awscc_s3_bucket (Resource)

The AWS::S3::Bucket resource creates an Amazon S3 bucket in the same AWS Region where you create the AWS CloudFormation stack. To control how AWS CloudFormation handles the bucket when the stack is deleted, you can set a deletion policy for your bucket. You can choose to retain the bucket or to delete the bucket. For more information, see DeletionPolicy Attribute. You can only delete empty buckets. Deletion fails for buckets that have contents.

Example Usage

Create an S3 bucket

To create an S3 bucket

resource "awscc_s3_bucket" "example" {
  bucket_name = "example-bucket"

  tags = [{
    key   = "Name"
    value = "My bucket"
  }]

}

Create an S3 bucket with public access restricted

To create an S3 bucket with public access restricted

resource "awscc_s3_bucket" "example" {
  bucket_name = "example-bucket"

  tags = [{
    key   = "Name"
    value = "My bucket"
  }]

  public_access_block_configuration = {
    block_public_acls       = true
    block_public_policy     = true
    ignore_public_acls      = true
    restrict_public_buckets = true
  }

}

S3 bucket with default encryption AES256

To create an S3 bucket with server side default encryption AES256

resource "awscc_s3_bucket" "example" {
  bucket_name = "example-bucket"

  bucket_encryption = {
    server_side_encryption_configuration = [{
      server_side_encryption_by_default = {
        sse_algorithm = "AES256"
      }
    }]
  }
}

S3 bucket with default encryption KMS

To create an S3 bucket with server side encryption using KMS

resource "awscc_kms_key" "example" {
  description         = "S3 KMS key"
  enable_key_rotation = true
}

resource "awscc_s3_bucket" "example" {
  bucket_name = "example-bucket-kms"

  bucket_encryption = {
    server_side_encryption_configuration = [{
      server_side_encryption_by_default = {
        sse_algorithm     = "aws:kms"
        kms_master_key_id = awscc_kms_key.example.arn
      }
    }]
  }
}

S3 bucket with versioning enabled

Creates an S3 bucket with versioning enabled.

resource "awscc_s3_bucket" "example" {
  bucket_name = "example-bucket-versioned"
  versioning_configuration = {
    status = "Enabled"
  }

  tags = [{
    key   = "Name"
    value = "My bucket"
  }]

}

S3 bucket with ownership controls specified

Creates an S3 bucket with BucketOwnerPreferred specified as the object owner.

resource "awscc_s3_bucket" "example" {
  bucket_name = "example-bucket"
  ownership_controls = {
    rules = [{
      object_ownership = "BucketOwnerPreferred"
    }]
  }

  tags = [{
    key   = "Name"
    value = "My bucket"
  }]

}

S3 bucket with object expiration lifecycle rules

Creates an S3 bucket with a lifecycle rule to expire non_current version of objects with inputs to classify the current/non-current versions.

resource "awscc_s3_bucket" "example" {
  bucket_name = "example-bucket-lifecycle-rules"
  versioning_configuration = {
    status = "Enabled"
  }
  lifecycle_configuration = {
    rules = [
      {
        id = "expire_non_current_version"
        noncurrent_version_expiration = {
          newer_noncurrent_versions = 1
          noncurrent_days           = 1
        }
        status = "Enabled"
      }
    ]
  }

  tags = [
    {
      key   = "Name"
      value = "My bucket"
    }
  ]
}

S3 bucket with object expiration lifecycle rules with a filter based on both prefix and one or more tags

The Lifecycle rule directs Amazon S3 to perform lifecycle actions on objects with the specified prefix and two tags (with the specific tag keys and values)

resource "awscc_s3_bucket" "example" {
  bucket_name = "example-bucket-lifecycle-rules"
  versioning_configuration = {
    status = "Enabled"
  }
  lifecycle_configuration = {
    rules = [
      {
        id = "expire_non_current_version_filtered_by_tags"
        noncurrent_version_expiration = {
          newer_noncurrent_versions = 1
          noncurrent_days           = 1
        }
        prefix = "logs/"
        tag_filters = [{
          key   = "key1"
          value = "value1"
          },
          {
            key   = "key2"
            value = "value2"
          }
        ]
        status = "Enabled"
      }
    ]
  }

  tags = [
    {
      key   = "Name"
      value = "My bucket"
    }
  ]
}

S3 bucket with abort multipart upload lifecycle rule

Creates an S3 bucket with a lifecycle rule to configure the days after which Amazon S3 aborts and incomplete multipart upload.

