1. Packages
  2. AWS Classic
  3. API Docs
  4. s3
  5. Bucket

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.3.0 published on Thursday, Sep 28, 2023 by Pulumi

aws.s3.Bucket

Explore with Pulumi AI

aws logo

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.3.0 published on Thursday, Sep 28, 2023 by Pulumi

    Provides a S3 bucket resource.

    This functionality is for managing S3 in an AWS Partition. To manage S3 on Outposts, see the aws.s3control.Bucket resource.

    Example Usage

    Private Bucket w/ Tags

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var bucket = new Aws.S3.Bucket("bucket", new()
        {
            Acl = "private",
            Tags = 
            {
                { "Environment", "Dev" },
                { "Name", "My bucket" },
            },
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := s3.NewBucket(ctx, "bucket", &s3.BucketArgs{
    			Acl: pulumi.String("private"),
    			Tags: pulumi.StringMap{
    				"Environment": pulumi.String("Dev"),
    				"Name":        pulumi.String("My bucket"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.s3.Bucket;
    import com.pulumi.aws.s3.BucketArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var bucket = new Bucket("bucket", BucketArgs.builder()        
                .acl("private")
                .tags(Map.ofEntries(
                    Map.entry("Environment", "Dev"),
                    Map.entry("Name", "My bucket")
                ))
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_aws as aws
    
    bucket = aws.s3.Bucket("bucket",
        acl="private",
        tags={
            "Environment": "Dev",
            "Name": "My bucket",
        })
    
    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const bucket = new aws.s3.Bucket("bucket", {
        acl: "private",
        tags: {
            Environment: "Dev",
            Name: "My bucket",
        },
    });
    
    resources:
      bucket:
        type: aws:s3:Bucket
        properties:
          acl: private
          tags:
            Environment: Dev
            Name: My bucket
    

    Static Website Hosting

    using System.Collections.Generic;
    using System.IO;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var bucket = new Aws.S3.Bucket("bucket", new()
        {
            Acl = "public-read",
            Policy = File.ReadAllText("policy.json"),
            Website = new Aws.S3.Inputs.BucketWebsiteArgs
            {
                IndexDocument = "index.html",
                ErrorDocument = "error.html",
                RoutingRules = @"[{
        ""Condition"": {
            ""KeyPrefixEquals"": ""docs/""
        },
        ""Redirect"": {
            ""ReplaceKeyPrefixWith"": ""documents/""
        }
    }]
    ",
            },
        });
    
    });
    
    package main
    
    import (
    	"os"
    
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func readFileOrPanic(path string) pulumi.StringPtrInput {
    	data, err := os.ReadFile(path)
    	if err != nil {
    		panic(err.Error())
    	}
    	return pulumi.String(string(data))
    }
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := s3.NewBucket(ctx, "bucket", &s3.BucketArgs{
    			Acl:    pulumi.String("public-read"),
    			Policy: readFileOrPanic("policy.json"),
    			Website: &s3.BucketWebsiteArgs{
    				IndexDocument: pulumi.String("index.html"),
    				ErrorDocument: pulumi.String("error.html"),
    				RoutingRules: pulumi.Any(`[{
        "Condition": {
            "KeyPrefixEquals": "docs/"
        },
        "Redirect": {
            "ReplaceKeyPrefixWith": "documents/"
        }
    }]
    `),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.s3.Bucket;
    import com.pulumi.aws.s3.BucketArgs;
    import com.pulumi.aws.s3.inputs.BucketWebsiteArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var bucket = new Bucket("bucket", BucketArgs.builder()        
                .acl("public-read")
                .policy(Files.readString(Paths.get("policy.json")))
                .website(BucketWebsiteArgs.builder()
                    .indexDocument("index.html")
                    .errorDocument("error.html")
                    .routingRules("""
    [{
        "Condition": {
            "KeyPrefixEquals": "docs/"
        },
        "Redirect": {
            "ReplaceKeyPrefixWith": "documents/"
        }
    }]
                    """)
                    .build())
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_aws as aws
    
    bucket = aws.s3.Bucket("bucket",
        acl="public-read",
        policy=(lambda path: open(path).read())("policy.json"),
        website=aws.s3.BucketWebsiteArgs(
            index_document="index.html",
            error_document="error.html",
            routing_rules="""[{
        "Condition": {
            "KeyPrefixEquals": "docs/"
        },
        "Redirect": {
            "ReplaceKeyPrefixWith": "documents/"
        }
    }]
    """,
        ))
    
    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    import * as fs from "fs";
    
    const bucket = new aws.s3.Bucket("bucket", {
        acl: "public-read",
        policy: fs.readFileSync("policy.json"),
        website: {
            indexDocument: "index.html",
            errorDocument: "error.html",
            routingRules: `[{
        "Condition": {
            "KeyPrefixEquals": "docs/"
        },
        "Redirect": {
            "ReplaceKeyPrefixWith": "documents/"
        }
    }]
    `,
        },
    });
    
    resources:
      bucket:
        type: aws:s3:Bucket
        properties:
          acl: public-read
          policy:
            fn::readFile: policy.json
          website:
            indexDocument: index.html
            errorDocument: error.html
            routingRules: |
              [{
                  "Condition": {
                      "KeyPrefixEquals": "docs/"
                  },
                  "Redirect": {
                      "ReplaceKeyPrefixWith": "documents/"
                  }
              }]          
    

    Using CORS

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var bucket = new Aws.S3.Bucket("bucket", new()
        {
            Acl = "public-read",
            CorsRules = new[]
            {
                new Aws.S3.Inputs.BucketCorsRuleArgs
                {
                    AllowedHeaders = new[]
                    {
                        "*",
                    },
                    AllowedMethods = new[]
                    {
                        "PUT",
                        "POST",
                    },
                    AllowedOrigins = new[]
                    {
                        "https://s3-website-test.mydomain.com",
                    },
                    ExposeHeaders = new[]
                    {
                        "ETag",
                    },
                    MaxAgeSeconds = 3000,
                },
            },
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := s3.NewBucket(ctx, "bucket", &s3.BucketArgs{
    			Acl: pulumi.String("public-read"),
    			CorsRules: s3.BucketCorsRuleArray{
    				&s3.BucketCorsRuleArgs{
    					AllowedHeaders: pulumi.StringArray{
    						pulumi.String("*"),
    					},
    					AllowedMethods: pulumi.StringArray{
    						pulumi.String("PUT"),
    						pulumi.String("POST"),
    					},
    					AllowedOrigins: pulumi.StringArray{
    						pulumi.String("https://s3-website-test.mydomain.com"),
    					},
    					ExposeHeaders: pulumi.StringArray{
    						pulumi.String("ETag"),
    					},
    					MaxAgeSeconds: pulumi.Int(3000),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.s3.Bucket;
    import com.pulumi.aws.s3.BucketArgs;
    import com.pulumi.aws.s3.inputs.BucketCorsRuleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var bucket = new Bucket("bucket", BucketArgs.builder()        
                .acl("public-read")
                .corsRules(BucketCorsRuleArgs.builder()
                    .allowedHeaders("*")
                    .allowedMethods(                
                        "PUT",
                        "POST")
                    .allowedOrigins("https://s3-website-test.mydomain.com")
                    .exposeHeaders("ETag")
                    .maxAgeSeconds(3000)
                    .build())
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_aws as aws
    
    bucket = aws.s3.Bucket("bucket",
        acl="public-read",
        cors_rules=[aws.s3.BucketCorsRuleArgs(
            allowed_headers=["*"],
            allowed_methods=[
                "PUT",
                "POST",
            ],
            allowed_origins=["https://s3-website-test.mydomain.com"],
            expose_headers=["ETag"],
            max_age_seconds=3000,
        )])
    
    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const bucket = new aws.s3.Bucket("bucket", {
        acl: "public-read",
        corsRules: [{
            allowedHeaders: ["*"],
            allowedMethods: [
                "PUT",
                "POST",
            ],
            allowedOrigins: ["https://s3-website-test.mydomain.com"],
            exposeHeaders: ["ETag"],
            maxAgeSeconds: 3000,
        }],
    });
    
    resources:
      bucket:
        type: aws:s3:Bucket
        properties:
          acl: public-read
          corsRules:
            - allowedHeaders:
                - '*'
              allowedMethods:
                - PUT
                - POST
              allowedOrigins:
                - https://s3-website-test.mydomain.com
              exposeHeaders:
                - ETag
              maxAgeSeconds: 3000
    

    Using versioning

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var bucket = new Aws.S3.Bucket("bucket", new()
        {
            Acl = "private",
            Versioning = new Aws.S3.Inputs.BucketVersioningArgs
            {
                Enabled = true,
            },
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := s3.NewBucket(ctx, "bucket", &s3.BucketArgs{
    			Acl: pulumi.String("private"),
    			Versioning: &s3.BucketVersioningArgs{
    				Enabled: pulumi.Bool(true),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.s3.Bucket;
    import com.pulumi.aws.s3.BucketArgs;
    import com.pulumi.aws.s3.inputs.BucketVersioningArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var bucket = new Bucket("bucket", BucketArgs.builder()        
                .acl("private")
                .versioning(BucketVersioningArgs.builder()
                    .enabled(true)
                    .build())
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_aws as aws
    
    bucket = aws.s3.Bucket("bucket",
        acl="private",
        versioning=aws.s3.BucketVersioningArgs(
            enabled=True,
        ))
    
    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const bucket = new aws.s3.Bucket("bucket", {
        acl: "private",
        versioning: {
            enabled: true,
        },
    });
    
    resources:
      bucket:
        type: aws:s3:Bucket
        properties:
          acl: private
          versioning:
            enabled: true
    

    Enable Logging

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var logBucket = new Aws.S3.Bucket("logBucket", new()
        {
            Acl = "log-delivery-write",
        });
    
        var bucket = new Aws.S3.Bucket("bucket", new()
        {
            Acl = "private",
            Loggings = new[]
            {
                new Aws.S3.Inputs.BucketLoggingArgs
                {
                    TargetBucket = logBucket.Id,
                    TargetPrefix = "log/",
                },
            },
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		logBucket, err := s3.NewBucket(ctx, "logBucket", &s3.BucketArgs{
    			Acl: pulumi.String("log-delivery-write"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = s3.NewBucket(ctx, "bucket", &s3.BucketArgs{
    			Acl: pulumi.String("private"),
    			Loggings: s3.BucketLoggingArray{
    				&s3.BucketLoggingArgs{
    					TargetBucket: logBucket.ID(),
    					TargetPrefix: pulumi.String("log/"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.s3.Bucket;
    import com.pulumi.aws.s3.BucketArgs;
    import com.pulumi.aws.s3.inputs.BucketLoggingArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var logBucket = new Bucket("logBucket", BucketArgs.builder()        
                .acl("log-delivery-write")
                .build());
    
            var bucket = new Bucket("bucket", BucketArgs.builder()        
                .acl("private")
                .loggings(BucketLoggingArgs.builder()
                    .targetBucket(logBucket.id())
                    .targetPrefix("log/")
                    .build())
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_aws as aws
    
    log_bucket = aws.s3.Bucket("logBucket", acl="log-delivery-write")
    bucket = aws.s3.Bucket("bucket",
        acl="private",
        loggings=[aws.s3.BucketLoggingArgs(
            target_bucket=log_bucket.id,
            target_prefix="log/",
        )])
    
    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const logBucket = new aws.s3.Bucket("logBucket", {acl: "log-delivery-write"});
    const bucket = new aws.s3.Bucket("bucket", {
        acl: "private",
        loggings: [{
            targetBucket: logBucket.id,
            targetPrefix: "log/",
        }],
    });
    
    resources:
      logBucket:
        type: aws:s3:Bucket
        properties:
          acl: log-delivery-write
      bucket:
        type: aws:s3:Bucket
        properties:
          acl: private
          loggings:
            - targetBucket: ${logBucket.id}
              targetPrefix: log/
    

