1. Answers
  2. Setting Up an AWS S3 Bucket Policy

How do I set up an AWS S3 bucket policy?

In this example, you’ll learn how to set up an AWS S3 bucket policy. An S3 bucket policy is a resource-based policy that you can use to grant access permissions to your bucket and the objects within it. We’ll create an S3 bucket, define a bucket policy, and attach it to the bucket.

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

// Define the S3 bucket
const exampleBucket = new aws.s3.BucketV2("example_bucket", {
    bucket: "my-example-bucket",
    acl: "private",
});
// Define the bucket policy
const bucketPolicy = aws.iam.getPolicyDocumentOutput({
    statements: [{
        actions: ["s3:GetObject"],
        resources: [pulumi.interpolate`${exampleBucket.arn}/*`],
        principals: [{
            type: "AWS",
            identifiers: ["*"],
        }],
    }],
});
// Attach the policy to the S3 bucket
const exampleBucketPolicy = new aws.s3.BucketPolicy("example_bucket_policy", {
    bucket: exampleBucket.id,
    policy: bucketPolicy.apply(bucketPolicy => bucketPolicy.json),
});
export const bucketId = exampleBucket.id;
export const bucketArn = exampleBucket.arn;

Here, an aws_s3_bucket resource is created for the S3 bucket. Next, an aws_iam_policy_document defines the policy granting s3:GetObject permissions for all principals (indicated by "*"). Finally, an aws_s3_bucket_policy attaches this policy to the bucket.

In summary, this example walks you through creating an S3 bucket and applying a policy to it that allows public read access to its objects.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up