s3

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-aws repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-aws repo.

class pulumi_aws.s3.AccountPublicAccessBlock(resource_name, opts=None, account_id=None, block_public_acls=None, block_public_policy=None, ignore_public_acls=None, restrict_public_buckets=None, __props__=None, __name__=None, __opts__=None)

Manages S3 account-level Public Access Block configuration. For more information about these settings, see the AWS S3 Block Public Access documentation.

NOTE: Each AWS account may only have one S3 Public Access Block configuration. Multiple configurations of the resource against the same AWS account will cause a perpetual difference.

Advanced usage: To use a custom API endpoint for this resource, use the ``s3control` endpoint provider configuration <https://www.terraform.io/docs/providers/aws/index.html#s3control>`_, not the s3 endpoint provider configuration.

Parameters
  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • account_id (pulumi.Input[str]) – AWS account ID to configure. Defaults to automatically determined account ID of the this provider AWS provider.

  • block_public_acls (pulumi.Input[bool]) – Whether Amazon S3 should block public ACLs for buckets in this account. Defaults to false. Enabling this setting does not affect existing policies or ACLs. When set to true causes the following behavior:

* PUT Bucket acl and PUT Object acl calls will fail if the specified ACL allows public access.
* PUT Object calls will fail if the request includes an object ACL.
Parameters

block_public_policy (pulumi.Input[bool]) – Whether Amazon S3 should block public bucket policies for buckets in this account. Defaults to false. Enabling this setting does not affect existing bucket policies. When set to true causes Amazon S3 to:

* Reject calls to PUT Bucket policy if the specified bucket policy allows public access.
Parameters

ignore_public_acls (pulumi.Input[bool]) – Whether Amazon S3 should ignore public ACLs for buckets in this account. Defaults to false. Enabling this setting does not affect the persistence of any existing ACLs and doesn’t prevent new public ACLs from being set. When set to true causes Amazon S3 to:

* Ignore all public ACLs on buckets in this account and any objects that they contain.
Parameters

restrict_public_buckets (pulumi.Input[bool]) – Whether Amazon S3 should restrict public bucket policies for buckets in this account. Defaults to false. Enabling this setting does not affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked. When set to true:

* Only the bucket owner and AWS Services can access buckets with public policies.
account_id = None

AWS account ID to configure. Defaults to automatically determined account ID of the this provider AWS provider.

block_public_acls = None

Whether Amazon S3 should block public ACLs for buckets in this account. Defaults to false. Enabling this setting does not affect existing policies or ACLs. When set to true causes the following behavior:

  • PUT Bucket acl and PUT Object acl calls will fail if the specified ACL allows public access.

  • PUT Object calls will fail if the request includes an object ACL.

block_public_policy = None

Whether Amazon S3 should block public bucket policies for buckets in this account. Defaults to false. Enabling this setting does not affect existing bucket policies. When set to true causes Amazon S3 to:

  • Reject calls to PUT Bucket policy if the specified bucket policy allows public access.

ignore_public_acls = None

Whether Amazon S3 should ignore public ACLs for buckets in this account. Defaults to false. Enabling this setting does not affect the persistence of any existing ACLs and doesn’t prevent new public ACLs from being set. When set to true causes Amazon S3 to:

  • Ignore all public ACLs on buckets in this account and any objects that they contain.

restrict_public_buckets = None

Whether Amazon S3 should restrict public bucket policies for buckets in this account. Defaults to false. Enabling this setting does not affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked. When set to true:

  • Only the bucket owner and AWS Services can access buckets with public policies.

static get(resource_name, id, opts=None, account_id=None, block_public_acls=None, block_public_policy=None, ignore_public_acls=None, restrict_public_buckets=None)

Get an existing AccountPublicAccessBlock resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters
  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • account_id (pulumi.Input[str]) – AWS account ID to configure. Defaults to automatically determined account ID of the this provider AWS provider.

  • block_public_acls (pulumi.Input[bool]) – Whether Amazon S3 should block public ACLs for buckets in this account. Defaults to false. Enabling this setting does not affect existing policies or ACLs. When set to true causes the following behavior:

* PUT Bucket acl and PUT Object acl calls will fail if the specified ACL allows public access.
* PUT Object calls will fail if the request includes an object ACL.
Parameters

block_public_policy (pulumi.Input[bool]) – Whether Amazon S3 should block public bucket policies for buckets in this account. Defaults to false. Enabling this setting does not affect existing bucket policies. When set to true causes Amazon S3 to:

* Reject calls to PUT Bucket policy if the specified bucket policy allows public access.
Parameters

ignore_public_acls (pulumi.Input[bool]) – Whether Amazon S3 should ignore public ACLs for buckets in this account. Defaults to false. Enabling this setting does not affect the persistence of any existing ACLs and doesn’t prevent new public ACLs from being set. When set to true causes Amazon S3 to:

* Ignore all public ACLs on buckets in this account and any objects that they contain.
Parameters

restrict_public_buckets (pulumi.Input[bool]) – Whether Amazon S3 should restrict public bucket policies for buckets in this account. Defaults to false. Enabling this setting does not affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked. When set to true:

* Only the bucket owner and AWS Services can access buckets with public policies.
translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_aws.s3.AwaitableGetBucketObjectResult(body=None, bucket=None, cache_control=None, content_disposition=None, content_encoding=None, content_language=None, content_length=None, content_type=None, etag=None, expiration=None, expires=None, key=None, last_modified=None, metadata=None, range=None, server_side_encryption=None, sse_kms_key_id=None, storage_class=None, tags=None, version_id=None, website_redirect_location=None, id=None)
class pulumi_aws.s3.AwaitableGetBucketObjectsResult(bucket=None, common_prefixes=None, delimiter=None, encoding_type=None, fetch_owner=None, keys=None, max_keys=None, owners=None, prefix=None, start_after=None, id=None)
class pulumi_aws.s3.AwaitableGetBucketResult(arn=None, bucket=None, bucket_domain_name=None, bucket_regional_domain_name=None, hosted_zone_id=None, region=None, website_domain=None, website_endpoint=None, id=None)
class pulumi_aws.s3.Bucket(resource_name, opts=None, acceleration_status=None, acl=None, arn=None, bucket=None, bucket_prefix=None, cors_rules=None, force_destroy=None, hosted_zone_id=None, lifecycle_rules=None, loggings=None, object_lock_configuration=None, policy=None, region=None, replication_configuration=None, request_payer=None, server_side_encryption_configuration=None, tags=None, versioning=None, website=None, website_domain=None, website_endpoint=None, __props__=None, __name__=None, __opts__=None)

Provides a S3 bucket resource.

Parameters
  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • acceleration_status (pulumi.Input[str]) – Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended.

  • acl (pulumi.Input[str]) – The canned ACL to apply. Defaults to “private”.

  • arn (pulumi.Input[str]) – The ARN of the bucket. Will be of format arn:aws:s3:::bucketname.

  • bucket (pulumi.Input[str]) – The ARN of the S3 bucket where you want Amazon S3 to store replicas of the object identified by the rule.

  • bucket_prefix (pulumi.Input[str]) – Creates a unique bucket name beginning with the specified prefix. Conflicts with bucket.

  • cors_rules (pulumi.Input[list]) – A rule of Cross-Origin Resource Sharing (documented below).

  • force_destroy (pulumi.Input[bool]) – A boolean that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.

  • hosted_zone_id (pulumi.Input[str]) – The Route 53 Hosted Zone ID for this bucket’s region.

  • lifecycle_rules (pulumi.Input[list]) – A configuration of object lifecycle management (documented below).

  • loggings (pulumi.Input[list]) – A settings of bucket logging (documented below).

  • object_lock_configuration (pulumi.Input[dict]) – A configuration of S3 object locking (documented below)

  • policy (pulumi.Input[str]) – A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), this provider may view the policy as constantly changing in a deployment. In this case, please make sure you use the verbose/specific version of the policy.

  • region (pulumi.Input[str]) – If specified, the AWS region this bucket should reside in. Otherwise, the region used by the callee.

  • replication_configuration (pulumi.Input[dict]) – A configuration of replication configuration (documented below).

  • request_payer (pulumi.Input[str]) – Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information.

  • server_side_encryption_configuration (pulumi.Input[dict]) – A configuration of server-side encryption configuration (documented below)

  • tags (pulumi.Input[dict]) – A mapping of tags that identifies subset of objects to which the rule applies. The rule applies only to objects having all the tags in its tagset.

