opentelekomcloud_s3_bucket

Provides a S3 bucket resource.

Example Usage

Private Bucket w/ Tags

resource "opentelekomcloud_s3_bucket" "b" {
  bucket = "my-tf-test-bucket"
  acl    = "private"

  tags {
    Name        = "My bucket"
    Environment = "Dev"
  }
}

Static Website Hosting

resource "opentelekomcloud_s3_bucket" "b" {
  bucket = "s3-website-test.hashicorp.com"
  acl    = "public-read"
  policy = "${file("policy.json")}"

  website {
    index_document = "index.html"
    error_document = "error.html"

    routing_rules = <<EOF
[{
    "Condition": {
        "KeyPrefixEquals": "docs/"
    },
    "Redirect": {
        "ReplaceKeyPrefixWith": "documents/"
    }
}]
EOF
  }
}

Using CORS

resource "opentelekomcloud_s3_bucket" "b" {
  bucket = "s3-website-test.hashicorp.com"
  acl    = "public-read"

  cors_rule {
    allowed_headers = ["*"]
    allowed_methods = ["PUT", "POST"]
    allowed_origins = ["https://s3-website-test.hashicorp.com"]
    expose_headers  = ["ETag"]
    max_age_seconds = 3000
  }
}

Using versioning

resource "opentelekomcloud_s3_bucket" "b" {
  bucket = "my-tf-test-bucket"
  acl    = "private"

  versioning {
    enabled = true
  }
}

Enable Logging

resource "opentelekomcloud_s3_bucket" "log_bucket" {
  bucket = "my-tf-log-bucket"
  acl    = "log-delivery-write"
}

resource "opentelekomcloud_s3_bucket" "b" {
  bucket = "my-tf-test-bucket"
  acl    = "private"

  logging {
    target_bucket = "${opentelekomcloud_s3_bucket.log_bucket.id}"
    target_prefix = "log/"
  }
}

Using object lifecycle

resource "opentelekomcloud_s3_bucket" "bucket" {
  bucket = "my-bucket"
  acl    = "private"

  lifecycle_rule {
    id      = "log"
    enabled = true

    prefix  = "log/"
    tags {
      "rule"      = "log"
      "autoclean" = "true"
    }

    expiration {
      days = 90
    }
  }

  lifecycle_rule {
    id      = "tmp"
    prefix  = "tmp/"
    enabled = true

    expiration {
      date = "2016-01-12"
    }
  }
}

resource "opentelekomcloud_s3_bucket" "versioning_bucket" {
  bucket = "my-versioning-bucket"
  acl    = "private"

  versioning {
    enabled = true
  }

  lifecycle_rule {
    prefix  = "config/"
    enabled = true
  }
}

Argument Reference

The following arguments are supported:

  • bucket - (Optional, Forces new resource) The name of the bucket. If omitted, Terraform will assign a random, unique name.
  • bucket_prefix - (Optional, Forces new resource) Creates a unique bucket name beginning with the specified prefix. Conflicts with bucket.
  • acl - (Optional) The canned ACL to apply. Defaults to "private".
  • policy - (Optional) A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), Terraform may view the policy as constantly changing in a terraform plan. In this case, please make sure you use the verbose/specific version of the policy.

  • tags - (Optional) A mapping of tags to assign to the bucket.

  • force_destroy - (Optional, Default:false ) A boolean that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.

  • website - (Optional) A website object (documented below).

  • cors_rule - (Optional) A rule of Cross-Origin Resource Sharing (documented below).

  • versioning - (Optional) A state of versioning (documented below)

  • logging - (Optional) A settings of bucket logging (documented below).

  • lifecycle_rule - (Optional) A configuration of object lifecycle management (documented below).

  • region - (Optional) If specified, the AWS region this bucket should reside in. Otherwise, the region used by the callee.

