From c5ceb501f736737ea0680372b24dfcab240e7cc6 Mon Sep 17 00:00:00 2001 From: badra001 Date: Tue, 14 Mar 2023 15:40:45 -0400 Subject: [PATCH] fix --- standard/README.md | 2 +- standard/main.tf | 37 ++++++++++++++++++------------------- 2 files changed, 19 insertions(+), 20 deletions(-) diff --git a/standard/README.md b/standard/README.md index bcd99fb..af139b4 100644 --- a/standard/README.md +++ b/standard/README.md @@ -106,7 +106,7 @@ optionally requires explicit encryption (`require_explicit_encryption` flag, def and address restrictions (lists `allowed_cidr` and `allowed_endpoints`). # Options -## Options :: bucket\_key\_eanbled +## Options :: bucket\_key\_enabled This will set the bucket to use a `bucket_key` (see [docs](https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-key.html)). It is now enabled by default. However, it cannot be changed through the module. If you need to turn it on for an existing bucket (with or without objects), you will need to set it through the console or API. Likewise, disabling it once set will have to happen through the console or API, diff --git a/standard/main.tf b/standard/main.tf index 2445c2c..703c4e1 100644 --- a/standard/main.tf +++ b/standard/main.tf @@ -1,23 +1,23 @@ -/* +/* * # About aws-s3 :: standard -* +* * This submodule allows you to create an S3 bucket using the standard prefixes and settings required for * non-FTI Data. This includes * - Server Access Logging -* +* * Other configurations such as versioning or data safegurad tagging (only on the bucket/keys) are oiptional * * # Usage * To use the new refactored module with the AWS provider v4.x, use `?ref=3`, otherwise leave this part off. * If you are converting an older version of the module to the new AWS provider with `?ref=3, please follow * the [updating directions](updating-buckets.md). -* +* * **Note**: version 2 and version 3 of this module cannot coexist in a directory. All S3 buckets using this module * must use the same version. If you are using the version 2 of the module (without the `?ref=3`), you must * also include a `versions.tf` which pins the AWS provider at < 4.0. If using version 3 of the module, * do not include a `versions.tf`, do not pin the AWS provider. Two different versions of the provider cannot * coexist (easily). -* +* * ```hcl * module "my-bucket" { * source = "git@github.e.it.census.gov:terraform-modules/aws-s3.git//standard?ref=3" @@ -44,9 +44,9 @@ * } * } * ``` -* +* * Sample policy for write access to the bucket and use of KMS key -* +* * ```hcl * data "aws_iam_policy_document" "policy" { * statement { @@ -93,21 +93,21 @@ * ``` * * This automaticaly creates an AWS KMS key used just for this bucket. -* +* * It will set a key usage/management policy by default with the `root` account, along with any other * roles in the variable `kms_admin_roles` list. This is **full** access to the KMS key. -* +* * If `kms_policy_document` is provided it needs to be a valid IAM policy as would apply to key usage, * such as read access (decrypt) or write access (encrypt, re-encrypt). A later enhancement may be * to provide variables granting read and write access to the key. -* +* * If `bucket_policy_document` is provided it needs to be a valid IAM policy as would apply a bucket. * This will be merged with the default bucket policy which requires TLS and, via other settings, * optionally requires explicit encryption (`require_explicit_encryption` flag, default false) * and address restrictions (lists `allowed_cidr` and `allowed_endpoints`). -* +* * # Options -* ## Options :: bucket_key_eanbled +* ## Options :: bucket_key_enabled * This will set the bucket to use a `bucket_key` (see [docs](https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-key.html)). It is * now enabled by default. However, it cannot be changed through the module. If you need to turn it on for an existing bucket (with or without * objects), you will need to set it through the console or API. Likewise, disabling it once set will have to happen through the console or API, @@ -118,31 +118,31 @@ * ## Options :: name_include_account * Use of this flag as true will include AWS account ID after the bucket name (name-ACCOUNTID). Default * is false. -* +* * ## Options :: name_include_region * Use of this flag as true will include current region after the bucket name (name-REGION). Default * is false. If used in conjunction with `name_include_account`, the region will be at the end. -* +* * ## Options :: name_include_region_compact * This flag determines if we compact the region to a shorter name, and use it if the name with the full * region is longer than the maximum of 63 characters. It takes the first character of the full region * name and uses that. For example, `us-gov-west-1` becomes `ugw1`. The default value is true. * It is still possible to construct a name that is longer than 63 characters and get a failure, even with * this shorter region value. -* +* * ## Options :: name_enforce_region_compact * This flag always compacts the region, no mater whehter the name is longer than 63 characters or not. -* +* * ## Options :: object_lock_enable * This is usable on bucket creation, and it will allow you to add external to this module an object lock * configuration (aws_s3_object_lock_configuration). See the [Object Lock](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-overview.html) * and the [Terraform AWS Provider](https://registry.terraform.io/providers/hashicorp%20%20/aws/4.7.0/docs/resources/s3_bucket_object_lock_configuration) docs for * more details. Setting this after bucket creation is possible but requires a support tickets, so you're better off doing it up front. -* +* * # Outputs * One output of note is the `s3_module_settings`. With this, you can get the settings used when calling the * module, the original bucket name before prefix and suffixes, and other things. It is a map. -* +* * ```hcl * output "s3_module_settings" { * description = "S3 module settings and values" @@ -166,4 +166,3 @@ locals { enable_title26 = var.enable_title26 ? true : false versioning = var.versioning } -