aws-s3-encrypted-private

Adaptavist/aws-s3-encrypted-private/module

Terraform Module HCL MODULE

Install

module "aws-s3-encrypted-private" {

source = "Adaptavist/aws-s3-encrypted-private/module"

version = "3.1.5"

}

plain text: /constructs/tfmod-adaptavist-aws-s3-encrypted-private-module/install.txt

⭐ Source on GitHub 📦 Registry page

README

AWS Private And Encrypted Bucket This module defines a private encrypted S3 bucket. Created resources are: - AWS S3 bucket without public access - AWS S3 bucket policy mandating that all requests are over SSL and that all object stored in the bucket are encrypted - AWS S3 bucket lifecycle policy - AWS KMS CMK key used to secure the object in the bucket - AWS KMS CMK key policy restricting the access to the key - A set of IAM Policies that allow read-only, write, admin and console access for this bucket Variables | Name | Type | Default | Required | Description |-----------------|--------|--------| ------ | -------------------------------------------------------------------------- | bucket_suffix | string | | ✓ | A unique suffix that will form part of the bucket name | bucket_region | strin

Inputs (18)

Name	Type	Description	Default
bucket_suffix	string	Name of the bucket to be created	required
name	string		`"S3-KMS"`
tags	map(string)		`{}`
kms_admin_services	list	List of AWS services that will be allowed to administer the key	`[]`
bucket_versioning	string	Bucket versioning configuration.	`"Enabled"`
namespace	string		`""`
bucket_key_enabled	bool	Enable S3 bucket key (used to reduce KMS costs)	`true`
should_force_destroy	bool	Whether to force destroy the S3 bucket contents when the bucket is destroyed.	`false`
kms_admin_role_arns	list(string)	List of IAM Role ARNs that will be allowed to administer the key	`[]`
kms_user_services	list	List of AWS services that will be allowed to use the key for decryption	`[]`
use_bucket_suffix_as_name	bool	Indicates if labels module should not be used to generate the bucket name	`false`
enforce_server_side_encryption_header	bool	Enforce clients to send s3:x-amz-server-side-encryption header.	`true`
bucket_policy_source_json	string	Base bucket policy document.	`""`
stage	string		`""`
kms_user_role_arns	list(string)	List of IAM Role ARNs that will be allowed to use the key	`[]`
kms_policy_source_json	string	Base kms policy document.	`""`
lifecycle_rule	map(number)	Bucket lifecycle prefix and expiry date.	`{}`
log_expiration_days	number	The number of days after which the object in the bucket expires	`null`

Outputs (10)

kms_key_alias_arn — ARN of the CMK KMS key alias

kms_key_alias_name — Name of the CMK KMS key alias

s3_admin_policy_arn — ARN of the IAM role that provides admin access to the created S3 bucket

s3_read_policy_arn — ARN of the IAM role that provides read access to the created S3 bucket

s3_console_access_policy_arn — ARN of the IAM role that provides console access to the created S3 bucket

bucket_arn — ARN of the created bucket

bucket_name — Name of the created bucket

kms_key_arn — ARN of the CMK KMS key used for encryption S3 bucket data at rest

kms_key_id — Key id of the CMK KMS key used for encryption S3 bucket data at rest

s3_write_policy_arn — ARN of the IAM role that provides write access to the created S3 bucket

Details

FrameworkTerraform Module

LanguageHCL

Version3.1.5

Cloud MODULE

★ Stars3

Forks4

Total downloads1.8M

Inputs18

Outputs10

Submodules3

NamespaceAdaptavist

Updated

Tools

⚖ Compare with another construct → 📋 View data schema