The website object supports the following:

  • index_document - (Required, unless using redirect_all_requests_to) Amazon S3 returns this index document when requests are made to the root domain or any of the subfolders.
  • error_document - (Optional) An absolute path to the document to return in case of a 4XX error.
  • redirect_all_requests_to - (Optional) A hostname to redirect all website requests for this bucket to. Hostname can optionally be prefixed with a protocol (http:// or https://) to use when redirecting requests. The default is the protocol that is used in the original request.
  • routing_rules - (Optional) A json array containing routing rules describing redirect behavior and when redirects are applied.

The CORS object supports the following:

  • allowed_headers (Optional) Specifies which headers are allowed.
  • allowed_methods (Required) Specifies which methods are allowed. Can be GET, PUT, POST, DELETE or HEAD.
  • allowed_origins (Required) Specifies which origins are allowed.
  • expose_headers (Optional) Specifies expose header in the response.
  • max_age_seconds (Optional) Specifies time in seconds that browser can cache the response for a preflight request.

The versioning object supports the following:

  • enabled - (Optional) Enable versioning. Once you version-enable a bucket, it can never return to an unversioned state. You can, however, suspend versioning on that bucket.
  • mfa_delete - (Optional) Enable MFA delete for either Change the versioning state of your bucket or Permanently delete an object version. Default is false.

The logging object supports the following:

  • target_bucket - (Required) The name of the bucket that will receive the log objects.
  • target_prefix - (Optional) To specify a key prefix for log objects.

The lifecycle_rule object supports the following:

  • id - (Optional) Unique identifier for the rule.
  • prefix - (Optional) Object key prefix identifying one or more objects to which the rule applies.
  • tags - (Optional) Specifies object tags key and value.
  • enabled - (Required) Specifies lifecycle rule status.
  • abort_incomplete_multipart_upload_days (Optional) Specifies the number of days after initiating a multipart upload when the multipart upload must be completed.
  • expiration - (Optional) Specifies a period in the object's expire (documented below).
  • noncurrent_version_expiration - (Optional) Specifies when noncurrent object versions expire (documented below).

At least one of expiration, noncurrent_version_expiration must be specified.

The expiration object supports the following

  • date (Optional) Specifies the date after which you want the corresponding action to take effect.
  • days (Optional) Specifies the number of days after object creation when the specific rule action takes effect.
  • expired_object_delete_marker (Optional) On a versioned bucket (versioning-enabled or versioning-suspended bucket), you can add this element in the lifecycle configuration to direct Amazon S3 to delete expired object delete markers.

The noncurrent_version_expiration object supports the following

  • days (Required) Specifies the number of days an object is noncurrent object versions expire.

The rules object supports the following:

  • id - (Optional) Unique identifier for the rule.
  • destination - (Required) Specifies the destination for the rule (documented below).
  • prefix - (Required) Object keyname prefix identifying one or more objects to which the rule applies. Set as an empty string to replicate the whole bucket.
  • status - (Required) The status of the rule. Either Enabled or Disabled. The rule is ignored if status is not Enabled.

The destination object supports the following:

  • bucket - (Required) The ARN of the S3 bucket where you want Amazon S3 to store replicas of the object identified by the rule.
  • storage_class - (Optional) The class of storage used to store the object.

Attributes Reference

The following attributes are exported:

  • id - The name of the bucket.
  • arn - The ARN of the bucket. Will be of format arn:aws:s3:::bucketname.
  • bucket_domain_name - The bucket domain name. Will be of format bucketname.s3.amazonaws.com.
  • hosted_zone_id - The Route 53 Hosted Zone ID for this bucket's region.
  • region - The AWS region this bucket resides in.
  • website_endpoint - The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.
  • website_domain - The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.

Import

S3 bucket can be imported using the bucket, e.g.

$ terraform import opentelekomcloud_s3_bucket.bucket bucket-name

© 2018 HashiCorp
Licensed under the MPL 2.0 License.
https://www.terraform.io/docs/providers/opentelekomcloud/r/s3_bucket.html