GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → terraform-google-modules → terraform-google-cloud-storage

terraform-google-modules / terraform-google-cloud-storage

Licence: Apache-2.0 license
Creates one or more Cloud Storage buckets and assigns basic permissions on them to arbitrary users

Programming Languages

HCL
1544 projects
go
31211 projects - #10 most used programming language
Makefile
30231 projects
python
139335 projects - #7 most used programming language

Labels

storagecft-terraform

Projects that are alternatives of or similar to terraform-google-cloud-storage

terraform-google-bootstrap
Bootstraps Terraform usage and related CI/CD in a new Google Cloud organization
Stars: ✭ 152 (+31.03%)
Mutual labels:  cft-terraform
terraform-google-vpc-service-controls
Handles opinionated VPC Service Controls and Access Context Manager configuration and deployments
Stars: ✭ 48 (-58.62%)
Mutual labels:  cft-terraform
terraform-google-scheduled-function
Sets up a scheduled job to trigger events and run functions
Stars: ✭ 55 (-52.59%)
Mutual labels:  cft-terraform
terraform-google-memorystore
A Terraform module for creating a fully functional Google Memorystore (redis) instance.
Stars: ✭ 16 (-86.21%)
Mutual labels:  cft-terraform
terraform-google-folders
This module helps create several folders under the same parent
Stars: ✭ 23 (-80.17%)
Mutual labels:  cft-terraform
terraform-google-cloud-operations
This module is a collection of submodules related to Google Cloud Operations (Logging and Monitoring).
Stars: ✭ 18 (-84.48%)
Mutual labels:  cft-terraform
terraform-google-vm
This is a collection of opinionated submodules that can be used to provision VMs in GCP.
Stars: ✭ 137 (+18.1%)
Mutual labels:  cft-terraform
terraform-google-lb-internal
Modular Internal Load Balancer for GCE using forwarding rules.
Stars: ✭ 59 (-49.14%)
Mutual labels:  cft-terraform
terraform-google-bastion-host
This module will generate a bastion host vm compatible with OS Login and IAP Tunneling that can be used to access internal VMs.
Stars: ✭ 78 (-32.76%)
Mutual labels:  cft-terraform
terraform-google-kms
Simple Cloud KMS module that allows managing a keyring, zero or more keys in the keyring, and IAM role bindings on individual keys.
Stars: ✭ 28 (-75.86%)
Mutual labels:  cft-terraform
terraform-google-startup-scripts
A library of useful startup scripts to embed in VMs created by Terraform
Stars: ✭ 50 (-56.9%)
Mutual labels:  cft-terraform
terraform-google-dataflow
This module handles opiniated Dataflow job configuration and deployments.
Stars: ✭ 19 (-83.62%)
Mutual labels:  cft-terraform
terraform-google-slo
Creates SLOs on Google Cloud from custom Stackdriver metrics capability to export SLOs to Google Cloud services and other systems
Stars: ✭ 59 (-49.14%)
Mutual labels:  cft-terraform
terraform-google-group
Manages Google Groups
Stars: ✭ 28 (-75.86%)
Mutual labels:  cft-terraform

Terraform Google Cloud Storage Module

This module makes it easy to create one or more GCS buckets, and assign basic permissions on them to arbitrary users.

The resources/services/activations/deletions that this module will create/trigger are:

  • One or more GCS buckets
  • Zero or more IAM bindings for those buckets

If you only wish to create a single bucket, consider using the simple bucket submodule instead.

Compatibility

This module is meant for use with Terraform 0.13+ and tested using Terraform 1.0+. If you find incompatibilities using Terraform >=0.13, please open an issue. If you haven't upgraded and need a Terraform 0.12.x-compatible version of this module, the last released version intended for Terraform 0.12.x is v1.7.1.

Usage

Basic usage of this module is as follows:

module "gcs_buckets" {
  source  = "terraform-google-modules/cloud-storage/google"
  version = "~> 4.0"
  project_id  = "<PROJECT ID>"
  names = ["first", "second"]
  prefix = "my-unique-prefix"
  set_admin_roles = true
  admins = ["group:[email protected]"]
  versioning = {
    first = true
  }
  bucket_admins = {
    second = "user:[email protected],[email protected]"
  }
}

Functional examples are included in the examples directory.

