forked from cloudposse/terraform-aws-s3-bucket
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvariables.tf
115 lines (97 loc) · 3.62 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
variable "namespace" {
type = string
description = "Namespace (e.g. `eg` or `cp`)"
}
variable "stage" {
type = string
description = "Stage (e.g. `prod`, `dev`, `staging`)"
}
variable "name" {
type = string
description = "Name (e.g. `app` or `db`)"
}
variable "delimiter" {
type = string
default = "-"
description = "Delimiter to be used between `namespace`, `stage`, `name` and `attributes`"
}
variable "attributes" {
type = list(string)
default = []
description = "Additional attributes (e.g. `1`)"
}
variable "tags" {
type = map(string)
default = {}
description = "Additional tags (e.g. `{ BusinessUnit = \"XYZ\" }`"
}
variable "acl" {
type = string
default = "private"
description = "The canned ACL to apply. We recommend `private` to avoid exposing sensitive information"
}
variable "s3_object_expiration_enabled" {
type = string
default = "false"
description = "Whether or not to enable S3 objection lifecycle rule"
}
variable "s3_object_expiration_days" {
type = number
default = 365
description = "Number of days after which to expire objects"
}
variable "readonly_policy_enabled" {
type = string
default = "false"
description = "Whether or not to enable ReadOnlyAccounts policy in main.tf"
}
variable "policy" {
type = string
default = ""
description = "A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), Terraform may view the policy as constantly changing in a terraform plan. In this case, please make sure you use the verbose/specific version of the policy."
}
variable "force_destroy" {
type = string
default = "false"
description = "A boolean string that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable."
}
variable "versioning_enabled" {
type = string
default = "false"
description = "A state of versioning. Versioning is a means of keeping multiple variants of an object in the same bucket."
}
variable "sse_algorithm" {
type = string
default = "AES256"
description = "The server-side encryption algorithm to use. Valid values are `AES256` and `aws:kms`"
}
variable "kms_master_key_id" {
type = string
default = ""
description = "The AWS KMS master key ID used for the `SSE-KMS` encryption. This can only be used when you set the value of `sse_algorithm` as `aws:kms`. The default aws/s3 AWS KMS master key is used if this element is absent while the `sse_algorithm` is `aws:kms`"
}
variable "enabled" {
type = string
description = "Set to `false` to prevent the module from creating any resources"
default = "true"
}
variable "user_enabled" {
type = string
default = "false"
description = "Set to `true` to create an S3 user with permission to access the bucket"
}
variable "allowed_bucket_actions" {
type = list(string)
default = ["s3:PutObject", "s3:PutObjectAcl", "s3:GetObject", "s3:DeleteObject", "s3:ListBucket", "s3:ListBucketMultipartUploads", "s3:GetBucketLocation", "s3:AbortMultipartUpload"]
description = "List of actions the user is permitted to perform on the S3 bucket"
}
variable "allow_encrypted_uploads_only" {
type = string
default = "false"
description = "Set to `true` to prevent uploads of unencrypted objects to S3 bucket"
}
variable "read_only_access_accounts" {
type = list(string)
default = []
description = "List of accounts with read-only accesss to the bucket"
}