update descriptions, add metadata tags

terraform-modules · Dec 17, 2020 · 23336e2 · 23336e2
1 parent 40b90ff
commit 23336e2
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 14 deletions.
diff --git a/standard/README.md b/standard/README.md
@@ -36,15 +36,16 @@ No requirements.
 |------|-------------|------|---------|:--------:|
 | access\_log\_bucket | Server Access Logging Bucket ID | `string` | n/a | yes |
 | access\_log\_bucket\_prefix | Access log bucket prefix, to which the bucket name will be appended to make the target\_prefix | `string` | `"s3"` | no |
-| allowed\_cidr | List of allowed source IPs (NOT from within the VPC) | `list(string)` | `[]` | no |
-| allowed\_endpoints | List of allowed VPC endpoint IDs | `list(string)` | `[]` | no |
-| bucket\_folders | List of folders (keys) to create after creation of bucket | `list(string)` | `[]` | no |
-| bucket\_name | AWS Bucket Name | `string` | n/a | yes |
+| allowed\_cidr | List of allowed source IPs (NOT from within the VPC).  If empty, there will be no restrictions on source IP.  If provided, you must also use allowed\_endpoints for access within a VPC. | `list(string)` | `[]` | no |
+| allowed\_endpoints | List of allowed VPC endpoint IDs.  If used, it will enable access to the bucket from the specific VPC endpoints. | `list(string)` | `[]` | no |
+| bucket\_folders | List of folders (keys) to create after creation of bucket. They will have object metadata provided based on metadata\_tags and data\_safeguard labels. | `list(string)` | `[]` | no |
+| bucket\_name | AWS Bucket Name.  Standard prefix will be applied here, do not include here. | `string` | n/a | yes |
 | data\_safeguards | Selected available safeguards which apply to the data in the bucket | `list(string)` | `[]` | no |
 | enable\_title26 | Flag to enable bucket with Title 26 (FTI) settings | `bool` | `false` | no |
-| force\_destroy | Sets force\_destroy to allow the bucket and contents to be deleted.  The deletion may take a very long time | `bool` | `false` | no |
-| kms\_key\_id | AWS KMS Key ID (one per bucket) | `string` | `""` | no |
-| tags | AWS Tags | `map(string)` | `{}` | no |
+| force\_destroy | Sets force\_destroy to allow the bucket and contents to be deleted.  The deletion may take a very long time based on the number of objects.  You normally want to update this to true, apply, and then destroy the resource. | `bool` | `false` | no |
+| kms\_key\_id | AWS KMS Key ID (one per bucket).  This is currently ignored. | `string` | `""` | no |
+| metadata\_tags | AWS S3 Custom metadata (prefix x-amzn-meta- automatically included, not needed here).  If data\_safeguard labels are applied, they will be incorporated on any bucket objects created. | `map(string)` | `{}` | no |
+| tags | AWS Tags to apply to appropriate resources (S3, KMS).  Do not include safeguard tags here, use the data\_safeguard field for such things. | `map(string)` | `{}` | no |
 
 ## Outputs
 

diff --git a/title26/README.md b/title26/README.md
@@ -41,15 +41,16 @@ No requirements.
 |------|-------------|------|---------|:--------:|
 | access\_log\_bucket | Server Access Logging Bucket ID | `string` | n/a | yes |
 | access\_log\_bucket\_prefix | Access log bucket prefix, to which the bucket name will be appended to make the target\_prefix | `string` | `"s3"` | no |
-| allowed\_cidr | List of allowed source IPs (NOT from within the VPC) | `list(string)` | `[]` | no |
-| allowed\_endpoints | List of allowed VPC endpoint IDs | `list(string)` | `[]` | no |
-| bucket\_folders | List of folders (keys) to create after creation of bucket | `list(string)` | `[]` | no |
-| bucket\_name | AWS Bucket Name | `string` | n/a | yes |
+| allowed\_cidr | List of allowed source IPs (NOT from within the VPC).  If empty, there will be no restrictions on source IP.  If provided, you must also use allowed\_endpoints for access within a VPC. | `list(string)` | `[]` | no |
+| allowed\_endpoints | List of allowed VPC endpoint IDs.  If used, it will enable access to the bucket from the specific VPC endpoints. | `list(string)` | `[]` | no |
+| bucket\_folders | List of folders (keys) to create after creation of bucket. They will have object metadata provided based on metadata\_tags and data\_safeguard labels. | `list(string)` | `[]` | no |
+| bucket\_name | AWS Bucket Name.  Standard prefix will be applied here, do not include here. | `string` | n/a | yes |
 | data\_safeguards | Selected available safeguards which apply to the data in the bucket | `list(string)` | <pre>[<br>  "title26"<br>]</pre> | no |
 | enable\_title26 | Flag to enable bucket with Title 26 (FTI) settings | `bool` | `true` | no |
-| force\_destroy | Sets force\_destroy to allow the bucket and contents to be deleted.  The deletion may take a very long time | `bool` | `false` | no |
-| kms\_key\_id | AWS KMS Key ID (one per bucket) | `string` | `""` | no |
-| tags | AWS Tags | `map(string)` | `{}` | no |
+| force\_destroy | Sets force\_destroy to allow the bucket and contents to be deleted.  The deletion may take a very long time based on the number of objects.  You normally want to update this to true, apply, and then destroy the resource. | `bool` | `false` | no |
+| kms\_key\_id | AWS KMS Key ID (one per bucket).  This is currently ignored. | `string` | `""` | no |
+| metadata\_tags | AWS S3 Custom metadata (prefix x-amzn-meta- automatically included, not needed here).  If data\_safeguard labels are applied, they will be incorporated on any bucket objects created. | `map(string)` | `{}` | no |
+| tags | AWS Tags to apply to appropriate resources (S3, KMS).  Do not include safeguard tags here, use the data\_safeguard field for such things. | `map(string)` | `{}` | no |
 
 ## Outputs