Write a terraform module that creates an S3 bucket and a KMS key used to encrypt the contents of the s3 bucket. When running the module, the following inputs are mandatory:
- bucket-name (used to name the s3 bucket created by this module)
- region (the aws region in which to create the resources) The module should create by default the following 2 resources:
- a KMS key that the bucket will use for AWS-KMS encryption (by default the bucket created by this module must use Server-Side Encryption with AWS KMS-Managed Keys, also known as SSE-KMS); the creation of this KMS key must be triggerable (but enabled by default when running the module without passing the input which disables the creation of the key)
- the s3 bucket with the following configuration:
- a lifecycle rule which, by default, after 10 days transitions the data to “Infrequently Accessed” and after 20 days to “Glacier”. The number of days for both scenarios must be configurable via inputs to your module.
- the user must be able to supply a “S3 bucket policy” via inputs to the module. A sensible default should be provided by default. We expect the solution to be presented with a github/gitlab link to your module, with at least 2 examples (which we can use to run the plan) inside the same repository. You do not need to create any AWS resources for the purpose of this test. A successful terraform plan that outputs the expected result (based on provided inputs) is considered enough. Feel free to wrap your module around existing community (open-source) modules for s3 and kms.