Provides a bucket object resource for Spaces, DigitalOcean’s object storage product. The digitalocean_spaces_bucket_object resource allows Terraform to upload content to Spaces.

The Spaces API was designed to be interoperable with Amazon’s AWS S3 API. This allows users to interact with the service while using the tools they already know. Spaces mirrors S3’s authentication framework and requests to Spaces require a key pair similar to Amazon’s Access ID and Secret Key.

The authentication requirement can be met by either setting the SPACES_ACCESS_KEY_ID and SPACES_SECRET_ACCESS_KEY environment variables or the provider’s spaces_access_id and spaces_secret_key arguments to the access ID and secret you generate via the DigitalOcean control panel. For example:

provider "digitalocean" {
  token             = var.digitalocean_token

  spaces_access_id  = var.access_id
  spaces_secret_key = var.secret_key

resource "digitalocean_spaces_bucket" "static-assets" {
  # ...

For more information, See An Introduction to DigitalOcean Spaces

Example Usage

Create a Key in a Spaces Bucket

resource "digitalocean_spaces_bucket" "foobar" {
  name   = "foobar"
  region = "nyc3"

resource "digitalocean_spaces_bucket_object" "index" {
  region       = digitalocean_spaces_bucket.foobar.region
  bucket       =
  key          = "index.html"
  content      = "<html><body><p>This page is empty.</p></body></html>"
  content_type = "text/html"

Argument Reference

-> Note: If you specify content_encoding you are responsible for encoding the body appropriately. source, content, and content_base64 all expect already encoded/compressed bytes.

The following arguments are supported:

  • region - The region where the bucket resides (Defaults to nyc3)
  • bucket - (Required) The name of the bucket to put the file in.
  • key - (Required) The name of the object once it is in the bucket.
  • source - (Optional, conflicts with content and content_base64) The path to a file that will be read and uploaded as raw bytes for the object content.
  • content - (Optional, conflicts with source and content_base64) Literal string value to use as the object content, which will be uploaded as UTF-8-encoded text.
  • content_base64 - (Optional, conflicts with source and content) Base64-encoded data that will be decoded and uploaded as raw bytes for the object content. This allows safely uploading non-UTF8 binary data, but is recommended only for small content such as the result of the gzipbase64 function with small text strings. For larger objects, use source to stream the content from a disk file.
  • acl - (Optional) The canned ACL to apply. DigitalOcean supports “private” and “public-read”. (Defaults to “private”.)
  • cache_control - (Optional) Specifies caching behavior along the request/reply chain Read w3c cache_control for further details.
  • content_disposition - (Optional) Specifies presentational information for the object. Read w3c content_disposition for further information.
  • content_encoding - (Optional) Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field. Read w3c content encoding for further information.
  • content_language - (Optional) The language the content is in e.g. en-US or en-GB.
  • content_type - (Optional) A standard MIME type describing the format of the object data, e.g. application/octet-stream. All Valid MIME Types are valid for this input.
  • website_redirect - (Optional) Specifies a target URL for website redirect.
  • etag - (Optional) Used to trigger updates. The only meaningful value is ${filemd5("path/to/file")} (Terraform 0.11.12 or later) or ${md5(file("path/to/file"))} (Terraform 0.11.11 or earlier).
  • metadata - (Optional) A mapping of keys/values to provision metadata (will be automatically prefixed by x-amz-meta-, note that only lowercase label are currently supported by the AWS Go API).
  • force_destroy - (Optional) Allow the object to be deleted by removing any legal hold on any object version. Default is false. This value should be set to true only if the bucket has S3 object lock enabled.

If no content is provided through source, content or content_base64, then the object will be empty.

-> Note: Terraform ignores all leading /s in the object’s key and treats multiple /s in the rest of the object’s key as a single /, so values of /index.html and index.html correspond to the same S3 object as do first//second///third// and first/second/third/.

Attributes Reference

The following attributes are exported

  • etag - the ETag generated for the object (an MD5 sum of the object content). The hash is an MD5 digest of the object data. For objects created by either the Multipart Upload or Part Copy operation, the hash is not an MD5 digest. More information on possible values can be found on Common Response Headers.
  • version_id - A unique version ID value for the object, if bucket versioning is enabled.


Importing this resource is not supported.