Create a private and versioned S3 bucket with optional SNS notifications
module "emails_bucket_live" {
source = "scaffoldly/s3-private-versioned/aws"
bucket_name_prefix = "emails-live"
read_only_principals = [
data.aws_iam_role.serverless_email_api_live.arn
]
write_only_service = "ses.amazonaws.com"
notification_prefixes = ["emails.mydomain.com/"]
}| Name | Version |
|---|---|
| terraform | >= 1.0, < 1.7 |
| Name | Version |
|---|---|
| aws | 3.64.2 |
No modules.
| Name | Type |
|---|---|
| aws_s3_bucket.bucket | resource |
| aws_s3_bucket_notification.bucket_notification | resource |
| aws_s3_bucket_policy.policy | resource |
| aws_s3_bucket_public_access_block.block | resource |
| aws_sns_topic.topic | resource |
| aws_sns_topic_policy.sns_policy | resource |
| aws_caller_identity.current | data source |
| aws_iam_policy_document.policy | data source |
| aws_partition.current | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| bucket_name_prefix | A prefix name for the bucket | string |
n/a | yes |
| bucket_name_random_suffix | Set the bucket name to be suffixed with a random string | bool |
true |
no |
| notification_prefixes | The object prefixes to create SNS notifications for (e.g. ['folder1/', 'folder2/'] or [''] for everything) | list |
[] |
no |
| public_access | n/a | bool |
false |
no |
| read_only_principals | The ARNs of users/roles/etc that have read-only access to the bucket | list |
[] |
no |
| read_only_services | The AWS services that have read-only access to the bucket (e.g. ses.amazonaws.com, lambda.amazonaws.com) | list |
[] |
no |
| read_only_services_condition | n/a | map(any) |
{} |
no |
| read_write_principals | The ARNs of users/roles/etc that have read-write access to the bucket | list |
[] |
no |
| root_principal | The root prinicipal. In most cases leave this as 'root' | string |
"root" |
no |
| write_only_principals | The ARNs of users/roles/etc that have write-only access to the bucket | list |
[] |
no |
| write_only_services | The AWS services that have write-only access to the bucket (e.g. ses.amazonaws.com, lambda.amazonaws.com) | list |
[] |
no |
| Name | Description |
|---|---|
| bucket_name | The bucket name with a randomized suffix |
| topic_arns | The topic ARNs created (if any) |