From e88e4565a6e51eeb6e7f5d59e9e5600e5f5b3e29 Mon Sep 17 00:00:00 2001 From: Samuel CHNIBER Date: Fri, 5 Nov 2021 11:43:49 +0100 Subject: [PATCH 1/9] feat:Addition of Replication Time Control for Bucket Replication --- examples/s3-replication/main.tf | 8 ++++++++ main.tf | 17 +++++++++++++++++ 2 files changed, 25 insertions(+) diff --git a/examples/s3-replication/main.tf b/examples/s3-replication/main.tf index 8f3504f6..aff51a21 100644 --- a/examples/s3-replication/main.tf +++ b/examples/s3-replication/main.tf @@ -83,6 +83,14 @@ module "s3_bucket" { access_control_translation = { owner = "Destination" } + replication_time = { + status = "Enabled" + minutes = 15 + } + metrics = { + status = "Enabled" + minutes = 15 + } } }, { diff --git a/main.tf b/main.tf index c42492b1..dd020f07 100644 --- a/main.tf +++ b/main.tf @@ -154,6 +154,23 @@ resource "aws_s3_bucket" "this" { owner = access_control_translation.value.owner } } + + dynamic "replication_time" { + for_each = length(keys(lookup(destination.value, "replication_time", {}))) == 0 ? [] : [lookup(destination.value, "replication_time", {})] + + content { + status = replication_time.value.status + minutes = replication_time.value.minutes + } + } + dynamic "metrics" { + for_each = length(keys(lookup(destination.value, "metrics", {}))) == 0 ? [] : [lookup(destination.value, "metrics", {})] + + content { + status = metrics.value.status + minutes = metrics.value.minutes + } + } } } From aa90c4469e13ab6149cd1bc3eae628a4d34922c8 Mon Sep 17 00:00:00 2001 From: Samuel CHNIBER Date: Fri, 5 Nov 2021 11:46:16 +0100 Subject: [PATCH 2/9] feat:Addition of Replication Time Control for Bucket Replication --- examples/s3-replication/README.md | 10 +++++----- examples/s3-replication/main.tf | 6 +++--- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/examples/s3-replication/README.md b/examples/s3-replication/README.md index c33d06c4..a209242e 100644 --- a/examples/s3-replication/README.md +++ b/examples/s3-replication/README.md @@ -29,16 +29,16 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 3.50 | -| [aws.replica](#provider\_aws.replica) | >= 3.50 | -| [random](#provider\_random) | >= 2.0 | +| [aws](#provider\_aws) | 3.64.1 | +| [aws.replica](#provider\_aws.replica) | 3.64.1 | +| [random](#provider\_random) | 3.1.0 | ## Modules | Name | Source | Version | |------|--------|---------| -| [replica\_bucket](#module\_replica\_bucket) | ../../ | | -| [s3\_bucket](#module\_s3\_bucket) | ../../ | | +| [replica\_bucket](#module\_replica\_bucket) | ../../ | n/a | +| [s3\_bucket](#module\_s3\_bucket) | ../../ | n/a | ## Resources diff --git a/examples/s3-replication/main.tf b/examples/s3-replication/main.tf index aff51a21..af3f0c1c 100644 --- a/examples/s3-replication/main.tf +++ b/examples/s3-replication/main.tf @@ -84,11 +84,11 @@ module "s3_bucket" { owner = "Destination" } replication_time = { - status = "Enabled" + status = "Enabled" minutes = 15 } metrics = { - status = "Enabled" + status = "Enabled" minutes = 15 } } @@ -136,4 +136,4 @@ module "s3_bucket" { ] } -} +} \ No newline at end of file From ae4b3a8bb4c7794574248ac43b806cf91b7fa80e Mon Sep 17 00:00:00 2001 From: Samuel CHNIBER Date: Fri, 5 Nov 2021 17:36:41 +0100 Subject: [PATCH 3/9] fix:versions constraint and README.md --- README.md | 118 +--------------------------------------------------- versions.tf | 2 +- 2 files changed, 3 insertions(+), 117 deletions(-) diff --git a/README.md b/README.md index 33a0b795..bf2bb5f1 100644 --- a/README.md +++ b/README.md @@ -1,120 +1,15 @@ -# AWS S3 bucket Terraform module - -Terraform module which creates S3 bucket on AWS with all (or almost all) features provided by Terraform AWS provider. - -These features of S3 bucket configurations are supported: - -- static web-site hosting -- access logging -- versioning -- CORS -- lifecycle rules -- server-side encryption -- object locking -- Cross-Region Replication (CRR) -- ELB log delivery bucket policy -- ALB/NLB log delivery bucket policy - -## Usage - -### Private bucket with versioning enabled - -```hcl -module "s3_bucket" { - source = "terraform-aws-modules/s3-bucket/aws" - - bucket = "my-s3-bucket" - acl = "private" - - versioning = { - enabled = true - } - -} -``` - -### Bucket with ELB access log delivery policy attached - -```hcl -module "s3_bucket_for_logs" { - source = "terraform-aws-modules/s3-bucket/aws" - - bucket = "my-s3-bucket-for-logs" - acl = "log-delivery-write" - - # Allow deletion of non-empty bucket - force_destroy = true - - attach_elb_log_delivery_policy = true -} -``` - -### Bucket with ALB/NLB access log delivery policy attached - -```hcl -module "s3_bucket_for_logs" { - source = "terraform-aws-modules/s3-bucket/aws" - - bucket = "my-s3-bucket-for-logs" - acl = "log-delivery-write" - - # Allow deletion of non-empty bucket - force_destroy = true - - attach_elb_log_delivery_policy = true # Required for ALB logs - attach_lb_log_delivery_policy = true # Required for ALB/NLB logs -} -``` - -## Conditional creation - -Sometimes you need to have a way to create S3 resources conditionally but Terraform does not allow to use `count` inside `module` block, so the solution is to specify argument `create_bucket`. - -```hcl -# This S3 bucket will not be created -module "s3_bucket" { - source = "terraform-aws-modules/s3-bucket/aws" - - create_bucket = false - # ... omitted -} -``` - -## Terragrunt and `variable "..." { type = any }` - -There is a bug [#1211](https://github.com/gruntwork-io/terragrunt/issues/1211) in Terragrunt related to the way how the variables of type `any` are passed to Terraform. - -This module solves this issue by supporting `jsonencode()`-string in addition to the expected type (`list` or `map`). - -In `terragrunt.hcl` you can write: - -```terraform -inputs = { - bucket = "foobar" # `bucket` has type `string`, no need to jsonencode() - cors_rule = jsonencode([...]) # `cors_rule` has type `any`, so `jsonencode()` is required -} -``` - -## Examples: - -- [Complete](https://github.com/terraform-aws-modules/terraform-aws-s3-bucket/tree/master/examples/complete) - Complete S3 bucket with most of supported features enabled -- [Cross-Region Replication](https://github.com/terraform-aws-modules/terraform-aws-s3-bucket/tree/master/examples/s3-replication) - S3 bucket with Cross-Region Replication (CRR) enabled -- [S3 Bucket Notifications](https://github.com/terraform-aws-modules/terraform-aws-s3-bucket/tree/master/examples/notification) - S3 bucket notifications to Lambda functions, SQS queues, and SNS topics. -- [S3 Bucket Object](https://github.com/terraform-aws-modules/terraform-aws-s3-bucket/tree/master/examples/object) - Manage S3 bucket objects. - - ## Requirements | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 0.13.1 | -| [aws](#requirement\_aws) | >= 3.50 | +| [aws](#requirement\_aws) | >= 3.64 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 3.50 | +| [aws](#provider\_aws) | >= 3.64 | ## Modules @@ -180,12 +75,3 @@ No modules. | [s3\_bucket\_region](#output\_s3\_bucket\_region) | The