{"id":18706986,"url":"https://github.com/terraform-google-modules/terraform-google-cloud-storage","last_synced_at":"2025-11-09T08:30:33.012Z","repository":{"id":36046952,"uuid":"186066738","full_name":"terraform-google-modules/terraform-google-cloud-storage","owner":"terraform-google-modules","description":"Creates one or more Cloud Storage buckets and assigns basic permissions on them to arbitrary users","archived":false,"fork":false,"pushed_at":"2025-02-13T09:22:13.000Z","size":665,"stargazers_count":174,"open_issues_count":9,"forks_count":567,"subscribers_count":36,"default_branch":"main","last_synced_at":"2025-02-13T10:27:54.834Z","etag":null,"topics":["cft-terraform","storage"],"latest_commit_sha":null,"homepage":"https://registry.terraform.io/modules/terraform-google-modules/cloud-storage/google","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/terraform-google-modules.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-05-10T23:36:09.000Z","updated_at":"2025-02-13T09:20:31.000Z","dependencies_parsed_at":"2023-02-14T01:01:07.155Z","dependency_job_id":"17d67fe7-dfbd-4959-b9bc-6ffddeab7ad5","html_url":"https://github.com/terraform-google-modules/terraform-google-cloud-storage","commit_stats":null,"previous_names":[],"tags_count":34,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/terraform-google-modules%2Fterraform-google-cloud-storage","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/terraform-google-modules%2Fterraform-google-cloud-storage/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/terraform-google-modules%2Fterraform-google-cloud-storage/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/terraform-google-modules%2Fterraform-google-cloud-storage/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/terraform-google-modules","download_url":"https://codeload.github.com/terraform-google-modules/terraform-google-cloud-storage/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239571542,"owners_count":19661164,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cft-terraform","storage"],"created_at":"2024-11-07T12:16:16.914Z","updated_at":"2025-11-09T08:30:32.980Z","avatar_url":"https://github.com/terraform-google-modules.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Terraform Google Cloud Storage Module\n\nThis module makes it easy to create one or more GCS buckets, and assign basic permissions on them to arbitrary users.\n\nThe resources/services/activations/deletions that this module will create/trigger are:\n\n- One or more GCS buckets\n- Zero or more IAM bindings for those buckets\n\nIf you only wish to create a single bucket, consider using the\n[simple bucket](modules/simple_bucket) submodule instead.\n\n## Compatibility\nThis module is meant for use with Terraform 0.13+ and tested using Terraform 1.0+. If you find incompatibilities using Terraform \u003e=0.13, please open an issue.\n If you haven't\n[upgraded](https://www.terraform.io/upgrade-guides/0-13.html) and need a Terraform\n0.12.x-compatible version of this module, the last released version\nintended for Terraform 0.12.x is [v1.7.1](https://registry.terraform.io/modules/terraform-google-modules/-cloud-storage/google/v1.7.1).\n\n## Usage\n\nBasic usage of this module is as follows:\n\n```hcl\nmodule \"gcs_buckets\" {\n  source  = \"terraform-google-modules/cloud-storage/google\"\n  version = \"~\u003e 9.1\"\n  project_id  = \"\u003cPROJECT ID\u003e\"\n  names = [\"first\", \"second\"]\n  prefix = \"my-unique-prefix\"\n  set_admin_roles = true\n  admins = [\"group:foo-admins@example.com\"]\n  versioning = {\n    first = true\n  }\n  bucket_admins = {\n    second = \"user:spam@example.com,user:eggs@example.com\"\n  }\n}\n```\n\nFunctional examples are included in the\n[examples](./examples/) directory.\n\n\u003c!