To create an S3 bucket, we use the AWS S3 bucket resource in Terraform. For more details on the available resource arguments, please refer to the Terraform AWS documentation.Below is an example configuration where we define an S3 bucket with a unique name and attach a descriptive tag.
When you run the following command, Terraform will plan and proceed to create the bucket:
Copy
Ask AI
$ terraform applyTerraform will perform the following actions:# aws_s3_bucket.finance will be created+ resource "aws_s3_bucket" "finance" { + acceleration_status = (known after apply) + acl = "private" + arn = (known after apply) + bucket = "finance-21092020" }Plan: 1 to add, 0 to change, 0 to destroy.Do you want to perform these actions?Terraform will perform the actions described above.Only 'yes' will be accepted to approve.Enter a value: yesaws_s3_bucket.finance: Creating...aws_s3_bucket.finance: Creation complete after 0s [id=finance-21092020]Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
Terraform automatically tracks the bucket’s state in the local terraform.tfstate file.
After successfully creating the S3 bucket, the next step is to upload a file. We use the AWS S3 Bucket Object resource to achieve this. The key arguments required are:
The bucket reference,
The content (or reference to the file), and
The key, which is the file name.
If you want to upload the actual contents of a file instead of a literal string, use the file() function. For example, replace the content argument with content = file("/root/finance/finance-2020.doc") to correctly read the file’s contents.
Below is an example configuration for uploading a file to your bucket:
To grant access to members of an IAM entity named “finance-analysts”, we must attach a bucket policy to the S3 bucket. Note that IAM groups cannot be directly used as principals in S3 bucket policies. Instead, you should use individual IAM users or roles. In this example, we retrieve IAM group details using a data source.
IAM groups are not valid principals in S3 bucket policies. To grant access to a group’s members, ensure you reference the ARNs of individual IAM users or roles.
The following data source fetches the details of the IAM group “finance-analysts”:
Copy
Ask AI
data "aws_iam_group" "finance-data" { group_name = "finance-analysts"}
Next, we create an AWS S3 bucket policy resource which attaches a policy to the S3 bucket. The policy document uses Terraform interpolation to dynamically reference the bucket and IAM group details.
After running terraform apply, the bucket policy is attached, granting full access to the specified IAM entity.Below is a sample output when applying the configuration that includes uploading the S3 object:
Copy
Ask AI
$ terraform apply..Terraform will perform the following actions: # aws_s3_bucket_object.finance-2020 will be created + resource "aws_s3_bucket_object" "finance-2020" { + acl = "private" + bucket = "finance-21092020" + content = "/root/finance/finance-2020.doc" + force_destroy = false + id = (known after apply) + key = "finance-2020.doc" }Plan: 1 to add, 0 to change, 0 to destroy.Do you want to perform these actions?Terraform will perform the actions described above.Only 'yes' will be accepted to approve.Enter a value: yesaws_s3_bucket_object.finance-2020: Creating...aws_s3_bucket_object.finance-2020: Creation complete after 0s [id=finance-2020.doc]Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
With these steps, you can now efficiently manage S3 resources in your AWS environment using Terraform. For more detailed documentation on Terraform and AWS integration, consider reviewing additional resources like the Terraform AWS Provider Documentation and AWS S3 Documentation.
