From dcfaeedf0365182f984a2665b3001f404e255255 Mon Sep 17 00:00:00 2001 From: Jay Olmos <52658441+jayolmos@users.noreply.github.com> Date: Wed, 12 Feb 2020 11:03:11 +0100 Subject: [PATCH 1/5] Update main.tf Add private acl block --- main.tf | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/main.tf b/main.tf index 4ea6f158..664c2130 100644 --- a/main.tf +++ b/main.tf @@ -251,3 +251,11 @@ data "aws_iam_policy_document" "elb_log_delivery" { ] } } + +resource "aws_s3_bucket_public_access_block" "this" { + bucket = var.bucket + block_public_acls = true + block_public_policy = true + ignore_public_acls = true + restrict_public_buckets = true +} From a973714a43f9a003709de96d2efa0a1adacea8a5 Mon Sep 17 00:00:00 2001 From: Jay Date: Fri, 23 Jul 2021 14:03:56 +0200 Subject: [PATCH 2/5] FMT --- README.md | 94 +++++++++++++++++++++++-------------------------------- main.tf | 9 +++--- 2 files changed, 44 insertions(+), 59 deletions(-) diff --git a/README.md b/README.md index 4cc12de9..780ab56e 100644 --- a/README.md +++ b/README.md @@ -107,76 +107,60 @@ inputs = { | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.12.26 | -| [aws](#requirement\_aws) | >= 3.36 | +| terraform | >= 0.12.26 | +| aws | >= 3.36 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 3.36 | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [aws_s3_bucket.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource | -| [aws_s3_bucket_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_policy) | resource | -| [aws_s3_bucket_public_access_block.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block) | resource | -| [aws_elb_service_account.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/elb_service_account) | data source | -| [aws_iam_policy_document.combined](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | -| [aws_iam_policy_document.deny_insecure_transport](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | -| [aws_iam_policy_document.elb_log_delivery](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | -| [aws_iam_policy_document.lb_log_delivery](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| aws | >= 3.36 | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [acceleration\_status](#input\_acceleration\_status) | (Optional) Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended. | `string` | `null` | no | -| [acl](#input\_acl) | (Optional) The canned ACL to apply. Defaults to 'private'. Conflicts with `grant` | `string` | `"private"` | no | -| [attach\_deny\_insecure\_transport\_policy](#input\_attach\_deny\_insecure\_transport\_policy) | Controls if S3 bucket should have deny non-SSL transport policy attached | `bool` | `false` | no | -| [attach\_elb\_log\_delivery\_policy](#input\_attach\_elb\_log\_delivery\_policy) | Controls if S3 bucket should have ELB log delivery policy attached | `bool` | `false` | no | -| [attach\_lb\_log\_delivery\_policy](#input\_attach\_lb\_log\_delivery\_policy) | Controls if S3 bucket should have ALB/NLB log delivery policy attached | `bool` | `false` | no | -| [attach\_policy](#input\_attach\_policy) | Controls if S3 bucket should have bucket policy attached (set to `true` to use value of `policy` as bucket policy) | `bool` | `false` | no | -| [attach\_public\_policy](#input\_attach\_public\_policy) | Controls if a user defined public bucket policy will be attached (set to `false` to allow upstream to apply defaults to the bucket) | `bool` | `true` | no | -| [block\_public\_acls](#input\_block\_public\_acls) | Whether Amazon S3 should block public ACLs for this bucket. | `bool` | `false` | no | -| [block\_public\_policy](#input\_block\_public\_policy) | Whether Amazon S3 should block public bucket policies for this bucket. | `bool` | `false` | no | -| [bucket](#input\_bucket) | (Optional, Forces new resource) The name of the bucket. If omitted, Terraform will assign a random, unique name. | `string` | `null` | no | -| [bucket\_prefix](#input\_bucket\_prefix) | (Optional, Forces new resource) Creates a unique bucket name beginning with the specified prefix. Conflicts with bucket. | `string` | `null` | no | -| [cors\_rule](#input\_cors\_rule) | List of maps containing rules for Cross-Origin Resource Sharing. | `any` | `[]` | no | -| [create\_bucket](#input\_create\_bucket) | Controls if S3 bucket should be created | `bool` | `true` | no | -| [force\_destroy](#input\_force\_destroy) | (Optional, Default:false ) A boolean that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable. | `bool` | `false` | no | -| [grant](#input\_grant) | An ACL policy grant. Conflicts with `acl` | `any` | `[]` | no | -| [ignore\_public\_acls](#input\_ignore\_public\_acls) | Whether Amazon S3 should ignore public ACLs for this bucket. | `bool` | `false` | no | -| [lifecycle\_rule](#input\_lifecycle\_rule) | List of maps containing configuration of object lifecycle management. | `any` | `[]` | no | -| [logging](#input\_logging) | Map containing access bucket logging configuration. | `map(string)` | `{}` | no | -| [object\_lock\_configuration](#input\_object\_lock\_configuration) | Map containing S3 object locking configuration. | `any` | `{}` | no | -| [policy](#input\_policy) | (Optional) A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), Terraform may view the policy as constantly changing in a terraform plan. In this case, please make sure you use the verbose/specific version of the policy. For more information about building AWS IAM policy documents with Terraform, see the AWS IAM Policy Document Guide. | `string` | `null` | no | -| [replication\_configuration](#input\_replication\_configuration) | Map containing cross-region replication configuration. | `any` | `{}` | no | -| [request\_payer](#input\_request\_payer) | (Optional) Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information. | `string` | `null` | no | -| [restrict\_public\_buckets](#input\_restrict\_public\_buckets) | Whether Amazon S3 should restrict public bucket policies for this bucket. | `bool` | `false` | no | -| [server\_side\_encryption\_configuration](#input\_server\_side\_encryption\_configuration) | Map containing server-side encryption configuration. | `any` | `{}` | no | -| [tags](#input\_tags) | (Optional) A mapping of tags to assign to the bucket. | `map(string)` | `{}` | no | -| [versioning](#input\_versioning) | Map containing versioning configuration. | `map(string)` | `{}` | no | -| [website](#input\_website) | Map containing static web-site hosting or redirect configuration. | `map(string)` | `{}` | no | +| acceleration\_status | (Optional) Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended. | `string` | `null` | no | +| acl | (Optional) The canned ACL to apply. Defaults to 'private'. Conflicts with `grant` | `string` | `"private"` | no | +| attach\_deny\_insecure\_transport\_policy | Controls if S3 bucket should have deny non-SSL transport policy attached | `bool` | `false` | no | +| attach\_elb\_log\_delivery\_policy | Controls if S3 bucket should have ELB log delivery policy attached | `bool` | `false` | no | +| attach\_lb\_log\_delivery\_policy | Controls if S3 bucket should have ALB/NLB log delivery policy attached | `bool` | `false` | no | +| attach\_policy | Controls if S3 bucket should have bucket policy attached (set to `true` to use value of `policy` as bucket policy) | `bool` | `false` | no | +| attach\_public\_policy | Controls if a user defined public bucket policy will be attached (set to `false` to allow upstream to apply defaults to the bucket) | `bool` | `true` | no | +| block\_public\_acls | Whether Amazon S3 should block public ACLs for this bucket. | `bool` | `false` | no | +| block\_public\_policy | Whether Amazon S3 should block public bucket policies for this bucket. | `bool` | `false` | no | +| bucket | (Optional, Forces new resource) The name of the bucket. If omitted, Terraform will assign a random, unique name. | `string` | `null` | no | +| bucket\_prefix | (Optional, Forces new resource) Creates a unique bucket name beginning with the specified prefix. Conflicts with bucket. | `string` | `null` | no | +| cors\_rule | List of maps containing rules for Cross-Origin Resource Sharing. | `any` | `[]` | no | +| create\_bucket | Controls if S3 bucket should be created | `bool` | `true` | no | +| force\_destroy | (Optional, Default:false ) A boolean that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable. | `bool` | `false` | no | +| grant | An ACL policy