My Automated Lab project: #6 Create a S3 Bucket with Terraform

Luca Dell'Oca,

To complete my setup, once I deployed all my virtual machines in the previous articles, I also need a S3 bucket to be later used in Veeam as an object storage. And obviously, I can also automated this part.

For this project, I will use AWS S3. In AWS I need a user that can create and manage the buckets. Keep in mind to select Programmatic access in Access type to get Access Key ID and Secret Key:

then, we grab its access key, and we use them in our Terraform project. In the Terraform project folder, I create the file variables.tf:

variable "aws_access_key" {
  default = "XXXXXXXXXXXXXX" 
}
variable "aws_secret_key" {
  default = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" 
}
variable "region" {
  default = "eu-south-1"
}
variable "bucket_name" {
  default = "veeam-iac-demo"
}

and I edit the default values with my own data. Then, I define the project in the usual file main.tf:

# 1. we load the AWS provider, and define the variables for region and access credentials
provider "aws" {
    access_key = "${var.aws_access_key}"
    secret_key = "${var.aws_secret_key}"
    region = "${var.region}"
}
# 2. we create the new S3 bucket
resource "aws_s3_bucket" "veeam-iac-demo" {
    bucket = "${var.bucket_name}" 
    object_lock_enabled = true
}
# 3. we define the ownership of the bucket
resource "aws_s3_bucket_ownership_controls" "veeam-iac-demo" {
  bucket = aws_s3_bucket.veeam-iac-demo.id
  rule {
    object_ownership = "BucketOwnerPreferred"
  }
}
# 4. we set the ACL for the bucket to be private
resource "aws_s3_bucket_acl" "veeam-iac-demo" {
  depends_on = [aws_s3_bucket_ownership_controls.veeam-iac-demo]
  bucket = aws_s3_bucket.veeam-iac-demo.id
  acl    = "private"
}
# 5. we configure Object Lock for the bucket
resource "aws_s3_bucket_object_lock_configuration" "veeam-iac-demo" {
  bucket = aws_s3_bucket.veeam-iac-demo.id 
  rule {
    default_retention {
      mode = "COMPLIANCE"
      days = 5
    }
  }
}

The file has five steps, described directly in the comments.

Then, as always, I initialize Terraform, that will read the information about the needed provider and prepare Terraform.

Then, we test the plan with terraform plan:

and, if all is fine, I execute it with terraform apply

If I go into my AWS console I can see my new bucket up and ready!

Scrolling down in the properties, I can check that Object Lock is enabled with the parameters I’ve defined.

Tech