main.tf file
resource "aws_s3_bucket_replication_configuration" "this" {
count = local.create_bucket && length(keys(var.replication_configuration)) > 0 ? 1 : 0
bucket = aws_s3_bucket.this[0].id
role = var.replication_configuration["role"]
dynamic "rule" {
for_each = flatten(try([var.replication_configuration["rule"]], [var.replication_configuration["rules"]], []))
content {
id = try(rule.value.id, null)
priority = try(rule.value.priority, null)
prefix = try(rule.value.prefix, null)
status = try(tobool(rule.value.status) ? "Enabled" : "Disabled", title(lower(rule.value.status)), "Enabled")
dynamic "delete_marker_replication" {
for_each = flatten(try([rule.value.delete_marker_replication_status], [rule.value.delete_marker_replication], []))
content {
# Valid values: "Enabled" or "Disabled"
status = try(tobool(delete_marker_replication.value) ? "Enabled" : "Disabled", title(lower(delete_marker_replication.value)))
}
}
# Amazon S3 does not support this argument according to:
# https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_replication_configuration
# More infor about what does Amazon S3 replicate?
# https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication-what-is-isnot-replicated.html
dynamic "existing_object_replication" {
for_each = flatten(try([rule.value.existing_object_replication_status], [rule.value.existing_object_replication], []))
content {
# Valid values: "Enabled" or "Disabled"
status = try(tobool(existing_object_replication.value) ? "Enabled" : "Disabled", title(lower(existing_object_replication.value)))
}
}
dynamic "destination" {
for_each = try(flatten([rule.value.destination]), [])
content {
bucket = destination.value.bucket
storage_class = try(destination.value.storage_class, null)
account = try(destination.value.account_id, destination.value.account, null)
dynamic "access_control_translation" {
for_each = try(flatten([destination.value.access_control_translation]), [])
content {
owner = title(lower(access_control_translation.value.owner))
}
}
dynamic "encryption_configuration" {
for_each = flatten([try(destination.value.encryption_configuration.replica_kms_key_id, destination.value.replica_kms_key_id, [])])
content {
replica_kms_key_id = encryption_configuration.value
}
}
dynamic "replication_time" {
for_each = try(flatten([destination.value.replication_time]), [])
content {
# Valid values: "Enabled" or "Disabled"
status = try(tobool(replication_time.value.status) ? "Enabled" : "Disabled", title(lower(replication_time.value.status)), "Disabled")
dynamic "time" {
for_each = try(flatten([replication_time.value.minutes]), [])
content {
minutes = replication_time.value.minutes
}
}
}
}
dynamic "metrics" {
for_each = try(flatten([destination.value.metrics]), [])
content {
# Valid values: "Enabled" or "Disabled"
status = try(tobool(metrics.value.status) ? "Enabled" : "Disabled", title(lower(metrics.value.status)), "Disabled")
dynamic "event_threshold" {
for_each = try(flatten([metrics.value.minutes]), [])
content {
minutes = metrics.value.minutes
}
}
}
}
}
}
dynamic "source_selection_criteria" {
for_each = try(flatten([rule.value.source_selection_criteria]), [])
content {
dynamic "replica_modifications" {
for_each = flatten([try(source_selection_criteria.value.replica_modifications.enabled, source_selection_criteria.value.replica_modifications.status, [])])
content {
# Valid values: "Enabled" or "Disabled"
status = try(tobool(replica_modifications.value) ? "Enabled" : "Disabled", title(lower(replica_modifications.value)), "Disabled")
}
}
dynamic "sse_kms_encrypted_objects" {
for_each = flatten([try(source_selection_criteria.value.sse_kms_encrypted_objects.enabled, source_selection_criteria.value.sse_kms_encrypted_objects.status, [])])
content {
# Valid values: "Enabled" or "Disabled"
status = try(tobool(sse_kms_encrypted_objects.value) ? "Enabled" : "Disabled", title(lower(sse_kms_encrypted_objects.value)), "Disabled")
}
}
}
}
# Max 1 block - filter - without any key arguments or tags
dynamic "filter" {
for_each = length(try(flatten([rule.value.filter]), [])) == 0 ? [true] : []
content {
}
}
# Max 1 block - filter - with one key argument or a single tag
dynamic "filter" {
for_each = [for v in try(flatten([rule.value.filter]), []) : v if max(length(keys(v)), length(try(rule.value.filter.tags, rule.value.filter.tag, []))) == 1]
content {
prefix = try(filter.value.prefix, null)
dynamic "tag" {
for_each = try(filter.value.tags, filter.value.tag, [])
content {
key = tag.key
value = tag.value
}
}
}
}
# Max 1 block - filter - with more than one key arguments or multiple tags
dynamic "filter" {
for_each = [for v in try(flatten([rule.value.filter]), []) : v if max(length(keys(v)), length(try(rule.value.filter.tags, rule.value.filter.tag, []))) > 1]
content {
and {
prefix = try(filter.value.prefix, null)
tags = try(filter.value.tags, filter.value.tag, null)
}
}
}
}
}
# Must have bucket versioning enabled first
depends_on = [aws_s3_bucket_versioning.this]
}
I want to pass the required variables for the above s3 replication feature in the variables.tf file.
what is the right way to provide multiple rules as a variable in terraform variables.tf file for the s3 bucket replication configuration?
Ref link to the code snippet: terraform-aws-s3-bucket/main.tf at master · terraform-aws-modules/terraform-aws-s3-bucket · GitHub
Appreciated any help