grant. Conflicts with `acl` | `any` | `[]` | no | +| ignore\_public\_acls | Whether Amazon S3 should ignore public ACLs for this bucket. | `bool` | `false` | no | +| lifecycle\_rule | List of maps containing configuration of object lifecycle management. | `any` | `[]` | no | +| logging | Map containing access bucket logging configuration. | `map(string)` | `{}` | no | +| object\_lock\_configuration | Map containing S3 object locking configuration. | `any` | `{}` | no | +| policy | (Optional) A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), Terraform may view the policy as constantly changing in a terraform plan. In this case, please make sure you use the verbose/specific version of the policy. For more information about building AWS IAM policy documents with Terraform, see the AWS IAM Policy Document Guide. | `string` | `null` | no | +| replication\_configuration | Map containing cross-region replication configuration. | `any` | `{}` | no | +| request\_payer | (Optional) Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information. | `string` | `null` | no | +| restrict\_public\_buckets | Whether Amazon S3 should restrict public bucket policies for this bucket. | `bool` | `false` | no | +| server\_side\_encryption\_configuration | Map containing server-side encryption configuration. | `any` | `{}` | no | +| tags | (Optional) A mapping of tags to assign to the bucket. | `map(string)` | `{}` | no | +| versioning | Map containing versioning configuration. | `map(string)` | `{}` | no | +| website | Map containing static web-site hosting or redirect configuration. | `map(string)` | `{}` | no | ## Outputs | Name | Description | |------|-------------| -| [s3\_bucket\_arn](#output\_s3\_bucket\_arn) | The ARN of the bucket. Will be of format arn:aws:s3:::bucketname. | -| [s3\_bucket\_bucket\_domain\_name](#output\_s3\_bucket\_bucket\_domain\_name) | The bucket domain name. Will be of format bucketname.s3.amazonaws.com. | -| [s3\_bucket\_bucket\_regional\_domain\_name](#output\_s3\_bucket\_bucket\_regional\_domain\_name) | The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL. | -| [s3\_bucket\_hosted\_zone\_id](#output\_s3\_bucket\_hosted\_zone\_id) | The Route 53 Hosted Zone ID for this bucket's region. | -| [s3\_bucket\_id](#output\_s3\_bucket\_id) | The name of the bucket. | -| [s3\_bucket\_region](#output\_s3\_bucket\_region) | The AWS region this bucket resides in. | -| [s3\_bucket\_website\_domain](#output\_s3\_bucket\_website\_domain) | The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records. | -| [s3\_bucket\_website\_endpoint](#output\_s3\_bucket\_website\_endpoint) | The website endpoint, if the bucket is configured with a website. If not, this will be an empty string. | +| s3\_bucket\_arn | The ARN of the bucket. Will be of format arn:aws:s3:::bucketname. | +| s3\_bucket\_bucket\_domain\_name | The bucket domain name. Will be of format bucketname.s3.amazonaws.com. | +| s3\_bucket\_bucket\_regional\_domain\_name | The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL. | +| s3\_bucket\_hosted\_zone\_id | The Route 53 Hosted Zone ID for this bucket's region. | +| s3\_bucket\_id | The name of the bucket. | +| s3\_bucket\_region | The AWS region this bucket resides in. | +| s3\_bucket\_website\_domain | The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records. | +| s3\_bucket\_website\_endpoint | The website endpoint, if the bucket is configured with a website. If not, this will be an empty string. | + ## Authors diff --git a/main.tf b/main.tf index 2a96d16f..31999cc9 100644 --- a/main.tf +++ b/main.tf @@ -132,10 +132,11 @@ resource "aws_s3_bucket" "this" { for_each = replication_configuration.value.rules content { - id = lookup(rules.value, "id", null) - priority = lookup(rules.value, "priority", null) - prefix = lookup(rules.value, "prefix", null) - status = rules.value.status + id = lookup(rules.value, "id", null) + priority = lookup(rules.value, "priority", null) + prefix = lookup(rules.value, "prefix", null) + delete_marker_replication_status = lookup(rules.value, "delete_marker_replication_status", null) + status = rules.value.status dynamic "destination" { for_each = length(keys(lookup(rules.value, "destination", {}))) == 0 ? [] : [lookup(rules.value, "destination", {})] From 5a23882632731145c4f63f91f38b32cc08ba03d0 Mon Sep 17 00:00:00 2001 From: Jay Date: Fri, 23 Jul 2021 14:27:26 +0200 Subject: [PATCH 3/5] fix version to aws provider 3.50 in which includes delete marker option --- README.md | 4 ++-- versions.tf | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 780ab56e..acbdf01e 100644 --- a/README.md +++ b/README.md @@ -108,13 +108,13 @@ inputs = { | Name | Version | |------|---------| | terraform | >= 0.12.26 | -| aws | >= 3.36 | +| aws | >= 3.50 | ## Providers | Name | Version | |------|---------| -| aws | >= 3.36 | +| aws | >= 3.50 | ## Inputs diff --git a/versions.tf b/versions.tf index 4a6afc07..a181033c 100644 --- a/versions.tf +++ b/versions.tf @@ -2,6 +2,6 @@ terraform { required_version = ">= 0.12.26" required_providers { - aws = ">= 3.36" + aws = ">= 3.50" } } From cf8228ad8683d5994f69ed4b891bc642402888d1 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Fri, 27 Aug 2021 09:42:18 +0200 Subject: [PATCH 4/5] Fixed docs --- README.md | 94 ++++++++++++++++++++++++++++++++----------------------- 1 file changed, 55 insertions(+), 39 deletions(-) diff --git a/README.md b/README.md index acbdf01e..a4adf46a 100644 --- a/README.md +++ b/README.md @@ -107,60 +107,76 @@ inputs = { | Name | Version | |------|---------| -| terraform | >= 0.12.26 | -| aws | >= 3.50 | +| [terraform](#requirement\_terraform) | >= 0.12.26 | +| [aws](#requirement\_aws) | >= 3.50 | ## Providers | Name | Version | |------|---------| -| aws | >= 3.50 | +| [aws](#provider\_aws) | >= 3.50 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_s3_bucket.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource | +| [aws_s3_bucket_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_policy) | resource | +| [aws_s3_bucket_public_access_block.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block) | resource | +| [aws_elb_service_account.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/elb_service_account) | data source | +| [aws_iam_policy_document.combined](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.deny_insecure_transport](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.elb_log_delivery](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.lb_log_delivery](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| acceleration\_status | (Optional) Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended. | `string` | `null` | no | -| acl | (Optional) The canned ACL to apply. Defaults to 'private'. Conflicts with `grant` | `string` | `"private"` | no | -| attach\_deny\_insecure\_transport\_policy | Controls if S3 bucket should have deny non-SSL transport policy attached | `bool` | `false` | no | -| attach\_elb\_log\_delivery\_policy | Controls if S3 bucket should have ELB log delivery policy attached | `bool` | `false` | no | -| attach\_lb\_log\_delivery\_policy | Controls if S3 bucket should have ALB/NLB log delivery policy attached | `bool` | `false` | no | -| attach\_policy | Controls if S3 bucket should have bucket policy attached (set to `true` to use value of `policy` as bucket policy) | `bool` | `false` | no | -| attach\_public\_policy | Controls if a user defined public bucket policy will be attached (set to `false` to allow upstream to apply defaults to the bucket) | `bool` | `true` | no | -| block\_public\_acls | Whether Amazon S3 should block public ACLs for this bucket. | `bool` | `false` | no | -| block\_public\_policy | Whether Amazon S3 should block public bucket policies for this bucket. | `bool` | `false` | no | -| bucket | (Optional, Forces new resource) The name of the bucket. If omitted, Terraform will assign a random, unique name. | `string` | `null` | no | -| bucket\_prefix | (Optional, Forces new resource) Creates a unique bucket name beginning with the specified prefix. Conflicts with bucket. | `string` | `null` | no | -| cors\_rule | List of maps containing rules for Cross-Origin Resource Sharing. | `any` | `[]` | no | -| create\_bucket | Controls if S3 bucket should be created | `bool` | `true` | no | -| force\_destroy | (Optional, Default:false ) A boolean that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable. | `bool` | `false` | no | -| grant | An ACL policy grant. Conflicts with `acl` | `any` | `[]` | no | -| ignore\_public\_acls | Whether Amazon S3 should ignore public ACLs for this bucket. | `bool` | `false` | no | -| lifecycle\_rule | List of maps containing configuration of object lifecycle management. | `any` | `[]` | no | -| logging | Map containing access bucket logging configuration. | `map(string)` | `{}` | no | -| object\_lock\_configuration | Map containing S3 object locking configuration. | `any` | `{}` | no | -| policy | (Optional) A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), Terraform may view the policy as constantly changing in a terraform plan. In this case, please make sure you use the verbose/specific version of the policy. For more information about building AWS IAM policy documents with Terraform, see the AWS IAM Policy Document Guide. | `string` | `null` | no | -| replication\_configuration | Map containing cross-region replication configuration. | `any` | `{}` | no | -| request\_payer | (Optional) Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information. | `string` | `null` | no | -| restrict\_public\_buckets | Whether Amazon S3 should restrict public bucket policies for this bucket. | `bool` | `false` | no | -| server\_side\_encryption\_configuration | Map containing server-side encryption configuration. | `any` | `{}` | no | -| tags | (Optional) A mapping of tags to assign to the bucket. | `map(string)` | `{}` | no | -| versioning | Map containing versioning configuration. | `map(string)` | `{}` | no | -| website | Map containing static web-site hosting or redirect configuration. | `map(string)` | `{}` | no | +| [acceleration\_status](#input\_acceleration\_status) | (Optional) Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended. | `string` | `null` | no | +| [acl](#input\_acl) | (Optional) The canned ACL to apply. Defaults to 'private'. Conflicts with `grant` | `string` | `"private"` | no | +| [attach\_deny\_insecure\_transport\_policy](#input\_attach\_deny\_insecure\_transport\_policy) | Controls if S3 bucket should have deny non-SSL transport policy attached | `bool` | `false` | no | +| [attach\_elb\_log\_delivery\_policy](#input\_attach\_elb\_log\_delivery\_policy) | Controls if S3 bucket should have ELB log delivery policy attached | `bool` | `false` | no | +| [attach\_lb\_log\_delivery\_policy](#input\_attach\_lb\_log\_delivery\_policy) | Controls if S3 bucket should have ALB/NLB log delivery policy attached | `bool` | `false` | no | +| [attach\_policy](#input\_attach\_policy) | Controls if S3 bucket should have bucket policy attached (set to `true` to use value of `policy` as bucket policy) | `bool` | `false` | no | +| [attach\_public\_policy](#input\_attach\_public\_policy) | Controls if a user defined public bucket policy will be attached (set to `false` to allow upstream to apply defaults to the bucket) | `bool` | `true` | no | +| [block\_public\_acls](#input\_block\_public\_acls) | Whether Amazon S3 should block public ACLs for this bucket. | `bool` | `false` | no | +| [block\_public\_policy](#input\_block\_public\_policy) | Whether Amazon S3 should block public bucket policies for this bucket. | `bool` | `false` | no | +| [bucket](#input\_bucket) | (Optional, Forces new resource) The name of the bucket. If omitted, Terraform will assign a random, unique name. | `string` | `null` | no | +| [bucket\_prefix](#input\_bucket\_prefix) | (Optional, Forces new resource) Creates a unique bucket name beginning with the specified prefix. Conflicts with bucket. | `string` | `null` | no | +| [cors\_rule](#input\_cors\_rule) | List of maps containing rules for Cross-Origin Resource Sharing. | `any` | `[]` | no | +| [create\_bucket](#input\_create\_bucket) | Controls if S3 bucket should be created | `bool` | `true` | no | +| [force\_destroy](#input\_force\_destroy) | (Optional, Default:false ) A boolean that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable. | `bool` | `false` | no | +| [grant](#input\_grant) | An ACL policy grant. Conflicts with `acl` | `any` | `[]` | no | +| [ignore\_public\_acls](#input\_ignore\_public\_acls) | Whether Amazon S3 should ignore public ACLs for this bucket. | `bool` | `false` | no | +| [lifecycle\_rule](#input\_lifecycle\_rule) | List of maps containing configuration of object lifecycle management. | `any` | `[]` | no | +| [logging](#input\_logging) | Map containing access bucket logging configuration. | `map(string)` | `{}` | no | +| [object\_lock\_configuration](#input\_object\_lock\_configuration) | Map containing S3 object locking configuration. | `any` | `{}` | no | +| [policy](#input\_policy) | (Optional) A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), Terraform may view the policy as constantly changing in a terraform plan. In this case, please make sure you use the verbose/specific version of the policy. For more information about building AWS IAM policy documents with Terraform, see the AWS IAM Policy Document Guide. | `string` | `null` | no | +| [replication\_configuration](#input\_replication\_configuration) | Map containing cross-region replication configuration. | `any` | `{}` | no | +| [request\_payer](#input\_request\_payer) | (Optional) Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information. | `string` | `null` | no | +| [restrict\_public\_buckets](#input\_restrict\_public\_buckets) | Whether Amazon S3 should restrict public bucket policies for this bucket. | `bool` | `false` | no | +| [server\_side\_encryption\_configuration](#input\_server\_side\_encryption\_configuration) | Map containing server-side encryption configuration. | `any` | `{}` | no | +| [tags](#input\_tags) | (Optional) A mapping of tags to assign to the bucket. | `map(string)` | `{}` | no | +| [versioning](#input\_versioning) | Map containing versioning configuration. | `map(string)` | `{}` | no | +| [website](#input\_website) | Map containing static web-site hosting or redirect configuration. | `map(string)` | `{}` | no | ## Outputs | Name | Description | |------|-------------| -| s3\_bucket\_arn | The ARN of the bucket. Will be of format arn:aws:s3:::bucketname. | -| s3\_bucket\_bucket\_domain\_name | The bucket domain name. Will be of format bucketname.s3.amazonaws.com. | -| s3\_bucket\_bucket\_regional\_domain\_name | The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL. | -| s3\_bucket\_hosted\_zone\_id | The Route 53 Hosted Zone ID for this bucket's region. | -| s3\_bucket\_id | The name of the bucket. | -| s3\_bucket\_region | The AWS region this bucket resides in. | -| s3\_bucket\_website\_domain | The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records. | -| s3\_bucket\_website\_endpoint | The website endpoint, if the bucket is configured with a website. If not, this will be an empty string. | - +| [s3\_bucket\_arn](#output\_s3\_bucket\_arn) | The ARN of the bucket. Will be of format arn:aws:s3:::bucketname. | +| [s3\_bucket\_bucket\_domain\_name](#output\_s3\_bucket\_bucket\_domain\_name) | The bucket domain name. Will be of format bucketname.s3.amazonaws.com. | +| [s3\_bucket\_bucket\_regional\_domain\_name](#output\_s3\_bucket\_bucket\_regional\_domain\_name) | The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL. | +| [s3\_bucket\_hosted\_zone\_id](#output\_s3\_bucket\_hosted\_zone\_id) | The Route 53 Hosted Zone ID for this bucket's region. | +| [s3\_bucket\_id](#output\_s3\_bucket\_id) | The name of the bucket. | +| [s3\_bucket\_region](#output\_s3\_bucket\_region) | The AWS region this bucket resides in. | +| [s3\_bucket\_website\_domain](#output\_s3\_bucket\_website\_domain) | The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records. | +| [s3\_bucket\_website\_endpoint](#output\_s3\_bucket\_website\_endpoint) | The website endpoint, if the bucket is configured with a website. If not, this will be an empty string. | ## Authors From 1a492970d80bc72fe01ad041272ef94a635f6672 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Fri, 27 Aug 2021 09:50:06 +0200 Subject: [PATCH 5/5] Updated versions of Terraform to 0.12.31 to pass GH Actions checks --- README.md | 2 +- examples/complete/README.md | 6 +++--- examples/complete/versions.tf | 4 ++-- examples/notification/README.md | 6 +++--- examples/notification/versions.tf | 4 ++-- examples/object/README.md | 4 ++-- examples/object/versions.tf | 2 +- examples/s3-replication/README.md | 8 ++++---- examples/s3-replication/versions.tf | 4 ++-- versions.tf | 2 +- 10 files changed, 21 insertions(+), 21 deletions(-) diff --git a/README.md b/README.md index 59535747..639a045b 100644 --- a/README.md +++ b/README.md @@ -107,7 +107,7 @@ inputs = { | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.12.26 | +| [terraform](#requirement\_terraform) | >= 0.12.31 | | [aws](#requirement\_aws) | >= 3.50 | ## Providers diff --git a/examples/complete/README.md b/examples/complete/README.md index 442a7afc..dfe7b7fb 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -29,15 +29,15 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.12.26 | -| [aws](#requirement\_aws) | >= 3.36 | +| [terraform](#requirement\_terraform) | >= 0.12.31 | +| [aws](#requirement\_aws) | >= 3.50 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 3.36 | +| [aws](#provider\_aws) | >= 3.50 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf index 633a9b29..995a0190 100644 --- a/examples/complete/versions.tf +++ b/examples/complete/versions.tf @@ -1,8 +1,8 @@ terraform { - required_version = ">= 0.12.26" + required_version = ">= 0.12.31" required_providers { - aws = ">= 3.36" + aws = ">= 3.50" random = ">= 2.0" } } diff --git a/examples/notification/README.md b/examples/notification/README.md index 9bad715c..ef79d2f4 100644 --- a/examples/notification/README.md +++ b/examples/notification/README.md @@ -19,8 +19,8 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.12.26 | -| [aws](#requirement\_aws) | >= 3.36 | +| [terraform](#requirement\_terraform) | >= 0.12.31 | +| [aws](#requirement\_aws) | >= 3.50 | | [null](#requirement\_null) | >= 2.0 | | [random](#requirement\_random) | >= 2.0 | @@ -28,7 +28,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 3.36 | +| [aws](#provider\_aws) | >= 3.50 | | [null](#provider\_null) | >= 2.0 | | [random](#provider\_random) | >= 2.0 | diff --git a/examples/notification/versions.tf b/examples/notification/versions.tf index e3c4ff79..9932ccff 100644 --- a/examples/notification/versions.tf +++ b/examples/notification/versions.tf @@ -1,8 +1,8 @@ terraform { - required_version = ">= 0.12.26" + required_version = ">= 0.12.31" required_providers { - aws = ">= 3.36" + aws = ">= 3.50" random = ">= 2.0" null = ">= 2.0" } diff --git a/examples/object/README.md b/examples/object/README.md index d3fec7a8..e3f5b5a0 100644 --- a/examples/object/README.md +++ b/examples/object/README.md @@ -20,14 +20,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 0.13 | -| [aws](#requirement\_aws) | >= 3.36 | +| [aws](#requirement\_aws) | >= 3.50 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 3.36 | +| [aws](#provider\_aws) | >= 3.50 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/object/versions.tf b/examples/object/versions.tf index d051dac7..596d3015 100644 --- a/examples/object/versions.tf +++ b/examples/object/versions.tf @@ -2,7 +2,7 @@ terraform { required_version = ">= 0.13" required_providers { - aws = ">= 3.36" + aws = ">= 3.50" random = ">= 2.0" } } diff --git a/examples/s3-replication/README.md b/examples/s3-replication/README.md index 3f220489..41f8df0a 100644 --- a/examples/s3-replication/README.md +++ b/examples/s3-replication/README.md @@ -21,16 +21,16 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.12.26 | -| [aws](#requirement\_aws) | >= 3.36 | +| [terraform](#requirement\_terraform) | >= 0.12.31 | +| [aws](#requirement\_aws) | >= 3.50 | | [random](#requirement\_random) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 3.36 | -| [aws.replica](#provider\_aws.replica) | >= 3.36 | +| [aws](#provider\_aws) | >= 3.50 | +| [aws.replica](#provider\_aws.replica) | >= 3.50 | | [random](#provider\_random) | >= 2.0 | ## Modules diff --git a/examples/s3-replication/versions.tf b/examples/s3-replication/versions.tf index 633a9b29..995a0190 100644 --- a/examples/s3-replication/versions.tf +++ b/examples/s3-replication/versions.tf @@ -1,8 +1,8 @@ terraform { - required_version = ">= 0.12.26" + required_version = ">= 0.12.31" required_providers { - aws = ">= 3.36" + aws = ">= 3.50" random = ">= 2.0" } } diff --git a/versions.tf b/versions.tf index a181033c..7457daa6 100644 --- a/versions.tf +++ b/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 0.12.26" + required_version = ">= 0.12.31" required_providers { aws = ">= 3.50"