Skip to content

Latest commit

 

History

History
120 lines (89 loc) · 4.86 KB

README.md

File metadata and controls

120 lines (89 loc) · 4.86 KB

Terraform Google Cloud Storage Module

This module makes it easy to create one or more GCS buckets, and assign basic permissions on them to arbitrary users.

The resources/services/activations/deletions that this module will create/trigger are:

  • One or more GCS buckets
  • Zero or more IAM bindings for those buckets

Compatibility

This module is meant for use with Terraform 0.12. If you haven't upgraded and need a Terraform 0.11.x-compatible version of this module, the last released version intended for Terraform 0.11.x is 0.1.0.

Usage

Basic usage of this module is as follows:

module "gcs_buckets" {
  source  = "terraform-google-modules/cloud-storage/google"
  version = "~> 0.1"
  project_id  = "<PROJECT ID>"
  names = ["first", "second"]
  prefix = "my-unique-prefix"
  set_admin_roles = true
  admins = ["group:[email protected]"]
  versioning = {
    first = true
  }
  bucket_admins = {
    second = "user:[email protected],[email protected]"
  }
}

Functional examples are included in the examples directory.

Inputs

Name Description Type Default Required
admins IAM-style members who will be granted roles/storage.objectAdmin on all buckets. list <list> no
bucket_admins Map of lowercase unprefixed name => comma-delimited IAM-style bucket admins. map <map> no
bucket_creators Map of lowercase unprefixed name => comma-delimited IAM-style bucket creators. map <map> no
bucket_policy_only Disable ad-hoc ACLs on specified buckets. Defaults to true. Map of lowercase unprefixed name => boolean map <map> no
bucket_viewers Map of lowercase unprefixed name => comma-delimited IAM-style bucket viewers. map <map> no
creators IAM-style members who will be granted roles/storage.objectCreators on all buckets. list <list> no
force_destroy Optional map of lowercase unprefixed name => boolean, defaults to false. map <map> no
labels Labels to be attached to the buckets map <map> no
location Bucket location. string "EU" no
names Bucket name suffixes. list(string) n/a yes
prefix Prefix used to generate the bucket name. string n/a yes
project_id Bucket project id. string n/a yes
set_admin_roles Grant roles/storage.objectAdmin role to admins and bucket_admins. string "false" no
set_creator_roles Grant roles/storage.objectCreator role to creators and bucket_creators. string "false" no
set_viewer_roles Grant roles/storage.objectViewer role to viewers and bucket_viewers. string "false" no
storage_class Bucket storage class. string "MULTI_REGIONAL" no
versioning Optional map of lowercase unprefixed name => boolean, defaults to false. map <map> no
viewers IAM-style members who will be granted roles/storage.objectViewer on all buckets. list <list> no

Outputs

Name Description
bucket Bucket resource (for single use).
buckets Bucket resources.
name Bucket name (for single use).
names Bucket names.
names_list List of bucket names.
url Bucket URL (for single use).
urls Bucket URLs.
urls_list List of bucket URLs.

Requirements

These sections describe requirements for using this module.

Software

The following dependencies must be available:

Service Account

User or service account credentials with the following roles must be used to provision the resources of this module:

  • Storage Admin: roles/storage.admin

The Project Factory module and the IAM module may be used in combination to provision a service account with the necessary roles applied.

APIs

A project with the following APIs enabled must be used to host the resources of this module:

  • Google Cloud Storage JSON API: storage-api.googleapis.com

The Project Factory module can be used to provision a project with the necessary APIs enabled.

Contributing

Refer to the contribution guidelines for information on contributing to this module.