  • versioning (pulumi.Input[dict]) – A state of versioning (documented below)

  • website (pulumi.Input[dict]) – A website object (documented below).

  • website_domain (pulumi.Input[str]) – The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.

  • website_endpoint (pulumi.Input[str]) – The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.

The cors_rules object supports the following:

  • allowedHeaders (pulumi.Input[list]) - Specifies which headers are allowed.

  • allowedMethods (pulumi.Input[list]) - Specifies which methods are allowed. Can be GET, PUT, POST, DELETE or HEAD.

  • allowedOrigins (pulumi.Input[list]) - Specifies which origins are allowed.

  • exposeHeaders (pulumi.Input[list]) - Specifies expose header in the response.

  • maxAgeSeconds (pulumi.Input[float]) - Specifies time in seconds that browser can cache the response for a preflight request.

The lifecycle_rules object supports the following:

  • abortIncompleteMultipartUploadDays (pulumi.Input[float]) - Specifies the number of days after initiating a multipart upload when the multipart upload must be completed.

  • enabled (pulumi.Input[bool]) - Boolean which indicates if this criteria is enabled.

  • expiration (pulumi.Input[dict]) - Specifies a period in the object’s expire (documented below).

    • date (pulumi.Input[str]) - Specifies the date after which you want the corresponding action to take effect.

    • days (pulumi.Input[float]) - The number of days that you want to specify for the default retention period.

    • expiredObjectDeleteMarker (pulumi.Input[bool]) - On a versioned bucket (versioning-enabled or versioning-suspended bucket), you can add this element in the lifecycle configuration to direct Amazon S3 to delete expired object delete markers.

  • id (pulumi.Input[str]) - Unique identifier for the rule.

  • noncurrentVersionExpiration (pulumi.Input[dict]) - Specifies when noncurrent object versions expire (documented below).

    • days (pulumi.Input[float]) - The number of days that you want to specify for the default retention period.

  • noncurrentVersionTransitions (pulumi.Input[list]) - Specifies when noncurrent object versions transitions (documented below).

    • days (pulumi.Input[float]) - The number of days that you want to specify for the default retention period.

    • storage_class (pulumi.Input[str]) - The class of storage used to store the object. Can be STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, or DEEP_ARCHIVE.

  • prefix (pulumi.Input[str]) - Object keyname prefix that identifies subset of objects to which the rule applies.

  • tags (pulumi.Input[dict]) - A mapping of tags that identifies subset of objects to which the rule applies. The rule applies only to objects having all the tags in its tagset.

  • transitions (pulumi.Input[list]) - Specifies a period in the object’s transitions (documented below).

    • date (pulumi.Input[str]) - Specifies the date after which you want the corresponding action to take effect.

    • days (pulumi.Input[float]) - The number of days that you want to specify for the default retention period.

    • storage_class (pulumi.Input[str]) - The class of storage used to store the object. Can be STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, or DEEP_ARCHIVE.

The loggings object supports the following:

  • targetBucket (pulumi.Input[str]) - The name of the bucket that will receive the log objects.

  • targetPrefix (pulumi.Input[str]) - To specify a key prefix for log objects.

The object_lock_configuration object supports the following:

  • objectLockEnabled (pulumi.Input[str]) - Indicates whether this bucket has an Object Lock configuration enabled. Valid value is Enabled.

  • rule (pulumi.Input[dict]) - The Object Lock rule in place for this bucket.

    • defaultRetention (pulumi.Input[dict]) - The default retention period that you want to apply to new objects placed in this bucket.

      • days (pulumi.Input[float]) - The number of days that you want to specify for the default retention period.

      • mode (pulumi.Input[str]) - The default Object Lock retention mode you want to apply to new objects placed in this bucket. Valid values are GOVERNANCE and COMPLIANCE.

      • years (pulumi.Input[float]) - The number of years that you want to specify for the default retention period.

The replication_configuration object supports the following:

  • role (pulumi.Input[str]) - The ARN of the IAM role for Amazon S3 to assume when replicating the objects.

  • rules (pulumi.Input[list]) - Specifies the rules managing the replication (documented below).

    • destination (pulumi.Input[dict]) - Specifies the destination for the rule (documented below).

      • accessControlTranslation (pulumi.Input[dict]) - Specifies the overrides to use for object owners on replication. Must be used in conjunction with account_id owner override configuration.

        • owner (pulumi.Input[str]) - The override value for the owner on replicated objects. Currently only Destination is supported.

      • account_id (pulumi.Input[str]) - The Account ID to use for overriding the object owner on replication. Must be used in conjunction with access_control_translation override configuration.

      • bucket (pulumi.Input[str]) - The ARN of the S3 bucket where you want Amazon S3 to store replicas of the object identified by the rule.

      • replicaKmsKeyId (pulumi.Input[str]) - Destination KMS encryption key ARN for SSE-KMS replication. Must be used in conjunction with sse_kms_encrypted_objects source selection criteria.

      • storage_class (pulumi.Input[str]) - The class of storage used to store the object. Can be STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, or DEEP_ARCHIVE.

    • filter (pulumi.Input[dict]) - Filter that identifies subset of objects to which the replication rule applies (documented below).

      • prefix (pulumi.Input[str]) - Object keyname prefix that identifies subset of objects to which the rule applies.

      • tags (pulumi.Input[dict]) - A mapping of tags that identifies subset of objects to which the rule applies. The rule applies only to objects having all the tags in its tagset.

    • id (pulumi.Input[str]) - Unique identifier for the rule.

    • prefix (pulumi.Input[str]) - Object keyname prefix that identifies subset of objects to which the rule applies.

    • priority (pulumi.Input[float]) - The priority associated with the rule.

    • sourceSelectionCriteria (pulumi.Input[dict]) - Specifies special object selection criteria (documented below).

      • sseKmsEncryptedObjects (pulumi.Input[dict]) - Match SSE-KMS encrypted objects (documented below). If specified, replica_kms_key_id in destination must be specified as well.

        • enabled (pulumi.Input[bool]) - Boolean which indicates if this criteria is enabled.

    • status (pulumi.Input[str]) - The status of the rule. Either Enabled or Disabled. The rule is ignored if status is not Enabled.

The server_side_encryption_configuration object supports the following:

  • rule (pulumi.Input[dict]) - The Object Lock rule in place for this bucket.

    • applyServerSideEncryptionByDefault (pulumi.Input[dict]) - A single object for setting server-side encryption by default. (documented below)

      • kmsMasterKeyId (pulumi.Input[str]) - The AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of sse_algorithm as aws:kms. The default aws/s3 AWS KMS master key is used if this element is absent while the sse_algorithm is aws:kms.

      • sseAlgorithm (pulumi.Input[str]) - The server-side encryption algorithm to use. Valid values are AES256 and aws:kms

The versioning object supports the following:

  • enabled (pulumi.Input[bool]) - Boolean which indicates if this criteria is enabled.

  • mfaDelete (pulumi.Input[bool]) - Enable MFA delete for either Change the versioning state of your bucket or Permanently delete an object version. Default is false.

The website object supports the following:

  • errorDocument (pulumi.Input[str]) - An absolute path to the document to return in case of a 4XX error.

  • indexDocument (pulumi.Input[str]) - Amazon S3 returns this index document when requests are made to the root domain or any of the subfolders.

  • redirectAllRequestsTo (pulumi.Input[str]) - A hostname to redirect all website requests for this bucket to. Hostname can optionally be prefixed with a protocol (http:// or https://) to use when redirecting requests. The default is the protocol that is used in the original request.

  • routingRules (pulumi.Input[str]) - A json array containing routing rules describing redirect behavior and when redirects are applied.

acceleration_status = None

Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended.

acl = None

The canned ACL to apply. Defaults to “private”.

arn = None

The ARN of the bucket. Will be of format arn:aws:s3:::bucketname.

bucket = None

The ARN of the S3 bucket where you want Amazon S3 to store replicas of the object identified by the rule.

bucket_domain_name = None

The bucket domain name. Will be of format bucketname.s3.amazonaws.com.

bucket_prefix = None

Creates a unique bucket name beginning with the specified prefix. Conflicts with bucket.

bucket_regional_domain_name = None

The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.

cors_rules = None

A rule of Cross-Origin Resource Sharing (documented below).

  • allowedHeaders (list) - Specifies which headers are allowed.

