109 lines
2.6 KiB
HCL
109 lines
2.6 KiB
HCL
resource "aws_s3_bucket" "this" {
|
|
bucket = var.bucket_name
|
|
}
|
|
|
|
resource "aws_s3_bucket_public_access_block" "block_public_access" {
|
|
bucket = aws_s3_bucket.this.id
|
|
|
|
block_public_acls = true
|
|
block_public_policy = true
|
|
ignore_public_acls = true
|
|
restrict_public_buckets = true
|
|
}
|
|
|
|
resource "aws_s3_bucket_policy" "bucket_policy" {
|
|
bucket = aws_s3_bucket.this.id
|
|
policy = var.bucket_policy_json
|
|
}
|
|
|
|
resource "aws_s3_bucket_lifecycle_configuration" "lifecycle" {
|
|
count = var.enable_bucket_lifecycle ? 1 : 0
|
|
bucket = aws_s3_bucket.this.id
|
|
rule {
|
|
id = "CurrentVersion"
|
|
|
|
expiration {
|
|
days = var.current_version_expiration_days
|
|
}
|
|
|
|
status = "Enabled"
|
|
|
|
transition {
|
|
days = 15
|
|
storage_class = "INTELLIGENT_TIERING"
|
|
}
|
|
}
|
|
|
|
rule {
|
|
id = "NonCurrentVersion"
|
|
|
|
noncurrent_version_expiration {
|
|
noncurrent_days = var.noncurrent_version_expiration_days
|
|
}
|
|
|
|
noncurrent_version_transition {
|
|
noncurrent_days = 15
|
|
storage_class = "INTELLIGENT_TIERING"
|
|
}
|
|
|
|
status = var.enable_versioning ? "Enabled" : "Disabled"
|
|
}
|
|
}
|
|
|
|
|
|
resource "aws_s3_bucket_intelligent_tiering_configuration" "intel_tiering_config" {
|
|
bucket = aws_s3_bucket.this.id
|
|
name = "IntelligentTieringArchiveConfigurations"
|
|
|
|
tiering {
|
|
access_tier = "DEEP_ARCHIVE_ACCESS"
|
|
days = 180 # minimum
|
|
}
|
|
tiering {
|
|
access_tier = "ARCHIVE_ACCESS"
|
|
days = 90
|
|
}
|
|
}
|
|
|
|
resource "aws_s3_bucket_logging" "logging" {
|
|
count = var.enable_bucket_logging ? 1 : 0
|
|
bucket = aws_s3_bucket.this.id
|
|
target_bucket = var.logging_bucket_id
|
|
target_prefix = "s3-log/"
|
|
}
|
|
|
|
resource "aws_s3_bucket_server_side_encryption_configuration" "encryption" {
|
|
count = var.enable_encryption ? 1 : 0
|
|
bucket = aws_s3_bucket.this.id
|
|
rule {
|
|
apply_server_side_encryption_by_default {
|
|
kms_master_key_id = var.encryption_key_arn
|
|
sse_algorithm = length(var.encryption_key_arn) > 0 ? "aws:kms" : "AES256"
|
|
}
|
|
bucket_key_enabled = length(var.encryption_key_arn) > 0 ? true : false
|
|
}
|
|
}
|
|
|
|
resource "aws_s3_bucket_versioning" "versioning" {
|
|
count = var.enable_versioning ? 1 : 0
|
|
bucket = aws_s3_bucket.this.id
|
|
versioning_configuration {
|
|
status = "Enabled"
|
|
}
|
|
}
|
|
|
|
resource "aws_s3_bucket_replication_configuration" "replication" {
|
|
count = var.enable_replication && var.enable_versioning ? 1 : 0
|
|
role = var.replication_role_arn
|
|
bucket = aws_s3_bucket.this.id
|
|
rule {
|
|
id = "replrule1"
|
|
status = "Enabled"
|
|
destination {
|
|
bucket = var.replication_dest_bucket_name
|
|
storage_class = "INTELLIGENT_TIERING"
|
|
}
|
|
}
|
|
}
|
|
|