Create an S3 bucket intended to serve as a Helm repo. Features:
- Configures basic encryption
- Supports sharing the bucket across many accounts with
var.allowed_account_ids, var.allowed_account_ids_writ - Supports cross-region bucket replication with
var.dest_region
module {
source = "rhythmictech/helmrepo/aws"
}
| Name | Version |
|---|---|
| terraform | >= 0.12.19 |
| aws | >= 4.0 |
| random | >= 3 |
| Name | Version |
|---|---|
| aws | 4.56.0 |
| aws.destination | 4.56.0 |
| random | 3.4.3 |
No modules.
| Name | Type |
|---|---|
| aws_iam_policy.replication_policy | resource |
| aws_iam_policy_attachment.replication | resource |
| aws_iam_role.replication | resource |
| aws_s3_bucket.destination | resource |
| aws_s3_bucket.this | resource |
| aws_s3_bucket_policy.destination | resource |
| aws_s3_bucket_policy.this | resource |
| aws_s3_bucket_public_access_block.dest_block_public_access | resource |
| aws_s3_bucket_public_access_block.this | resource |
| aws_s3_bucket_replication_configuration.this | resource |
| random_id.replication | resource |
| aws_caller_identity.current | data source |
| aws_iam_policy_document.destination | data source |
| aws_iam_policy_document.destination_combined | data source |
| aws_iam_policy_document.replication_assume_role | data source |
| aws_iam_policy_document.replication_policy_doc | data source |
| aws_iam_policy_document.this | data source |
| aws_region.region | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| allowed_account_ids | List of AWS account IDs to grant read-only access to the repo. Due to how policies are constructed, there's effectively a limit of about 9 accounts. | list(string) |
[] |
no |
| allowed_account_ids_write | List of AWS account IDs to grant write access to the repo. Due to how policies are constructed, there's effectively a limit of about 9 accounts. | list(string) |
[] |
no |
| dest_extra_bucket_policy | Extra bucket policies to attach to the destination bucket. Pass in as aws_iam_policy_document json | string |
"" |
no |
| dest_logging_bucket | S3 bucket name to log bucket access requests to (optional) | string |
null |
no |
| dest_logging_bucket_prefix | S3 bucket prefix to log bucket access requests to (optional). If blank but a logging_bucket is specified, this will be set to the name of the bucket |
string |
null |
no |
| dest_region | Region to replicate repo bucket to (omit to disable replication) | string |
"" |
no |
| logging_bucket | S3 bucket name to log bucket access requests to (optional) | string |
null |
no |
| logging_bucket_prefix | S3 bucket prefix to log bucket access requests to (optional). If blank but a logging_bucket is specified, this will be set to the name of the bucket |
string |
null |
no |
| name | Bucket name for the helm repo. Specify to control the exact name of the bucket, otherwise use name_suffix |
string |
null |
no |
| name_suffix | Bucket suffix for the repo (bucket will be named [ACCOUNT_ID]-[REGION]-[name_suffix], not used if name is specified) |
string |
"helmrepo" |
no |
| tags | Tags to add to supported resources | map(string) |
{} |
no |
| Name | Description |
|---|---|
| s3_bucket | Bucket name of the repo |