AWS S3 Bucket (hardened)

aws-s3-bucket

A hardened-by-default private AWS S3 bucket module. Works with Terraform and OpenTofu (>= 1.6), AWS provider >= 5.0, < 7.0.

Secure defaults:

• Server-side encryption (AES256, or SSE-KMS when kms_key_arn is set)
• Object versioning (on by default)
• Full public-access block
• Bucket policy denying any non-TLS (aws:SecureTransport = false) access

Usage

module "bucket" {
  source      = "./aws-s3-bucket"
  bucket_name = "my-unique-bucket-name"
  tags        = { Environment = "prod" }
}

Inputs

Name	Type	Default	Description
bucket_name	string	—	Globally-unique bucket name (required)
versioning_enabled	bool	true	Enable object versioning
kms_key_arn	string	null	KMS key ARN for SSE-KMS; null = AES256
force_destroy	bool	false	Allow destroying a non-empty bucket
tags	map(string)	{}	Tags applied to resources

Outputs

bucket_id, bucket_arn, bucket_domain_name.

License

Commercial — IaC Bazaar EULA. © IaC Bazaar. Original work (not derived from a third-party module).