The S3 object data source allows access to the metadata and _optionally_ (see below) content of an object stored inside S3 bucket.
The following example retrieves a text object (which must have a Content-Type
value starting with text/
) and uses it as the user_data
for an EC2 instance:
data "aws_s3_object" "bootstrap_script" {
bucket = "ourcorp-deploy-config"
key = "ec2-bootstrap-script.sh"
}
resource "aws_instance" "example" {
instance_type = "t2.micro"
ami = "ami-2757f631"
user_data = data.aws_s3_object.bootstrap_script.body
}
The following, more-complex example retrieves only the metadata for a zip
file stored in S3, which is then used to pass the most recent version_id
to AWS Lambda for use as a function implementation. More information about
Lambda functions is available in the documentation for
aws_lambda_function
.
data "aws_s3_object" "lambda" {
bucket = "ourcorp-lambda-functions"
key = "hello-world.zip"
}
resource "aws_lambda_function" "test_lambda" {
s3_bucket = data.aws_s3_object.lambda.bucket
s3_key = data.aws_s3_object.lambda.key
s3_object_version = data.aws_s3_object.lambda.version_id
function_name = "lambda_function_name"
role = aws_iam_role.iam_for_lambda.arn # (not shown)
handler = "exports.test"
}
This data source supports the following arguments:
bucket
- (Required) Name of the bucket to read the object from. Alternatively, an S3 access point ARN can be specifiedchecksum_mode
- (Optional) To retrieve the object's checksum, this argument must be ENABLED
. If you enable checksum_mode
and the object is encrypted with KMS, you must have permission to use the kms:Decrypt
action. Valid values: ENABLED
key
- (Required) Full path to the object inside the bucketversion_id
- (Optional) Specific version ID of the object returned (defaults to latest version)This data source exports the following attributes in addition to the arguments above:
arn
- ARN of the object.body
- Object data (see limitations above to understand cases in which this field is actually available)bucket_key_enabled
- (Optional) Whether or not to use Amazon S3 Bucket Keys for SSE-KMS.cache_control
- Caching behavior along the request/reply chain.checksum_crc32
- The base64-encoded, 32-bit CRC32 checksum of the object.checksum_crc32c
- The base64-encoded, 32-bit CRC32C checksum of the object.checksum_sha1
- The base64-encoded, 160-bit SHA-1 digest of the object.checksum_sha256
- The base64-encoded, 256-bit SHA-256 digest of the object.content_disposition
- Presentational information for the object.content_encoding
- What content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field.content_language
- Language the content is in.content_length
- Size of the body in bytes.content_type
- Standard MIME type describing the format of the object data.etag
- ETag generated for the object (an MD5 sum of the object content in case it's not encrypted)expiration
- If the object expiration is configured (see object lifecycle management), the field includes this header. It includes the expiry-date and rule-id key value pairs providing object expiration information. The value of the rule-id is URL encoded.expires
- Date and time at which the object is no longer cacheable.last_modified
- Last modified date of the object in RFC1123 format (e.g., Mon, 02 Jan 2006 15:04:05 MST
)metadata
- Map of metadata stored with the object in S3. Keys are always returned in lowercase.object_lock_legal_hold_status
- Indicates whether this object has an active legal hold. This field is only returned if you have permission to view an object's legal hold status.object_lock_mode
- Object lock retention mode currently in place for this object.object_lock_retain_until_date
- The date and time when this object's object lock will expire.server_side_encryption
- If the object is stored using server-side encryption (KMS or Amazon S3-managed encryption key), this field includes the chosen encryption and algorithm used.sse_kms_key_id
- If present, specifies the ID of the Key Management Service (KMS) master encryption key that was used for the object.storage_class
- Storage class information of the object. Available for all objects except for Standard
storage class objects.version_id
- Latest version ID of the object returned.website_redirect_location
- If the bucket is configured as a website, redirects requests for this object to another object in the same bucket or to an external URL. Amazon S3 stores the value of this header in the object metadata.tags
- Map of tags assigned to the object.