New Data Source: aws_s3_buckets

[jw-maynard]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Now that S3 configuration options have been broken out into their own resources it seems like a natural progression to use Terraform to enforce rules on a group of S3 buckets that may be created outside of Terraform. To do this a new data source that can collect a set of buckets based on some sort of filtering would be needed. I used the existing aws_iam_roles data source as inspiration.

Using this data source you could enforce encryption on buckets as in the example below, or manage a myriad of other options without having to either create the buckets yourself or have foreknowledge of all the bucket names.

New or Affected Resource(s)

• aws_s3_buckets

Potential Terraform Configuration

data "aws_s3_buckets" "example" {
  name_regex = ".*bucket-postfix$"
}

resource "aws_kms_key" "mykey" {
  description             = "This key is used to encrypt bucket objects"
  deletion_window_in_days = 10
}

resource "aws_s3_bucket_server_side_encryption_configuration" "example" {
  for_each = data.aws_s3_buckets.names
  bucket = each.key

  rule {
    apply_server_side_encryption_by_default {
      kms_master_key_id = aws_kms_key.mykey.arn
      sse_algorithm     = "aws:kms"
    }
  }
}

References

[jw-maynard]

Can be closed by #25895