Bucket

Provides a S3 bucket resource.

This functionality is for managing S3 in an AWS Partition. To manage S3 on Outposts, see the aws.s3control.Bucket resource.

Example Usage

Private Bucket w/ Tags

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var bucket = new Aws.S3.Bucket("bucket", new Aws.S3.BucketArgs
        {
            Acl = "private",
            Tags = 
            {
                { "Environment", "Dev" },
                { "Name", "My bucket" },
            },
        });
    }

}
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := s3.NewBucket(ctx, "bucket", &s3.BucketArgs{
			Acl: pulumi.String("private"),
			Tags: pulumi.StringMap{
				"Environment": pulumi.String("Dev"),
				"Name":        pulumi.String("My bucket"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
import pulumi
import pulumi_aws as aws

bucket = aws.s3.Bucket("bucket",
    acl="private",
    tags={
        "Environment": "Dev",
        "Name": "My bucket",
    })
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const bucket = new aws.s3.Bucket("b", {
    acl: "private",
    tags: {
        Environment: "Dev",
        Name: "My bucket",
    },
});

Static Website Hosting

using System.IO;
using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var bucket = new Aws.S3.Bucket("bucket", new Aws.S3.BucketArgs
        {
            Acl = "public-read",
            Policy = File.ReadAllText("policy.json"),
            Website = new Aws.S3.Inputs.BucketWebsiteArgs
            {
                IndexDocument = "index.html",
                ErrorDocument = "error.html",
                RoutingRules = @"[{
    ""Condition"": {
        ""KeyPrefixEquals"": ""docs/""
    },
    ""Redirect"": {
        ""ReplaceKeyPrefixWith"": ""documents/""
    }
}]
",
            },
        });
    }

}

Coming soon!

import pulumi
import pulumi_aws as aws

bucket = aws.s3.Bucket("bucket",
    acl="public-read",
    policy=(lambda path: open(path).read())("policy.json"),
    website=aws.s3.BucketWebsiteArgs(
        index_document="index.html",
        error_document="error.html",
        routing_rules="""[{
    "Condition": {
        "KeyPrefixEquals": "docs/"
    },
    "Redirect": {
        "ReplaceKeyPrefixWith": "documents/"
    }
}]
""",
    ))
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * from "fs";

const bucket = new aws.s3.Bucket("bucket", {
    acl: "public-read",
    policy: fs.readFileSync("policy.json"),
    website: {
        indexDocument: "index.html",
        errorDocument: "error.html",
        routingRules: `[{
    "Condition": {
        "KeyPrefixEquals": "docs/"
    },
    "Redirect": {
        "ReplaceKeyPrefixWith": "documents/"
    }
}]
`,
    },
});

Using CORS

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var bucket = new Aws.S3.Bucket("bucket", new Aws.S3.BucketArgs
        {
            Acl = "public-read",
            CorsRules = 
            {
                new Aws.S3.Inputs.BucketCorsRuleArgs
                {
                    AllowedHeaders = 
                    {
                        "*",
                    },
                    AllowedMethods = 
                    {
                        "PUT",
                        "POST",
                    },
                    AllowedOrigins = 
                    {
                        "https://s3-website-test.mydomain.com",
                    },
                    ExposeHeaders = 
                    {
                        "ETag",
                    },
                    MaxAgeSeconds = 3000,
                },
            },
        });
    }

}
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := s3.NewBucket(ctx, "bucket", &s3.BucketArgs{
			Acl: pulumi.String("public-read"),
			CorsRules: s3.BucketCorsRuleArray{
				&s3.BucketCorsRuleArgs{
					AllowedHeaders: pulumi.StringArray{
						pulumi.String("*"),
					},
					AllowedMethods: pulumi.StringArray{
						pulumi.String("PUT"),
						pulumi.String("POST"),
					},
					AllowedOrigins: pulumi.StringArray{
						pulumi.String("https://s3-website-test.mydomain.com"),
					},
					ExposeHeaders: pulumi.StringArray{
						pulumi.String("ETag"),
					},
					MaxAgeSeconds: pulumi.Int(3000),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
import pulumi
import pulumi_aws as aws

bucket = aws.s3.Bucket("bucket",
    acl="public-read",
    cors_rules=[aws.s3.BucketCorsRuleArgs(
        allowed_headers=["*"],
        allowed_methods=[
            "PUT",
            "POST",
        ],
        allowed_origins=["https://s3-website-test.mydomain.com"],
        expose_headers=["ETag"],
        max_age_seconds=3000,
    )])
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const bucket = new aws.s3.Bucket("b", {
    acl: "public-read",
    corsRules: [{
        allowedHeaders: ["*"],
        allowedMethods: [
            "PUT",
            "POST",
        ],
        allowedOrigins: ["https://s3-website-test.mydomain.com"],
        exposeHeaders: ["ETag"],
        maxAgeSeconds: 3000,
    }],
});

Using versioning

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var bucket = new Aws.S3.Bucket("bucket", new Aws.S3.BucketArgs
        {
            Acl = "private",
            Versioning = new Aws.S3.Inputs.BucketVersioningArgs
            {
                Enabled = true,
            },
        });
    }

}
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := s3.NewBucket(ctx, "bucket", &s3.BucketArgs{
			Acl: pulumi.String("private"),
			Versioning: &s3.BucketVersioningArgs{
				Enabled: pulumi.Bool(true),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
import pulumi
import pulumi_aws as aws

bucket = aws.s3.Bucket("bucket",
    acl="private",
    versioning=aws.s3.BucketVersioningArgs(
        enabled=True,
    ))
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const bucket = new aws.s3.Bucket("b", {
    acl: "private",
    versioning: {
        enabled: true,
    },
});

Enable Logging

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var logBucket = new Aws.S3.Bucket("logBucket", new Aws.S3.BucketArgs
        {
            Acl = "log-delivery-write",
        });
        var bucket = new Aws.S3.Bucket("bucket", new Aws.S3.BucketArgs
        {
            Acl = "private",
            Loggings = 
            {
                new Aws.S3.Inputs.BucketLoggingArgs
                {
                    TargetBucket = logBucket.Id,
                    TargetPrefix = "log/",
                },
            },
        });
    }

}
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		logBucket, err := s3.NewBucket(ctx, "logBucket", &s3.BucketArgs{
			Acl: pulumi.String("log-delivery-write"),
		})
		if err != nil {
			return err
		}
		_, err = s3.NewBucket(ctx, "bucket", &s3.BucketArgs{
			Acl: pulumi.String("private"),
			Loggings: s3.BucketLoggingArray{
				&s3.BucketLoggingArgs{
					TargetBucket: logBucket.ID(),
					TargetPrefix: pulumi.String("log/"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
import pulumi
import pulumi_aws as aws

log_bucket = aws.s3.Bucket("logBucket", acl="log-delivery-write")
bucket = aws.s3.Bucket("bucket",
    acl="private",
    loggings=[aws.s3.BucketLoggingArgs(
        target_bucket=log_bucket.id,
        target_prefix="log/",
    )])
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const logBucket = new aws.s3.Bucket("logBucket", {acl: "log-delivery-write"});
const bucket = new aws.s3.Bucket("bucket", {
    acl: "private",
    loggings: [{
        targetBucket: logBucket.id,
        targetPrefix: "log/",
    }],
});

Using object lifecycle

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var bucket = new Aws.S3.Bucket("bucket", new Aws.S3.BucketArgs
        {
            Acl = "private",
            LifecycleRules = 
            {
                new Aws.S3.Inputs.BucketLifecycleRuleArgs
                {
                    Enabled = true,
                    Expiration = new Aws.S3.Inputs.BucketLifecycleRuleExpirationArgs
                    {
                        Days = 90,
                    },
                    Id = "log",
                    Prefix = "log/",
                    Tags = 
                    {
                        { "autoclean", "true" },
                        { "rule", "log" },
                    },
                    Transitions = 
                    {
                        new Aws.S3.Inputs.BucketLifecycleRuleTransitionArgs
                        {
                            Days = 30,
                            StorageClass = "STANDARD_IA",
                        },
                        new Aws.S3.Inputs.BucketLifecycleRuleTransitionArgs
                        {
                            Days = 60,
                            StorageClass = "GLACIER",
                        },
                    },
                },
                new Aws.S3.Inputs.BucketLifecycleRuleArgs
                {
                    Enabled = true,
                    Expiration = new Aws.S3.Inputs.BucketLifecycleRuleExpirationArgs
                    {
                        Date = "2016-01-12",
                    },
                    Id = "tmp",
                    Prefix = "tmp/",
                },
            },
        });
        var versioningBucket = new Aws.S3.Bucket("versioningBucket", new Aws.S3.BucketArgs
        {
            Acl = "private",
            LifecycleRules = 
            {
                new Aws.S3.Inputs.BucketLifecycleRuleArgs
                {
                    Enabled = true,
                    NoncurrentVersionExpiration = new Aws.S3.Inputs.BucketLifecycleRuleNoncurrentVersionExpirationArgs
                    {
                        Days = 90,
                    },
                    NoncurrentVersionTransitions = 
                    {
                        new Aws.S3.Inputs.BucketLifecycleRuleNoncurrentVersionTransitionArgs
                        {
                            Days = 30,
                            StorageClass = "STANDARD_IA",
                        },
                        new Aws.S3.Inputs.BucketLifecycleRuleNoncurrentVersionTransitionArgs
                        {
                            Days = 60,
                            StorageClass = "GLACIER",
                        },
                    },
                    Prefix = "config/",
                },
            },
            Versioning = new Aws.S3.Inputs.BucketVersioningArgs
            {
                Enabled = true,
            },
        });
    }

