| acl |
ACL to use for the bucket; defaults to 'private' |
string |
"private" |
no |
| additional_tags |
A map of additional tags to merge with the module's standard tags and apply to the bucket. |
map(string) |
{} |
no |
| allow_administer_resource_arns |
The list of fully-qualified AWS IAM ARNs authorized to administer this bucket. Wildcards are supported. e.g. arn:aws:iam::12345678910:user/ci or arn:aws:iam::12345678910:role/app-backend-* |
list(string) |
[] |
no |
| allow_administer_resource_test |
The IAM test to use in the policy statement condition, should be one of 'ArnEquals' (default) or 'ArnLike' |
string |
"ArnEquals" |
no |
| allow_delete_data_arns |
The list of fully-qualified AWS IAM ARNs authorized to delete data in this bucket. Wildcards are supported. e.g. arn:aws:iam::12345678910:user/ci or arn:aws:iam::12345678910:role/app-backend-* |
list(string) |
[] |
no |
| allow_delete_data_test |
The IAM test to use in the policy statement condition, should be one of 'ArnEquals' (default) or 'ArnLike' |
string |
"ArnEquals" |
no |
| allow_read_config_arns |
The list of fully-qualified AWS IAM ARNs authorized to read configuration of this bucket. Wildcards are supported. e.g. arn:aws:iam::12345678910:user/ci or arn:aws:iam::12345678910:role/app-backend-* |
list(string) |
[] |
no |
| allow_read_config_test |
The IAM test to use in the policy statement condition, should be one of 'ArnEquals' (default) or 'ArnLike' |
string |
"ArnEquals" |
no |
| allow_read_data_arns |
The list of fully-qualified AWS IAM ARNs authorized to read data in this bucket. Wildcards are supported. e.g. arn:aws:iam::12345678910:user/ci or arn:aws:iam::12345678910:role/app-backend-* |
list(string) |
[] |
no |
| allow_read_data_test |
The IAM test to use in the policy statement condition, should be one of 'ArnEquals' (default) or 'ArnLike' |
string |
"ArnEquals" |
no |
| allow_write_data_arns |
The list of fully-qualified AWS IAM ARNs authorized to write data in this bucket. Wildcards are supported. e.g. arn:aws:iam::12345678910:user/ci or arn:aws:iam::12345678910:role/app-backend-* |
list(string) |
[] |
no |
| allow_write_data_test |
The IAM test to use in the policy statement condition, should be one of 'ArnEquals' (default) or 'ArnLike' |
string |
"ArnEquals" |
no |
| app |
Name of the application the bucket supports |
string |
n/a |
yes |
| availability |
Expected Availability level of data in the bucket, e.g. 0.999, 0.9999, 0.99999, 0.999999 |
string |
"" |
no |
| block_public_acls |
n/a |
string |
"true" |
no |
| block_public_policy |
n/a |
string |
"true" |
no |
| business_process |
The high-level business process the bucket supports |
string |
"" |
no |
| business_unit |
The top-level organizational division that owns the resource. e.g. Consumer Retail, Enterprise Solutions, Manufacturing |
string |
"" |
no |
| compliance_scheme |
The regulatory compliance scheme the resource’s configuration should conform to |
string |
"" |
no |
| confidentiality |
Expected Confidentiality level of data in the bucket, e.g. Public, Internal, Confidential, Restricted |
string |
"" |
no |
| cost_center |
The managerial accounting cost center for the bucket |
string |
"" |
no |
| env |
Name of the environment the bucket supports |
string |
n/a |
yes |
| force_destroy |
Force destruction of the bucket and all objects in it; defaults to 'false' |
string |
"false" |
no |
| ignore_public_acls |
n/a |
string |
"true" |
no |
| integrity |
Expected Integrity level of data in the bucket, e.g. 0.999, 0.9999, 0.99999, 0.999999 |
string |
"" |
no |
| kms_master_key_id |
(Optional) ARN of KMS key to encrypt objects with. Empty string means use the default master key. |
string |
"" |
no |
| logging_target_bucket |
Bucket to use for request access logging |
string |
n/a |
yes |
| logging_target_prefix |
(Optional) Override the default log prefix path of log/s3// |
string |
"" |
no |
| logical_name |
Specify the 'logical' name of the bucket appropriate for the bucket's primary use case, e.g. media or orders |
string |
n/a |
yes |
| org |
Short id of the organization that owns the bucket |
string |
n/a |
yes |
| owner |
Name of the team or department that responsible for the bucket |
string |
n/a |
yes |
| policy |
(optional) fully rendered policy; if unspecified, the policy will be generated from the allow_* variables |
string |
"" |
no |
| restrict_public_buckets |
n/a |
string |
"true" |
no |
| role |
The role or function of this resource within the Application's logical architecture, e.g. load balancer, app server, database |
string |
"" |
no |
| versioning_enabled |
Enable versioning on the bucket; defaults to 'true' |
string |
"true" |
no |
| versioning_mfa_delete |
Require confirmation of deletes via multi-factor auth; defaults to 'false' |
string |
"false" |
no |