s3-bucket-terraform

provider "aws" {
  version = "~> 1.9"
  region  = "eu-central-1"
}
resource "aws_kms_key" "mykey" {
  description             = "This key is used to encrypt bucket objects"
  deletion_window_in_days = 10
}

resource "aws_s3_bucket" "mybucket" {
  bucket = "mybucket"
  acl    = "public-read"
  region = "eu-central-1"

  server_side_encryption_configuration {
    rule {
      apply_server_side_encryption_by_default {
        kms_master_key_id = "${aws_kms_key.mykey.arn}"
        sse_algorithm     = "aws:kms"
      }
    }
  }

  cors_rule {
    allowed_headers = ["*"]
    allowed_methods = ["GET", "HEAD", "POST", "PUT"]
    allowed_origins = [
      "https://mysite.com",
      "https://second.mysite.com"
    ]
    expose_headers  = ["ETag"]
    max_age_seconds = 300
  }

  lifecycle_rule {
    id      = "juridique"
    enabled = true
    prefix = "juridique/"

    transition {
      days          = 30
      storage_class = "STANDARD_IA" # or "ONEZONE_IA"
    }

    transition {
      days          = 60
      storage_class = "GLACIER"
    }

    expiration {
      # WARNING
      days = 90
    }
  }
  provider = "aws"
}

output "myoutput" {
  value = "${aws_s3_bucket.mybucket.bucket_domain_name}"
}