Docs Home
AWS v6.81.0 published on Tuesday, May 20, 2025 by Pulumi
aws.s3.Bucket
Explore with Pulumi AI
Provides a S3 bucket resource.
NOTE: Please use aws.s3.BucketV2 instead. This resource is maintained for backwards compatibility only. Please see BucketV2 Migration Guide for instructions on migrating existing Bucket resources to BucketV2.
Example Usage
Private Bucket w/ Tags
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const b = new aws.s3.Bucket("b", {
bucket: "my-tf-test-bucket",
acl: aws.s3.CannedAcl.Private,
tags: {
Name: "My bucket",
Environment: "Dev",
},
});
import pulumi
import pulumi_aws as aws
b = aws.s3.Bucket("b",
bucket="my-tf-test-bucket",
acl=aws.s3.CannedAcl.PRIVATE,
tags={
"Name": "My bucket",
"Environment": "Dev",
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := s3.NewBucket(ctx, "b", &s3.BucketArgs{
Bucket: pulumi.String("my-tf-test-bucket"),
Acl: pulumi.String(s3.CannedAclPrivate),
Tags: pulumi.StringMap{
"Name": pulumi.String("My bucket"),
"Environment": pulumi.String("Dev"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var b = new Aws.S3.Bucket("b", new()
{
BucketName = "my-tf-test-bucket",
Acl = Aws.S3.CannedAcl.Private,
Tags =
{
{ "Name", "My bucket" },
{ "Environment", "Dev" },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.Bucket;
import com.pulumi.aws.s3.BucketArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var b = new Bucket("b", BucketArgs.builder()
.bucket("my-tf-test-bucket")
.acl("private")
.tags(Map.ofEntries(
Map.entry("Name", "My bucket"),
Map.entry("Environment", "Dev")
))
.build());
}
}
resources:
b:
type: aws:s3:Bucket
properties:
bucket: my-tf-test-bucket
acl: private
tags:
Name: My bucket
Environment: Dev
Static Website Hosting
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as std from "@pulumi/std";
const b = new aws.s3.Bucket("b", {
bucket: "s3-website-test.mydomain.com",
acl: aws.s3.CannedAcl.PublicRead,
policy: std.file({
input: "policy.json",
}).then(invoke => invoke.result),
website: {
indexDocument: "index.html",
errorDocument: "error.html",
routingRules: `[{
"Condition": {
"KeyPrefixEquals": "docs/"
},
"Redirect": {
"ReplaceKeyPrefixWith": "documents/"
}
}]
`,
},
});
import pulumi
import pulumi_aws as aws
import pulumi_std as std
b = aws.s3.Bucket("b",
bucket="s3-website-test.mydomain.com",
acl=aws.s3.CannedAcl.PUBLIC_READ,
policy=std.file(input="policy.json").result,
website={
"index_document": "index.html",
"error_document": "error.html",
"routing_rules": """[{
"Condition": {
"KeyPrefixEquals": "docs/"
},
"Redirect": {
"ReplaceKeyPrefixWith": "documents/"
}
}]
""",
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3"
"github.com/pulumi/pulumi-std/sdk/go/std"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
invokeFile, err := std.File(ctx, &std.FileArgs{
Input: "policy.json",
}, nil)
if err != nil {
return err
}
_, err = s3.NewBucket(ctx, "b", &s3.BucketArgs{
Bucket: pulumi.String("s3-website-test.mydomain.com"),
Acl: pulumi.String(s3.CannedAclPublicRead),
Policy: pulumi.String(invokeFile.Result),
Website: &s3.BucketWebsiteArgs{
IndexDocument: pulumi.String("index.html"),
ErrorDocument: pulumi.String("error.html"),
RoutingRules: pulumi.Any(`[{
"Condition": {
"KeyPrefixEquals": "docs/"
},
"Redirect": {
"ReplaceKeyPrefixWith": "documents/"
}
}]
`),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
using Std = Pulumi.Std;
return await Deployment.RunAsync(() =>
{
var b = new Aws.S3.Bucket("b", new()
{
BucketName = "s3-website-test.mydomain.com",
Acl = Aws.S3.CannedAcl.PublicRead,
Policy = Std.File.Invoke(new()
{
Input = "policy.json",
}).Apply(invoke => invoke.Result),
Website = new Aws.S3.Inputs.BucketWebsiteArgs
{
IndexDocument = "index.html",
ErrorDocument = "error.html",
RoutingRules = @"[{
""Condition"": {
""KeyPrefixEquals"": ""docs/""
},
""Redirect"": {
""ReplaceKeyPrefixWith"": ""documents/""
}
}]
",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.Bucket;
import com.pulumi.aws.s3.BucketArgs;
import com.pulumi.aws.s3.inputs.BucketWebsiteArgs;
import com.pulumi.std.StdFunctions;
import com.pulumi.std.inputs.FileArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var b = new Bucket("b", BucketArgs.builder()
.bucket("s3-website-test.mydomain.com")
.acl("public-read")
.policy(StdFunctions.file(FileArgs.builder()
.input("policy.json")
.build()).result())
.website(BucketWebsiteArgs.builder()
.indexDocument("index.html")
.errorDocument("error.html")
.routingRules("""
[{
"Condition": {
"KeyPrefixEquals": "docs/"
},
"Redirect": {
"ReplaceKeyPrefixWith": "documents/"
}
}]
""")
.build())
.build());
}
}
resources:
b:
type: aws:s3:Bucket
properties:
bucket: s3-website-test.mydomain.com
acl: public-read
policy:
fn::invoke:
function: std:file
arguments:
input: policy.json
return: result
website:
indexDocument: index.html
errorDocument: error.html
routingRules: |
[{
"Condition": {
"KeyPrefixEquals": "docs/"
},
"Redirect": {
"ReplaceKeyPrefixWith": "documents/"
}
}]
Using CORS
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const b = new aws.s3.Bucket("b", {
bucket: "s3-website-test.mydomain.com",
acl: aws.s3.CannedAcl.PublicRead,
corsRules: [{
allowedHeaders: ["*"],
allowedMethods: [
"PUT",
"POST",
],
allowedOrigins: ["https://s3-website-test.mydomain.com"],
exposeHeaders: ["ETag"],
maxAgeSeconds: 3000,
}],
});
import pulumi
import pulumi_aws as aws
b = aws.s3.Bucket("b",
bucket="s3-website-test.mydomain.com",
acl=aws.s3.CannedAcl.PUBLIC_READ,
cors_rules=[{
"allowed_headers": ["*"],
"allowed_methods": [
"PUT",
"POST",
],
"allowed_origins": ["https://s3-website-test.mydomain.com"],
"expose_headers": ["ETag"],
"max_age_seconds": 3000,
}])
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := s3.NewBucket(ctx, "b", &s3.BucketArgs{
Bucket: pulumi.String("s3-website-test.mydomain.com"),
Acl: pulumi.String(s3.CannedAclPublicRead),
CorsRules: s3.BucketCorsRuleArray{
&s3.BucketCorsRuleArgs{
AllowedHeaders: pulumi.StringArray{
pulumi.String("*"),
},
AllowedMethods: pulumi.StringArray{
pulumi.String("PUT"),
pulumi.String("POST"),
},
AllowedOrigins: pulumi.StringArray{
pulumi.String("https://s3-website-test.mydomain.com"),
},
ExposeHeaders: pulumi.StringArray{
pulumi.String("ETag"),
},
MaxAgeSeconds: pulumi.Int(3000),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var b = new Aws.S3.Bucket("b", new()
{
BucketName = "s3-website-test.mydomain.com",
Acl = Aws.S3.CannedAcl.PublicRead,
CorsRules = new[]
{
new Aws.S3.Inputs.BucketCorsRuleArgs
{
AllowedHeaders = new[]
{
"*",
},
AllowedMethods = new[]
{
"PUT",
"POST",
},
AllowedOrigins = new[]
{
"https://s3-website-test.mydomain.com",
},
ExposeHeaders = new[]
{
"ETag",
},
MaxAgeSeconds = 3000,
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.Bucket;
import com.pulumi.aws.s3.BucketArgs;
import com.pulumi.aws.s3.inputs.BucketCorsRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var b = new Bucket("b", BucketArgs.builder()
.bucket("s3-website-test.mydomain.com")
.acl("public-read")
.corsRules(BucketCorsRuleArgs.builder()
.allowedHeaders("*")
.allowedMethods(
"PUT",
"POST")
.allowedOrigins("https://s3-website-test.mydomain.com")
.exposeHeaders("ETag")
.maxAgeSeconds(3000)
.build())
.build());
}
}
resources:
b:
type: aws:s3:Bucket
properties:
bucket: s3-website-test.mydomain.com
acl: public-read
corsRules:
- allowedHeaders:
- '*'
allowedMethods:
- PUT
- POST
allowedOrigins:
- https://s3-website-test.mydomain.com
exposeHeaders:
- ETag
maxAgeSeconds: 3000
Using versioning
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const b = new aws.s3.Bucket("b", {
bucket: "my-tf-test-bucket",
acl: aws.s3.CannedAcl.Private,
versioning: {
enabled: true,
},
});
import pulumi
import pulumi_aws as aws
b = aws.s3.Bucket("b",
bucket="my-tf-test-bucket",
acl=aws.s3.CannedAcl.PRIVATE,
versioning={
"enabled": True,
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := s3.NewBucket(ctx, "b", &s3.BucketArgs{
Bucket: pulumi.String("my-tf-test-bucket"),
Acl: pulumi.String(s3.CannedAclPrivate),
Versioning: &s3.BucketVersioningArgs{
Enabled: pulumi.Bool(true),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var b = new Aws.S3.Bucket("b", new()
{
BucketName = "my-tf-test-bucket",
Acl = Aws.S3.CannedAcl.Private,
Versioning = new Aws.S3.Inputs.BucketVersioningArgs
{
Enabled = true,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.Bucket;
import com.pulumi.aws.s3.BucketArgs;
import com.pulumi.aws.s3.inputs.BucketVersioningArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var b = new Bucket("b", BucketArgs.builder()
.bucket("my-tf-test-bucket")
.acl("private")
.versioning(BucketVersioningArgs.builder()
.enabled(true)
.build())
.build());
}
}
resources:
b:
type: aws:s3:Bucket
properties:
bucket: my-tf-test-bucket
acl: private
versioning:
enabled: true
Enable Logging
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const logBucket = new aws.s3.Bucket("log_bucket", {
bucket: "my-tf-log-bucket",
acl: aws.s3.CannedAcl.LogDeliveryWrite,
});
const b = new aws.s3.Bucket("b", {
bucket: "my-tf-test-bucket",
acl: aws.s3.CannedAcl.Private,
loggings: [{
targetBucket: logBucket.id,
targetPrefix: "log/",
}],
});
import pulumi
import pulumi_aws as aws
log_bucket = aws.s3.Bucket("log_bucket",
bucket="my-tf-log-bucket",
acl=aws.s3.CannedAcl.LOG_DELIVERY_WRITE)
b = aws.s3.Bucket("b",
bucket="my-tf-test-bucket",
acl=aws.s3.CannedAcl.PRIVATE,
loggings=[{
"target_bucket": log_bucket.id,
"target_prefix": "log/",
}])
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
logBucket, err := s3.NewBucket(ctx, "log_bucket", &s3.BucketArgs{
Bucket: pulumi.String("my-tf-log-bucket"),
Acl: pulumi.String(s3.CannedAclLogDeliveryWrite),
})
if err != nil {
return err
}
_, err = s3.NewBucket(ctx, "b", &s3.BucketArgs{
Bucket: pulumi.String("my-tf-test-bucket"),
Acl: pulumi.String(s3.CannedAclPrivate),
Loggings: s3.BucketLoggingArray{
&s3.BucketLoggingArgs{
TargetBucket: logBucket.ID(),
TargetPrefix: pulumi.String("log/"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var logBucket = new Aws.S3.Bucket("log_bucket", new()
{
BucketName = "my-tf-log-bucket",
Acl = Aws.S3.CannedAcl.LogDeliveryWrite,
});
var b = new Aws.S3.Bucket("b", new()
{
BucketName = "my-tf-test-bucket",
Acl = Aws.S3.CannedAcl.Private,
Loggings = new[]
{
new Aws.S3.Inputs.BucketLoggingArgs
{
TargetBucket = logBucket.Id,
TargetPrefix = "log/",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.Bucket;
import com.pulumi.aws.s3.BucketArgs;
import com.pulumi.aws.s3.inputs.BucketLoggingArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var logBucket = new Bucket("logBucket", BucketArgs.builder()
.bucket("my-tf-log-bucket")
.acl("log-delivery-write")
.build());
var b = new Bucket("b", BucketArgs.builder()
.bucket("my-tf-test-bucket")
.acl("private")
.loggings(BucketLoggingArgs.builder()
.targetBucket(logBucket.id())
.targetPrefix("log/")
.build())
.build());
}
}
resources:
logBucket:
type: aws:s3:Bucket
name: log_bucket
properties:
bucket: my-tf-log-bucket
acl: log-delivery-write
b:
type: aws:s3:Bucket
properties:
bucket: my-tf-test-bucket
acl: private
loggings:
- targetBucket: ${logBucket.id}
targetPrefix: log/
Using object lifecycle
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const bucket = new aws.s3.Bucket("bucket", {
bucket: "my-bucket",
acl: aws.s3.CannedAcl.Private,
lifecycleRules: [
{
id: "log",
enabled: true,
prefix: "log/",
tags: {
rule: "log",
autoclean: "true",
},
transitions: [
{
days: 30,
storageClass: "STANDARD_IA",
},
{
days: 60,
storageClass: "GLACIER",
},
],
expiration: {
days: 90,
},
},
{
id: "tmp",
prefix: "tmp/",
enabled: true,
expiration: {
date: "2016-01-12",
},
},
],
});
const versioningBucket = new aws.s3.Bucket("versioning_bucket", {
bucket: "my-versioning-bucket",
acl: aws.s3.CannedAcl.Private,
versioning: {
enabled: true,
},
lifecycleRules: [{
prefix: "config/",
enabled: true,
noncurrentVersionTransitions: [
{
days: 30,
storageClass: "STANDARD_IA",
},
{
days: 60,
storageClass: "GLACIER",
},
],
noncurrentVersionExpiration: {
days: 90,
},
}],
});
import pulumi
import pulumi_aws as aws
bucket = aws.s3.Bucket("bucket",
bucket="my-bucket",
acl=aws.s3.CannedAcl.PRIVATE,
lifecycle_rules=[
{
"id": "log",
"enabled": True,
"prefix": "log/",
"tags": {
"rule": "log",
"autoclean": "true",
},
"transitions": [
{
"days": 30,
"storage_class": "STANDARD_IA",
},
{
"days": 60,
"storage_class": "GLACIER",
},
],
"expiration": {
"days": 90,
},
},
{
"id": "tmp",
"prefix": "tmp/",
"enabled": True,
"expiration": {
"date": "2016-01-12",
},
},
])
versioning_bucket = aws.s3.Bucket("versioning_bucket",
bucket="my-versioning-bucket",
acl=aws.s3.CannedAcl.PRIVATE,
versioning={
"enabled": True,
},
lifecycle_rules=[{
"prefix": "config/",
"enabled": True,
"noncurrent_version_transitions": [
{
"days": 30,
"storage_class": "STANDARD_IA",
},
{
"days": 60,
"storage_class": "GLACIER",
},
],
"noncurrent_version_expiration": {
"days": 90,
},
}])
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := s3.NewBucket(ctx, "bucket", &s3.BucketArgs{
Bucket: pulumi.String("my-bucket"),
Acl: pulumi.String(s3.CannedAclPrivate),
LifecycleRules: s3.BucketLifecycleRuleArray{
&s3.BucketLifecycleRuleArgs{
Id: pulumi.String("log"),
Enabled: pulumi.Bool(true),
Prefix: pulumi.String("log/"),
Tags: pulumi.StringMap{
"rule": pulumi.String("log"),
"autoclean": pulumi.String("true"),
},
Transitions: s3.BucketLifecycleRuleTransitionArray{
&s3.BucketLifecycleRuleTransitionArgs{
Days: pulumi.Int(30),
StorageClass: pulumi.String("STANDARD_IA"),
},
&s3.BucketLifecycleRuleTransitionArgs{
Days: pulumi.Int(60),
StorageClass: pulumi.String("GLACIER"),
},
},
Expiration: &s3.BucketLifecycleRuleExpirationArgs{
Days: pulumi.Int(90),
},
},
&s3.BucketLifecycleRuleArgs{
Id: pulumi.String("tmp"),
Prefix: pulumi.String("tmp/"),
Enabled: pulumi.Bool(true),
Expiration: &s3.BucketLifecycleRuleExpirationArgs{
Date: pulumi.String("2016-01-12"),
},
},
},
})
if err != nil {
return err
}
_, err = s3.NewBucket(ctx, "versioning_bucket", &s3.BucketArgs{
Bucket: pulumi.String("my-versioning-bucket"),
Acl: pulumi.String(s3.CannedAclPrivate),
Versioning: &s3.BucketVersioningArgs{
Enabled: pulumi.Bool(true),
},
LifecycleRules: s3.BucketLifecycleRuleArray{
&s3.BucketLifecycleRuleArgs{
Prefix: pulumi.String("config/"),
Enabled: pulumi.Bool(true),
NoncurrentVersionTransitions: s3.BucketLifecycleRuleNoncurrentVersionTransitionArray{
&s3.BucketLifecycleRuleNoncurrentVersionTransitionArgs{
Days: pulumi.Int(30),
StorageClass: pulumi.String("STANDARD_IA"),
},
&s3.BucketLifecycleRuleNoncurrentVersionTransitionArgs{
Days: pulumi.Int(60),
StorageClass: pulumi.String("GLACIER"),
},
},
NoncurrentVersionExpiration: &s3.BucketLifecycleRuleNoncurrentVersionExpirationArgs{
Days: pulumi.Int(90),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var bucket = new Aws.S3.Bucket("bucket", new()
{
BucketName = "my-bucket",
Acl = Aws.S3.CannedAcl.Private,
LifecycleRules = new[]
{
new Aws.S3.Inputs.BucketLifecycleRuleArgs
{
Id = "log",
Enabled = true,
Prefix = "log/",
Tags =
{
{ "rule", "log" },
{ "autoclean", "true" },
},
Transitions = new[]
{
new Aws.S3.Inputs.BucketLifecycleRuleTransitionArgs
{
Days = 30,
StorageClass = "STANDARD_IA",
},
new Aws.S3.Inputs.BucketLifecycleRuleTransitionArgs
{
Days = 60,
StorageClass = "GLACIER",
},
},
Expiration = new Aws.S3.Inputs.BucketLifecycleRuleExpirationArgs
{
Days = 90,
},
},
new Aws.S3.Inputs.BucketLifecycleRuleArgs
{
Id = "tmp",
Prefix = "tmp/",
Enabled = true,
Expiration = new Aws.S3.Inputs.BucketLifecycleRuleExpirationArgs
{
Date = "2016-01-12",
},
},
},
});
var versioningBucket = new Aws.S3.Bucket("versioning_bucket", new()
{
BucketName = "my-versioning-bucket",
Acl = Aws.S3.CannedAcl.Private,
Versioning = new Aws.S3.Inputs.BucketVersioningArgs
{
Enabled = true,
},
LifecycleRules = new[]
{
new Aws.S3.Inputs.BucketLifecycleRuleArgs
{
Prefix = "config/",
Enabled = true,
NoncurrentVersionTransitions = new[]
{
new Aws.S3.Inputs.BucketLifecycleRuleNoncurrentVersionTransitionArgs
{
Days = 30,
StorageClass = "STANDARD_IA",
},
new Aws.S3.Inputs.BucketLifecycleRuleNoncurrentVersionTransitionArgs
{
Days = 60,
StorageClass = "GLACIER",
},
},
NoncurrentVersionExpiration = new Aws.S3.Inputs.BucketLifecycleRuleNoncurrentVersionExpirationArgs
{
Days = 90,
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.Bucket;
import com.pulumi.aws.s3.BucketArgs;
import com.pulumi.aws.s3.inputs.BucketLifecycleRuleArgs;
import com.pulumi.aws.s3.inputs.BucketLifecycleRuleExpirationArgs;
import com.pulumi.aws.s3.inputs.BucketVersioningArgs;
import com.pulumi.aws.s3.inputs.BucketLifecycleRuleNoncurrentVersionExpirationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var bucket = new Bucket("bucket", BucketArgs.builder()
.bucket("my-bucket")
.acl("private")
.lifecycleRules(
BucketLifecycleRuleArgs.builder()
.id("log")
.enabled(true)
.prefix("log/")
.tags(Map.ofEntries(
Map.entry("rule", "log"),
Map.entry("autoclean", "true")
))
.transitions(
BucketLifecycleRuleTransitionArgs.builder()
.days(30)
.storageClass("STANDARD_IA")
.build(),
BucketLifecycleRuleTransitionArgs.builder()
.days(60)
.storageClass("GLACIER")
.build())
.expiration(BucketLifecycleRuleExpirationArgs.builder()
.days(90)
.build())
.build(),
BucketLifecycleRuleArgs.builder()
.id("tmp")
.prefix("tmp/")
.enabled(true)
.expiration(BucketLifecycleRuleExpirationArgs.builder()
