S3 buckets are Amazon’s cloud storage service. It’s not unusual for a large enterprise to deploy numerous S3 buckets for development, testing, and other services.
Instead of manually provisioning several S3 buckets, you can use Terraform to deploy them within seconds. After creating a Terraform file, you can continue to deploy S3 buckets within seconds without having to configure each one of them.
When Would You Use S3 with Terraform?
If you need to deploy several S3 buckets for an application, you can manually configure them. However, this takes several minutes, and you would need to repeat the same process next time you need AWS cloud storage.
Instead, you can use a Terraform template to streamline the process. A Terraform template contains settings for the S3 bucket and can be used to send commands to the API to deploy multiple S3 buckets simultaneously within seconds, so you don’t have to repeat the same steps manually. The only step you need to take is creating the Terraform files so they deploy the S3 buckets.
How to Create an S3 Bucket Using Terraform: An Example
In this example, we’ll create two Terraform template files. Instead of the original approach, we’ll use current best practices for security, state management, and S3 feature implementation.
Step 1: Set Up Remote State Management
Before creating your S3 bucket, it’s essential to set up remote state management using S3 and DynamoDB for proper team collaboration and state locking:
text
terraform {
bucket = "myorg-terraform-states"
key = "s3buckets/production/tfstate"
region = "us-east-1"
encrypt = true
dynamodb_table = "TerraformStateLocking"
}
}
This configuration stores your Terraform state in an S3 bucket with encryption enabled and uses DynamoDB for state locking to prevent concurrent modifications.
Step 2: Create the main.tf File
The main.tf file defines your S3 bucket with proper security configurations. Use the following code:
text
provider "aws" {
region = var.region
# Credentials should be provided via AWS profiles or environment variables
# Never hardcode credentials in your Terraform files
}
resource "aws_s3_bucket" "terraform_bucket" {
bucket = var.bucket_name
# Force destroy is useful for testing but should be carefully considered in production
force_destroy = false
}
resource "aws_s3_bucket_versioning" "versioning" {
bucket = aws_s3_bucket.terraform_bucket.id
versioning_configuration {
status = "Enabled"
}
}
resource "aws_s3_bucket_server_side_encryption_configuration" "encryption" {
bucket = aws_s3_bucket.terraform_bucket.id
rule {
apply_server_side_encryption_by_default {
sse_algorithm = "AES256"
}
}
}
# Modern approach to ACLs (note: direct ACL property is deprecated)
resource "aws_s3_bucket_ownership_controls" "ownership" {
bucket = aws_s3_bucket.terraform_bucket.id
rule {
object_ownership = "BucketOwnerEnforced"
}
}
# Block all public access (security best practice)
resource "aws_s3_bucket_public_access_block" "public_access" {
bucket = aws_s3_bucket.terraform_bucket.id
block_public_acls = true
block_public_policy = true
ignore_public_acls = true
restrict_public_buckets = true
}
This configuration uses the current AWS provider syntax and implements modern security practices like encryption, versioning, and blocking public access.
Step 3: Create the variables.tf File
The variables.tf file contains the variable definitions:
text
variable "bucket_name" {
description = "Name of the S3 bucket to create"
type = string
}
variable "region" {
description = "AWS region to deploy resources"
type = string
default = "us-east-1"
}
# Note: No hardcoded credentials in variables
Notice we’ve removed hardcoded credentials, which is a significant security improvement over the original approach.
Step 4: Create a terraform.tfvars File (Optional)
For values that change between environments, create a terraform.tfvars file:
text
bucket_name = "my-unique-terraform-bucket-name"
region = "us-west-2"
This file should be added to .gitignore if you’re using version control to avoid accidentally committing sensitive information.
Step 5: Execute the Commands in Terraform
Initialize and apply your Terraform configuration:
text
terraform init
terraform plan
terraform apply
The plan step is recommended to review changes before applying them.
Advanced S3 Bucket Configurations
For production environments, consider these additional configurations:
Lifecycle Rules for Cost Optimization:
text
resource "aws_s3_bucket_lifecycle_configuration" "lifecycle" {
bucket = aws_s3_bucket.terraform_bucket.id
rule {
id = "transition-to-ia"
status = "Enabled"
transition {
days = 30
storage_class = "STANDARD_IA"
}
}
}
This automatically transitions objects to Infrequent Access storage after 30 days, reducing costs.
S3 Express One Zone for High-performance Workloads:
If you need single-digit millisecond latency (introduced in late 2023), use the directory bucket type:
text
resource "aws_s3_directory_bucket" "express_bucket" {
bucket = "my-express-bucket"
# The Availability Zone ID where the bucket will be created
availability_zone_id = "use1-az1"
}
This storage class can improve data access speeds by 10 times and reduce request costs by 50% compared to S3 Standard.
Conclusion
Terraform templates can dramatically reduce the time required to provision AWS S3 buckets, cutting deployment time from hours to seconds. With the 2025 release of Terraform AWS Provider 6.0 (currently in beta), you can now manage resources across multiple AWS regions from a single configuration file, further streamlining management.
For organizations using both on-premises and cloud storage, Pure Storage offers several solutions that integrate with AWS S3:
- Purity CloudSnap™ enables data mobility between on-premises Pure Storage arrays and AWS S3.
- Pure Fusion™ provides API-driven storage management that integrates with hybrid cloud environments, including AWS.
- FlashBlade® has AWS Outposts Ready status, offering native S3 capabilities alongside AWS services for AI/ML, modern analytics, and ransomware protection.
For enterprises working with both Terraform and Pure Storage, the Pure Storage Terraform provider enables infrastructure-as-code management of Pure Storage resources, complementing your AWS S3 deployment strategy.
BUYER’S GUIDE, 14 PAGES
Reevaluating Your Virtualization Strategy?
Explore your options in our guide to modern virtualization.
The Cloud Experience, Everywhere
Learn how to accelerate innovation and agility with a modern, unified cloud.