}
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := s3.NewBucket(ctx, "bucket", &s3.BucketArgs{
			Acl: pulumi.String("private"),
			LifecycleRules: s3.BucketLifecycleRuleArray{
				&s3.BucketLifecycleRuleArgs{
					Enabled: pulumi.Bool(true),
					Expiration: &s3.BucketLifecycleRuleExpirationArgs{
						Days: pulumi.Int(90),
					},
					Id:     pulumi.String("log"),
					Prefix: pulumi.String("log/"),
					Tags: pulumi.StringMap{
						"autoclean": pulumi.String("true"),
						"rule":      pulumi.String("log"),
					},
					Transitions: s3.BucketLifecycleRuleTransitionArray{
						&s3.BucketLifecycleRuleTransitionArgs{
							Days:         pulumi.Int(30),
							StorageClass: pulumi.String("STANDARD_IA"),
						},
						&s3.BucketLifecycleRuleTransitionArgs{
							Days:         pulumi.Int(60),
							StorageClass: pulumi.String("GLACIER"),
						},
					},
				},
				&s3.BucketLifecycleRuleArgs{
					Enabled: pulumi.Bool(true),
					Expiration: &s3.BucketLifecycleRuleExpirationArgs{
						Date: pulumi.String("2016-01-12"),
					},
					Id:     pulumi.String("tmp"),
					Prefix: pulumi.String("tmp/"),
				},
			},
		})
		if err != nil {
			return err
		}
		_, err = s3.NewBucket(ctx, "versioningBucket", &s3.BucketArgs{
			Acl: pulumi.String("private"),
			LifecycleRules: s3.BucketLifecycleRuleArray{
				&s3.BucketLifecycleRuleArgs{
					Enabled: pulumi.Bool(true),
					NoncurrentVersionExpiration: &s3.BucketLifecycleRuleNoncurrentVersionExpirationArgs{
						Days: pulumi.Int(90),
					},
					NoncurrentVersionTransitions: s3.BucketLifecycleRuleNoncurrentVersionTransitionArray{
						&s3.BucketLifecycleRuleNoncurrentVersionTransitionArgs{
							Days:         pulumi.Int(30),
							StorageClass: pulumi.String("STANDARD_IA"),
						},
						&s3.BucketLifecycleRuleNoncurrentVersionTransitionArgs{
							Days:         pulumi.Int(60),
							StorageClass: pulumi.String("GLACIER"),
						},
					},
					Prefix: pulumi.String("config/"),
				},
			},
			Versioning: &s3.BucketVersioningArgs{
				Enabled: pulumi.Bool(true),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
import pulumi
import pulumi_aws as aws

bucket = aws.s3.Bucket("bucket",
    acl="private",
    lifecycle_rules=[
        aws.s3.BucketLifecycleRuleArgs(
            enabled=True,
            expiration=aws.s3.BucketLifecycleRuleExpirationArgs(
                days=90,
            ),
            id="log",
            prefix="log/",
            tags={
                "autoclean": "true",
                "rule": "log",
            },
            transitions=[
                aws.s3.BucketLifecycleRuleTransitionArgs(
                    days=30,
                    storage_class="STANDARD_IA",
                ),
                aws.s3.BucketLifecycleRuleTransitionArgs(
                    days=60,
                    storage_class="GLACIER",
                ),
            ],
        ),
        aws.s3.BucketLifecycleRuleArgs(
            enabled=True,
            expiration=aws.s3.BucketLifecycleRuleExpirationArgs(
                date="2016-01-12",
            ),
            id="tmp",
            prefix="tmp/",
        ),
    ])
versioning_bucket = aws.s3.Bucket("versioningBucket",
    acl="private",
    lifecycle_rules=[aws.s3.BucketLifecycleRuleArgs(
        enabled=True,
        noncurrent_version_expiration=aws.s3.BucketLifecycleRuleNoncurrentVersionExpirationArgs(
            days=90,
        ),
        noncurrent_version_transitions=[
            aws.s3.BucketLifecycleRuleNoncurrentVersionTransitionArgs(
                days=30,
                storage_class="STANDARD_IA",
            ),
            aws.s3.BucketLifecycleRuleNoncurrentVersionTransitionArgs(
                days=60,
                storage_class="GLACIER",
            ),
        ],
        prefix="config/",
    )],
    versioning=aws.s3.BucketVersioningArgs(
        enabled=True,
    ))
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const bucket = new aws.s3.Bucket("bucket", {
    acl: "private",
    lifecycleRules: [
        {
            enabled: true,
            expiration: {
                days: 90,
            },
            id: "log",
            prefix: "log/",
            tags: {
                autoclean: "true",
                rule: "log",
            },
            transitions: [
                {
                    days: 30,
                    storageClass: "STANDARD_IA", // or "ONEZONE_IA"
                },
                {
                    days: 60,
                    storageClass: "GLACIER",
                },
            ],
        },
        {
            enabled: true,
            expiration: {
                date: "2016-01-12",
            },
            id: "tmp",
            prefix: "tmp/",
        },
    ],
});
const versioningBucket = new aws.s3.Bucket("versioning_bucket", {
    acl: "private",
    lifecycleRules: [{
        enabled: true,
        noncurrentVersionExpiration: {
            days: 90,
        },
        noncurrentVersionTransitions: [
            {
                days: 30,
                storageClass: "STANDARD_IA",
            },
            {
                days: 60,
                storageClass: "GLACIER",
            },
        ],
        prefix: "config/",
    }],
    versioning: {
        enabled: true,
    },
});

Using replication configuration

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var central = new Aws.Provider("central", new Aws.ProviderArgs
        {
            Region = "eu-central-1",
        });
        var replicationRole = new Aws.Iam.Role("replicationRole", new Aws.Iam.RoleArgs
        {
            AssumeRolePolicy = @"{
  ""Version"": ""2012-10-17"",
  ""Statement"": [
    {
      ""Action"": ""sts:AssumeRole"",
      ""Principal"": {
        ""Service"": ""s3.amazonaws.com""
      },
      ""Effect"": ""Allow"",
      ""Sid"": """"
    }
  ]
}
",
        });
        var destination = new Aws.S3.Bucket("destination", new Aws.S3.BucketArgs
        {
            Versioning = new Aws.S3.Inputs.BucketVersioningArgs
            {
                Enabled = true,
            },
        });
        var source = new Aws.S3.Bucket("source", new Aws.S3.BucketArgs
        {
            Acl = "private",
            Versioning = new Aws.S3.Inputs.BucketVersioningArgs
            {
                Enabled = true,
            },
            ReplicationConfiguration = new Aws.S3.Inputs.BucketReplicationConfigurationArgs
            {
                Role = replicationRole.Arn,
                Rules = 
                {
                    new Aws.S3.Inputs.BucketReplicationConfigurationRuleArgs
                    {
                        Id = "foobar",
                        Prefix = "foo",
                        Status = "Enabled",
                        Destination = new Aws.S3.Inputs.BucketReplicationConfigurationRuleDestinationArgs
                        {
                            Bucket = destination.Arn,
                            StorageClass = "STANDARD",
                        },
                    },
                },
            },
        }, new CustomResourceOptions
        {
            Provider = aws.Central,
        });
        var replicationPolicy = new Aws.Iam.Policy("replicationPolicy", new Aws.Iam.PolicyArgs
        {
            Policy = Output.Tuple(source.Arn, source.Arn, destination.Arn).Apply(values =>
            {
                var sourceArn = values.Item1;
                var sourceArn1 = values.Item2;
                var destinationArn = values.Item3;
                return @$"{{
  ""Version"": ""2012-10-17"",
  ""Statement"": [
    {{
      ""Action"": [
        ""s3:GetReplicationConfiguration"",
        ""s3:ListBucket""
      ],
      ""Effect"": ""Allow"",
      ""Resource"": [
        ""{sourceArn}""
      ]
    }},
    {{
      ""Action"": [
        ""s3:GetObjectVersionForReplication"",
        ""s3:GetObjectVersionAcl"",
         ""s3:GetObjectVersionTagging""
      ],
      ""Effect"": ""Allow"",
      ""Resource"": [
        ""{sourceArn1}/*""
      ]
    }},
    {{
      ""Action"": [
        ""s3:ReplicateObject"",
        ""s3:ReplicateDelete"",
        ""s3:ReplicateTags""
      ],
      ""Effect"": ""Allow"",
      ""Resource"": ""{destinationArn}/*""
    }}
  ]
}}
";
            }),
        });
        var replicationRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment("replicationRolePolicyAttachment", new Aws.Iam.RolePolicyAttachmentArgs
        {
            Role = replicationRole.Name,
            PolicyArn = replicationPolicy.Arn,
        });
    }

}
package main

import (
	"fmt"

	"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam"
	"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/providers"
	"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := providers.Newaws(ctx, "central", &providers.awsArgs{
			Region: pulumi.String("eu-central-1"),
		})
		if err != nil {
			return err
		}
		replicationRole, err := iam.NewRole(ctx, "replicationRole", &iam.RoleArgs{
			AssumeRolePolicy: pulumi.String(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v%v", "{\n", "  \"Version\": \"2012-10-17\",\n", "  \"Statement\": [\n", "    {\n", "      \"Action\": \"sts:AssumeRole\",\n", "      \"Principal\": {\n", "        \"Service\": \"s3.amazonaws.com\"\n", "      },\n", "      \"Effect\": \"Allow\",\n", "      \"Sid\": \"\"\n", "    }\n", "  ]\n", "}\n")),
		})
		if err != nil {
			return err
		}
		destination, err := s3.NewBucket(ctx, "destination", &s3.BucketArgs{
			Versioning: &s3.BucketVersioningArgs{
				Enabled: pulumi.Bool(true),
			},
		})
		if err != nil {
			return err
		}
		source, err := s3.NewBucket(ctx, "source", &s3.BucketArgs{
			Acl: pulumi.String("private"),
			Versioning: &s3.BucketVersioningArgs{
				Enabled: pulumi.Bool(true),
			},
			ReplicationConfiguration: &s3.BucketReplicationConfigurationArgs{
				Role: replicationRole.Arn,
				Rules: s3.BucketReplicationConfigurationRuleArray{
					&s3.BucketReplicationConfigurationRuleArgs{
						Id:     pulumi.String("foobar"),
						Prefix: pulumi.String("foo"),
						Status: pulumi.String("Enabled"),
						Destination: &s3.BucketReplicationConfigurationRuleDestinationArgs{
							Bucket:       destination.Arn,
							StorageClass: pulumi.String("STANDARD"),
						},
					},
				},
			},
		}, pulumi.Provider(aws.Central))
		if err != nil {
			return err
		}
		replicationPolicy, err := iam.NewPolicy(ctx, "replicationPolicy", &iam.PolicyArgs{
			Policy: pulumi.All(source.Arn, source.Arn, destination.Arn).ApplyT(func(_args []interface{}) (string, error) {
				sourceArn := _args[0].(string)
				sourceArn1 := _args[1].(string)
				destinationArn := _args[2].(string)
				return fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v", "{\n", "  \"Version\": \"2012-10-17\",\n", "  \"Statement\": [\n", "    {\n", "      \"Action\": [\n", "        \"s3:GetReplicationConfiguration\",\n", "        \"s3:ListBucket\"\n", "      ],\n", "      \"Effect\": \"Allow\",\n", "      \"Resource\": [\n", "        \"", sourceArn, "\"\n", "      ]\n", "    },\n", "    {\n", "      \"Action\": [\n", "        \"s3:GetObjectVersionForReplication\",\n", "        \"s3:GetObjectVersionAcl\",\n", "         \"s3:GetObjectVersionTagging\"\n", "      ],\n", "      \"Effect\": \"Allow\",\n", "      \"Resource\": [\n", "        \"", sourceArn1, "/*\"\n", "      ]\n", "    },\n", "    {\n", "      \"Action\": [\n", "        \"s3:ReplicateObject\",\n", "        \"s3:ReplicateDelete\",\n", "        \"s3:ReplicateTags\"\n", "      ],\n", "      \"Effect\": \"Allow\",\n", "      \"Resource\": \"", destinationArn, "/*\"\n", "    }\n", "  ]\n", "}\n"), nil
			}).(pulumi.StringOutput),
		})
		if err != nil {
			return err
		}
		_, err = iam.NewRolePolicyAttachment(ctx, "replicationRolePolicyAttachment", &iam.RolePolicyAttachmentArgs{
			Role:      replicationRole.Name,
			PolicyArn: replicationPolicy.Arn,
		})
		if err != nil {
			return err
		}
		return nil
	})
}
import pulumi
import pulumi_aws as aws
import pulumi_pulumi as pulumi

