This module makes it easy to create a GCS bucket, and assign basic permissions on it to arbitrary users.
The resources/services/activations/deletions that this module will create/trigger are:
- One GCS bucket
- Zero or more IAM bindings for that bucket
This module is meant for use with Terraform 0.12.
Basic usage of this module is as follows:
module "bucket" {
source = "terraform-google-modules/cloud-storage/google//modules/simple_bucket"
version = "~> 1.3"
name = "example-bucket"
project_id = "example-project"
location = "us-east1"
iam_members = [{
role = "roles/storage.viewer"
member = "user:[email protected]"
}]
}Functional examples are included in the examples directory.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| bucket_policy_only | Enables Bucket Policy Only access to a bucket. | bool | "true" |
no |
| encryption | A Cloud KMS key that will be used to encrypt objects inserted into this bucket | object | "null" |
no |
| force_destroy | When deleting a bucket, this boolean option will delete all contained objects. If false, Terraform will fail to delete buckets which contain objects. | bool | "false" |
no |
| iam_members | The list of IAM members to grant permissions on the bucket. | object | <list> |
no |
| labels | A set of key/value label pairs to assign to the bucket. | map(string) | "null" |
no |
| lifecycle_rules | The bucket's Lifecycle Rules configuration. | object | <list> |
no |
| location | The location of the bucket. | string | n/a | yes |
| name | The name of the bucket. | string | n/a | yes |
| project_id | The ID of the project to create the bucket in. | string | n/a | yes |
| retention_policy | Configuration of the bucket's data retention policy for how long objects in the bucket should be retained. | object | "null" |
no |
| storage_class | The Storage Class of the new bucket. | string | "null" |
no |
| versioning | While set to true, versioning is fully enabled for this bucket. | bool | "true" |
no |
| Name | Description |
|---|---|
| bucket | The created storage bucket |
These sections describe requirements for using this module.
The following dependencies must be available:
- Terraform v0.12
- Terraform Provider for GCP plugin v3.0
User or service account credentials with the following roles must be used to provision the resources of this module:
- Storage Admin:
roles/storage.admin
The Project Factory module and the IAM module may be used in combination to provision a service account with the necessary roles applied.
A project with the following APIs enabled must be used to host the resources of this module:
- Google Cloud Storage JSON API:
storage-api.googleapis.com
The Project Factory module can be used to provision a project with the necessary APIs enabled.
Refer to the contribution guidelines for information on contributing to this module.