Google Cloud Storage Module

Original Module from Cloud-Foundation-Fabric

To use an existing encryption key, you have to grant permission to your Cloud Storage Agent which is automated by Terraform.

The Key and the Bucket must be in the same location!

Usage

This Module creates a GCP Storage Bucket

provider "google" {
  project = var.project_id
  user_project_override = true
  billing_project = var.project_id
}

resource "random_string" "bucket_name" {
  length           = 8
  special          = false
  upper            = false
}

module "bucket" {
  source     = "../.."
  project_id = var.project_id
  name       = random_string.bucket_name.result
}

Requirements

Name	Version
terraform	>= 1.3.1
google	>= 4.40.0
google-beta	>= 4.40.0

Inputs

Name	Description	Type	Default	Required
name	Bucket name suffix.	string	n/a	yes
project_id	Bucket project id.	string	n/a	yes
cors	CORS configuration for the bucket. Defaults to null.	object({ origin = list(string) method = list(string) response_header = list(string) max_age_seconds = number })	null	no
encryption_key	KMS key that will be used for encryption.	string	null	no
force_destroy	Optional map to set force destroy keyed by name, defaults to false.	bool	false	no
iam	IAM bindings in {ROLE => [MEMBERS]} format.	map(list(string))	{}	no
labels	Labels to be attached to all buckets.	map(string)	{}	no
lifecycle_rule	Bucket lifecycle rule.	object({ action = object({ type = string storage_class = string }) condition = object({ age = number created_before = string with_state = string matches_storage_class = list(string) num_newer_versions = string custom_time_before = string days_since_custom_time = string days_since_noncurrent_time = string noncurrent_time_before = string }) })	null	no
location	Bucket location.	string	"EU"	no
logging_config	Bucket logging configuration.	object({ log_bucket = string log_object_prefix = string })	null	no
notification_config	GCS Notification configuration.	object({ enabled = bool payload_format = string topic_name = string sa_email = string event_types = list(string) custom_attributes = map(string) })	null	no
prefix	Optional prefix used to generate the bucket name.	string	null	no
retention_policy	Bucket retention policy.	object({ retention_period = number is_locked = bool })	null	no
storage_class	Bucket storage class.	string	"MULTI_REGIONAL"	no
uniform_bucket_level_access	Allow using object ACLs (false) or not (true, this is the recommended behavior) , defaults to true (which is the recommended practice, but not the behavior of storage API).	bool	true	no
versioning	Enable versioning, defaults to false.	bool	false	no
website	Bucket website.	object({ main_page_suffix = string not_found_page = string })	null	no

Outputs

Name	Description
bucket	Bucket resource.
id	Bucket ID (same as name).
name	Bucket name.
notification	GCS Notification self link.
topic	Topic ID used by GCS.
url	Bucket URL.

Resource types

Type	Used
google_pubsub_topic	1
google_pubsub_topic_iam_binding	1
google_storage_bucket	1
google_storage_bucket_iam_binding	1
google_storage_notification	1
Used only includes resource blocks. for_each and count meta arguments, as well as resource blocks of modules are not considered.

Modules

No modules.

Resources by Files

main.tf

Name	Type
google_pubsub_topic.topic	resource
google_pubsub_topic_iam_binding.binding	resource
google_storage_bucket.bucket	resource
google_storage_bucket_iam_binding.bindings	resource
google_storage_notification.notification	resource

Contribute

This module is derived from google cloud foundation fabric module gcs v19. It is designed to be able to integrate new changes from the base repository. Refer to guide in terraform-google-landing-zone repository for information on integrating changes.