central = pulumi.providers.Aws("central", region="eu-central-1")
replication_role = aws.iam.Role("replicationRole", assume_role_policy="""{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "s3.amazonaws.com"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
""")
destination = aws.s3.Bucket("destination", versioning=aws.s3.BucketVersioningArgs(
    enabled=True,
))
source = aws.s3.Bucket("source",
    acl="private",
    versioning=aws.s3.BucketVersioningArgs(
        enabled=True,
    ),
    replication_configuration=aws.s3.BucketReplicationConfigurationArgs(
        role=replication_role.arn,
        rules=[aws.s3.BucketReplicationConfigurationRuleArgs(
            id="foobar",
            prefix="foo",
            status="Enabled",
            destination=aws.s3.BucketReplicationConfigurationRuleDestinationArgs(
                bucket=destination.arn,
                storage_class="STANDARD",
            ),
        )],
    ),
    opts=pulumi.ResourceOptions(provider=aws["central"]))
replication_policy = aws.iam.Policy("replicationPolicy", policy=pulumi.Output.all(source.arn, source.arn, destination.arn).apply(lambda sourceArn, sourceArn1, destinationArn: f"""{{
  "Version": "2012-10-17",
  "Statement": [
    {{
      "Action": [
        "s3:GetReplicationConfiguration",
        "s3:ListBucket"
      ],
      "Effect": "Allow",
      "Resource": [
        "{source_arn}"
      ]
    }},
    {{
      "Action": [
        "s3:GetObjectVersionForReplication",
        "s3:GetObjectVersionAcl",
         "s3:GetObjectVersionTagging"
      ],
      "Effect": "Allow",
      "Resource": [
        "{source_arn1}/*"
      ]
    }},
    {{
      "Action": [
        "s3:ReplicateObject",
        "s3:ReplicateDelete",
        "s3:ReplicateTags"
      ],
      "Effect": "Allow",
      "Resource": "{destination_arn}/*"
    }}
  ]
}}
"""))
replication_role_policy_attachment = aws.iam.RolePolicyAttachment("replicationRolePolicyAttachment",
    role=replication_role.name,
    policy_arn=replication_policy.arn)
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const central = new aws.Provider("central", {region: "eu-central-1"});
const replicationRole = new aws.iam.Role("replicationRole", {assumeRolePolicy: `{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "s3.amazonaws.com"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
`});
const destination = new aws.s3.Bucket("destination", {versioning: {
    enabled: true,
}});
const source = new aws.s3.Bucket("source", {
    acl: "private",
    versioning: {
        enabled: true,
    },
    replicationConfiguration: {
        role: replicationRole.arn,
        rules: [{
            id: "foobar",
            prefix: "foo",
            status: "Enabled",
            destination: {
                bucket: destination.arn,
                storageClass: "STANDARD",
            },
        }],
    },
}, {
    provider: aws.central,
});
const replicationPolicy = new aws.iam.Policy("replicationPolicy", {policy: pulumi.interpolate`{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "s3:GetReplicationConfiguration",
        "s3:ListBucket"
      ],
      "Effect": "Allow",
      "Resource": [
        "${source.arn}"
      ]
    },
    {
      "Action": [
        "s3:GetObjectVersionForReplication",
        "s3:GetObjectVersionAcl",
         "s3:GetObjectVersionTagging"
      ],
      "Effect": "Allow",
      "Resource": [
        "${source.arn}/*"
      ]
    },
    {
      "Action": [
        "s3:ReplicateObject",
        "s3:ReplicateDelete",
        "s3:ReplicateTags"
      ],
      "Effect": "Allow",
      "Resource": "${destination.arn}/*"
    }
  ]
}
`});
const replicationRolePolicyAttachment = new aws.iam.RolePolicyAttachment("replicationRolePolicyAttachment", {
    role: replicationRole.name,
    policyArn: replicationPolicy.arn,
});

Enable Default Server Side Encryption

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var mykey = new Aws.Kms.Key("mykey", new Aws.Kms.KeyArgs
        {
            Description = "This key is used to encrypt bucket objects",
            DeletionWindowInDays = 10,
        });
        var mybucket = new Aws.S3.Bucket("mybucket", new Aws.S3.BucketArgs
        {
            ServerSideEncryptionConfiguration = new Aws.S3.Inputs.BucketServerSideEncryptionConfigurationArgs
            {
                Rule = new Aws.S3.Inputs.BucketServerSideEncryptionConfigurationRuleArgs
                {
                    ApplyServerSideEncryptionByDefault = new Aws.S3.Inputs.BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefaultArgs
                    {
                        KmsMasterKeyId = mykey.Arn,
                        SseAlgorithm = "aws:kms",
                    },
                },
            },
        });
    }

}
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/kms"
	"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		mykey, err := kms.NewKey(ctx, "mykey", &kms.KeyArgs{
			Description:          pulumi.String("This key is used to encrypt bucket objects"),
			DeletionWindowInDays: pulumi.Int(10),
		})
		if err != nil {
			return err
		}
		_, err = s3.NewBucket(ctx, "mybucket", &s3.BucketArgs{
			ServerSideEncryptionConfiguration: &s3.BucketServerSideEncryptionConfigurationArgs{
				Rule: &s3.BucketServerSideEncryptionConfigurationRuleArgs{
					ApplyServerSideEncryptionByDefault: &s3.BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefaultArgs{
						KmsMasterKeyId: mykey.Arn,
						SseAlgorithm:   pulumi.String("aws:kms"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
import pulumi
import pulumi_aws as aws

mykey = aws.kms.Key("mykey",
    description="This key is used to encrypt bucket objects",
    deletion_window_in_days=10)
mybucket = aws.s3.Bucket("mybucket", server_side_encryption_configuration=aws.s3.BucketServerSideEncryptionConfigurationArgs(
    rule=aws.s3.BucketServerSideEncryptionConfigurationRuleArgs(
        apply_server_side_encryption_by_default=aws.s3.BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefaultArgs(
            kms_master_key_id=mykey.arn,
            sse_algorithm="aws:kms",
        ),
    ),
))
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const mykey = new aws.kms.Key("mykey", {
    description: "This key is used to encrypt bucket objects",
    deletionWindowInDays: 10,
});
const mybucket = new aws.s3.Bucket("mybucket", {serverSideEncryptionConfiguration: {
    rule: {
        applyServerSideEncryptionByDefault: {
            kmsMasterKeyId: mykey.arn,
            sseAlgorithm: "aws:kms",
        },
    },
}});

Using ACL policy grants

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var currentUser = Output.Create(Aws.S3.GetCanonicalUserId.InvokeAsync());
        var bucket = new Aws.S3.Bucket("bucket", new Aws.S3.BucketArgs
        {
            Grants = 
            {
                new Aws.S3.Inputs.BucketGrantArgs
                {
                    Id = currentUser.Apply(currentUser => currentUser.Id),
                    Type = "CanonicalUser",
                    Permissions = 
                    {
                        "FULL_CONTROL",
                    },
                },
                new Aws.S3.Inputs.BucketGrantArgs
                {
                    Type = "Group",
                    Permissions = 
                    {
                        "READ",
                        "WRITE",
                    },
                    Uri = "http://acs.amazonaws.com/groups/s3/LogDelivery",
                },
            },
        });
    }

}
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		currentUser, err := s3.GetCanonicalUserId(ctx, nil, nil)
		if err != nil {
			return err
		}
		_, err = s3.NewBucket(ctx, "bucket", &s3.BucketArgs{
			Grants: s3.BucketGrantArray{
				&s3.BucketGrantArgs{
					Id:   pulumi.String(currentUser.Id),
					Type: pulumi.String("CanonicalUser"),
					Permissions: pulumi.StringArray{
						pulumi.String("FULL_CONTROL"),
					},
				},
				&s3.BucketGrantArgs{
					Type: pulumi.String("Group"),
					Permissions: pulumi.StringArray{
						pulumi.String("READ"),
						pulumi.String("WRITE"),
					},
					Uri: pulumi.String("http://acs.amazonaws.com/groups/s3/LogDelivery"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
import pulumi
import pulumi_aws as aws

current_user = aws.s3.get_canonical_user_id()
bucket = aws.s3.Bucket("bucket", grants=[
    aws.s3.BucketGrantArgs(
        id=current_user.id,
        type="CanonicalUser",
        permissions=["FULL_CONTROL"],
    ),
    aws.s3.BucketGrantArgs(
        type="Group",
        permissions=[
            "READ",
            "WRITE",
        ],
        uri="http://acs.amazonaws.com/groups/s3/LogDelivery",
    ),
])
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const currentUser = aws.s3.getCanonicalUserId({});
const bucket = new aws.s3.Bucket("bucket", {grants: [
    {
        id: currentUser.then(currentUser => currentUser.id),
        type: "CanonicalUser",
        permissions: ["FULL_CONTROL"],
    },
    {
        type: "Group",
        permissions: [
            "READ",
            "WRITE",
        ],
        uri: "http://acs.amazonaws.com/groups/s3/LogDelivery",
    },
]});