  • allowedMethods (list) - Specifies which methods are allowed. Can be GET, PUT, POST, DELETE or HEAD.

  • allowedOrigins (list) - Specifies which origins are allowed.

  • exposeHeaders (list) - Specifies expose header in the response.

  • maxAgeSeconds (float) - Specifies time in seconds that browser can cache the response for a preflight request.

force_destroy = None

A boolean that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.

hosted_zone_id = None

The Route 53 Hosted Zone ID for this bucket’s region.

lifecycle_rules = None

A configuration of object lifecycle management (documented below).

  • abortIncompleteMultipartUploadDays (float) - Specifies the number of days after initiating a multipart upload when the multipart upload must be completed.

  • enabled (bool) - Boolean which indicates if this criteria is enabled.

  • expiration (dict) - Specifies a period in the object’s expire (documented below).

    • date (str) - Specifies the date after which you want the corresponding action to take effect.

    • days (float) - The number of days that you want to specify for the default retention period.

    • expiredObjectDeleteMarker (bool) - On a versioned bucket (versioning-enabled or versioning-suspended bucket), you can add this element in the lifecycle configuration to direct Amazon S3 to delete expired object delete markers.

  • id (str) - Unique identifier for the rule.

  • noncurrentVersionExpiration (dict) - Specifies when noncurrent object versions expire (documented below).

    • days (float) - The number of days that you want to specify for the default retention period.

  • noncurrentVersionTransitions (list) - Specifies when noncurrent object versions transitions (documented below).

    • days (float) - The number of days that you want to specify for the default retention period.

    • storage_class (str) - The class of storage used to store the object. Can be STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, or DEEP_ARCHIVE.

  • prefix (str) - Object keyname prefix that identifies subset of objects to which the rule applies.

  • tags (dict) - A mapping of tags that identifies subset of objects to which the rule applies. The rule applies only to objects having all the tags in its tagset.

  • transitions (list) - Specifies a period in the object’s transitions (documented below).

    • date (str) - Specifies the date after which you want the corresponding action to take effect.

    • days (float) - The number of days that you want to specify for the default retention period.

    • storage_class (str) - The class of storage used to store the object. Can be STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, or DEEP_ARCHIVE.

loggings = None

A settings of bucket logging (documented below).

  • targetBucket (str) - The name of the bucket that will receive the log objects.

  • targetPrefix (str) - To specify a key prefix for log objects.

object_lock_configuration = None

A configuration of S3 object locking (documented below)

  • objectLockEnabled (str) - Indicates whether this bucket has an Object Lock configuration enabled. Valid value is Enabled.

  • rule (dict) - The Object Lock rule in place for this bucket.

    • defaultRetention (dict) - The default retention period that you want to apply to new objects placed in this bucket.

      • days (float) - The number of days that you want to specify for the default retention period.

      • mode (str) - The default Object Lock retention mode you want to apply to new objects placed in this bucket. Valid values are GOVERNANCE and COMPLIANCE.

      • years (float) - The number of years that you want to specify for the default retention period.

policy = None

A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), this provider may view the policy as constantly changing in a deployment. In this case, please make sure you use the verbose/specific version of the policy.

region = None

If specified, the AWS region this bucket should reside in. Otherwise, the region used by the callee.

replication_configuration = None

A configuration of replication configuration (documented below).

  • role (str) - The ARN of the IAM role for Amazon S3 to assume when replicating the objects.

  • rules (list) - Specifies the rules managing the replication (documented below).

    • destination (dict) - Specifies the destination for the rule (documented below).

      • accessControlTranslation (dict) - Specifies the overrides to use for object owners on replication. Must be used in conjunction with account_id owner override configuration.

        • owner (str) - The override value for the owner on replicated objects. Currently only Destination is supported.

      • account_id (str) - The Account ID to use for overriding the object owner on replication. Must be used in conjunction with access_control_translation override configuration.

      • bucket (str) - The ARN of the S3 bucket where you want Amazon S3 to store replicas of the object identified by the rule.

      • replicaKmsKeyId (str) - Destination KMS encryption key ARN for SSE-KMS replication. Must be used in conjunction with sse_kms_encrypted_objects source selection criteria.

      • storage_class (str) - The class of storage used to store the object. Can be STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, or DEEP_ARCHIVE.

    • filter (dict) - Filter that identifies subset of objects to which the replication rule applies (documented below).

      • prefix (str) - Object keyname prefix that identifies subset of objects to which the rule applies.

      • tags (dict) - A mapping of tags that identifies subset of objects to which the rule applies. The rule applies only to objects having all the tags in its tagset.

    • id (str) - Unique identifier for the rule.

    • prefix (str) - Object keyname prefix that identifies subset of objects to which the rule applies.

    • priority (float) - The priority associated with the rule.

    • sourceSelectionCriteria (dict) - Specifies special object selection criteria (documented below).

      • sseKmsEncryptedObjects (dict) - Match SSE-KMS encrypted objects (documented below). If specified, replica_kms_key_id in destination must be specified as well.

        • enabled (bool) - Boolean which indicates if this criteria is enabled.

    • status (str) - The status of the rule. Either Enabled or Disabled. The rule is ignored if status is not Enabled.

request_payer = None

Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information.

server_side_encryption_configuration = None

A configuration of server-side encryption configuration (documented below)

  • rule (dict) - The Object Lock rule in place for this bucket.

    • applyServerSideEncryptionByDefault (dict) - A single object for setting server-side encryption by default. (documented below)

      • kmsMasterKeyId (str) - The AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of sse_algorithm as aws:kms. The default aws/s3 AWS KMS master key is used if this element is absent while the sse_algorithm is aws:kms.

      • sseAlgorithm (str) - The server-side encryption algorithm to use. Valid values are AES256 and aws:kms

tags = None

A mapping of tags that identifies subset of objects to which the rule applies. The rule applies only to objects having all the tags in its tagset.

versioning = None

A state of versioning (documented below)

  • enabled (bool) - Boolean which indicates if this criteria is enabled.

  • mfaDelete (bool) - Enable MFA delete for either Change the versioning state of your bucket or Permanently delete an object version. Default is false.

website = None

A website object (documented below).

  • errorDocument (str) - An absolute path to the document to return in case of a 4XX error.

  • indexDocument (str) - Amazon S3 returns this index document when requests are made to the root domain or any of the subfolders.

  • redirectAllRequestsTo (str) - A hostname to redirect all website requests for this bucket to. Hostname can optionally be prefixed with a protocol (http:// or https://) to use when redirecting requests. The default is the protocol that is used in the original request.

  • routingRules (str) - A json array containing routing rules describing redirect behavior and when redirects are applied.

website_domain = None

The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.

website_endpoint = None

The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.

static get(resource_name, id, opts=None, acceleration_status=None, acl=None, arn=None, bucket=None, bucket_domain_name=None, bucket_prefix=None, bucket_regional_domain_name=None, cors_rules=None, force_destroy=None, hosted_zone_id=None, lifecycle_rules=None, loggings=None, object_lock_configuration=None, policy=None, region=None, replication_configuration=None, request_payer=None, server_side_encryption_configuration=None, tags=None, versioning=None, website=None, website_domain=None, website_endpoint=None)

Get an existing Bucket resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters
  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • acceleration_status (pulumi.Input[str]) – Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended.

  • acl (pulumi.Input[str]) –

    The canned ACL to apply. Defaults to “private”.

  • arn (pulumi.Input[str]) – The ARN of the bucket. Will be of format arn:aws:s3:::bucketname.

  • bucket (pulumi.Input[str]) – The ARN of the S3 bucket where you want Amazon S3 to store replicas of the object identified by the rule.

  • bucket_domain_name (pulumi.Input[str]) – The bucket domain name. Will be of format bucketname.s3.amazonaws.com.

  • bucket_prefix (pulumi.Input[str]) – Creates a unique bucket name beginning with the specified prefix. Conflicts with bucket.

  • bucket_regional_domain_name (pulumi.Input[str]) –

    The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.

  • cors_rules (pulumi.Input[list]) –

    A rule of Cross-Origin Resource Sharing (documented below).

  • force_destroy (pulumi.Input[bool]) – A boolean that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.

  • hosted_zone_id (pulumi.Input[str]) –

    The Route 53 Hosted Zone ID for this bucket’s region.

  • lifecycle_rules (pulumi.Input[list]) –

    A configuration of object lifecycle management (documented below).

