AWS · AWS · AWS S3
AWS S3 Bucket (hardened)
Terraform / OpenTofuLive-tested
Private S3 bucket with encryption, versioning, public-access block, and TLS-only policy.
Compare Object Storage across clouds →
Verification
Live-testedReally deployed, verified, idempotent and destroyed in a cloud sandbox.
Conformance
- Static validation (fmt · validate · tflint)
- Security scan: findings disclosed (Checkov)
- Plan tests (mocked: validation rules · outputs)
Provenance
- SHA-256 checksum
- Signature (pending)
Functional
- Live-tested — applied, verified, destroyed
Last verified 2026-06-11 · how we verify
Details
- Type
- tf_module
- Provider / collection
- hashicorp/aws
- Target clouds
- aws
- Target OS
- —
- Version
- v1.0.0
- License
- LicenseRef-IaCBazaar-Commercial
$49.00
one-time · perpetual license + 12 months of updates
Included in the builder+ subscription.
Documentation
aws-s3-bucket
A hardened-by-default private AWS S3 bucket module. Works with Terraform and
OpenTofu (>= 1.6), AWS provider >= 5.0, < 7.0.
Secure defaults:
- Server-side encryption (AES256, or SSE-KMS when
kms_key_arnis set) - Object versioning (on by default)
- Full public-access block
- Bucket policy denying any non-TLS (
aws:SecureTransport = false) access
Usage
module "bucket" {
source = "./aws-s3-bucket"
bucket_name = "my-unique-bucket-name"
tags = { Environment = "prod" }
}
Inputs
| Name | Type | Default | Description |
|---|---|---|---|
bucket_name | string | — | Globally-unique bucket name (required) |
versioning_enabled | bool | true | Enable object versioning |
kms_key_arn | string | null | KMS key ARN for SSE-KMS; null = AES256 |
force_destroy | bool | false | Allow destroying a non-empty bucket |
tags | map(string) | {} | Tags applied to resources |
Outputs
bucket_id, bucket_arn, bucket_domain_name.
License
Commercial — IaC Bazaar EULA. © IaC Bazaar. Original work (not derived from a third-party module).