Create a Bucket Resource

new Bucket(name: string, args?: BucketArgs, opts?: CustomResourceOptions);
@overload
def Bucket(resource_name: str,
           opts: Optional[ResourceOptions] = None,
           acceleration_status: Optional[str] = None,
           acl: Optional[Union[str, CannedAcl]] = None,
           arn: Optional[str] = None,
           bucket: Optional[str] = None,
           bucket_prefix: Optional[str] = None,
           cors_rules: Optional[Sequence[BucketCorsRuleArgs]] = None,
           force_destroy: Optional[bool] = None,
           grants: Optional[Sequence[BucketGrantArgs]] = None,
           hosted_zone_id: Optional[str] = None,
           lifecycle_rules: Optional[Sequence[BucketLifecycleRuleArgs]] = None,
           loggings: Optional[Sequence[BucketLoggingArgs]] = None,
           object_lock_configuration: Optional[BucketObjectLockConfigurationArgs] = None,
           policy: Optional[str] = None,
           replication_configuration: Optional[BucketReplicationConfigurationArgs] = None,
           request_payer: Optional[str] = None,
           server_side_encryption_configuration: Optional[BucketServerSideEncryptionConfigurationArgs] = None,
           tags: Optional[Mapping[str, str]] = None,
           versioning: Optional[BucketVersioningArgs] = None,
           website: Optional[BucketWebsiteArgs] = None,
           website_domain: Optional[str] = None,
           website_endpoint: Optional[str] = None)
@overload
def Bucket(resource_name: str,
           args: Optional[BucketArgs] = None,
           opts: Optional[ResourceOptions] = None)
func NewBucket(ctx *Context, name string, args *BucketArgs, opts ...ResourceOption) (*Bucket, error)
public Bucket(string name, BucketArgs? args = null, CustomResourceOptions? opts = null)
name string
The unique name of the resource.
args BucketArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args BucketArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args BucketArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args BucketArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.

Bucket Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The Bucket resource accepts the following input properties:

AccelerationStatus string
Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended.
Acl string | Pulumi.Aws.S3.CannedAcl
The canned ACL to apply. Valid values are private, public-read, public-read-write, aws-exec-read, authenticated-read, and log-delivery-write. Defaults to private. Conflicts with grant.
Arn string
The ARN of the bucket. Will be of format arn:aws:s3:::bucketname.
BucketName string
The name of the bucket. If omitted, this provider will assign a random, unique name. Must be less than or equal to 63 characters in length.
BucketPrefix string
Creates a unique bucket name beginning with the specified prefix. Conflicts with bucket. Must be less than or equal to 37 characters in length.
CorsRules List<BucketCorsRuleArgs>
A rule of Cross-Origin Resource Sharing (documented below).
ForceDestroy bool
A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.
Grants List<BucketGrantArgs>
An ACL policy grant (documented below). Conflicts with acl.
HostedZoneId string
The Route 53 Hosted Zone ID for this bucket’s region.
LifecycleRules List<BucketLifecycleRuleArgs>
A configuration of object lifecycle management (documented below).
Loggings List<BucketLoggingArgs>
A settings of bucket logging (documented below).
ObjectLockConfiguration BucketObjectLockConfigurationArgs
A configuration of S3 object locking (documented below)
Policy string | string
A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), the provider may view the policy as constantly changing in a pulumi up / preview / update. In this case, please make sure you use the verbose/specific version of the policy.
ReplicationConfiguration BucketReplicationConfigurationArgs
A configuration of replication configuration (documented below).
RequestPayer string
Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information.
ServerSideEncryptionConfiguration BucketServerSideEncryptionConfigurationArgs
A configuration of server-side encryption configuration (documented below)
Tags Dictionary<string, string>
A mapping of tags to assign to the bucket.
Versioning BucketVersioningArgs
A state of versioning (documented below)
Website BucketWebsiteArgs
A website object (documented below).
WebsiteDomain string
The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.
WebsiteEndpoint string
The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.
AccelerationStatus string
Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended.
Acl string | CannedAcl
The canned ACL to apply. Valid values are private, public-read, public-read-write, aws-exec-read, authenticated-read, and log-delivery-write. Defaults to private. Conflicts with grant.
Arn string
The ARN of the bucket. Will be of format arn:aws:s3:::bucketname.
Bucket string
The name of the bucket. If omitted, this provider will assign a random, unique name. Must be less than or equal to 63 characters in length.
BucketPrefix string
Creates a unique bucket name beginning with the specified prefix. Conflicts with bucket. Must be less than or equal to 37 characters in length.
CorsRules []BucketCorsRule
A rule of Cross-Origin Resource Sharing (documented below).
ForceDestroy bool
A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.
Grants []BucketGrant
An ACL policy grant (documented below). Conflicts with acl.
HostedZoneId string
The Route 53 Hosted Zone ID for this bucket’s region.
LifecycleRules []BucketLifecycleRule
A configuration of object lifecycle management (documented below).
Loggings []BucketLogging
A settings of bucket logging (documented below).
ObjectLockConfiguration BucketObjectLockConfiguration
A configuration of S3 object locking (documented below)
Policy string | string
A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), the provider may view the policy as constantly changing in a pulumi up / preview / update. In this case, please make sure you use the verbose/specific version of the policy.
ReplicationConfiguration BucketReplicationConfiguration
A configuration of replication configuration (documented below).
RequestPayer string
Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information.
ServerSideEncryptionConfiguration BucketServerSideEncryptionConfiguration
A configuration of server-side encryption configuration (documented below)
Tags map[string]string
A mapping of tags to assign to the bucket.
Versioning BucketVersioning
A state of versioning (documented below)
Website BucketWebsite
A website object (documented below).
WebsiteDomain string
The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.
WebsiteEndpoint string
The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.
accelerationStatus string
Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended.
acl string | CannedAcl
The canned ACL to apply. Valid values are private, public-read, public-read-write, aws-exec-read, authenticated-read, and log-delivery-write. Defaults to private. Conflicts with grant.
arn string
The ARN of the bucket. Will be of format arn:aws:s3:::bucketname.
bucket string
The name of the bucket. If omitted, this provider will assign a random, unique name. Must be less than or equal to 63 characters in length.
bucketPrefix string
Creates a unique bucket name beginning with the specified prefix. Conflicts with bucket. Must be less than or equal to 37 characters in length.
corsRules BucketCorsRuleArgs[]
A rule of Cross-Origin Resource Sharing (documented below).
forceDestroy boolean
A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.
grants BucketGrantArgs[]
An ACL policy grant (documented below). Conflicts with acl.
hostedZoneId string
The Route 53 Hosted Zone ID for this bucket’s region.
lifecycleRules BucketLifecycleRuleArgs[]
A configuration of object lifecycle management (documented below).
loggings BucketLoggingArgs[]
A settings of bucket logging (documented below).
objectLockConfiguration BucketObjectLockConfigurationArgs
A configuration of S3 object locking (documented below)
policy string | PolicyDocument
A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), the provider may view the policy as constantly changing in a pulumi up / preview / update. In this case, please make sure you use the verbose/specific version of the policy.
replicationConfiguration BucketReplicationConfigurationArgs
A configuration of replication configuration (documented below).
requestPayer string
Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information.
serverSideEncryptionConfiguration BucketServerSideEncryptionConfigurationArgs
A configuration of server-side encryption configuration (documented below)
tags {[key: string]: string}
A mapping of tags to assign to the bucket.
versioning BucketVersioningArgs
A state of versioning (documented below)
website BucketWebsiteArgs
A website object (documented below).
websiteDomain string
The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.
websiteEndpoint string
The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.
acceleration_status str
Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended.
acl str | CannedAcl
The canned ACL to apply. Valid values are private, public-read, public-read-write, aws-exec-read, authenticated-read, and log-delivery-write. Defaults to private. Conflicts with grant.
arn str
The ARN of the bucket. Will be of format arn:aws:s3:::bucketname.
bucket str
The name of the bucket. If omitted, this provider will assign a random, unique name. Must be less than or equal to 63 characters in length.
bucket_prefix str
Creates a unique bucket name beginning with the specified prefix. Conflicts with bucket. Must be less than or equal to 37 characters in length.
cors_rules Sequence[BucketCorsRuleArgs]
A rule of Cross-Origin Resource Sharing (documented below).
force_destroy bool
A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.
grants Sequence[BucketGrantArgs]
An ACL policy grant (documented below). Conflicts with acl.
hosted_zone_id str
The Route 53 Hosted Zone ID for this bucket’s region.
lifecycle_rules Sequence[BucketLifecycleRuleArgs]
A configuration of object lifecycle management (documented below).
loggings Sequence[BucketLoggingArgs]
A settings of bucket logging (documented below).
object_lock_configuration BucketObjectLockConfigurationArgs
A configuration of S3 object locking (documented below)
policy str | str
A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), the provider may view the policy as constantly changing in a pulumi up / preview / update. In this case, please make sure you use the verbose/specific version of the policy.
replication_configuration BucketReplicationConfigurationArgs
A configuration of replication configuration (documented below).
request_payer str
Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information.
server_side_encryption_configuration BucketServerSideEncryptionConfigurationArgs
A configuration of server-side encryption configuration (documented below)
tags Mapping[str, str]
A mapping of tags to assign to the bucket.
versioning BucketVersioningArgs
A state of versioning (documented below)
website BucketWebsiteArgs
A website object (documented below).
website_domain str
The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.
website_endpoint str
The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.

Outputs

All input properties are implicitly available as output properties. Additionally, the Bucket resource produces the following output properties:

BucketDomainName string
The bucket domain name. Will be of format bucketname.s3.amazonaws.com.
BucketRegionalDomainName string
The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.
Id string
The provider-assigned unique ID for this managed resource.
Region string
The AWS region this bucket resides in.
BucketDomainName string
The bucket domain name. Will be of format bucketname.s3.amazonaws.com.
BucketRegionalDomainName string
The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.
Id string
The provider-assigned unique ID for this managed resource.
Region string
The AWS region this bucket resides in.
bucketDomainName string
The bucket domain name. Will be of format bucketname.s3.amazonaws.com.
bucketRegionalDomainName string
The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.
id string
The provider-assigned unique ID for this managed resource.
region string
The AWS region this bucket resides in.
bucket_domain_name str
The bucket domain name. Will be of format bucketname.s3.amazonaws.com.
bucket_regional_domain_name str
The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.
id str
The provider-assigned unique ID for this managed resource.
region str
The AWS region this bucket resides in.