.date("2016-01-12")
.build())
.build())
.build());
var versioningBucket = new Bucket("versioningBucket", BucketArgs.builder()
.bucket("my-versioning-bucket")
.acl("private")
.versioning(BucketVersioningArgs.builder()
.enabled(true)
.build())
.lifecycleRules(BucketLifecycleRuleArgs.builder()
.prefix("config/")
.enabled(true)
.noncurrentVersionTransitions(
BucketLifecycleRuleNoncurrentVersionTransitionArgs.builder()
.days(30)
.storageClass("STANDARD_IA")
.build(),
BucketLifecycleRuleNoncurrentVersionTransitionArgs.builder()
.days(60)
.storageClass("GLACIER")
.build())
.noncurrentVersionExpiration(BucketLifecycleRuleNoncurrentVersionExpirationArgs.builder()
.days(90)
.build())
.build())
.build());
}
}
resources:
bucket:
type: aws:s3:Bucket
properties:
bucket: my-bucket
acl: private
lifecycleRules:
- id: log
enabled: true
prefix: log/
tags:
rule: log
autoclean: 'true'
transitions:
- days: 30
storageClass: STANDARD_IA
- days: 60
storageClass: GLACIER
expiration:
days: 90
- id: tmp
prefix: tmp/
enabled: true
expiration:
date: 2016-01-12
versioningBucket:
type: aws:s3:Bucket
name: versioning_bucket
properties:
bucket: my-versioning-bucket
acl: private
versioning:
enabled: true
lifecycleRules:
- prefix: config/
enabled: true
noncurrentVersionTransitions:
- days: 30
storageClass: STANDARD_IA
- days: 60
storageClass: GLACIER
noncurrentVersionExpiration:
days: 90
Using replication configuration
NOTE: See the
aws.s3.BucketReplicationConfigresource to support bi-directional replication configuration and additional features.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const replication = new aws.iam.Role("replication", {
name: "tf-iam-role-replication-12345",
assumeRolePolicy: `{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "s3.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
`,
});
const destination = new aws.s3.Bucket("destination", {
bucket: "tf-test-bucket-destination-12345",
versioning: {
enabled: true,
},
});
const source = new aws.s3.Bucket("source", {
bucket: "tf-test-bucket-source-12345",
acl: aws.s3.CannedAcl.Private,
versioning: {
enabled: true,
},
replicationConfiguration: {
role: replication.arn,
rules: [{
id: "foobar",
status: "Enabled",
filter: {
tags: {},
},
destination: {
bucket: destination.arn,
storageClass: "STANDARD",
replicationTime: {
status: "Enabled",
minutes: 15,
},
metrics: {
status: "Enabled",
minutes: 15,
},
},
}],
},
});
const replicationPolicy = new aws.iam.Policy("replication", {
name: "tf-iam-role-policy-replication-12345",
policy: pulumi.interpolate`{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:GetReplicationConfiguration",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": [
"${source.arn}"
]
},
{
"Action": [
"s3:GetObjectVersionForReplication",
"s3:GetObjectVersionAcl",
"s3:GetObjectVersionTagging"
],
"Effect": "Allow",
"Resource": [
"${source.arn}/*"
]
},
{
"Action": [
"s3:ReplicateObject",
"s3:ReplicateDelete",
"s3:ReplicateTags"
],
"Effect": "Allow",
"Resource": "${destination.arn}/*"
}
]
}
`,
});
const replicationRolePolicyAttachment = new aws.iam.RolePolicyAttachment("replication", {
role: replication.name,
policyArn: replicationPolicy.arn,
});
import pulumi
import pulumi_aws as aws
replication = aws.iam.Role("replication",
name="tf-iam-role-replication-12345",
assume_role_policy="""{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "s3.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
""")
destination = aws.s3.Bucket("destination",
bucket="tf-test-bucket-destination-12345",
versioning={
"enabled": True,
})
source = aws.s3.Bucket("source",
bucket="tf-test-bucket-source-12345",
acl=aws.s3.CannedAcl.PRIVATE,
versioning={
"enabled": True,
},
replication_configuration={
"role": replication.arn,
"rules": [{
"id": "foobar",
"status": "Enabled",
"filter": {
"tags": {},
},
"destination": {
"bucket": destination.arn,
"storage_class": "STANDARD",
"replication_time": {
"status": "Enabled",
"minutes": 15,
},
"metrics": {
"status": "Enabled",
"minutes": 15,
},
},
}],
})
replication_policy = aws.iam.Policy("replication",
name="tf-iam-role-policy-replication-12345",
policy=pulumi.Output.all(
sourceArn=source.arn,
sourceArn1=source.arn,
destinationArn=destination.arn
).apply(lambda resolved_outputs: f"""{{
"Version": "2012-10-17",
"Statement": [
{{
"Action": [
"s3:GetReplicationConfiguration",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": [
"{resolved_outputs['sourceArn']}"
]
}},
{{
"Action": [
"s3:GetObjectVersionForReplication",
"s3:GetObjectVersionAcl",
"s3:GetObjectVersionTagging"
],
"Effect": "Allow",
"Resource": [
"{resolved_outputs['sourceArn1']}/*"
]
}},
{{
"Action": [
"s3:ReplicateObject",
"s3:ReplicateDelete",
"s3:ReplicateTags"
],
"Effect": "Allow",
"Resource": "{resolved_outputs['destinationArn']}/*"
}}
]
}}
""")
)
replication_role_policy_attachment = aws.iam.RolePolicyAttachment("replication",
role=replication.name,
policy_arn=replication_policy.arn)
package main
import (
"fmt"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
replication, err := iam.NewRole(ctx, "replication", &iam.RoleArgs{
Name: pulumi.String("tf-iam-role-replication-12345"),
AssumeRolePolicy: pulumi.Any(`{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "s3.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
`),
})
if err != nil {
return err
}
destination, err := s3.NewBucket(ctx, "destination", &s3.BucketArgs{
Bucket: pulumi.String("tf-test-bucket-destination-12345"),
Versioning: &s3.BucketVersioningArgs{
Enabled: pulumi.Bool(true),
},
})
if err != nil {
return err
}
source, err := s3.NewBucket(ctx, "source", &s3.BucketArgs{
Bucket: pulumi.String("tf-test-bucket-source-12345"),
Acl: pulumi.String(s3.CannedAclPrivate),
Versioning: &s3.BucketVersioningArgs{
Enabled: pulumi.Bool(true),
},
ReplicationConfiguration: &s3.BucketReplicationConfigurationArgs{
Role: replication.Arn,
Rules: s3.BucketReplicationConfigurationRuleArray{
&s3.BucketReplicationConfigurationRuleArgs{
Id: pulumi.String("foobar"),
Status: pulumi.String("Enabled"),
Filter: &s3.BucketReplicationConfigurationRuleFilterArgs{
Tags: pulumi.StringMap{},
},
Destination: &s3.BucketReplicationConfigurationRuleDestinationArgs{
Bucket: destination.Arn,
StorageClass: pulumi.String("STANDARD"),
ReplicationTime: &s3.BucketReplicationConfigurationRuleDestinationReplicationTimeArgs{
Status: pulumi.String("Enabled"),
Minutes: pulumi.Int(15),
},
Metrics: &s3.BucketReplicationConfigurationRuleDestinationMetricsArgs{
Status: pulumi.String("Enabled"),
Minutes: pulumi.Int(15),
},
},
},
},
},
})
if err != nil {
return err
}
replicationPolicy, err := iam.NewPolicy(ctx, "replication", &iam.PolicyArgs{
Name: pulumi.String("tf-iam-role-policy-replication-12345"),
Policy: pulumi.All(source.Arn, source.Arn, destination.Arn).ApplyT(func(_args []interface{}) (string, error) {
sourceArn := _args[0].(string)
sourceArn1 := _args[1].(string)
destinationArn := _args[2].(string)
return fmt.Sprintf(`{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:GetReplicationConfiguration",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": [
"%v"
]
},
{
"Action": [
"s3:GetObjectVersionForReplication",
"s3:GetObjectVersionAcl",
"s3:GetObjectVersionTagging"
],
"Effect": "Allow",
"Resource": [
"%v/*"
]
},
{
"Action": [
"s3:ReplicateObject",
"s3:ReplicateDelete",
"s3:ReplicateTags"
],
"Effect": "Allow",
"Resource": "%v/*"
}
]
}
`, sourceArn, sourceArn1, destinationArn), nil
}).(pulumi.StringOutput),
})
if err != nil {
return err
}
_, err = iam.NewRolePolicyAttachment(ctx, "replication", &iam.RolePolicyAttachmentArgs{
Role: replication.Name,
PolicyArn: replicationPolicy.Arn,
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var replication = new Aws.Iam.Role("replication", new()
{
Name = "tf-iam-role-replication-12345",
AssumeRolePolicy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Action"": ""sts:AssumeRole"",
""Principal"": {
""Service"": ""s3.amazonaws.com""
},
""Effect"": ""Allow"",
""Sid"": """"
}
]
}
",
});
var destination = new Aws.S3.Bucket("destination", new()
{
BucketName = "tf-test-bucket-destination-12345",
Versioning = new Aws.S3.Inputs.BucketVersioningArgs
{
Enabled = true,
},
});
var source = new Aws.S3.Bucket("source", new()
{
BucketName = "tf-test-bucket-source-12345",
Acl = Aws.S3.CannedAcl.Private,
Versioning = new Aws.S3.Inputs.BucketVersioningArgs
{
Enabled = true,
},
ReplicationConfiguration = new Aws.S3.Inputs.BucketReplicationConfigurationArgs
{
Role = replication.Arn,
Rules = new[]
{
new Aws.S3.Inputs.BucketReplicationConfigurationRuleArgs
{
Id = "foobar",
Status = "Enabled",
Filter = new Aws.S3.Inputs.BucketReplicationConfigurationRuleFilterArgs
{
Tags = null,
},
Destination = new Aws.S3.Inputs.BucketReplicationConfigurationRuleDestinationArgs
{
Bucket = destination.Arn,
StorageClass = "STANDARD",
ReplicationTime = new Aws.S3.Inputs.BucketReplicationConfigurationRuleDestinationReplicationTimeArgs
{
Status = "Enabled",
Minutes = 15,
},
Metrics = new Aws.S3.Inputs.BucketReplicationConfigurationRuleDestinationMetricsArgs
{
Status = "Enabled",
Minutes = 15,
},
},
},
},
},
});
var replicationPolicy = new Aws.Iam.Policy("replication", new()
{
Name = "tf-iam-role-policy-replication-12345",
PolicyDocument = Output.Tuple(source.Arn, source.Arn, destination.Arn).Apply(values =>
{
var sourceArn = values.Item1;
var sourceArn1 = values.Item2;
var destinationArn = values.Item3;
return @$"{{
""Version"": ""2012-10-17"",
""Statement"": [
{{
""Action"": [
""s3:GetReplicationConfiguration"",
""s3:ListBucket""
],
""Effect"": ""Allow"",
""Resource"": [
""{sourceArn}""
]
}},
{{
""Action"": [
""s3:GetObjectVersionForReplication"",
""s3:GetObjectVersionAcl"",
""s3:GetObjectVersionTagging""
],
""Effect"": ""Allow"",
""Resource"": [
""{sourceArn1}/*""
]
}},
{{
""Action"": [
""s3:ReplicateObject"",
""s3:ReplicateDelete"",
""s3:ReplicateTags""
],
""Effect"": ""Allow"",
""Resource"": ""{destinationArn}/*""
}}
]
}}
";
}),
});
var replicationRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment("replication", new()
{
Role = replication.Name,
PolicyArn = replicationPolicy.Arn,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.aws.s3.Bucket;
import com.pulumi.aws.s3.BucketArgs;
import com.pulumi.aws.s3.inputs.BucketVersioningArgs;
import com.pulumi.aws.s3.inputs.BucketReplicationConfigurationArgs;
import com.pulumi.aws.iam.Policy;
import com.pulumi.aws.iam.PolicyArgs;
import com.pulumi.aws.iam.RolePolicyAttachment;
import com.pulumi.aws.iam.RolePolicyAttachmentArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var replication = new Role("replication", RoleArgs.builder()
.name("tf-iam-role-replication-12345")
.assumeRolePolicy("""
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "s3.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
""")
.build());
var destination = new Bucket("destination", BucketArgs.builder()
.bucket("tf-test-bucket-destination-12345")
.versioning(BucketVersioningArgs.builder()
.enabled(true)
.build())
.build());
var source = new Bucket("source", BucketArgs.builder()
.bucket("tf-test-bucket-source-12345")
.acl("private")
.versioning(BucketVersioningArgs.builder()
.enabled(true)
.build())
.replicationConfiguration(BucketReplicationConfigurationArgs.builder()
.role(replication.arn())
.rules(BucketReplicationConfigurationRuleArgs.builder()
.id("foobar")
.status("Enabled")
.filter(BucketReplicationConfigurationRuleFilterArgs.builder()
.tags(Map.ofEntries(
))
.build())
.destination(BucketReplicationConfigurationRuleDestinationArgs.builder()
.bucket(destination.arn())
.storageClass("STANDARD")
.replicationTime(BucketReplicationConfigurationRuleDestinationReplicationTimeArgs.builder()
.status("Enabled")
.minutes(15)
.build())
.metrics(BucketReplicationConfigurationRuleDestinationMetricsArgs.builder()
.status("Enabled")
.minutes(15)
.build())
.build())
.build())
.build())
.build());
var replicationPolicy = new Policy("replicationPolicy", PolicyArgs.builder()
.name("tf-iam-role-policy-replication-12345")
.policy(Output.tuple(source.arn(), source.arn(), destination.arn()).applyValue(values -> {
var sourceArn = values.t1;
var sourceArn1 = values.t2;
var destinationArn = values.t3;
return """
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:GetReplicationConfiguration",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": [
"%s"
]
},
{
"Action": [
"s3:GetObjectVersionForReplication",
"s3:GetObjectVersionAcl",
"s3:GetObjectVersionTagging"
],
"Effect": "Allow",
"Resource": [
"%s/*"
]
},
{
"Action": [
"s3:ReplicateObject",
"s3:ReplicateDelete",
"s3:ReplicateTags"
],
"Effect": "Allow",
"Resource": "%s/*"
}
]
}
", sourceArn,sourceArn1,destinationArn);
}))
.build());
var replicationRolePolicyAttachment = new RolePolicyAttachment("replicationRolePolicyAttachment", RolePolicyAttachmentArgs.builder()
.role(replication.name())
.policyArn(replicationPolicy.arn())
.build());
}
}
resources:
replication:
type: aws:iam:Role
properties:
name: tf-iam-role-replication-12345
assumeRolePolicy: |
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "s3.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
replicationPolicy:
type: aws:iam:Policy
name: replication
properties:
name: tf-iam-role-policy-replication-12345
policy: |
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:GetReplicationConfiguration",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": [
"${source.arn}"
]
},
{
"Action": [
"s3:GetObjectVersionForReplication",
"s3:GetObjectVersionAcl",
"s3:GetObjectVersionTagging"
],
"Effect": "Allow",
"Resource": [
"${source.arn}/*"
]
},
{
"Action": [
"s3:ReplicateObject",
"s3:ReplicateDelete",
"s3:ReplicateTags"
],
"Effect": "Allow",
"Resource": "${destination.arn}/*"
}
]
}
replicationRolePolicyAttachment:
type: aws:iam:RolePolicyAttachment
name: replication
properties:
role: ${replication.name}
policyArn: ${replicationPolicy.arn}
destination:
type: aws:s3:Bucket
properties:
bucket: tf-test-bucket-destination-12345
versioning:
enabled: true
source:
type: aws:s3:Bucket
properties:
bucket: tf-test-bucket-source-12345
acl: private
versioning:
enabled: true
replicationConfiguration:
role: ${replication.arn}
rules:
- id: foobar
status: Enabled
filter:
tags: {}
destination:
bucket: ${destination.arn}
storageClass: STANDARD
replicationTime:
status: Enabled
minutes: 15
metrics:
status: Enabled
minutes: 15
Enable Default Server Side Encryption
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const mykey = new aws.kms.Key("mykey", {
description: "This key is used to encrypt bucket objects",
deletionWindowInDays: 10,
});
const mybucket = new aws.s3.Bucket("mybucket", {
bucket: "mybucket",
serverSideEncryptionConfiguration: {
rule: {
applyServerSideEncryptionByDefault: {
kmsMasterKeyId: mykey.arn,
sseAlgorithm: "aws:kms",
},
},
},
});
import pulumi
import pulumi_aws as aws
mykey = aws.kms.Key("mykey",
description="This key is used to encrypt bucket objects",
deletion_window_in_days=10)
mybucket = aws.s3.Bucket("mybucket",
bucket="mybucket",
server_side_encryption_configuration={
"rule": {
"apply_server_side_encryption_by_default": {
"kms_master_key_id": mykey.arn,
"sse_algorithm": "aws:kms",
},
},
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
mykey, err := kms.NewKey(ctx, "mykey", &kms.KeyArgs{
Description: pulumi.String("This key is used to encrypt bucket objects"),
DeletionWindowInDays: pulumi.Int(10),
})
if err != nil {
return err
}
_, err = s3.NewBucket(ctx, "mybucket", &s3.BucketArgs{
Bucket: pulumi.String("mybucket"),
ServerSideEncryptionConfiguration: &s3.BucketServerSideEncryptionConfigurationArgs{
Rule: &s3.BucketServerSideEncryptionConfigurationRuleArgs{
ApplyServerSideEncryptionByDefault: &s3.BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefaultArgs{
KmsMasterKeyId: mykey.Arn,
SseAlgorithm: pulumi.String("aws:kms"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var mykey = new Aws.Kms.Key("mykey", new()
{
Description = "This key is used to encrypt bucket objects",
DeletionWindowInDays = 10,
});
var mybucket = new Aws.S3.Bucket("mybucket", new()
{
BucketName = "mybucket",
ServerSideEncryptionConfiguration = new Aws.S3.Inputs.BucketServerSideEncryptionConfigurationArgs
{
Rule = new Aws.S3.Inputs.BucketServerSideEncryptionConfigurationRuleArgs
{
ApplyServerSideEncryptionByDefault = new Aws.S3.Inputs.BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefaultArgs
{
KmsMasterKeyId = mykey.Arn,
SseAlgorithm = "aws:kms",
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.kms.Key;
import com.pulumi.aws.kms.KeyArgs;
import com.pulumi.aws.s3.Bucket;
import com.pulumi.aws.s3.BucketArgs;
import com.pulumi.aws.s3.inputs.BucketServerSideEncryptionConfigurationArgs;
import com.pulumi.aws.s3.inputs.BucketServerSideEncryptionConfigurationRuleArgs;
import com.pulumi.aws.s3.inputs.BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefaultArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var mykey = new Key("mykey", KeyArgs.builder()
.description("This key is used to encrypt bucket objects")
.deletionWindowInDays(10)
.build());
var mybucket = new Bucket("mybucket", BucketArgs.builder()
.bucket("mybucket")
.serverSideEncryptionConfiguration(BucketServerSideEncryptionConfigurationArgs.builder()
.rule(BucketServerSideEncryptionConfigurationRuleArgs.builder()
.applyServerSideEncryptionByDefault(BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefaultArgs.builder()
.kmsMasterKeyId(mykey.arn())
.sseAlgorithm("aws:kms")
.build())
.build())
.build())
.build());
}
}
resources:
mykey:
type: aws:kms:Key
properties:
description: This key is used to encrypt bucket objects
deletionWindowInDays: 10
mybucket:
type: aws:s3:Bucket
properties:
bucket: mybucket
serverSideEncryptionConfiguration:
rule:
applyServerSideEncryptionByDefault:
kmsMasterKeyId: ${mykey.arn}
sseAlgorithm: aws:kms
Using ACL policy grants
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const currentUser = aws.s3.getCanonicalUserId({});
const bucket = new aws.s3.Bucket("bucket", {
bucket: "mybucket",
grants: [
{
id: currentUser.then(currentUser => currentUser.id),
type: "CanonicalUser",
permissions: ["FULL_CONTROL"],
},
{
type: "Group",
permissions: [
"READ_ACP",
"WRITE",
],
uri: "http://acs.amazonaws.com/groups/s3/LogDelivery",
},
],
});
import pulumi
import pulumi_aws as aws
current_user = aws.s3.get_canonical_user_id()
bucket = aws.s3.Bucket("bucket",
bucket="mybucket",
grants=[
{
"id": current_user.id,
"type": "CanonicalUser",
"permissions": ["FULL_CONTROL"],
},
{
"type": "Group",
"permissions": [
"READ_ACP",
"WRITE",
],
"uri": "http://acs.amazonaws.com/groups/s3/LogDelivery",
},
])
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
currentUser, err := s3.GetCanonicalUserId(ctx, map[string]interface{}{}, nil)
if err != nil {
return err
}
_, err = s3.NewBucket(ctx, "bucket", &s3.BucketArgs{
Bucket: pulumi.String("mybucket"),
Grants: s3.BucketGrantArray{
&s3.BucketGrantArgs{
Id: pulumi.String(currentUser.Id),
Type: pulumi.String("CanonicalUser"),
Permissions: pulumi.StringArray{
pulumi.String("FULL_CONTROL"),
},
},
&s3.BucketGrantArgs{
Type: pulumi.String("Group"),
Permissions: pulumi.StringArray{
pulumi.String("READ_ACP"),
pulumi.String("WRITE"),
},
Uri: pulumi.String("http://acs.amazonaws.com/groups/s3/LogDelivery"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var currentUser = Aws.S3.GetCanonicalUserId.Invoke();
var bucket = new Aws.S3.Bucket("bucket", new()
{
BucketName = "mybucket",
Grants = new[]
{
new Aws.S3.Inputs.BucketGrantArgs
{
Id = currentUser.Apply(getCanonicalUserIdResult => getCanonicalUserIdResult.Id),
Type = "CanonicalUser",
Permissions = new[]
{
"FULL_CONTROL",
},
},
new Aws.S3.Inputs.BucketGrantArgs
{
Type = "Group",
Permissions = new[]
{
"READ_ACP",
"WRITE",
},
Uri = "http://acs.amazonaws.com/groups/s3/LogDelivery",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.S3Functions;
import com.pulumi.aws.s3.Bucket;
import com.pulumi.aws.s3.BucketArgs;
import com.pulumi.aws.s3.inputs.BucketGrantArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var currentUser = S3Functions.getCanonicalUserId(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference);
var bucket = new Bucket("bucket", BucketArgs.builder()
.bucket("mybucket")
.grants(
BucketGrantArgs.builder()
.id(currentUser.id())
.type("CanonicalUser")
.permissions("FULL_CONTROL")
.build(),
BucketGrantArgs.builder()
.type("Group")
.permissions(
"READ_ACP",
"WRITE")
.uri("http://acs.amazonaws.com/groups/s3/LogDelivery")
.build())
.build());
}
}
resources:
bucket:
type: aws:s3:Bucket
properties:
bucket: mybucket
grants:
- id: ${currentUser.id}
type: CanonicalUser
permissions:
- FULL_CONTROL
- type: Group
permissions:
- READ_ACP
- WRITE
uri: http://acs.amazonaws.com/groups/s3/LogDelivery
variables:
currentUser:
fn::invoke:
function: aws:s3:getCanonicalUserId
arguments: {}
Create Bucket Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Bucket(name: string, args?: BucketArgs, opts?: CustomResourceOptions);@overload
def Bucket(resource_name: str,
args: Optional[BucketArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def Bucket(resource_name: str,
opts: Optional[ResourceOptions] = None,
acceleration_status: Optional[str] = None,
acl: Optional[Union[str, CannedAcl]] = None,
arn: Optional[str] = None,
bucket: Optional[str] = None,
bucket_prefix: Optional[str] = None,
cors_rules: Optional[Sequence[BucketCorsRuleArgs]] = None,
force_destroy: Optional[bool] = None,
grants: Optional[Sequence[BucketGrantArgs]] = None,
hosted_zone_id: Optional[str] = None,
lifecycle_rules: Optional[Sequence[BucketLifecycleRuleArgs]] = None,
loggings: Optional[Sequence[BucketLoggingArgs]] = None,
object_lock_configuration: Optional[BucketObjectLockConfigurationArgs] = None,
policy: Optional[str] = None,
replication_configuration: Optional[BucketReplicationConfigurationArgs] = None,
request_payer: Optional[str] = None,
server_side_encryption_configuration: Optional[BucketServerSideEncryptionConfigurationArgs] = None,
tags: Optional[Mapping[str, str]] = None,
versioning: Optional[BucketVersioningArgs] = None,
website: Optional[BucketWebsiteArgs] = None,
website_domain: Optional[str] = None,
website_endpoint: Optional[str] = None)func NewBucket(ctx *Context, name string, args *BucketArgs, opts ...ResourceOption) (*Bucket, error)public Bucket(string name, BucketArgs? args = null, CustomResourceOptions? opts = null)
public Bucket(String name, BucketArgs args)
public Bucket(String name, BucketArgs args, CustomResourceOptions options)
type: aws:s3:Bucket
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args BucketArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args BucketArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args BucketArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args BucketArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args BucketArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var awsBucketResource = new Aws.S3.Bucket("awsBucketResource", new()
{
AccelerationStatus = "string",
Acl = "string",
Arn = "string",
BucketName = "string",
BucketPrefix = "string",
CorsRules = new[]
{
new Aws.S3.Inputs.BucketCorsRuleArgs
{
AllowedMethods = new[]
{
"string",
},
AllowedOrigins = new[]
{
"string",
},
AllowedHeaders = new[]
{
"string",
},
ExposeHeaders = new[]
{
"string",
},
MaxAgeSeconds = 0,
},
},
ForceDestroy = false,
Grants = new[]
{
new Aws.S3.Inputs.BucketGrantArgs
{
Permissions = new[]
{
"string",
},
Type = "string",
Id = "string",
Uri = "string",
},
},
HostedZoneId = "string",
LifecycleRules = new[]
{
new Aws.S3.Inputs.BucketLifecycleRuleArgs
{
Enabled = false,
AbortIncompleteMultipartUploadDays = 0,
Expiration = new Aws.S3.Inputs.BucketLifecycleRuleExpirationArgs
{
Date = "string",
Days = 0,
ExpiredObjectDeleteMarker = false,
},
Id = "string",
NoncurrentVersionExpiration = new Aws.S3.Inputs.BucketLifecycleRuleNoncurrentVersionExpirationArgs
{
Days = 0,
},
NoncurrentVersionTransitions = new[]
{
new Aws.S3.Inputs.BucketLifecycleRuleNoncurrentVersionTransitionArgs
{
StorageClass = "string",
Days = 0,
},
},
Prefix = "string",
Tags =
{
{ "string", "string" },
},
Transitions = new[]
{
new Aws.S3.Inputs.BucketLifecycleRuleTransitionArgs
{
StorageClass = "string",
Date = "string",
Days = 0,
},
},
},
},
Loggings = new[]
{
new Aws.S3.Inputs.BucketLoggingArgs
{
TargetBucket = "string",
TargetPrefix = "string",
},
},
ObjectLockConfiguration = new Aws.S3.Inputs.BucketObjectLockConfigurationArgs
{
ObjectLockEnabled = "string",
Rule = new Aws.S3.Inputs.BucketObjectLockConfigurationRuleArgs
{
DefaultRetention = new Aws.S3.Inputs.BucketObjectLockConfigurationRuleDefaultRetentionArgs
{
Mode = "string",
Days = 0,
Years = 0,
},
},
},
Policy = "string",
ReplicationConfiguration = new Aws.S3.Inputs.BucketReplicationConfigurationArgs
{
Role = "string",
Rules = new[]
{
new Aws.S3.Inputs.BucketReplicationConfigurationRuleArgs
{
Destination = new Aws.S3.Inputs.BucketReplicationConfigurationRuleDestinationArgs
{
Bucket = "string",
AccessControlTranslation = new Aws.S3.Inputs.BucketReplicationConfigurationRuleDestinationAccessControlTranslationArgs
{
Owner = "string",
},
AccountId = "string",
Metrics = new Aws.S3.Inputs.BucketReplicationConfigurationRuleDestinationMetricsArgs
{
Minutes = 0,
Status = "string",
},
ReplicaKmsKeyId = "string",
ReplicationTime = new Aws.S3.Inputs.BucketReplicationConfigurationRuleDestinationReplicationTimeArgs
{
Minutes = 0,
Status = "string",
},
StorageClass = "string",
},
Status = "string",
DeleteMarkerReplicationStatus = "string",
Filter = new Aws.S3.Inputs.BucketReplicationConfigurationRuleFilterArgs
{
Prefix = "string",
Tags =
{
{ "string", "string" },
},
},
Id = "string",
Prefix = "string",
Priority = 0,
SourceSelectionCriteria = new Aws.S3.Inputs.BucketReplicationConfigurationRuleSourceSelectionCriteriaArgs
{
SseKmsEncryptedObjects = new Aws.S3.Inputs.BucketReplicationConfigurationRuleSourceSelectionCriteriaSseKmsEncryptedObjectsArgs
{
Enabled = false,
},
},
},
},
},
RequestPayer = "string",
ServerSideEncryptionConfiguration = new Aws.S3.Inputs.BucketServerSideEncryptionConfigurationArgs
{
Rule = new Aws.S3.Inputs.BucketServerSideEncryptionConfigurationRuleArgs
{
ApplyServerSideEncryptionByDefault = new Aws.S3.Inputs.BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefaultArgs
{
SseAlgorithm = "string",
KmsMasterKeyId = "string",
},
BucketKeyEnabled = false,
},
},
Tags =
{
{ "string", "string" },
},
Versioning = new Aws.S3.Inputs.BucketVersioningArgs
{
Enabled = false,
MfaDelete = false,
},
Website = new Aws.S3.Inputs.BucketWebsiteArgs
{
ErrorDocument = "string",
IndexDocument = "string",
RedirectAllRequestsTo = "string",
RoutingRules = "string",
},
WebsiteDomain = "string",
WebsiteEndpoint = "string",
});
example, err := s3.NewBucket(ctx, "awsBucketResource", &s3.BucketArgs{
AccelerationStatus: pulumi.String("string"),
Acl: pulumi.String("string"),
Arn: pulumi.String("string"),
Bucket: pulumi.String("string"),
BucketPrefix: pulumi.String("string"),
CorsRules: s3.BucketCorsRuleArray{
&s3.BucketCorsRuleArgs{
AllowedMethods: pulumi.StringArray{
pulumi.String("string"),
},
AllowedOrigins: pulumi.StringArray{
pulumi.String("string"),
},
AllowedHeaders: pulumi.StringArray{
pulumi.String("string"),
},
ExposeHeaders: pulumi.StringArray{
pulumi.String("string"),
},
MaxAgeSeconds: pulumi.Int(0),
},
},
ForceDestroy: pulumi.Bool(false),
Grants: s3.BucketGrantArray{
&s3.BucketGrantArgs{
Permissions: pulumi.StringArray{
pulumi.String("string"),
},
Type: pulumi.String("string"),
Id: pulumi.String("string"),
Uri: pulumi.String("string"),
},
},
HostedZoneId: pulumi.String("string"),
LifecycleRules: s3.BucketLifecycleRuleArray{
&s3.BucketLifecycleRuleArgs{
Enabled: pulumi.Bool(false),
AbortIncompleteMultipartUploadDays: pulumi.Int(0),
Expiration: &s3.BucketLifecycleRuleExpirationArgs{
Date: pulumi.String("string"),
Days: pulumi.Int(0),
ExpiredObjectDeleteMarker: pulumi.Bool(false),
},
Id: pulumi.String("string"),
NoncurrentVersionExpiration: &s3.BucketLifecycleRuleNoncurrentVersionExpirationArgs{
Days: pulumi.Int(0),
},
NoncurrentVersionTransitions: s3.BucketLifecycleRuleNoncurrentVersionTransitionArray{
&s3.BucketLifecycleRuleNoncurrentVersionTransitionArgs{
StorageClass: pulumi.String("string"),
Days: pulumi.Int(0),
},
},
Prefix: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
Transitions: s3.BucketLifecycleRuleTransitionArray{
&s3.BucketLifecycleRuleTransitionArgs{
StorageClass: pulumi.String("string"),
Date: pulumi.String("string"),
Days: pulumi.Int(0),
},
},
},
},
Loggings: s3.BucketLoggingArray{
&s3.BucketLoggingArgs{
TargetBucket: pulumi.String("string"),
TargetPrefix: pulumi.String("string"),
},
},
ObjectLockConfiguration: &s3.BucketObjectLockConfigurationArgs{
ObjectLockEnabled: pulumi.String("string"),
Rule: &s3.BucketObjectLockConfigurationRuleArgs{
DefaultRetention: &s3.BucketObjectLockConfigurationRuleDefaultRetentionArgs{
Mode: pulumi.String("string"),
Days: pulumi.Int(0),
Years: pulumi.Int(0),
},
},
},
Policy: pulumi.Any("string"),
ReplicationConfiguration: &s3.BucketReplicationConfigurationArgs{
Role: pulumi.String("string"),
Rules: s3.BucketReplicationConfigurationRuleArray{
&s3.BucketReplicationConfigurationRuleArgs{
Destination: &s3.BucketReplicationConfigurationRuleDestinationArgs{
Bucket: pulumi.String("string"),
AccessControlTranslation: &s3.BucketReplicationConfigurationRuleDestinationAccessControlTranslationArgs{
Owner: pulumi.String("string"),
},
AccountId: pulumi.String("string"),
Metrics: &s3.BucketReplicationConfigurationRuleDestinationMetricsArgs{
Minutes: pulumi.Int(0),
Status: pulumi.String("string"),
},
ReplicaKmsKeyId: pulumi.String("string"),
ReplicationTime: &s3.BucketReplicationConfigurationRuleDestinationReplicationTimeArgs{
Minutes: pulumi.Int(0),
Status: pulumi.String("string"),
},
StorageClass: pulumi.String("string"),
},
Status: pulumi.String("string"),
DeleteMarkerReplicationStatus: pulumi.String("string"),
Filter: &s3.BucketReplicationConfigurationRuleFilterArgs{
Prefix: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
},
Id: pulumi.String("string"),
Prefix: pulumi.String("string"),
Priority: pulumi.Int(0),
SourceSelectionCriteria: &s3.BucketReplicationConfigurationRuleSourceSelectionCriteriaArgs{
SseKmsEncryptedObjects: &s3.BucketReplicationConfigurationRuleSourceSelectionCriteriaSseKmsEncryptedObjectsArgs{
Enabled: pulumi.Bool(false),
},
},
},
},
},
RequestPayer: pulumi.String("string"),
ServerSideEncryptionConfiguration: &s3.BucketServerSideEncryptionConfigurationArgs{
Rule: &s3.BucketServerSideEncryptionConfigurationRuleArgs{
ApplyServerSideEncryptionByDefault: &s3.BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefaultArgs{
SseAlgorithm: pulumi.String("string"),
KmsMasterKeyId: pulumi.String("string"),
},
BucketKeyEnabled: pulumi.Bool(false),
},
},
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
Versioning: &s3.BucketVersioningArgs{
Enabled: pulumi.Bool(false),
MfaDelete: pulumi.Bool(false),
},
Website: &s3.BucketWebsiteArgs{
ErrorDocument: pulumi.String("string"),
IndexDocument: pulumi.String("string"),
RedirectAllRequestsTo: pulumi.String("string"),
RoutingRules: pulumi.Any("string"),
},
WebsiteDomain: pulumi.String("string"),
WebsiteEndpoint: pulumi.String("string"),
})
var awsBucketResource = new com.pulumi.aws.s3.Bucket("awsBucketResource", com.pulumi.aws.s3.BucketArgs.builder()
.accelerationStatus("string")
.acl("string")
.arn("string")
.bucket("string")
.bucketPrefix("string")
.corsRules(BucketCorsRuleArgs.builder()
.allowedMethods("string")
.allowedOrigins("string")
.allowedHeaders("string")
.exposeHeaders("string")
.maxAgeSeconds(0)
.build())
.forceDestroy(false)
.grants(BucketGrantArgs.builder()
.permissions("string")
.type("string")
.id("string")
.uri("string")
.build())
.hostedZoneId("string")
.lifecycleRules(BucketLifecycleRuleArgs.builder()
.enabled(false)
.abortIncompleteMultipartUploadDays(0)
.expiration(BucketLifecycleRuleExpirationArgs.builder()
.date("string")
.days(0)
.expiredObjectDeleteMarker(false)
.build())
.id("string")
.noncurrentVersionExpiration(BucketLifecycleRuleNoncurrentVersionExpirationArgs.builder()
.days(0)
.build())
.noncurrentVersionTransitions(BucketLifecycleRuleNoncurrentVersionTransitionArgs.builder()
.storageClass("string")
.days(0)
.build())
.prefix("string")
.tags(Map.of("string", "string"))
.transitions(BucketLifecycleRuleTransitionArgs.builder()
.storageClass("string")
.date("string")
.days(0)
.build())
.build())
.loggings(BucketLoggingArgs.builder()
.targetBucket("string")
.targetPrefix("string")
.build())
.objectLockConfiguration(BucketObjectLockConfigurationArgs.builder()
.objectLockEnabled("string")
.rule(BucketObjectLockConfigurationRuleArgs.builder()
.defaultRetention(BucketObjectLockConfigurationRuleDefaultRetentionArgs.builder()
.mode("string")
.days(0)
.years(0)
.build())
.build())
.build())
.policy("string")
.replicationConfiguration(BucketReplicationConfigurationArgs.builder()
.role("string")
.rules(BucketReplicationConfigurationRuleArgs.builder()
.destination(BucketReplicationConfigurationRuleDestinationArgs.builder()
.bucket("string")
.accessControlTranslation(BucketReplicationConfigurationRuleDestinationAccessControlTranslationArgs.builder()
.owner("string")
.build())
.accountId("string")
.metrics(BucketReplicationConfigurationRuleDestinationMetricsArgs.builder()
.minutes(0)
.status("string")
.build())
.replicaKmsKeyId("string")
.replicationTime(BucketReplicationConfigurationRuleDestinationReplicationTimeArgs.builder()
.minutes(0)
.status("string")
.build())
.storageClass("string")
.build())
.status("string")
.deleteMarkerReplicationStatus("string")
.filter(BucketReplicationConfigurationRuleFilterArgs.builder()
.prefix("string")
.tags(Map.of("string", "string"))
.build())
.id("string")
.prefix("string")
.priority(0)
.sourceSelectionCriteria(BucketReplicationConfigurationRuleSourceSelectionCriteriaArgs.builder()
.sseKmsEncryptedObjects(BucketReplicationConfigurationRuleSourceSelectionCriteriaSseKmsEncryptedObjectsArgs.builder()
.enabled(false)
.build())
.build())
.build())
.build())
.requestPayer("string")
.serverSideEncryptionConfiguration(BucketServerSideEncryptionConfigurationArgs.builder()
.rule(BucketServerSideEncryptionConfigurationRuleArgs.builder()
.applyServerSideEncryptionByDefault(BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefaultArgs.builder()
.sseAlgorithm("string")
.kmsMasterKeyId("string")
.build())
.bucketKeyEnabled(false)
.build())
.build())
.tags(Map.of("string", "string"))
.versioning(BucketVersioningArgs.builder()
.enabled(false)
.mfaDelete(false)
.build())
.website(BucketWebsiteArgs.builder()
.errorDocument("string")
