Эхлэл Бүгдийг харах Тусламж
Бүртгүүлэх Нэвтрэх
AFS
/
xdr-terraform-modules
2
0
Салаа 0
Файлууд Асуудлууд 0 Хуулах хүсэлтүүд 0 Мэдлэгийн сан
Мод: 1992399174
Салаанууд Тагууд
xdr-terraform-m...
/
base
/
generic_s3_bucket_with_role
/
s3.tf

s3.tf 2.3 KB
Түүх Анхны өгөгдөл

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788 
  1. resource "aws_s3_bucket" "bucket" {
    2. 

  2.   bucket = local.fullname
    3. 

  3.   tags   = merge(var.standard_tags, var.tags)
    4. 

  4. }
    5. 

  5. 

  6. resource "aws_s3_bucket_versioning" "s3_version_bucket" {
    7. 

  7.   bucket = aws_s3_bucket.bucket.id
    8. 

  8.   versioning_configuration {
    9. 

  9.     status = "Enabled"
    10. 

  10.   }
    11. 

  11. }
    12. 

  12. 

  13. resource "aws_s3_bucket_acl" "s3_acl_bucket" {
    14. 

  14.   bucket = aws_s3_bucket.bucket.id
    15. 

  15.   acl    = "private"
    16. 

  16. }
    17. 

  17. 

  18. resource "aws_s3_bucket_server_side_encryption_configuration" "s3_sse_bucket" {
    19. 

  19.   bucket = aws_s3_bucket.bucket.id
    20. 

  20.   rule {
    21. 

  21.     apply_server_side_encryption_by_default {
    22. 

  22.       kms_master_key_id = aws_kms_key.bucketkey.arn
    23. 

  23.       sse_algorithm     = "aws:kms"
    24. 

  24.     }
    25. 

  25.   }
    26. 

  26. }
    27. 

  27. 

  28. resource "aws_s3_bucket_lifecycle_configuration" "s3_lifecyle_bucket" {
    29. 

  29.   bucket = aws_s3_bucket.bucket.id
    30. 

  30.   rule {
    31. 

  31.     id     = "INTELLIGENT_TIERING"
    32. 

  32.     status = "Enabled"
    33. 

  33.     filter {} # Required for noncurrent_version_expiration to work
    34. 

  34.     abort_incomplete_multipart_upload {
    35. 

  35.       days_after_initiation = 2
    36. 

  36.     }
    37. 

  37.     transition {
    38. 

  38.       days          = 30
    39. 

  39.       storage_class = "INTELLIGENT_TIERING"
    40. 

  40.     }
    41. 

  41.     noncurrent_version_expiration {
    42. 

  42.       # We always keep the current version and the previous version, and delete any other versions after 90 days
    43. 

  43.       newer_noncurrent_versions = 2
    44. 

  44.       noncurrent_days = 90
    45. 

  45.     }
    46. 

  46.   }
    47. 

  47. }
    48. 

  48. resource "aws_s3_bucket_public_access_block" "public_access_block" {
    49. 

  49.   bucket                  = aws_s3_bucket.bucket.id
    50. 

  50.   block_public_acls       = true
    51. 

  51.   block_public_policy     = true
    52. 

  52.   ignore_public_acls      = true
    53. 

  53.   restrict_public_buckets = true
    54. 

  54. 

  55.   # Not technically dependent, but prevents a "Conflicting conditional operation" conflict.
    56. 

  56.   # See https://github.com/hashicorp/terraform-provider-aws/issues/7628
    57. 

  57.   depends_on = [aws_s3_bucket_policy.s3_bucket_policy]
    58. 

  58. }
    59. 

  59. 

  60. data "aws_iam_policy_document" "s3_bucket_policy" {
    61. 

  61.   statement {
    62. 

  62.     sid    = "AccountAllow"
    63. 

  63.     effect = "Allow"
    64. 

  64. 

  65.     resources = [
    66. 

  66.       aws_s3_bucket.bucket.arn,
    67. 

  67.       "${aws_s3_bucket.bucket.arn}/*",
    68. 

  68.     ]
    69. 

  69. 

  70.     actions = [
    71. 

  71.       "s3:GetObject",
    72. 

  72.       "s3:ListBucket",
    73. 

  73.     ]
    74. 

  74. 

  75.     principals {
    76. 

  76.       type        = "AWS"
    77. 

  77.       identifiers = local.principals
    78. 

  78.     }
    79. 

  79.   }
    80. 

  80. }
    81. 

  81. 

  82. resource "aws_s3_bucket_policy" "s3_bucket_policy" {
    83. 

  83.   depends_on = [ aws_iam_role.role ] # 2022-04-22: FTD: Copied this across, but not sure why this dependency.
    84. 

  84. 

  85.   bucket     = aws_s3_bucket.bucket.id
    86. 

  86. 

  87.   policy     = data.aws_iam_policy_document.s3_bucket_policy.json
    88. 

  88. }
    89.