  • loggings (pulumi.Input[list]) –

    A settings of bucket logging (documented below).

  • object_lock_configuration (pulumi.Input[dict]) –

    A configuration of S3 object locking (documented below)

  • policy (pulumi.Input[str]) –

    A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), this provider may view the policy as constantly changing in a deployment. In this case, please make sure you use the verbose/specific version of the policy.

  • region (pulumi.Input[str]) – If specified, the AWS region this bucket should reside in. Otherwise, the region used by the callee.

  • replication_configuration (pulumi.Input[dict]) –

    A configuration of replication configuration (documented below).

  • request_payer (pulumi.Input[str]) –

    Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information.

  • server_side_encryption_configuration (pulumi.Input[dict]) –

    A configuration of server-side encryption configuration (documented below)

  • tags (pulumi.Input[dict]) – A mapping of tags that identifies subset of objects to which the rule applies. The rule applies only to objects having all the tags in its tagset.

  • versioning (pulumi.Input[dict]) –

    A state of versioning (documented below)

  • website (pulumi.Input[dict]) – A website object (documented below).

  • website_domain (pulumi.Input[str]) – The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.

  • website_endpoint (pulumi.Input[str]) – The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.

The cors_rules object supports the following:

  • allowedHeaders (pulumi.Input[list]) - Specifies which headers are allowed.

  • allowedMethods (pulumi.Input[list]) - Specifies which methods are allowed. Can be GET, PUT, POST, DELETE or HEAD.

  • allowedOrigins (pulumi.Input[list]) - Specifies which origins are allowed.

  • exposeHeaders (pulumi.Input[list]) - Specifies expose header in the response.

  • maxAgeSeconds (pulumi.Input[float]) - Specifies time in seconds that browser can cache the response for a preflight request.

The lifecycle_rules object supports the following:

  • abortIncompleteMultipartUploadDays (pulumi.Input[float]) - Specifies the number of days after initiating a multipart upload when the multipart upload must be completed.

  • enabled (pulumi.Input[bool]) - Boolean which indicates if this criteria is enabled.

  • expiration (pulumi.Input[dict]) - Specifies a period in the object’s expire (documented below).

    • date (pulumi.Input[str]) - Specifies the date after which you want the corresponding action to take effect.

    • days (pulumi.Input[float]) - The number of days that you want to specify for the default retention period.

    • expiredObjectDeleteMarker (pulumi.Input[bool]) - On a versioned bucket (versioning-enabled or versioning-suspended bucket), you can add this element in the lifecycle configuration to direct Amazon S3 to delete expired object delete markers.

  • id (pulumi.Input[str]) - Unique identifier for the rule.

  • noncurrentVersionExpiration (pulumi.Input[dict]) - Specifies when noncurrent object versions expire (documented below).

    • days (pulumi.Input[float]) - The number of days that you want to specify for the default retention period.

  • noncurrentVersionTransitions (pulumi.Input[list]) - Specifies when noncurrent object versions transitions (documented below).

    • days (pulumi.Input[float]) - The number of days that you want to specify for the default retention period.

    • storage_class (pulumi.Input[str]) - The class of storage used to store the object. Can be STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, or DEEP_ARCHIVE.

  • prefix (pulumi.Input[str]) - Object keyname prefix that identifies subset of objects to which the rule applies.

  • tags (pulumi.Input[dict]) - A mapping of tags that identifies subset of objects to which the rule applies. The rule applies only to objects having all the tags in its tagset.

  • transitions (pulumi.Input[list]) - Specifies a period in the object’s transitions (documented below).

    • date (pulumi.Input[str]) - Specifies the date after which you want the corresponding action to take effect.

    • days (pulumi.Input[float]) - The number of days that you want to specify for the default retention period.

    • storage_class (pulumi.Input[str]) - The class of storage used to store the object. Can be STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, or DEEP_ARCHIVE.

The loggings object supports the following:

  • targetBucket (pulumi.Input[str]) - The name of the bucket that will receive the log objects.

  • targetPrefix (pulumi.Input[str]) - To specify a key prefix for log objects.

The object_lock_configuration object supports the following:

  • objectLockEnabled (pulumi.Input[str]) - Indicates whether this bucket has an Object Lock configuration enabled. Valid value is Enabled.

  • rule (pulumi.Input[dict]) - The Object Lock rule in place for this bucket.

    • defaultRetention (pulumi.Input[dict]) - The default retention period that you want to apply to new objects placed in this bucket.

      • days (pulumi.Input[float]) - The number of days that you want to specify for the default retention period.

      • mode (pulumi.Input[str]) - The default Object Lock retention mode you want to apply to new objects placed in this bucket. Valid values are GOVERNANCE and COMPLIANCE.

      • years (pulumi.Input[float]) - The number of years that you want to specify for the default retention period.

The replication_configuration object supports the following:

  • role (pulumi.Input[str]) - The ARN of the IAM role for Amazon S3 to assume when replicating the objects.

  • rules (pulumi.Input[list]) - Specifies the rules managing the replication (documented below).

    • destination (pulumi.Input[dict]) - Specifies the destination for the rule (documented below).

      • accessControlTranslation (pulumi.Input[dict]) - Specifies the overrides to use for object owners on replication. Must be used in conjunction with account_id owner override configuration.

        • owner (pulumi.Input[str]) - The override value for the owner on replicated objects. Currently only Destination is supported.

      • account_id (pulumi.Input[str]) - The Account ID to use for overriding the object owner on replication. Must be used in conjunction with access_control_translation override configuration.

      • bucket (pulumi.Input[str]) - The ARN of the S3 bucket where you want Amazon S3 to store replicas of the object identified by the rule.

      • replicaKmsKeyId (pulumi.Input[str]) - Destination KMS encryption key ARN for SSE-KMS replication. Must be used in conjunction with sse_kms_encrypted_objects source selection criteria.

      • storage_class (pulumi.Input[str]) - The class of storage used to store the object. Can be STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, or DEEP_ARCHIVE.

    • filter (pulumi.Input[dict]) - Filter that identifies subset of objects to which the replication rule applies (documented below).

      • prefix (pulumi.Input[str]) - Object keyname prefix that identifies subset of objects to which the rule applies.

      • tags (pulumi.Input[dict]) - A mapping of tags that identifies subset of objects to which the rule applies. The rule applies only to objects having all the tags in its tagset.

    • id (pulumi.Input[str]) - Unique identifier for the rule.

    • prefix (pulumi.Input[str]) - Object keyname prefix that identifies subset of objects to which the rule applies.

    • priority (pulumi.Input[float]) - The priority associated with the rule.

    • sourceSelectionCriteria (pulumi.Input[dict]) - Specifies special object selection criteria (documented below).

      • sseKmsEncryptedObjects (pulumi.Input[dict]) - Match SSE-KMS encrypted objects (documented below). If specified, replica_kms_key_id in destination must be specified as well.

        • enabled (pulumi.Input[bool]) - Boolean which indicates if this criteria is enabled.

    • status (pulumi.Input[str]) - The status of the rule. Either Enabled or Disabled. The rule is ignored if status is not Enabled.

The server_side_encryption_configuration object supports the following:

  • rule (pulumi.Input[dict]) - The Object Lock rule in place for this bucket.

    • applyServerSideEncryptionByDefault (pulumi.Input[dict]) - A single object for setting server-side encryption by default. (documented below)

      • kmsMasterKeyId (pulumi.Input[str]) - The AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of sse_algorithm as aws:kms. The default aws/s3 AWS KMS master key is used if this element is absent while the sse_algorithm is aws:kms.

      • sseAlgorithm (pulumi.Input[str]) - The server-side encryption algorithm to use. Valid values are AES256 and aws:kms

The versioning object supports the following:

  • enabled (pulumi.Input[bool]) - Boolean which indicates if this criteria is enabled.

  • mfaDelete (pulumi.Input[bool]) - Enable MFA delete for either Change the versioning state of your bucket or Permanently delete an object version. Default is false.

The website object supports the following:

  • errorDocument (pulumi.Input[str]) - An absolute path to the document to return in case of a 4XX error.

  • indexDocument (pulumi.Input[str]) - Amazon S3 returns this index document when requests are made to the root domain or any of the subfolders.

  • redirectAllRequestsTo (pulumi.Input[str]) - A hostname to redirect all website requests for this bucket to. Hostname can optionally be prefixed with a protocol (http:// or https://) to use when redirecting requests. The default is the protocol that is used in the original request.

