This module allows you to create and manage a Google Cloud Storage bucket.
This module requires terraform version >=1.3.
module "tf-state-bucket" {
source = "metro-digital/cf-bucket/google"
project_id = "metro-cf-example-ex1-e8v"
name = "tf-state-metro-cf-example-ex1-e8v"
location = "EU"
storage_class = "MULTI_REGIONAL"
uniform_access = true
versioning = true
lifecycle_rules = [
{
action = {
type = "Delete"
},
condition = {
num_newer_versions = 30
}
}
]
}| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| name | Bucket name | string |
n/a | yes |
| project_id | GCP project ID | string |
n/a | yes |
| additional_legacy_bucket_owners | List of additional users/groups/service accounts with role roles/storage.legacyBucketOwner on bucket level If purge_legacy_roles is set to true, this list becomes authoritative.Otherwise the default permissions will be added automatically. |
list(string) |
[] |
no |
| additional_legacy_bucket_readers | List of additional users/groups/service accounts with role roles/storage.legacyBucketReader on bucket level If purge_legacy_roles is set to true, this list becomes authoritative.Otherwise the default permissions will be added automatically. |
list(string) |
[] |
no |
| additional_legacy_bucket_writers | List of additional users/groups/service accounts with role roles/storage.legacyBucketWriter on bucket level If purge_legacy_roles is set to true, this list becomes authoritative.Otherwise the default permissions will be added automatically. |
list(string) |
[] |
no |
| additional_legacy_object_owners | List of additional users/groups/service accounts with role roles/storage.legacyObjectOwner on bucket level If purge_legacy_roles is set to true, this list becomes authoritative.Otherwise the default permissions will be added automatically. |
list(string) |
[] |
no |
| additional_legacy_object_readers | List of additional users/groups/service accounts with role roles/storage.legacyObjectReader on bucket level If purge_legacy_roles is set to true, this list becomes authoritative.Otherwise the default permissions will be added automatically. |
list(string) |
[] |
no |
| encryption | Bucket's encryption configuration. Please provide the id of a Cloud KMS key that will be used to encrypt objects inserted into this bucket, if no encryption method is specified. You must pay attention to whether the crypto key is available in the location that this bucket is created in | list(string) |
[] |
no |
| labels | A set of key/value label pairs to assign to the bucket | map(string) |
{} |
no |
| lifecycle_rules | List of lifecycle rules to configure. Format is the same as described in provider documentation https://www.terraform.io/docs/providers/google/r/storage_bucket.html#lifecycle_rule except condition.matches_storage_class should be a comma delimited string. Set of objects: action: map * type - The type of the action of this Lifecycle Rule. Supported values: Delete and SetStorageClass. * storage_class - (Required if action type is SetStorageClass) The target Storage Class of objects affected by this Lifecycle Rule. condition: map: * age - (Optional) Minimum age of an object in days to satisfy this condition. * created_before - (Optional) Creation date of an object in RFC 3339 (e.g. 2017-06-13) to satisfy this condition. * with_state - (Optional) Match to live and/or archived objects. Supported values include: "LIVE", "ARCHIVED", "ANY". * matches_storage_class - (Optional) Comma delimited string for storage class of objects to satisfy this condition. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, STANDARD, DURABLE_REDUCED_AVAILABILITY. * num_newer_versions - (Optional) Relevant only for versioned objects. The number of newer versions of an object to satisfy this condition. Examples: lifecycle_rules = [ |
set(object({ |
[] |
no |
| location | The GCS location - see https://cloud.google.com/storage/docs/bucket-locations | string |
"EU" |
no |
| logging | Bucket's Access & Storage Logs configuration The logging block supports: * log_bucket - (Required) The bucket that will receive log objects. * log_object_prefix - (Optional, Computed) The object prefix for log objects. If it's not provided, by default GCS sets this to this bucket's name. Example: logging = [{ |
set(object({ |
[] |
no |
| purge_legacy_roles | If enabled the module will purge the default users from roles/storage.legacy* roles | bool |
false |
no |
| storage_admins | list of users with role roles/storage.admin on bucket level (authoritative) | list(string) |
[] |
no |
| storage_class | Bucket's Storage Class | string |
"REGIONAL" |
no |
| storage_object_admins | list of users with role roles/storage.objectAdmin on bucket level (authoritative) | list(string) |
[] |
no |
| storage_object_creators | list of users with role roles/storage.objectCreator on bucket level (authoritative) | list(string) |
[] |
no |
| storage_object_viewers | list of users with role roles/storage.objectViewer on bucket level (authoritative) | list(string) |
[] |
no |
| uniform_access | Enables Uniform bucket-level access to a bucket | bool |
true |
no |
| versioning | Enable Versioning | bool |
false |
no |
| Name | Description |
|---|---|
| location | Bucket location |
| name | Bucket name |
| project | Bucket Project ID |
| storage_class | Bucket's Storage Class |
| versioning | Versioning configuration |
This project is licensed under the terms of the Apache License 2.0
This terraform module depends on providers from HashiCorp, Inc. which are licensed under MPL-2.0. You can obtain the respective source code for these provider here: