The Challenge
You need a secure S3 bucket to store files or assets, or you want to test your Pulumi Neo setup with the simplest possible deployment. S3 buckets are foundational infrastructure that should always have versioning and public access controls configured from the start.
What You'll Build
- → S3 bucket with a unique auto-generated name
- → Versioning enabled to protect against accidental deletions
- → Public access blocked for security
- → Bucket name and ARN exported for reference
Try This Prompt in Pulumi Neo
Run this prompt in Neo to deploy your infrastructure, or edit it to customize.
Best For
Architecture Overview
This is the simplest meaningful infrastructure deployment: a single S3 bucket with two essential security configurations. Despite its simplicity, it represents the pattern every S3 bucket should follow. Versioning protects your data by keeping previous versions of objects, allowing recovery from accidental overwrites or deletions. Blocking public access prevents the most common S3 security misconfiguration, where buckets are accidentally exposed to the internet.
S3 generates a globally unique bucket name based on your Pulumi project and stack, so you do not need to invent one. This avoids naming collisions and makes it straightforward to create buckets across multiple environments. The exported bucket name and ARN give you the identifiers you need to reference this bucket from other resources or applications.
This deployment is deliberately minimal. It creates a production-appropriate bucket in about 30 seconds, making it ideal for verifying that your Pulumi Cloud account, AWS credentials, and Neo workflow are all configured correctly. Once you have confirmed the basics work, you can move on to more complex deployments with confidence.
S3 Bucket
Provides object storage with virtually unlimited capacity. S3 stores objects as key-value pairs within the bucket, with each object supporting up to 5 TB in size.
Versioning
Maintains a complete history of every object in the bucket. When you overwrite or delete an object, S3 keeps the previous version, allowing you to restore it. This is essential for any bucket storing important data.
Public Access Block
Applies four layers of protection that prevent objects in the bucket from being made public, regardless of individual object ACLs or bucket policies. This is an AWS best practice for any bucket that should not serve content directly to the internet.
Common Customizations
- Add lifecycle rules: Configure automatic transitions to cheaper storage classes or automatic deletion of old object versions after a retention period.
- Enable server-side encryption: Add default encryption using AWS-managed keys (SSE-S3) or customer-managed KMS keys for compliance requirements.
- Configure CORS: Allow web applications hosted on other domains to interact with the bucket directly from the browser.
- Set up event notifications: Trigger Lambda functions, SQS queues, or SNS topics when objects are created, modified, or deleted.
Related Prompts
Deploy a Simple Static Website to S3
You need a quick, low-cost way to host a static website without setting up servers or a CDN. S3 static website hosting …
Build a Storage Solution
Applications need durable, secure file storage that protects data while controlling costs as storage grows. S3 provides …
Deploy a Static Website
You need a fast, secure way to serve a static website globally. Whether it is a marketing site, documentation portal, or …
Build a Data Lake Architecture
You need a central repository for storing and analyzing large volumes of semi-structured data like application logs, …