Patterned Designs HCL Module Registry
MODULE

s3-bucket

essentials/s3-bucket/aws
v0.1.0 latest View all versions

Terraform module for s3-bucket on aws

View Full Documentation Usage guides, examples & best practices
module "s3-bucket" {
  source  = "registry.patterneddesigns.ca/essentials/s3-bucket/aws"
  version = "0.1.0"
}
bucket_name required
string

Name of the S3 bucket. Must be globally unique, 3-63 characters, lowercase letters, numbers, and hyphens only.

Constraints
  • Bucket name must be 3-63 characters, contain only lowercase letters, numbers, and hyphens, and must start and end with a letter or number.
versioning_enabled
bool default: true

Enable versioning for the bucket. Keeps multiple variants of an object for accidental deletion and overwrite protection.

encryption_type
string default: AES256

Encryption type for the bucket. Use 'AES256' for S3-managed keys (SSE-S3) or 'aws:kms' for KMS-managed keys (SSE-KMS).

Constraints
  • Encryption type must be either 'AES256' or 'aws:kms'.
kms_key_arn
string default: null

KMS key ARN for encryption. Required when encryption_type is 'aws:kms'.

Constraints
  • KMS key ARN must be a valid AWS KMS key ARN.
lifecycle_rules
list(object({ prefix = optional(string, "") expiration_days = optional(number) transition_days = optional(number) transition_class = optional(string) })) default: null

Lifecycle rules for object management. Each rule can define expiration or transition policies. Each object supports: - prefix: Object key prefix filter (optional) - expiration_days: Days until object expiration (optional) - transition_days: Days until storage class transition (optional) - transition_class: Target storage class for transition (optional) Valid transition classes: STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER_IR, GLACIER, DEEP_ARCHIVE

Constraints
  • Transition class must be one of: STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER_IR, GLACIER, DEEP_ARCHIVE.
cors_configuration
object({ cors_rules = list(object({ allowed_methods = list(string) allowed_origins = list(string) allowed_headers = optional(list(string), []) expose_headers = optional(list(string), []) max_age_seconds = optional(number) })) }) default: null

CORS configuration for cross-origin access. Set to null to disable CORS. cors_rules is a list of objects with: - allowed_methods: HTTP methods allowed (GET, PUT, POST, DELETE, HEAD) - required - allowed_origins: Origins allowed to make requests - required - allowed_headers: Headers allowed in preflight requests (optional) - expose_headers: Headers exposed to the browser (optional) - max_age_seconds: Cache duration for preflight responses (optional)

Constraints
  • Allowed methods must be one of: GET, PUT, POST, DELETE, HEAD.
access_logging
object({ target_bucket = string target_prefix = optional(string, "") }) default: null

Access logging configuration for audit trails. Set to null to disable logging. Object properties: - target_bucket: Bucket where logs are delivered (required) - target_prefix: Prefix for log objects (optional)

tags
map(string) default: null

Tags to apply to the bucket.

bucket_arn

ARN of the S3 bucket. Use this for IAM policies, resource references, and cross-service integrations.

bucket_id

ID (name) of the S3 bucket. Use this for SDK calls, CLI commands, and resource references that require the bucket name.

bucket_domain_name

Domain name of the bucket in the format bucket-name.s3.amazonaws.com. Use this for direct URL access and CloudFront origins.

bucket_regional_domain_name

Regional domain name of the bucket in the format bucket-name.s3.region.amazonaws.com. Preferred for CloudFront origins and cross-region access.

← Back to Home Machine-readable specification