Skip to content

davinerd/tf_s3_replica

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

S3 Replication

This terraform module allows you to create an S3 bucket with geo replication and logs enabled.

It also enforces encryption at rest using SSE-AES.

At least one IAM role is required, in order to allow it to access the S3 buckets.

Example

resource "aws_iam_role" "access_role" {
  name                = "access-s3-role"
  assume_role_policy  = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "ec2.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}
EOF
}

module "s3_repl" {
  source = "git::https://github.com/davinerd/tf_s3_replica"
  
  main_bucket_name = "my-new-bucket"

  replication_bucket_name = "my-new-bucket-repl"

  replica_region = "us-west-1"

  extra_tags = {
    "Owner" = "davide barbato",
    "Squad" = "Ops"
  }

  s3_actions = ["s3:*"]

  access_roles_name = [aws_iam_role.access_role.name]
}