AWS region this bucket resides in. | | [s3\_bucket\_website\_domain](#output\_s3\_bucket\_website\_domain) | The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records. | | [s3\_bucket\_website\_endpoint](#output\_s3\_bucket\_website\_endpoint) | The website endpoint, if the bucket is configured with a website. If not, this will be an empty string. | - - -## Authors - -Module is maintained by [Anton Babenko](https://github.com/antonbabenko) with help from [these awesome contributors](https://github.com/terraform-aws-modules/terraform-aws-s3-bucket/graphs/contributors). - -## License - -Apache 2 Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-aws-s3-bucket/tree/master/LICENSE) for full details. diff --git a/versions.tf b/versions.tf index 526a1723..0114ccae 100644 --- a/versions.tf +++ b/versions.tf @@ -2,6 +2,6 @@ terraform { required_version = ">= 0.13.1" required_providers { - aws = ">= 3.50" + aws = ">= 3.64" } } From d677d01bb9b128c98719e1342b8808e84c1189f5 Mon Sep 17 00:00:00 2001 From: Samuel CHNIBER Date: Fri, 5 Nov 2021 17:38:50 +0100 Subject: [PATCH 4/9] fix:versions constraint and README.md --- README.md | 4 ++-- versions.tf | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index bf2bb5f1..5586f095 100644 --- a/README.md +++ b/README.md @@ -3,13 +3,13 @@ | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 0.13.1 | -| [aws](#requirement\_aws) | >= 3.64 | +| [aws](#requirement\_aws) | >= 3.64.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 3.64 | +| [aws](#provider\_aws) | >= 3.64.0 | ## Modules diff --git a/versions.tf b/versions.tf index 0114ccae..7c7a8143 100644 --- a/versions.tf +++ b/versions.tf @@ -2,6 +2,6 @@ terraform { required_version = ">= 0.13.1" required_providers { - aws = ">= 3.64" + aws = ">= 3.64.0" } } From c5cffb70005ba71dfcd72d7f31c3886bb69bb084 Mon Sep 17 00:00:00 2001 From: Samuel CHNIBER Date: Sun, 7 Nov 2021 10:16:42 +0100 Subject: [PATCH 5/9] fix versions on example and revert back of README.md --- examples/s3-replication/README.md | 2 +- examples/s3-replication/versions.tf | 2 +- main.tf | 4 ++-- versions.tf | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/examples/s3-replication/README.md b/examples/s3-replication/README.md index a209242e..2d93645a 100644 --- a/examples/s3-replication/README.md +++ b/examples/s3-replication/README.md @@ -22,7 +22,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 0.13.1 | -| [aws](#requirement\_aws) | >= 3.50 | +| [aws](#requirement\_aws) | >= 3.64 | | [random](#requirement\_random) | >= 2.0 | ## Providers diff --git a/examples/s3-replication/versions.tf b/examples/s3-replication/versions.tf index b23248e5..02e822e7 100644 --- a/examples/s3-replication/versions.tf +++ b/examples/s3-replication/versions.tf @@ -2,7 +2,7 @@ terraform { required_version = ">= 0.13.1" required_providers { - aws = ">= 3.50" + aws = ">= 3.64" random = ">= 2.0" } } diff --git a/main.tf b/main.tf index dd020f07..c339b208 100644 --- a/main.tf +++ b/main.tf @@ -159,7 +159,7 @@ resource "aws_s3_bucket" "this" { for_each = length(keys(lookup(destination.value, "replication_time", {}))) == 0 ? [] : [lookup(destination.value, "replication_time", {})] content { - status = replication_time.value.status + status = replication_time.value.status minutes = replication_time.value.minutes } } @@ -167,7 +167,7 @@ resource "aws_s3_bucket" "this" { for_each = length(keys(lookup(destination.value, "metrics", {}))) == 0 ? [] : [lookup(destination.value, "metrics", {})] content { - status = metrics.value.status + status = metrics.value.status minutes = metrics.value.minutes } } diff --git a/versions.tf b/versions.tf index 7c7a8143..0114ccae 100644 --- a/versions.tf +++ b/versions.tf @@ -2,6 +2,6 @@ terraform { required_version = ">= 0.13.1" required_providers { - aws = ">= 3.64.0" + aws = ">= 3.64" } } From fea4f29ba1b1100b233c32372dd649b647a58f64 Mon Sep 17 00:00:00 2001 From: Samuel CHNIBER Date: Sun, 7 Nov 2021 11:56:52 +0100 Subject: [PATCH 6/9] fix:README.md --- README.md | 110 +++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 108 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 5586f095..18f46669 100644 --- a/README.md +++ b/README.md @@ -1,15 +1,121 @@ +# AWS S3 bucket Terraform module + +Terraform module which creates S3 bucket on AWS with all (or almost all) features provided by Terraform AWS provider. + +These features of S3 bucket configurations are supported: + +- static web-site hosting +- access logging +- versioning +- CORS +- lifecycle rules +- server-side encryption +- object locking +- Cross-Region Replication (CRR) +- ELB log delivery bucket policy +- ALB/NLB log delivery bucket policy + +## Usage + +### Private bucket with versioning enabled + +```hcl +module "s3_bucket" { + source = "terraform-aws-modules/s3-bucket/aws" + + bucket = "my-s3-bucket" + acl = "private" + + versioning = { + enabled = true + } + +} +``` + +### Bucket with ELB access log delivery policy attached + +```hcl +module "s3_bucket_for_logs" { + source = "terraform-aws-modules/s3-bucket/aws" + + bucket = "my-s3-bucket-for-logs" + acl = "log-delivery-write" + + # Allow deletion of non-empty bucket + force_destroy = true + + attach_elb_log_delivery_policy = true +} +``` + +### Bucket with ALB/NLB access log delivery policy attached + +```hcl +module "s3_bucket_for_logs" { + source = "terraform-aws-modules/s3-bucket/aws" + + bucket = "my-s3-bucket-for-logs" + acl = "log-delivery-write" + + # Allow deletion of non-empty bucket + force_destroy = true + + attach_elb_log_delivery_policy = true # Required for ALB logs + attach_lb_log_delivery_policy = true # Required for ALB/NLB logs +} +``` + +## Conditional creation + +Sometimes you need to have a way to create S3 resources conditionally but Terraform does not allow to use `count` inside `module` block, so the solution is to specify argument `create_bucket`. + +```hcl +# This S3 bucket will not be created +module "s3_bucket" { + source = "terraform-aws-modules/s3-bucket/aws" + + create_bucket = false + # ... omitted +} +``` + +## Terragrunt and `variable "..." { type = any }` + +There is a bug [#1211](https://github.com/gruntwork-io/terragrunt/issues/1211) in Terragrunt related to the way how the variables of type `any` are passed to Terraform. + +This module solves this issue by supporting `jsonencode()`-string in addition to the expected type (`list` or `map`). + +In `terragrunt.hcl` you can write: + +```terraform +inputs = { + bucket = "foobar" # `bucket` has type `string`, no need to jsonencode() + cors_rule = jsonencode([...]) # `cors_rule` has type `any`, so `jsonencode()` is required +} +``` + +## Examples: + +- [Complete](https://github.com/terraform-aws-modules/terraform-aws-s3-bucket/tree/master/examples/complete) - Complete S3 bucket with most of supported features enabled +- [Cross-Region Replication](https://github.com/terraform-aws-modules/terraform-aws-s3-bucket/tree/master/examples/s3-replication) - S3 bucket with Cross-Region Replication (CRR) enabled +- [S3 