AWS Amazon S3 Bucket Metric
This page shows how to write Terraform and CloudFormation for Amazon S3 Bucket Metric and write them securely.
aws_s3_bucket_metric (Terraform)
The Bucket Metric in Amazon S3 can be configured in Terraform with the resource name aws_s3_bucket_metric. The following sections describe 3 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_s3_bucket_metric" "replica" {
provider = aws.replica
bucket = module.replica.s3_bucket_id
name = "All"
}
resource "aws_s3_bucket_metric" "master" {
provider = aws.master
bucket = module.master.s3_bucket_id
name = "All"
}
resource "aws_s3_bucket_metric" "dq_log_archive_bucket_logging" {
provider = aws.ENV_ACCT
bucket = "s3-dq-log-archive-ci"
name = "dq_log_archive_bucket_metric"
depends_on = [aws_s3_bucket.dq_log_archive_bucket]
Parameters
Explanation in Terraform Registry
Provides a S3 bucket metrics configuration resource.
Tips: Best Practices for The Other AWS Amazon S3 Resources
In addition to the aws_s3_bucket_public_access_block, AWS Amazon S3 has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
aws_s3_bucket_public_access_block
Ensure S3 bucket-level Public Access Block restricts public bucket policies
It is better to enable S3 bucket-level Public Access Block if you don't need public buckets.
aws_s3_bucket
Ensure S3 bucket access policy is well configured
It is better to configure the S3 bucket access policy properly to limit it unless explicitly required.
AWS::S3::Bucket MetricsConfiguration (CloudFormation)
The Bucket MetricsConfiguration in S3 can be configured in CloudFormation with the resource name AWS::S3::Bucket MetricsConfiguration. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
Parameters
AccessPointArn
The access point that was used while performing operations on the object. The metrics configuration only includes objects that meet the filter's criteria.
Required: No
Type: String
Update requires: No interruption
Id
The ID used to identify the metrics configuration. This can be any value you choose that helps you identify your metrics configuration.
Required: Yes
Type: String
Update requires: No interruption
Prefix
The prefix that an object must have to be included in the metrics results.
Required: No
Type: String
Update requires: No interruption
TagFilters
Specifies a list of tag filters to use as a metrics configuration filter. The metrics configuration includes only objects that meet the filter's criteria.
Required: No
Type: List of TagFilter
Update requires: No interruption
Explanation in CloudFormation Registry
Specifies a metrics configuration for the CloudWatch request metrics (specified by the metrics configuration ID) from an Amazon S3 bucket. If you're updating an existing metrics configuration, note that this is a full replacement of the existing metrics configuration. If you don't include the elements you want to keep, they are erased. For examples, see AWS::S3::Bucket. For more information, see PUT Bucket metrics in the Amazon S3 API Reference.
Frequently asked questions
What is AWS Amazon S3 Bucket Metric?
AWS Amazon S3 Bucket Metric is a resource for Amazon S3 of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.
Where can I find the example code for the AWS Amazon S3 Bucket Metric?
For Terraform, the 3scale-ops/tf-aws-s3-backup, 3scale-ops/tf-aws-s3-backup and UKHomeOffice/dq-tf-aws-compliance-ci-infra source code examples are useful. See the Terraform Example section for further details.
