Google Cloud Storage Module
TODO
Example
module "buckets" {
source = "./modules/gcs"
project_id = "myproject"
prefix = "test"
names = ["bucket-one", "bucket-two"]
bucket_policy_only = {
bucket-one = false
}
iam_members = {
bucket-two = {
"roles/storage.admin" = ["group:storage@example.com"]
}
}
iam_roles = {
bucket-two = ["roles/storage.admin"]
}
}
Example with Cloud KMS
module "buckets" {
source = "./modules/gcs"
project_id = "myproject"
prefix = "test"
names = ["bucket-one", "bucket-two"]
bucket_policy_only = {
bucket-one = false
}
iam_members = {
bucket-two = {
"roles/storage.admin" = ["group:storage@example.com"]
}
}
iam_roles = {
bucket-two = ["roles/storage.admin"]
}
encryption_keys = {
bucket-two = local.kms_key.self_link,
}
}
Example with retention policy
module "buckets" {
source = "./modules/gcs"
project_id = "myproject"
prefix = "test"
names = ["bucket-one", "bucket-two"]
bucket_policy_only = {
bucket-one = false
}
iam_members = {
bucket-two = {
"roles/storage.admin" = ["group:storage@example.com"]
}
}
iam_roles = {
bucket-two = ["roles/storage.admin"]
}
retention_policies = {
bucket-one = { retention_period = 100 , is_locked = true}
bucket-two = { retention_period = 900 , is_locked = false}
}
logging_config = {
bucket-one = { log_bucket = bucket_name_for_logging , log_object_prefix = null}
bucket-two = { log_bucket = bucket_name_for_logging , log_object_prefix = "logs_for_bucket_two"}
}
}
Variables
name |
description |
type |
required |
default |
names |
Bucket name suffixes. |
list(string) |
✓ |
|
project_id |
Bucket project id. |
string |
✓ |
|
uniform_bucket_level_access |
Optional map to enable object ACLs keyed by name, defaults to true. |
map(bool) |
|
{} |
encryption_keys |
Per-bucket KMS keys that will be used for encryption. |
map(string) |
|
{} |
force_destroy |
Optional map to set force destroy keyed by name, defaults to false. |
map(bool) |
|
{} |
iam_members |
IAM members keyed by bucket name and role. |
map(map(list(string))) |
|
{} |
iam_roles |
IAM roles keyed by bucket name. |
map(list(string)) |
|
{} |
labels |
Labels to be attached to all buckets. |
map(string) |
|
{} |
location |
Bucket location. |
string |
|
EU |
logging_config |
Per-bucket logging. |
map(object({...})) |
|
{} |
prefix |
Prefix used to generate the bucket name. |
string |
|
null |
retention_policies |
Per-bucket retention policy. |
map(object({...})) |
|
{} |
storage_class |
Bucket storage class. |
string |
|
MULTI_REGIONAL |
versioning |
Optional map to set versioning keyed by name, defaults to false. |
map(bool) |
|
{} |
Outputs
name |
description |
sensitive |
bucket |
Bucket resource (for single use). |
|
buckets |
Bucket resources. |
|
name |
Bucket name (for single use). |
|
names |
Bucket names. |
|
names_list |
List of bucket names. |
|
url |
Bucket URL (for single use). |
|
urls |
Bucket URLs. |
|
urls_list |
List of bucket URLs. |
|