zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cloud-foundation-fabric/modules/gcs
History
Luca Prete f2c80e17f1
[#138] Update copyright headers to 2020 (#139) 
Co-authored-by: Luca Prete <lucaprete@google.com>
 		2020-09-23 11:07:03 +02:00
..
README.md Change bucket_policy_only into uniform_bucket_level_access in GCS module (#135) 2020-09-15 19:33:40 +02:00
main.tf [#138] Update copyright headers to 2020 (#139) 2020-09-23 11:07:03 +02:00
outputs.tf Merge development branch (#44) 2020-04-03 14:06:48 +02:00
variables.tf Change bucket_policy_only into uniform_bucket_level_access in GCS module (#135) 2020-09-15 19:33:40 +02:00
versions.tf [#138] Update copyright headers to 2020 (#139) 2020-09-23 11:07:03 +02:00

README.md

Google Cloud Storage Module

TODO

Example

module "buckets" {
  source     = "./modules/gcs"
  project_id = "myproject"
  prefix     = "test"
  names      = ["bucket-one", "bucket-two"]
  bucket_policy_only = {
    bucket-one = false
  }
  iam_members = {
    bucket-two = {
      "roles/storage.admin" = ["group:storage@example.com"]
    }
  }
  iam_roles = {
    bucket-two = ["roles/storage.admin"]
  }
}

Example with Cloud KMS

module "buckets" {
  source     = "./modules/gcs"
  project_id = "myproject"
  prefix     = "test"
  names      = ["bucket-one", "bucket-two"]
  bucket_policy_only = {
    bucket-one = false
  }
  iam_members = {
    bucket-two = {
      "roles/storage.admin" = ["group:storage@example.com"]
    }
  }
  iam_roles = {
    bucket-two = ["roles/storage.admin"]
  }
  encryption_keys = {
    bucket-two = local.kms_key.self_link,
  }
}

Example with retention policy

module "buckets" {
  source     = "./modules/gcs"
  project_id = "myproject"
  prefix     = "test"
  names      = ["bucket-one", "bucket-two"]
  bucket_policy_only = {
    bucket-one = false
  }
  iam_members = {
    bucket-two = {
      "roles/storage.admin" = ["group:storage@example.com"]
    }
  }
  iam_roles = {
    bucket-two = ["roles/storage.admin"]
  }

  retention_policies = {
    bucket-one = { retention_period = 100 , is_locked = true}
    bucket-two = { retention_period = 900 , is_locked = false}
  }

  logging_config = {
    bucket-one = { log_bucket = bucket_name_for_logging , log_object_prefix = null}
    bucket-two = { log_bucket = bucket_name_for_logging , log_object_prefix = "logs_for_bucket_two"}
  }
}

Variables

name description type required default
names Bucket name suffixes. list(string)
project_id Bucket project id. string
uniform_bucket_level_access Optional map to enable object ACLs keyed by name, defaults to true. map(bool) {}
encryption_keys Per-bucket KMS keys that will be used for encryption. map(string) {}
force_destroy Optional map to set force destroy keyed by name, defaults to false. map(bool) {}
iam_members IAM members keyed by bucket name and role. map(map(list(string))) {}
iam_roles IAM roles keyed by bucket name. map(list(string)) {}
labels Labels to be attached to all buckets. map(string) {}
location Bucket location. string EU
logging_config Per-bucket logging. map(object({...})) {}
prefix Prefix used to generate the bucket name. string null
retention_policies Per-bucket retention policy. map(object({...})) {}
storage_class Bucket storage class. string MULTI_REGIONAL
versioning Optional map to set versioning keyed by name, defaults to false. map(bool) {}

Outputs

name description sensitive
bucket Bucket resource (for single use).
buckets Bucket resources.
name Bucket name (for single use).
names Bucket names.
names_list List of bucket names.
url Bucket URL (for single use).
urls Bucket URLs.
urls_list List of bucket URLs.