object submodule manages individual S3 objects within a bucket. Use it to upload files, set metadata, configure server-side encryption per object, and manage object lock settings.
Module Reference
Input Variables
Core
Whether to create this resource or not. Set to
false to conditionally skip object creation.Region where the resource(s) will be managed. Defaults to the region set in the provider configuration.
The name of the bucket to put the file in. Alternatively, an S3 access point ARN can be specified.
The name of the object once it is in the bucket. This is the S3 key (path) under which the object is stored.
Content
The path to a file that will be read and uploaded as raw bytes for the object content. Use this for uploading local files.
Literal string value to use as the object content, which will be uploaded as UTF-8-encoded text.
Base64-encoded data that will be decoded and uploaded as raw bytes for the object content. This allows safely uploading non-UTF8 binary data, but is recommended only for small content. For larger objects, use
file_source.HTTP Headers
A standard MIME type describing the format of the object data, e.g.
application/octet-stream. All valid MIME types are valid for this input.Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the
Content-Type header field.The language the content is in, e.g.
en-US or en-GB.Specifies presentational information for the object.
Specifies caching behavior along the request/reply chain.
Specifies a target URL for website redirect.
Storage & Encryption
Specifies the desired Storage Class for the object. Can be
STANDARD, REDUCED_REDUNDANCY, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, or STANDARD_IA. Defaults to STANDARD.Specifies server-side encryption of the object in S3. Valid values are
AES256 and aws:kms.Amazon Resource Name (ARN) of the KMS Key to use for object encryption. If the S3 Bucket has server-side encryption enabled, that value will automatically be used. If referencing the
aws_kms_key resource, use the arn attribute. If referencing the aws_kms_alias data source or resource, use the target_key_arn attribute.Whether or not to use Amazon S3 Bucket Keys for SSE-KMS. Reduces the cost of SSE-KMS by lowering calls to AWS KMS.
Access Control
The canned ACL to apply. Valid values are
private, public-read, public-read-write, aws-exec-read, authenticated-read, bucket-owner-read, and bucket-owner-full-control. Defaults to private.Metadata & Tags
A map of keys/values to provision metadata (will be automatically prefixed by
x-amz-meta-). Note that only lowercase labels are currently supported by the AWS Go API.A map of tags to assign to the object.
Ignore provider
default_tags. S3 objects support a maximum of 10 tags.Change Detection
Used to trigger updates. This attribute is not compatible with KMS encryption,
kms_key_id, or server_side_encryption = "aws:kms".Triggers updates like
etag but useful to address etag encryption limitations. Set using filemd5("path/to/source") (Terraform 0.11.12 or later). The value is only stored in state and not saved by AWS.Object Lock
Allow the object to be deleted by removing any legal hold on any object version. This value should be set to
true only if the bucket has S3 object lock enabled.The legal hold status that you want to apply to the specified object. Valid values are
ON and OFF.The object lock retention mode that you want to apply to this object. Valid values are
GOVERNANCE and COMPLIANCE.The date and time, in RFC3339 format, when this object’s object lock will expire.
Outputs
The key (path) of the S3 object.
The ETag generated for the object (an MD5 sum of the object content).
A unique version ID value for the object, if bucket versioning is enabled.