opentelekomcloud_s3_bucket¶

Provides a S3 bucket resource within OpenTelekomCloud.

Example Usage¶

Private Bucket w/ Tags¶

resource "opentelekomcloud_s3_bucket" "bucket" {
  bucket = "my-tf-test-bucket"
  acl    = "private"

  tags = {
    Name        = "My bucket"
    Environment = "Dev"
  }
}

Static Website Hosting¶

resource "opentelekomcloud_s3_bucket" "bucket" {
  bucket = "s3-website-test.hashicorp.com"
  acl    = "public-read"
  policy = file("policy.json")
  website {
    index_document = "index.html"
    error_document = "error.html"

    routing_rules = <<EOF
[{
    "Condition": {
        "KeyPrefixEquals": "docs/"
    },
    "Redirect": {
        "ReplaceKeyPrefixWith": "documents/"
    }
}]
EOF
  }
}

Using CORS¶

resource "opentelekomcloud_s3_bucket" "bucket" {
  bucket = "s3-website-test.hashicorp.com"
  acl    = "public-read"

  cors_rule {
    allowed_headers = ["*"]
    allowed_methods = ["PUT", "POST"]
    allowed_origins = ["https://s3-website-test.hashicorp.com"]
    expose_headers  = ["ETag"]
    max_age_seconds = 3000
  }
}

Using versioning¶

resource "opentelekomcloud_s3_bucket" "bucket" {
  bucket = "my-tf-test-bucket"
  acl    = "private"

  versioning {
    enabled = true
  }
}

Enable Logging¶

resource "opentelekomcloud_s3_bucket" "log_bucket" {
  bucket = "my-tf-log-bucket"
  acl    = "log-delivery-write"
}

resource "opentelekomcloud_s3_bucket" "b" {
  bucket = "my-tf-test-bucket"
  acl    = "private"

  logging {
    target_bucket = opentelekomcloud_s3_bucket.log_bucket.id
    target_prefix = "log/"
  }
}

Using object lifecycle¶

resource "opentelekomcloud_s3_bucket" "bucket" {
  bucket = "my-bucket"
  acl    = "private"

  lifecycle_rule {
    id      = "log"
    enabled = true

    prefix = "log/"
    expiration {
      days = 90
    }
  }

  lifecycle_rule {
    id      = "tmp"
    prefix  = "tmp/"
    enabled = true

    expiration {
      date = "2016-01-12"
    }
  }
}

resource "opentelekomcloud_s3_bucket" "versioning_bucket" {
  bucket = "my-versioning-bucket"
  acl    = "private"

  versioning {
    enabled = true
  }

  lifecycle_rule {
    prefix  = "config/"
    enabled = true
  }
}

Argument Reference¶

The following arguments are supported:

bucket - (Optional, Forces new resource) The name of the bucket. If omitted, Terraform will assign a random, unique name.
bucket_prefix - (Optional, Forces new resource) Creates a unique bucket name beginning with the specified prefix. Conflicts with bucket.
acl - (Optional) The canned ACL to apply. Defaults to private.
policy - (Optional) A valid bucket policy JSON document.

-> If the policy document is not specific enough (but still valid), Terraform may view the policy as constantly changing in a terraform plan. In this case, please make sure you use the verbose/specific version of the policy.

tags - (Optional) A mapping of tags to assign to the bucket.
force_destroy - (Optional, Default:false) A boolean that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.
website - (Optional) A website object (documented below).
cors_rule - (Optional) A rule of Cross-Origin Resource Sharing (documented below).
versioning - (Optional) A state of versioning (documented below)
logging - (Optional) A settings of bucket logging (documented below).
lifecycle_rule - (Optional) A configuration of object lifecycle management (documented below). The website object supports the following:
index_document - (Required, unless using redirect_all_requests_to) Amazon S3 returns this index document when requests are made to the root domain or any of the subfolders.
error_document - (Optional) An absolute path to the document to return in case of a 4XX error.
redirect_all_requests_to - (Optional) A hostname to redirect all website requests for this bucket to. Hostname can optionally be prefixed with a protocol (http:// or https://) to use when redirecting requests. The default is the protocol that is used in the original request.
routing_rules - (Optional) A json array containing routing rules describing redirect behavior and when redirects are applied.

The cors_rule object supports the following:

allowed_headers - (Optional) Specifies which headers are allowed.
allowed_methods - (Required) Specifies which methods are allowed. Can be GET, PUT, POST, DELETE or HEAD.
allowed_origins - (Required) Specifies which origins are allowed.
expose_headers - (Optional) Specifies expose header in the response.
max_age_seconds - (Optional) Specifies time in seconds that browser can cache the response for a preflight request.

The versioning object supports the following:

enabled - (Optional) Enable versioning. Once you version-enable a bucket, it can never return to an unversioned state. You can, however, suspend versioning on that bucket. If omitted, during bucket creation it will be in Disabled state.
mfa_delete - (Optional) Enable MFA delete for either Change the versioning state of your bucket or Permanently delete an object version. Default is false.

The logging object supports the following:

target_bucket - (Required) The name of the bucket that will receive the log objects.
target_prefix - (Optional) To specify a key prefix for log objects.

The lifecycle_rule object supports the following:

id - (Optional) Unique identifier for the rule.
prefix - (Optional) Object key prefix identifying one or more objects to which the rule applies.
enabled - (Required) Specifies lifecycle rule status.
abort_incomplete_multipart_upload_days - (Optional) Specifies the number of days after initiating a multipart upload when the multipart upload must be completed.
expiration - (Optional) Specifies a period in the object's expire (documented below).
noncurrent_version_expiration - (Optional) Specifies when noncurrent object versions expire (documented below).

At least one of expiration, noncurrent_version_expiration must be specified.

The expiration object supports the following

date - (Optional) Specifies the date after which you want the corresponding action to take effect.
days - (Optional) Specifies the number of days after object creation when the specific rule action takes effect.
expired_object_delete_marker - (Optional) On a versioned bucket (versioning-enabled or versioning-suspended bucket), you can add this element in the lifecycle configuration to direct Amazon S3 to delete expired object delete markers.

The noncurrent_version_expiration object supports the following:

days - (Required) Specifies the number of days an object is noncurrent object versions expire.

Attributes Reference¶

The following attributes are exported:

id - The name of the bucket.
arn - The ARN of the bucket. Will be of format arn:aws:s3:::bucketname.
bucket_domain_name - The bucket domain name. Will be of format bucketname.s3.amazonaws.com.
hosted_zone_id - The Route 53 Hosted Zone ID for this bucket's region.
website_endpoint - The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.
website_domain - The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.

Import¶

S3 bucket can be imported using the bucket, e.g.

terraform import opentelekomcloud_s3_bucket.bucket bucket-name

last updated: UTC - commit: