hunfabric/modules/gcs

Google Cloud Storage Module

Example

module "bucket" {
  source     = "./fabric/modules/gcs"
  project_id = "myproject"
  prefix     = "test"
  name       = "my-bucket"
  versioning = true
  iam = {
    "roles/storage.admin" = ["group:storage@example.com"]
  }
  labels = {
    cost-center = "devops"
  }
}
# tftest modules=1 resources=2 inventory=simple.yaml

Example with Cloud KMS

module "bucket" {
  source         = "./fabric/modules/gcs"
  project_id     = "myproject"
  name           = "my-bucket"
  encryption_key = "my-encryption-key"
}
# tftest modules=1 resources=1 inventory=cmek.yaml

Example with retention policy and logging

module "bucket" {
  source     = "./fabric/modules/gcs"
  project_id = "myproject"
  name       = "my-bucket"
  retention_policy = {
    retention_period = 100
    is_locked        = true
  }
  logging_config = {
    log_bucket        = "log-bucket"
    log_object_prefix = null
  }
}
# tftest modules=1 resources=1 inventory=retention-logging.yaml

Example with lifecycle rule

module "bucket" {
  source     = "./fabric/modules/gcs"
  project_id = "myproject"
  name       = "my-bucket"
  lifecycle_rules = {
    lr-0 = {
      action = {
        type          = "SetStorageClass"
        storage_class = "STANDARD"
      }
      condition = {
        age = 30
      }
    }
  }
}
# tftest modules=1 resources=1 inventory=lifecycle.yaml

Minimal example with GCS notifications

module "bucket-gcs-notification" {
  source     = "./fabric/modules/gcs"
  project_id = "myproject"
  name       = "my-bucket"
  notification_config = {
    enabled           = true
    payload_format    = "JSON_API_V1"
    sa_email          = "service-<project-number>@gs-project-accounts.iam.gserviceaccount.com" # GCS SA email must be passed or fetched from projects module.
    topic_name        = "gcs-notification-topic"
    event_types       = ["OBJECT_FINALIZE"]
    custom_attributes = {}
  }
}
# tftest modules=1 resources=4 inventory=notification.yaml

Example with object upload

module "bucket" {
  source     = "./fabric/modules/gcs"
  project_id = "myproject"
  name       = "my-bucket"
  objects_to_upload = {
    sample-data = {
      name         = "example-file.csv"
      source       = "data/example-file.csv"
      content_type = "text/csv"
    }
  }
}
# tftest modules=1 resources=2 inventory=object-upload.yaml

Variables

name	description	type	required	default
name	Bucket name suffix.	string	✓
project_id	Bucket project id.	string	✓
cors	CORS configuration for the bucket. Defaults to null.	object({…})		null
encryption_key	KMS key that will be used for encryption.	string		null
force_destroy	Optional map to set force destroy keyed by name, defaults to false.	bool		false
iam	IAM bindings in {ROLE => [MEMBERS]} format.	map(list(string))		{}
labels	Labels to be attached to all buckets.	map(string)		{}
lifecycle_rules	Bucket lifecycle rule.	map(object({…}))		{}
location	Bucket location.	string		"EU"
logging_config	Bucket logging configuration.	object({…})		null
notification_config	GCS Notification configuration.	object({…})		null
objects_to_upload	Objects to be uploaded to bucket.	map(object({…}))		{}
prefix	Optional prefix used to generate the bucket name.	string		null
retention_policy	Bucket retention policy.	object({…})		null
storage_class	Bucket storage class.	string		"MULTI_REGIONAL"
uniform_bucket_level_access	Allow using object ACLs (false) or not (true, this is the recommended behavior) , defaults to true (which is the recommended practice, but not the behavior of storage API).	bool		true
versioning	Enable versioning, defaults to false.	bool		false
website	Bucket website.	object({…})		null

Outputs

name	description	sensitive
bucket	Bucket resource.
id	Fully qualified bucket id.
name	Bucket name.
notification	GCS Notification self link.
objects	Objects in GCS bucket.
topic	Topic ID used by GCS.
url	Bucket URL.