terraform-modules · badra001 · Oct 27, 2020 · Oct 27, 2020
diff --git a/README.md b/README.md
@@ -27,11 +27,19 @@ No requirements.
 |------|-------------|------|---------|:--------:|
 | access\_log\_bucket | Server Access Logging Bucket ID | `string` | n/a | yes |
 | access\_log\_bucket\_prefix | Access log bucket prefix, to which the bucket name will be appended to make the target\_prefix | `string` | `"s3"` | no |
+| allowed\_cidr | List of allowed source IPs (NOT from within the VPC) | `list(string)` | `[]` | no |
+| allowed\_endpoints | List of allowed VPC endpoint IDs | `list(string)` | `[]` | no |
 | bucket\_folders | List of folders (keys) to create after creation of bucket | `list(string)` | `[]` | no |
 | bucket\_name | AWS Bucket Name | `string` | n/a | yes |
+| force\_destroy | Sets force\_destroy to allow the bucket and contents to be deleted.  The deletion may take a very long time | `bool` | `false` | no |
 | kms\_key\_id | AWS KMS Key ID (one per bucket) | `string` | `""` | no |
 | tags | AWS Tags | `map(string)` | `{}` | no |
 
 ## Outputs
 
-No output.
+| Name | Description |
+|------|-------------|
+| kms\_key\_arn | Created KMS Key ARN |
+| kms\_key\_id | Created KMS Key ID |
+| s3\_bucket\_arn | Created S3 Bucket ARN |
+| s3\_bucket\_id | Created S3 Bucket ID |
diff --git a/main.tf b/main.tf
@@ -32,17 +32,17 @@ locals {
     "boc:created_by" = "terraform"
   }
   condition_allowed_cidr = {
-    "test":  "NotIpAddress"
-    "variable": "aws:sourceIp"
-    "values": var.allowed_cidr
+    "test" : "NotIpAddress"
+    "variable" : "aws:sourceIp"
+    "values" : var.allowed_cidr
   }
   condition_allowed_endpoints = {
-    "test": "StringNotEquals"
-    "variable": "aws:sourceVpce"
-    "values": var.allowed_endpoints
+    "test" : "StringNotEquals"
+    "variable" : "aws:sourceVpce"
+    "values" : var.allowed_endpoints
   }
-  s3_bucket_conditions_list = list(local.condition_allowed_cidr,local.condition_allowed_endpoints)
-  s3_bucket_conditions = [ for x in local.s3_bucket_conditions_list: x if length(x.values)>0 ]
+  s3_bucket_conditions_list = list(local.condition_allowed_cidr, local.condition_allowed_endpoints)
+  s3_bucket_conditions      = [for x in local.s3_bucket_conditions_list : x if length(x.values) > 0]
 }
 
 #---
@@ -131,24 +131,24 @@ data "aws_iam_policy_document" "this" {
     }
   }
   statement {
-      sid           = "RemoteAccessBucketRestrictions"
-      effect        = "Deny"
-      actions       = ["s3:*"]
-      principals {
-        type        = "AWS"
-        identifiers = ["*"]
-      }
-      resources = [aws_s3_bucket.this.arn, "${aws_s3_bucket.this.arn}/*"]
-      dynamic "condition" {
-        for_each = local.s3_bucket_conditions
-        iterator = c
-        content {
-          test = c.value.test
-          variable = c.value.variable
-          values = c.value.values
+    sid     = "RemoteAccessBucketRestrictions"
+    effect  = "Deny"
+    actions = ["s3:*"]
+    principals {
+      type        = "AWS"
+      identifiers = ["*"]
+    }
+    resources = [aws_s3_bucket.this.arn, "${aws_s3_bucket.this.arn}/*"]
+    dynamic "condition" {
+      for_each = local.s3_bucket_conditions
+      iterator = c
+      content {
+        test     = c.value.test
+        variable = c.value.variable
+        values   = c.value.values
       }
     }
-  }  
+  }
 }
 
 #---

diff --git a/outputs.tf b/outputs.tf
@@ -0,0 +1,19 @@
+output "s3_bucket_arn" {
+  description = "Created S3 Bucket ARN"
+  value       = aws_s3_bucket.this.arn
+}
+
+output "s3_bucket_id" {
+  description = "Created S3 Bucket ID"
+  value       = aws_s3_bucket.this.id
+}
+
+output "kms_key_id" {
+  description = "Created KMS Key ID"
+  value       = aws_kms_key.key.id
+}
+
+output "kms_key_arn" {
+  description = "Created KMS Key ARN"
+  value       = aws_kms_key.key.arn
+}
diff --git a/variables.tf b/variables.tf
@@ -35,14 +35,14 @@ variable "access_log_bucket" {
 
 variable "allowed_cidr" {
   description = "List of allowed source IPs (NOT from within the VPC)"
-  type = list(string)
-  default = [ ]
+  type        = list(string)
+  default     = []
 }
- 
+
 variable "allowed_endpoints" {
   description = "List of allowed VPC endpoint IDs"
-  type = list(string)
-  default = [ ]
+  type        = list(string)
+  default     = []
 }
 
 variable "force_destroy" {