.indexDocument("string")
.redirectAllRequestsTo("string")
.routingRules("string")
.build())
.websiteDomain("string")
.websiteEndpoint("string")
.build());
aws_bucket_resource = aws.s3.Bucket("awsBucketResource",
acceleration_status="string",
acl="string",
arn="string",
bucket="string",
bucket_prefix="string",
cors_rules=[{
"allowed_methods": ["string"],
"allowed_origins": ["string"],
"allowed_headers": ["string"],
"expose_headers": ["string"],
"max_age_seconds": 0,
}],
force_destroy=False,
grants=[{
"permissions": ["string"],
"type": "string",
"id": "string",
"uri": "string",
}],
hosted_zone_id="string",
lifecycle_rules=[{
"enabled": False,
"abort_incomplete_multipart_upload_days": 0,
"expiration": {
"date": "string",
"days": 0,
"expired_object_delete_marker": False,
},
"id": "string",
"noncurrent_version_expiration": {
"days": 0,
},
"noncurrent_version_transitions": [{
"storage_class": "string",
"days": 0,
}],
"prefix": "string",
"tags": {
"string": "string",
},
"transitions": [{
"storage_class": "string",
"date": "string",
"days": 0,
}],
}],
loggings=[{
"target_bucket": "string",
"target_prefix": "string",
}],
object_lock_configuration={
"object_lock_enabled": "string",
"rule": {
"default_retention": {
"mode": "string",
"days": 0,
"years": 0,
},
},
},
policy="string",
replication_configuration={
"role": "string",
"rules": [{
"destination": {
"bucket": "string",
"access_control_translation": {
"owner": "string",
},
"account_id": "string",
"metrics": {
"minutes": 0,
"status": "string",
},
"replica_kms_key_id": "string",
"replication_time": {
"minutes": 0,
"status": "string",
},
"storage_class": "string",
},
"status": "string",
"delete_marker_replication_status": "string",
"filter": {
"prefix": "string",
"tags": {
"string": "string",
},
},
"id": "string",
"prefix": "string",
"priority": 0,
"source_selection_criteria": {
"sse_kms_encrypted_objects": {
"enabled": False,
},
},
}],
},
request_payer="string",
server_side_encryption_configuration={
"rule": {
"apply_server_side_encryption_by_default": {
"sse_algorithm": "string",
"kms_master_key_id": "string",
},
"bucket_key_enabled": False,
},
},
tags={
"string": "string",
},
versioning={
"enabled": False,
"mfa_delete": False,
},
website={
"error_document": "string",
"index_document": "string",
"redirect_all_requests_to": "string",
"routing_rules": "string",
},
website_domain="string",
website_endpoint="string")
const awsBucketResource = new aws.s3.Bucket("awsBucketResource", {
accelerationStatus: "string",
acl: "string",
arn: "string",
bucket: "string",
bucketPrefix: "string",
corsRules: [{
allowedMethods: ["string"],
allowedOrigins: ["string"],
allowedHeaders: ["string"],
exposeHeaders: ["string"],
maxAgeSeconds: 0,
}],
forceDestroy: false,
grants: [{
permissions: ["string"],
type: "string",
id: "string",
uri: "string",
}],
hostedZoneId: "string",
lifecycleRules: [{
enabled: false,
abortIncompleteMultipartUploadDays: 0,
expiration: {
date: "string",
days: 0,
expiredObjectDeleteMarker: false,
},
id: "string",
noncurrentVersionExpiration: {
days: 0,
},
noncurrentVersionTransitions: [{
storageClass: "string",
days: 0,
}],
prefix: "string",
tags: {
string: "string",
},
transitions: [{
storageClass: "string",
date: "string",
days: 0,
}],
}],
loggings: [{
targetBucket: "string",
targetPrefix: "string",
}],
objectLockConfiguration: {
objectLockEnabled: "string",
rule: {
defaultRetention: {
mode: "string",
days: 0,
years: 0,
},
},
},
policy: "string",
replicationConfiguration: {
role: "string",
rules: [{
destination: {
bucket: "string",
accessControlTranslation: {
owner: "string",
},
accountId: "string",
metrics: {
minutes: 0,
status: "string",
},
replicaKmsKeyId: "string",
replicationTime: {
minutes: 0,
status: "string",
},
storageClass: "string",
},
status: "string",
deleteMarkerReplicationStatus: "string",
filter: {
prefix: "string",
tags: {
string: "string",
},
},
id: "string",
prefix: "string",
priority: 0,
sourceSelectionCriteria: {
sseKmsEncryptedObjects: {
enabled: false,
},
},
}],
},
requestPayer: "string",
serverSideEncryptionConfiguration: {
rule: {
applyServerSideEncryptionByDefault: {
sseAlgorithm: "string",
kmsMasterKeyId: "string",
},
bucketKeyEnabled: false,
},
},
tags: {
string: "string",
},
versioning: {
enabled: false,
mfaDelete: false,
},
website: {
errorDocument: "string",
indexDocument: "string",
redirectAllRequestsTo: "string",
routingRules: "string",
},
websiteDomain: "string",
websiteEndpoint: "string",
});
type: aws:s3:Bucket
properties:
accelerationStatus: string
acl: string
arn: string
bucket: string
bucketPrefix: string
corsRules:
- allowedHeaders:
- string
allowedMethods:
- string
allowedOrigins:
- string
exposeHeaders:
- string
maxAgeSeconds: 0
forceDestroy: false
grants:
- id: string
permissions:
- string
type: string
uri: string
hostedZoneId: string
lifecycleRules:
- abortIncompleteMultipartUploadDays: 0
enabled: false
expiration:
date: string
days: 0
expiredObjectDeleteMarker: false
id: string
noncurrentVersionExpiration:
days: 0
noncurrentVersionTransitions:
- days: 0
storageClass: string
prefix: string
tags:
string: string
transitions:
- date: string
days: 0
storageClass: string
loggings:
- targetBucket: string
targetPrefix: string
objectLockConfiguration:
objectLockEnabled: string
rule:
defaultRetention:
days: 0
mode: string
years: 0
policy: string
replicationConfiguration:
role: string
rules:
- deleteMarkerReplicationStatus: string
destination:
accessControlTranslation:
owner: string
accountId: string
bucket: string
metrics:
minutes: 0
status: string
replicaKmsKeyId: string
replicationTime:
minutes: 0
status: string
storageClass: string
filter:
prefix: string
tags:
string: string
id: string
prefix: string
priority: 0
sourceSelectionCriteria:
sseKmsEncryptedObjects:
enabled: false
status: string
requestPayer: string
serverSideEncryptionConfiguration:
rule:
applyServerSideEncryptionByDefault:
kmsMasterKeyId: string
sseAlgorithm: string
bucketKeyEnabled: false
tags:
string: string
versioning:
enabled: false
mfaDelete: false
website:
errorDocument: string
indexDocument: string
redirectAllRequestsTo: string
routingRules: string
websiteDomain: string
websiteEndpoint: string
Bucket Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Bucket resource accepts the following input properties:
- Acceleration
Status string - Sets the accelerate configuration of an existing bucket. Can be
EnabledorSuspended. - Acl
string | Pulumi.
Aws. S3. Canned Acl - The canned ACL to apply. Valid values are
private,public-read,public-read-write,aws-exec-read,authenticated-read, andlog-delivery-write. Defaults toprivate. Conflicts withgrant. - Arn string
- The ARN of the bucket. Will be of format
arn:aws:s3:::bucketname. - Bucket
Name string - The name of the bucket. If omitted, this provider will assign a random, unique name. Must be lowercase and less than or equal to 63 characters in length. A full list of bucket naming rules may be found here.
- Bucket
Prefix string - Creates a unique bucket name beginning with the specified prefix. Conflicts with
bucket. Must be lowercase and less than or equal to 37 characters in length. A full list of bucket naming rules may be found here. - Cors
Rules List<BucketCors Rule> - A rule of Cross-Origin Resource Sharing (documented below).
- Force
Destroy bool - A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.
- Grants
List<Bucket
Grant> - An ACL policy grant (documented below). Conflicts with
acl. - Hosted
Zone stringId - The Route 53 Hosted Zone ID for this bucket's region.
- Lifecycle
Rules List<BucketLifecycle Rule> - A configuration of object lifecycle management (documented below).
- Loggings
List<Bucket
Logging> - A settings of bucket logging (documented below).
- Object
Lock BucketConfiguration Object Lock Configuration A configuration of S3 object locking (documented below)
NOTE: You cannot use
acceleration_statusincn-north-1orus-gov-west-1- Policy string | string
- A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), this provider may view the policy as constantly changing in a
pulumi preview. In this case, please make sure you use the verbose/specific version of the policy. - Replication
Configuration BucketReplication Configuration - A configuration of replication configuration (documented below).
- Request
Payer string - Specifies who should bear the cost of Amazon S3 data transfer.
Can be either
BucketOwnerorRequester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information. - Server
Side BucketEncryption Configuration Server Side Encryption Configuration - A configuration of server-side encryption configuration (documented below)
- Dictionary<string, string>
- A map of tags to assign to the bucket. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Versioning
Bucket
Versioning - A state of versioning (documented below)
- Website
Bucket
Website - A website object (documented below).
- Website
Domain string - The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.
- Website
Endpoint string - The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.
- Acceleration
Status string - Sets the accelerate configuration of an existing bucket. Can be
EnabledorSuspended. - Acl
string | Canned
Acl - The canned ACL to apply. Valid values are
private,public-read,public-read-write,aws-exec-read,authenticated-read, andlog-delivery-write. Defaults toprivate. Conflicts withgrant. - Arn string
- The ARN of the bucket. Will be of format
arn:aws:s3:::bucketname. - Bucket string
- The name of the bucket. If omitted, this provider will assign a random, unique name. Must be lowercase and less than or equal to 63 characters in length. A full list of bucket naming rules may be found here.
- Bucket
Prefix string - Creates a unique bucket name beginning with the specified prefix. Conflicts with
bucket. Must be lowercase and less than or equal to 37 characters in length. A full list of bucket naming rules may be found here. - Cors
Rules []BucketCors Rule Args - A rule of Cross-Origin Resource Sharing (documented below).
- Force
Destroy bool - A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.
- Grants
[]Bucket
Grant Args - An ACL policy grant (documented below). Conflicts with
acl. - Hosted
Zone stringId - The Route 53 Hosted Zone ID for this bucket's region.
- Lifecycle
Rules []BucketLifecycle Rule Args - A configuration of object lifecycle management (documented below).
- Loggings
[]Bucket
Logging Args - A settings of bucket logging (documented below).
- Object
Lock BucketConfiguration Object Lock Configuration Args A configuration of S3 object locking (documented below)
NOTE: You cannot use
acceleration_statusincn-north-1orus-gov-west-1- Policy string | string
- A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), this provider may view the policy as constantly changing in a
pulumi preview. In this case, please make sure you use the verbose/specific version of the policy. - Replication
Configuration BucketReplication Configuration Args - A configuration of replication configuration (documented below).
- Request
Payer string - Specifies who should bear the cost of Amazon S3 data transfer.
Can be either
BucketOwnerorRequester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information. - Server
Side BucketEncryption Configuration Server Side Encryption Configuration Args - A configuration of server-side encryption configuration (documented below)
- map[string]string
- A map of tags to assign to the bucket. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Versioning
Bucket
Versioning Args - A state of versioning (documented below)
- Website
Bucket
Website Args - A website object (documented below).
- Website
Domain string - The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.
- Website
Endpoint string - The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.
- acceleration
Status String - Sets the accelerate configuration of an existing bucket. Can be
EnabledorSuspended. - acl
String | Canned
Acl - The canned ACL to apply. Valid values are
private,public-read,public-read-write,aws-exec-read,authenticated-read, andlog-delivery-write. Defaults toprivate. Conflicts withgrant. - arn String
- The ARN of the bucket. Will be of format
arn:aws:s3:::bucketname. - bucket String
- The name of the bucket. If omitted, this provider will assign a random, unique name. Must be lowercase and less than or equal to 63 characters in length. A full list of bucket naming rules may be found here.
- bucket
Prefix String - Creates a unique bucket name beginning with the specified prefix. Conflicts with
bucket. Must be lowercase and less than or equal to 37 characters in length. A full list of bucket naming rules may be found here. - cors
Rules List<BucketCors Rule> - A rule of Cross-Origin Resource Sharing (documented below).
- force
Destroy Boolean - A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.
- grants
List<Bucket
Grant> - An ACL policy grant (documented below). Conflicts with
acl. - hosted
Zone StringId - The Route 53 Hosted Zone ID for this bucket's region.
- lifecycle
Rules List<BucketLifecycle Rule> - A configuration of object lifecycle management (documented below).
- loggings
List<Bucket
Logging> - A settings of bucket logging (documented below).
- object
Lock BucketConfiguration Object Lock Configuration A configuration of S3 object locking (documented below)
NOTE: You cannot use
acceleration_statusincn-north-1orus-gov-west-1- policy String | String
- A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), this provider may view the policy as constantly changing in a
pulumi preview. In this case, please make sure you use the verbose/specific version of the policy. - replication
Configuration BucketReplication Configuration - A configuration of replication configuration (documented below).
- request
Payer String - Specifies who should bear the cost of Amazon S3 data transfer.
Can be either
BucketOwnerorRequester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information. - server
Side BucketEncryption Configuration Server Side Encryption Configuration - A configuration of server-side encryption configuration (documented below)
- Map<String,String>
- A map of tags to assign to the bucket. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - versioning
Bucket
Versioning - A state of versioning (documented below)
- website
Bucket
Website - A website object (documented below).
- website
Domain String - The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.
- website
Endpoint String - The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.
- acceleration
Status string - Sets the accelerate configuration of an existing bucket. Can be
EnabledorSuspended. - acl
string | Canned
Acl - The canned ACL to apply. Valid values are
private,public-read,public-read-write,aws-exec-read,authenticated-read, andlog-delivery-write. Defaults toprivate. Conflicts withgrant. - arn string
- The ARN of the bucket. Will be of format
arn:aws:s3:::bucketname. - bucket string
- The name of the bucket. If omitted, this provider will assign a random, unique name. Must be lowercase and less than or equal to 63 characters in length. A full list of bucket naming rules may be found here.
- bucket
Prefix string - Creates a unique bucket name beginning with the specified prefix. Conflicts with
bucket. Must be lowercase and less than or equal to 37 characters in length. A full list of bucket naming rules may be found here. - cors
Rules BucketCors Rule[] - A rule of Cross-Origin Resource Sharing (documented below).
- force
Destroy boolean - A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.
- grants
Bucket
Grant[] - An ACL policy grant (documented below). Conflicts with
acl. - hosted
Zone stringId - The Route 53 Hosted Zone ID for this bucket's region.
- lifecycle
Rules BucketLifecycle Rule[] - A configuration of object lifecycle management (documented below).
- loggings
Bucket
Logging[] - A settings of bucket logging (documented below).
- object
Lock BucketConfiguration Object Lock Configuration A configuration of S3 object locking (documented below)
NOTE: You cannot use
acceleration_statusincn-north-1orus-gov-west-1- policy
string | Policy
Document - A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), this provider may view the policy as constantly changing in a
pulumi preview. In this case, please make sure you use the verbose/specific version of the policy. - replication
Configuration BucketReplication Configuration - A configuration of replication configuration (documented below).
- request
Payer string - Specifies who should bear the cost of Amazon S3 data transfer.
Can be either
BucketOwnerorRequester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information. - server
Side BucketEncryption Configuration Server Side Encryption Configuration - A configuration of server-side encryption configuration (documented below)
- {[key: string]: string}
- A map of tags to assign to the bucket. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - versioning
Bucket
Versioning - A state of versioning (documented below)
- website
Bucket
Website - A website object (documented below).
- website
Domain string - The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.
- website
Endpoint string - The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.