  • routingRules (pulumi.Input[str]) - A json array containing routing rules describing redirect behavior and when redirects are applied.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_aws.s3.BucketMetric(resource_name, opts=None, bucket=None, filter=None, name=None, __props__=None, __name__=None, __opts__=None)

Provides a S3 bucket metrics configuration resource.

Parameters
  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • bucket (pulumi.Input[str]) – The name of the bucket to put metric configuration.

  • filter (pulumi.Input[dict]) – Object filtering that accepts a prefix, tags, or a logical AND of prefix and tags (documented below).

  • name (pulumi.Input[str]) – Unique identifier of the metrics configuration for the bucket.

The filter object supports the following:

  • prefix (pulumi.Input[str]) - Object prefix for filtering (singular).

  • tags (pulumi.Input[dict]) - Object tags for filtering (up to 10).

bucket = None

The name of the bucket to put metric configuration.

filter = None

Object filtering that accepts a prefix, tags, or a logical AND of prefix and tags (documented below).

  • prefix (str) - Object prefix for filtering (singular).

  • tags (dict) - Object tags for filtering (up to 10).

name = None

Unique identifier of the metrics configuration for the bucket.

static get(resource_name, id, opts=None, bucket=None, filter=None, name=None)

Get an existing BucketMetric resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters
  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • bucket (pulumi.Input[str]) – The name of the bucket to put metric configuration.

  • filter (pulumi.Input[dict]) –

    Object filtering that accepts a prefix, tags, or a logical AND of prefix and tags (documented below).

  • name (pulumi.Input[str]) – Unique identifier of the metrics configuration for the bucket.

The filter object supports the following:

  • prefix (pulumi.Input[str]) - Object prefix for filtering (singular).

  • tags (pulumi.Input[dict]) - Object tags for filtering (up to 10).

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_aws.s3.BucketNotification(resource_name, opts=None, bucket=None, lambda_functions=None, queues=None, topics=None, __props__=None, __name__=None, __opts__=None)

Manages a S3 Bucket Notification Configuration. For additional information, see the Configuring S3 Event Notifications section in the Amazon S3 Developer Guide.

NOTE: S3 Buckets only support a single notification configuration. Declaring multiple s3.BucketNotification resources to the same S3 Bucket will cause a perpetual difference in configuration.

Parameters
  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • bucket (pulumi.Input[str]) – The name of the bucket to put notification configuration.

  • lambda_functions (pulumi.Input[list]) – Used to configure notifications to a Lambda Function (documented below).

  • queues (pulumi.Input[list]) – The notification configuration to SQS Queue (documented below).

  • topics (pulumi.Input[list]) – The notification configuration to SNS Topic (documented below).

The lambda_functions object supports the following:

  • events (pulumi.Input[list]) - Specifies event for which to send notifications.

  • filterPrefix (pulumi.Input[str]) - Specifies object key name prefix.

  • filterSuffix (pulumi.Input[str]) - Specifies object key name suffix.

  • id (pulumi.Input[str]) - Specifies unique identifier for each of the notification configurations.

  • lambda_function_arn (pulumi.Input[str]) - Specifies Amazon Lambda function ARN.

The queues object supports the following:

  • events (pulumi.Input[list]) - Specifies event for which to send notifications.

  • filterPrefix (pulumi.Input[str]) - Specifies object key name prefix.

  • filterSuffix (pulumi.Input[str]) - Specifies object key name suffix.

  • id (pulumi.Input[str]) - Specifies unique identifier for each of the notification configurations.

  • queueArn (pulumi.Input[str]) - Specifies Amazon SQS queue ARN.

The topics object supports the following:

  • events (pulumi.Input[list]) - Specifies event for which to send notifications.

  • filterPrefix (pulumi.Input[str]) - Specifies object key name prefix.

  • filterSuffix (pulumi.Input[str]) - Specifies object key name suffix.

  • id (pulumi.Input[str]) - Specifies unique identifier for each of the notification configurations.

  • topic_arn (pulumi.Input[str]) - Specifies Amazon SNS topic ARN.

bucket = None

The name of the bucket to put notification configuration.

lambda_functions = None

Used to configure notifications to a Lambda Function (documented below).

  • events (list) - Specifies event for which to send notifications.

  • filterPrefix (str) - Specifies object key name prefix.

  • filterSuffix (str) - Specifies object key name suffix.

  • id (str) - Specifies unique identifier for each of the notification configurations.

  • lambda_function_arn (str) - Specifies Amazon Lambda function ARN.

queues = None

The notification configuration to SQS Queue (documented below).

  • events (list) - Specifies event for which to send notifications.

  • filterPrefix (str) - Specifies object key name prefix.

  • filterSuffix (str) - Specifies object key name suffix.

  • id (str) - Specifies unique identifier for each of the notification configurations.

  • queueArn (str) - Specifies Amazon SQS queue ARN.

topics = None

The notification configuration to SNS Topic (documented below).

  • events (list) - Specifies event for which to send notifications.

  • filterPrefix (str) - Specifies object key name prefix.

  • filterSuffix (str) - Specifies object key name suffix.

  • id (str) - Specifies unique identifier for each of the notification configurations.

  • topic_arn (str) - Specifies Amazon SNS topic ARN.

static get(resource_name, id, opts=None, bucket=None, lambda_functions=None, queues=None, topics=None)

Get an existing BucketNotification resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters
  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • bucket (pulumi.Input[str]) – The name of the bucket to put notification configuration.

  • lambda_functions (pulumi.Input[list]) – Used to configure notifications to a Lambda Function (documented below).

  • queues (pulumi.Input[list]) – The notification configuration to SQS Queue (documented below).

  • topics (pulumi.Input[list]) – The notification configuration to SNS Topic (documented below).

The lambda_functions object supports the following:

  • events (pulumi.Input[list]) - Specifies event for which to send notifications.

  • filterPrefix (pulumi.Input[str]) - Specifies object key name prefix.

  • filterSuffix (pulumi.Input[str]) - Specifies object key name suffix.

  • id (pulumi.Input[str]) - Specifies unique identifier for each of the notification configurations.

  • lambda_function_arn (pulumi.Input[str]) - Specifies Amazon Lambda function ARN.

The queues object supports the following:

  • events (pulumi.Input[list]) - Specifies event for which to send notifications.

  • filterPrefix (pulumi.Input[str]) - Specifies object key name prefix.

  • filterSuffix (pulumi.Input[str]) - Specifies object key name suffix.

  • id (pulumi.Input[str]) - Specifies unique identifier for each of the notification configurations.

  • queueArn (pulumi.Input[str]) - Specifies Amazon SQS queue ARN.

The topics object supports the following:

  • events (pulumi.Input[list]) - Specifies event for which to send notifications.

  • filterPrefix (pulumi.Input[str]) - Specifies object key name prefix.

  • filterSuffix (pulumi.Input[str]) - Specifies object key name suffix.

  • id (pulumi.Input[str]) - Specifies unique identifier for each of the notification configurations.

  • topic_arn (pulumi.Input[str]) - Specifies Amazon SNS topic ARN.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_aws.s3.BucketObject(resource_name, opts=None, acl=None, bucket=None, cache_control=None, content=None, content_base64=None, content_disposition=None, content_encoding=None, content_language=None, content_type=None, etag=None, key=None, kms_key_id=None, metadata=None, server_side_encryption=None, source=None, storage_class=None, tags=None, website_redirect=None, __props__=None, __name__=None, __opts__=None)

Provides a S3 bucket object resource.

Parameters
  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • acl (pulumi.Input[str]) –

    The canned ACL to apply. Defaults to “private”.

  • bucket (pulumi.Input[str]) – The name of the bucket to put the file in.

  • cache_control (pulumi.Input[str]) – Specifies caching behavior along the request/reply chain Read w3c cache_control for further details.

  • content (pulumi.Input[str]) – Literal string value to use as the object content, which will be uploaded as UTF-8-encoded text.

  • content_base64 (pulumi.Input[str]) – Base64-encoded data that will be decoded and uploaded as raw bytes for the object content. This allows safely uploading non-UTF8 binary data, but is recommended only for small content such as the result of the gzipbase64 function with small text strings. For larger objects, use source to stream the content from a disk file.

  • content_disposition (pulumi.Input[str]) – Specifies presentational information for the object. Read w3c content_disposition for further information.