resource "awscc_s3_bucket" "example" {
  bucket_name = "example-bucket-lifecycle-rules"
  versioning_configuration = {
    status = "Enabled"
  }
  lifecycle_configuration = {
    rules = [
      {
        id = "abort_incomplete_upload"
        abort_incomplete_multipart_upload = {
          days_after_initiation = 1
        }
        status = "Enabled"
      }

    ]
  }

  tags = [
    {
      key   = "Name"
      value = "My bucket"
    }
  ]
}

Specifying a filter based on object size

Creates an S3 bucket with a lifecycle rule filtered on object size greater than a specified value. Object size values are in bytes. Maximum filter size is 5TB. Some storage classes have minimum object size limitations, for more information, see Comparing the Amazon S3 storage classes.

resource "awscc_s3_bucket" "example" {
  bucket_name = "example-bucket-lifecycle-rules"
  versioning_configuration = {
    status = "Enabled"
  }
  lifecycle_configuration = {
    rules = [
      {

        id = "expire_non_current_version"
        noncurrent_version_expiration = {
          newer_noncurrent_versions = 1
          noncurrent_days           = 1
        }
        object_size_greater_than = 500
        status                   = "Enabled"
      }
    ]
  }

  tags = [
    {
      key   = "Name"
      value = "My bucket"
    }
  ]
}

Specifying a filter based on object size range and prefix

Creates an S3 bucket with a lifecycle rule based on object size range and a prefix. The object_size_greater_than must be less than the object_size_less_than.

resource "awscc_s3_bucket" "example" {
  bucket_name = "example-bucket-lifecycle-rules"
  versioning_configuration = {
    status = "Enabled"
  }
  lifecycle_configuration = {
    rules = [
      {

        id = "expire_non_current_version"
        noncurrent_version_expiration = {
          newer_noncurrent_versions = 1
          noncurrent_days           = 1
        }
        object_size_greater_than = 500
        status                   = "Enabled"
      }
    ]
  }

  tags = [
    {
      key   = "Name"
      value = "My bucket"
    }
  ]
}

Specifying a lifecycle rule to transition objects between storage classes

Creates an S3 bucket with a lifecycle rule which moves non current versions of objects to different storage classes based on predefined days.

resource "awscc_s3_bucket" "example" {
  bucket_name = "example-bucket-lifecycle-rules"
  versioning_configuration = {
    status = "Enabled"
  }
  lifecycle_configuration = {
    rules = [
      {
        id = "non_current_version_transitions"

        noncurrent_version_expiration_in_days = 90
        noncurrent_version_transitions = [
          {
            transition_in_days = 30
            storage_class      = "STANDARD_IA"
          },
          {
            transition_in_days = 60
            storage_class      = "INTELLIGENT_TIERING"
          }
        ]
        status = "Enabled"
      }
    ]
  }

  tags = [
    {
      key   = "Name"
      value = "My bucket"
    }
  ]
}

Schema

Optional

Read-Only

Nested Schema for accelerate_configuration

Required:

Nested Schema for analytics_configurations

Required:

Optional:

Nested Schema for analytics_configurations.storage_class_analysis

Optional:

Nested Schema for analytics_configurations.storage_class_analysis.data_export

Required:

Nested Schema for analytics_configurations.storage_class_analysis.data_export.destination

Required:

Optional:

Nested Schema for analytics_configurations.tag_filters

Required:

Nested Schema for bucket_encryption

Required:

Nested Schema for bucket_encryption.server_side_encryption_configuration

Optional:

Nested Schema for bucket_encryption.server_side_encryption_configuration.server_side_encryption_by_default

Required:

Optional:

Nested Schema for cors_configuration

Required:

Nested Schema for cors_configuration.cors_rules

Required:

Optional:

Nested Schema for intelligent_tiering_configurations

Required:

Optional:

Nested Schema for intelligent_tiering_configurations.tierings

Required:

Nested Schema for intelligent_tiering_configurations.tag_filters

Required:

Nested Schema for inventory_configurations

Required:

Optional:

Nested Schema for inventory_configurations.destination

Required:

Optional:

Nested Schema for lifecycle_configuration

Required:

Nested Schema for lifecycle_configuration.rules

Required:

Optional:

Nested Schema for lifecycle_configuration.rules.abort_incomplete_multipart_upload

Required:

Nested Schema for lifecycle_configuration.rules.noncurrent_version_expiration

Required:

Optional:

Nested Schema for lifecycle_configuration.rules.noncurrent_version_transition

Required:

Optional:

Nested Schema for lifecycle_configuration.rules.noncurrent_version_transitions

Required:

Optional:

Nested Schema for lifecycle_configuration.rules.tag_filters

Required:

Nested Schema for lifecycle_configuration.rules.transition

Required:

Optional:

Nested Schema for lifecycle_configuration.rules.transitions

Required:

Optional:

Nested Schema for logging_configuration

Optional:

Nested Schema for logging_configuration.target_object_key_format

Optional:

Nested Schema for logging_configuration.target_object_key_format.partitioned_prefix

Optional:

Nested Schema for metrics_configurations

Required:

Optional:

Nested Schema for metrics_configurations.tag_filters

Required:

Nested Schema for notification_configuration

Optional:

Nested Schema for notification_configuration.event_bridge_configuration

Optional:

Nested Schema for notification_configuration.lambda_configurations

Required:

Optional:

Nested Schema for notification_configuration.lambda_configurations.filter

Required:

Nested Schema for notification_configuration.lambda_configurations.filter.s3_key

Required:

Nested Schema for notification_configuration.lambda_configurations.filter.s3_key.rules

Required:

Nested Schema for notification_configuration.queue_configurations

Required:

Optional:

Nested Schema for notification_configuration.queue_configurations.filter

Required:

Nested Schema for notification_configuration.queue_configurations.filter.s3_key

Required:

Nested Schema for notification_configuration.queue_configurations.filter.s3_key.rules

Required:

Nested Schema for notification_configuration.topic_configurations

Required:

Optional:

Nested Schema for notification_configuration.topic_configurations.filter

Required:

Nested Schema for notification_configuration.topic_configurations.filter.s3_key

Required:

Nested Schema for notification_configuration.topic_configurations.filter.s3_key.rules

Required:

Nested Schema for object_lock_configuration

Optional:

Nested Schema for object_lock_configuration.rule

Optional:

Nested Schema for object_lock_configuration.rule.default_retention

Optional:

Nested Schema for ownership_controls

Required:

Nested Schema for ownership_controls.rules

Optional:

Nested Schema for public_access_block_configuration

Optional:

Nested Schema for replication_configuration

Required:

Nested Schema for replication_configuration.rules

Required:

Optional:

Nested Schema for replication_configuration.rules.destination

Required:

Optional:

Nested Schema for replication_configuration.rules.destination.access_control_translation

Required:

Nested Schema for replication_configuration.rules.destination.encryption_configuration

Required:

Nested Schema for replication_configuration.rules.destination.metrics

Required:

Optional:

Nested Schema for replication_configuration.rules.destination.storage_class.event_threshold

Required:

Nested Schema for replication_configuration.rules.destination.replication_time

Required:

Nested Schema for replication_configuration.rules.destination.storage_class.time

Required:

Nested Schema for replication_configuration.rules.delete_marker_replication

Optional:

Nested Schema for replication_configuration.rules.filter

Optional:

Nested Schema for replication_configuration.rules.filter.and

Optional:

Nested Schema for replication_configuration.rules.filter.tag_filter.tag_filters

Required:

Nested Schema for replication_configuration.rules.filter.tag_filter

Required:

Nested Schema for replication_configuration.rules.source_selection_criteria

Optional:

Nested Schema for replication_configuration.rules.source_selection_criteria.replica_modifications

Required:

Nested Schema for replication_configuration.rules.source_selection_criteria.sse_kms_encrypted_objects

Required:

Nested Schema for tags

Required:

Nested Schema for versioning_configuration

Optional:

Nested Schema for website_configuration

Optional:

Nested Schema for website_configuration.redirect_all_requests_to

Required:

Optional:

Nested Schema for website_configuration.routing_rules

Required:

Optional:

Nested Schema for website_configuration.routing_rules.redirect_rule

Optional:

Nested Schema for website_configuration.routing_rules.routing_rule_condition

Optional:

Import

Import is supported using the following syntax:

$ terraform import awscc_s3_bucket.example <resource ID>