Bucket Notifications](https://github.com/terraform-aws-modules/terraform-aws-s3-bucket/tree/master/examples/notification) - S3 bucket notifications to Lambda functions, SQS queues, and SNS topics. +- [S3 Bucket Object](https://github.com/terraform-aws-modules/terraform-aws-s3-bucket/tree/master/examples/object) - Manage S3 bucket objects. + + + ## Requirements | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 0.13.1 | -| [aws](#requirement\_aws) | >= 3.64.0 | +| [aws](#requirement\_aws) | >= 3.64 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 3.64.0 | +| [aws](#provider\_aws) | >= 3.64 | ## Modules From f6c81923de040f725e1adac8d33db31a43ddb4db Mon Sep 17 00:00:00 2001 From: Samuel CHNIBER Date: Sun, 7 Nov 2021 12:10:44 +0100 Subject: [PATCH 7/9] fix:README.md --- README.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/README.md b/README.md index 18f46669..81207611 100644 --- a/README.md +++ b/README.md @@ -181,3 +181,13 @@ No modules. | [s3\_bucket\_region](#output\_s3\_bucket\_region) | The AWS region this bucket resides in. | | [s3\_bucket\_website\_domain](#output\_s3\_bucket\_website\_domain) | The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records. | | [s3\_bucket\_website\_endpoint](#output\_s3\_bucket\_website\_endpoint) | The website endpoint, if the bucket is configured with a website. If not, this will be an empty string. | + + + +## Authors + +Module is maintained by [Anton Babenko](https://github.com/antonbabenko) with help from [these awesome contributors](https://github.com/terraform-aws-modules/terraform-aws-s3-bucket/graphs/contributors). + +## License + +Apache 2 Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-aws-s3-bucket/tree/master/LICENSE) for full details. From f0d0abfdd8bbe1a17c4353a9ff96ff1b2e95529e Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Sun, 7 Nov 2021 12:15:00 +0100 Subject: [PATCH 8/9] Fixed docs a bit --- .pre-commit-config.yaml | 8 ++++---- README.md | 2 -- examples/s3-replication/README.md | 10 +++++----- main.tf | 1 + 4 files changed, 10 insertions(+), 11 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 72134f74..ccb6ded9 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -16,8 +16,8 @@ repos: # entry: /Users/Bob/Sites/terraform-aws-modules/scripts/generate-terraform-wrappers.sh --module-dir modules/notification --overwrite # language: system # pass_filenames: false - - repo: git://github.com/antonbabenko/pre-commit-terraform - rev: v1.50.0 + - repo: https://github.com/antonbabenko/pre-commit-terraform + rev: v1.55.0 hooks: - id: terraform_fmt - id: terraform_validate @@ -37,7 +37,7 @@ repos: - '--args=--only=terraform_required_providers' - '--args=--only=terraform_standard_module_structure' - '--args=--only=terraform_workspace_remote' - - repo: git://github.com/pre-commit/pre-commit-hooks - rev: v3.4.0 + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v4.0.1 hooks: - id: check-merge-conflict diff --git a/README.md b/README.md index 81207611..4ee9e43b 100644 --- a/README.md +++ b/README.md @@ -103,7 +103,6 @@ inputs = { - [S3 Bucket Object](https://github.com/terraform-aws-modules/terraform-aws-s3-bucket/tree/master/examples/object) - Manage S3 bucket objects. - ## Requirements | Name | Version | @@ -181,7 +180,6 @@ No modules. | [s3\_bucket\_region](#output\_s3\_bucket\_region) | The AWS region this bucket resides in. | | [s3\_bucket\_website\_domain](#output\_s3\_bucket\_website\_domain) | The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records. | | [s3\_bucket\_website\_endpoint](#output\_s3\_bucket\_website\_endpoint) | The