Creates an S3 bucket for storage purposes

This module creates an S3 bucket for storage purposes. It is created with server-side AES256 encryption.


  - name: bucky
    type: aws-s3
    bucket_name: dev-runx-bucky
        - "PUT"
      max_age_seconds: 3600
        - ""

File uploading

To upload files to s3, just set the files field to the path (relative to the yaml or absolute) of a local directory. On the next apply, all the files and subdirectories will be automatically uploaded to the bucket!

So for example if you called the module like so:

  - type: s3
    name: blah
    bucket_name: "opta-is-testing-cloudfront"
    files: "../blah"

And the ../blah directory had the following structure:

├── hello2.html
├── hello2.txt
├── hello3.txt
└── subdir
    └── hello3.html

Then Opta would upload 4 files to your S3 bucket, with the S3 keys being hello2.html, hello2.txt, hello3.txt and subdir/hello3.html.

Opta will also catch any changes to the files on the next opta apply and will push updates as needed. Opta supports extensive MIME parsing, so it also makes sure to set the content type correctly.


This module can be linked to Opta’s cloudfront module in order to serve static files.

To securely work with cloudfront, the module additionally creates a Cloudfront Origin Access Identity with read privileges to be used by cloudfront to access its contents.


When linked to a k8s-service or IAM role/user, this adds the necessary IAM permissions to read (e.g. list objects and get objects) and/or write (e.g. list, get, create, destroy, and update objects) to the given s3 bucket. The current permissions are, “read” and “write”, defaulting to “write” if none specified


Name Description Default Required
bucket_name The name of the bucket to create. None True
same_region_replication Create a same-region bucket for replica storage (needed for compliance). Can be added later without destroying the resource. False False
block_public Block all public access. True False
bucket_policy A custom s3 policy json/yaml to add. None False
cors_rule A custom cors policy. None False
files The path (can be relative to the opta yaml) to a directory holding files which you wish to upload to the s3 bucket. The files will have the same names and any subdirectories will similarly be included and uploaded as subdir/path/filename. None False


Name Description
bucket_id The id of the S3 bucket
bucket_arn The arn of the S3 bucket
cloudfront_read_path The path of the cloud front origin access identity created for reading objects in this bucket

Last modified August 5, 2022 : Cleanup install script (#197) (2175394)