    Using object lifecycle

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var bucket = new Aws.S3.Bucket("bucket", new()
        {
            Acl = "private",
            LifecycleRules = new[]
            {
                new Aws.S3.Inputs.BucketLifecycleRuleArgs
                {
                    Enabled = true,
                    Expiration = new Aws.S3.Inputs.BucketLifecycleRuleExpirationArgs
                    {
                        Days = 90,
                    },
                    Id = "log",
                    Prefix = "log/",
                    Tags = 
                    {
                        { "autoclean", "true" },
                        { "rule", "log" },
                    },
                    Transitions = new[]
                    {
                        new Aws.S3.Inputs.BucketLifecycleRuleTransitionArgs
                        {
                            Days = 30,
                            StorageClass = "STANDARD_IA",
                        },
                        new Aws.S3.Inputs.BucketLifecycleRuleTransitionArgs
                        {
                            Days = 60,
                            StorageClass = "GLACIER",
                        },
                    },
                },
                new Aws.S3.Inputs.BucketLifecycleRuleArgs
                {
                    Enabled = true,
                    Expiration = new Aws.S3.Inputs.BucketLifecycleRuleExpirationArgs
                    {
                        Date = "2016-01-12",
                    },
                    Id = "tmp",
                    Prefix = "tmp/",
                },
            },
        });
    
        var versioningBucket = new Aws.S3.Bucket("versioningBucket", new()
        {
            Acl = "private",
            LifecycleRules = new[]
            {
                new Aws.S3.Inputs.BucketLifecycleRuleArgs
                {
                    Enabled = true,
                    NoncurrentVersionExpiration = new Aws.S3.Inputs.BucketLifecycleRuleNoncurrentVersionExpirationArgs
                    {
                        Days = 90,
                    },
                    NoncurrentVersionTransitions = new[]
                    {
                        new Aws.S3.Inputs.BucketLifecycleRuleNoncurrentVersionTransitionArgs
                        {
                            Days = 30,
                            StorageClass = "STANDARD_IA",
                        },
                        new Aws.S3.Inputs.BucketLifecycleRuleNoncurrentVersionTransitionArgs
                        {
                            Days = 60,
                            StorageClass = "GLACIER",
                        },
                    },
                    Prefix = "config/",
                },
            },
            Versioning = new Aws.S3.Inputs.BucketVersioningArgs
            {
                Enabled = true,
            },
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := s3.NewBucket(ctx, "bucket", &s3.BucketArgs{
    			Acl: pulumi.String("private"),
    			LifecycleRules: s3.BucketLifecycleRuleArray{
    				&s3.BucketLifecycleRuleArgs{
    					Enabled: pulumi.Bool(true),
    					Expiration: &s3.BucketLifecycleRuleExpirationArgs{
    						Days: pulumi.Int(90),
    					},
    					Id:     pulumi.String("log"),
    					Prefix: pulumi.String("log/"),
    					Tags: pulumi.StringMap{
    						"autoclean": pulumi.String("true"),
    						"rule":      pulumi.String("log"),
    					},
    					Transitions: s3.BucketLifecycleRuleTransitionArray{
    						&s3.BucketLifecycleRuleTransitionArgs{
    							Days:         pulumi.Int(30),
    							StorageClass: pulumi.String("STANDARD_IA"),
    						},
    						&s3.BucketLifecycleRuleTransitionArgs{
    							Days:         pulumi.Int(60),
    							StorageClass: pulumi.String("GLACIER"),
    						},
    					},
    				},
    				&s3.BucketLifecycleRuleArgs{
    					Enabled: pulumi.Bool(true),
    					Expiration: &s3.BucketLifecycleRuleExpirationArgs{
    						Date: pulumi.String("2016-01-12"),
    					},
    					Id:     pulumi.String("tmp"),
    					Prefix: pulumi.String("tmp/"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		_, err = s3.NewBucket(ctx, "versioningBucket", &s3.BucketArgs{
    			Acl: pulumi.String("private"),
    			LifecycleRules: s3.BucketLifecycleRuleArray{
    				&s3.BucketLifecycleRuleArgs{
    					Enabled: pulumi.Bool(true),
    					NoncurrentVersionExpiration: &s3.BucketLifecycleRuleNoncurrentVersionExpirationArgs{
    						Days: pulumi.Int(90),
    					},
    					NoncurrentVersionTransitions: s3.BucketLifecycleRuleNoncurrentVersionTransitionArray{
    						&s3.BucketLifecycleRuleNoncurrentVersionTransitionArgs{
    							Days:         pulumi.Int(30),
    							StorageClass: pulumi.String("STANDARD_IA"),
    						},
    						&s3.BucketLifecycleRuleNoncurrentVersionTransitionArgs{
    							Days:         pulumi.Int(60),
    							StorageClass: pulumi.String("GLACIER"),
    						},
    					},
    					Prefix: pulumi.String("config/"),
    				},
    			},
    			Versioning: &s3.BucketVersioningArgs{
    				Enabled: pulumi.Bool(true),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.s3.Bucket;
    import com.pulumi.aws.s3.BucketArgs;
    import com.pulumi.aws.s3.inputs.BucketLifecycleRuleArgs;
    import com.pulumi.aws.s3.inputs.BucketLifecycleRuleExpirationArgs;
    import com.pulumi.aws.s3.inputs.BucketLifecycleRuleNoncurrentVersionExpirationArgs;
    import com.pulumi.aws.s3.inputs.BucketVersioningArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var bucket = new Bucket("bucket", BucketArgs.builder()        
                .acl("private")
                .lifecycleRules(            
                    BucketLifecycleRuleArgs.builder()
                        .enabled(true)
                        .expiration(BucketLifecycleRuleExpirationArgs.builder()
                            .days(90)
                            .build())
                        .id("log")
                        .prefix("log/")
                        .tags(Map.ofEntries(
                            Map.entry("autoclean", "true"),
                            Map.entry("rule", "log")
                        ))
                        .transitions(                    
                            BucketLifecycleRuleTransitionArgs.builder()
                                .days(30)
                                .storageClass("STANDARD_IA")
                                .build(),
                            BucketLifecycleRuleTransitionArgs.builder()
                                .days(60)
                                .storageClass("GLACIER")
                                .build())
                        .build(),
                    BucketLifecycleRuleArgs.builder()
                        .enabled(true)
                        .expiration(BucketLifecycleRuleExpirationArgs.builder()
                            .date("2016-01-12")
                            .build())
                        .id("tmp")
                        .prefix("tmp/")
                        .build())
                .build());
    
            var versioningBucket = new Bucket("versioningBucket", BucketArgs.builder()        
                .acl("private")
                .lifecycleRules(BucketLifecycleRuleArgs.builder()
                    .enabled(true)
                    .noncurrentVersionExpiration(BucketLifecycleRuleNoncurrentVersionExpirationArgs.builder()
                        .days(90)
                        .build())
                    .noncurrentVersionTransitions(                
                        BucketLifecycleRuleNoncurrentVersionTransitionArgs.builder()
                            .days(30)
                            .storageClass("STANDARD_IA")
                            .build(),
                        BucketLifecycleRuleNoncurrentVersionTransitionArgs.builder()
                            .days(60)
                            .storageClass("GLACIER")
                            .build())
                    .prefix("config/")
                    .build())
                .versioning(BucketVersioningArgs.builder()
                    .enabled(true)
                    .build())
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_aws as aws
    
    bucket = aws.s3.Bucket("bucket",
        acl="private",
        lifecycle_rules=[
            aws.s3.BucketLifecycleRuleArgs(
                enabled=True,
                expiration=aws.s3.BucketLifecycleRuleExpirationArgs(
                    days=90,
                ),
                id="log",
                prefix="log/",
                tags={
                    "autoclean": "true",
                    "rule": "log",
                },
                transitions=[
                    aws.s3.BucketLifecycleRuleTransitionArgs(
                        days=30,
                        storage_class="STANDARD_IA",
                    ),
                    aws.s3.BucketLifecycleRuleTransitionArgs(
                        days=60,
                        storage_class="GLACIER",
                    ),
                ],
            ),
            aws.s3.BucketLifecycleRuleArgs(
                enabled=True,
                expiration=aws.s3.BucketLifecycleRuleExpirationArgs(
                    date="2016-01-12",
                ),
                id="tmp",
                prefix="tmp/",
            ),
        ])
    versioning_bucket = aws.s3.Bucket("versioningBucket",
        acl="private",
        lifecycle_rules=[aws.s3.BucketLifecycleRuleArgs(
            enabled=True,
            noncurrent_version_expiration=aws.s3.BucketLifecycleRuleNoncurrentVersionExpirationArgs(
                days=90,
            ),
            noncurrent_version_transitions=[
                aws.s3.BucketLifecycleRuleNoncurrentVersionTransitionArgs(
                    days=30,
                    storage_class="STANDARD_IA",
                ),
                aws.s3.BucketLifecycleRuleNoncurrentVersionTransitionArgs(
                    days=60,
                    storage_class="GLACIER",
                ),
            ],
            prefix="config/",
        )],
        versioning=aws.s3.BucketVersioningArgs(
            enabled=True,
        ))
    
    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const bucket = new aws.s3.Bucket("bucket", {
        acl: "private",
        lifecycleRules: [
            {
                enabled: true,
                expiration: {
                    days: 90,
                },
                id: "log",
                prefix: "log/",
                tags: {
                    autoclean: "true",
                    rule: "log",
                },
                transitions: [
                    {
                        days: 30,
                        storageClass: "STANDARD_IA",
                    },
                    {
                        days: 60,
                        storageClass: "GLACIER",
                    },
                ],
            },
            {
                enabled: true,
                expiration: {
                    date: "2016-01-12",
                },
                id: "tmp",
                prefix: "tmp/",
            },
        ],
    });
    const versioningBucket = new aws.s3.Bucket("versioningBucket", {
        acl: "private",
        lifecycleRules: [{
            enabled: true,
            noncurrentVersionExpiration: {
                days: 90,
            },
            noncurrentVersionTransitions: [
                {
                    days: 30,
                    storageClass: "STANDARD_IA",
                },
                {
                    days: 60,
                    storageClass: "GLACIER",
                },
            ],
            prefix: "config/",
        }],
        versioning: {
            enabled: true,
        },
    });
    
    resources:
      bucket:
        type: aws:s3:Bucket
        properties:
          acl: private
          lifecycleRules:
            - enabled: true
              expiration:
                days: 90
              id: log
              prefix: log/
              tags:
                autoclean: 'true'
                rule: log
              transitions:
                - days: 30
                  storageClass: STANDARD_IA
                - days: 60
                  storageClass: GLACIER
            - enabled: true
              expiration:
                date: 2016-01-12
              id: tmp
              prefix: tmp/
      versioningBucket:
        type: aws:s3:Bucket
        properties:
          acl: private
          lifecycleRules:
            - enabled: true
              noncurrentVersionExpiration:
                days: 90
              noncurrentVersionTransitions:
                - days: 30
                  storageClass: STANDARD_IA
                - days: 60
                  storageClass: GLACIER
              prefix: config/
          versioning:
            enabled: true
    

    Using replication configuration

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var central = new Aws.Provider("central", new()
        {
            Region = "eu-central-1",
        });
    
        var replicationRole = new Aws.Iam.Role("replicationRole", new()
        {
            AssumeRolePolicy = @"{
      ""Version"": ""2012-10-17"",
      ""Statement"": [
        {
          ""Action"": ""sts:AssumeRole"",
          ""Principal"": {
            ""Service"": ""s3.amazonaws.com""
          },
          ""Effect"": ""Allow"",
          ""Sid"": """"
        }
      ]
    }
    ",
        });
    
        var destination = new Aws.S3.Bucket("destination", new()
        {
            Versioning = new Aws.S3.Inputs.BucketVersioningArgs
            {
                Enabled = true,
            },
        });
    
        var source = new Aws.S3.Bucket("source", new()
        {
            Acl = "private",
            Versioning = new Aws.S3.Inputs.BucketVersioningArgs
            {
                Enabled = true,
            },
            ReplicationConfiguration = new Aws.S3.Inputs.BucketReplicationConfigurationArgs
            {
                Role = replicationRole.Arn,
                Rules = new[]
                {
                    new Aws.S3.Inputs.BucketReplicationConfigurationRuleArgs
                    {
                        Id = "foobar",
                        Status = "Enabled",
                        Filter = new Aws.S3.Inputs.BucketReplicationConfigurationRuleFilterArgs
                        {
                            Tags = null,
                        },
                        Destination = new Aws.S3.Inputs.BucketReplicationConfigurationRuleDestinationArgs
                        {
                            Bucket = destination.Arn,
                            StorageClass = "STANDARD",
                            ReplicationTime = new Aws.S3.Inputs.BucketReplicationConfigurationRuleDestinationReplicationTimeArgs
                            {
                                Status = "Enabled",
                                Minutes = 15,
                            },
                            Metrics = new Aws.S3.Inputs.BucketReplicationConfigurationRuleDestinationMetricsArgs
                            {
                                Status = "Enabled",
                                Minutes = 15,
                            },
                        },
                    },
                },
            },
        }, new CustomResourceOptions
        {
            Provider = aws.Central,
        });
    
        var replicationPolicy = new Aws.Iam.Policy("replicationPolicy", new()
        {
            PolicyDocument = Output.Tuple(source.Arn, source.Arn, destination.Arn).Apply(values =>
            {
                var sourceArn = values.Item1;
                var sourceArn1 = values.Item2;
                var destinationArn = values.Item3;
                return @$"{{
      ""Version"": ""2012-10-17"",
      ""Statement"": [
        {{
          ""Action"": [
            ""s3:GetReplicationConfiguration"",
            ""s3:ListBucket""
          ],
          ""Effect"": ""Allow"",
          ""Resource"": [
            ""{sourceArn}""
          ]
        }},
        {{
          ""Action"": [
            ""s3:GetObjectVersionForReplication"",
            ""s3:GetObjectVersionAcl"",
             ""s3:GetObjectVersionTagging""
          ],
          ""Effect"": ""Allow"",
          ""Resource"": [
            ""{sourceArn1}/*""
          ]
        }},
        {{
          ""Action"": [
            ""s3:ReplicateObject"",
            ""s3:ReplicateDelete"",
            ""s3:ReplicateTags""
          ],
          ""Effect"": ""Allow"",
          ""Resource"": ""{destinationArn}/*""
        }}
      ]
    }}
    ";
            }),
        });
    
        var replicationRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment("replicationRolePolicyAttachment", new()
        {
            Role = replicationRole.Name,
            PolicyArn = replicationPolicy.Arn,
        });
    
    });
    
    package main
    
    import (
    	"fmt"
    
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws"
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := aws.NewProvider(ctx, "central", &aws.ProviderArgs{
    			Region: pulumi.String("eu-central-1"),
    		})
    		if err != nil {
    			return err
    		}
    		replicationRole, err := iam.NewRole(ctx, "replicationRole", &iam.RoleArgs{
    			AssumeRolePolicy: pulumi.Any(`{
      "Version": "2012-10-17",
      "Statement": [
        {
          "Action": "sts:AssumeRole",
          "Principal": {
            "Service": "s3.amazonaws.com"
          },
          "Effect": "Allow",
          "Sid": ""
        }
      ]
    }
    `),
    		})
    		if err != nil {
    			return err
    		}
    		destination, err := s3.NewBucket(ctx, "destination", &s3.BucketArgs{
    			Versioning: &s3.BucketVersioningArgs{
    				Enabled: pulumi.Bool(true),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		source, err := s3.NewBucket(ctx, "source", &s3.BucketArgs{
    			Acl: pulumi.String("private"),
    			Versioning: &s3.BucketVersioningArgs{
    				Enabled: pulumi.Bool(true),
    			},
    			ReplicationConfiguration: &s3.BucketReplicationConfigurationArgs{
    				Role: replicationRole.Arn,
    				Rules: s3.BucketReplicationConfigurationRuleArray{
    					&s3.BucketReplicationConfigurationRuleArgs{
    						Id:     pulumi.String("foobar"),
    						Status: pulumi.String("Enabled"),
    						Filter: &s3.BucketReplicationConfigurationRuleFilterArgs{
    							Tags: nil,
    						},
    						Destination: &s3.BucketReplicationConfigurationRuleDestinationArgs{
    							Bucket:       destination.Arn,
    							StorageClass: pulumi.String("STANDARD"),
    							ReplicationTime: &s3.BucketReplicationConfigurationRuleDestinationReplicationTimeArgs{
    								Status:  pulumi.String("Enabled"),
    								Minutes: pulumi.Int(15),
    							},
    							Metrics: &s3.BucketReplicationConfigurationRuleDestinationMetricsArgs{
    								Status:  pulumi.String("Enabled"),
    								Minutes: pulumi.Int(15),
    							},
    						},
    					},
    				},
    			},
    		}, pulumi.Provider(aws.Central))
    		if err != nil {
    			return err
    		}
    		replicationPolicy, err := iam.NewPolicy(ctx, "replicationPolicy", &iam.PolicyArgs{
    			Policy: pulumi.All(source.Arn, source.Arn, destination.Arn).ApplyT(func(_args []interface{}) (string, error) {
    				sourceArn := _args[0].(string)
    				sourceArn1 := _args[1].(string)
    				destinationArn := _args[2].(string)
    				return fmt.Sprintf(`{
      "Version": "2012-10-17",
      "Statement": [
        {
          "Action": [
            "s3:GetReplicationConfiguration",
            "s3:ListBucket"
          ],
          "Effect": "Allow",
          "Resource": [
            "%v"
          ]
        },
        {
          "Action": [
            "s3:GetObjectVersionForReplication",
            "s3:GetObjectVersionAcl",
             "s3:GetObjectVersionTagging"
          ],
          "Effect": "Allow",
          "Resource": [
            "%v/*"
          ]
        },
        {
          "Action": [
            "s3:ReplicateObject",
            "s3:ReplicateDelete",
            "s3:ReplicateTags"
          ],
          "Effect": "Allow",
          "Resource": "%v/*"
        }
      ]
    }
    `, sourceArn, sourceArn1, destinationArn), nil
    			}).(pulumi.StringOutput),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = iam.NewRolePolicyAttachment(ctx, "replicationRolePolicyAttachment", &iam.RolePolicyAttachmentArgs{
    			Role:      replicationRole.Name,
    			PolicyArn: replicationPolicy.Arn,
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.Provider;
    import com.pulumi.aws.ProviderArgs;
    import com.pulumi.aws.iam.Role;
    import com.pulumi.aws.iam.RoleArgs;
    import com.pulumi.aws.s3.Bucket;
    import com.pulumi.aws.s3.BucketArgs;
    import com.pulumi.aws.s3.inputs.BucketVersioningArgs;
    import com.pulumi.aws.s3.inputs.BucketReplicationConfigurationArgs;
    import com.pulumi.aws.iam.Policy;
    import com.pulumi.aws.iam.PolicyArgs;
    import com.pulumi.aws.iam.RolePolicyAttachment;
    import com.pulumi.aws.iam.RolePolicyAttachmentArgs;
    import com.pulumi.resources.CustomResourceOptions;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var central = new Provider("central", ProviderArgs.builder()        
                .region("eu-central-1")
                .build());
    
            var replicationRole = new Role("replicationRole", RoleArgs.builder()        
                .assumeRolePolicy("""
    {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Action": "sts:AssumeRole",
          "Principal": {
            "Service": "s3.amazonaws.com"
          },
          "Effect": "Allow",
          "Sid": ""
        }
      ]
    }
                """)
                .build());
    
            var destination = new Bucket("destination", BucketArgs.builder()        
                .versioning(BucketVersioningArgs.builder()
                    .enabled(true)
                    .build())
                .build());
    
            var source = new Bucket("source", BucketArgs.builder()        
                .acl("private")
                .versioning(BucketVersioningArgs.builder()
                    .enabled(true)
                    .build())
                .replicationConfiguration(BucketReplicationConfigurationArgs.builder()
                    .role(replicationRole.arn())
                    .rules(BucketReplicationConfigurationRuleArgs.builder()
                        .id("foobar")
                        .status("Enabled")
                        .filter(BucketReplicationConfigurationRuleFilterArgs.builder()
                            .tags()
                            .build())
                        .destination(BucketReplicationConfigurationRuleDestinationArgs.builder()
                            .bucket(destination.arn())
                            .storageClass("STANDARD")
                            .replicationTime(BucketReplicationConfigurationRuleDestinationReplicationTimeArgs.builder()
                                .status("Enabled")
                                .minutes(15)
                                .build())
                            .metrics(BucketReplicationConfigurationRuleDestinationMetricsArgs.builder()
                                .status("Enabled")
                                .minutes(15)
                                .build())
                            .build())
                        .build())
                    .build())
                .build(), CustomResourceOptions.builder()
                    .provider(aws.central())
                    .build());
    
            var replicationPolicy = new Policy("replicationPolicy", PolicyArgs.builder()        
                .policy(Output.tuple(source.arn(), source.arn(), destination.arn()).applyValue(values -> {
                    var sourceArn = values.t1;
                    var sourceArn1 = values.t2;
                    var destinationArn = values.t3;
                    return """
    {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Action": [
            "s3:GetReplicationConfiguration",
            "s3:ListBucket"
          ],
          "Effect": "Allow",
          "Resource": [
            "%s"
          ]
        },
        {
          "Action": [
            "s3:GetObjectVersionForReplication",
            "s3:GetObjectVersionAcl",
             "s3:GetObjectVersionTagging"
          ],
          "Effect": "Allow",
          "Resource": [
            "%s/*"
          ]
        },
        {
          "Action": [
            "s3:ReplicateObject",
            "s3:ReplicateDelete",
            "s3:ReplicateTags"
          ],
          "Effect": "Allow",
          "Resource": "%s/*"
        }
      ]
    }
    ", sourceArn,sourceArn1,destinationArn);
                }))
                .build());
    
            var replicationRolePolicyAttachment = new RolePolicyAttachment("replicationRolePolicyAttachment", RolePolicyAttachmentArgs.builder()        
                .role(replicationRole.name())
                .policyArn(replicationPolicy.arn())
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_aws as aws
    
    central = aws.Provider("central", region="eu-central-1")
    replication_role = aws.iam.Role("replicationRole", assume_role_policy="""{
      "Version": "2012-10-17",
      "Statement": [
        {
          "Action": "sts:AssumeRole",
          "Principal": {
            "Service": "s3.amazonaws.com"
          },
          "Effect": "Allow",
          "Sid": ""
        }
      ]
    }
    """)
    destination = aws.s3.Bucket("destination", versioning=aws.s3.BucketVersioningArgs(
        enabled=True,
    ))
    source = aws.s3.Bucket("source",
        acl="private",
        versioning=aws.s3.BucketVersioningArgs(
            enabled=True,
        ),
        replication_configuration=aws.s3.BucketReplicationConfigurationArgs(
            role=replication_role.arn,
            rules=[aws.s3.BucketReplicationConfigurationRuleArgs(
                id="foobar",
                status="Enabled",
                filter=aws.s3.BucketReplicationConfigurationRuleFilterArgs(
                    tags={},
                ),
                destination=aws.s3.BucketReplicationConfigurationRuleDestinationArgs(
                    bucket=destination.arn,
                    storage_class="STANDARD",
                    replication_time=aws.s3.BucketReplicationConfigurationRuleDestinationReplicationTimeArgs(
                        status="Enabled",
                        minutes=15,
                    ),
                    metrics=aws.s3.BucketReplicationConfigurationRuleDestinationMetricsArgs(
                        status="Enabled",
                        minutes=15,
                    ),
                ),
            )],
        ),
        opts=pulumi.ResourceOptions(provider=aws["central"]))
    replication_policy = aws.iam.Policy("replicationPolicy", policy=pulumi.Output.all(source.arn, source.arn, destination.arn).apply(lambda sourceArn, sourceArn1, destinationArn: f"""{{
      "Version": "2012-10-17",
      "Statement": [
        {{
          "Action": [
            "s3:GetReplicationConfiguration",
            "s3:ListBucket"
          ],
          "Effect": "Allow",
          "Resource": [
            "{source_arn}"
          ]
        }},
        {{
          "Action": [
            "s3:GetObjectVersionForReplication",
            "s3:GetObjectVersionAcl",
             "s3:GetObjectVersionTagging"
          ],
          "Effect": "Allow",
          "Resource": [
            "{source_arn1}/*"
          ]
        }},
        {{
          "Action": [
            "s3:ReplicateObject",
            "s3:ReplicateDelete",
            "s3:ReplicateTags"
          ],
          "Effect": "Allow",
          "Resource": "{destination_arn}/*"
        }}
      ]
    }}
    """))
    replication_role_policy_attachment = aws.iam.RolePolicyAttachment("replicationRolePolicyAttachment",
        role=replication_role.name,
        policy_arn=replication_policy.arn)
    
    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const central = new aws.Provider("central", {region: "eu-central-1"});
    const replicationRole = new aws.iam.Role("replicationRole", {assumeRolePolicy: `{
      "Version": "2012-10-17",
      "Statement": [
        {
          "Action": "sts:AssumeRole",
          "Principal": {
            "Service": "s3.amazonaws.com"
          },
          "Effect": "Allow",
          "Sid": ""
        }
      ]
    }
    `});
    const destination = new aws.s3.Bucket("destination", {versioning: {
        enabled: true,
    }});
    const source = new aws.s3.Bucket("source", {
        acl: "private",
        versioning: {
            enabled: true,
        },
        replicationConfiguration: {
            role: replicationRole.arn,
            rules: [{
                id: "foobar",
                status: "Enabled",
                filter: {
                    tags: {},
                },
                destination: {
                    bucket: destination.arn,
                    storageClass: "STANDARD",
                    replicationTime: {
                        status: "Enabled",
                        minutes: 15,
                    },
                    metrics: {
                        status: "Enabled",
                        minutes: 15,
                    },
                },
            }],
        },
    }, {
        provider: aws.central,
    });
    const replicationPolicy = new aws.iam.Policy("replicationPolicy", {policy: pulumi.interpolate`{
      "Version": "2012-10-17",
      "Statement": [
        {
          "Action": [
            "s3:GetReplicationConfiguration",
            "s3:ListBucket"
          ],
          "Effect": "Allow",
          "Resource": [
            "${source.arn}"
          ]
        },
        {
          "Action": [
            "s3:GetObjectVersionForReplication",
            "s3:GetObjectVersionAcl",
             "s3:GetObjectVersionTagging"
          ],
          "Effect": "Allow",
          "Resource": [
            "${source.arn}/*"
          ]
        },
        {
          "Action": [
            "s3:ReplicateObject",
            "s3:ReplicateDelete",
            "s3:ReplicateTags"
          ],
          "Effect": "Allow",
          "Resource": "${destination.arn}/*"
        }
      ]
    }
    `});
    const replicationRolePolicyAttachment = new aws.iam.RolePolicyAttachment("replicationRolePolicyAttachment", {
        role: replicationRole.name,
        policyArn: replicationPolicy.arn,
    });
    
    resources:
      central:
        type: pulumi:providers:aws
        properties:
          region: eu-central-1
      replicationRole:
        type: aws:iam:Role
        properties:
          assumeRolePolicy: |
            {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Action": "sts:AssumeRole",
                  "Principal": {
                    "Service": "s3.amazonaws.com"
                  },
                  "Effect": "Allow",
                  "Sid": ""
                }
              ]
            }        
      replicationPolicy:
        type: aws:iam:Policy
        properties:
          policy: |
            {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Action": [
                    "s3:GetReplicationConfiguration",
                    "s3:ListBucket"
                  ],
                  "Effect": "Allow",
                  "Resource": [
                    "${source.arn}"
                  ]
                },
                {
                  "Action": [
                    "s3:GetObjectVersionForReplication",
                    "s3:GetObjectVersionAcl",
                     "s3:GetObjectVersionTagging"
                  ],
                  "Effect": "Allow",
                  "Resource": [
                    "${source.arn}/*"
                  ]
                },
                {
                  "Action": [
                    "s3:ReplicateObject",
                    "s3:ReplicateDelete",
                    "s3:ReplicateTags"
                  ],
                  "Effect": "Allow",
                  "Resource": "${destination.arn}/*"
                }
              ]
            }        
      replicationRolePolicyAttachment:
        type: aws:iam:RolePolicyAttachment
        properties:
          role: ${replicationRole.name}
          policyArn: ${replicationPolicy.arn}
      destination:
        type: aws:s3:Bucket
        properties:
          versioning:
            enabled: true
      source:
        type: aws:s3:Bucket
        properties:
          acl: private
          versioning:
            enabled: true
          replicationConfiguration:
            role: ${replicationRole.arn}
            rules:
              - id: foobar
                status: Enabled
                filter:
                  tags: {}
                destination:
                  bucket: ${destination.arn}
                  storageClass: STANDARD
                  replicationTime:
                    status: Enabled
                    minutes: 15
                  metrics:
                    status: Enabled
                    minutes: 15
        options:
          provider: ${aws.central}
    

    Enable Default Server Side Encryption

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var mykey = new Aws.Kms.Key("mykey", new()
        {
            Description = "This key is used to encrypt bucket objects",
            DeletionWindowInDays = 10,
        });
    
        var mybucket = new Aws.S3.Bucket("mybucket", new()
        {
            ServerSideEncryptionConfiguration = new Aws.S3.Inputs.BucketServerSideEncryptionConfigurationArgs
            {
                Rule = new Aws.S3.Inputs.BucketServerSideEncryptionConfigurationRuleArgs
                {
                    ApplyServerSideEncryptionByDefault = new Aws.S3.Inputs.BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefaultArgs
                    {
                        KmsMasterKeyId = mykey.Arn,
                        SseAlgorithm = "aws:kms",
                    },
                },
            },
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms"
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		mykey, err := kms.NewKey(ctx, "mykey", &kms.KeyArgs{
    			Description:          pulumi.String("This key is used to encrypt bucket objects"),
    			DeletionWindowInDays: pulumi.Int(10),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = s3.NewBucket(ctx, "mybucket", &s3.BucketArgs{
    			ServerSideEncryptionConfiguration: &s3.BucketServerSideEncryptionConfigurationArgs{
    				Rule: &s3.BucketServerSideEncryptionConfigurationRuleArgs{
    					ApplyServerSideEncryptionByDefault: &s3.BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefaultArgs{
    						KmsMasterKeyId: mykey.Arn,
    						SseAlgorithm:   pulumi.String("aws:kms"),
    					},
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.kms.Key;
    import com.pulumi.aws.kms.KeyArgs;
    import com.pulumi.aws.s3.Bucket;
    import com.pulumi.aws.s3.BucketArgs;
    import com.pulumi.aws.s3.inputs.BucketServerSideEncryptionConfigurationArgs;
    import com.pulumi.aws.s3.inputs.BucketServerSideEncryptionConfigurationRuleArgs;
    import com.pulumi.aws.s3.inputs.BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefaultArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var mykey = new Key("mykey", KeyArgs.builder()        
                .description("This key is used to encrypt bucket objects")
                .deletionWindowInDays(10)
                .build());
    
            var mybucket = new Bucket("mybucket", BucketArgs.builder()        
                .serverSideEncryptionConfiguration(BucketServerSideEncryptionConfigurationArgs.builder()
                    .rule(BucketServerSideEncryptionConfigurationRuleArgs.builder()
                        .applyServerSideEncryptionByDefault(BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefaultArgs.builder()
                            .kmsMasterKeyId(mykey.arn())
                            .sseAlgorithm("aws:kms")
                            .build())
                        .build())
                    .build())
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_aws as aws
    
    mykey = aws.kms.Key("mykey",
        description="This key is used to encrypt bucket objects",
        deletion_window_in_days=10)
    mybucket = aws.s3.Bucket("mybucket", server_side_encryption_configuration=aws.s3.BucketServerSideEncryptionConfigurationArgs(
        rule=aws.s3.BucketServerSideEncryptionConfigurationRuleArgs(
            apply_server_side_encryption_by_default=aws.s3.BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefaultArgs(
                kms_master_key_id=mykey.arn,
                sse_algorithm="aws:kms",
            ),
        ),
    ))
    
    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const mykey = new aws.kms.Key("mykey", {
        description: "This key is used to encrypt bucket objects",
        deletionWindowInDays: 10,
    });
    const mybucket = new aws.s3.Bucket("mybucket", {serverSideEncryptionConfiguration: {
        rule: {
            applyServerSideEncryptionByDefault: {
                kmsMasterKeyId: mykey.arn,
                sseAlgorithm: "aws:kms",
            },
        },
    }});
    
    resources:
      mykey:
        type: aws:kms:Key
        properties:
          description: This key is used to encrypt bucket objects
          deletionWindowInDays: 10
      mybucket:
        type: aws:s3:Bucket
        properties:
          serverSideEncryptionConfiguration:
            rule:
              applyServerSideEncryptionByDefault:
                kmsMasterKeyId: ${mykey.arn}
                sseAlgorithm: aws:kms
    

    Using ACL policy grants

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var currentUser = Aws.S3.GetCanonicalUserId.Invoke();
    
        var bucket = new Aws.S3.Bucket("bucket", new()
        {
            Grants = new[]
            {
                new Aws.S3.Inputs.BucketGrantArgs
                {
                    Id = currentUser.Apply(getCanonicalUserIdResult => getCanonicalUserIdResult.Id),
                    Type = "CanonicalUser",
                    Permissions = new[]
                    {
                        "FULL_CONTROL",
                    },
                },
                new Aws.S3.Inputs.BucketGrantArgs
                {
                    Type = "Group",
                    Permissions = new[]
                    {
                        "READ_ACP",
                        "WRITE",
                    },
                    Uri = "http://acs.amazonaws.com/groups/s3/LogDelivery",
                },
            },
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		currentUser, err := s3.GetCanonicalUserId(ctx, nil, nil)
    		if err != nil {
    			return err
    		}
    		_, err = s3.NewBucket(ctx, "bucket", &s3.BucketArgs{
    			Grants: s3.BucketGrantArray{
    				&s3.BucketGrantArgs{
    					Id:   *pulumi.String(currentUser.Id),
    					Type: pulumi.String("CanonicalUser"),
    					Permissions: pulumi.StringArray{
    						pulumi.String("FULL_CONTROL"),
    					},
    				},
    				&s3.BucketGrantArgs{
    					Type: pulumi.String("Group"),
    					Permissions: pulumi.StringArray{
    						pulumi.String("READ_ACP"),
    						pulumi.String("WRITE"),
    					},
    					Uri: pulumi.String("http://acs.amazonaws.com/groups/s3/LogDelivery"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.s3.S3Functions;
    import com.pulumi.aws.s3.Bucket;
    import com.pulumi.aws.s3.BucketArgs;
    import com.pulumi.aws.s3.inputs.BucketGrantArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var currentUser = S3Functions.getCanonicalUserId();
    
            var bucket = new Bucket("bucket", BucketArgs.builder()        
                .grants(            
                    BucketGrantArgs.builder()
                        .id(currentUser.applyValue(getCanonicalUserIdResult -> getCanonicalUserIdResult.id()))
                        .type("CanonicalUser")
                        .permissions("FULL_CONTROL")
                        .build(),
                    BucketGrantArgs.builder()
                        .type("Group")
                        .permissions(                    
                            "READ_ACP",
                            "WRITE")
                        .uri("http://acs.amazonaws.com/groups/s3/LogDelivery")
                        .build())
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_aws as aws
    
    current_user = aws.s3.get_canonical_user_id()
    bucket = aws.s3.Bucket("bucket", grants=[
        aws.s3.BucketGrantArgs(
            id=current_user.id,
            type="CanonicalUser",
            permissions=["FULL_CONTROL"],
        ),
        aws.s3.BucketGrantArgs(
            type="Group",
            permissions=[
                "READ_ACP",
                "WRITE",
            ],
            uri="http://acs.amazonaws.com/groups/s3/LogDelivery",
        ),
    ])
    
    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const currentUser = aws.s3.getCanonicalUserId({});
    const bucket = new aws.s3.Bucket("bucket", {grants: [
        {
            id: currentUser.then(currentUser => currentUser.id),
            type: "CanonicalUser",
            permissions: ["FULL_CONTROL"],
        },
        {
            type: "Group",
            permissions: [
                "READ_ACP",
                "WRITE",
            ],
            uri: "http://acs.amazonaws.com/groups/s3/LogDelivery",
        },
    ]});
    
    resources:
      bucket:
        type: aws:s3:Bucket
        properties:
          grants:
            - id: ${currentUser.id}
              type: CanonicalUser
              permissions:
                - FULL_CONTROL
            - type: Group
              permissions:
                - READ_ACP
                - WRITE
              uri: http://acs.amazonaws.com/groups/s3/LogDelivery
    variables:
      currentUser:
        fn::invoke:
          Function: aws:s3:getCanonicalUserId
          Arguments: {}
    

    Create Bucket Resource

    new Bucket(name: string, args?: BucketArgs, opts?: CustomResourceOptions);
    @overload
    def Bucket(resource_name: str,
               opts: Optional[ResourceOptions] = None,
               acceleration_status: Optional[str] = None,
               acl: Optional[Union[str, CannedAcl]] = None,
               arn: Optional[str] = None,
               bucket: Optional[str] = None,
               bucket_prefix: Optional[str] = None,
               cors_rules: Optional[Sequence[BucketCorsRuleArgs]] = None,
               force_destroy: Optional[bool] = None,
               grants: Optional[Sequence[BucketGrantArgs]] = None,
               hosted_zone_id: Optional[str] = None,
               lifecycle_rules: Optional[Sequence[BucketLifecycleRuleArgs]] = None,
               loggings: Optional[Sequence[BucketLoggingArgs]] = None,
               object_lock_configuration: Optional[BucketObjectLockConfigurationArgs] = None,
               policy: Optional[str] = None,
               replication_configuration: Optional[BucketReplicationConfigurationArgs] = None,
               request_payer: Optional[str] = None,
               server_side_encryption_configuration: Optional[BucketServerSideEncryptionConfigurationArgs] = None,
               tags: Optional[Mapping[str, str]] = None,
               versioning: Optional[BucketVersioningArgs] = None,
               website: Optional[BucketWebsiteArgs] = None,
               website_domain: Optional[str] = None,
               website_endpoint: Optional[str] = None)
    @overload
    def Bucket(resource_name: str,
               args: Optional[BucketArgs] = None,
               opts: Optional[ResourceOptions] = None)
    func NewBucket(ctx *Context, name string, args *BucketArgs, opts ...ResourceOption) (*Bucket, error)
    public Bucket(string name, BucketArgs? args = null, CustomResourceOptions? opts = null)
    public Bucket(String name, BucketArgs args)
    public Bucket(String name, BucketArgs args, CustomResourceOptions options)
    
    type: aws:s3:Bucket
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args BucketArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args BucketArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args BucketArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args BucketArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args BucketArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Bucket Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The Bucket resource accepts the following input properties:

    AccelerationStatus string

    Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended.

    Acl string | Pulumi.Aws.S3.CannedAcl

    The canned ACL to apply. Valid values are private, public-read, public-read-write, aws-exec-read, authenticated-read, and log-delivery-write. Defaults to private. Conflicts with grant.

