1. Answers
  2. Creating an AWS S3 Bucket Policy

How do I build an AWS S3 bucket policy?

To create an AWS S3 Bucket Policy, you need to define the S3 bucket and then associate a bucket policy that specifies what actions are allowed or denied for that bucket. A bucket policy is a resource-based policy that allows you to grant different levels of access permissions to your S3 bucket based on certain conditions.

The following example demonstrates how to create an S3 bucket along with a bucket policy that grants public read access to the objects within the bucket.

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

// Create an S3 bucket
const example = new aws.s3.BucketV2("example", {bucket: "example-bucket"});
// S3 bucket policy allowing public read access
const exampleBucketPolicy = new aws.s3.BucketPolicy("example", {
    bucket: example.id,
    policy: pulumi.jsonStringify({
        Version: "2012-10-17",
        Statement: [{
            Effect: "Allow",
            Principal: "*",
            Action: "s3:GetObject",
            Resource: [pulumi.interpolate`${example.arn}/*`],
        }],
    }),
});
export const bucketName = example.bucket;
export const bucketPolicyId = exampleBucketPolicy.id;

In this example:

  1. An AWS provider is configured for the us-west-2 region.
  2. An S3 bucket named example-bucket is created using the aws_s3_bucket resource.
  3. A bucket policy is defined using the aws_s3_bucket_policy resource, which allows public read access (s3:GetObject) to all objects within the bucket.
  4. Two output values, bucket_name and bucket_policy_id, are exported.

This setup ensures that anyone can read the objects stored in your S3 bucket, while you retain the ability to manage and write to it.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up