aws_s3_bucket_object

Provides a S3 bucket object resource.

Example Usage

Uploading a file to a bucket

resource "aws_s3_bucket_object" "object" {
  bucket = "your_bucket_name"
  key    = "new_object_key"
  source = "path/to/file"
  etag   = "${md5(file("path/to/file"))}"
}

Encrypting with KMS Key

resource "aws_kms_key" "examplekms" {
  description             = "KMS key 1"
  deletion_window_in_days = 7
}

resource "aws_s3_bucket" "examplebucket" {
  bucket = "examplebuckettftest"
  acl    = "private"
}

resource "aws_s3_bucket_object" "examplebucket_object" {
  key        = "someobject"
  bucket     = "${aws_s3_bucket.examplebucket.id}"
  source     = "index.html"
  kms_key_id = "${aws_kms_key.examplekms.arn}"
}

Server Side Encryption with S3 Default Master Key

resource "aws_s3_bucket" "examplebucket" {
  bucket = "examplebuckettftest"
  acl    = "private"
}

resource "aws_s3_bucket_object" "examplebucket_object" {
  key                    = "someobject"
  bucket                 = "${aws_s3_bucket.examplebucket.id}"
  source                 = "index.html"
  server_side_encryption = "aws:kms"
}

Server Side Encryption with AWS-Managed Key

resource "aws_s3_bucket" "examplebucket" {
  bucket = "examplebuckettftest"
  acl    = "private"
}

resource "aws_s3_bucket_object" "examplebucket_object" {
  key                    = "someobject"
  bucket                 = "${aws_s3_bucket.examplebucket.id}"
  source                 = "index.html"
  server_side_encryption = "AES256"
}

Argument Reference

The following arguments are supported:

  • bucket - (Required) The name of the bucket to put the file in.
  • key - (Required) The name of the object once it is in the bucket.
  • source - (Required unless content or content_base64 is set) The path to a file that will be read and uploaded as raw bytes for the object content.
  • content - (Required unless source or content_base64 is set) Literal string value to use as the object content, which will be uploaded as UTF-8-encoded text.
  • content_base64 - (Required unless source or content is set) Base64-encoded data that will be decoded and uploaded as raw bytes for the object content. This allows safely uploading non-UTF8 binary data, but is recommended only for small content such as the result of the gzipbase64 function with small text strings. For larger objects, use source to stream the content from a disk file.
  • acl - (Optional) The canned ACL to apply. Defaults to "private".
  • cache_control - (Optional) Specifies caching behavior along the request/reply chain Read w3c cache_control for further details.
  • content_disposition - (Optional) Specifies presentational information for the object. Read w3c content_disposition for further information.
  • content_encoding - (Optional) Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field. Read w3c content encoding for further information.
  • content_language - (Optional) The language the content is in e.g. en-US or en-GB.
  • content_type - (Optional) A standard MIME type describing the format of the object data, e.g. application/octet-stream. All Valid MIME Types are valid for this input.
  • website_redirect - (Optional) Specifies a target URL for website redirect.
  • storage_class - (Optional) Specifies the desired Storage Class for the object. Can be either "STANDARD", "REDUCED_REDUNDANCY", "ONEZONE_IA", or "STANDARD_IA". Defaults to "STANDARD".
  • etag - (Optional) Used to trigger updates. The only meaningful value is ${md5(file("path/to/file"))}. This attribute is not compatible with KMS encryption, kms_key_id or server_side_encryption = "aws:kms".
  • server_side_encryption - (Optional) Specifies server-side encryption of the object in S3. Valid values are "AES256" and "aws:kms".
  • kms_key_id - (Optional) Specifies the AWS KMS Key ARN to use for object encryption. This value is a fully qualified ARN of the KMS Key. If using aws_kms_key, use the exported arn attribute: kms_key_id = "${aws_kms_key.foo.arn}"
  • tags - (Optional) A mapping of tags to assign to the object.

Either source or content must be provided to specify the bucket content. These two arguments are mutually-exclusive.

Attributes Reference

The following attributes are exported

  • id - the key of the resource supplied above
  • etag - the ETag generated for the object (an MD5 sum of the object content). For plaintext objects or objects encrypted with an AWS-managed key, the hash is an MD5 digest of the object data. For objects encrypted with a KMS key or objects created by either the Multipart Upload or Part Copy operation, the hash is not an MD5 digest, regardless of the method of encryption. More information on possible values can be found on Common Response Headers.
  • version_id - A unique version ID value for the object, if bucket versioning is enabled.

© 2018 HashiCorp
Licensed under the MPL 2.0 License.
https://www.terraform.io/docs/providers/aws/r/s3_bucket_object.html