    Arn string

    The ARN of the bucket. Will be of format arn:aws:s3:::bucketname.

    BucketName string

    The name of the bucket. If omitted, this provider will assign a random, unique name. Must be lowercase and less than or equal to 63 characters in length. A full list of bucket naming rules may be found here.

    BucketPrefix string

    Creates a unique bucket name beginning with the specified prefix. Conflicts with bucket. Must be lowercase and less than or equal to 37 characters in length. A full list of bucket naming rules may be found here.

    CorsRules List<BucketCorsRule>

    A rule of Cross-Origin Resource Sharing (documented below).

    ForceDestroy bool

    A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.

    Grants List<BucketGrant>

    An ACL policy grant (documented below). Conflicts with acl.

    HostedZoneId string

    The Route 53 Hosted Zone ID for this bucket's region.

    LifecycleRules List<BucketLifecycleRule>

    A configuration of object lifecycle management (documented below).

    Loggings List<BucketLogging>

    A settings of bucket logging (documented below).

    ObjectLockConfiguration BucketObjectLockConfiguration

    A configuration of S3 object locking (documented below)

    NOTE: You cannot use acceleration_status in cn-north-1 or us-gov-west-1

    Policy string | string

    A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), this provider may view the policy as constantly changing in a pulumi preview. In this case, please make sure you use the verbose/specific version of the policy.

    ReplicationConfiguration BucketReplicationConfiguration

    A configuration of replication configuration (documented below).

    RequestPayer string

    Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information.

    ServerSideEncryptionConfiguration BucketServerSideEncryptionConfiguration

    A configuration of server-side encryption configuration (documented below)

    Tags Dictionary<string, string>

    A map of tags to assign to the bucket. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    Versioning BucketVersioning

    A state of versioning (documented below)

    Website BucketWebsite

    A website object (documented below).

    WebsiteDomain string

    The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.

    WebsiteEndpoint string

    The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.

    AccelerationStatus string

    Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended.

    Acl string | CannedAcl

    The canned ACL to apply. Valid values are private, public-read, public-read-write, aws-exec-read, authenticated-read, and log-delivery-write. Defaults to private. Conflicts with grant.

    Arn string

    The ARN of the bucket. Will be of format arn:aws:s3:::bucketname.

    Bucket string

    The name of the bucket. If omitted, this provider will assign a random, unique name. Must be lowercase and less than or equal to 63 characters in length. A full list of bucket naming rules may be found here.

    BucketPrefix string

    Creates a unique bucket name beginning with the specified prefix. Conflicts with bucket. Must be lowercase and less than or equal to 37 characters in length. A full list of bucket naming rules may be found here.

    CorsRules []BucketCorsRuleArgs

    A rule of Cross-Origin Resource Sharing (documented below).

    ForceDestroy bool

    A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.

    Grants []BucketGrantArgs

    An ACL policy grant (documented below). Conflicts with acl.

    HostedZoneId string

    The Route 53 Hosted Zone ID for this bucket's region.

    LifecycleRules []BucketLifecycleRuleArgs

    A configuration of object lifecycle management (documented below).

    Loggings []BucketLoggingArgs

    A settings of bucket logging (documented below).

    ObjectLockConfiguration BucketObjectLockConfigurationArgs

    A configuration of S3 object locking (documented below)

    NOTE: You cannot use acceleration_status in cn-north-1 or us-gov-west-1

    Policy string | string

    A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), this provider may view the policy as constantly changing in a pulumi preview. In this case, please make sure you use the verbose/specific version of the policy.

    ReplicationConfiguration BucketReplicationConfigurationArgs

    A configuration of replication configuration (documented below).

    RequestPayer string

    Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information.

    ServerSideEncryptionConfiguration BucketServerSideEncryptionConfigurationArgs

    A configuration of server-side encryption configuration (documented below)

    Tags map[string]string

    A map of tags to assign to the bucket. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    Versioning BucketVersioningArgs

    A state of versioning (documented below)

    Website BucketWebsiteArgs

    A website object (documented below).

    WebsiteDomain string

    The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.

    WebsiteEndpoint string

    The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.

    accelerationStatus String

    Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended.

    acl String | CannedAcl

    The canned ACL to apply. Valid values are private, public-read, public-read-write, aws-exec-read, authenticated-read, and log-delivery-write. Defaults to private. Conflicts with grant.

    arn String

    The ARN of the bucket. Will be of format arn:aws:s3:::bucketname.

    bucket String

    The name of the bucket. If omitted, this provider will assign a random, unique name. Must be lowercase and less than or equal to 63 characters in length. A full list of bucket naming rules may be found here.

    bucketPrefix String

    Creates a unique bucket name beginning with the specified prefix. Conflicts with bucket. Must be lowercase and less than or equal to 37 characters in length. A full list of bucket naming rules may be found here.

    corsRules List<BucketCorsRule>

    A rule of Cross-Origin Resource Sharing (documented below).

    forceDestroy Boolean

    A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.

    grants List<BucketGrant>

    An ACL policy grant (documented below). Conflicts with acl.

    hostedZoneId String

    The Route 53 Hosted Zone ID for this bucket's region.

    lifecycleRules List<BucketLifecycleRule>

    A configuration of object lifecycle management (documented below).

    loggings List<BucketLogging>

    A settings of bucket logging (documented below).

    objectLockConfiguration BucketObjectLockConfiguration

    A configuration of S3 object locking (documented below)

    NOTE: You cannot use acceleration_status in cn-north-1 or us-gov-west-1

    policy String | String

    A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), this provider may view the policy as constantly changing in a pulumi preview. In this case, please make sure you use the verbose/specific version of the policy.

    replicationConfiguration BucketReplicationConfiguration

    A configuration of replication configuration (documented below).

    requestPayer String

    Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information.

    serverSideEncryptionConfiguration BucketServerSideEncryptionConfiguration

    A configuration of server-side encryption configuration (documented below)

    tags Map<String,String>

    A map of tags to assign to the bucket. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    versioning BucketVersioning

    A state of versioning (documented below)

    website BucketWebsite

    A website object (documented below).

    websiteDomain String

    The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.

    websiteEndpoint String

    The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.

    accelerationStatus string

    Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended.

    acl string | CannedAcl

    The canned ACL to apply. Valid values are private, public-read, public-read-write, aws-exec-read, authenticated-read, and log-delivery-write. Defaults to private. Conflicts with grant.

    arn string

    The ARN of the bucket. Will be of format arn:aws:s3:::bucketname.

    bucket string

    The name of the bucket. If omitted, this provider will assign a random, unique name. Must be lowercase and less than or equal to 63 characters in length. A full list of bucket naming rules may be found here.

    bucketPrefix string

    Creates a unique bucket name beginning with the specified prefix. Conflicts with bucket. Must be lowercase and less than or equal to 37 characters in length. A full list of bucket naming rules may be found here.

    corsRules BucketCorsRule[]

    A rule of Cross-Origin Resource Sharing (documented below).

    forceDestroy boolean

    A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.

    grants BucketGrant[]

    An ACL policy grant (documented below). Conflicts with acl.

    hostedZoneId string

    The Route 53 Hosted Zone ID for this bucket's region.

    lifecycleRules BucketLifecycleRule[]

    A configuration of object lifecycle management (documented below).

    loggings BucketLogging[]

    A settings of bucket logging (documented below).

    objectLockConfiguration BucketObjectLockConfiguration

    A configuration of S3 object locking (documented below)

    NOTE: You cannot use acceleration_status in cn-north-1 or us-gov-west-1

    policy string | PolicyDocument

    A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), this provider may view the policy as constantly changing in a pulumi preview. In this case, please make sure you use the verbose/specific version of the policy.

    replicationConfiguration BucketReplicationConfiguration

    A configuration of replication configuration (documented below).

    requestPayer string

    Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information.

    serverSideEncryptionConfiguration BucketServerSideEncryptionConfiguration

    A configuration of server-side encryption configuration (documented below)

    tags {[key: string]: string}

    A map of tags to assign to the bucket. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    versioning BucketVersioning

    A state of versioning (documented below)

    website BucketWebsite

    A website object (documented below).

    websiteDomain string

    The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.

    websiteEndpoint string

    The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.

    acceleration_status str

    Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended.

    acl str | CannedAcl

    The canned ACL to apply. Valid values are private, public-read, public-read-write, aws-exec-read, authenticated-read, and log-delivery-write. Defaults to private. Conflicts with grant.

    arn str

    The ARN of the bucket. Will be of format arn:aws:s3:::bucketname.

    bucket str

    The name of the bucket. If omitted, this provider will assign a random, unique name. Must be lowercase and less than or equal to 63 characters in length. A full list of bucket naming rules may be found here.

    bucket_prefix str

    Creates a unique bucket name beginning with the specified prefix. Conflicts with bucket. Must be lowercase and less than or equal to 37 characters in length. A full list of bucket naming rules may be found here.

    cors_rules Sequence[BucketCorsRuleArgs]

    A rule of Cross-Origin Resource Sharing (documented below).

    force_destroy bool

    A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.

    grants Sequence[BucketGrantArgs]

    An ACL policy grant (documented below). Conflicts with acl.

    hosted_zone_id str

    The Route 53 Hosted Zone ID for this bucket's region.

    lifecycle_rules Sequence[BucketLifecycleRuleArgs]

    A configuration of object lifecycle management (documented below).

    loggings Sequence[BucketLoggingArgs]

    A settings of bucket logging (documented below).

    object_lock_configuration BucketObjectLockConfigurationArgs

    A configuration of S3 object locking (documented below)

    NOTE: You cannot use acceleration_status in cn-north-1 or us-gov-west-1

    policy str | str

    A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), this provider may view the policy as constantly changing in a pulumi preview. In this case, please make sure you use the verbose/specific version of the policy.

    replication_configuration BucketReplicationConfigurationArgs

    A configuration of replication configuration (documented below).

    request_payer str

    Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information.

    server_side_encryption_configuration BucketServerSideEncryptionConfigurationArgs

    A configuration of server-side encryption configuration (documented below)

    tags Mapping[str, str]

    A map of tags to assign to the bucket. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    versioning BucketVersioningArgs

    A state of versioning (documented below)

    website BucketWebsiteArgs

    A website object (documented below).

    website_domain str

    The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.

    website_endpoint str

    The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.

    accelerationStatus String

    Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended.

    acl String | "private" | "public-read" | "public-read-write" | "aws-exec-read" | "authenticated-read" | "bucket-owner-read" | "bucket-owner-full-control" | "log-delivery-write"

    The canned ACL to apply. Valid values are private, public-read, public-read-write, aws-exec-read, authenticated-read, and log-delivery-write. Defaults to private. Conflicts with grant.

    arn String

    The ARN of the bucket. Will be of format arn:aws:s3:::bucketname.

    bucket String

    The name of the bucket. If omitted, this provider will assign a random, unique name. Must be lowercase and less than or equal to 63 characters in length. A full list of bucket naming rules may be found here.

    bucketPrefix String

    Creates a unique bucket name beginning with the specified prefix. Conflicts with bucket. Must be lowercase and less than or equal to 37 characters in length. A full list of bucket naming rules may be found here.

    corsRules List<Property Map>

    A rule of Cross-Origin Resource Sharing (documented below).

    forceDestroy Boolean

    A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.

    grants List<Property Map>

    An ACL policy grant (documented below). Conflicts with acl.

    hostedZoneId String

    The Route 53 Hosted Zone ID for this bucket's region.

    lifecycleRules List<Property Map>

    A configuration of object lifecycle management (documented below).

    loggings List<Property Map>

    A settings of bucket logging (documented below).

    objectLockConfiguration Property Map

    A configuration of S3 object locking (documented below)

    NOTE: You cannot use acceleration_status in cn-north-1 or us-gov-west-1

    policy String |

    A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), this provider may view the policy as constantly changing in a pulumi preview. In this case, please make sure you use the verbose/specific version of the policy.

    replicationConfiguration Property Map

    A configuration of replication configuration (documented below).

    requestPayer String

    Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information.

    serverSideEncryptionConfiguration Property Map

    A configuration of server-side encryption configuration (documented below)

    tags Map<String>

    A map of tags to assign to the bucket. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    versioning Property Map

    A state of versioning (documented below)

    website Property Map

    A website object (documented below).

    websiteDomain String

    The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.

    websiteEndpoint String

    The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Bucket resource produces the following output properties:

    BucketDomainName string

    The bucket domain name. Will be of format bucketname.s3.amazonaws.com.

    BucketRegionalDomainName string

    The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.

    Id string

    The provider-assigned unique ID for this managed resource.

    Region string

    The AWS region this bucket resides in.

    TagsAll Dictionary<string, string>

    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:

    Please use tags instead.

    BucketDomainName string

    The bucket domain name. Will be of format bucketname.s3.amazonaws.com.

