AWS Amazon S3 Bucket Object
This page shows how to write Terraform and CloudFormation for Amazon S3 Bucket Object and write them securely.
aws_s3_bucket_object (Terraform)
The Bucket Object in Amazon S3 can be configured in Terraform with the resource name aws_s3_bucket_object
. The following sections describe 1 example of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_s3_bucket_object" "assassinatos" {
bucket = aws_s3_bucket.dlt.id
key = "data/assassinatos.csv"
acl = "private"
source = "../data/assassinatos.csv"
etag = filemd5("../data/assassinatos.csv")
Parameters
-
acl
optional - string -
bucket
required - string -
bucket_key_enabled
optional computed - bool -
cache_control
optional - string -
content
optional - string -
content_base64
optional - string -
content_disposition
optional - string -
content_encoding
optional - string -
content_language
optional - string -
content_type
optional computed - string -
etag
optional computed - string -
force_destroy
optional - bool -
id
optional computed - string -
key
required - string -
kms_key_id
optional computed - string -
metadata
optional - map from string to string -
object_lock_legal_hold_status
optional - string -
object_lock_mode
optional - string -
object_lock_retain_until_date
optional - string -
server_side_encryption
optional computed - string -
source
optional - string -
storage_class
optional computed - string -
tags
optional - map from string to string -
version_id
optional computed - string -
website_redirect
optional - string
Explanation in Terraform Registry
Provides a S3 bucket object resource.
Tips: Best Practices for The Other AWS Amazon S3 Resources
In addition to the aws_s3_bucket_public_access_block, AWS Amazon S3 has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
aws_s3_bucket_public_access_block
Ensure S3 bucket-level Public Access Block restricts public bucket policies
It is better to enable S3 bucket-level Public Access Block if you don't need public buckets.
aws_s3_bucket
Ensure S3 bucket access policy is well configured
It is better to configure the S3 bucket access policy properly to limit it unless explicitly required.
AWS::S3::Bucket ObjectLockConfiguration (CloudFormation)
The Bucket ObjectLockConfiguration in S3 can be configured in CloudFormation with the resource name AWS::S3::Bucket ObjectLockConfiguration
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
Parameters
ObjectLockEnabled
Indicates whether this bucket has an Object Lock configuration enabled. Enable ObjectLockEnabled
when you apply ObjectLockConfiguration
to a bucket.
Required: No
Type: String
Allowed values: Enabled
Update requires: No interruption
Rule
Specifies the Object Lock rule for the specified object. Enable the this rule when you apply ObjectLockConfiguration
to a bucket. If Object Lock is turned on, bucket settings require both Mode
and a period of either Days
or Years
. You cannot specify Days
and Years
at the same time. For more information, see ObjectLockRule and DefaultRetention.
Required: Conditional
Type: ObjectLockRule
Update requires: No interruption
Explanation in CloudFormation Registry
Places an Object Lock configuration on the specified bucket. The rule specified in the Object Lock configuration will be applied by default to every new object placed in the specified bucket. For more information, see Locking Objects.
Frequently asked questions
What is AWS Amazon S3 Bucket Object?
AWS Amazon S3 Bucket Object is a resource for Amazon S3 of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.
Where can I find the example code for the AWS Amazon S3 Bucket Object?
For Terraform, the batestin1/AWS source code example is useful. See the Terraform Example section for further details.