S3 Bucket

Object storage.

storage
category33
settings3
inputs1
outputs

Configuration

Setting	Type	Required	Default
Bucket name	Text	Yes	—
Versioning	Toggle	—	false
Force destroy (delete non-empty)	Toggle	—	false
Access control Options: Private, Public read, Public read/write, Authenticated read	Choice	—	private
Object ownership Options: Bucket owner enforced (no ACLs), Bucket owner preferred, Object writer	Choice	—	BucketOwnerEnforced
Encryption Options: SSE-S3 (AES-256), SSE-KMS, SSE-KMS DSSE	Choice	—	AES256
KMS key ARN (when SSE-KMS)	Text	—	—
Bucket key (KMS cost reduction)	Toggle	—	true
Block public ACLs	Toggle	—	true
Block public policy	Toggle	—	true
Ignore public ACLs	Toggle	—	true
Restrict public buckets	Toggle	—	true
Access log target bucket	Text	—	—
Access log prefix	Text	—	—
Transfer acceleration	Toggle	—	false
Object Lock	Toggle	—	false
Object Lock mode Options: Governance, Compliance	Choice	—	—
Object Lock retention (days)	Number	—	—
Days → STANDARD_IA	Number	—	—
Days → GLACIER	Number	—	—
Days → DEEP_ARCHIVE	Number	—	—
Days → expiration	Number	—	—
Noncurrent version expiration (days)	Number	—	—
Abort incomplete multipart (days)	Number	—	—
Requester pays	Toggle	—	false
CORS allowed origins	List	—	—
CORS allowed methods	List	—	—
CORS allowed headers	List	—	—
Website index document	Text	—	—
Website error document	Text	—	—
Redirect all requests to	Text	—	—
Bucket policy (JSON)	Text	—	—
Tags	Key–value	—	—

Connections

Socket	Direction	Accepts	Terraform arg
Writer	Input	any	—
SSE-KMS key	Input	aws.kms-key	server_side_encryption_configuration.rule.apply_server_side_encryption_by_default.kms_master_key_id
Access log target bucket	Input	aws.s3	logging.target_bucket
Bucket (origin / source)	Output	aws.cloudfront, aws.cloudtrail, aws.codepipeline, aws.datasync-location-s3, aws.mwaa, aws.route53-query-log, aws.s3, aws.s3-access-point, aws.s3-bucket-notification, aws.s3-intelligent-tiering, aws.s3-inventory, aws.s3-replication-configuration	—