https://github.com/scribd/terraform-s3-rbac

Terraform module to allow users to easily create buckets in their own account and then give access to said buckets via AWS IAM principals
https://github.com/scribd/terraform-s3-rbac

core-infrastructure managed-by-terraform s3 terraform

Last synced: 2 months ago
JSON representation

Terraform module to allow users to easily create buckets in their own account and then give access to said buckets via AWS IAM principals

• Host: GitHub
• URL: https://github.com/scribd/terraform-s3-rbac
• Owner: scribd
• License: mit
• Created: 2020-08-19T21:42:07.000Z (almost 6 years ago)
• Default Branch: master
• Last Pushed: 2023-11-14T13:42:24.000Z (over 2 years ago)
• Last Synced: 2026-01-21T19:36:33.628Z (4 months ago)
• Topics: core-infrastructure, managed-by-terraform, s3, terraform
• Language: HCL
• Homepage: https://github.com/scribd/terraform-s3-rbac
• Size: 17.6 KB
• Stars: 2
• Watchers: 8
• Forks: 2
• Open Issues: 3
• Metadata Files:
  • Readme: README.md
  • License: LICENSE
  • Code of conduct: CODE_OF_CONDUCT.md
  • Codeowners: CODEOWNERS

Awesome Lists containing this project

README

          
# terraform-s3-rbac

## Description

This Terraform module allow users to easily create buckets in their own account and then give access to said buckets via AWS IAM principals.

Principals are defined in the AWS docs here: [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html)

#### NOTE

Currently only `AWS` principals are supported this includes:

* IAM Users

* IAM Roles

* AWS Accounts

* Assumed-Role Sessions

## Usage

```terraform

module "s3_rbac" {

  source = "https://github.com:scribd/terraform-s3-rbac.git"

  role_name              = "remote_s3_rbac"

  s3_bucket_names        = ["somename-00", "somename-01", "somename-nn"]

  remote_principals_arns = ["arn:aws:iam::1234567890:user/someuser", "arn:aws:iam::1234567890:role/somerole"]

  

  tags = {"key": "value"}

}

```

## Inputs

| Input | Required| Description|

|-----|------|-----|

|role_name|yes|The name you want to give to the newly created role|

|s3_bucket_names|yes|The name(s) of the bucket(s) you would like to create in your AWS account|

|remote_principals_arns|yes|The ARNs of the principals you wish to let access your buckets. They can be one of: IAM user, IAM Role, AWS Account, or Assumed Role Ression|

|acl|no|ACL of the S3 bucket(s) you want to create. Default `private`|

|block_public_acls|no|Defaults to `true`|

|block_public_policy|no|Defaults to `true`|

|restrict_public_buckets|no|Defaults to `true`|

|ignore_public_acls|no|Defaults to `true`|

## Outputs

|Output|Description|

|----|-----|

|iam_role_arn|IAM role arn created to be assumed by remote principal(s)|

|s3_bucket_arns|Your S3 bucket ARNS|

## Contribution

If you wish to contribute please do the following:

* First create an issue for a new feature, where Scribd will look to review if it is within the scope of this project

* Ensure your work abides by terraform best practices

* Choose simplicity over saving a few lines

* `terraform fmt` and `terraform validate` before opening a PR