    BucketRegionalDomainName string

    The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.

    Id string

    The provider-assigned unique ID for this managed resource.

    Region string

    The AWS region this bucket resides in.

    TagsAll map[string]string

    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:

    Please use tags instead.

    bucketDomainName String

    The bucket domain name. Will be of format bucketname.s3.amazonaws.com.

    bucketRegionalDomainName String

    The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.

    id String

    The provider-assigned unique ID for this managed resource.

    region String

    The AWS region this bucket resides in.

    tagsAll Map<String,String>

    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:

    Please use tags instead.

    bucketDomainName string

    The bucket domain name. Will be of format bucketname.s3.amazonaws.com.

    bucketRegionalDomainName string

    The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.

    id string

    The provider-assigned unique ID for this managed resource.

    region string

    The AWS region this bucket resides in.

    tagsAll {[key: string]: string}

    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:

    Please use tags instead.

    bucket_domain_name str

    The bucket domain name. Will be of format bucketname.s3.amazonaws.com.

    bucket_regional_domain_name str

    The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.

    id str

    The provider-assigned unique ID for this managed resource.

    region str

    The AWS region this bucket resides in.

    tags_all Mapping[str, str]

    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:

    Please use tags instead.

    bucketDomainName String

    The bucket domain name. Will be of format bucketname.s3.amazonaws.com.

    bucketRegionalDomainName String

    The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.

    id String

    The provider-assigned unique ID for this managed resource.

    region String

    The AWS region this bucket resides in.

    tagsAll Map<String>

    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:

    Please use tags instead.

    Look up Existing Bucket Resource

    Get an existing Bucket resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: BucketState, opts?: CustomResourceOptions): Bucket
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            acceleration_status: Optional[str] = None,
            acl: Optional[Union[str, CannedAcl]] = None,
            arn: Optional[str] = None,
            bucket: Optional[str] = None,
            bucket_domain_name: Optional[str] = None,
            bucket_prefix: Optional[str] = None,
            bucket_regional_domain_name: Optional[str] = None,
            cors_rules: Optional[Sequence[BucketCorsRuleArgs]] = None,
            force_destroy: Optional[bool] = None,
            grants: Optional[Sequence[BucketGrantArgs]] = None,
            hosted_zone_id: Optional[str] = None,
            lifecycle_rules: Optional[Sequence[BucketLifecycleRuleArgs]] = None,
            loggings: Optional[Sequence[BucketLoggingArgs]] = None,
            object_lock_configuration: Optional[BucketObjectLockConfigurationArgs] = None,
            policy: Optional[str] = None,
            region: Optional[str] = None,
            replication_configuration: Optional[BucketReplicationConfigurationArgs] = None,
            request_payer: Optional[str] = None,
            server_side_encryption_configuration: Optional[BucketServerSideEncryptionConfigurationArgs] = None,
            tags: Optional[Mapping[str, str]] = None,
            tags_all: Optional[Mapping[str, str]] = None,
            versioning: Optional[BucketVersioningArgs] = None,
            website: Optional[BucketWebsiteArgs] = None,
            website_domain: Optional[str] = None,
            website_endpoint: Optional[str] = None) -> Bucket
    func GetBucket(ctx *Context, name string, id IDInput, state *BucketState, opts ...ResourceOption) (*Bucket, error)
    public static Bucket Get(string name, Input<string> id, BucketState? state, CustomResourceOptions? opts = null)
    public static Bucket get(String name, Output<String> id, BucketState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AccelerationStatus string

    Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended.

    Acl string | Pulumi.Aws.S3.CannedAcl

    The canned ACL to apply. Valid values are private, public-read, public-read-write, aws-exec-read, authenticated-read, and log-delivery-write. Defaults to private. Conflicts with grant.

    Arn string

    The ARN of the bucket. Will be of format arn:aws:s3:::bucketname.

    BucketDomainName string

    The bucket domain name. Will be of format bucketname.s3.amazonaws.com.

    BucketName string

    The name of the bucket. If omitted, this provider will assign a random, unique name. Must be lowercase and less than or equal to 63 characters in length. A full list of bucket naming rules may be found here.

    BucketPrefix string

    Creates a unique bucket name beginning with the specified prefix. Conflicts with bucket. Must be lowercase and less than or equal to 37 characters in length. A full list of bucket naming rules may be found here.

    BucketRegionalDomainName string

    The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.

    CorsRules List<BucketCorsRule>

    A rule of Cross-Origin Resource Sharing (documented below).

    ForceDestroy bool

    A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.

    Grants List<BucketGrant>

    An ACL policy grant (documented below). Conflicts with acl.

    HostedZoneId string

    The Route 53 Hosted Zone ID for this bucket's region.

    LifecycleRules List<BucketLifecycleRule>

    A configuration of object lifecycle management (documented below).

    Loggings List<BucketLogging>

    A settings of bucket logging (documented below).

    ObjectLockConfiguration BucketObjectLockConfiguration

    A configuration of S3 object locking (documented below)

    NOTE: You cannot use acceleration_status in cn-north-1 or us-gov-west-1

    Policy string | string

    A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), this provider may view the policy as constantly changing in a pulumi preview. In this case, please make sure you use the verbose/specific version of the policy.

    Region string

    The AWS region this bucket resides in.

    ReplicationConfiguration BucketReplicationConfiguration

    A configuration of replication configuration (documented below).

    RequestPayer string

    Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information.

    ServerSideEncryptionConfiguration BucketServerSideEncryptionConfiguration

    A configuration of server-side encryption configuration (documented below)

    Tags Dictionary<string, string>

    A map of tags to assign to the bucket. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    TagsAll Dictionary<string, string>

    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:

    Please use tags instead.

    Versioning BucketVersioning

    A state of versioning (documented below)

    Website BucketWebsite

    A website object (documented below).

    WebsiteDomain string

    The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.

    WebsiteEndpoint string

    The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.

    AccelerationStatus string

    Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended.

    Acl string | CannedAcl

    The canned ACL to apply. Valid values are private, public-read, public-read-write, aws-exec-read, authenticated-read, and log-delivery-write. Defaults to private. Conflicts with grant.

    Arn string

    The ARN of the bucket. Will be of format arn:aws:s3:::bucketname.

    Bucket string

    The name of the bucket. If omitted, this provider will assign a random, unique name. Must be lowercase and less than or equal to 63 characters in length. A full list of bucket naming rules may be found here.

    BucketDomainName string

    The bucket domain name. Will be of format bucketname.s3.amazonaws.com.

    BucketPrefix string

    Creates a unique bucket name beginning with the specified prefix. Conflicts with bucket. Must be lowercase and less than or equal to 37 characters in length. A full list of bucket naming rules may be found here.

    BucketRegionalDomainName string

    The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.

    CorsRules []BucketCorsRuleArgs

    A rule of Cross-Origin Resource Sharing (documented below).

    ForceDestroy bool

    A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.

    Grants []BucketGrantArgs

    An ACL policy grant (documented below). Conflicts with acl.

    HostedZoneId string

    The Route 53 Hosted Zone ID for this bucket's region.

    LifecycleRules []BucketLifecycleRuleArgs

    A configuration of object lifecycle management (documented below).

    Loggings []BucketLoggingArgs

    A settings of bucket logging (documented below).

    ObjectLockConfiguration BucketObjectLockConfigurationArgs

    A configuration of S3 object locking (documented below)

    NOTE: You cannot use acceleration_status in cn-north-1 or us-gov-west-1

    Policy string | string

    A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), this provider may view the policy as constantly changing in a pulumi preview. In this case, please make sure you use the verbose/specific version of the policy.

    Region string

    The AWS region this bucket resides in.

    ReplicationConfiguration BucketReplicationConfigurationArgs

    A configuration of replication configuration (documented below).

    RequestPayer string

    Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information.

    ServerSideEncryptionConfiguration BucketServerSideEncryptionConfigurationArgs

    A configuration of server-side encryption configuration (documented below)

    Tags map[string]string

    A map of tags to assign to the bucket. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    TagsAll map[string]string

    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:

    Please use tags instead.

    Versioning BucketVersioningArgs

    A state of versioning (documented below)

    Website BucketWebsiteArgs

    A website object (documented below).

    WebsiteDomain string

    The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.

    WebsiteEndpoint string

    The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.

    accelerationStatus String

    Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended.

    acl String | CannedAcl

    The canned ACL to apply. Valid values are private, public-read, public-read-write, aws-exec-read, authenticated-read, and log-delivery-write. Defaults to private. Conflicts with grant.

    arn String

    The ARN of the bucket. Will be of format arn:aws:s3:::bucketname.

    bucket String

    The name of the bucket. If omitted, this provider will assign a random, unique name. Must be lowercase and less than or equal to 63 characters in length. A full list of bucket naming rules may be found here.

    bucketDomainName String

    The bucket domain name. Will be of format bucketname.s3.amazonaws.com.

    bucketPrefix String

    Creates a unique bucket name beginning with the specified prefix. Conflicts with bucket. Must be lowercase and less than or equal to 37 characters in length. A full list of bucket naming rules may be found here.

    bucketRegionalDomainName String

    The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.

    corsRules List<BucketCorsRule>

    A rule of Cross-Origin Resource Sharing (documented below).

    forceDestroy Boolean

    A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.

    grants List<BucketGrant>

    An ACL policy grant (documented below). Conflicts with acl.

    hostedZoneId String

    The Route 53 Hosted Zone ID for this bucket's region.

    lifecycleRules List<BucketLifecycleRule>

    A configuration of object lifecycle management (documented below).

    loggings List<BucketLogging>

    A settings of bucket logging (documented below).

    objectLockConfiguration BucketObjectLockConfiguration

    A configuration of S3 object locking (documented below)

    NOTE: You cannot use acceleration_status in cn-north-1 or us-gov-west-1

    policy String | String

    A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), this provider may view the policy as constantly changing in a pulumi preview. In this case, please make sure you use the verbose/specific version of the policy.

    region String

    The AWS region this bucket resides in.

    replicationConfiguration BucketReplicationConfiguration

    A configuration of replication configuration (documented below).

    requestPayer String

    Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information.

    serverSideEncryptionConfiguration BucketServerSideEncryptionConfiguration

    A configuration of server-side encryption configuration (documented below)

    tags Map<String,String>

    A map of tags to assign to the bucket. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    tagsAll Map<String,String>

    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:

    Please use tags instead.

    versioning BucketVersioning

    A state of versioning (documented below)

    website BucketWebsite

    A website object (documented below).

    websiteDomain String

    The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.

    websiteEndpoint String

    The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.

    accelerationStatus string

    Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended.

    acl string | CannedAcl

    The canned ACL to apply. Valid values are private, public-read, public-read-write, aws-exec-read, authenticated-read, and log-delivery-write. Defaults to private. Conflicts with grant.

    arn string

    The ARN of the bucket. Will be of format arn:aws:s3:::bucketname.

    bucket string

    The name of the bucket. If omitted, this provider will assign a random, unique name. Must be lowercase and less than or equal to 63 characters in length. A full list of bucket naming rules may be found here.

    bucketDomainName string

    The bucket domain name. Will be of format bucketname.s3.amazonaws.com.

    bucketPrefix string

    Creates a unique bucket name beginning with the specified prefix. Conflicts with bucket. Must be lowercase and less than or equal to 37 characters in length. A full list of bucket naming rules may be found here.

    bucketRegionalDomainName string

    The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.

    corsRules BucketCorsRule[]

    A rule of Cross-Origin Resource Sharing (documented below).

    forceDestroy boolean

    A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.

    grants BucketGrant[]

    An ACL policy grant (documented below). Conflicts with acl.

    hostedZoneId string

    The Route 53 Hosted Zone ID for this bucket's region.

    lifecycleRules BucketLifecycleRule[]

    A configuration of object lifecycle management (documented below).

    loggings BucketLogging[]

    A settings of bucket logging (documented below).

    objectLockConfiguration BucketObjectLockConfiguration

    A configuration of S3 object locking (documented below)

    NOTE: You cannot use acceleration_status in cn-north-1 or us-gov-west-1

    policy string | PolicyDocument

    A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), this provider may view the policy as constantly changing in a pulumi preview. In this case, please make sure you use the verbose/specific version of the policy.

    region string

    The AWS region this bucket resides in.

    replicationConfiguration BucketReplicationConfiguration

    A configuration of replication configuration (documented below).

    requestPayer string

    Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information.

    serverSideEncryptionConfiguration BucketServerSideEncryptionConfiguration

    A configuration of server-side encryption configuration (documented below)

    tags {[key: string]: string}

    A map of tags to assign to the bucket. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    tagsAll {[key: string]: string}

    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:

    Please use tags instead.

    versioning BucketVersioning

    A state of versioning (documented below)

    website BucketWebsite

    A website object (documented below).

    websiteDomain string

    The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.

    websiteEndpoint string

    The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.

    acceleration_status str

    Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended.