Inputs

Name Description Type Default Required
admins IAM-style members who will be granted roles/storage.objectAdmin on all buckets. list(string) [] no
bucket_admins Map of lowercase unprefixed name => comma-delimited IAM-style per-bucket admins. map(string) {} no
bucket_creators Map of lowercase unprefixed name => comma-delimited IAM-style per-bucket creators. map(string) {} no
bucket_hmac_key_admins Map of lowercase unprefixed name => comma-delimited IAM-style per-bucket HMAC Key admins. map(string) {} no
bucket_lifecycle_rules Additional lifecycle_rules for specific buckets. Map of lowercase unprefixed name => list of lifecycle rules to configure. 
map(set(object({
    # Object with keys:
    # - type - The type of the action of this Lifecycle Rule. Supported values: Delete and SetStorageClass.
    # - storage_class - (Required if action type is SetStorageClass) The target Storage Class of objects affected by this Lifecycle Rule.
    action = map(string)

    # Object with keys:
    # - age - (Optional) Minimum age of an object in days to satisfy this condition.
    # - created_before - (Optional) Creation date of an object in RFC 3339 (e.g. 2017-06-13) to satisfy this condition.
    # - with_state - (Optional) Match to live and/or archived objects. Supported values include: "LIVE", "ARCHIVED", "ANY".
    # - matches_storage_class - (Optional) Comma delimited string for storage class of objects to satisfy this condition. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, STANDARD, DURABLE_REDUCED_AVAILABILITY.
    # - num_newer_versions - (Optional) Relevant only for versioned objects. The number of newer versions of an object to satisfy this condition.
    # - custom_time_before - (Optional) A date in the RFC 3339 format YYYY-MM-DD. This condition is satisfied when the customTime metadata for the object is set to an earlier date than the date used in this lifecycle condition.
    # - days_since_custom_time - (Optional) The number of days from the Custom-Time metadata attribute after which this condition becomes true.
    # - days_since_noncurrent_time - (Optional) Relevant only for versioned objects. Number of days elapsed since the noncurrent timestamp of an object.
    # - noncurrent_time_before - (Optional) Relevant only for versioned objects. The date in RFC 3339 (e.g. 2017-06-13) when the object became nonconcurrent.
    condition = map(string)
  })))
 {} no
bucket_policy_only Disable ad-hoc ACLs on specified buckets. Defaults to true. Map of lowercase unprefixed name => boolean map(bool) {} no
bucket_storage_admins Map of lowercase unprefixed name => comma-delimited IAM-style per-bucket storage admins. map(string) {} no
bucket_viewers Map of lowercase unprefixed name => comma-delimited IAM-style per-bucket viewers. map(string) {} no
cors Set of maps of mixed type attributes for CORS values. See appropriate attribute types here: https://www.terraform.io/docs/providers/google/r/storage_bucket.html#cors set(any) [] no
creators IAM-style members who will be granted roles/storage.objectCreators on all buckets. list(string) [] no
default_event_based_hold Enable event based hold to new objects added to specific bucket. Defaults to false. Map of lowercase unprefixed name => boolean map(bool) {} no
encryption_key_names Optional map of lowercase unprefixed name => string, empty strings are ignored. map(string) {} no
folders Map of lowercase unprefixed name => list of top level folder objects. map(list(string)) {} no
force_destroy Optional map of lowercase unprefixed name => boolean, defaults to false. map(bool) {} no
hmac_key_admins IAM-style members who will be granted roles/storage.hmacKeyAdmin on all buckets. list(string) [] no
labels Labels to be attached to the buckets map(string) {} no
lifecycle_rules List of lifecycle rules to configure. Format is the same as described in provider documentation https://www.terraform.io/docs/providers/google/r/storage_bucket.html#lifecycle_rule except condition.matches_storage_class should be a comma delimited string. 
set(object({
    # Object with keys:
    # - type - The type of the action of this Lifecycle Rule. Supported values: Delete and SetStorageClass.
    # - storage_class - (Required if action type is SetStorageClass) The target Storage Class of objects affected by this Lifecycle Rule.
    action = map(string)