- acceleration_
status str - Sets the accelerate configuration of an existing bucket. Can be
EnabledorSuspended. - acl
str | Canned
Acl - The canned ACL to apply. Valid values are
private,public-read,public-read-write,aws-exec-read,authenticated-read, andlog-delivery-write. Defaults toprivate. Conflicts withgrant. - arn str
- The ARN of the bucket. Will be of format
arn:aws:s3:::bucketname. - bucket str
- The name of the bucket. If omitted, this provider will assign a random, unique name. Must be lowercase and less than or equal to 63 characters in length. A full list of bucket naming rules may be found here.
- bucket_
prefix str - Creates a unique bucket name beginning with the specified prefix. Conflicts with
bucket. Must be lowercase and less than or equal to 37 characters in length. A full list of bucket naming rules may be found here. - cors_
rules Sequence[BucketCors Rule Args] - A rule of Cross-Origin Resource Sharing (documented below).
- force_
destroy bool - A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.
- grants
Sequence[Bucket
Grant Args] - An ACL policy grant (documented below). Conflicts with
acl. - hosted_
zone_ strid - The Route 53 Hosted Zone ID for this bucket's region.
- lifecycle_
rules Sequence[BucketLifecycle Rule Args] - A configuration of object lifecycle management (documented below).
- loggings
Sequence[Bucket
Logging Args] - A settings of bucket logging (documented below).
- object_
lock_ Bucketconfiguration Object Lock Configuration Args A configuration of S3 object locking (documented below)
NOTE: You cannot use
acceleration_statusincn-north-1orus-gov-west-1- policy str | str
- A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), this provider may view the policy as constantly changing in a
pulumi preview. In this case, please make sure you use the verbose/specific version of the policy. - replication_
configuration BucketReplication Configuration Args - A configuration of replication configuration (documented below).
- request_
payer str - Specifies who should bear the cost of Amazon S3 data transfer.
Can be either
BucketOwnerorRequester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information. - server_
side_ Bucketencryption_ configuration Server Side Encryption Configuration Args - A configuration of server-side encryption configuration (documented below)
- Mapping[str, str]
- A map of tags to assign to the bucket. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - versioning
Bucket
Versioning Args - A state of versioning (documented below)
- website
Bucket
Website Args - A website object (documented below).
- website_
domain str - The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.
- website_
endpoint str - The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.
- acceleration
Status String - Sets the accelerate configuration of an existing bucket. Can be
EnabledorSuspended. - acl String | "private" | "public-read" | "public-read-write" | "aws-exec-read" | "authenticated-read" | "bucket-owner-read" | "bucket-owner-full-control" | "log-delivery-write"
- The canned ACL to apply. Valid values are
private,public-read,public-read-write,aws-exec-read,authenticated-read, andlog-delivery-write. Defaults toprivate. Conflicts withgrant. - arn String
- The ARN of the bucket. Will be of format
arn:aws:s3:::bucketname. - bucket String
- The name of the bucket. If omitted, this provider will assign a random, unique name. Must be lowercase and less than or equal to 63 characters in length. A full list of bucket naming rules may be found here.
- bucket
Prefix String - Creates a unique bucket name beginning with the specified prefix. Conflicts with
bucket. Must be lowercase and less than or equal to 37 characters in length. A full list of bucket naming rules may be found here. - cors
Rules List<Property Map> - A rule of Cross-Origin Resource Sharing (documented below).
- force
Destroy Boolean - A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.
- grants List<Property Map>
- An ACL policy grant (documented below). Conflicts with
acl. - hosted
Zone StringId - The Route 53 Hosted Zone ID for this bucket's region.
- lifecycle
Rules List<Property Map> - A configuration of object lifecycle management (documented below).
- loggings List<Property Map>
- A settings of bucket logging (documented below).
- object
Lock Property MapConfiguration A configuration of S3 object locking (documented below)
NOTE: You cannot use
acceleration_statusincn-north-1orus-gov-west-1- policy String |
- A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), this provider may view the policy as constantly changing in a
pulumi preview. In this case, please make sure you use the verbose/specific version of the policy. - replication
Configuration Property Map - A configuration of replication configuration (documented below).
- request
Payer String - Specifies who should bear the cost of Amazon S3 data transfer.
Can be either
BucketOwnerorRequester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information. - server
Side Property MapEncryption Configuration - A configuration of server-side encryption configuration (documented below)
- Map<String>
- A map of tags to assign to the bucket. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - versioning Property Map
- A state of versioning (documented below)
- website Property Map
- A website object (documented below).
- website
Domain String - The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.
- website
Endpoint String - The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.
Outputs
All input properties are implicitly available as output properties. Additionally, the Bucket resource produces the following output properties:
- Bucket
Domain stringName - The bucket domain name. Will be of format
bucketname.s3.amazonaws.com. - Bucket
Regional stringDomain Name - The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.
- Id string
- The provider-assigned unique ID for this managed resource.
- Region string
- The AWS region this bucket resides in.
- Dictionary<string, string>
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- Bucket
Domain stringName - The bucket domain name. Will be of format
bucketname.s3.amazonaws.com. - Bucket
Regional stringDomain Name - The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.
- Id string
- The provider-assigned unique ID for this managed resource.
- Region string
- The AWS region this bucket resides in.
- map[string]string
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- bucket
Domain StringName - The bucket domain name. Will be of format
bucketname.s3.amazonaws.com. - bucket
Regional StringDomain Name - The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.
- id String
- The provider-assigned unique ID for this managed resource.
- region String
- The AWS region this bucket resides in.
- Map<String,String>
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- bucket
Domain stringName - The bucket domain name. Will be of format
bucketname.s3.amazonaws.com. - bucket
Regional stringDomain Name - The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.
- id string
- The provider-assigned unique ID for this managed resource.
- region string
- The AWS region this bucket resides in.
- {[key: string]: string}
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- bucket_
domain_ strname - The bucket domain name. Will be of format
bucketname.s3.amazonaws.com. - bucket_
regional_ strdomain_ name - The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.
- id str
- The provider-assigned unique ID for this managed resource.
- region str
- The AWS region this bucket resides in.
- Mapping[str, str]
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- bucket
Domain StringName - The bucket domain name. Will be of format
bucketname.s3.amazonaws.com. - bucket
Regional StringDomain Name - The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.
- id String
- The provider-assigned unique ID for this managed resource.
- region String
- The AWS region this bucket resides in.
- Map<String>
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
Look up Existing Bucket Resource
Get an existing Bucket resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: BucketState, opts?: CustomResourceOptions): Bucket@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
acceleration_status: Optional[str] = None,
acl: Optional[Union[str, CannedAcl]] = None,
arn: Optional[str] = None,
bucket: Optional[str] = None,
bucket_domain_name: Optional[str] = None,
bucket_prefix: Optional[str] = None,
bucket_regional_domain_name: Optional[str] = None,
cors_rules: Optional[Sequence[BucketCorsRuleArgs]] = None,
force_destroy: Optional[bool] = None,
grants: Optional[Sequence[BucketGrantArgs]] = None,
hosted_zone_id: Optional[str] = None,
lifecycle_rules: Optional[Sequence[BucketLifecycleRuleArgs]] = None,
loggings: Optional[Sequence[BucketLoggingArgs]] = None,
object_lock_configuration: Optional[BucketObjectLockConfigurationArgs] = None,
policy: Optional[str] = None,
region: Optional[str] = None,
replication_configuration: Optional[BucketReplicationConfigurationArgs] = None,
request_payer: Optional[str] = None,
server_side_encryption_configuration: Optional[BucketServerSideEncryptionConfigurationArgs] = None,
tags: Optional[Mapping[str, str]] = None,
tags_all: Optional[Mapping[str, str]] = None,
versioning: Optional[BucketVersioningArgs] = None,
website: Optional[BucketWebsiteArgs] = None,
website_domain: Optional[str] = None,
website_endpoint: Optional[str] = None) -> Bucketfunc GetBucket(ctx *Context, name string, id IDInput, state *BucketState, opts ...ResourceOption) (*Bucket, error)public static Bucket Get(string name, Input<string> id, BucketState? state, CustomResourceOptions? opts = null)public static Bucket get(String name, Output<String> id, BucketState state, CustomResourceOptions options)resources: _: type: aws:s3:Bucket get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Acceleration
Status string - Sets the accelerate configuration of an existing bucket. Can be
EnabledorSuspended. - Acl
string | Pulumi.
Aws. S3. Canned Acl - The canned ACL to apply. Valid values are
private,public-read,public-read-write,aws-exec-read,authenticated-read, andlog-delivery-write. Defaults toprivate. Conflicts withgrant. - Arn string
- The ARN of the bucket. Will be of format
arn:aws:s3:::bucketname. - Bucket
Domain stringName - The bucket domain name. Will be of format
bucketname.s3.amazonaws.com. - Bucket
Name string - The name of the bucket. If omitted, this provider will assign a random, unique name. Must be lowercase and less than or equal to 63 characters in length. A full list of bucket naming rules may be found here.
- Bucket
Prefix string - Creates a unique bucket name beginning with the specified prefix. Conflicts with
bucket. Must be lowercase and less than or equal to 37 characters in length. A full list of bucket naming rules may be found here. - Bucket
Regional stringDomain Name - The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.
- Cors
Rules List<BucketCors Rule> - A rule of Cross-Origin Resource Sharing (documented below).
- Force
Destroy bool - A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.
- Grants
List<Bucket
Grant> - An ACL policy grant (documented below). Conflicts with
acl. - Hosted
Zone stringId - The Route 53 Hosted Zone ID for this bucket's region.
- Lifecycle
Rules List<BucketLifecycle Rule> - A configuration of object lifecycle management (documented below).
- Loggings
List<Bucket
Logging> - A settings of bucket logging (documented below).
- Object
Lock BucketConfiguration Object Lock Configuration A configuration of S3 object locking (documented below)
NOTE: You cannot use
acceleration_statusincn-north-1orus-gov-west-1- Policy string | string
- A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), this provider may view the policy as constantly changing in a
pulumi preview. In this case, please make sure you use the verbose/specific version of the policy. - Region string
- The AWS region this bucket resides in.
- Replication
Configuration BucketReplication Configuration - A configuration of replication configuration (documented below).
- Request
Payer string - Specifies who should bear the cost of Amazon S3 data transfer.
Can be either
BucketOwnerorRequester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information. - Server
Side BucketEncryption Configuration Server Side Encryption Configuration - A configuration of server-side encryption configuration (documented below)
- Dictionary<string, string>
- A map of tags to assign to the bucket. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Dictionary<string, string>
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - Versioning
Bucket
Versioning - A state of versioning (documented below)
- Website
Bucket
Website - A website object (documented below).
- Website
Domain string - The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.
- Website
Endpoint string - The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.
- Acceleration
Status string - Sets the accelerate configuration of an existing bucket. Can be
EnabledorSuspended. - Acl
string | Canned
Acl - The canned ACL to apply. Valid values are
private,public-read,public-read-write,aws-exec-read,authenticated-read, andlog-delivery-write. Defaults toprivate. Conflicts withgrant. - Arn string
- The ARN of the bucket. Will be of format
arn:aws:s3:::bucketname. - Bucket string
- The name of the bucket. If omitted, this provider will assign a random, unique name. Must be lowercase and less than or equal to 63 characters in length. A full list of bucket naming rules may be found here.
- Bucket
Domain stringName - The bucket domain name. Will be of format
bucketname.s3.amazonaws.com. - Bucket
Prefix string - Creates a unique bucket name beginning with the specified prefix. Conflicts with
bucket. Must be lowercase and less than or equal to 37 characters in length. A full list of bucket naming rules may be found here. - Bucket
Regional stringDomain Name - The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.
- Cors
Rules []BucketCors Rule Args - A rule of Cross-Origin Resource Sharing (documented below).
- Force
Destroy bool - A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.
- Grants
[]Bucket
Grant Args - An ACL policy grant (documented below). Conflicts with
acl. - Hosted
Zone stringId - The Route 53 Hosted Zone ID for this bucket's region.
- Lifecycle
Rules []BucketLifecycle Rule Args - A configuration of object lifecycle management (documented below).
- Loggings
[]Bucket
Logging Args - A settings of bucket logging (documented below).
- Object
Lock BucketConfiguration Object Lock Configuration Args A configuration of S3 object locking (documented below)
NOTE: You cannot use
acceleration_statusincn-north-1orus-gov-west-1- Policy string | string
- A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), this provider may view the policy as constantly changing in a
pulumi preview. In this case, please make sure you use the verbose/specific version of the policy. - Region string
- The AWS region this bucket resides in.
- Replication
Configuration BucketReplication Configuration Args - A configuration of replication configuration (documented below).
- Request
Payer string - Specifies who should bear the cost of Amazon S3 data transfer.
Can be either
BucketOwnerorRequester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information. - Server
Side BucketEncryption Configuration Server Side Encryption Configuration Args - A configuration of server-side encryption configuration (documented below)
- map[string]string
- A map of tags to assign to the bucket. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - map[string]string
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - Versioning
Bucket
Versioning Args - A state of versioning (documented below)
- Website
Bucket
Website Args - A website object (documented below).
- Website
Domain string - The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.
- Website
Endpoint string - The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.
- acceleration
Status String - Sets the accelerate configuration of an existing bucket. Can be
EnabledorSuspended. - acl
String | Canned
Acl - The canned ACL to apply. Valid values are
private,public-read,public-read-write,aws-exec-read,authenticated-read, andlog-delivery-write. Defaults toprivate. Conflicts withgrant. - arn String
- The ARN of the bucket. Will be of format
arn:aws:s3:::bucketname. - bucket String
- The name of the bucket. If omitted, this provider will assign a random, unique name. Must be lowercase and less than or equal to 63 characters in length. A full list of bucket naming rules may be found here.
- bucket
Domain StringName - The bucket domain name. Will be of format
bucketname.s3.amazonaws.com. - bucket
Prefix String - Creates a unique bucket name beginning with the specified prefix. Conflicts with
bucket. Must be lowercase and less than or equal to 37 characters in length. A full list of bucket naming rules may be found here. - bucket
Regional StringDomain Name - The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.
- cors
Rules List<BucketCors Rule> - A rule of Cross-Origin Resource Sharing (documented below).
- force
Destroy Boolean - A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.
- grants
List<Bucket
Grant> - An ACL policy grant (documented below). Conflicts with
acl. - hosted
Zone StringId - The Route 53 Hosted Zone ID for this bucket's region.
- lifecycle
Rules List<BucketLifecycle Rule> - A configuration of object lifecycle management (documented below).
- loggings
List<Bucket
Logging> - A settings of bucket logging (documented below).
- object
Lock BucketConfiguration Object Lock Configuration A configuration of S3 object locking (documented below)
NOTE: You cannot use
acceleration_statusincn-north-1orus-gov-west-1- policy String | String
- A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), this provider may view the policy as constantly changing in a
pulumi preview. In this case, please make sure you use the verbose/specific version of the policy. - region String
- The AWS region this bucket resides in.
- replication
Configuration BucketReplication Configuration - A configuration of replication configuration (documented below).
- request
Payer String - Specifies who should bear the cost of Amazon S3 data transfer.
Can be either
BucketOwnerorRequester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information. - server
Side BucketEncryption Configuration Server Side Encryption Configuration - A configuration of server-side encryption configuration (documented below)
- Map<String,String>
- A map of tags to assign to the bucket. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Map<String,String>
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - versioning
Bucket
Versioning - A state of versioning (documented below)
- website
Bucket
Website - A website object (documented below).
- website
Domain String - The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.
- website
Endpoint String - The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.
- acceleration
Status string - Sets the accelerate configuration of an existing bucket. Can be
EnabledorSuspended. - acl
string | Canned
Acl - The canned ACL to apply. Valid values are
private,public-read,public-read-write,aws-exec-read,authenticated-read, andlog-delivery-write. Defaults toprivate. Conflicts withgrant. - arn string
- The ARN of the bucket. Will be of format
arn:aws:s3:::bucketname. - bucket string
- The name of the bucket. If omitted, this provider will assign a random, unique name. Must be lowercase and less than or equal to 63 characters in length. A full list of bucket naming rules may be found here.
- bucket
Domain stringName - The bucket domain name. Will be of format
bucketname.s3.amazonaws.com. - bucket
Prefix string - Creates a unique bucket name beginning with the specified prefix. Conflicts with
bucket. Must be lowercase and less than or equal to 37 characters in length. A full list of bucket naming rules may be found here. - bucket
Regional stringDomain Name - The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.
- cors
Rules BucketCors Rule[] - A rule of Cross-Origin Resource Sharing (documented below).
- force
Destroy boolean - A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.
- grants
Bucket
Grant[] - An ACL policy grant (documented below). Conflicts with
acl. - hosted
Zone stringId - The Route 53 Hosted Zone ID for this bucket's region.
- lifecycle
Rules BucketLifecycle Rule[] - A configuration of object lifecycle management (documented below).
- loggings
Bucket
Logging[] - A settings of bucket logging (documented below).
- object
Lock BucketConfiguration Object Lock Configuration A configuration of S3 object locking (documented below)
NOTE: You cannot use
acceleration_statusincn-north-1orus-gov-west-1- policy
string | Policy
Document - A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), this provider may view the policy as constantly changing in a
pulumi preview. In this case, please make sure you use the verbose/specific version of the policy. - region string
- The AWS region this bucket resides in.
- replication
Configuration BucketReplication Configuration - A configuration of replication configuration (documented below).
- request
Payer string - Specifies who should bear the cost of Amazon S3 data transfer.
Can be either
BucketOwnerorRequester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information. - server
Side BucketEncryption Configuration Server Side Encryption Configuration - A configuration of server-side encryption configuration (documented below)
- {[key: string]: string}
- A map of tags to assign to the bucket. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - {[key: string]: string}
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - versioning
Bucket
Versioning - A state of versioning (documented below)
- website
Bucket
Website - A website object (documented below).
- website
Domain string - The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.
- website
Endpoint string - The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.
- acceleration_
status str - Sets the accelerate configuration of an existing bucket. Can be
EnabledorSuspended. - acl
str | Canned
Acl - The canned ACL to apply. Valid values are
private,public-read,public-read-write,aws-exec-read,authenticated-read, andlog-delivery-write. Defaults toprivate. Conflicts withgrant. - arn str
- The ARN of the bucket. Will be of format
arn:aws:s3:::bucketname. - bucket str
- The name of the bucket. If omitted, this provider will assign a random, unique name. Must be lowercase and less than or equal to 63 characters in length. A full list of bucket naming rules may be found here.
- bucket_
domain_ strname - The bucket domain name. Will be of format
bucketname.s3.amazonaws.com. - bucket_
prefix str - Creates a unique bucket name beginning with the specified prefix. Conflicts with
bucket. Must be lowercase and less than or equal to 37 characters in length. A full list of bucket naming rules may be found here. - bucket_
regional_ strdomain_ name - The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.
- cors_
rules Sequence[BucketCors Rule Args] - A rule of Cross-Origin Resource Sharing (documented below).
- force_
destroy bool - A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.
- grants
Sequence[Bucket
Grant Args] - An ACL policy grant (documented below). Conflicts with
acl. - hosted_
zone_ strid - The Route 53 Hosted Zone ID for this bucket's region.
- lifecycle_
rules Sequence[BucketLifecycle Rule Args] - A configuration of object lifecycle management (documented below).
- loggings
Sequence[Bucket
Logging Args] - A settings of bucket logging (documented below).
- object_
lock_ Bucketconfiguration Object Lock Configuration Args A configuration of S3 object locking (documented below)
NOTE: You cannot use
acceleration_statusincn-north-1orus-gov-west-1- policy str | str
- A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), this provider may view the policy as constantly changing in a
pulumi preview. In this case, please make sure you use the verbose/specific version of the policy. - region str
- The AWS region this bucket resides in.
- replication_
configuration BucketReplication Configuration Args - A configuration of replication configuration (documented below).
- request_
payer str - Specifies who should bear the cost of Amazon S3 data transfer.
Can be either
BucketOwnerorRequester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information. - server_
side_ Bucketencryption_ configuration Server Side Encryption Configuration Args - A configuration of server-side encryption configuration (documented below)
- Mapping[str, str]
- A map of tags to assign to the bucket. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Mapping[str, str]
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - versioning
Bucket
Versioning Args - A state of versioning (documented below)
- website
Bucket
Website Args - A website object (documented below).
- website_
domain str - The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.
- website_
endpoint str - The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.
- acceleration
Status String - Sets the accelerate configuration of an existing bucket. Can be
EnabledorSuspended. - acl String | "private" | "public-read" | "public-read-write" | "aws-exec-read" | "authenticated-read" | "bucket-owner-read" | "bucket-owner-full-control" | "log-delivery-write"
- The canned ACL to apply. Valid values are
private,public-read,public-read-write,aws-exec-read,authenticated-read, andlog-delivery-write. Defaults toprivate. Conflicts withgrant. - arn String
- The ARN of the bucket. Will be of format
arn:aws:s3:::bucketname. - bucket String
- The name of the bucket. If omitted, this provider will assign a random, unique name. Must be lowercase and less than or equal to 63 characters in length. A full list of bucket naming rules may be found here.
- bucket
Domain StringName - The bucket domain name. Will be of format
bucketname.s3.amazonaws.com. - bucket
Prefix String - Creates a unique bucket name beginning with the specified prefix. Conflicts with
bucket. Must be lowercase and less than or equal to 37 characters in length. A full list of bucket naming rules may be found here. - bucket
Regional StringDomain Name - The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.
- cors
Rules List<Property Map> - A rule of Cross-Origin Resource Sharing (documented below).
- force
Destroy Boolean - A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.
- grants List<Property Map>
- An ACL policy grant (documented below). Conflicts with
acl. - hosted
Zone StringId - The Route 53 Hosted Zone ID for this bucket's region.
- lifecycle
Rules List<Property Map> - A configuration of object lifecycle management (documented below).
- loggings List<Property Map>
- A settings of bucket logging (documented below).
- object
Lock Property MapConfiguration A configuration of S3 object locking (documented below)
NOTE: You cannot use
acceleration_statusincn-north-1orus-gov-west-1- policy String |
- A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), this provider may view the policy as constantly changing in a
pulumi preview. In this case, please make sure you use the verbose/specific version of the policy. - region String
- The AWS region this bucket resides in.
- replication
Configuration Property Map - A configuration of replication configuration (documented below).
- request
Payer String - Specifies who should bear the cost of Amazon S3 data transfer.
Can be either
BucketOwnerorRequester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information. - server
Side Property MapEncryption Configuration - A configuration of server-side encryption configuration (documented below)
- Map<String>
- A map of tags to assign to the bucket. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Map<String>
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - versioning Property Map
- A state of versioning (documented below)
- website Property Map
- A website object (documented below).
- website
Domain String - The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.
- website
Endpoint String - The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.
Supporting Types
BucketCorsRule, BucketCorsRuleArgs
- Allowed
Methods List<string> - Specifies which methods are allowed. Can be
GET,PUT,POST,DELETEorHEAD. - Allowed
Origins List<string> - Specifies which origins are allowed.
- Allowed
Headers List<string> - Specifies which headers are allowed.
- Expose
Headers List<string> - Specifies expose header in the response.
- Max
Age intSeconds - Specifies time in seconds that browser can cache the response for a preflight request.
- Allowed
Methods []string - Specifies which methods are allowed. Can be
GET,PUT,POST,DELETEorHEAD. - Allowed
Origins []string - Specifies which origins are allowed.
- Allowed
Headers []string - Specifies which headers are allowed.
- Expose
Headers []string - Specifies expose header in the response.
- Max
Age intSeconds - Specifies time in seconds that browser can cache the response for a preflight request.
- allowed
Methods List<String> - Specifies which methods are allowed. Can be
GET,PUT,POST,DELETEorHEAD. - allowed
Origins List<String> - Specifies which origins are allowed.
- allowed
Headers List<String> - Specifies which headers are allowed.
- expose
Headers List<String> - Specifies expose header in the response.
- max
Age IntegerSeconds - Specifies time in seconds that browser can cache the response for a preflight request.
- allowed
Methods string[] - Specifies which methods are allowed. Can be
GET,PUT,POST,DELETEorHEAD. - allowed
Origins string[] - Specifies which origins are allowed.
- allowed
Headers string[] - Specifies which headers are allowed.
- expose
Headers string[] - Specifies expose header in the response.
- max
Age numberSeconds - Specifies time in seconds that browser can cache the response for a preflight request.
- allowed_
methods Sequence[str] - Specifies which methods are allowed. Can be
GET,PUT,POST,DELETEorHEAD. - allowed_
origins Sequence[str] - Specifies which origins are allowed.
- allowed_
headers Sequence[str] - Specifies which headers are allowed.
- expose_
headers Sequence[str] - Specifies expose header in the response.
- max_
age_ intseconds - Specifies time in seconds that browser can cache the response for a preflight request.
- allowed
Methods List<String> - Specifies which methods are allowed. Can be
GET,PUT,POST,DELETEorHEAD. - allowed
Origins List<String> - Specifies which origins are allowed.
- allowed
Headers List<String> - Specifies which headers are allowed.
- expose
Headers List<String> - Specifies expose header in the response.
- max
Age NumberSeconds - Specifies time in seconds that browser can cache the response for a preflight request.
BucketGrant, BucketGrantArgs
- Permissions List<string>
- List of permissions to apply for grantee. Valid values are
READ,WRITE,READ_ACP,WRITE_ACP,FULL_CONTROL. - Type string
- Type of grantee to apply for. Valid values are
CanonicalUserandGroup.AmazonCustomerByEmailis not supported. - Id string
- Canonical user id to grant for. Used only when
typeisCanonicalUser. - Uri string
- Uri address to grant for. Used only when
typeisGroup.
- Permissions []string
- List of permissions to apply for grantee. Valid values are
READ,WRITE,READ_ACP,WRITE_ACP,FULL_CONTROL. - Type string
- Type of grantee to apply for. Valid values are
CanonicalUserandGroup.AmazonCustomerByEmailis not supported. - Id string
- Canonical user id to grant for. Used only when
typeisCanonicalUser. - Uri string
- Uri address to grant for. Used only when
typeisGroup.
- permissions List<String>
- List of permissions to apply for grantee. Valid values are
READ,WRITE,READ_ACP,WRITE_ACP,FULL_CONTROL. - type String
- Type of grantee to apply for. Valid values are
CanonicalUserandGroup.AmazonCustomerByEmailis not supported. - id String
- Canonical user id to grant for. Used only when
typeisCanonicalUser. - uri String
- Uri address to grant for. Used only when
typeisGroup.
- permissions string[]
- List of permissions to apply for grantee. Valid values are
READ,WRITE,READ_ACP,WRITE_ACP,FULL_CONTROL. - type string
- Type of grantee to apply for. Valid values are
CanonicalUserandGroup.AmazonCustomerByEmailis not supported. - id string
- Canonical user id to grant for. Used only when
typeisCanonicalUser. - uri string
- Uri address to grant for. Used only when
typeisGroup.
- permissions Sequence[str]
- List of permissions to apply for grantee. Valid values are
READ,WRITE,READ_ACP,WRITE_ACP,FULL_CONTROL. - type str
- Type of grantee to apply for. Valid values are
CanonicalUserandGroup.AmazonCustomerByEmailis not supported. - id str
- Canonical user id to grant for. Used only when
typeisCanonicalUser. - uri str
- Uri address to grant for. Used only when
typeisGroup.
- permissions List<String>
- List of permissions to apply for grantee. Valid values are
READ,WRITE,READ_ACP,WRITE_ACP,FULL_CONTROL. - type String
- Type of grantee to apply for. Valid values are
CanonicalUserandGroup.AmazonCustomerByEmailis not supported. - id String
- Canonical user id to grant for. Used only when
typeisCanonicalUser. - uri String
- Uri address to grant for. Used only when
typeisGroup.
BucketLifecycleRule, BucketLifecycleRuleArgs
- Enabled bool
- Specifies lifecycle rule status.
- Abort
Incomplete intMultipart Upload Days - Specifies the number of days after initiating a multipart upload when the multipart upload must be completed.
- Expiration
Bucket
Lifecycle Rule Expiration - Specifies a period in the object's expire (documented below).
- Id string
- Unique identifier for the rule. Must be less than or equal to 255 characters in length.
- Noncurrent
Version BucketExpiration Lifecycle Rule Noncurrent Version Expiration - Specifies when noncurrent object versions expire (documented below).
- Noncurrent
Version List<BucketTransitions Lifecycle Rule Noncurrent Version Transition> Specifies when noncurrent object versions transitions (documented below).
At least one of
abort_incomplete_multipart_upload_days,expiration,transition,noncurrent_version_expiration,noncurrent_version_transitionmust be specified.- Prefix string
- Object key prefix identifying one or more objects to which the rule applies.
- Dictionary<string, string>
- Specifies object tags key and value.
- Transitions
List<Bucket
Lifecycle Rule Transition> - Specifies a period in the object's transitions (documented below).
- Enabled bool
- Specifies lifecycle rule status.
- Abort
Incomplete intMultipart Upload Days - Specifies the number of days after initiating a multipart upload when the multipart upload must be completed.
- Expiration
Bucket
Lifecycle Rule Expiration - Specifies a period in the object's expire (documented below).
- Id string
- Unique identifier for the rule. Must be less than or equal to 255 characters in length.
- Noncurrent
Version BucketExpiration Lifecycle Rule Noncurrent Version Expiration - Specifies when noncurrent object versions expire (documented below).
- Noncurrent
Version []BucketTransitions Lifecycle Rule Noncurrent Version Transition Specifies when noncurrent object versions transitions (documented below).
At least one of
abort_incomplete_multipart_upload_days,expiration,transition,noncurrent_version_expiration,noncurrent_version_transitionmust be specified.- Prefix string
- Object key prefix identifying one or more objects to which the rule applies.
- map[string]string
- Specifies object tags key and value.
- Transitions
[]Bucket
Lifecycle Rule Transition - Specifies a period in the object's transitions (documented below).
- enabled Boolean
- Specifies lifecycle rule status.
- abort
Incomplete IntegerMultipart Upload Days - Specifies the number of days after initiating a multipart upload when the multipart upload must be completed.
- expiration
Bucket
Lifecycle Rule Expiration - Specifies a period in the object's expire (documented below).
- id String
- Unique identifier for the rule. Must be less than or equal to 255 characters in length.
- noncurrent
Version BucketExpiration Lifecycle Rule Noncurrent Version Expiration - Specifies when noncurrent object versions expire (documented below).
- noncurrent
Version List<BucketTransitions Lifecycle Rule Noncurrent Version Transition> Specifies when noncurrent object versions transitions (documented below).
At least one of
abort_incomplete_multipart_upload_days,expiration,transition,noncurrent_version_expiration,noncurrent_version_transitionmust be specified.- prefix String
- Object key prefix identifying one or more objects to which the rule applies.
- Map<String,String>
- Specifies object tags key and value.
- transitions
List<Bucket
Lifecycle Rule Transition> - Specifies a period in the object's transitions (documented below).
- enabled boolean
- Specifies lifecycle rule status.
- abort
Incomplete numberMultipart Upload Days - Specifies the number of days after initiating a multipart upload when the multipart upload must be completed.
- expiration
Bucket
Lifecycle Rule Expiration - Specifies a period in the object's expire (documented below).
- id string
- Unique identifier for the rule. Must be less than or equal to 255 characters in length.
- noncurrent
Version BucketExpiration Lifecycle Rule Noncurrent Version Expiration - Specifies when noncurrent object versions expire (documented below).
- noncurrent
Version BucketTransitions Lifecycle Rule Noncurrent Version Transition[] Specifies when noncurrent object versions transitions (documented below).
At least one of
abort_incomplete_multipart_upload_days,expiration,transition,noncurrent_version_expiration,noncurrent_version_transitionmust be specified.- prefix string
- Object key prefix identifying one or more objects to which the rule applies.
- {[key: string]: string}
- Specifies object tags key and value.
- transitions
Bucket
Lifecycle Rule Transition[] - Specifies a period in the object's transitions (documented below).
- enabled bool
- Specifies lifecycle rule status.
- abort_
incomplete_ intmultipart_ upload_ days - Specifies the number of days after initiating a multipart upload when the multipart upload must be completed.
- expiration
Bucket
Lifecycle Rule Expiration - Specifies a period in the object's expire (documented below).
- id str
- Unique identifier for the rule. Must be less than or equal to 255 characters in length.
- noncurrent_
version_ Bucketexpiration Lifecycle Rule Noncurrent Version Expiration - Specifies when noncurrent object versions expire (documented below).
- noncurrent_
version_ Sequence[Buckettransitions Lifecycle Rule Noncurrent Version Transition] Specifies when noncurrent object versions transitions (documented below).
At least one of
abort_incomplete_multipart_upload_days,expiration,transition,noncurrent_version_expiration,noncurrent_version_transitionmust be specified.- prefix str
- Object key prefix identifying one or more objects to which the rule applies.
- Mapping[str, str]
- Specifies object tags key and value.
- transitions
Sequence[Bucket
Lifecycle Rule Transition] - Specifies a period in the object's transitions (documented below).
- enabled Boolean
- Specifies lifecycle rule status.
- abort
Incomplete NumberMultipart Upload Days - Specifies the number of days after initiating a multipart upload when the multipart upload must be completed.
- expiration Property Map
- Specifies a period in the object's expire (documented below).
- id String
- Unique identifier for the rule. Must be less than or equal to 255 characters in length.
- noncurrent
Version Property MapExpiration - Specifies when noncurrent object versions expire (documented below).
- noncurrent
Version List<Property Map>Transitions Specifies when noncurrent object versions transitions (documented below).
At least one of
abort_incomplete_multipart_upload_days,expiration,transition,noncurrent_version_expiration,noncurrent_version_transitionmust be specified.- prefix String
- Object key prefix identifying one or more objects to which the rule applies.
- Map<String>
- Specifies object tags key and value.
- transitions List<Property Map>
- Specifies a period in the object's transitions (documented below).
BucketLifecycleRuleExpiration, BucketLifecycleRuleExpirationArgs
- Date string
- Specifies the date after which you want the corresponding action to take effect.
- Days int
- Specifies the number of days after object creation when the specific rule action takes effect.
- Expired
Object boolDelete Marker - On a versioned bucket (versioning-enabled or versioning-suspended bucket), you can add this element in the lifecycle configuration to direct Amazon S3 to delete expired object delete markers. This cannot be specified with Days or Date in a Lifecycle Expiration Policy.
- Date string
- Specifies the date after which you want the corresponding action to take effect.
- Days int
- Specifies the number of days after object creation when the specific rule action takes effect.
- Expired
Object boolDelete Marker - On a versioned bucket (versioning-enabled or versioning-suspended bucket), you can add this element in the lifecycle configuration to direct Amazon S3 to delete expired object delete markers. This cannot be specified with Days or Date in a Lifecycle Expiration Policy.
- date String
- Specifies the date after which you want the corresponding action to take effect.
- days Integer
- Specifies the number of days after object creation when the specific rule action takes effect.
- expired
Object BooleanDelete Marker - On a versioned bucket (versioning-enabled or versioning-suspended bucket), you can add this element in the lifecycle configuration to direct Amazon S3 to delete expired object delete markers. This cannot be specified with Days or Date in a Lifecycle Expiration Policy.
- date string
- Specifies the date after which you want the corresponding action to take effect.
- days number
- Specifies the number of days after object creation when the specific rule action takes effect.
- expired
Object booleanDelete Marker - On a versioned bucket (versioning-enabled or versioning-suspended bucket), you can add this element in the lifecycle configuration to direct Amazon S3 to delete expired object delete markers. This cannot be specified with Days or Date in a Lifecycle Expiration Policy.
- date str
- Specifies the date after which you want the corresponding action to take effect.
- days int
- Specifies the number of days after object creation when the specific rule action takes effect.
- expired_
object_ booldelete_ marker - On a versioned bucket (versioning-enabled or versioning-suspended bucket), you can add this element in the lifecycle configuration to direct Amazon S3 to delete expired object delete markers. This cannot be specified with Days or Date in a Lifecycle Expiration Policy.
- date String
- Specifies the date after which you want the corresponding action to take effect.
- days Number
- Specifies the number of days after object creation when the specific rule action takes effect.
- expired
Object BooleanDelete Marker - On a versioned bucket (versioning-enabled or versioning-suspended bucket), you can add this element in the lifecycle configuration to direct Amazon S3 to delete expired object delete markers. This cannot be specified with Days or Date in a Lifecycle Expiration Policy.
BucketLifecycleRuleNoncurrentVersionExpiration, BucketLifecycleRuleNoncurrentVersionExpirationArgs
- Days int
- Specifies the number of days noncurrent object versions expire.
- Days int
- Specifies the number of days noncurrent object versions expire.
- days Integer
- Specifies the number of days noncurrent object versions expire.
- days number
- Specifies the number of days noncurrent object versions expire.
- days int
- Specifies the number of days noncurrent object versions expire.
- days Number
- Specifies the number of days noncurrent object versions expire.
BucketLifecycleRuleNoncurrentVersionTransition, BucketLifecycleRuleNoncurrentVersionTransitionArgs
- Storage
Class string - Specifies the Amazon S3 storage class to which you want the object to transition.
- Days int
- Specifies the number of days noncurrent object versions transition.
- Storage
Class string - Specifies the Amazon S3 storage class to which you want the object to transition.
- Days int
- Specifies the number of days noncurrent object versions transition.
- storage
Class String - Specifies the Amazon S3 storage class to which you want the object to transition.
- days Integer
- Specifies the number of days noncurrent object versions transition.
- storage
Class string - Specifies the Amazon S3 storage class to which you want the object to transition.
- days number
- Specifies the number of days noncurrent object versions transition.
- storage_
class str - Specifies the Amazon S3 storage class to which you want the object to transition.
- days int
- Specifies the number of days noncurrent object versions transition.
- storage
Class String - Specifies the Amazon S3 storage class to which you want the object to transition.
- days Number
- Specifies the number of days noncurrent object versions transition.
BucketLifecycleRuleTransition, BucketLifecycleRuleTransitionArgs
- Storage
Class string - Specifies the Amazon S3 storage class to which you want the object to transition.
- Date string
- Specifies the date after which you want the corresponding action to take effect.
- Days int
- Specifies the number of days after object creation when the specific rule action takes effect.
- Storage
Class string - Specifies the Amazon S3 storage class to which you want the object to transition.
- Date string
- Specifies the date after which you want the corresponding action to take effect.