    acl str | CannedAcl

    The canned ACL to apply. Valid values are private, public-read, public-read-write, aws-exec-read, authenticated-read, and log-delivery-write. Defaults to private. Conflicts with grant.

    arn str

    The ARN of the bucket. Will be of format arn:aws:s3:::bucketname.

    bucket str

    The name of the bucket. If omitted, this provider will assign a random, unique name. Must be lowercase and less than or equal to 63 characters in length. A full list of bucket naming rules may be found here.

    bucket_domain_name str

    The bucket domain name. Will be of format bucketname.s3.amazonaws.com.

    bucket_prefix str

    Creates a unique bucket name beginning with the specified prefix. Conflicts with bucket. Must be lowercase and less than or equal to 37 characters in length. A full list of bucket naming rules may be found here.

    bucket_regional_domain_name str

    The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.

    cors_rules Sequence[BucketCorsRuleArgs]

    A rule of Cross-Origin Resource Sharing (documented below).

    force_destroy bool

    A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.

    grants Sequence[BucketGrantArgs]

    An ACL policy grant (documented below). Conflicts with acl.

    hosted_zone_id str

    The Route 53 Hosted Zone ID for this bucket's region.

    lifecycle_rules Sequence[BucketLifecycleRuleArgs]

    A configuration of object lifecycle management (documented below).

    loggings Sequence[BucketLoggingArgs]

    A settings of bucket logging (documented below).

    object_lock_configuration BucketObjectLockConfigurationArgs

    A configuration of S3 object locking (documented below)

    NOTE: You cannot use acceleration_status in cn-north-1 or us-gov-west-1

    policy str | str

    A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), this provider may view the policy as constantly changing in a pulumi preview. In this case, please make sure you use the verbose/specific version of the policy.

    region str

    The AWS region this bucket resides in.

    replication_configuration BucketReplicationConfigurationArgs

    A configuration of replication configuration (documented below).

    request_payer str

    Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information.

    server_side_encryption_configuration BucketServerSideEncryptionConfigurationArgs

    A configuration of server-side encryption configuration (documented below)

    tags Mapping[str, str]

    A map of tags to assign to the bucket. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    tags_all Mapping[str, str]

    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:

    Please use tags instead.

    versioning BucketVersioningArgs

    A state of versioning (documented below)

    website BucketWebsiteArgs

    A website object (documented below).

    website_domain str

    The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.

    website_endpoint str

    The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.

    accelerationStatus String

    Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended.

    acl String | "private" | "public-read" | "public-read-write" | "aws-exec-read" | "authenticated-read" | "bucket-owner-read" | "bucket-owner-full-control" | "log-delivery-write"

    The canned ACL to apply. Valid values are private, public-read, public-read-write, aws-exec-read, authenticated-read, and log-delivery-write. Defaults to private. Conflicts with grant.

    arn String

    The ARN of the bucket. Will be of format arn:aws:s3:::bucketname.

    bucket String

    The name of the bucket. If omitted, this provider will assign a random, unique name. Must be lowercase and less than or equal to 63 characters in length. A full list of bucket naming rules may be found here.

    bucketDomainName String

    The bucket domain name. Will be of format bucketname.s3.amazonaws.com.

    bucketPrefix String

    Creates a unique bucket name beginning with the specified prefix. Conflicts with bucket. Must be lowercase and less than or equal to 37 characters in length. A full list of bucket naming rules may be found here.

    bucketRegionalDomainName String

    The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.

    corsRules List<Property Map>

    A rule of Cross-Origin Resource Sharing (documented below).

    forceDestroy Boolean

    A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.

    grants List<Property Map>

    An ACL policy grant (documented below). Conflicts with acl.

    hostedZoneId String

    The Route 53 Hosted Zone ID for this bucket's region.

    lifecycleRules List<Property Map>

    A configuration of object lifecycle management (documented below).

    loggings List<Property Map>

    A settings of bucket logging (documented below).

    objectLockConfiguration Property Map

    A configuration of S3 object locking (documented below)

    NOTE: You cannot use acceleration_status in cn-north-1 or us-gov-west-1

    policy String |

    A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), this provider may view the policy as constantly changing in a pulumi preview. In this case, please make sure you use the verbose/specific version of the policy.

    region String

    The AWS region this bucket resides in.

    replicationConfiguration Property Map

    A configuration of replication configuration (documented below).

    requestPayer String

    Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information.

    serverSideEncryptionConfiguration Property Map

    A configuration of server-side encryption configuration (documented below)

    tags Map<String>

    A map of tags to assign to the bucket. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    tagsAll Map<String>

    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:

    Please use tags instead.

    versioning Property Map

    A state of versioning (documented below)

    website Property Map

    A website object (documented below).

    websiteDomain String

    The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.

    websiteEndpoint String

    The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.

    Supporting Types

    BucketCorsRule, BucketCorsRuleArgs

    AllowedMethods List<string>

    Specifies which methods are allowed. Can be GET, PUT, POST, DELETE or HEAD.

    AllowedOrigins List<string>

    Specifies which origins are allowed.

    AllowedHeaders List<string>

    Specifies which headers are allowed.

    ExposeHeaders List<string>

    Specifies expose header in the response.

    MaxAgeSeconds int

    Specifies time in seconds that browser can cache the response for a preflight request.

    AllowedMethods []string

    Specifies which methods are allowed. Can be GET, PUT, POST, DELETE or HEAD.

    AllowedOrigins []string

    Specifies which origins are allowed.

    AllowedHeaders []string

    Specifies which headers are allowed.

    ExposeHeaders []string

    Specifies expose header in the response.

    MaxAgeSeconds int

    Specifies time in seconds that browser can cache the response for a preflight request.

    allowedMethods List<String>

    Specifies which methods are allowed. Can be GET, PUT, POST, DELETE or HEAD.

    allowedOrigins List<String>

    Specifies which origins are allowed.

    allowedHeaders List<String>

    Specifies which headers are allowed.

    exposeHeaders List<String>

    Specifies expose header in the response.

    maxAgeSeconds Integer

    Specifies time in seconds that browser can cache the response for a preflight request.

    allowedMethods string[]

    Specifies which methods are allowed. Can be GET, PUT, POST, DELETE or HEAD.

    allowedOrigins string[]

    Specifies which origins are allowed.

    allowedHeaders string[]

    Specifies which headers are allowed.

    exposeHeaders string[]

    Specifies expose header in the response.

    maxAgeSeconds number

    Specifies time in seconds that browser can cache the response for a preflight request.

    allowed_methods Sequence[str]

    Specifies which methods are allowed. Can be GET, PUT, POST, DELETE or HEAD.

    allowed_origins Sequence[str]

    Specifies which origins are allowed.

    allowed_headers Sequence[str]

    Specifies which headers are allowed.

    expose_headers Sequence[str]

    Specifies expose header in the response.

    max_age_seconds int

    Specifies time in seconds that browser can cache the response for a preflight request.

    allowedMethods List<String>

    Specifies which methods are allowed. Can be GET, PUT, POST, DELETE or HEAD.

    allowedOrigins List<String>

    Specifies which origins are allowed.

    allowedHeaders List<String>

    Specifies which headers are allowed.

    exposeHeaders List<String>

    Specifies expose header in the response.

    maxAgeSeconds Number

    Specifies time in seconds that browser can cache the response for a preflight request.

    BucketGrant, BucketGrantArgs

    Permissions List<string>

    List of permissions to apply for grantee. Valid values are READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL.

    Type string

    Type of grantee to apply for. Valid values are CanonicalUser and Group. AmazonCustomerByEmail is not supported.

    Id string

    Canonical user id to grant for. Used only when type is CanonicalUser.

    Uri string

    Uri address to grant for. Used only when type is Group.

    Permissions []string

    List of permissions to apply for grantee. Valid values are READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL.

    Type string

    Type of grantee to apply for. Valid values are CanonicalUser and Group. AmazonCustomerByEmail is not supported.

    Id string

    Canonical user id to grant for. Used only when type is CanonicalUser.

    Uri string

    Uri address to grant for. Used only when type is Group.

    permissions List<String>

    List of permissions to apply for grantee. Valid values are READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL.

    type String

    Type of grantee to apply for. Valid values are CanonicalUser and Group. AmazonCustomerByEmail is not supported.

    id String

    Canonical user id to grant for. Used only when type is CanonicalUser.

    uri String

    Uri address to grant for. Used only when type is Group.

    permissions string[]

    List of permissions to apply for grantee. Valid values are READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL.

    type string

    Type of grantee to apply for. Valid values are CanonicalUser and Group. AmazonCustomerByEmail is not supported.

    id string

    Canonical user id to grant for. Used only when type is CanonicalUser.

    uri string

    Uri address to grant for. Used only when type is Group.

    permissions Sequence[str]

    List of permissions to apply for grantee. Valid values are READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL.

    type str

    Type of grantee to apply for. Valid values are CanonicalUser and Group. AmazonCustomerByEmail is not supported.

    id str

    Canonical user id to grant for. Used only when type is CanonicalUser.

    uri str

    Uri address to grant for. Used only when type is Group.

    permissions List<String>

    List of permissions to apply for grantee. Valid values are READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL.

    type String

    Type of grantee to apply for. Valid values are CanonicalUser and Group. AmazonCustomerByEmail is not supported.

    id String

    Canonical user id to grant for. Used only when type is CanonicalUser.

    uri String

    Uri address to grant for. Used only when type is Group.

    BucketLifecycleRule, BucketLifecycleRuleArgs

    Enabled bool

    Specifies lifecycle rule status.

    AbortIncompleteMultipartUploadDays int

    Specifies the number of days after initiating a multipart upload when the multipart upload must be completed.

    Expiration BucketLifecycleRuleExpiration

    Specifies a period in the object's expire (documented below).

    Id string

    Unique identifier for the rule. Must be less than or equal to 255 characters in length.

    NoncurrentVersionExpiration BucketLifecycleRuleNoncurrentVersionExpiration

    Specifies when noncurrent object versions expire (documented below).

    NoncurrentVersionTransitions List<BucketLifecycleRuleNoncurrentVersionTransition>

    Specifies when noncurrent object versions transitions (documented below).

    At least one of abort_incomplete_multipart_upload_days, expiration, transition, noncurrent_version_expiration, noncurrent_version_transition must be specified.

    Prefix string

    Object key prefix identifying one or more objects to which the rule applies.

    Tags Dictionary<string, string>

    Specifies object tags key and value.

    Transitions List<BucketLifecycleRuleTransition>

    Specifies a period in the object's transitions (documented below).

    Enabled bool

    Specifies lifecycle rule status.

    AbortIncompleteMultipartUploadDays int

    Specifies the number of days after initiating a multipart upload when the multipart upload must be completed.

    Expiration BucketLifecycleRuleExpiration

    Specifies a period in the object's expire (documented below).

    Id string

    Unique identifier for the rule. Must be less than or equal to 255 characters in length.

    NoncurrentVersionExpiration BucketLifecycleRuleNoncurrentVersionExpiration

    Specifies when noncurrent object versions expire (documented below).

    NoncurrentVersionTransitions []BucketLifecycleRuleNoncurrentVersionTransition

    Specifies when noncurrent object versions transitions (documented below).

    At least one of abort_incomplete_multipart_upload_days, expiration, transition, noncurrent_version_expiration, noncurrent_version_transition must be specified.

    Prefix string

    Object key prefix identifying one or more objects to which the rule applies.

    Tags map[string]string

    Specifies object tags key and value.

    Transitions []BucketLifecycleRuleTransition

    Specifies a period in the object's transitions (documented below).

    enabled Boolean

    Specifies lifecycle rule status.

    abortIncompleteMultipartUploadDays Integer

    Specifies the number of days after initiating a multipart upload when the multipart upload must be completed.

    expiration BucketLifecycleRuleExpiration

    Specifies a period in the object's expire (documented below).

    id String

    Unique identifier for the rule. Must be less than or equal to 255 characters in length.

    noncurrentVersionExpiration BucketLifecycleRuleNoncurrentVersionExpiration

    Specifies when noncurrent object versions expire (documented below).

    noncurrentVersionTransitions List<BucketLifecycleRuleNoncurrentVersionTransition>

    Specifies when noncurrent object versions transitions (documented below).

    At least one of abort_incomplete_multipart_upload_days, expiration, transition, noncurrent_version_expiration, noncurrent_version_transition must be specified.

    prefix String

    Object key prefix identifying one or more objects to which the rule applies.

    tags Map<String,String>

    Specifies object tags key and value.

    transitions List<BucketLifecycleRuleTransition>

    Specifies a period in the object's transitions (documented below).

    enabled boolean

    Specifies lifecycle rule status.

    abortIncompleteMultipartUploadDays number

    Specifies the number of days after initiating a multipart upload when the multipart upload must be completed.

    expiration BucketLifecycleRuleExpiration

    Specifies a period in the object's expire (documented below).

    id string

    Unique identifier for the rule. Must be less than or equal to 255 characters in length.

    noncurrentVersionExpiration BucketLifecycleRuleNoncurrentVersionExpiration

    Specifies when noncurrent object versions expire (documented below).

    noncurrentVersionTransitions BucketLifecycleRuleNoncurrentVersionTransition[]

    Specifies when noncurrent object versions transitions (documented below).

