Change to manage multiple S3 buckets

Author: snemetz

main.tf

@@ -1,48 +1,78 @@
 /**
- * AWS S3 Terraform Module
+ * AWS S3 Bucket Terraform Module
  * =====================
  *
- * Create AWS S3 bucket and set policy
+ * Create multiple AWS S3 buckets and set policies
  *
  * Usage:
  * ------
- *
- *     module "s3" {
- *       source       = "../tf_s3"
- *       name         = "apps"
- *       environment  = "dev01"
+ * '''hcl
+ *     module "s3-bucket" {
+ *       source       = "../s3-bucket"
+ *       names        = ["images","thumbnails"]
+ *       environment  = "dev"
+ *       org          = "corp"
  *     }
+ * '''
 **/
 
 # TODO: Allow pass policy via variable. Default empty policy. If can be done, otherwise 2 modules
 # create s3 bucket and set policy
-resource "aws_s3_bucket" "bucket" {
-  #bucket = "dmp-rpns-${var.s3_env_map[var.env]}"
-  # TODO: Setup namespaced condition
-  bucket = "${format("%s-%s", var.environment, var.name)}"
-  acl = "private"
+# TODO: setup encryption
+
+resource "aws_s3_bucket" "this" {
+  count = "${length(var.names)}"
+  bucket = "${var.namespaced ?
+   format("%s-%s-%s", var.org, var.environment, element(var.names, count.index)) :
+   format("%s-%s", var.org, element(var.names, count.index))}"
+  acl = "${var.public ? public-read : private}"
   versioning {
-    enabled = true
+    enabled = "${var.versioned}"
   }
+  #acceleration_status
+  #force_destroy = true
+  #lifecycle_rule {}
+  #logging {
+  #  target_bucket
+  #  target_prefix
+  #}
+  #region
+  #request_payer
+  #replication_configuration {}
   tags = "${ merge(
     var.tags,
     map("Name", var.namespaced ?
-     format("%s-%s-s3-bucket", var.environment, var.name) :
-     format("%s-s3-bucket", var.name) ),
+     format("%s-%s-s3-bucket", var.environment, element(var.names, count.index)) :
+     format("%s-s3-bucket", element(var.names, count.index)) ),
     map("Environment", var.environment),
     map("Terraform", "true") )}"
 }
+
 /*
 data "template_file" "policy_s3_bucket" {
+  # TODO: add condition to select public or private template
+  #   or 2 data and condition in policy for which data to use
   template = "${file("${path.module}/files/policy_s3_bucket.json")}"
   vars = {
-    name  = "${aws_s3_bucket.bucket.bucket}"
+    name  = "${aws_s3_bucket.this.bucket}"
     principal = "${var.principal}"
   }
 }
 
 resource "aws_s3_bucket_policy" "bucket_policy" {
-  bucket = "${aws_s3_bucket.bucket.id}"
+  bucket = "${aws_s3_bucket.this.id}"
   policy = "${data.template_file.policy_s3_bucket.rendered}"
 }
 */
+
+#resource "aws_s3_bucket_notification"
+
+/*
+resource "aws_s3_bucket_object" "this" {
+  count   = "${length(var.files)}"
+  bucket  = "${aws_s3_bucket.this.id}"
+  key     = "${element(keys(var.files), count.index)}"
+  source  = "${lookup(var.files, element(keys(var.files), count.index))}"
+  etag    = "${md5(file("${lookup(var.files, element(keys(var.files), count.index))}"))}"
+}
+*/

outputs.tf

@@ -1,25 +1,29 @@
-// AWS S3 Bucket Name
-output "s3_bucket_name" {
-  value = "${aws_s3_bucket.bucket.id}"
-}
 
-// AWS S3 Bucket ARN
-output "s3_bucket_arn" {
-  value = "${aws_s3_bucket.bucket.arn}"
+output "arn" {
+  description = "List of AWS S3 Bucket ARNs"
+  value = "${aws_s3_bucket.this.*.arn}"
+}
+output "domain_name" {
+  description = "List of AWS S3 Bucket Domain Names"
+  value = "${aws_s3_bucket.this.*.bucket_domain_name}"
 }
-// AWS S3 Bucket Domain Name
-output "s3_bucket_domain_name" {
-  value = "${aws_s3_bucket.bucket.bucket_domain_name}"
+output "hosted_zone_id" {
+  description = "List of AWS S3 Bucket Hosted Zone IDs"
+  value = "${aws_s3_bucket.this.*.hosted_zone_id}"
 }
-// AWS S3 Bucket Region
-output "s3_bucket_region" {
-  value = "${aws_s3_bucket.bucket.region}"
+output "id" {
+  description = "List of AWS S3 Bucket IDs"
+  value       = "${aws_s3_bucket.this.*.id}"
 }
-// AWS S3 Bucket ID
-output "s3_bucket_id" {
-  value = "${aws_s3_bucket.bucket.id}"
+output "name" {
+  description = "List of AWS S3 Bucket Names"
+  value = "${aws_s3_bucket.this.*.id}"
 }
-// AWS S3 Bucket Hosted Zone ID
-output "s3_bucket_hosted_zone_id" {
-  value = "${aws_s3_bucket.bucket.hosted_zone_id}"
+output "region" {
+  description = "List of AWS S3 Bucket Regions"
+  value = "${aws_s3_bucket.this.*.region}"
 }
+
+#aws_s3_bucket_object.this.id
+#aws_s3_bucket_object.this.etag
+#aws_s3_bucket_object.this.version_id

variables.tf

@@ -1,8 +1,10 @@
 
+
 // Standard Variables
 
-variable "name" {
-  description = "Name"
+variable "names" {
+  description = "List of S3 bucket names"
+  type        = "list"
 }
 variable "environment" {
   description = "Environment (ex: dev, qa, stage, prod)"
@@ -16,8 +18,21 @@ variable "tags" {
   default     = {}
 }
 
+variable "org" {
+  description = "Organization name to prefix S3 buckets with"
+}
+
 // Module specific Variables
 
 variable "principal" {
   description = "principal"
+  default     = "*"
+}
+variable "public" {
+  description = "Allow public read access to bucket"
+  default     = false
+}
+variable "versioned" {
+  description = "Version the bucket"
+  default     = false
 }