    # Object with keys:
    # - age - (Optional) Minimum age of an object in days to satisfy this condition.
    # - created_before - (Optional) Creation date of an object in RFC 3339 (e.g. 2017-06-13) to satisfy this condition.
    # - with_state - (Optional) Match to live and/or archived objects. Supported values include: "LIVE", "ARCHIVED", "ANY".
    # - matches_storage_class - (Optional) Comma delimited string for storage class of objects to satisfy this condition. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, STANDARD, DURABLE_REDUCED_AVAILABILITY.
    # - matches_prefix - (Optional) One or more matching name prefixes to satisfy this condition.
    # - matches_suffix - (Optional) One or more matching name suffixes to satisfy this condition.
    # - num_newer_versions - (Optional) Relevant only for versioned objects. The number of newer versions of an object to satisfy this condition.
    # - custom_time_before - (Optional) A date in the RFC 3339 format YYYY-MM-DD. This condition is satisfied when the customTime metadata for the object is set to an earlier date than the date used in this lifecycle condition.
    # - days_since_custom_time - (Optional) The number of days from the Custom-Time metadata attribute after which this condition becomes true.
    # - days_since_noncurrent_time - (Optional) Relevant only for versioned objects. Number of days elapsed since the noncurrent timestamp of an object.
    # - noncurrent_time_before - (Optional) Relevant only for versioned objects. The date in RFC 3339 (e.g. 2017-06-13) when the object became nonconcurrent.
    condition = map(string)
  }))
 [] no
location Bucket location. string "EU" no
logging Map of lowercase unprefixed name => bucket logging config object. Format is the same as described in provider documentation https://www.terraform.io/docs/providers/google/r/storage_bucket.html#logging any {} no
names Bucket name suffixes. list(string) n/a yes
prefix Prefix used to generate the bucket name. string "" no
project_id Bucket project id. string n/a yes
public_access_prevention Prevents public access to a bucket. Acceptable values are inherited or enforced. If inherited, the bucket uses public access prevention, only if the bucket is subject to the public access prevention organization policy constraint. string "inherited" no
randomize_suffix Adds an identical, but randomized 4-character suffix to all bucket names bool false no
retention_policy Map of retention policy values. Format is the same as described in provider documentation https://www.terraform.io/docs/providers/google/r/storage_bucket#retention_policy any {} no
set_admin_roles Grant roles/storage.objectAdmin role to admins and bucket_admins. bool false no
set_creator_roles Grant roles/storage.objectCreator role to creators and bucket_creators. bool false no
set_hmac_key_admin_roles Grant roles/storage.hmacKeyAdmin role to hmac_key_admins and bucket_hmac_key_admins. bool false no
set_storage_admin_roles Grant roles/storage.admin role to storage_admins and bucket_storage_admins. bool false no
set_viewer_roles Grant roles/storage.objectViewer role to viewers and bucket_viewers. bool false no
storage_admins IAM-style members who will be granted roles/storage.admin on all buckets. list(string) [] no
storage_class Bucket storage class. string "STANDARD" no
versioning Optional map of lowercase unprefixed name => boolean, defaults to false. map(bool) {} no
viewers IAM-style members who will be granted roles/storage.objectViewer on all buckets. list(string) [] no
website Map of website values. Supported attributes: main_page_suffix, not_found_page map(any) {} no

Outputs

Name Description
bucket Bucket resource (for single use).
buckets Bucket resources as list.
buckets_map Bucket resources by name.
name Bucket name (for single use).
names Bucket names.
names_list List of bucket names.
url Bucket URL (for single use).
urls Bucket URLs.
urls_list List of bucket URLs.

Requirements

These sections describe requirements for using this module.

Software

The following dependencies must be available:

Service Account

User or service account credentials with the following roles must be used to provision the resources of this module:

  • Storage Admin: roles/storage.admin

The Project Factory module and the IAM module may be used in combination to provision a service account with the necessary roles applied.

APIs

A project with the following APIs enabled must be used to host the resources of this module:

  • Google Cloud Storage JSON API: storage-api.googleapis.com

The Project Factory module can be used to provision a project with the necessary APIs enabled.

Contributing

Refer to the contribution guidelines for information on contributing to this module.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].