  • content_encoding (pulumi.Input[str]) – Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field. Read w3c content encoding for further information.

  • content_language (pulumi.Input[str]) – The language the content is in e.g. en-US or en-GB.

  • content_type (pulumi.Input[str]) – A standard MIME type describing the format of the object data, e.g. application/octet-stream. All Valid MIME Types are valid for this input.

  • etag (pulumi.Input[str]) – Used to trigger updates. The only meaningful value is ${filemd5("path/to/file")} (this provider 0.11.12 or later) or ${md5(file("path/to/file"))} (this provider 0.11.11 or earlier). This attribute is not compatible with KMS encryption, kms_key_id or server_side_encryption = "aws:kms".

  • key (pulumi.Input[str]) – The name of the object once it is in the bucket.

  • kms_key_id (pulumi.Input[str]) – Specifies the AWS KMS Key ARN to use for object encryption. This value is a fully qualified ARN of the KMS Key. If using kms.Key, use the exported arn attribute: kms_key_id = "${aws_kms_key.foo.arn}"

  • metadata (pulumi.Input[dict]) – A mapping of keys/values to provision metadata (will be automatically prefixed by x-amz-meta-, note that only lowercase label are currently supported by the AWS Go API).

  • server_side_encryption (pulumi.Input[str]) – Specifies server-side encryption of the object in S3. Valid values are “AES256” and “aws:kms”.

  • pulumi.Archive]] source (pulumi.Input[Union[pulumi.Asset,) – The path to a file that will be read and uploaded as raw bytes for the object content.

  • storage_class (pulumi.Input[str]) – Specifies the desired Storage Class for the object. Can be either “STANDARD”, “REDUCED_REDUNDANCY”, “ONEZONE_IA”, “INTELLIGENT_TIERING”, “GLACIER”, “DEEP_ARCHIVE”, or “STANDARD_IA”. Defaults to “STANDARD”.

  • tags (pulumi.Input[dict]) – A mapping of tags to assign to the object.

  • website_redirect (pulumi.Input[str]) – Specifies a target URL for website redirect.

acl = None

The canned ACL to apply. Defaults to “private”.

bucket = None

The name of the bucket to put the file in.

cache_control = None

Specifies caching behavior along the request/reply chain Read w3c cache_control for further details.

content = None

Literal string value to use as the object content, which will be uploaded as UTF-8-encoded text.

content_base64 = None

Base64-encoded data that will be decoded and uploaded as raw bytes for the object content. This allows safely uploading non-UTF8 binary data, but is recommended only for small content such as the result of the gzipbase64 function with small text strings. For larger objects, use source to stream the content from a disk file.

content_disposition = None

Specifies presentational information for the object. Read w3c content_disposition for further information.

content_encoding = None

Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field. Read w3c content encoding for further information.

content_language = None

The language the content is in e.g. en-US or en-GB.

content_type = None

A standard MIME type describing the format of the object data, e.g. application/octet-stream. All Valid MIME Types are valid for this input.

etag = None

Used to trigger updates. The only meaningful value is ${filemd5("path/to/file")} (this provider 0.11.12 or later) or ${md5(file("path/to/file"))} (this provider 0.11.11 or earlier). This attribute is not compatible with KMS encryption, kms_key_id or server_side_encryption = "aws:kms".

key = None

The name of the object once it is in the bucket.

kms_key_id = None

Specifies the AWS KMS Key ARN to use for object encryption. This value is a fully qualified ARN of the KMS Key. If using kms.Key, use the exported arn attribute: kms_key_id = "${aws_kms_key.foo.arn}"

metadata = None

A mapping of keys/values to provision metadata (will be automatically prefixed by x-amz-meta-, note that only lowercase label are currently supported by the AWS Go API).

server_side_encryption = None

Specifies server-side encryption of the object in S3. Valid values are “AES256” and “aws:kms”.

source = None

The path to a file that will be read and uploaded as raw bytes for the object content.

storage_class = None

Specifies the desired Storage Class for the object. Can be either “STANDARD”, “REDUCED_REDUNDANCY”, “ONEZONE_IA”, “INTELLIGENT_TIERING”, “GLACIER”, “DEEP_ARCHIVE”, or “STANDARD_IA”. Defaults to “STANDARD”.

tags = None

A mapping of tags to assign to the object.

version_id = None

A unique version ID value for the object, if bucket versioning is enabled.

website_redirect = None

Specifies a target URL for website redirect.

static get(resource_name, id, opts=None, acl=None, bucket=None, cache_control=None, content=None, content_base64=None, content_disposition=None, content_encoding=None, content_language=None, content_type=None, etag=None, key=None, kms_key_id=None, metadata=None, server_side_encryption=None, source=None, storage_class=None, tags=None, version_id=None, website_redirect=None)

Get an existing BucketObject resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters
  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • acl (pulumi.Input[str]) –

    The canned ACL to apply. Defaults to “private”.

  • bucket (pulumi.Input[str]) – The name of the bucket to put the file in.

  • cache_control (pulumi.Input[str]) –

    Specifies caching behavior along the request/reply chain Read w3c cache_control for further details.

  • content (pulumi.Input[str]) – Literal string value to use as the object content, which will be uploaded as UTF-8-encoded text.

  • content_base64 (pulumi.Input[str]) – Base64-encoded data that will be decoded and uploaded as raw bytes for the object content. This allows safely uploading non-UTF8 binary data, but is recommended only for small content such as the result of the gzipbase64 function with small text strings. For larger objects, use source to stream the content from a disk file.

  • content_disposition (pulumi.Input[str]) –

    Specifies presentational information for the object. Read w3c content_disposition for further information.

  • content_encoding (pulumi.Input[str]) –

    Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field. Read w3c content encoding for further information.

  • content_language (pulumi.Input[str]) – The language the content is in e.g. en-US or en-GB.

  • content_type (pulumi.Input[str]) – A standard MIME type describing the format of the object data, e.g. application/octet-stream. All Valid MIME Types are valid for this input.

  • etag (pulumi.Input[str]) – Used to trigger updates. The only meaningful value is ${filemd5("path/to/file")} (this provider 0.11.12 or later) or ${md5(file("path/to/file"))} (this provider 0.11.11 or earlier). This attribute is not compatible with KMS encryption, kms_key_id or server_side_encryption = "aws:kms".

  • key (pulumi.Input[str]) – The name of the object once it is in the bucket.

  • kms_key_id (pulumi.Input[str]) – Specifies the AWS KMS Key ARN to use for object encryption. This value is a fully qualified ARN of the KMS Key. If using kms.Key, use the exported arn attribute: kms_key_id = "${aws_kms_key.foo.arn}"

  • metadata (pulumi.Input[dict]) – A mapping of keys/values to provision metadata (will be automatically prefixed by x-amz-meta-, note that only lowercase label are currently supported by the AWS Go API).

  • server_side_encryption (pulumi.Input[str]) – Specifies server-side encryption of the object in S3. Valid values are “AES256” and “aws:kms”.

  • pulumi.Archive]] source (pulumi.Input[Union[pulumi.Asset,) – The path to a file that will be read and uploaded as raw bytes for the object content.

  • storage_class (pulumi.Input[str]) –

    Specifies the desired Storage Class for the object. Can be either “STANDARD”, “REDUCED_REDUNDANCY”, “ONEZONE_IA”, “INTELLIGENT_TIERING”, “GLACIER”, “DEEP_ARCHIVE”, or “STANDARD_IA”. Defaults to “STANDARD”.

  • tags (pulumi.Input[dict]) – A mapping of tags to assign to the object.

  • version_id (pulumi.Input[str]) – A unique version ID value for the object, if bucket versioning is enabled.

  • website_redirect (pulumi.Input[str]) –

    Specifies a target URL for website redirect.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_aws.s3.BucketPolicy(resource_name, opts=None, bucket=None, policy=None, __props__=None, __name__=None, __opts__=None)

Attaches a policy to an S3 bucket resource.

Parameters
  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • bucket (pulumi.Input[str]) – The name of the bucket to which to apply the policy.

  • policy (pulumi.Input[str]) – The text of the policy.

bucket = None

The name of the bucket to which to apply the policy.

policy = None

The text of the policy.

static get(resource_name, id, opts=None, bucket=None, policy=None)

Get an existing BucketPolicy resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters
  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • bucket (pulumi.Input[str]) – The name of the bucket to which to apply the policy.

