> ## Documentation Index
> Fetch the complete documentation index at: https://docs.briankimemia.is-a.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Create S3 Buckets with Terraform (PRO project 🌟)

> Welcome to a comprehensive guide

# 🌟 Create S3 Buckets with Terraform

Welcome to a comprehensive guide on automating the creation of AWS S3 buckets using **Terraform**! This project ensures robust security, logging, and efficient data management. Below is a detailed breakdown of each resource and configuration step.

***

## 🛠️ **Prerequisites**

<Note>
  💻 Ensure you have **Terraform** installed on your system. Check the [Terraform installation guide](https://developer.hashicorp.com/terraform/tutorials) if you're unsure.
</Note>

<Warning>
  🚨 **Important:** Never hardcode your AWS credentials in Terraform files! Use environment variables or AWS Secrets Manager to enhance security.
</Warning>

***

## 🚀 **Terraform Configuration**

### 🗺️ **1. AWS Provider Configuration**

```terraform theme={null}
provider "aws" {
  region     = "ap-northeast-1"
  access_key = "YOUR_ACCESS_KEY" # Replace with your AWS access key
  secret_key = "YOUR_SECRET_KEY" # Replace with your AWS secret key
}
```

<Tip>
  💡 **What is an IAM user?**
  An IAM user in AWS allows you to securely access and manage your AWS resources without using the root user account. This protects your root account from potential security breaches.
</Tip>

***

### 👤 **2. IAM User Creation**

```terraform theme={null}
resource "aws_iam_user" "example_user" {
  name = "example-user"
}
```

### 🛡️ **3. IAM Policy**

```terraform theme={null}
resource "aws_iam_user_policy" "s3_full_access" {
  name   = "s3-full-access-policy"
  user   = aws_iam_user.example_user.name
  policy = jsonencode({
    Version = "2012-10-17",
    Statement = [
      {
        Action   = "s3:*",
        Effect   = "Allow",
        Resource = [
          "arn:aws:s3:::my-example-bucket-1-demo",
          "arn:aws:s3:::my-example-bucket-1-demo/*",
          "arn:aws:s3:::my-unique-log-bucket-12345",
          "arn:aws:s3:::my-unique-log-bucket-12345/*"
        ],
      }
    ]
  })
}
```

<Note>
  📜 **Policy Notes:** This grants the IAM user full access to the specified buckets. Adjust permissions for production environments to adhere to the principle of least privilege.
</Note>

***

### 🪵 **4. Logging Bucket**

```terraform theme={null}
resource "aws_s3_bucket" "log_bucket" {
  bucket = "my-unique-log-bucket-12345"
  acl    = "private"

  tags = {
    Name        = "LogBucket"
    Environment = "Dev"
  }
}
```

<Disclaim>
  📝 **Disclaimer:** Bucket names must be globally unique. Replace `my-unique-log-bucket-12345` with your own unique name.
</Disclaim>

***

### 📦 **5. Main S3 Bucket**

```terraform theme={null}
resource "aws_s3_bucket" "example" {
  bucket = "my-example-bucket-1-demo"
  acl    = "private"

  tags = {
    Name        = "MyExampleBucket"
    Environment = "Dev"
  }
}
```

### 🔄 **6. Bucket Versioning**

```terraform theme={null}
resource "aws_s3_bucket_versioning" "example" {
  bucket = aws_s3_bucket.example.bucket
  versioning_configuration {
    status = "Enabled"
  }
}
```

<Tip>
  💡 **Why Enable Versioning?**
  Versioning helps keep track of all changes made to your objects, offering a safeguard against accidental deletions or overwrites.
</Tip>

***

### 🔐 **7. Server-Side Encryption**

```terraform theme={null}
resource "aws_s3_bucket_server_side_encryption_configuration" "example" {
  bucket = aws_s3_bucket.example.bucket

  rule {
    apply_server_side_encryption_by_default {
      sse_algorithm = "AES256"
    }
  }
}
```

### 📜 **8. Bucket Logging**

```terraform theme={null}
resource "aws_s3_bucket_logging" "example" {
  bucket        = aws_s3_bucket.example.bucket
  target_bucket = aws_s3_bucket.log_bucket.bucket
  target_prefix = "log/"
}
```

<Warning>
  🔐 **Security Warning:** Ensure logging permissions are correctly configured to avoid unauthorized access to logs.
</Warning>

***

### 🕒 **9. Lifecycle Configuration**

```terraform theme={null}
resource "aws_s3_bucket_lifecycle_configuration" "example" {
  bucket = aws_s3_bucket.example.bucket

  rule {
    id     = "example-rule"
    status = "Enabled"

    expiration {
      days = 365
    }

    transition {
      days          = 30
      storage_class = "STANDARD_IA"
    }
  }
}
```

<Tip>
  📆 **Lifecycle Tips:** Use lifecycle policies to optimize storage costs by transitioning older data to cheaper storage classes.
</Tip>

***

### 🔒 **10. Bucket Policy**

```terraform theme={null}
resource "aws_s3_bucket_policy" "example" {
  bucket = aws_s3_bucket.example.bucket

  policy = jsonencode({
    Version = "2012-10-17",
    Statement = [
      {
        Effect = "Allow",
        Principal = {
          AWS = aws_iam_user.example_user.arn
        },
        Action = "s3:*",
        Resource = [
          "${aws_s3_bucket.example.arn}",
          "${aws_s3_bucket.example.arn}/*"
        ]
      }
    ]
  })
}
```

***

## 🎉 **Outputs**

```terraform theme={null}
output "bucket_id" {
  value = aws_s3_bucket.example.id
}

output "log_bucket_id" {
  value = aws_s3_bucket.log_bucket.id
}

output "iam_user_access_key" {
  value = aws_iam_user.example_user.name
}
```

<Note>
  🔗 **Outputs:** These help you quickly reference created resources, making the setup reusable and scalable.
</Note>

***

## 🎯 **Highlights**

* **IAM User & Policies:** Granular access control.

* **S3 Buckets:** Secure, organized, and scalable storage.

* **Versioning & Encryption:** Data safety and compliance.

* **Logging:** Enhanced auditing capabilities.

* **Lifecycle Rules:** Cost-effective data management.

Happy Terraforming! 🌍

## 📧 Contact

For questions or feedback, reach out:

📨 Email: [projects@briankimemia.is-a.dev](mailto:projects@briankimemia.is-a.dev)
🌐 Portfolio: [Brian Kimemia](https://briankimemia.is-a.dev/)
**GitHub:** [BrianKN019](https://github.com/BrianKN019)

***

**Thank you for exploring this project! Let’s innovate and build secure AWS solutions together. 🚀**
