Use this URL for the source of the module. See the usage examples below for more details.
github.com/pbs/terraform-aws-s3-bucket-policy-module?ref=1.0.24More information can be found on these install methods and more in the documentation here.
Provisions a bucket policy for an S3 bucket.
By default, adds a rule that prevents HTTP requests without TLS to the bucket. To disable this rule, set force_tls to false (this is not advised).
The replication_source variable configures permissions for S3 replication to take place. If this is set, the module will add a rule that allows the replication role to read from the bucket.
The allow_anonymous_vpce_access variable configures permissions for VPC endpoints to access the bucket. If this is set, the module will add a rule that allows the VPC endpoint to read from the bucket. The vpce variable must be set to the VPC endpoint ID that is to be allowed access.
Use source_policy_documents and override_policy_documents to add extra statements for the policy that you need if the module doesn't provide the statements out of the box. See this for examples.
Integrate this module like so:
module "s3_bucket_policy" {
source = "github.com/pbs/terraform-aws-s3-bucket-policy-module?ref=1.0.24"
# Tagging Parameters
product = var.product
# Optional Parameters
}If this repo is added as a subtree, then the version of the module should be close to the version shown here:
1.0.24
Note, however that subtrees can be altered as desired within repositories.
Further documentation on usage can be found here.
Below is automatically generated documentation on this Terraform module using terraform-docs
| Name | Version |
|---|---|
| terraform | >= 1.9.0 |
| aws | >= 5.0.0 |
| Name | Version |
|---|---|
| aws | 5.24.0 |
No modules.
| Name | Type |
|---|---|
| aws_s3_bucket_policy.bucket_policy | resource |
| aws_iam_policy_document.bucket_policy_doc | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| product | Tag used to group resources according to product | string |
n/a | yes |
| allow_anonymous_vpce_access | Create bucket policy that allows anonymous VPCE access. | bool |
false |
no |
| bucket_policy | Policy to apply to the bucket. If null, one will be guessed based on other variables. | string |
null |
no |
| cloudfront_oac_access_statements | List of objects that define the CloudFront origin access identity access statement. Each object must have a cloudfront_arn and path key. |
list(object({ |
[] |
no |
| force_tls | Deny HTTP requests that are made to the bucket without TLS. | bool |
true |
no |
| name | Name of the s3 bucket this policy is to apply to. If null, will default to product. | string |
null |
no |
| override_policy_documents | List of IAM policy documents that are merged together into the exported document. In merging, statements with non-blank sids will override statements with the same sid from earlier documents in the list. Statements with non-blank sids will also override statements with the same sid from documents provided in the source_json and source_policy_documents arguments. Non-overriding statements will be added to the exported document. | list(string) |
null |
no |
| replication_source | The account number and role for the source bucket in a replication configuration. | object({ |
null |
no |
| source_policy_documents | List of IAM policy documents that are merged together into the exported document. Statements defined in source_policy_documents or source_json must have unique sids. Statements with the same sid from documents assigned to the override_json and override_policy_documents arguments will override source statements. | list(string) |
null |
no |
| vpce | Name of the VPC endpoint that should have access to this bucket. Only used when allow_anonymous_vpce_access is true. |
string |
null |
no |
| Name | Description |
|---|---|
| bucket_policy | JSON value of the bucket policy. |