  • policy (pulumi.Input[str]) – The text of the policy.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_aws.s3.BucketPublicAccessBlock(resource_name, opts=None, block_public_acls=None, block_public_policy=None, bucket=None, ignore_public_acls=None, restrict_public_buckets=None, __props__=None, __name__=None, __opts__=None)

Manages S3 bucket-level Public Access Block configuration. For more information about these settings, see the AWS S3 Block Public Access documentation.

Parameters
  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • block_public_acls (pulumi.Input[bool]) – Whether Amazon S3 should block public ACLs for this bucket. Defaults to false. Enabling this setting does not affect existing policies or ACLs. When set to true causes the following behavior:

* PUT Bucket acl and PUT Object acl calls will fail if the specified ACL allows public access.
* PUT Object calls will fail if the request includes an object ACL.
Parameters

block_public_policy (pulumi.Input[bool]) – Whether Amazon S3 should block public bucket policies for this bucket. Defaults to false. Enabling this setting does not affect the existing bucket policy. When set to true causes Amazon S3 to:

* Reject calls to PUT Bucket policy if the specified bucket policy allows public access.
Parameters
  • bucket (pulumi.Input[str]) – S3 Bucket to which this Public Access Block configuration should be applied.

  • ignore_public_acls (pulumi.Input[bool]) – Whether Amazon S3 should ignore public ACLs for this bucket. Defaults to false. Enabling this setting does not affect the persistence of any existing ACLs and doesn’t prevent new public ACLs from being set. When set to true causes Amazon S3 to:

* Ignore public ACLs on this bucket and any objects that it contains.
Parameters

restrict_public_buckets (pulumi.Input[bool]) – Whether Amazon S3 should restrict public bucket policies for this bucket. Defaults to false. Enabling this setting does not affect the previously stored bucket policy, except that public and cross-account access within the public bucket policy, including non-public delegation to specific accounts, is blocked. When set to true:

* Only the bucket owner and AWS Services can access this buckets if it has a public policy.
block_public_acls = None

Whether Amazon S3 should block public ACLs for this bucket. Defaults to false. Enabling this setting does not affect existing policies or ACLs. When set to true causes the following behavior:

  • PUT Bucket acl and PUT Object acl calls will fail if the specified ACL allows public access.

  • PUT Object calls will fail if the request includes an object ACL.

block_public_policy = None

Whether Amazon S3 should block public bucket policies for this bucket. Defaults to false. Enabling this setting does not affect the existing bucket policy. When set to true causes Amazon S3 to:

  • Reject calls to PUT Bucket policy if the specified bucket policy allows public access.

bucket = None

S3 Bucket to which this Public Access Block configuration should be applied.

ignore_public_acls = None

Whether Amazon S3 should ignore public ACLs for this bucket. Defaults to false. Enabling this setting does not affect the persistence of any existing ACLs and doesn’t prevent new public ACLs from being set. When set to true causes Amazon S3 to:

  • Ignore public ACLs on this bucket and any objects that it contains.

restrict_public_buckets = None

Whether Amazon S3 should restrict public bucket policies for this bucket. Defaults to false. Enabling this setting does not affect the previously stored bucket policy, except that public and cross-account access within the public bucket policy, including non-public delegation to specific accounts, is blocked. When set to true:

  • Only the bucket owner and AWS Services can access this buckets if it has a public policy.

static get(resource_name, id, opts=None, block_public_acls=None, block_public_policy=None, bucket=None, ignore_public_acls=None, restrict_public_buckets=None)

Get an existing BucketPublicAccessBlock resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters
  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • block_public_acls (pulumi.Input[bool]) – Whether Amazon S3 should block public ACLs for this bucket. Defaults to false. Enabling this setting does not affect existing policies or ACLs. When set to true causes the following behavior:

* PUT Bucket acl and PUT Object acl calls will fail if the specified ACL allows public access.
* PUT Object calls will fail if the request includes an object ACL.
Parameters

block_public_policy (pulumi.Input[bool]) – Whether Amazon S3 should block public bucket policies for this bucket. Defaults to false. Enabling this setting does not affect the existing bucket policy. When set to true causes Amazon S3 to:

* Reject calls to PUT Bucket policy if the specified bucket policy allows public access.
Parameters
  • bucket (pulumi.Input[str]) – S3 Bucket to which this Public Access Block configuration should be applied.

  • ignore_public_acls (pulumi.Input[bool]) – Whether Amazon S3 should ignore public ACLs for this bucket. Defaults to false. Enabling this setting does not affect the persistence of any existing ACLs and doesn’t prevent new public ACLs from being set. When set to true causes Amazon S3 to:

* Ignore public ACLs on this bucket and any objects that it contains.
Parameters

restrict_public_buckets (pulumi.Input[bool]) – Whether Amazon S3 should restrict public bucket policies for this bucket. Defaults to false. Enabling this setting does not affect the previously stored bucket policy, except that public and cross-account access within the public bucket policy, including non-public delegation to specific accounts, is blocked. When set to true:

* Only the bucket owner and AWS Services can access this buckets if it has a public policy.
translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_aws.s3.GetBucketObjectResult(body=None, bucket=None, cache_control=None, content_disposition=None, content_encoding=None, content_language=None, content_length=None, content_type=None, etag=None, expiration=None, expires=None, key=None, last_modified=None, metadata=None, range=None, server_side_encryption=None, sse_kms_key_id=None, storage_class=None, tags=None, version_id=None, website_redirect_location=None, id=None)

A collection of values returned by getBucketObject.

body = None

Object data (see limitations above to understand cases in which this field is actually available)

cache_control = None

Specifies caching behavior along the request/reply chain.

content_disposition = None

Specifies presentational information for the object.

content_encoding = None

Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field.

content_language = None

The language the content is in.

content_length = None

Size of the body in bytes.

content_type = None

A standard MIME type describing the format of the object data.

etag = None

ETag generated for the object (an MD5 sum of the object content in case it’s not encrypted)

expiration = None

If the object expiration is configured (see object lifecycle management), the field includes this header. It includes the expiry-date and rule-id key value pairs providing object expiration information. The value of the rule-id is URL encoded.

expires = None

The date and time at which the object is no longer cacheable.

last_modified = None

Last modified date of the object in RFC1123 format (e.g. Mon, 02 Jan 2006 15:04:05 MST)

metadata = None

A map of metadata stored with the object in S3

server_side_encryption = None

If the object is stored using server-side encryption (KMS or Amazon S3-managed encryption key), this field includes the chosen encryption and algorithm used.

sse_kms_key_id = None

If present, specifies the ID of the Key Management Service (KMS) master encryption key that was used for the object.

storage_class = None

Storage class information of the object. Available for all objects except for Standard storage class objects.

tags = None

A mapping of tags assigned to the object.

version_id = None

The latest version ID of the object returned.

website_redirect_location = None

If the bucket is configured as a website, redirects requests for this object to another object in the same bucket or to an external URL. Amazon S3 stores the value of this header in the object metadata.

id = None

id is the provider-assigned unique ID for this managed resource.

class pulumi_aws.s3.GetBucketObjectsResult(bucket=None, common_prefixes=None, delimiter=None, encoding_type=None, fetch_owner=None, keys=None, max_keys=None, owners=None, prefix=None, start_after=None, id=None)

A collection of values returned by getBucketObjects.

common_prefixes = None

List of any keys between prefix and the next occurrence of delimiter (i.e., similar to subdirectories of the prefix “directory”); the list is only returned when you specify delimiter

keys = None

List of strings representing object keys

owners = None

List of strings representing object owner IDs (see fetch_owner above)

id = None

id is the provider-assigned unique ID for this managed resource.

class pulumi_aws.s3.GetBucketResult(arn=None, bucket=None, bucket_domain_name=None, bucket_regional_domain_name=None, hosted_zone_id=None, region=None, website_domain=None, website_endpoint=None, id=None)

A collection of values returned by getBucket.

arn = None

The ARN of the bucket. Will be of format arn:aws:s3:::bucketname.

bucket_domain_name = None

The bucket domain name. Will be of format bucketname.s3.amazonaws.com.

bucket_regional_domain_name = None

The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.

hosted_zone_id = None

The Route 53 Hosted Zone ID for this bucket’s region.

region = None

The AWS region this bucket resides in.

website_domain = None

The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.

website_endpoint = None

The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.

id = None

id is the provider-assigned unique ID for this managed resource.

class pulumi_aws.s3.Inventory(resource_name, opts=None, bucket=None, destination=None, enabled=None, filter=None, included_object_versions=None, name=None, optional_fields=None, schedule=None, __props__=None, __name__=None, __opts__=None)

Provides a S3 bucket inventory configuration resource.

