Resource: aws_s3_bucket_object

Provides an S3 object resource.

Example Usage

Uploading a file to a bucket

resource "aws_s3_bucket_object" "object" {
  bucket = "your_bucket_name"
  key    = "new_object_key"
  source = "path/to/file"

  # The filemd5() function is available in Terraform 0.11.12 and later
  # For Terraform 0.11.11 and earlier, use the md5() function and the file() function:
  # etag = "${md5(file("path/to/file"))}"
  etag = filemd5("path/to/file")
}

Encrypting with KMS Key

resource "aws_kms_key" "examplekms" {
  description             = "KMS key 1"
  deletion_window_in_days = 7
}

resource "aws_s3_bucket" "examplebucket" {
  bucket = "examplebuckettftest"
}

resource "aws_s3_bucket_acl" "example" {
  bucket = aws_s3_bucket.examplebucket.id
  acl    = "private"
}

resource "aws_s3_bucket_object" "example" {
  key        = "someobject"
  bucket     = aws_s3_bucket.examplebucket.id
  source     = "index.html"
  kms_key_id = aws_kms_key.examplekms.arn
}

Server Side Encryption with S3 Default Master Key

resource "aws_s3_bucket" "examplebucket" {
  bucket = "examplebuckettftest"
}

resource "aws_s3_bucket_acl" "example" {
  bucket = aws_s3_bucket.examplebucket.id
  acl    = "private"
}

resource "aws_s3_bucket_object" "example" {
  key                    = "someobject"
  bucket                 = aws_s3_bucket.examplebucket.id
  source                 = "index.html"
  server_side_encryption = "aws:kms"
}

Server Side Encryption with AWS-Managed Key

resource "aws_s3_bucket" "examplebucket" {
  bucket = "examplebuckettftest"
}

resource "aws_s3_bucket_acl" "example" {
  bucket = aws_s3_bucket.examplebucket.id
  acl    = "private"
}

resource "aws_s3_bucket_object" "example" {
  key                    = "someobject"
  bucket                 = aws_s3_bucket.examplebucket.id
  source                 = "index.html"
  server_side_encryption = "AES256"
}

S3 Object Lock

resource "aws_s3_bucket" "examplebucket" {
  bucket = "examplebuckettftest"

  object_lock_enabled = true
}

resource "aws_s3_bucket_acl" "example" {
  bucket = aws_s3_bucket.examplebucket.id
  acl    = "private"
}

resource "aws_s3_bucket_versioning" "example" {
  bucket = aws_s3_bucket.examplebucket.id
  versioning_configuration {
    status = "Enabled"
  }
}

resource "aws_s3_bucket_object" "example" {
  # Must have bucket versioning enabled first
  depends_on = [aws_s3_bucket_versioning.example]

  key    = "someobject"
  bucket = aws_s3_bucket.examplebucket.id
  source = "important.txt"

  object_lock_legal_hold_status = "ON"
  object_lock_mode              = "GOVERNANCE"
  object_lock_retain_until_date = "2021-12-31T23:59:60Z"

  force_destroy = true
}

Argument Reference

The following arguments are required:

The following arguments are optional:

If no content is provided through source, content or content_base64, then the object will be empty.

Attribute Reference

This resource exports the following attributes in addition to the arguments above:

Import

In Terraform v1.5.0 and later, use an import block to import objects using the id or S3 URL. For example:

Import using the id, which is the bucket name and the key together:

import {
  to = aws_s3_bucket_object.example
  id = "some-bucket-name/some/key.txt"
}

Import using S3 URL syntax:

import {
  to = aws_s3_bucket_object.example
  id = "s3://some-bucket-name/some/key.txt"
}

Using terraform import to import objects using the id or S3 URL. For example:

Import using the id, which is the bucket name and the key together:

% terraform import aws_s3_bucket_object.example some-bucket-name/some/key.txt

Import using S3 URL syntax:

% terraform import aws_s3_bucket_object.example s3://some-bucket-name/some/key.txt