properties
.sonarcloud.properties
 
 
.terraform-docs.yml
.terraform-docs.yml
 
 
.terraform-version
.terraform-version
 
 
CODE_OF_CONDUCT.md
CODE_OF_CONDUCT.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
SECURITY.md
SECURITY.md
 
 
checkov-config.yml
checkov-config.yml
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
release-please-config.json
release-please-config.json
 
 
requirements.txt
requirements.txt
 
 
variables.tf
variables.tf
 
 
versions.tf
versions.tf
 
 

Repository files navigation

AWS Secure S3 Terraform module

Quality Gate Status

Terraform module which creates a S3 bucket on AWS with secure defaults.

Usage

The simplest usage of this module is shown below. It only requires to pass in the bucket_name.

module "terraform_state_s3_bucket" {
  source  = "ultratendency/secure-s3-bucket/aws"
  version = "1.0.1"

  bucket_name = "secure-bucket"
}

A complete example looks like the following, where all inputs are configured.

module "terraform_state_s3_bucket" {
  source  = "ultratendency/secure-s3-bucket/aws"
  version = "1.0.1"

  bucket_name = "secure-bucket"

  bucket_lifecycle_configuration_rule_noncurrent_version_expiration_noncurrent_days           = 45
  bucket_lifecycle_configuration_rule_noncurrent_version_first_transition_noncurrent_days     = 15
  bucket_lifecycle_configuration_rule_noncurrent_version_first_transition_storage_class       = "ONEZONE_IA"
  bucket_lifecycle_configuration_rule_noncurrent_version_second_transition_noncurrent_days    = 30
  bucket_lifecycle_configuration_rule_noncurrent_version_second_transition_storage_class      = "GLACIER_IR"
  bucket_lifecycle_configuration_rule_abort_incomplete_multipart_upload_days_after_initiation = 14

  aws_kms_key_enable_key_rotation = false
  aws_kms_key_multi_region        = true

  aws_s3_bucket_public_access_block_block_public_acls       = false
  aws_s3_bucket_public_access_block_block_public_policy     = false
  aws_s3_bucket_public_access_block_ignore_public_acls      = false
  aws_s3_bucket_public_access_block_restrict_public_buckets = false
}

Requirements

Name Version
terraform >= 1.0
aws >= 5.0

Providers

Name Version
aws >= 5.0

Resources

Name Type
aws_kms_alias.this resource
aws_kms_key.this resource
aws_kms_key_policy.this resource
aws_s3_bucket.this resource
aws_s3_bucket_lifecycle_configuration.this resource
aws_s3_bucket_policy.this resource
aws_s3_bucket_public_access_block.this resource
aws_s3_bucket_server_side_encryption_configuration.this resource
aws_s3_bucket_versioning.this resource
aws_caller_identity.current data source

Inputs

Name Description Type Default Required
aws_kms_key_enable_key_rotation (optional) Indicates whether key rotation is enabled bool true no
aws_kms_key_multi_region (optional) Indicates whether the KMS key is a multi-region or regional key bool false no
aws_s3_bucket_public_access_block_block_public_acls (optional) Indicates whether Amazon S3 should block public ACLs for this bucket bool true no
aws_s3_bucket_public_access_block_block_public_policy (optional) Indicates whether Amazon S3 should block public bucket policies for this bucket bool true no
aws_s3_bucket_public_access_block_ignore_public_acls (optional) Indicates whether Amazon S3 should ignore public ACLS for this bucket bool true no
aws_s3_bucket_public_access_block_restrict_public_buckets (optiona) Indicates whether Amazon S3 should restrict public bucket policies for this bucket bool true no
bucket_lifecycle_configuration_rule_abort_incomplete_multipart_upload_days_after_initiation (optional) Number of days after which Amazon S3 aborts an incomplete multipart upload number 7 no
bucket_lifecycle_configuration_rule_noncurrent_version_expiration_noncurrent_days (optional) Number of days an object is noncurrent before Amazon S3 can perform the associated action number 90 no
bucket_lifecycle_configuration_rule_noncurrent_version_first_transition_noncurrent_days (optional) The number of days noncurrent object versions transition during the first transition number 30 no
bucket_lifecycle_configuration_rule_noncurrent_version_first_transition_storage_class (optional) The Amazon S3 storage class to which the object should be transitioned during the first transition string "STANDARD_IA" no
bucket_lifecycle_configuration_rule_noncurrent_version_second_transition_noncurrent_days (optional) The number of days noncurrent object versions transition during the second transition number 60 no
bucket_lifecycle_configuration_rule_noncurrent_version_second_transition_storage_class (optional) The Amazon S3 storage class to which the object should be transitioned during the second transition string "GLACIER" no
bucket_name The name of the bucket string n/a yes

Outputs

Name Description
aws_kms_alias_arn The ARN of the KMS key alias
aws_kms_alias_target_key_arn The ARN of the target key ID
aws_kms_key_arn The ARN of the KMS key
aws_kms_key_key_id The key ID of the KMS key
aws_s3_bucket_arn The ARN of the S3 bucket
aws_s3_bucket_id The ID of the S3 bucket
aws_s3_bucket_lifecycle_configuration_id The ID of the S3 bucket lifecycle configuration
aws_s3_bucket_public_access_block_id The ID of the S3 bucket public access block
aws_s3_bucket_server_side_encryption_configuration_id The ID of the S3 bucket server-side encryption configuration
aws_s3_bucket_versioning_id The ID of the S3 bucket versioning

Examples

An simple example of the default configuration can be found below:

provider "aws" {
  region = "eu-central-1"
}

module "terraform_state_s3_bucket" {
  source  = "ultratendency/secure-s3-bucket/aws"
  version = "1.0.1"

  bucket_name = "secure-bucket"
}

A more complex example can be found below:

provider "aws" {
  region = "eu-central-1"
}

module "terraform_state_s3_bucket" {
  source  = "ultratendency/secure-s3-bucket/aws"
  version = "1.0.1"

  bucket_name = "secure-bucket"

  bucket_lifecycle_configuration_rule_noncurrent_version_expiration_noncurrent_days           = 45
  bucket_lifecycle_configuration_rule_noncurrent_version_first_transition_noncurrent_days     = 15
  bucket_lifecycle_configuration_rule_noncurrent_version_first_transition_storage_class       = "ONEZONE_IA"
  bucket_lifecycle_configuration_rule_noncurrent_version_second_transition_noncurrent_days    = 30
  bucket_lifecycle_configuration_rule_noncurrent_version_second_transition_storage_class      = "GLACIER_IR"
  bucket_lifecycle_configuration_rule_abort_incomplete_multipart_upload_days_after_initiation = 14

  aws_kms_key_enable_key_rotation = false
  aws_kms_key_multi_region        = true

  aws_s3_bucket_public_access_block_block_public_acls       = false
  aws_s3_bucket_public_access_block_block_public_policy     = false
  aws_s3_bucket_public_access_block_ignore_public_acls      = false
  aws_s3_bucket_public_access_block_restrict_public_buckets = false
}

About

Terraform module for a secure S3 bucket.

registry.terraform.io/modules/ultratendency/secure-s3-bucket/aws

Topics

aws terraform terraform-module terraform-aws-module

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

1 star

Watchers

5 watching

Forks

0 forks
Report repository

Releases 2

v1.0.1 Latest
Jul 24, 2023
+ 1 release

Packages

No packages published

Contributors 2

  •  
  •  

Languages