website endpoint, if the bucket is configured with a website. If not, this will be an empty string. | - ## Authors diff --git a/examples/s3-replication/README.md b/examples/s3-replication/README.md index 2d93645a..947b64d5 100644 --- a/examples/s3-replication/README.md +++ b/examples/s3-replication/README.md @@ -29,16 +29,16 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [aws](#provider\_aws) | 3.64.1 | -| [aws.replica](#provider\_aws.replica) | 3.64.1 | -| [random](#provider\_random) | 3.1.0 | +| [aws](#provider\_aws) | >= 3.64 | +| [aws.replica](#provider\_aws.replica) | >= 3.64 | +| [random](#provider\_random) | >= 2.0 | ## Modules | Name | Source | Version | |------|--------|---------| -| [replica\_bucket](#module\_replica\_bucket) | ../../ | n/a | -| [s3\_bucket](#module\_s3\_bucket) | ../../ | n/a | +| [replica\_bucket](#module\_replica\_bucket) | ../../ | | +| [s3\_bucket](#module\_s3\_bucket) | ../../ | | ## Resources diff --git a/main.tf b/main.tf index c339b208..f0e1b759 100644 --- a/main.tf +++ b/main.tf @@ -163,6 +163,7 @@ resource "aws_s3_bucket" "this" { minutes = replication_time.value.minutes } } + dynamic "metrics" { for_each = length(keys(lookup(destination.value, "metrics", {}))) == 0 ? [] : [lookup(destination.value, "metrics", {})] From 271b9d65d47d4caca825790effd06dd1f6e3a180 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Sun, 7 Nov 2021 12:17:37 +0100 Subject: [PATCH 9/9] Fixed wrappers --- wrappers/README.md | 2 +- wrappers/main.tf | 2 ++ wrappers/notification/README.md | 4 ++-- wrappers/object/README.md | 4 ++-- 4 files changed, 7 insertions(+), 5 deletions(-) diff --git a/wrappers/README.md b/wrappers/README.md index cae2d976..d0e1c4b2 100644 --- a/wrappers/README.md +++ b/wrappers/README.md @@ -28,7 +28,7 @@ inputs = { } ``` -## Usage with Terraform: +## Usage with Terraform ```hcl module "wrapper" { diff --git a/wrappers/main.tf b/wrappers/main.tf index 6bb5af34..44d17e2e 100644 --- a/wrappers/main.tf +++ b/wrappers/main.tf @@ -30,4 +30,6 @@ module "wrapper" { block_public_policy = lookup(each.value, "block_public_policy", false) ignore_public_acls = lookup(each.value, "ignore_public_acls", false) restrict_public_buckets = lookup(each.value, "restrict_public_buckets", false) + control_object_ownership = lookup(each.value, "control_object_ownership", false) + object_ownership = lookup(each.value, "object_ownership", "ObjectWriter") } diff --git a/wrappers/notification/README.md b/wrappers/notification/README.md index ddaa68db..cf3e1cad 100644 --- a/wrappers/notification/README.md +++ b/wrappers/notification/README.md @@ -6,7 +6,7 @@ You may want to use a single Terragrunt configuration file to manage multiple re This wrapper does not implement any extra functionality. -# Usage with Terragrunt +## Usage with Terragrunt `terragrunt.hcl`: @@ -28,7 +28,7 @@ inputs = { } ``` -## Usage with Terraform: +## Usage with Terraform ```hcl module "wrapper" { diff --git a/wrappers/object/README.md b/wrappers/object/README.md index 780fc651..b852ec15 100644 --- a/wrappers/object/README.md +++ b/wrappers/object/README.md @@ -6,7 +6,7 @@ You may want to use a single Terragrunt configuration file to manage multiple re This wrapper does not implement any extra functionality. -# Usage with Terragrunt +## Usage with Terragrunt `terragrunt.hcl`: @@ -28,7 +28,7 @@ inputs = { } ``` -## Usage with Terraform: +## Usage with Terraform ```hcl module "wrapper" {