A Terraform module for setting up a FOCUS (FinOps Open Cost and Usage Specification) export within an AWS account. This module configures an export destination bucket in AWS, enables replication to the Government Digital Services (GDS), and applies necessary policies for secure data transfer.
- Creates an S3 bucket for FOCUS exports in the AWS account
- Configures replication to a GDS-managed destination bucket
- Applies IAM policies for secure access
- Enables versioning and encryption
- Optionally configures lifecycle policies
Terraform 1.0+
AWS CLI configured with appropriate permissions
An IAM role with sufficient permissions to create and manage S3 buckets and replication rules, and AWS BCM data exports.
| Name | Version |
|---|---|
| aws | n/a |
No modules.
| Name | Type |
|---|---|
| aws_bcmdataexports_export.this | resource |
| aws_iam_role.this | resource |
| aws_iam_role_policy.replicator | resource |
| aws_s3_bucket.this | resource |
| aws_s3_bucket_lifecycle_configuration.this | resource |
| aws_s3_bucket_policy.this | resource |
| aws_s3_bucket_replication_configuration.this | resource |
| aws_s3_bucket_versioning.this | resource |
| aws_caller_identity.this | data source |
| aws_iam_policy_document.bucket | data source |
| aws_iam_policy_document.replicator | data source |
| aws_iam_policy_document.replicator_assume | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| bucket_name | The name of the S3 bucket to be created to store reports before replication. If omitted it will create one for you. | string |
null |
no |
| bucket_tags | Map of tags to be associated with the reporting bucket | map(string) |
{} |
no |
| destination_account_id | The account ID of the destination S3 bucket where reports will be replicated to. This will be provided as part of the onboarding process. | string |
n/a | yes |
| destination_bucket_name | The name of the destination S3 bucket where reports will be replicated to. This will be provided as part of the onboarding process. | string |
n/a | yes |
| tags | Tags to apply to all resources created by this module. | map(string) |
{} |
no |
| Name | Description |
|---|---|
| bucket_arn | The ARN of the bucket created to store reports before replicating to GDS |
| replication_role_arn | The ARN of the role used to replicate data from the source account to the destination account |