Parameters
  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • bucket (pulumi.Input[str]) – The S3 bucket configuration where inventory results are published (documented below).

  • destination (pulumi.Input[dict]) – Destination bucket where inventory list files are written (documented below).

  • enabled (pulumi.Input[bool]) – Specifies whether the inventory is enabled or disabled.

  • filter (pulumi.Input[dict]) – Object filtering that accepts a prefix (documented below).

  • included_object_versions (pulumi.Input[str]) – Object filtering that accepts a prefix (documented below). Can be All or Current.

  • name (pulumi.Input[str]) – Unique identifier of the inventory configuration for the bucket.

  • optional_fields (pulumi.Input[list]) – Contains the optional fields that are included in the inventory results.

  • schedule (pulumi.Input[dict]) – Contains the frequency for generating inventory results (documented below).

The destination object supports the following:

  • bucket (pulumi.Input[dict]) - The S3 bucket configuration where inventory results are published (documented below).

    • account_id (pulumi.Input[str]) - The ID of the account that owns the destination bucket. Recommended to be set to prevent problems if the destination bucket ownership changes.

    • bucketArn (pulumi.Input[str]) - The Amazon S3 bucket ARN of the destination.

    • encryption (pulumi.Input[dict]) - Contains the type of server-side encryption to use to encrypt the inventory (documented below).

      • sseKms (pulumi.Input[dict]) - Specifies to use server-side encryption with AWS KMS-managed keys to encrypt the inventory file (documented below).

        • key_id (pulumi.Input[str]) - The ARN of the KMS customer master key (CMK) used to encrypt the inventory file.

      • sseS3 (pulumi.Input[dict]) - Specifies to use server-side encryption with Amazon S3-managed keys (SSE-S3) to encrypt the inventory file.

    • format (pulumi.Input[str]) - Specifies the output format of the inventory results. Can be CSV, ``ORC` <https://orc.apache.org/>`_ or ``Parquet` <https://parquet.apache.org/>`_.

    • prefix (pulumi.Input[str]) - The prefix that is prepended to all inventory results.

The filter object supports the following:

  • prefix (pulumi.Input[str]) - The prefix that is prepended to all inventory results.

The schedule object supports the following:

  • frequency (pulumi.Input[str]) - Specifies how frequently inventory results are produced. Can be Daily or Weekly.

bucket = None

The S3 bucket configuration where inventory results are published (documented below).

destination = None

Destination bucket where inventory list files are written (documented below).

  • bucket (dict) - The S3 bucket configuration where inventory results are published (documented below).

    • account_id (str) - The ID of the account that owns the destination bucket. Recommended to be set to prevent problems if the destination bucket ownership changes.

    • bucketArn (str) - The Amazon S3 bucket ARN of the destination.

    • encryption (dict) - Contains the type of server-side encryption to use to encrypt the inventory (documented below).

      • sseKms (dict) - Specifies to use server-side encryption with AWS KMS-managed keys to encrypt the inventory file (documented below).

        • key_id (str) - The ARN of the KMS customer master key (CMK) used to encrypt the inventory file.

      • sseS3 (dict) - Specifies to use server-side encryption with Amazon S3-managed keys (SSE-S3) to encrypt the inventory file.

    • format (str) - Specifies the output format of the inventory results. Can be CSV, ``ORC` <https://orc.apache.org/>`_ or ``Parquet` <https://parquet.apache.org/>`_.

    • prefix (str) - The prefix that is prepended to all inventory results.

enabled = None

Specifies whether the inventory is enabled or disabled.

filter = None

Object filtering that accepts a prefix (documented below).

  • prefix (str) - The prefix that is prepended to all inventory results.

included_object_versions = None

Object filtering that accepts a prefix (documented below). Can be All or Current.

name = None

Unique identifier of the inventory configuration for the bucket.

optional_fields = None

Contains the optional fields that are included in the inventory results.

schedule = None

Contains the frequency for generating inventory results (documented below).

  • frequency (str) - Specifies how frequently inventory results are produced. Can be Daily or Weekly.

static get(resource_name, id, opts=None, bucket=None, destination=None, enabled=None, filter=None, included_object_versions=None, name=None, optional_fields=None, schedule=None)

Get an existing Inventory resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters
  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • bucket (pulumi.Input[str]) – The S3 bucket configuration where inventory results are published (documented below).

  • destination (pulumi.Input[dict]) – Destination bucket where inventory list files are written (documented below).

  • enabled (pulumi.Input[bool]) – Specifies whether the inventory is enabled or disabled.

  • filter (pulumi.Input[dict]) – Object filtering that accepts a prefix (documented below).

  • included_object_versions (pulumi.Input[str]) – Object filtering that accepts a prefix (documented below). Can be All or Current.

  • name (pulumi.Input[str]) – Unique identifier of the inventory configuration for the bucket.

  • optional_fields (pulumi.Input[list]) – Contains the optional fields that are included in the inventory results.

  • schedule (pulumi.Input[dict]) – Contains the frequency for generating inventory results (documented below).

The destination object supports the following:

  • bucket (pulumi.Input[dict]) - The S3 bucket configuration where inventory results are published (documented below).

    • account_id (pulumi.Input[str]) - The ID of the account that owns the destination bucket. Recommended to be set to prevent problems if the destination bucket ownership changes.

    • bucketArn (pulumi.Input[str]) - The Amazon S3 bucket ARN of the destination.

    • encryption (pulumi.Input[dict]) - Contains the type of server-side encryption to use to encrypt the inventory (documented below).

      • sseKms (pulumi.Input[dict]) - Specifies to use server-side encryption with AWS KMS-managed keys to encrypt the inventory file (documented below).

        • key_id (pulumi.Input[str]) - The ARN of the KMS customer master key (CMK) used to encrypt the inventory file.

      • sseS3 (pulumi.Input[dict]) - Specifies to use server-side encryption with Amazon S3-managed keys (SSE-S3) to encrypt the inventory file.

    • format (pulumi.Input[str]) - Specifies the output format of the inventory results. Can be CSV, ``ORC` <https://orc.apache.org/>`_ or ``Parquet` <https://parquet.apache.org/>`_.

    • prefix (pulumi.Input[str]) - The prefix that is prepended to all inventory results.

The filter object supports the following:

  • prefix (pulumi.Input[str]) - The prefix that is prepended to all inventory results.

The schedule object supports the following:

  • frequency (pulumi.Input[str]) - Specifies how frequently inventory results are produced. Can be Daily or Weekly.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

pulumi_aws.s3.get_bucket(bucket=None, opts=None)

Provides details about a specific S3 bucket.

This resource may prove useful when setting up a Route53 record, or an origin for a CloudFront Distribution.

Parameters

bucket (str) – The name of the bucket

pulumi_aws.s3.get_bucket_object(bucket=None, key=None, range=None, tags=None, version_id=None, opts=None)

The S3 object data source allows access to the metadata and optionally (see below) content of an object stored inside S3 bucket.

Note: The content of an object (body field) is available only for objects which have a human-readable Content-Type (text/* and application/json). This is to prevent printing unsafe characters and potentially downloading large amount of data which would be thrown away in favour of metadata.

Parameters
  • bucket (str) – The name of the bucket to read the object from

  • key (str) – The full path to the object inside the bucket

  • version_id (str) – Specific version ID of the object returned (defaults to latest version)

pulumi_aws.s3.get_bucket_objects(bucket=None, delimiter=None, encoding_type=None, fetch_owner=None, max_keys=None, prefix=None, start_after=None, opts=None)

Use this data source to access information about an existing resource.

Parameters
  • bucket (str) – Lists object keys in this S3 bucket

  • delimiter (str) – A character used to group keys (Default: none)

  • encoding_type (str) – Encodes keys using this method (Default: none; besides none, only “url” can be used)

  • fetch_owner (bool) – Boolean specifying whether to populate the owner list (Default: false)

  • max_keys (float) – Maximum object keys to return (Default: 1000)

  • prefix (str) – Limits results to object keys with this prefix (Default: none)

  • start_after (str) – Returns key names lexicographically after a specific object key in your bucket (Default: none; S3 lists object keys in UTF-8 character encoding in lexicographical order)