    At least one of abort_incomplete_multipart_upload_days, expiration, transition, noncurrent_version_expiration, noncurrent_version_transition must be specified.

    prefix string

    Object key prefix identifying one or more objects to which the rule applies.

    tags {[key: string]: string}

    Specifies object tags key and value.

    transitions BucketLifecycleRuleTransition[]

    Specifies a period in the object's transitions (documented below).

    enabled bool

    Specifies lifecycle rule status.

    abort_incomplete_multipart_upload_days int

    Specifies the number of days after initiating a multipart upload when the multipart upload must be completed.

    expiration BucketLifecycleRuleExpiration

    Specifies a period in the object's expire (documented below).

    id str

    Unique identifier for the rule. Must be less than or equal to 255 characters in length.

    noncurrent_version_expiration BucketLifecycleRuleNoncurrentVersionExpiration

    Specifies when noncurrent object versions expire (documented below).

    noncurrent_version_transitions Sequence[BucketLifecycleRuleNoncurrentVersionTransition]

    Specifies when noncurrent object versions transitions (documented below).

    At least one of abort_incomplete_multipart_upload_days, expiration, transition, noncurrent_version_expiration, noncurrent_version_transition must be specified.

    prefix str

    Object key prefix identifying one or more objects to which the rule applies.

    tags Mapping[str, str]

    Specifies object tags key and value.

    transitions Sequence[BucketLifecycleRuleTransition]

    Specifies a period in the object's transitions (documented below).

    enabled Boolean

    Specifies lifecycle rule status.

    abortIncompleteMultipartUploadDays Number

    Specifies the number of days after initiating a multipart upload when the multipart upload must be completed.

    expiration Property Map

    Specifies a period in the object's expire (documented below).

    id String

    Unique identifier for the rule. Must be less than or equal to 255 characters in length.

    noncurrentVersionExpiration Property Map

    Specifies when noncurrent object versions expire (documented below).

    noncurrentVersionTransitions List<Property Map>

    Specifies when noncurrent object versions transitions (documented below).

    At least one of abort_incomplete_multipart_upload_days, expiration, transition, noncurrent_version_expiration, noncurrent_version_transition must be specified.

    prefix String

    Object key prefix identifying one or more objects to which the rule applies.

    tags Map<String>

    Specifies object tags key and value.

    transitions List<Property Map>

    Specifies a period in the object's transitions (documented below).

    BucketLifecycleRuleExpiration, BucketLifecycleRuleExpirationArgs

    Date string

    Specifies the date after which you want the corresponding action to take effect.

    Days int

    Specifies the number of days after object creation when the specific rule action takes effect.

    ExpiredObjectDeleteMarker bool

    On a versioned bucket (versioning-enabled or versioning-suspended bucket), you can add this element in the lifecycle configuration to direct Amazon S3 to delete expired object delete markers. This cannot be specified with Days or Date in a Lifecycle Expiration Policy.

    Date string

    Specifies the date after which you want the corresponding action to take effect.

    Days int

    Specifies the number of days after object creation when the specific rule action takes effect.

    ExpiredObjectDeleteMarker bool

    On a versioned bucket (versioning-enabled or versioning-suspended bucket), you can add this element in the lifecycle configuration to direct Amazon S3 to delete expired object delete markers. This cannot be specified with Days or Date in a Lifecycle Expiration Policy.

    date String

    Specifies the date after which you want the corresponding action to take effect.

    days Integer

    Specifies the number of days after object creation when the specific rule action takes effect.

    expiredObjectDeleteMarker Boolean

    On a versioned bucket (versioning-enabled or versioning-suspended bucket), you can add this element in the lifecycle configuration to direct Amazon S3 to delete expired object delete markers. This cannot be specified with Days or Date in a Lifecycle Expiration Policy.

    date string

    Specifies the date after which you want the corresponding action to take effect.

    days number

    Specifies the number of days after object creation when the specific rule action takes effect.

    expiredObjectDeleteMarker boolean

    On a versioned bucket (versioning-enabled or versioning-suspended bucket), you can add this element in the lifecycle configuration to direct Amazon S3 to delete expired object delete markers. This cannot be specified with Days or Date in a Lifecycle Expiration Policy.

    date str

    Specifies the date after which you want the corresponding action to take effect.

    days int

    Specifies the number of days after object creation when the specific rule action takes effect.

    expired_object_delete_marker bool

    On a versioned bucket (versioning-enabled or versioning-suspended bucket), you can add this element in the lifecycle configuration to direct Amazon S3 to delete expired object delete markers. This cannot be specified with Days or Date in a Lifecycle Expiration Policy.

    date String

    Specifies the date after which you want the corresponding action to take effect.

    days Number

    Specifies the number of days after object creation when the specific rule action takes effect.

    expiredObjectDeleteMarker Boolean

    On a versioned bucket (versioning-enabled or versioning-suspended bucket), you can add this element in the lifecycle configuration to direct Amazon S3 to delete expired object delete markers. This cannot be specified with Days or Date in a Lifecycle Expiration Policy.

    BucketLifecycleRuleNoncurrentVersionExpiration, BucketLifecycleRuleNoncurrentVersionExpirationArgs

    Days int

    Specifies the number of days noncurrent object versions expire.

    Days int

    Specifies the number of days noncurrent object versions expire.

    days Integer

    Specifies the number of days noncurrent object versions expire.

    days number

    Specifies the number of days noncurrent object versions expire.

    days int

    Specifies the number of days noncurrent object versions expire.

    days Number

    Specifies the number of days noncurrent object versions expire.

    BucketLifecycleRuleNoncurrentVersionTransition, BucketLifecycleRuleNoncurrentVersionTransitionArgs

    StorageClass string

    Specifies the Amazon S3 storage class to which you want the object to transition.

    Days int

    Specifies the number of days noncurrent object versions transition.

    StorageClass string

    Specifies the Amazon S3 storage class to which you want the object to transition.

    Days int

    Specifies the number of days noncurrent object versions transition.

    storageClass String

    Specifies the Amazon S3 storage class to which you want the object to transition.

    days Integer

    Specifies the number of days noncurrent object versions transition.

    storageClass string

    Specifies the Amazon S3 storage class to which you want the object to transition.

    days number

    Specifies the number of days noncurrent object versions transition.

    storage_class str

    Specifies the Amazon S3 storage class to which you want the object to transition.

    days int

    Specifies the number of days noncurrent object versions transition.

    storageClass String

    Specifies the Amazon S3 storage class to which you want the object to transition.

    days Number

    Specifies the number of days noncurrent object versions transition.

    BucketLifecycleRuleTransition, BucketLifecycleRuleTransitionArgs

    StorageClass string

    Specifies the Amazon S3 storage class to which you want the object to transition.

    Date string

    Specifies the date after which you want the corresponding action to take effect.

    Days int

    Specifies the number of days after object creation when the specific rule action takes effect.

    StorageClass string

    Specifies the Amazon S3 storage class to which you want the object to transition.

    Date string

    Specifies the date after which you want the corresponding action to take effect.

    Days int

    Specifies the number of days after object creation when the specific rule action takes effect.

    storageClass String

    Specifies the Amazon S3 storage class to which you want the object to transition.

    date String

    Specifies the date after which you want the corresponding action to take effect.

    days Integer

    Specifies the number of days after object creation when the specific rule action takes effect.

    storageClass string

    Specifies the Amazon S3 storage class to which you want the object to transition.

    date string

    Specifies the date after which you want the corresponding action to take effect.

    days number

    Specifies the number of days after object creation when the specific rule action takes effect.

    storage_class str

    Specifies the Amazon S3 storage class to which you want the object to transition.

    date str

    Specifies the date after which you want the corresponding action to take effect.

    days int

    Specifies the number of days after object creation when the specific rule action takes effect.

    storageClass String

    Specifies the Amazon S3 storage class to which you want the object to transition.

    date String

    Specifies the date after which you want the corresponding action to take effect.

    days Number

    Specifies the number of days after object creation when the specific rule action takes effect.

    BucketLogging, BucketLoggingArgs

    TargetBucket string

    The name of the bucket that will receive the log objects.

    TargetPrefix string

    To specify a key prefix for log objects.

    TargetBucket string

    The name of the bucket that will receive the log objects.

    TargetPrefix string

    To specify a key prefix for log objects.

    targetBucket String

    The name of the bucket that will receive the log objects.

    targetPrefix String

    To specify a key prefix for log objects.

    targetBucket string

    The name of the bucket that will receive the log objects.

    targetPrefix string

    To specify a key prefix for log objects.

    target_bucket str

    The name of the bucket that will receive the log objects.

    target_prefix str

    To specify a key prefix for log objects.

    targetBucket String

    The name of the bucket that will receive the log objects.

    targetPrefix String

    To specify a key prefix for log objects.

    BucketObjectLockConfiguration, BucketObjectLockConfigurationArgs

    ObjectLockEnabled string

    Indicates whether this bucket has an Object Lock configuration enabled. Valid value is Enabled.

    Rule BucketObjectLockConfigurationRule

    The Object Lock rule in place for this bucket.

    ObjectLockEnabled string

    Indicates whether this bucket has an Object Lock configuration enabled. Valid value is Enabled.

    Rule BucketObjectLockConfigurationRule

    The Object Lock rule in place for this bucket.

    objectLockEnabled String

    Indicates whether this bucket has an Object Lock configuration enabled. Valid value is Enabled.

    rule BucketObjectLockConfigurationRule

    The Object Lock rule in place for this bucket.

    objectLockEnabled string

    Indicates whether this bucket has an Object Lock configuration enabled. Valid value is Enabled.

    rule BucketObjectLockConfigurationRule

    The Object Lock rule in place for this bucket.

    object_lock_enabled str

    Indicates whether this bucket has an Object Lock configuration enabled. Valid value is Enabled.

    rule BucketObjectLockConfigurationRule

    The Object Lock rule in place for this bucket.

    objectLockEnabled String

    Indicates whether this bucket has an Object Lock configuration enabled. Valid value is Enabled.

    rule Property Map

    The Object Lock rule in place for this bucket.

    BucketObjectLockConfigurationRule, BucketObjectLockConfigurationRuleArgs

    DefaultRetention BucketObjectLockConfigurationRuleDefaultRetention

    The default retention period that you want to apply to new objects placed in this bucket.

    DefaultRetention BucketObjectLockConfigurationRuleDefaultRetention

    The default retention period that you want to apply to new objects placed in this bucket.

    defaultRetention BucketObjectLockConfigurationRuleDefaultRetention

    The default retention period that you want to apply to new objects placed in this bucket.

    defaultRetention BucketObjectLockConfigurationRuleDefaultRetention

    The default retention period that you want to apply to new objects placed in this bucket.

    default_retention BucketObjectLockConfigurationRuleDefaultRetention

    The default retention period that you want to apply to new objects placed in this bucket.

    defaultRetention Property Map

    The default retention period that you want to apply to new objects placed in this bucket.

    BucketObjectLockConfigurationRuleDefaultRetention, BucketObjectLockConfigurationRuleDefaultRetentionArgs

    Mode string

    The default Object Lock retention mode you want to apply to new objects placed in this bucket. Valid values are GOVERNANCE and COMPLIANCE.

    Days int

    The number of days that you want to specify for the default retention period.

    Years int

    The number of years that you want to specify for the default retention period.

    Either days or years must be specified, but not both.

    NOTE on object_lock_configuration: You can only enable S3 Object Lock for new buckets. If you need to turn on S3 Object Lock for an existing bucket, please contact AWS Support. When you create a bucket with S3 Object Lock enabled, Amazon S3 automatically enables versioning for the bucket. Once you create a bucket with S3 Object Lock enabled, you can't disable Object Lock or suspend versioning for the bucket.

    Mode string

    The default Object Lock retention mode you want to apply to new objects placed in this bucket. Valid values are GOVERNANCE and COMPLIANCE.

    Days int

    The number of days that you want to specify for the default retention period.

    Years int

    The number of years that you want to specify for the default retention period.

    Either days or years must be specified, but not both.

    NOTE on object_lock_configuration: You can only enable S3 Object Lock for new buckets. If you need to turn on S3 Object Lock for an existing bucket, please contact AWS Support. When you create a bucket with S3 Object Lock enabled, Amazon S3 automatically enables versioning for the bucket. Once you create a bucket with S3 Object Lock enabled, you can't disable Object Lock or suspend versioning for the bucket.

    mode String

    The default Object Lock retention mode you want to apply to new objects placed in this bucket. