Skip to main content



This module creates an S3 bucket suitable for receiving logs from other AWS services such as S3, CloudFront, and CloudTrail



access_log_bucket_nameName of the S3 bucket where S3 access logs will be sent tostringfalse
access_log_bucket_prefixPrefix to prepend to the current S3 bucket name, where S3 access logs will be sent tostringfalse
aclThe canned ACL to apply. We recommend log-delivery-write for compatibility with AWS servicesstringfalse
allow_encrypted_uploads_onlySet to true to prevent uploads of unencrypted objects to S3 bucketboolfalse
allow_ssl_requests_onlySet to true to require requests to use Secure Socket Layer (HTTPS/SSL). This will explicitly deny access to HTTP requestsboolfalse
block_public_aclsSet to false to disable the blocking of new public access lists on the bucketboolfalse
block_public_policySet to false to disable the blocking of new public policies on the bucketboolfalse
bucket_key_enabledSet this to true to use Amazon S3 Bucket Keys for SSE-KMS, which reduce the cost of AWS KMS requests.\n\nFor more information, see:\nboolfalse
bucket_nameBucket name. If provided, the bucket will be created with this name\ninstead of generating the name from the context.\nstringfalse
bucket_notifications_enabledSend notifications for the object created events. Used for 3rd-party log collection from a bucketboolfalse
bucket_notifications_prefixPrefix filter. Used to manage object notificationsstringfalse
bucket_notifications_typeType of the notification configuration. Only SQS is supported.stringfalse
force_destroyWhen true, permits a non-empty S3 bucket to be deleted by first deleting all objects in the bucket.\nTHESE OBJECTS ARE NOT RECOVERABLE even if they were versioned and stored in Glacier.\nMust be set false unless force_destroy_enabled is also true.\nboolfalse
force_destroy_enabledWhen true, permits force_destroy to be set to true.\nThis is an extra safety precaution to reduce the chance that Terraform will destroy and recreate\nyour S3 bucket, causing COMPLETE LOSS OF ALL DATA even if it was stored in Glacier.\n\nWARNING: Upgrading this module from a version prior to 0.27.0 to this version\n will cause Terraform to delete your existing S3 bucket CAUSING COMPLETE DATA LOSS\n unless you follow the upgrade instructions on the Wiki here.\n See additional instructions for upgrading from v0.27.0 to v0.28.0 here.\n\nboolfalse
ignore_public_aclsSet to false to disable the ignoring of public access lists on the bucketboolfalse
kms_master_key_arnThe AWS KMS master key ARN used for the SSE-KMS encryption. This can only be used when you set the value of sse_algorithm as aws:kms. The default aws/s3 AWS KMS master key is used if this element is absent while the sse_algorithm is aws:kmsstringfalse
lifecycle_configuration_rulesA list of S3 bucket v2 lifecycle rules, as specified in terraform-aws-s3-bucket"\nThese rules are not affected by the deprecated lifecycle_rule_enabled flag.\nNOTE: Unless you also set lifecycle_rule_enabled = false you will also get the default deprecated rules set on your bucket.\nlist(object({\n enabled = bool\n id = string\n\n abort_incomplete_multipart_upload_days = number\n\n # filter_and is the and configuration block inside the filter configuration.\n # This is the only place you should specify a prefix.\n filter_and = any\n expiration = any\n transition = list(any)\n\n noncurrent_version_expiration = any\n noncurrent_version_transition = list(any)\n }))false
restrict_public_bucketsSet to false to disable the restricting of making the bucket publicboolfalse
s3_object_ownershipSpecifies the S3 object ownership control. Valid values are ObjectWriter, BucketOwnerPreferred, and 'BucketOwnerEnforced'.stringfalse
source_policy_documentsList of IAM policy documents that are merged together into the exported document.\nStatements defined in source_policy_documents must have unique SIDs.\nStatement having SIDs that match policy SIDs generated by this module will override them.\nlist(string)false
sse_algorithmThe server-side encryption algorithm to use. Valid values are AES256 and aws:kmsstringfalse
versioning_enabledEnable object versioning, keeping multiple variants of an object in the same bucketboolfalse
writeConnectionSecretToRefThe secret which the cloud resource connection will be written towriteConnectionSecretToReffalse


nameThe secret name which the cloud resource connection will be written tostringtrue
namespaceThe secret namespace which the cloud resource connection will be written tostringfalse