This module makes it easy to create one or more GCS buckets, and assign basic permissions on them to arbitrary users.
The resources/services/activations/deletions that this module will create/trigger are:
- One or more GCS buckets
- Zero or more IAM bindings for those buckets
Basic usage of this module is as follows:
module "gcs_buckets" {
source = "terraform-google-modules/cloud-storage/google"
version = "~> 0.1"
project_id = "<PROJECT ID>"
names = ["first", "second"]
prefix = "my-unique-prefix"
set_admin_roles = true
admins = ["group:foo-admins@example.com"]
versioning = {
first = true
}
bucket_admins = {
second = "user:spam@example.com,eggs@example.com"
}
}Functional examples are included in the examples directory.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| admins | IAM-style members who will be granted roles/storage.objectAdmin on all buckets. | list | <list> |
no |
| bucket_admins | Map of lowercase unprefixed name => comma-delimited IAM-style bucket admins. | map | <map> |
no |
| bucket_creators | Map of lowercase unprefixed name => comma-delimited IAM-style bucket creators. | map | <map> |
no |
| bucket_viewers | Map of lowercase unprefixed name => comma-delimited IAM-style bucket viewers. | map | <map> |
no |
| creators | IAM-style members who will be granted roles/storage.objectCreators on all buckets. | list | <list> |
no |
| labels | Labels to be attached to the buckets | map | <map> |
no |
| location | Bucket location. | string | "EU" |
no |
| names | Bucket name suffixes. | list | n/a | yes |
| prefix | Prefix used to generate the bucket name. | string | n/a | yes |
| project_id | Bucket project id. | string | n/a | yes |
| set_admin_roles | Grant roles/storage.objectAdmin role to admins and bucket_admins. | string | "false" |
no |
| set_creator_roles | Grant roles/storage.objectCreator role to creators and bucket_creators. | string | "false" |
no |
| set_viewer_roles | Grant roles/storage.objectViewer role to viewers and bucket_viewers. | string | "false" |
no |
| storage_class | Bucket storage class. | string | "MULTI_REGIONAL" |
no |
| versioning | Optional map of lowercase unprefixed name => boolean, defaults to false. | map | <map> |
no |
| viewers | IAM-style members who will be granted roles/storage.objectViewer on all buckets. | list | <list> |
no |
| Name | Description |
|---|---|
| name | Bucket name of the first bucket (for single-use cases). |
| names | Map of unprefixed names => bucket names. |
| url | URL of the first bucket (for single-use cases). |
| urls | Map of unprefixed names => bucket URLs. |
These sections describe requirements for using this module.
The following dependencies must be available:
- Terraform v0.11
- Terraform Provider for GCP plugin v2.0
User or service account credentials with the following roles must be used to provision the resources of this module:
- Storage Admin:
roles/storage.admin
The Project Factory module and the IAM module may be used in combination to provision a service account with the necessary roles applied.
A project with the following APIs enabled must be used to host the resources of this module:
- Google Cloud Storage JSON API:
storage-api.googleapis.com
The Project Factory module can be used to provision a project with the necessary APIs enabled.
Refer to the contribution guidelines for information on contributing to this module.