Look up an Existing Bucket Resource

Get an existing Bucket resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: BucketState, opts?: CustomResourceOptions): Bucket
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        acceleration_status: Optional[str] = None,
        acl: Optional[Union[str, CannedAcl]] = None,
        arn: Optional[str] = None,
        bucket: Optional[str] = None,
        bucket_domain_name: Optional[str] = None,
        bucket_prefix: Optional[str] = None,
        bucket_regional_domain_name: Optional[str] = None,
        cors_rules: Optional[Sequence[BucketCorsRuleArgs]] = None,
        force_destroy: Optional[bool] = None,
        grants: Optional[Sequence[BucketGrantArgs]] = None,
        hosted_zone_id: Optional[str] = None,
        lifecycle_rules: Optional[Sequence[BucketLifecycleRuleArgs]] = None,
        loggings: Optional[Sequence[BucketLoggingArgs]] = None,
        object_lock_configuration: Optional[BucketObjectLockConfigurationArgs] = None,
        policy: Optional[str] = None,
        region: Optional[str] = None,
        replication_configuration: Optional[BucketReplicationConfigurationArgs] = None,
        request_payer: Optional[str] = None,
        server_side_encryption_configuration: Optional[BucketServerSideEncryptionConfigurationArgs] = None,
        tags: Optional[Mapping[str, str]] = None,
        versioning: Optional[BucketVersioningArgs] = None,
        website: Optional[BucketWebsiteArgs] = None,
        website_domain: Optional[str] = None,
        website_endpoint: Optional[str] = None) -> Bucket
func GetBucket(ctx *Context, name string, id IDInput, state *BucketState, opts ...ResourceOption) (*Bucket, error)
public static Bucket Get(string name, Input<string> id, BucketState? state, CustomResourceOptions? opts = null)
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.

The following state arguments are supported:

AccelerationStatus string
Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended.
Acl string | Pulumi.Aws.S3.CannedAcl
The canned ACL to apply. Valid values are private, public-read, public-read-write, aws-exec-read, authenticated-read, and log-delivery-write. Defaults to private. Conflicts with grant.
Arn string
The ARN of the bucket. Will be of format arn:aws:s3:::bucketname.
BucketDomainName string
The bucket domain name. Will be of format bucketname.s3.amazonaws.com.
BucketName string
The name of the bucket. If omitted, this provider will assign a random, unique name. Must be less than or equal to 63 characters in length.
BucketPrefix string
Creates a unique bucket name beginning with the specified prefix. Conflicts with bucket. Must be less than or equal to 37 characters in length.
BucketRegionalDomainName string
The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.
CorsRules List<BucketCorsRuleArgs>
A rule of Cross-Origin Resource Sharing (documented below).
ForceDestroy bool
A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.
Grants List<BucketGrantArgs>
An ACL policy grant (documented below). Conflicts with acl.
HostedZoneId string
The Route 53 Hosted Zone ID for this bucket’s region.
LifecycleRules List<BucketLifecycleRuleArgs>
A configuration of object lifecycle management (documented below).
Loggings List<BucketLoggingArgs>
A settings of bucket logging (documented below).
ObjectLockConfiguration BucketObjectLockConfigurationArgs
A configuration of S3 object locking (documented below)
Policy string | string
A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), the provider may view the policy as constantly changing in a pulumi up / preview / update. In this case, please make sure you use the verbose/specific version of the policy.
Region string
The AWS region this bucket resides in.
ReplicationConfiguration BucketReplicationConfigurationArgs
A configuration of replication configuration (documented below).
RequestPayer string
Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information.
ServerSideEncryptionConfiguration BucketServerSideEncryptionConfigurationArgs
A configuration of server-side encryption configuration (documented below)
Tags Dictionary<string, string>
A mapping of tags to assign to the bucket.
Versioning BucketVersioningArgs
A state of versioning (documented below)
Website BucketWebsiteArgs
A website object (documented below).
WebsiteDomain string
The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.
WebsiteEndpoint string
The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.
AccelerationStatus string
Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended.
Acl string | CannedAcl
The canned ACL to apply. Valid values are private, public-read, public-read-write, aws-exec-read, authenticated-read, and log-delivery-write. Defaults to private. Conflicts with grant.
Arn string
The ARN of the bucket. Will be of format arn:aws:s3:::bucketname.
Bucket string
The name of the bucket. If omitted, this provider will assign a random, unique name. Must be less than or equal to 63 characters in length.
BucketDomainName string
The bucket domain name. Will be of format bucketname.s3.amazonaws.com.
BucketPrefix string
Creates a unique bucket name beginning with the specified prefix. Conflicts with bucket. Must be less than or equal to 37 characters in length.
BucketRegionalDomainName string
The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.
CorsRules []BucketCorsRule
A rule of Cross-Origin Resource Sharing (documented below).
ForceDestroy bool
A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.
Grants []BucketGrant
An ACL policy grant (documented below). Conflicts with acl.
HostedZoneId string
The Route 53 Hosted Zone ID for this bucket’s region.
LifecycleRules []BucketLifecycleRule
A configuration of object lifecycle management (documented below).
Loggings []BucketLogging
A settings of bucket logging (documented below).
ObjectLockConfiguration BucketObjectLockConfiguration
A configuration of S3 object locking (documented below)
Policy string | string
A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), the provider may view the policy as constantly changing in a pulumi up / preview / update. In this case, please make sure you use the verbose/specific version of the policy.
Region string
The AWS region this bucket resides in.
ReplicationConfiguration BucketReplicationConfiguration
A configuration of replication configuration (documented below).
RequestPayer string
Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information.
ServerSideEncryptionConfiguration BucketServerSideEncryptionConfiguration
A configuration of server-side encryption configuration (documented below)
Tags map[string]string
A mapping of tags to assign to the bucket.
Versioning BucketVersioning
A state of versioning (documented below)
Website BucketWebsite
A website object (documented below).
WebsiteDomain string
The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.
WebsiteEndpoint string
The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.
accelerationStatus string
Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended.
acl string | CannedAcl
The canned ACL to apply. Valid values are private, public-read, public-read-write, aws-exec-read, authenticated-read, and log-delivery-write. Defaults to private. Conflicts with grant.
arn string
The ARN of the bucket. Will be of format arn:aws:s3:::bucketname.
bucket string
The name of the bucket. If omitted, this provider will assign a random, unique name. Must be less than or equal to 63 characters in length.
bucketDomainName string
The bucket domain name. Will be of format bucketname.s3.amazonaws.com.
bucketPrefix string
Creates a unique bucket name beginning with the specified prefix. Conflicts with bucket. Must be less than or equal to 37 characters in length.
bucketRegionalDomainName string
The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.
corsRules BucketCorsRuleArgs[]
A rule of Cross-Origin Resource Sharing (documented below).
forceDestroy boolean
A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.
grants BucketGrantArgs[]
An ACL policy grant (documented below). Conflicts with acl.
hostedZoneId string
The Route 53 Hosted Zone ID for this bucket’s region.
lifecycleRules BucketLifecycleRuleArgs[]
A configuration of object lifecycle management (documented below).
loggings BucketLoggingArgs[]
A settings of bucket logging (documented below).
objectLockConfiguration BucketObjectLockConfigurationArgs
A configuration of S3 object locking (documented below)
policy string | PolicyDocument
A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), the provider may view the policy as constantly changing in a pulumi up / preview / update. In this case, please make sure you use the verbose/specific version of the policy.
region string
The AWS region this bucket resides in.
replicationConfiguration BucketReplicationConfigurationArgs
A configuration of replication configuration (documented below).
requestPayer string
Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information.
serverSideEncryptionConfiguration BucketServerSideEncryptionConfigurationArgs
A configuration of server-side encryption configuration (documented below)
tags {[key: string]: string}
A mapping of tags to assign to the bucket.
versioning BucketVersioningArgs
A state of versioning (documented below)
website BucketWebsiteArgs
A website object (documented below).
websiteDomain string
The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.
websiteEndpoint string
The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.
acceleration_status str
Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended.
acl str | CannedAcl
The canned ACL to apply. Valid values are private, public-read, public-read-write, aws-exec-read, authenticated-read, and log-delivery-write. Defaults to private. Conflicts with grant.
arn str
The ARN of the bucket. Will be of format arn:aws:s3:::bucketname.
bucket str
The name of the bucket. If omitted, this provider will assign a random, unique name. Must be less than or equal to 63 characters in length.
bucket_domain_name str
The bucket domain name. Will be of format bucketname.s3.amazonaws.com.
bucket_prefix str
Creates a unique bucket name beginning with the specified prefix. Conflicts with bucket. Must be less than or equal to 37 characters in length.
bucket_regional_domain_name str
The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.
cors_rules Sequence[BucketCorsRuleArgs]
A rule of Cross-Origin Resource Sharing (documented below).
force_destroy bool
A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.
grants Sequence[BucketGrantArgs]
An ACL policy grant (documented below). Conflicts with acl.
hosted_zone_id str
The Route 53 Hosted Zone ID for this bucket’s region.
lifecycle_rules Sequence[BucketLifecycleRuleArgs]
A configuration of object lifecycle management (documented below).
loggings Sequence[BucketLoggingArgs]
A settings of bucket logging (documented below).
object_lock_configuration BucketObjectLockConfigurationArgs
A configuration of S3 object locking (documented below)
policy str | str
A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), the provider may view the policy as constantly changing in a pulumi up / preview / update. In this case, please make sure you use the verbose/specific version of the policy.
region str
The AWS region this bucket resides in.
replication_configuration BucketReplicationConfigurationArgs
A configuration of replication configuration (documented below).
request_payer str
Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information.
server_side_encryption_configuration BucketServerSideEncryptionConfigurationArgs
A configuration of server-side encryption configuration (documented below)
tags Mapping[str, str]
A mapping of tags to assign to the bucket.
versioning BucketVersioningArgs
A state of versioning (documented below)
website BucketWebsiteArgs
A website object (documented below).
website_domain str
The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.
website_endpoint str
The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.

