s3-bucket
Terraform module for s3-bucket on aws
module "s3_bucket" {
source = "registry.patterneddesigns.ca/essentials/s3-bucket/aws"
version = "0.1.0"
# Required inputs
bucket_name = "..."
}Overview
The s3-bucket module creates secure, production-ready S3 buckets with sensible defaults including:
- Server-side encryption (AES-256 or KMS)
- Versioning for data protection
- Lifecycle policies for cost optimization
- Access logging for compliance and auditing
- Block public access by default
Category: Storage Provider: AWS Latest Version: 3.0.0
Quick Start
module "data_bucket" {
source = "registry.patterneddesigns.ca/essentials/s3-bucket/aws"
version = "3.0.0"
bucket_name = "my-app-data"
versioning_enabled = true
encryption_type = "aws:kms"
kms_key_arn = module.kms.key_arn
}
Key Features
Encryption by Default
All buckets are encrypted at rest using AES-256 or customer-managed KMS keys:
module "secure_bucket" {
source = "registry.patterneddesigns.ca/essentials/s3-bucket/aws"
version = "3.0.0"
bucket_name = "sensitive-data"
encryption_type = "aws:kms"
kms_key_arn = aws_kms_key.bucket.arn
}
Lifecycle Management
Automate object transitions and expirations to optimize costs:
module "data_bucket" {
source = "registry.patterneddesigns.ca/essentials/s3-bucket/aws"
version = "3.0.0"
bucket_name = "data-archive"
lifecycle_rules = [
{
prefix = "logs/"
expiration_days = 90
},
{
prefix = "archives/"
transition_days = 30
transition_class = "GLACIER"
}
]
}
Static Website Hosting
Configure buckets for static website hosting with CloudFront integration:
module "website_bucket" {
source = "registry.patterneddesigns.ca/essentials/s3-bucket/aws"
version = "3.0.0"
bucket_name = "www-example-com"
website_configuration = {
index_document = "index.html"
error_document = "error.html"
}
}
Documentation
Registry
Inputs
Name of the S3 bucket. Must be globally unique, 3-63 characters, lowercase letters, numbers, and hyphens only.
Enable versioning for the bucket. Keeps multiple variants of an object for accidental deletion and overwrite protection.
Encryption type for the bucket. Use 'AES256' for S3-managed keys (SSE-S3) or 'aws:kms' for KMS-managed keys (SSE-KMS).
KMS key ARN for encryption. Required when encryption_type is 'aws:kms'.
Lifecycle rules for object management. Each rule can define expiration or transition policies. Each object supports: - prefix: Object key prefix filter (optional) - expiration_days: Days until object expiration (optional) - transition_days: Days until storage class transition (optional) - transition_class: Target storage class for transition (optional) Valid transition classes: STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER_IR, GLACIER, DEEP_ARCHIVE
CORS configuration for cross-origin access. Set to null to disable CORS. cors_rules is a list of objects with: - allowed_methods: HTTP methods allowed (GET, PUT, POST, DELETE, HEAD) - required - allowed_origins: Origins allowed to make requests - required - allowed_headers: Headers allowed in preflight requests (optional) - expose_headers: Headers exposed to the browser (optional) - max_age_seconds: Cache duration for preflight responses (optional)
Access logging configuration for audit trails. Set to null to disable logging. Object properties: - target_bucket: Bucket where logs are delivered (required) - target_prefix: Prefix for log objects (optional)
Tags to apply to the bucket.
Outputs
ARN of the S3 bucket. Use this for IAM policies, resource references, and cross-service integrations.
ID (name) of the S3 bucket. Use this for SDK calls, CLI commands, and resource references that require the bucket name.
Domain name of the bucket in the format bucket-name.s3.amazonaws.com. Use this for direct URL access and CloudFront origins.
Regional domain name of the bucket in the format bucket-name.s3.region.amazonaws.com. Preferred for CloudFront origins and cross-region access.