initial file setup

main.tf

@@ -0,0 +1,44 @@
+#---
+# s3 bucket
+#---
+resource "aws_s3_bucket" "this" {
+  bucket = var.bucket_name
+  acl    = "private"
+
+  server_side_encryption_configuration {
+    rule {
+      apply_server_side_encryption_by_default {
+        kms_master_key_id = var.kms_key_id
+        sse_algorithm     = "aws:kms"
+      }
+    }
+  }
+
+  versioning {
+    enabled = true
+  }
+
+  lifecycle {
+    prevent_destroy = true
+  }
+
+  tags = merge(
+    var.tags,
+    local.enforced_tags,
+    map( "Name", var.bucket_name)
+  )
+
+  provisioner "local-exec" {
+    when = create
+    command = "sleep 120"
+  }
+}
+
+resource "aws_s3_bucket_object" "this_objects" {
+  bucket = aws_s3_bucket.this.id
+  count  = length(var.bucket_folders)
+  key    = format("%s/",element(var.bucket_folders,count.index))
+  source = "/dev/null"
+
+  depends_on [aws_s3_bucket.this]
+}

variables.tf

@@ -0,0 +1,16 @@
+variable "bucket_name" {
+  description = "AWS Bucket Name"
+  type = string
+}
+
+variable "bucket_folders" {
+  description = "List of folders (keys) to create after creation of bucket"
+  type = list(string)
+  default = [ ]
+}
+
+variable "kms_key_id" {
+  description = "AWS KMS Key ID (one per bucket)"
+  type = string
+  default = ""
+}