Supporting Types

BucketCorsRule

AllowedMethods List<string>
Specifies which methods are allowed. Can be GET, PUT, POST, DELETE or HEAD.
AllowedOrigins List<string>
Specifies which origins are allowed.
AllowedHeaders List<string>
Specifies which headers are allowed.
ExposeHeaders List<string>
Specifies expose header in the response.
MaxAgeSeconds int
Specifies time in seconds that browser can cache the response for a preflight request.
AllowedMethods []string
Specifies which methods are allowed. Can be GET, PUT, POST, DELETE or HEAD.
AllowedOrigins []string
Specifies which origins are allowed.
AllowedHeaders []string
Specifies which headers are allowed.
ExposeHeaders []string
Specifies expose header in the response.
MaxAgeSeconds int
Specifies time in seconds that browser can cache the response for a preflight request.
allowedMethods string[]
Specifies which methods are allowed. Can be GET, PUT, POST, DELETE or HEAD.
allowedOrigins string[]
Specifies which origins are allowed.
allowedHeaders string[]
Specifies which headers are allowed.
exposeHeaders string[]
Specifies expose header in the response.
maxAgeSeconds number
Specifies time in seconds that browser can cache the response for a preflight request.
allowed_methods Sequence[str]
Specifies which methods are allowed. Can be GET, PUT, POST, DELETE or HEAD.
allowed_origins Sequence[str]
Specifies which origins are allowed.
allowed_headers Sequence[str]
Specifies which headers are allowed.
expose_headers Sequence[str]
Specifies expose header in the response.
max_age_seconds int
Specifies time in seconds that browser can cache the response for a preflight request.

BucketGrant

Permissions List<string>
List of permissions to apply for grantee. Valid values are READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL.
Type string
  • Type of grantee to apply for. Valid values are CanonicalUser and Group. AmazonCustomerByEmail is not supported.
Id string
Canonical user id to grant for. Used only when type is CanonicalUser.
Uri string
Uri address to grant for. Used only when type is Group.
Permissions []string
List of permissions to apply for grantee. Valid values are READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL.
Type string
  • Type of grantee to apply for. Valid values are CanonicalUser and Group. AmazonCustomerByEmail is not supported.
Id string
Canonical user id to grant for. Used only when type is CanonicalUser.
Uri string
Uri address to grant for. Used only when type is Group.
permissions string[]
List of permissions to apply for grantee. Valid values are READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL.
type string
  • Type of grantee to apply for. Valid values are CanonicalUser and Group. AmazonCustomerByEmail is not supported.
id string
Canonical user id to grant for. Used only when type is CanonicalUser.
uri string
Uri address to grant for. Used only when type is Group.
permissions Sequence[str]
List of permissions to apply for grantee. Valid values are READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL.
type str
  • Type of grantee to apply for. Valid values are CanonicalUser and Group. AmazonCustomerByEmail is not supported.
id str
Canonical user id to grant for. Used only when type is CanonicalUser.
uri str
Uri address to grant for. Used only when type is Group.

BucketLifecycleRule

Enabled bool
Specifies lifecycle rule status.
AbortIncompleteMultipartUploadDays int
Specifies the number of days after initiating a multipart upload when the multipart upload must be completed.
Expiration BucketLifecycleRuleExpirationArgs
Specifies a period in the object’s expire (documented below).
Id string
Unique identifier for the rule. Must be less than or equal to 255 characters in length.
NoncurrentVersionExpiration BucketLifecycleRuleNoncurrentVersionExpirationArgs
Specifies when noncurrent object versions expire (documented below).
NoncurrentVersionTransitions List<BucketLifecycleRuleNoncurrentVersionTransitionArgs>
Specifies when noncurrent object versions transitions (documented below).
Prefix string
Object key prefix identifying one or more objects to which the rule applies.
Tags Dictionary<string, string>
Specifies object tags key and value.
Transitions List<BucketLifecycleRuleTransitionArgs>
Specifies a period in the object’s transitions (documented below).
Enabled bool
Specifies lifecycle rule status.
AbortIncompleteMultipartUploadDays int
Specifies the number of days after initiating a multipart upload when the multipart upload must be completed.
Expiration BucketLifecycleRuleExpiration
Specifies a period in the object’s expire (documented below).
Id string
Unique identifier for the rule. Must be less than or equal to 255 characters in length.
NoncurrentVersionExpiration BucketLifecycleRuleNoncurrentVersionExpiration
Specifies when noncurrent object versions expire (documented below).
NoncurrentVersionTransitions []BucketLifecycleRuleNoncurrentVersionTransition
Specifies when noncurrent object versions transitions (documented below).
Prefix string
Object key prefix identifying one or more objects to which the rule applies.
Tags map[string]string
Specifies object tags key and value.
Transitions []BucketLifecycleRuleTransition
Specifies a period in the object’s transitions (documented below).
enabled boolean
Specifies lifecycle rule status.
abortIncompleteMultipartUploadDays number
Specifies the number of days after initiating a multipart upload when the multipart upload must be completed.
expiration BucketLifecycleRuleExpirationArgs
Specifies a period in the object’s expire (documented below).
id string
Unique identifier for the rule. Must be less than or equal to 255 characters in length.
noncurrentVersionExpiration BucketLifecycleRuleNoncurrentVersionExpirationArgs
Specifies when noncurrent object versions expire (documented below).
noncurrentVersionTransitions BucketLifecycleRuleNoncurrentVersionTransitionArgs[]
Specifies when noncurrent object versions transitions (documented below).
prefix string
Object key prefix identifying one or more objects to which the rule applies.
tags {[key: string]: string}
Specifies object tags key and value.
transitions BucketLifecycleRuleTransitionArgs[]
Specifies a period in the object’s transitions (documented below).
enabled bool
Specifies lifecycle rule status.
abort_incomplete_multipart_upload_days int
Specifies the number of days after initiating a multipart upload when the multipart upload must be completed.
expiration BucketLifecycleRuleExpirationArgs
Specifies a period in the object’s expire (documented below).
id str
Unique identifier for the rule. Must be less than or equal to 255 characters in length.
noncurrent_version_expiration BucketLifecycleRuleNoncurrentVersionExpirationArgs
Specifies when noncurrent object versions expire (documented below).
noncurrent_version_transitions Sequence[BucketLifecycleRuleNoncurrentVersionTransitionArgs]
Specifies when noncurrent object versions transitions (documented below).
prefix str
Object key prefix identifying one or more objects to which the rule applies.
tags Mapping[str, str]
Specifies object tags key and value.
transitions Sequence[BucketLifecycleRuleTransitionArgs]
Specifies a period in the object’s transitions (documented below).

BucketLifecycleRuleExpiration

Date string
Specifies the date after which you want the corresponding action to take effect.
Days int
Specifies the number of days after object creation when the specific rule action takes effect.
ExpiredObjectDeleteMarker bool
On a versioned bucket (versioning-enabled or versioning-suspended bucket), you can add this element in the lifecycle configuration to direct Amazon S3 to delete expired object delete markers. This cannot be specified with Days or Date in a Lifecycle Expiration Policy.
Date string
Specifies the date after which you want the corresponding action to take effect.
Days int
Specifies the number of days after object creation when the specific rule action takes effect.
ExpiredObjectDeleteMarker bool
On a versioned bucket (versioning-enabled or versioning-suspended bucket), you can add this element in the lifecycle configuration to direct Amazon S3 to delete expired object delete markers. This cannot be specified with Days or Date in a Lifecycle Expiration Policy.
date string
Specifies the date after which you want the corresponding action to take effect.
days number
Specifies the number of days after object creation when the specific rule action takes effect.
expiredObjectDeleteMarker boolean
On a versioned bucket (versioning-enabled or versioning-suspended bucket), you can add this element in the lifecycle configuration to direct Amazon S3 to delete expired object delete markers. This cannot be specified with Days or Date in a Lifecycle Expiration Policy.
date str
Specifies the date after which you want the corresponding action to take effect.
days int
Specifies the number of days after object creation when the specific rule action takes effect.
expired_object_delete_marker bool
On a versioned bucket (versioning-enabled or versioning-suspended bucket), you can add this element in the lifecycle configuration to direct Amazon S3 to delete expired object delete markers. This cannot be specified with Days or Date in a Lifecycle Expiration Policy.

BucketLifecycleRuleNoncurrentVersionExpiration

Days int
Specifies the number of days noncurrent object versions expire.
Days int
Specifies the number of days noncurrent object versions expire.
days number
Specifies the number of days noncurrent object versions expire.
days int
Specifies the number of days noncurrent object versions expire.

BucketLifecycleRuleNoncurrentVersionTransition

StorageClass string
Specifies the Amazon S3 storage class to which you want the noncurrent object versions to transition. Can be ONEZONE_IA, STANDARD_IA, INTELLIGENT_TIERING, GLACIER, or DEEP_ARCHIVE.
Days int
Specifies the number of days noncurrent object versions transition.
StorageClass string
Specifies the Amazon S3 storage class to which you want the noncurrent object versions to transition. Can be ONEZONE_IA, STANDARD_IA, INTELLIGENT_TIERING, GLACIER, or DEEP_ARCHIVE.
Days int
Specifies the number of days noncurrent object versions transition.
storageClass string
Specifies the Amazon S3 storage class to which you want the noncurrent object versions to transition. Can be ONEZONE_IA, STANDARD_IA, INTELLIGENT_TIERING, GLACIER, or DEEP_ARCHIVE.
days number
Specifies the number of days noncurrent object versions transition.
storage_class str
Specifies the Amazon S3 storage class to which you want the noncurrent object versions to transition. Can be ONEZONE_IA, STANDARD_IA, INTELLIGENT_TIERING, GLACIER, or DEEP_ARCHIVE.
days int
Specifies the number of days noncurrent object versions transition.

BucketLifecycleRuleTransition

StorageClass string
Specifies the Amazon S3 storage class to which you want the object to transition. Can be ONEZONE_IA, STANDARD_IA, INTELLIGENT_TIERING, GLACIER, or DEEP_ARCHIVE.
Date string
Specifies the date after which you want the corresponding action to take effect.
Days int
Specifies the number of days after object creation when the specific rule action takes effect.
StorageClass string
Specifies the Amazon S3 storage class to which you want the object to transition. Can be ONEZONE_IA, STANDARD_IA, INTELLIGENT_TIERING, GLACIER, or DEEP_ARCHIVE.
Date string
Specifies the date after which you want the corresponding action to take effect.
Days int
Specifies the number of days after object creation when the specific rule action takes effect.
storageClass string
Specifies the Amazon S3 storage class to which you want the object to transition. Can be ONEZONE_IA, STANDARD_IA, INTELLIGENT_TIERING, GLACIER, or DEEP_ARCHIVE.
date string
Specifies the date after which you want the corresponding action to take effect.
days number
Specifies the number of days after object creation when the specific rule action takes effect.
storage_class str
Specifies the Amazon S3 storage class to which you want the object to transition. Can be ONEZONE_IA, STANDARD_IA, INTELLIGENT_TIERING, GLACIER, or DEEP_ARCHIVE.
date str
Specifies the date after which you want the corresponding action to take effect.
days int
Specifies the number of days after object creation when the specific rule action takes effect.

