initial commit

2026-02-13 15:44:24 +08:00
parent 66be8224f4
commit 09ce4c881a
570 changed files with 61807 additions and 0 deletions
@@ -0,0 +1,19 @@
+# Overview
+This module creates s3 bucket using default settings and AWS AES256 encryption
+The bucket is meant for infrastructure use. Versioning is off and object expires in 90 days
+
+## Inputs:
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:-----:|
+| application | name of application | string | none | yes |
+| environment | capacity of environment (prd/dev/lab) | string | none | yes | 
+| customer-name | owner of aws resources | string | none | yes |
+| project | name of project | string | none | yes |
+| default-tags | tags to be added to resources | list | none | yes | 
+| aws-region-short | short name of aws region (e.g. apne1) | string | none | yes |
+| bucket-name | name or prefix of s3 bucket | string | none | yes |
+| add-random-suffix | Whether to append a random string to bucket name | bool | false | no |
+| bucket-policy-json | bucket policy | json | none | yes |
+| enable-bucket-versioning | Whether to enable bucket versioning | bool | false | no |
+| bucket-retain-days | Days before s3 objects are expired on s3 | number | 90 | no |
+
@@ -0,0 +1,82 @@
+module random-suffix {
+  source = "../../util/random"
+}
+
+resource "aws_s3_bucket" "s3bucket" {
+  bucket = var.add-random-suffix ? "${var.bucket-name}-${module.random-suffix.number}" : var.bucket-name
+  tags = var.default-tags
+}
+
+resource "aws_s3_bucket_policy" "bucket-policy" {
+  bucket = aws_s3_bucket.s3bucket.bucket
+  policy = var.bucket-policy-json
+
+}
+  resource "aws_s3_bucket_lifecycle_configuration" "bucket-lifecycle-config" {
+  count = var.bucket-enable-lifecycle ? 1 : 0
+
+  bucket = aws_s3_bucket.s3bucket.bucket
+
+  rule {
+    id = "default"
+    status = "Enabled"
+
+    dynamic "noncurrent_version_expiration" {
+      for_each = var.enable-bucket-versioning ? [1] : []
+      content {
+        noncurrent_days = 90
+      }
+    }
+
+    dynamic "expiration" {
+      for_each = var.bucket-retain-days > 0 ? [1] : []
+      content {
+        days = var.bucket-retain-days
+      }
+    }
+
+    transition {
+      days          = var.transition-ia-days
+      storage_class = "STANDARD_IA"
+    }
+  }
+}
+
+resource "aws_s3_bucket_acl" "bucket-acl" {
+  bucket = aws_s3_bucket.s3bucket.bucket
+  acl    = var.bucket-acl
+}
+
+resource "aws_s3_bucket_versioning" "bucket-versioning" {
+  count = var.enable-bucket-versioning ? 1 : 0
+  bucket = aws_s3_bucket.s3bucket.id
+  versioning_configuration {
+    status = "Enabled"
+  }
+}
+
+resource "aws_s3_bucket_server_side_encryption_configuration" "bucket-encryption" {
+  bucket = aws_s3_bucket.s3bucket.bucket
+  rule {
+    apply_server_side_encryption_by_default {
+      sse_algorithm     = "AES256"
+    }
+  }
+}
+
+resource "aws_s3_bucket_public_access_block" "s3-public-access-settings" {
+  bucket = aws_s3_bucket.s3bucket.id
+
+  block_public_acls   = true
+  block_public_policy = true
+  ignore_public_acls =  true
+  restrict_public_buckets = true
+}
+
+resource "aws_s3_bucket_ownership_controls" "ctbucket-ownership-setting" {
+  bucket = aws_s3_bucket.s3bucket.id
+
+  rule {
+    object_ownership = "BucketOwnerPreferred"
+  }
+}
@@ -0,0 +1,3 @@
+output bucket-name {
+  value = aws_s3_bucket.s3bucket.id
+}
@@ -0,0 +1,30 @@
+variable "default-tags" {}
+variable "bucket-retain-days" {
+  type = number
+  default = 90
+}
+variable "bucket-name" {}
+variable "bucket-policy-json" {}
+variable "enable-bucket-versioning" {
+  type = bool
+  default = false
+}
+variable "add-random-suffix" {
+  type = bool
+  default = false
+}
+
+variable bucket-acl {
+  type = string
+  default = "private"
+}
+
+variable bucket-enable-lifecycle {
+  type = bool
+  default = true
+}
+
+variable transition-ia-days {
+  type = number
+  default = 30
+}