terraform.aws-baseline-infra/modules/storage/infra-s3-bucket/main.tf

module random-suffix {
  source = "../../util/random"
}

resource "aws_s3_bucket" "s3bucket" {
  bucket = var.add-random-suffix ? "${var.bucket-name}-${module.random-suffix.number}" : var.bucket-name
  policy = var.bucket-policy-json

  versioning {
    enabled = var.enable-bucket-versioning
  }

  server_side_encryption_configuration {
    rule {
      apply_server_side_encryption_by_default {
        // kms_master_key_id = aws_kms_key.some-key.arn
        sse_algorithm = "AES256"
      }
    }
  }
  tags = var.default-tags

  lifecycle_rule {
    id = "${var.bucket-name}-ctbucket-lifecycle-rule"
    enabled = true

    transition {
      days = 30
      storage_class = "INTELLIGENT_TIERING"
    }

    expiration {
      days = var.bucket-retain-days
    }
  }
}


resource "aws_s3_bucket_public_access_block" "s3-public-access-settings" {
  bucket = aws_s3_bucket.s3bucket.id

  block_public_acls   = true
  block_public_policy = true
  ignore_public_acls =  true
  restrict_public_buckets = true
}

resource "aws_s3_bucket_ownership_controls" "ctbucket-ownership-setting" {
  bucket = aws_s3_bucket.s3bucket.id

  rule {
    object_ownership = "BucketOwnerPreferred"
  }
}
NEW: awsconfig and s3 module 2021-01-29 16:21:17 +08:00			`module random-suffix {`
			`source = "../../util/random"`
			`}`

			`resource "aws_s3_bucket" "s3bucket" {`
			`bucket = var.add-random-suffix ? "${var.bucket-name}-${module.random-suffix.number}" : var.bucket-name`
			`policy = var.bucket-policy-json`

			`versioning {`
			`enabled = var.enable-bucket-versioning`
			`}`

			`server_side_encryption_configuration {`
			`rule {`
			`apply_server_side_encryption_by_default {`
			`// kms_master_key_id = aws_kms_key.some-key.arn`
			`sse_algorithm = "AES256"`
			`}`
			`}`
			`}`
			`tags = var.default-tags`

			`lifecycle_rule {`
			`id = "${var.bucket-name}-ctbucket-lifecycle-rule"`
			`enabled = true`

			`transition {`
			`days = 30`
			`storage_class = "INTELLIGENT_TIERING"`
			`}`

			`expiration {`
			`days = var.bucket-retain-days`
			`}`
			`}`
			`}`


			`resource "aws_s3_bucket_public_access_block" "s3-public-access-settings" {`
			`bucket = aws_s3_bucket.s3bucket.id`

			`block_public_acls = true`
			`block_public_policy = true`
			`ignore_public_acls = true`
			`restrict_public_buckets = true`
			`}`

			`resource "aws_s3_bucket_ownership_controls" "ctbucket-ownership-setting" {`
			`bucket = aws_s3_bucket.s3bucket.id`

			`rule {`
			`object_ownership = "BucketOwnerPreferred"`
			`}`
			`}`