BucketLogging

TargetBucket string
The name of the bucket that will receive the log objects.
TargetPrefix string
To specify a key prefix for log objects.
TargetBucket string
The name of the bucket that will receive the log objects.
TargetPrefix string
To specify a key prefix for log objects.
targetBucket string
The name of the bucket that will receive the log objects.
targetPrefix string
To specify a key prefix for log objects.
target_bucket str
The name of the bucket that will receive the log objects.
target_prefix str
To specify a key prefix for log objects.

BucketObjectLockConfiguration

ObjectLockEnabled string
Indicates whether this bucket has an Object Lock configuration enabled. Valid value is Enabled.
Rule BucketObjectLockConfigurationRuleArgs
The Object Lock rule in place for this bucket.
ObjectLockEnabled string
Indicates whether this bucket has an Object Lock configuration enabled. Valid value is Enabled.
Rule BucketObjectLockConfigurationRule
The Object Lock rule in place for this bucket.
objectLockEnabled string
Indicates whether this bucket has an Object Lock configuration enabled. Valid value is Enabled.
rule BucketObjectLockConfigurationRuleArgs
The Object Lock rule in place for this bucket.
object_lock_enabled str
Indicates whether this bucket has an Object Lock configuration enabled. Valid value is Enabled.
rule BucketObjectLockConfigurationRuleArgs
The Object Lock rule in place for this bucket.

BucketObjectLockConfigurationRule

DefaultRetention BucketObjectLockConfigurationRuleDefaultRetentionArgs
The default retention period that you want to apply to new objects placed in this bucket.
DefaultRetention BucketObjectLockConfigurationRuleDefaultRetention
The default retention period that you want to apply to new objects placed in this bucket.
defaultRetention BucketObjectLockConfigurationRuleDefaultRetentionArgs
The default retention period that you want to apply to new objects placed in this bucket.
default_retention BucketObjectLockConfigurationRuleDefaultRetentionArgs
The default retention period that you want to apply to new objects placed in this bucket.

BucketObjectLockConfigurationRuleDefaultRetention

Mode string
The default Object Lock retention mode you want to apply to new objects placed in this bucket. Valid values are GOVERNANCE and COMPLIANCE.
Days int
The number of days that you want to specify for the default retention period.
Years int
The number of years that you want to specify for the default retention period.
Mode string
The default Object Lock retention mode you want to apply to new objects placed in this bucket. Valid values are GOVERNANCE and COMPLIANCE.
Days int
The number of days that you want to specify for the default retention period.
Years int
The number of years that you want to specify for the default retention period.
mode string
The default Object Lock retention mode you want to apply to new objects placed in this bucket. Valid values are GOVERNANCE and COMPLIANCE.
days number
The number of days that you want to specify for the default retention period.
years number
The number of years that you want to specify for the default retention period.
mode str
The default Object Lock retention mode you want to apply to new objects placed in this bucket. Valid values are GOVERNANCE and COMPLIANCE.
days int
The number of days that you want to specify for the default retention period.
years int
The number of years that you want to specify for the default retention period.

BucketReplicationConfiguration

Role string
The ARN of the IAM role for Amazon S3 to assume when replicating the objects.
Rules List<BucketReplicationConfigurationRuleArgs>
Specifies the rules managing the replication (documented below).
Role string
The ARN of the IAM role for Amazon S3 to assume when replicating the objects.
Rules []BucketReplicationConfigurationRule
Specifies the rules managing the replication (documented below).
role string
The ARN of the IAM role for Amazon S3 to assume when replicating the objects.
rules BucketReplicationConfigurationRuleArgs[]
Specifies the rules managing the replication (documented below).
role str
The ARN of the IAM role for Amazon S3 to assume when replicating the objects.
rules Sequence[BucketReplicationConfigurationRuleArgs]
Specifies the rules managing the replication (documented below).

BucketReplicationConfigurationRule

Destination BucketReplicationConfigurationRuleDestinationArgs
Specifies the destination for the rule (documented below).
Status string
The status of the rule. Either Enabled or Disabled. The rule is ignored if status is not Enabled.
Filter BucketReplicationConfigurationRuleFilterArgs
Filter that identifies subset of objects to which the replication rule applies (documented below).
Id string
Unique identifier for the rule. Must be less than or equal to 255 characters in length.
Prefix string
Object keyname prefix identifying one or more objects to which the rule applies. Must be less than or equal to 1024 characters in length.
Priority int
is optional (with a default value of 0) but must be unique between multiple rules
SourceSelectionCriteria BucketReplicationConfigurationRuleSourceSelectionCriteriaArgs
Specifies special object selection criteria (documented below).
Destination BucketReplicationConfigurationRuleDestination
Specifies the destination for the rule (documented below).
Status string
The status of the rule. Either Enabled or Disabled. The rule is ignored if status is not Enabled.
Filter BucketReplicationConfigurationRuleFilter
Filter that identifies subset of objects to which the replication rule applies (documented below).
Id string
Unique identifier for the rule. Must be less than or equal to 255 characters in length.
Prefix string
Object keyname prefix identifying one or more objects to which the rule applies. Must be less than or equal to 1024 characters in length.
Priority int
is optional (with a default value of 0) but must be unique between multiple rules
SourceSelectionCriteria BucketReplicationConfigurationRuleSourceSelectionCriteria
Specifies special object selection criteria (documented below).
destination BucketReplicationConfigurationRuleDestinationArgs
Specifies the destination for the rule (documented below).
status string
The status of the rule. Either Enabled or Disabled. The rule is ignored if status is not Enabled.
filter BucketReplicationConfigurationRuleFilterArgs
Filter that identifies subset of objects to which the replication rule applies (documented below).
id string
Unique identifier for the rule. Must be less than or equal to 255 characters in length.
prefix string
Object keyname prefix identifying one or more objects to which the rule applies. Must be less than or equal to 1024 characters in length.
priority number
is optional (with a default value of 0) but must be unique between multiple rules
sourceSelectionCriteria BucketReplicationConfigurationRuleSourceSelectionCriteriaArgs
Specifies special object selection criteria (documented below).
destination BucketReplicationConfigurationRuleDestinationArgs
Specifies the destination for the rule (documented below).
status str
The status of the rule. Either Enabled or Disabled. The rule is ignored if status is not Enabled.
filter BucketReplicationConfigurationRuleFilterArgs
Filter that identifies subset of objects to which the replication rule applies (documented below).
id str
Unique identifier for the rule. Must be less than or equal to 255 characters in length.
prefix str
Object keyname prefix identifying one or more objects to which the rule applies. Must be less than or equal to 1024 characters in length.
priority int
is optional (with a default value of 0) but must be unique between multiple rules
source_selection_criteria BucketReplicationConfigurationRuleSourceSelectionCriteriaArgs
Specifies special object selection criteria (documented below).

BucketReplicationConfigurationRuleDestination

Bucket string
The ARN of the S3 bucket where you want Amazon S3 to store replicas of the object identified by the rule.
AccessControlTranslation BucketReplicationConfigurationRuleDestinationAccessControlTranslationArgs
Specifies the overrides to use for object owners on replication. Must be used in conjunction with account_id owner override configuration.
AccountId string
The Account ID to use for overriding the object owner on replication. Must be used in conjunction with access_control_translation override configuration.
ReplicaKmsKeyId string
Destination KMS encryption key ARN for SSE-KMS replication. Must be used in conjunction with sse_kms_encrypted_objects source selection criteria.
StorageClass string
The class of storage used to store the object. Can be STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, or DEEP_ARCHIVE.
Bucket string
The ARN of the S3 bucket where you want Amazon S3 to store replicas of the object identified by the rule.
AccessControlTranslation BucketReplicationConfigurationRuleDestinationAccessControlTranslation
Specifies the overrides to use for object owners on replication. Must be used in conjunction with account_id owner override configuration.
AccountId string
The Account ID to use for overriding the object owner on replication. Must be used in conjunction with access_control_translation override configuration.
ReplicaKmsKeyId string
Destination KMS encryption key ARN for SSE-KMS replication. Must be used in conjunction with sse_kms_encrypted_objects source selection criteria.
StorageClass string
The class of storage used to store the object. Can be STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, or DEEP_ARCHIVE.
bucket string
The ARN of the S3 bucket where you want Amazon S3 to store replicas of the object identified by the rule.
accessControlTranslation BucketReplicationConfigurationRuleDestinationAccessControlTranslationArgs
Specifies the overrides to use for object owners on replication. Must be used in conjunction with account_id owner override configuration.
accountId string
The Account ID to use for overriding the object owner on replication. Must be used in conjunction with access_control_translation override configuration.
replicaKmsKeyId string
Destination KMS encryption key ARN for SSE-KMS replication. Must be used in conjunction with sse_kms_encrypted_objects source selection criteria.
storageClass string
The class of storage used to store the object. Can be STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, or DEEP_ARCHIVE.
bucket str
The ARN of the S3 bucket where you want Amazon S3 to store replicas of the object identified by the rule.
access_control_translation BucketReplicationConfigurationRuleDestinationAccessControlTranslationArgs
Specifies the overrides to use for object owners on replication. Must be used in conjunction with account_id owner override configuration.
account_id str
The Account ID to use for overriding the object owner on replication. Must be used in conjunction with access_control_translation override configuration.
replica_kms_key_id str
Destination KMS encryption key ARN for SSE-KMS replication. Must be used in conjunction with sse_kms_encrypted_objects source selection criteria.
storage_class str
The class of storage used to store the object. Can be STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, or DEEP_ARCHIVE.

BucketReplicationConfigurationRuleDestinationAccessControlTranslation

Owner string
The override value for the owner on replicated objects. Currently only Destination is supported.
Owner string
The override value for the owner on replicated objects. Currently only Destination is supported.
owner string
The override value for the owner on replicated objects. Currently only Destination is supported.
owner str
The override value for the owner on replicated objects. Currently only Destination is supported.

