Skip to content

Commit

Permalink
fix: improve prevent_unencrypted_uploads documentation
Browse files Browse the repository at this point in the history
* Closes #177
  • Loading branch information
Lennart Goedhart committed Jul 5, 2024
1 parent 01232bd commit 6db90f0
Show file tree
Hide file tree
Showing 4 changed files with 12 additions and 4 deletions.
2 changes: 1 addition & 1 deletion .github/settings.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,6 @@
_extends: .github
repository:
name: terraform-aws-tfstate-backend
description: Terraform module that provision an S3 bucket to store the `terraform.tfstate` file and a DynamoDB table to lock the state file to prevent concurrent modifications and state corruption.
description: Terraform module that provisions an S3 bucket to store the `terraform.tfstate` file and a DynamoDB table to lock the state file to prevent concurrent modifications and state corruption.
homepage: https://cloudposse.com/accelerate
topics: terraform, terraform-module, aws, tfstate, dynamodb, locking, aws-dynamodb, terraform-modules, dynamodb-table, s3-bucket, backend, terraform-state, remote-state, hcl2
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -292,7 +292,7 @@ Available targets:
| <a name="input_name"></a> [name](#input\_name) | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.<br>This is the only ID element not also included as a `tag`.<br>The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input. | `string` | `null` | no |
| <a name="input_namespace"></a> [namespace](#input\_namespace) | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique | `string` | `null` | no |
| <a name="input_permissions_boundary"></a> [permissions\_boundary](#input\_permissions\_boundary) | ARN of the policy that is used to set the permissions boundary for the IAM replication role | `string` | `""` | no |
| <a name="input_prevent_unencrypted_uploads"></a> [prevent\_unencrypted\_uploads](#input\_prevent\_unencrypted\_uploads) | Prevent uploads of unencrypted objects to S3 | `bool` | `true` | no |
| <a name="input_prevent_unencrypted_uploads"></a> [prevent\_unencrypted\_uploads](#input\_prevent\_unencrypted\_uploads) | Enforce requirement to specify encryption key when uploading content to the S3 bucket.<br>The name of this variable is a little misleading. Since a default encryption key is created<br>for the bucket by this module, contents are always encrypted at rest.<br>Setting this variable to `true` (the default) will require that uploads to the bucket will need<br>to be initiated with a specific encryption key.<br>If this variable is set to `true` and an upload is attempted without specifying an encryption key<br>(including using the S3 Console), an "Access Denied" error will be thrown by AWS. | `bool` | `true` | no |
| <a name="input_profile"></a> [profile](#input\_profile) | AWS profile name as set in the shared credentials file | `string` | `""` | no |
| <a name="input_read_capacity"></a> [read\_capacity](#input\_read\_capacity) | DynamoDB read capacity units when using provisioned mode | `number` | `5` | no |
| <a name="input_regex_replace_chars"></a> [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.<br>Characters matching the regex will be removed from the ID elements.<br>If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
Expand Down
2 changes: 1 addition & 1 deletion docs/terraform.md
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@
| <a name="input_name"></a> [name](#input\_name) | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.<br>This is the only ID element not also included as a `tag`.<br>The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input. | `string` | `null` | no |
| <a name="input_namespace"></a> [namespace](#input\_namespace) | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique | `string` | `null` | no |
| <a name="input_permissions_boundary"></a> [permissions\_boundary](#input\_permissions\_boundary) | ARN of the policy that is used to set the permissions boundary for the IAM replication role | `string` | `""` | no |
| <a name="input_prevent_unencrypted_uploads"></a> [prevent\_unencrypted\_uploads](#input\_prevent\_unencrypted\_uploads) | Prevent uploads of unencrypted objects to S3 | `bool` | `true` | no |
| <a name="input_prevent_unencrypted_uploads"></a> [prevent\_unencrypted\_uploads](#input\_prevent\_unencrypted\_uploads) | Enforce requirement to specify encryption key when uploading content to the S3 bucket.<br>The name of this variable is a little misleading. Since a default encryption key is created<br>for the bucket by this module, contents are always encrypted at rest.<br>Setting this variable to `true` (the default) will require that uploads to the bucket will need<br>to be initiated with a specific encryption key.<br>If this variable is set to `true` and an upload is attempted without specifying an encryption key<br>(including using the S3 Console), an "Access Denied" error will be thrown by AWS. | `bool` | `true` | no |
| <a name="input_profile"></a> [profile](#input\_profile) | AWS profile name as set in the shared credentials file | `string` | `""` | no |
| <a name="input_read_capacity"></a> [read\_capacity](#input\_read\_capacity) | DynamoDB read capacity units when using provisioned mode | `number` | `5` | no |
| <a name="input_regex_replace_chars"></a> [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.<br>Characters matching the regex will be removed from the ID elements.<br>If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
Expand Down
10 changes: 9 additions & 1 deletion variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,15 @@ variable "restrict_public_buckets" {
variable "prevent_unencrypted_uploads" {
type = bool
default = true
description = "Prevent uploads of unencrypted objects to S3"
description = <<-EOT
Enforce requirement to specify encryption key when uploading content to the S3 bucket.
The name of this variable is a little misleading. Since a default encryption key is created
for the bucket by this module, contents are always encrypted at rest.
Setting this variable to `true` (the default) will require that uploads to the bucket will need
to be initiated with a specific encryption key.
If this variable is set to `true` and an upload is attempted without specifying an encryption key
(including using the S3 Console), an "Access Denied" error will be thrown by AWS.
EOT
}

variable "profile" {
Expand Down

0 comments on commit 6db90f0

Please sign in to comment.