- Days int
- Specifies the number of days after object creation when the specific rule action takes effect.
- storage
Class String - Specifies the Amazon S3 storage class to which you want the object to transition.
- date String
- Specifies the date after which you want the corresponding action to take effect.
- days Integer
- Specifies the number of days after object creation when the specific rule action takes effect.
- storage
Class string - Specifies the Amazon S3 storage class to which you want the object to transition.
- date string
- Specifies the date after which you want the corresponding action to take effect.
- days number
- Specifies the number of days after object creation when the specific rule action takes effect.
- storage_
class str - Specifies the Amazon S3 storage class to which you want the object to transition.
- date str
- Specifies the date after which you want the corresponding action to take effect.
- days int
- Specifies the number of days after object creation when the specific rule action takes effect.
- storage
Class String - Specifies the Amazon S3 storage class to which you want the object to transition.
- date String
- Specifies the date after which you want the corresponding action to take effect.
- days Number
- Specifies the number of days after object creation when the specific rule action takes effect.
BucketLogging, BucketLoggingArgs
- Target
Bucket string - The name of the bucket that will receive the log objects.
- Target
Prefix string - To specify a key prefix for log objects.
- Target
Bucket string - The name of the bucket that will receive the log objects.
- Target
Prefix string - To specify a key prefix for log objects.
- target
Bucket String - The name of the bucket that will receive the log objects.
- target
Prefix String - To specify a key prefix for log objects.
- target
Bucket string - The name of the bucket that will receive the log objects.
- target
Prefix string - To specify a key prefix for log objects.
- target_
bucket str - The name of the bucket that will receive the log objects.
- target_
prefix str - To specify a key prefix for log objects.
- target
Bucket String - The name of the bucket that will receive the log objects.
- target
Prefix String - To specify a key prefix for log objects.
BucketObjectLockConfiguration, BucketObjectLockConfigurationArgs
- Object
Lock stringEnabled - Indicates whether this bucket has an Object Lock configuration enabled. Valid value is
Enabled. - Rule
Bucket
Object Lock Configuration Rule - The Object Lock rule in place for this bucket.
- Object
Lock stringEnabled - Indicates whether this bucket has an Object Lock configuration enabled. Valid value is
Enabled. - Rule
Bucket
Object Lock Configuration Rule - The Object Lock rule in place for this bucket.
- object
Lock StringEnabled - Indicates whether this bucket has an Object Lock configuration enabled. Valid value is
Enabled. - rule
Bucket
Object Lock Configuration Rule - The Object Lock rule in place for this bucket.
- object
Lock stringEnabled - Indicates whether this bucket has an Object Lock configuration enabled. Valid value is
Enabled. - rule
Bucket
Object Lock Configuration Rule - The Object Lock rule in place for this bucket.
- object_
lock_ strenabled - Indicates whether this bucket has an Object Lock configuration enabled. Valid value is
Enabled. - rule
Bucket
Object Lock Configuration Rule - The Object Lock rule in place for this bucket.
- object
Lock StringEnabled - Indicates whether this bucket has an Object Lock configuration enabled. Valid value is
Enabled. - rule Property Map
- The Object Lock rule in place for this bucket.
BucketObjectLockConfigurationRule, BucketObjectLockConfigurationRuleArgs
- Default
Retention BucketObject Lock Configuration Rule Default Retention - The default retention period that you want to apply to new objects placed in this bucket.
- Default
Retention BucketObject Lock Configuration Rule Default Retention - The default retention period that you want to apply to new objects placed in this bucket.
- default
Retention BucketObject Lock Configuration Rule Default Retention - The default retention period that you want to apply to new objects placed in this bucket.
- default
Retention BucketObject Lock Configuration Rule Default Retention - The default retention period that you want to apply to new objects placed in this bucket.
- default_
retention BucketObject Lock Configuration Rule Default Retention - The default retention period that you want to apply to new objects placed in this bucket.
- default
Retention Property Map - The default retention period that you want to apply to new objects placed in this bucket.
BucketObjectLockConfigurationRuleDefaultRetention, BucketObjectLockConfigurationRuleDefaultRetentionArgs
- Mode string
- The default Object Lock retention mode you want to apply to new objects placed in this bucket. Valid values are
GOVERNANCEandCOMPLIANCE. - Days int
- The number of days that you want to specify for the default retention period.
- Years int
The number of years that you want to specify for the default retention period.
Either
daysoryearsmust be specified, but not both.NOTE on
object_lock_configuration: You can only enable S3 Object Lock for new buckets. If you need to turn on S3 Object Lock for an existing bucket, please contact AWS Support. When you create a bucket with S3 Object Lock enabled, Amazon S3 automatically enables versioning for the bucket. Once you create a bucket with S3 Object Lock enabled, you can't disable Object Lock or suspend versioning for the bucket.
- Mode string
- The default Object Lock retention mode you want to apply to new objects placed in this bucket. Valid values are
GOVERNANCEandCOMPLIANCE. - Days int
- The number of days that you want to specify for the default retention period.
- Years int
The number of years that you want to specify for the default retention period.
Either
daysoryearsmust be specified, but not both.NOTE on
object_lock_configuration: You can only enable S3 Object Lock for new buckets. If you need to turn on S3 Object Lock for an existing bucket, please contact AWS Support. When you create a bucket with S3 Object Lock enabled, Amazon S3 automatically enables versioning for the bucket. Once you create a bucket with S3 Object Lock enabled, you can't disable Object Lock or suspend versioning for the bucket.
- mode String
- The default Object Lock retention mode you want to apply to new objects placed in this bucket. Valid values are
GOVERNANCEandCOMPLIANCE. - days Integer
- The number of days that you want to specify for the default retention period.
- years Integer
The number of years that you want to specify for the default retention period.
Either
daysoryearsmust be specified, but not both.NOTE on
object_lock_configuration: You can only enable S3 Object Lock for new buckets. If you need to turn on S3 Object Lock for an existing bucket, please contact AWS Support. When you create a bucket with S3 Object Lock enabled, Amazon S3 automatically enables versioning for the bucket. Once you create a bucket with S3 Object Lock enabled, you can't disable Object Lock or suspend versioning for the bucket.
- mode string
- The default Object Lock retention mode you want to apply to new objects placed in this bucket. Valid values are
GOVERNANCEandCOMPLIANCE. - days number
- The number of days that you want to specify for the default retention period.
- years number
The number of years that you want to specify for the default retention period.
Either
daysoryearsmust be specified, but not both.NOTE on
object_lock_configuration: You can only enable S3 Object Lock for new buckets. If you need to turn on S3 Object Lock for an existing bucket, please contact AWS Support. When you create a bucket with S3 Object Lock enabled, Amazon S3 automatically enables versioning for the bucket. Once you create a bucket with S3 Object Lock enabled, you can't disable Object Lock or suspend versioning for the bucket.
- mode str
- The default Object Lock retention mode you want to apply to new objects placed in this bucket. Valid values are
GOVERNANCEandCOMPLIANCE. - days int
- The number of days that you want to specify for the default retention period.
- years int
The number of years that you want to specify for the default retention period.
Either
daysoryearsmust be specified, but not both.NOTE on
object_lock_configuration: You can only enable S3 Object Lock for new buckets. If you need to turn on S3 Object Lock for an existing bucket, please contact AWS Support. When you create a bucket with S3 Object Lock enabled, Amazon S3 automatically enables versioning for the bucket. Once you create a bucket with S3 Object Lock enabled, you can't disable Object Lock or suspend versioning for the bucket.
- mode String
- The default Object Lock retention mode you want to apply to new objects placed in this bucket. Valid values are
GOVERNANCEandCOMPLIANCE. - days Number
- The number of days that you want to specify for the default retention period.
- years Number
The number of years that you want to specify for the default retention period.
Either
daysoryearsmust be specified, but not both.NOTE on
object_lock_configuration: You can only enable S3 Object Lock for new buckets. If you need to turn on S3 Object Lock for an existing bucket, please contact AWS Support. When you create a bucket with S3 Object Lock enabled, Amazon S3 automatically enables versioning for the bucket. Once you create a bucket with S3 Object Lock enabled, you can't disable Object Lock or suspend versioning for the bucket.
BucketReplicationConfiguration, BucketReplicationConfigurationArgs
- Role string
- The ARN of the IAM role for Amazon S3 to assume when replicating the objects.
- Rules
List<Bucket
Replication Configuration Rule> - Specifies the rules managing the replication (documented below).
- Role string
- The ARN of the IAM role for Amazon S3 to assume when replicating the objects.
- Rules
[]Bucket
Replication Configuration Rule - Specifies the rules managing the replication (documented below).
- role String
- The ARN of the IAM role for Amazon S3 to assume when replicating the objects.
- rules
List<Bucket
Replication Configuration Rule> - Specifies the rules managing the replication (documented below).
- role string
- The ARN of the IAM role for Amazon S3 to assume when replicating the objects.
- rules
Bucket
Replication Configuration Rule[] - Specifies the rules managing the replication (documented below).
- role str
- The ARN of the IAM role for Amazon S3 to assume when replicating the objects.
- rules
Sequence[Bucket
Replication Configuration Rule] - Specifies the rules managing the replication (documented below).
- role String
- The ARN of the IAM role for Amazon S3 to assume when replicating the objects.
- rules List<Property Map>
- Specifies the rules managing the replication (documented below).
BucketReplicationConfigurationRule, BucketReplicationConfigurationRuleArgs
- Destination
Bucket
Replication Configuration Rule Destination - Specifies the destination for the rule (documented below).
- Status string
The status of the rule. Either
EnabledorDisabled. The rule is ignored if status is not Enabled.NOTE: Replication to multiple destination buckets requires that
priorityis specified in therulesobject. If the corresponding rule requires no filter, an empty configuration blockfilter {}must be specified.- Delete
Marker stringReplication Status - Whether delete markers are replicated. The only valid value is
Enabled. To disable, omit this argument. This argument is only valid with V2 replication configurations (i.e., whenfilteris used). - Filter
Bucket
Replication Configuration Rule Filter - Filter that identifies subset of objects to which the replication rule applies (documented below).
- Id string
- Unique identifier for the rule. Must be less than or equal to 255 characters in length.
- Prefix string
- Object keyname prefix identifying one or more objects to which the rule applies. Must be less than or equal to 1024 characters in length.
- Priority int
- The priority associated with the rule. Priority should only be set if
filteris configured. If not provided, defaults to0. Priority must be unique between multiple rules. - Source
Selection BucketCriteria Replication Configuration Rule Source Selection Criteria - Specifies special object selection criteria (documented below).
- Destination
Bucket
Replication Configuration Rule Destination - Specifies the destination for the rule (documented below).
- Status string
The status of the rule. Either
EnabledorDisabled. The rule is ignored if status is not Enabled.NOTE: Replication to multiple destination buckets requires that
priorityis specified in therulesobject. If the corresponding rule requires no filter, an empty configuration blockfilter {}must be specified.- Delete
Marker stringReplication Status - Whether delete markers are replicated. The only valid value is
Enabled. To disable, omit this argument. This argument is only valid with V2 replication configurations (i.e., whenfilteris used). - Filter
Bucket
Replication Configuration Rule Filter - Filter that identifies subset of objects to which the replication rule applies (documented below).
- Id string
- Unique identifier for the rule. Must be less than or equal to 255 characters in length.
- Prefix string
- Object keyname prefix identifying one or more objects to which the rule applies. Must be less than or equal to 1024 characters in length.
- Priority int
- The priority associated with the rule. Priority should only be set if
filteris configured. If not provided, defaults to0. Priority must be unique between multiple rules. - Source
Selection BucketCriteria Replication Configuration Rule Source Selection Criteria - Specifies special object selection criteria (documented below).
- destination
Bucket
Replication Configuration Rule Destination - Specifies the destination for the rule (documented below).
- status String
The status of the rule. Either
EnabledorDisabled. The rule is ignored if status is not Enabled.NOTE: Replication to multiple destination buckets requires that
priorityis specified in therulesobject. If the corresponding rule requires no filter, an empty configuration blockfilter {}must be specified.- delete
Marker StringReplication Status - Whether delete markers are replicated. The only valid value is
Enabled. To disable, omit this argument. This argument is only valid with V2 replication configurations (i.e., whenfilteris used). - filter
Bucket
Replication Configuration Rule Filter - Filter that identifies subset of objects to which the replication rule applies (documented below).
- id String
- Unique identifier for the rule. Must be less than or equal to 255 characters in length.
- prefix String
- Object keyname prefix identifying one or more objects to which the rule applies. Must be less than or equal to 1024 characters in length.
- priority Integer
- The priority associated with the rule. Priority should only be set if
filteris configured. If not provided, defaults to0. Priority must be unique between multiple rules. - source
Selection BucketCriteria Replication Configuration Rule Source Selection Criteria - Specifies special object selection criteria (documented below).
- destination
Bucket
Replication Configuration Rule Destination - Specifies the destination for the rule (documented below).
- status string
The status of the rule. Either
EnabledorDisabled. The rule is ignored if status is not Enabled.NOTE: Replication to multiple destination buckets requires that
priorityis specified in therulesobject. If the corresponding rule requires no filter, an empty configuration blockfilter {}must be specified.- delete
Marker stringReplication Status - Whether delete markers are replicated. The only valid value is
Enabled. To disable, omit this argument. This argument is only valid with V2 replication configurations (i.e., whenfilteris used). - filter
Bucket
Replication Configuration Rule Filter - Filter that identifies subset of objects to which the replication rule applies (documented below).
- id string
- Unique identifier for the rule. Must be less than or equal to 255 characters in length.
- prefix string
- Object keyname prefix identifying one or more objects to which the rule applies. Must be less than or equal to 1024 characters in length.
- priority number
- The priority associated with the rule. Priority should only be set if
filteris configured. If not provided, defaults to0. Priority must be unique between multiple rules. - source
Selection BucketCriteria Replication Configuration Rule Source Selection Criteria - Specifies special object selection criteria (documented below).
- destination
Bucket
Replication Configuration Rule Destination - Specifies the destination for the rule (documented below).
- status str
The status of the rule. Either
EnabledorDisabled. The rule is ignored if status is not Enabled.NOTE: Replication to multiple destination buckets requires that
priorityis specified in therulesobject. If the corresponding rule requires no filter, an empty configuration blockfilter {}must be specified.- delete_
marker_ strreplication_ status - Whether delete markers are replicated. The only valid value is
Enabled. To disable, omit this argument. This argument is only valid with V2 replication configurations (i.e., whenfilteris used). - filter
Bucket
Replication Configuration Rule Filter - Filter that identifies subset of objects to which the replication rule applies (documented below).
- id str
- Unique identifier for the rule. Must be less than or equal to 255 characters in length.
- prefix str
- Object keyname prefix identifying one or more objects to which the rule applies. Must be less than or equal to 1024 characters in length.
- priority int
- The priority associated with the rule. Priority should only be set if
filteris configured. If not provided, defaults to0. Priority must be unique between multiple rules. - source_
selection_ Bucketcriteria Replication Configuration Rule Source Selection Criteria - Specifies special object selection criteria (documented below).
- destination Property Map
- Specifies the destination for the rule (documented below).
- status String
The status of the rule. Either
EnabledorDisabled. The rule is ignored if status is not Enabled.NOTE: Replication to multiple destination buckets requires that
priorityis specified in therulesobject. If the corresponding rule requires no filter, an empty configuration blockfilter {}must be specified.- delete
Marker StringReplication Status - Whether delete markers are replicated. The only valid value is
Enabled. To disable, omit this argument. This argument is only valid with V2 replication configurations (i.e., whenfilteris used). - filter Property Map
- Filter that identifies subset of objects to which the replication rule applies (documented below).
- id String
- Unique identifier for the rule. Must be less than or equal to 255 characters in length.
- prefix String
- Object keyname prefix identifying one or more objects to which the rule applies. Must be less than or equal to 1024 characters in length.
- priority Number
- The priority associated with the rule. Priority should only be set if
filteris configured. If not provided, defaults to0. Priority must be unique between multiple rules. - source
Selection Property MapCriteria - Specifies special object selection criteria (documented below).
BucketReplicationConfigurationRuleDestination, BucketReplicationConfigurationRuleDestinationArgs
- Bucket string
- The ARN of the S3 bucket where you want Amazon S3 to store replicas of the object identified by the rule.
- Access
Control BucketTranslation Replication Configuration Rule Destination Access Control Translation - Specifies the overrides to use for object owners on replication. Must be used in conjunction with
account_idowner override configuration. - Account
Id string - The Account ID to use for overriding the object owner on replication. Must be used in conjunction with
access_control_translationoverride configuration. - Metrics
Bucket
Replication Configuration Rule Destination Metrics - Enables replication metrics (required for S3 RTC) (documented below).
- Replica
Kms stringKey Id - Destination KMS encryption key ARN for SSE-KMS replication. Must be used in conjunction with
sse_kms_encrypted_objectssource selection criteria. - Replication
Time BucketReplication Configuration Rule Destination Replication Time - Enables S3 Replication Time Control (S3 RTC) (documented below).
- Storage
Class string - The storage class used to store the object. By default, Amazon S3 uses the storage class of the source object to create the object replica.
- Bucket string
- The ARN of the S3 bucket where you want Amazon S3 to store replicas of the object identified by the rule.
- Access
Control BucketTranslation Replication Configuration Rule Destination Access Control Translation - Specifies the overrides to use for object owners on replication. Must be used in conjunction with
account_idowner override configuration. - Account
Id string - The Account ID to use for overriding the object owner on replication. Must be used in conjunction with
access_control_translationoverride configuration. - Metrics
Bucket
Replication Configuration Rule Destination Metrics - Enables replication metrics (required for S3 RTC) (documented below).
- Replica
Kms stringKey Id - Destination KMS encryption key ARN for SSE-KMS replication. Must be used in conjunction with
sse_kms_encrypted_objectssource selection criteria. - Replication
Time BucketReplication Configuration Rule Destination Replication Time - Enables S3 Replication Time Control (S3 RTC) (documented below).
- Storage
Class string - The storage class used to store the object. By default, Amazon S3 uses the storage class of the source object to create the object replica.
- bucket String
- The ARN of the S3 bucket where you want Amazon S3 to store replicas of the object identified by the rule.
- access
Control BucketTranslation Replication Configuration Rule Destination Access Control Translation - Specifies the overrides to use for object owners on replication. Must be used in conjunction with
account_idowner override configuration. - account
Id String - The Account ID to use for overriding the object owner on replication. Must be used in conjunction with
access_control_translationoverride configuration. - metrics
Bucket
Replication Configuration Rule Destination Metrics - Enables replication metrics (required for S3 RTC) (documented below).
- replica
Kms StringKey Id - Destination KMS encryption key ARN for SSE-KMS replication. Must be used in conjunction with
sse_kms_encrypted_objectssource selection criteria. - replication
Time BucketReplication Configuration Rule Destination Replication Time - Enables S3 Replication Time Control (S3 RTC) (documented below).
- storage
Class String - The storage class used to store the object. By default, Amazon S3 uses the storage class of the source object to create the object replica.
- bucket string
- The ARN of the S3 bucket where you want Amazon S3 to store replicas of the object identified by the rule.
