How do I build an AWS S3 bucket policy?
To create an AWS S3 Bucket Policy, you need to define the S3 bucket and then associate a bucket policy that specifies what actions are allowed or denied for that bucket. A bucket policy is a resource-based policy that allows you to grant different levels of access permissions to your S3 bucket based on certain conditions.
The following example demonstrates how to create an S3 bucket along with a bucket policy that grants public read access to the objects within the bucket.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
// Create an S3 bucket
const example = new aws.s3.BucketV2("example", {bucket: "example-bucket"});
// S3 bucket policy allowing public read access
const exampleBucketPolicy = new aws.s3.BucketPolicy("example", {
bucket: example.id,
policy: pulumi.jsonStringify({
Version: "2012-10-17",
Statement: [{
Effect: "Allow",
Principal: "*",
Action: "s3:GetObject",
Resource: [pulumi.interpolate`${example.arn}/*`],
}],
}),
});
export const bucketName = example.bucket;
export const bucketPolicyId = exampleBucketPolicy.id;
In this example:
- An AWS provider is configured for the
us-west-2
region. - An S3 bucket named
example-bucket
is created using theaws_s3_bucket
resource. - A bucket policy is defined using the
aws_s3_bucket_policy
resource, which allows public read access (s3:GetObject
) to all objects within the bucket. - Two output values,
bucket_name
andbucket_policy_id
, are exported.
This setup ensures that anyone can read the objects stored in your S3 bucket, while you retain the ability to manage and write to it.
Deploy this code
Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.
Sign upNew to Pulumi?
Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.
Sign upThank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.