BucketReplicationConfigurationRuleFilter

Prefix string
Object keyname prefix that identifies subset of objects to which the rule applies. Must be less than or equal to 1024 characters in length.
Tags Dictionary<string, string>
A map of tags that identifies subset of objects to which the rule applies. The rule applies only to objects having all the tags in its tagset.
Prefix string
Object keyname prefix that identifies subset of objects to which the rule applies. Must be less than or equal to 1024 characters in length.
Tags map[string]string
A map of tags that identifies subset of objects to which the rule applies. The rule applies only to objects having all the tags in its tagset.
prefix string
Object keyname prefix that identifies subset of objects to which the rule applies. Must be less than or equal to 1024 characters in length.
tags {[key: string]: string}
A map of tags that identifies subset of objects to which the rule applies. The rule applies only to objects having all the tags in its tagset.
prefix str
Object keyname prefix that identifies subset of objects to which the rule applies. Must be less than or equal to 1024 characters in length.
tags Mapping[str, str]
A map of tags that identifies subset of objects to which the rule applies. The rule applies only to objects having all the tags in its tagset.

BucketReplicationConfigurationRuleSourceSelectionCriteria

SseKmsEncryptedObjects BucketReplicationConfigurationRuleSourceSelectionCriteriaSseKmsEncryptedObjectsArgs
Match SSE-KMS encrypted objects (documented below). If specified, replica_kms_key_id in destination must be specified as well.
SseKmsEncryptedObjects BucketReplicationConfigurationRuleSourceSelectionCriteriaSseKmsEncryptedObjects
Match SSE-KMS encrypted objects (documented below). If specified, replica_kms_key_id in destination must be specified as well.
sseKmsEncryptedObjects BucketReplicationConfigurationRuleSourceSelectionCriteriaSseKmsEncryptedObjectsArgs
Match SSE-KMS encrypted objects (documented below). If specified, replica_kms_key_id in destination must be specified as well.
sse_kms_encrypted_objects BucketReplicationConfigurationRuleSourceSelectionCriteriaSseKmsEncryptedObjectsArgs
Match SSE-KMS encrypted objects (documented below). If specified, replica_kms_key_id in destination must be specified as well.

BucketReplicationConfigurationRuleSourceSelectionCriteriaSseKmsEncryptedObjects

Enabled bool
Boolean which indicates if this criteria is enabled.
Enabled bool
Boolean which indicates if this criteria is enabled.
enabled boolean
Boolean which indicates if this criteria is enabled.
enabled bool
Boolean which indicates if this criteria is enabled.

BucketServerSideEncryptionConfiguration

Rule BucketServerSideEncryptionConfigurationRuleArgs
A single object for server-side encryption by default configuration. (documented below)
Rule BucketServerSideEncryptionConfigurationRule
A single object for server-side encryption by default configuration. (documented below)
rule BucketServerSideEncryptionConfigurationRuleArgs
A single object for server-side encryption by default configuration. (documented below)
rule BucketServerSideEncryptionConfigurationRuleArgs
A single object for server-side encryption by default configuration. (documented below)

BucketServerSideEncryptionConfigurationRule

ApplyServerSideEncryptionByDefault BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefaultArgs
A single object for setting server-side encryption by default. (documented below)
BucketKeyEnabled bool
Whether or not to use Amazon S3 Bucket Keys for SSE-KMS.
ApplyServerSideEncryptionByDefault BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefault
A single object for setting server-side encryption by default. (documented below)
BucketKeyEnabled bool
Whether or not to use Amazon S3 Bucket Keys for SSE-KMS.
applyServerSideEncryptionByDefault BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefaultArgs
A single object for setting server-side encryption by default. (documented below)
bucketKeyEnabled boolean
Whether or not to use Amazon S3 Bucket Keys for SSE-KMS.
apply_server_side_encryption_by_default BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefaultArgs
A single object for setting server-side encryption by default. (documented below)
bucket_key_enabled bool
Whether or not to use Amazon S3 Bucket Keys for SSE-KMS.

BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefault

SseAlgorithm string
The server-side encryption algorithm to use. Valid values are AES256 and aws:kms
KmsMasterKeyId string
The AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of sse_algorithm as aws:kms. The default aws/s3 AWS KMS master key is used if this element is absent while the sse_algorithm is aws:kms.
SseAlgorithm string
The server-side encryption algorithm to use. Valid values are AES256 and aws:kms
KmsMasterKeyId string
The AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of sse_algorithm as aws:kms. The default aws/s3 AWS KMS master key is used if this element is absent while the sse_algorithm is aws:kms.
sseAlgorithm string
The server-side encryption algorithm to use. Valid values are AES256 and aws:kms
kmsMasterKeyId string
The AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of sse_algorithm as aws:kms. The default aws/s3 AWS KMS master key is used if this element is absent while the sse_algorithm is aws:kms.
sse_algorithm str
The server-side encryption algorithm to use. Valid values are AES256 and aws:kms
kms_master_key_id str
The AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of sse_algorithm as aws:kms. The default aws/s3 AWS KMS master key is used if this element is absent while the sse_algorithm is aws:kms.

BucketVersioning

Enabled bool
Enable versioning. Once you version-enable a bucket, it can never return to an unversioned state. You can, however, suspend versioning on that bucket.
MfaDelete bool
Enable MFA delete for either Change the versioning state of your bucket or Permanently delete an object version. Default is false. This cannot be used to toggle this setting but is available to allow managed buckets to reflect the state in AWS
Enabled bool
Enable versioning. Once you version-enable a bucket, it can never return to an unversioned state. You can, however, suspend versioning on that bucket.
MfaDelete bool
Enable MFA delete for either Change the versioning state of your bucket or Permanently delete an object version. Default is false. This cannot be used to toggle this setting but is available to allow managed buckets to reflect the state in AWS
enabled boolean
Enable versioning. Once you version-enable a bucket, it can never return to an unversioned state. You can, however, suspend versioning on that bucket.
mfaDelete boolean
Enable MFA delete for either Change the versioning state of your bucket or Permanently delete an object version. Default is false. This cannot be used to toggle this setting but is available to allow managed buckets to reflect the state in AWS
enabled bool
Enable versioning. Once you version-enable a bucket, it can never return to an unversioned state. You can, however, suspend versioning on that bucket.
mfa_delete bool
Enable MFA delete for either Change the versioning state of your bucket or Permanently delete an object version. Default is false. This cannot be used to toggle this setting but is available to allow managed buckets to reflect the state in AWS

BucketWebsite

ErrorDocument string
An absolute path to the document to return in case of a 4XX error.
IndexDocument string
Amazon S3 returns this index document when requests are made to the root domain or any of the subfolders.
RedirectAllRequestsTo string
A hostname to redirect all website requests for this bucket to. Hostname can optionally be prefixed with a protocol (http:// or https://) to use when redirecting requests. The default is the protocol that is used in the original request.
RoutingRules string | List<string>
A json array containing routing rules describing redirect behavior and when redirects are applied.
ErrorDocument string
An absolute path to the document to return in case of a 4XX error.
IndexDocument string
Amazon S3 returns this index document when requests are made to the root domain or any of the subfolders.
RedirectAllRequestsTo string
A hostname to redirect all website requests for this bucket to. Hostname can optionally be prefixed with a protocol (http:// or https://) to use when redirecting requests. The default is the protocol that is used in the original request.
RoutingRules string | []string
A json array containing routing rules describing redirect behavior and when redirects are applied.
errorDocument string
An absolute path to the document to return in case of a 4XX error.
indexDocument string
Amazon S3 returns this index document when requests are made to the root domain or any of the subfolders.
redirectAllRequestsTo string
A hostname to redirect all website requests for this bucket to. Hostname can optionally be prefixed with a protocol (http:// or https://) to use when redirecting requests. The default is the protocol that is used in the original request.
routingRules string | RoutingRule[]
A json array containing routing rules describing redirect behavior and when redirects are applied.
error_document str
An absolute path to the document to return in case of a 4XX error.
index_document str
Amazon S3 returns this index document when requests are made to the root domain or any of the subfolders.
redirect_all_requests_to str
A hostname to redirect all website requests for this bucket to. Hostname can optionally be prefixed with a protocol (http:// or https://) to use when redirecting requests. The default is the protocol that is used in the original request.
routing_rules str | Sequence[str]
A json array containing routing rules describing redirect behavior and when redirects are applied.

CannedAcl

Private
private
PublicRead
public-read
PublicReadWrite
public-read-write
AwsExecRead
aws-exec-read
AuthenticatedRead
authenticated-read
BucketOwnerRead
bucket-owner-read
BucketOwnerFullControl
bucket-owner-full-control
LogDeliveryWrite
log-delivery-write
CannedAclPrivate
private
CannedAclPublicRead
public-read
CannedAclPublicReadWrite
public-read-write
CannedAclAwsExecRead
aws-exec-read
CannedAclAuthenticatedRead
authenticated-read
CannedAclBucketOwnerRead
bucket-owner-read
CannedAclBucketOwnerFullControl
bucket-owner-full-control
CannedAclLogDeliveryWrite
log-delivery-write
Private
private
PublicRead
public-read
PublicReadWrite
public-read-write
AwsExecRead
aws-exec-read
AuthenticatedRead
authenticated-read
BucketOwnerRead
bucket-owner-read
BucketOwnerFullControl
bucket-owner-full-control
LogDeliveryWrite
log-delivery-write
PRIVATE
private
PUBLIC_READ
public-read
PUBLIC_READ_WRITE
public-read-write
AWS_EXEC_READ
aws-exec-read
AUTHENTICATED_READ
authenticated-read
BUCKET_OWNER_READ
bucket-owner-read
BUCKET_OWNER_FULL_CONTROL
bucket-owner-full-control
LOG_DELIVERY_WRITE
log-delivery-write

Import

S3 bucket can be imported using the bucket, e.g.

 $ pulumi import aws:s3/bucket:Bucket bucket bucket-name

The policy argument is not imported and will be deprecated in a future version of the provider. Use the aws_s3_bucket_policy resource to manage the S3 Bucket Policy instead.

Package Details

Repository
https://github.com/pulumi/pulumi-aws
License
Apache-2.0
Notes
This Pulumi package is based on the aws Terraform Provider.