This module makes it easy to create a GCS bucket, and assign basic permissions on it to arbitrary users.
The resources/services/activations/deletions that this module will create/trigger are:
- One GCS bucket
- Zero or more IAM bindings for that bucket
This module is meant for use with Terraform 0.13+.
Basic usage of this module is as follows:
module "bucket" {
source = "terraform-google-modules/cloud-storage/google//modules/simple_bucket"
version = "~> 4.0"
name = "example-bucket"
project_id = "example-project"
location = "us-east1"
iam_members = [{
role = "roles/storage.objectViewer"
member = "user:[email protected]"
}]
}
Functional examples are included in the examples directory.
Name | Description | Type | Default | Required |
---|---|---|---|---|
bucket_policy_only | Enables Bucket Policy Only access to a bucket. | bool |
true |
no |
cors | Configuration of CORS for bucket with structure as defined in https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket#cors. | any |
[] |
no |
encryption | A Cloud KMS key that will be used to encrypt objects inserted into this bucket | object({ |
null |
no |
force_destroy | When deleting a bucket, this boolean option will delete all contained objects. If false, Terraform will fail to delete buckets which contain objects. | bool |
false |
no |
iam_members | The list of IAM members to grant permissions on the bucket. | list(object({ |
[] |
no |
labels | A set of key/value label pairs to assign to the bucket. | map(string) |
null |
no |
lifecycle_rules | The bucket's Lifecycle Rules configuration. | list(object({ |
[] |
no |
location | The location of the bucket. | string |
n/a | yes |
log_bucket | The bucket that will receive log objects. | string |
null |
no |
log_object_prefix | The object prefix for log objects. If it's not provided, by default GCS sets this to this bucket's name | string |
null |
no |
name | The name of the bucket. | string |
n/a | yes |
project_id | The ID of the project to create the bucket in. | string |
n/a | yes |
public_access_prevention | Prevents public access to a bucket. Acceptable values are inherited or enforced. If inherited, the bucket uses public access prevention, only if the bucket is subject to the public access prevention organization policy constraint. | string |
"inherited" |
no |
retention_policy | Configuration of the bucket's data retention policy for how long objects in the bucket should be retained. | object({ |
null |
no |
storage_class | The Storage Class of the new bucket. | string |
null |
no |
versioning | While set to true, versioning is fully enabled for this bucket. | bool |
true |
no |
website | Map of website values. Supported attributes: main_page_suffix, not_found_page | map(any) |
{} |
no |
Name | Description |
---|---|
bucket | The created storage bucket |
name | Bucket name. |
url | Bucket URL. |
These sections describe requirements for using this module.
The following dependencies must be available:
- Terraform >= 0.13.0
- Terraform Provider for GCP plugin >= v4.42
User or service account credentials with the following roles must be used to provision the resources of this module:
- Storage Admin:
roles/storage.admin
The Project Factory module and the IAM module may be used in combination to provision a service account with the necessary roles applied.
A project with the following APIs enabled must be used to host the resources of this module:
- Google Cloud Storage JSON API:
storage-api.googleapis.com
The Project Factory module can be used to provision a project with the necessary APIs enabled.
Refer to the contribution guidelines for information on contributing to this module.