- access
Control BucketTranslation Replication Configuration Rule Destination Access Control Translation - Specifies the overrides to use for object owners on replication. Must be used in conjunction with
account_idowner override configuration. - account
Id string - The Account ID to use for overriding the object owner on replication. Must be used in conjunction with
access_control_translationoverride configuration. - metrics
Bucket
Replication Configuration Rule Destination Metrics - Enables replication metrics (required for S3 RTC) (documented below).
- replica
Kms stringKey Id - Destination KMS encryption key ARN for SSE-KMS replication. Must be used in conjunction with
sse_kms_encrypted_objectssource selection criteria. - replication
Time BucketReplication Configuration Rule Destination Replication Time - Enables S3 Replication Time Control (S3 RTC) (documented below).
- storage
Class string - The storage class used to store the object. By default, Amazon S3 uses the storage class of the source object to create the object replica.
- bucket str
- The ARN of the S3 bucket where you want Amazon S3 to store replicas of the object identified by the rule.
- access_
control_ Buckettranslation Replication Configuration Rule Destination Access Control Translation - Specifies the overrides to use for object owners on replication. Must be used in conjunction with
account_idowner override configuration. - account_
id str - The Account ID to use for overriding the object owner on replication. Must be used in conjunction with
access_control_translationoverride configuration. - metrics
Bucket
Replication Configuration Rule Destination Metrics - Enables replication metrics (required for S3 RTC) (documented below).
- replica_
kms_ strkey_ id - Destination KMS encryption key ARN for SSE-KMS replication. Must be used in conjunction with
sse_kms_encrypted_objectssource selection criteria. - replication_
time BucketReplication Configuration Rule Destination Replication Time - Enables S3 Replication Time Control (S3 RTC) (documented below).
- storage_
class str - The storage class used to store the object. By default, Amazon S3 uses the storage class of the source object to create the object replica.
- bucket String
- The ARN of the S3 bucket where you want Amazon S3 to store replicas of the object identified by the rule.
- access
Control Property MapTranslation - Specifies the overrides to use for object owners on replication. Must be used in conjunction with
account_idowner override configuration. - account
Id String - The Account ID to use for overriding the object owner on replication. Must be used in conjunction with
access_control_translationoverride configuration. - metrics Property Map
- Enables replication metrics (required for S3 RTC) (documented below).
- replica
Kms StringKey Id - Destination KMS encryption key ARN for SSE-KMS replication. Must be used in conjunction with
sse_kms_encrypted_objectssource selection criteria. - replication
Time Property Map - Enables S3 Replication Time Control (S3 RTC) (documented below).
- storage
Class String - The storage class used to store the object. By default, Amazon S3 uses the storage class of the source object to create the object replica.
BucketReplicationConfigurationRuleDestinationAccessControlTranslation, BucketReplicationConfigurationRuleDestinationAccessControlTranslationArgs
- Owner string
- The override value for the owner on replicated objects. Currently only
Destinationis supported.
- Owner string
- The override value for the owner on replicated objects. Currently only
Destinationis supported.
- owner String
- The override value for the owner on replicated objects. Currently only
Destinationis supported.
- owner string
- The override value for the owner on replicated objects. Currently only
Destinationis supported.
- owner str
- The override value for the owner on replicated objects. Currently only
Destinationis supported.
- owner String
- The override value for the owner on replicated objects. Currently only
Destinationis supported.
BucketReplicationConfigurationRuleDestinationMetrics, BucketReplicationConfigurationRuleDestinationMetricsArgs
BucketReplicationConfigurationRuleDestinationReplicationTime, BucketReplicationConfigurationRuleDestinationReplicationTimeArgs
BucketReplicationConfigurationRuleFilter, BucketReplicationConfigurationRuleFilterArgs
- Prefix string
- Object keyname prefix that identifies subset of objects to which the rule applies. Must be less than or equal to 1024 characters in length.
- Dictionary<string, string>
- A map of tags that identifies subset of objects to which the rule applies. The rule applies only to objects having all the tags in its tagset.
- Prefix string
- Object keyname prefix that identifies subset of objects to which the rule applies. Must be less than or equal to 1024 characters in length.
- map[string]string
- A map of tags that identifies subset of objects to which the rule applies. The rule applies only to objects having all the tags in its tagset.
- prefix String
- Object keyname prefix that identifies subset of objects to which the rule applies. Must be less than or equal to 1024 characters in length.
- Map<String,String>
- A map of tags that identifies subset of objects to which the rule applies. The rule applies only to objects having all the tags in its tagset.
- prefix string
- Object keyname prefix that identifies subset of objects to which the rule applies. Must be less than or equal to 1024 characters in length.
- {[key: string]: string}
- A map of tags that identifies subset of objects to which the rule applies. The rule applies only to objects having all the tags in its tagset.
- prefix str
- Object keyname prefix that identifies subset of objects to which the rule applies. Must be less than or equal to 1024 characters in length.
- Mapping[str, str]
- A map of tags that identifies subset of objects to which the rule applies. The rule applies only to objects having all the tags in its tagset.
- prefix String
- Object keyname prefix that identifies subset of objects to which the rule applies. Must be less than or equal to 1024 characters in length.
- Map<String>
- A map of tags that identifies subset of objects to which the rule applies. The rule applies only to objects having all the tags in its tagset.
BucketReplicationConfigurationRuleSourceSelectionCriteria, BucketReplicationConfigurationRuleSourceSelectionCriteriaArgs
- Sse
Kms BucketEncrypted Objects Replication Configuration Rule Source Selection Criteria Sse Kms Encrypted Objects - Match SSE-KMS encrypted objects (documented below). If specified,
replica_kms_key_idindestinationmust be specified as well.
- Sse
Kms BucketEncrypted Objects Replication Configuration Rule Source Selection Criteria Sse Kms Encrypted Objects - Match SSE-KMS encrypted objects (documented below). If specified,
replica_kms_key_idindestinationmust be specified as well.
- sse
Kms BucketEncrypted Objects Replication Configuration Rule Source Selection Criteria Sse Kms Encrypted Objects - Match SSE-KMS encrypted objects (documented below). If specified,
replica_kms_key_idindestinationmust be specified as well.
- sse
Kms BucketEncrypted Objects Replication Configuration Rule Source Selection Criteria Sse Kms Encrypted Objects - Match SSE-KMS encrypted objects (documented below). If specified,
replica_kms_key_idindestinationmust be specified as well.
- sse_
kms_ Bucketencrypted_ objects Replication Configuration Rule Source Selection Criteria Sse Kms Encrypted Objects - Match SSE-KMS encrypted objects (documented below). If specified,
replica_kms_key_idindestinationmust be specified as well.
- sse
Kms Property MapEncrypted Objects - Match SSE-KMS encrypted objects (documented below). If specified,
replica_kms_key_idindestinationmust be specified as well.
BucketReplicationConfigurationRuleSourceSelectionCriteriaSseKmsEncryptedObjects, BucketReplicationConfigurationRuleSourceSelectionCriteriaSseKmsEncryptedObjectsArgs
- Enabled bool
- Boolean which indicates if this criteria is enabled.
- Enabled bool
- Boolean which indicates if this criteria is enabled.
- enabled Boolean
- Boolean which indicates if this criteria is enabled.
- enabled boolean
- Boolean which indicates if this criteria is enabled.
- enabled bool
- Boolean which indicates if this criteria is enabled.
- enabled Boolean
- Boolean which indicates if this criteria is enabled.
BucketServerSideEncryptionConfiguration, BucketServerSideEncryptionConfigurationArgs
- Rule
Bucket
Server Side Encryption Configuration Rule - A single object for server-side encryption by default configuration. (documented below)
- Rule
Bucket
Server Side Encryption Configuration Rule - A single object for server-side encryption by default configuration. (documented below)
- rule
Bucket
Server Side Encryption Configuration Rule - A single object for server-side encryption by default configuration. (documented below)
- rule
Bucket
Server Side Encryption Configuration Rule - A single object for server-side encryption by default configuration. (documented below)
- rule
Bucket
Server Side Encryption Configuration Rule - A single object for server-side encryption by default configuration. (documented below)
- rule Property Map
- A single object for server-side encryption by default configuration. (documented below)
BucketServerSideEncryptionConfigurationRule, BucketServerSideEncryptionConfigurationRuleArgs
- Apply
Server BucketSide Encryption By Default Server Side Encryption Configuration Rule Apply Server Side Encryption By Default - A single object for setting server-side encryption by default. (documented below)
- Bucket
Key boolEnabled - Whether or not to use Amazon S3 Bucket Keys for SSE-KMS.
- Apply
Server BucketSide Encryption By Default Server Side Encryption Configuration Rule Apply Server Side Encryption By Default - A single object for setting server-side encryption by default. (documented below)
- Bucket
Key boolEnabled - Whether or not to use Amazon S3 Bucket Keys for SSE-KMS.
- apply
Server BucketSide Encryption By Default Server Side Encryption Configuration Rule Apply Server Side Encryption By Default - A single object for setting server-side encryption by default. (documented below)
- bucket
Key BooleanEnabled - Whether or not to use Amazon S3 Bucket Keys for SSE-KMS.
- apply
Server BucketSide Encryption By Default Server Side Encryption Configuration Rule Apply Server Side Encryption By Default - A single object for setting server-side encryption by default. (documented below)
- bucket
Key booleanEnabled - Whether or not to use Amazon S3 Bucket Keys for SSE-KMS.
- apply_
server_ Bucketside_ encryption_ by_ default Server Side Encryption Configuration Rule Apply Server Side Encryption By Default - A single object for setting server-side encryption by default. (documented below)
- bucket_
key_ boolenabled - Whether or not to use Amazon S3 Bucket Keys for SSE-KMS.
- apply
Server Property MapSide Encryption By Default - A single object for setting server-side encryption by default. (documented below)
- bucket
Key BooleanEnabled - Whether or not to use Amazon S3 Bucket Keys for SSE-KMS.
BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefault, BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefaultArgs
- Sse
Algorithm string - The server-side encryption algorithm to use. Valid values are
AES256andaws:kms - Kms
Master stringKey Id - The AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of
sse_algorithmasaws:kms. The defaultaws/s3AWS KMS master key is used if this element is absent while thesse_algorithmisaws:kms.
- Sse
Algorithm string - The server-side encryption algorithm to use. Valid values are
AES256andaws:kms - Kms
Master stringKey Id - The AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of
sse_algorithmasaws:kms. The defaultaws/s3AWS KMS master key is used if this element is absent while thesse_algorithmisaws:kms.
- sse
Algorithm String - The server-side encryption algorithm to use. Valid values are
AES256andaws:kms - kms
Master StringKey Id - The AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of
sse_algorithmasaws:kms. The defaultaws/s3AWS KMS master key is used if this element is absent while thesse_algorithmisaws:kms.
- sse
Algorithm string - The server-side encryption algorithm to use. Valid values are
AES256andaws:kms - kms
Master stringKey Id - The AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of
sse_algorithmasaws:kms. The defaultaws/s3AWS KMS master key is used if this element is absent while thesse_algorithmisaws:kms.
- sse_
algorithm str - The server-side encryption algorithm to use. Valid values are
AES256andaws:kms - kms_
master_ strkey_ id - The AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of
sse_algorithmasaws:kms. The defaultaws/s3AWS KMS master key is used if this element is absent while thesse_algorithmisaws:kms.
- sse
Algorithm String - The server-side encryption algorithm to use. Valid values are
AES256andaws:kms - kms
Master StringKey Id - The AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of
sse_algorithmasaws:kms. The defaultaws/s3AWS KMS master key is used if this element is absent while thesse_algorithmisaws:kms.
BucketVersioning, BucketVersioningArgs
- Enabled bool
- Enable versioning. Once you version-enable a bucket, it can never return to an unversioned state. You can, however, suspend versioning on that bucket.
- Mfa
Delete bool - Enable MFA delete for either
Change the versioning state of your bucketorPermanently delete an object version. Default isfalse. This cannot be used to toggle this setting but is available to allow managed buckets to reflect the state in AWS
- Enabled bool
- Enable versioning. Once you version-enable a bucket, it can never return to an unversioned state. You can, however, suspend versioning on that bucket.
- Mfa
Delete bool - Enable MFA delete for either
Change the versioning state of your bucketorPermanently delete an object version. Default isfalse. This cannot be used to toggle this setting but is available to allow managed buckets to reflect the state in AWS
- enabled Boolean
- Enable versioning. Once you version-enable a bucket, it can never return to an unversioned state. You can, however, suspend versioning on that bucket.
- mfa
Delete Boolean - Enable MFA delete for either
Change the versioning state of your bucketorPermanently delete an object version. Default isfalse. This cannot be used to toggle this setting but is available to allow managed buckets to reflect the state in AWS
- enabled boolean
- Enable versioning. Once you version-enable a bucket, it can never return to an unversioned state. You can, however, suspend versioning on that bucket.
- mfa
Delete boolean - Enable MFA delete for either
Change the versioning state of your bucketorPermanently delete an object version. Default isfalse. This cannot be used to toggle this setting but is available to allow managed buckets to reflect the state in AWS
- enabled bool
- Enable versioning. Once you version-enable a bucket, it can never return to an unversioned state. You can, however, suspend versioning on that bucket.
- mfa_
delete bool - Enable MFA delete for either
Change the versioning state of your bucketorPermanently delete an object version. Default isfalse. This cannot be used to toggle this setting but is available to allow managed buckets to reflect the state in AWS
- enabled Boolean
- Enable versioning. Once you version-enable a bucket, it can never return to an unversioned state. You can, however, suspend versioning on that bucket.
- mfa
Delete Boolean - Enable MFA delete for either
Change the versioning state of your bucketorPermanently delete an object version. Default isfalse. This cannot be used to toggle this setting but is available to allow managed buckets to reflect the state in AWS
BucketWebsite, BucketWebsiteArgs
- Error
Document string - An absolute path to the document to return in case of a 4XX error.
- Index
Document string - Amazon S3 returns this index document when requests are made to the root domain or any of the subfolders.
- Redirect
All stringRequests To - A hostname to redirect all website requests for this bucket to. Hostname can optionally be prefixed with a protocol (
http://orhttps://) to use when redirecting requests. The default is the protocol that is used in the original request. - Routing
Rules string | List<string> A json array containing routing rules describing redirect behavior and when redirects are applied.
The
CORSobject supports the following:
- Error
Document string - An absolute path to the document to return in case of a 4XX error.
- Index
Document string - Amazon S3 returns this index document when requests are made to the root domain or any of the subfolders.
- Redirect
All stringRequests To - A hostname to redirect all website requests for this bucket to. Hostname can optionally be prefixed with a protocol (
http://orhttps://) to use when redirecting requests. The default is the protocol that is used in the original request. - Routing
Rules string | []string A json array containing routing rules describing redirect behavior and when redirects are applied.
The
CORSobject supports the following:
- error
Document String - An absolute path to the document to return in case of a 4XX error.
- index
Document String - Amazon S3 returns this index document when requests are made to the root domain or any of the subfolders.
- redirect
All StringRequests To - A hostname to redirect all website requests for this bucket to. Hostname can optionally be prefixed with a protocol (
http://orhttps://) to use when redirecting requests. The default is the protocol that is used in the original request. - routing
Rules String | List<String> A json array containing routing rules describing redirect behavior and when redirects are applied.
The
CORSobject supports the following:
- error
Document string - An absolute path to the document to return in case of a 4XX error.
- index
Document string - Amazon S3 returns this index document when requests are made to the root domain or any of the subfolders.
- redirect
All stringRequests To - A hostname to redirect all website requests for this bucket to. Hostname can optionally be prefixed with a protocol (
http://orhttps://) to use when redirecting requests. The default is the protocol that is used in the original request. - routing
Rules string | RoutingRule[] A json array containing routing rules describing redirect behavior and when redirects are applied.
The
CORSobject supports the following:
- error_
document str - An absolute path to the document to return in case of a 4XX error.
- index_
document str - Amazon S3 returns this index document when requests are made to the root domain or any of the subfolders.
- redirect_
all_ strrequests_ to - A hostname to redirect all website requests for this bucket to. Hostname can optionally be prefixed with a protocol (
http://orhttps://) to use when redirecting requests. The default is the protocol that is used in the original request. - routing_
rules str | Sequence[str] A json array containing routing rules describing redirect behavior and when redirects are applied.
The
CORSobject supports the following:
- error
Document String - An absolute path to the document to return in case of a 4XX error.
- index
Document String - Amazon S3 returns this index document when requests are made to the root domain or any of the subfolders.
- redirect
All StringRequests To - A hostname to redirect all website requests for this bucket to. Hostname can optionally be prefixed with a protocol (
http://orhttps://) to use when redirecting requests. The default is the protocol that is used in the original request. - routing
Rules String | List<> A json array containing routing rules describing redirect behavior and when redirects are applied.
The
CORSobject supports the following:
CannedAcl, CannedAclArgs
- Private
- private
- Public
Read - public-read
- Public
Read Write - public-read-write
- Aws
Exec Read - aws-exec-read
- Authenticated
Read - authenticated-read
- Bucket
Owner Read - bucket-owner-read
- Bucket
Owner Full Control - bucket-owner-full-control
- Log
Delivery Write - log-delivery-write
- Canned
Acl Private - private
- Canned
Acl Public Read - public-read
- Canned
Acl Public Read Write - public-read-write
- Canned
Acl Aws Exec Read - aws-exec-read
- Canned
Acl Authenticated Read - authenticated-read
- Canned
Acl Bucket Owner Read - bucket-owner-read
- Canned
Acl Bucket Owner Full Control - bucket-owner-full-control
- Canned
Acl Log Delivery Write - log-delivery-write
- Private
- private
- Public
Read - public-read
- Public
Read Write - public-read-write
- Aws
Exec Read - aws-exec-read
- Authenticated
Read - authenticated-read
- Bucket
Owner Read - bucket-owner-read
- Bucket
Owner Full Control - bucket-owner-full-control
- Log
Delivery Write - log-delivery-write
- Private
- private
- Public
Read - public-read
- Public
Read Write - public-read-write
- Aws
Exec Read - aws-exec-read
- Authenticated
Read - authenticated-read
- Bucket
Owner Read - bucket-owner-read
- Bucket
Owner Full Control - bucket-owner-full-control
- Log
Delivery Write - log-delivery-write
- PRIVATE
- private
- PUBLIC_READ
- public-read
- PUBLIC_READ_WRITE
- public-read-write
- AWS_EXEC_READ
- aws-exec-read
- AUTHENTICATED_READ
- authenticated-read
- BUCKET_OWNER_READ
- bucket-owner-read
- BUCKET_OWNER_FULL_CONTROL
- bucket-owner-full-control
- LOG_DELIVERY_WRITE
- log-delivery-write
- "private"
- private
- "public-read"
- public-read
- "public-read-write"
- public-read-write
- "aws-exec-read"
- aws-exec-read
- "authenticated-read"
- authenticated-read
- "bucket-owner-read"
- bucket-owner-read
- "bucket-owner-full-control"
- bucket-owner-full-control
- "log-delivery-write"
- log-delivery-write
Import
S3 bucket can be imported using the bucket, e.g.,
$ pulumi import aws:s3/bucket:Bucket bucket bucket-name
The policy argument is not imported and will be deprecated in a future version of the provider. Use the aws_s3_bucket_policy resource to manage the S3 Bucket Policy instead.
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.