Skip to content

Latest commit

 

History

History

buckets

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
README.md
README.md
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
variables.tf
variables.tf
 
 
version.tf
version.tf
 
 

README.md

Cloud Object Storage buckets module

You can use this submodule to provision and configure IBM Cloud Object Storage buckets.

You can configure the following aspects of your instances:

The submodule extends the root module by including support for multiple buckets. When multiple buckets are required, you keep all the bucket definitions in one place and the deployment information is available in a map that can be iterated over.

Usage

provider "ibm" {
  ibmcloud_api_key = "XXXXXXXXXX"
  region           = "us-south"
}

# Create:
# - COS buckets, one with encryption and another with versioning
module "buckets" {
  source  = "terraform-ibm-modules/cos/ibm//modules/buckets"
  version = "latest" # Replace "latest" with a release version to lock into a specific release
  bucket_configs = [
    {
      bucket_name            = "my-encrypted-bucket"
      kms_key_crn            = "crn:v1:bluemix:public:kms:us-south:a/xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX:xxxxxx-XXXX-XXXX-XXXX-xxxxxx:key:xxxxxx-XXXX-XXXX-XXXX-xxxxxx"
      kms_guid               = "xxxxxxxx-XXXX-XXXX-XXXX-xxxxxxxx"
      kms_encryption_enabled = true # Must be set, as well as passing key crn, to avoid terraform count issues during plan and apply
      region_location        = "us-south"
      resource_instance_id   = "crn:v1:bluemix:public:cloud-object-storage:global:a/xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX:xxxxxxxx-XXXX-XXXX-XXXX-xxxxxxxx::"
    },
    {
      bucket_name            = "my-versioned-bucket"
      kms_encryption_enabled = false
      region_location        = "us-south"
      resource_instance_id   = ""crn:v1:bluemix:public:cloud-object-storage:global:a/xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX:xxxxxxxx-XXXX-XXXX-XXXX-xxxxxxxx::""
      object_versioning = {
        enable = true
      }
    }
  ]
}

Required IAM access policies

You need the following permissions to run this module.

  • Account Management
    • Resource Group service
      • Viewer platform access
  • IAM Services
    • IBM Cloud Object Storage service
      • Editor platform access
      • Manager service access

Requirements

Name Version
terraform >= 1.4.0
ibm >= 1.70.0, < 2.0.0
time >= 0.9.1, < 1.0.0

Modules

Name Source Version
buckets ../../ n/a

Resources

Name Type
ibm_iam_authorization_policy.policy resource
time_sleep.wait_for_authorization_policy resource

Inputs

Name Description Type Default Required
bucket_configs The Object Storage bucket configurations. 
list(object({
    access_tags                   = optional(list(string), [])
    add_bucket_name_suffix        = optional(bool, false)
    bucket_name                   = string
    kms_encryption_enabled        = optional(bool, true)
    kms_guid                      = optional(string, null)
    kms_key_crn                   = optional(string, null)
    skip_iam_authorization_policy = optional(bool, false)
    management_endpoint_type      = optional(string, "public")
    cross_region_location         = optional(string, null)
    storage_class                 = optional(string, "smart")
    region_location               = optional(string, null)
    resource_instance_id          = string
    force_delete                  = optional(bool, true)
    single_site_location          = optional(string, null)
    hard_quota                    = optional(number, null)
    expire_filter_prefix          = optional(string, null)
    archive_filter_prefix         = optional(string, null)
    object_locking_enabled        = optional(bool, false)
    object_lock_duration_days     = optional(number, 0)
    object_lock_duration_years    = optional(number, 0)

    activity_tracking = optional(object({
      read_data_events  = optional(bool, true)
      write_data_events = optional(bool, true)
      management_events = optional(bool, true)
    }))
    archive_rule = optional(object({
      enable = optional(bool, false)
      days   = optional(number, 20)
      type   = optional(string, "Glacier")
    }))
    expire_rule = optional(object({
      enable = optional(bool, false)
      days   = optional(number, 365)
    }))
    metrics_monitoring = optional(object({
      usage_metrics_enabled   = optional(bool, true)
      request_metrics_enabled = optional(bool, true)
      metrics_monitoring_crn  = optional(string, null)
    }))
    object_versioning = optional(object({
      enable = optional(bool, false)
    }))
    retention_rule = optional(object({
      default   = optional(number, 90)
      maximum   = optional(number, 350)
      minimum   = optional(number, 90)
      permanent = optional(bool, false)
    }))
    cbr_rules = optional(list(object({
      description = string
      account_id  = string
      rule_contexts = list(object({
        attributes = optional(list(object({
          name  = string
          value = string
      }))) }))
      enforcement_mode = string
      tags = optional(list(object({
        name  = string
        value = string
      })), [])
      operations = optional(list(object({
        api_types = list(object({
          api_type_id = string
        }))
      })))
    })), [])

  }))
 n/a yes

Outputs

Name Description
bucket_configs List of bucket config definitions
buckets Map of buckets created in the Cloud Object Storage Instance
cbr_rule_ids List of bucket CBR rule ids
cbr_rules List of COS bucket CBR rules