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK --\u003e\n## Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|------|---------|:--------:|\n| admins | IAM-style members who will be granted roles/storage.objectAdmin on all buckets. | `list(string)` | `[]` | no |\n| autoclass | Optional map of lowercase unprefixed bucket name =\u003e boolean, defaults to false. | `map(bool)` | `{}` | no |\n| bucket\\_admins | Map of lowercase unprefixed name =\u003e comma-delimited IAM-style per-bucket admins. | `map(string)` | `{}` | no |\n| bucket\\_creators | Map of lowercase unprefixed name =\u003e comma-delimited IAM-style per-bucket creators. | `map(string)` | `{}` | no |\n| bucket\\_hmac\\_key\\_admins | Map of lowercase unprefixed name =\u003e comma-delimited IAM-style per-bucket HMAC Key admins. | `map(string)` | `{}` | no |\n| bucket\\_lifecycle\\_rules | Additional lifecycle\\_rules for specific buckets. Map of lowercase unprefixed name =\u003e list of lifecycle rules to configure. | \u003cpre\u003emap(set(object({\u003cbr\u003e    # Object with keys:\u003cbr\u003e    # - type - The type of the action of this Lifecycle Rule. Supported values: Delete and SetStorageClass.\u003cbr\u003e    # - storage_class - (Required if action type is SetStorageClass) The target Storage Class of objects affected by this Lifecycle Rule.\u003cbr\u003e    action = map(string)\u003cbr\u003e\u003cbr\u003e    # Object with keys:\u003cbr\u003e    # - age - (Optional) Minimum age of an object in days to satisfy this condition.\u003cbr\u003e    # - created_before - (Optional) Creation date of an object in RFC 3339 (e.g. 2017-06-13) to satisfy this condition.\u003cbr\u003e    # - with_state - (Optional) Match to live and/or archived objects. Supported values include: \"LIVE\", \"ARCHIVED\", \"ANY\".\u003cbr\u003e    # - matches_storage_class - (Optional) Comma delimited string for storage class of objects to satisfy this condition. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, STANDARD, DURABLE_REDUCED_AVAILABILITY.\u003cbr\u003e    # - num_newer_versions - (Optional) Relevant only for versioned objects. The number of newer versions of an object to satisfy this condition.\u003cbr\u003e    # - custom_time_before - (Optional) A date in the RFC 3339 format YYYY-MM-DD. This condition is satisfied when the customTime metadata for the object is set to an earlier date than the date used in this lifecycle condition.\u003cbr\u003e    # - days_since_custom_time - (Optional) The number of days from the Custom-Time metadata attribute after which this condition becomes true.\u003cbr\u003e    # - days_since_noncurrent_time - (Optional) Relevant only for versioned objects. Number of days elapsed since the noncurrent timestamp of an object.\u003cbr\u003e    # - noncurrent_time_before - (Optional) Relevant only for versioned objects. The date in RFC 3339 (e.g. 2017-06-13) when the object became nonconcurrent.\u003cbr\u003e    condition = map(string)\u003cbr\u003e  })))\u003c/pre\u003e | `{}` | no |\n| bucket\\_policy\\_only | Disable ad-hoc ACLs on specified buckets. Defaults to true. Map of lowercase unprefixed name =\u003e boolean | `map(bool)` | `{}` | no |\n| bucket\\_storage\\_admins | Map of lowercase unprefixed name =\u003e comma-delimited IAM-style per-bucket storage admins. | `map(string)` | `{}` | no |\n| bucket\\_viewers | Map of lowercase unprefixed name =\u003e comma-delimited IAM-style per-bucket viewers. | `map(string)` | `{}` | no |\n| cors | Set of maps of mixed type attributes for CORS values. See appropriate attribute types here: https://www.terraform.io/docs/providers/google/r/storage_bucket.html#cors | `set(any)` | `[]` | no |\n| creators | IAM-style members who will be granted roles/storage.objectCreators on all buckets. | `list(string)` | `[]` | no |\n| custom\\_placement\\_config | Map of lowercase unprefixed name =\u003e custom placement config object. Format is the same as described in provider documentation https://www.terraform.io/docs/providers/google/r/storage_bucket#custom_placement_config | `any` | `{}` | no |\n| default\\_event\\_based\\_hold | Enable event based hold to new objects added to specific bucket. Defaults to false. Map of lowercase unprefixed name =\u003e boolean | `map(bool)` | `{}` | no |\n| encryption\\_key\\_names | Optional map of lowercase unprefixed name =\u003e string, empty strings are ignored. | `map(string)` | `{}` | no |\n| folders | Map of lowercase unprefixed name =\u003e list of top level folder objects. | `map(list(string))` | `{}` | no |\n| force\\_destroy | Optional map of lowercase unprefixed name =\u003e boolean, defaults to false. | `map(bool)` | `{}` | no |\n| hmac\\_key\\_admins | IAM-style members who will be granted roles/storage.hmacKeyAdmin on all buckets. | `list(string)` | `[]` | no |\n| hmac\\_service\\_accounts | List of HMAC service accounts to grant access to GCS. | `map(string)` | `{}` | no |\n| labels | Labels to be attached to the buckets | `map(string)` | `{}` | no |\n| lifecycle\\_rules | List of lifecycle rules to configure. Format is the same as described in provider documentation https://www.terraform.io/docs/providers/google/r/storage_bucket.html#lifecycle_rule except condition.matches\\_storage\\_class should be a comma delimited string. | \u003cpre\u003eset(object({\u003cbr\u003e    # Object with keys:\u003cbr\u003e    # - type - The type of the action of this Lifecycle Rule. Supported values: Delete and SetStorageClass.\u003cbr\u003e    # - storage_class - (Required if action type is SetStorageClass) The target Storage Class of objects affected by this Lifecycle Rule.\u003cbr\u003e    action = map(string)\u003cbr\u003e\u003cbr\u003e    # Object with keys:\u003cbr\u003e    # - age - (Optional) Minimum age of an object in days to satisfy this condition.\u003cbr\u003e    # - created_before - (Optional) Creation date of an object in RFC 3339 (e.g. 2017-06-13) to satisfy this condition.\u003cbr\u003e    # - with_state - (Optional) Match to live and/or archived objects. Supported values include: \"LIVE\", \"ARCHIVED\", \"ANY\".\u003cbr\u003e    # - matches_storage_class - (Optional) Comma delimited string for storage class of objects to satisfy this condition. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, STANDARD, DURABLE_REDUCED_AVAILABILITY.\u003cbr\u003e    # - matches_prefix - (Optional) One or more matching name prefixes to satisfy this condition.\u003cbr\u003e    # - matches_suffix - (Optional) One or more matching name suffixes to satisfy this condition.\u003cbr\u003e    # - num_newer_versions - (Optional) Relevant only for versioned objects. The number of newer versions of an object to satisfy this condition.\u003cbr\u003e    # - custom_time_before - (Optional) A date in the RFC 3339 format YYYY-MM-DD. This condition is satisfied when the customTime metadata for the object is set to an earlier date than the date used in this lifecycle condition.\u003cbr\u003e    # - days_since_custom_time - (Optional) The number of days from the Custom-Time metadata attribute after which this condition becomes true.\u003cbr\u003e    # - days_since_noncurrent_time - (Optional) Relevant only for versioned objects. Number of days elapsed since the noncurrent timestamp of an object.\u003cbr\u003e    # - noncurrent_time_before - (Optional) Relevant only for versioned objects. The date in RFC 3339 (e.g. 2017-06-13) when the object became nonconcurrent.\u003cbr\u003e    condition = map(string)\u003cbr\u003e  }))\u003c/pre\u003e | `[]` | no |\n| location | Bucket location. | `string` | `\"EU\"` | no |\n| logging | Map of lowercase unprefixed name =\u003e bucket logging config object. Format is the same as described in provider documentation https://www.terraform.io/docs/providers/google/r/storage_bucket.html#logging | `any` | `{}` | no |\n| names | Bucket name suffixes. | `list(string)` | n/a | yes |\n| prefix | Prefix used to generate the bucket name. | `string` | `\"\"` | no |\n| project\\_id | Bucket project id. | `string` | n/a | yes |\n| public\\_access\\_prevention | Prevents public access to a bucket. Acceptable values are inherited or enforced. If inherited, the bucket uses public access prevention, only if the bucket is subject to the public access prevention organization policy constraint. | `string` | `\"inherited\"` | no |\n| randomize\\_suffix | Adds an identical, but randomized 4-character suffix to all bucket names | `bool` | `false` | no |\n| retention\\_policy | Map of retention policy values. Format is the same as described in provider documentation https://www.terraform.io/docs/providers/google/r/storage_bucket#retention_policy | `any` | `{}` | no |\n| set\\_admin\\_roles | Grant roles/storage.objectAdmin role to admins and bucket\\_admins. | `bool` | `false` | no |\n| set\\_creator\\_roles | Grant roles/storage.objectCreator role to creators and bucket\\_creators. | `bool` | `false` | no |\n| set\\_hmac\\_access | Set S3 compatible access to GCS. | `bool` | `false` | no |\n| set\\_hmac\\_key\\_admin\\_roles | Grant roles/storage.hmacKeyAdmin role to hmac\\_key\\_admins and bucket\\_hmac\\_key\\_admins. | `bool` | `false` | no |\n| set\\_storage\\_admin\\_roles | Grant roles/storage.admin role to storage\\_admins and bucket\\_storage\\_admins. | `bool` | `false` | no |\n| set\\_viewer\\_roles | Grant roles/storage.objectViewer role to viewers and bucket\\_viewers. | `bool` | `false` | no |\n| soft\\_delete\\_policy | Soft delete policies to apply. Map of lowercase unprefixed name =\u003e soft delete policy. Format is the same as described in provider documentation https://www.terraform.io/docs/providers/google/r/storage_bucket.html#nested_soft_delete_policy | `map(any)` | `{}` | no |\n| storage\\_admins | IAM-style members who will be granted roles/storage.admin on all buckets. | `list(string)` | `[]` | no |\n| storage\\_class | Bucket storage class. | `string` | `\"STANDARD\"` | no |\n| versioning | Optional map of lowercase unprefixed name =\u003e boolean, defaults to false. | `map(bool)` | `{}` | no |\n| viewers | IAM-style members who will be granted roles/storage.objectViewer on all buckets. | `list(string)` | `[]` | no |\n| website | Map of website values. Supported attributes: main\\_page\\_suffix, not\\_found\\_page | `map(any)` | `{}` | no |\n\n## Outputs\n\n| Name | Description |\n|------|-------------|\n| apphub\\_service\\_uri | URI in CAIS style to be used by Apphub. |\n| bucket | Bucket resource (for single use). |\n| buckets | Bucket resources as list. |\n| buckets\\_map | Bucket resources by name. |\n| hmac\\_keys | List of HMAC keys. |\n| name | Bucket name (for single use). |\n| names | Bucket names. |\n| names\\_list | List of bucket names. |\n| url | Bucket URL (for single use). |\n| urls | Bucket URLs. |\n| urls\\_list | List of bucket URLs. |\n\n\u003c!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK --\u003e\n\n## Requirements\n\nThese sections describe requirements for using this module.\n\n### Software\n\nThe following dependencies must be available:\n\n- [Terraform](https://www.terraform.io/downloads.html) \u003e= 0.13.0\n  - For Terraform v0.11 see the [Compatibility](#compatibility) section above\n- [Terraform Provider for GCP][terraform-provider-gcp] plugin \u003e= v4.42\n\n### Service Account\n\nUser or service account credentials with the following roles must be used to provision the resources of this module:\n\n- Storage Admin: `roles/storage.admin`\n\nThe [Project Factory module][project-factory-module] and the\n[IAM module][iam-module] may be used in combination to provision a\nservice account with the necessary roles applied.\n\n### APIs\n\nA project with the following APIs enabled must be used to host the\nresources of this module:\n\n- Google Cloud Storage JSON API: `storage-api.googleapis.com`\n\nThe [Project Factory module][project-factory-module] can be used to\nprovision a project with the necessary APIs enabled.\n\n## Contributing\n\nRefer to the [contribution guidelines](./CONTRIBUTING.md) for\ninformation on contributing to this module.\n\n[iam-module]: https://registry.terraform.io/modules/terraform-google-modules/iam/google\n[project-factory-module]: https://registry.terraform.io/modules/terraform-google-modules/project-factory/google\n[terraform-provider-gcp]: https://www.terraform.io/docs/providers/google/index.html\n[terraform]: https://www.terraform.io/downloads.html\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fterraform-google-modules%2Fterraform-google-cloud-storage","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fterraform-google-modules%2Fterraform-google-cloud-storage","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fterraform-google-modules%2Fterraform-google-cloud-storage/lists"}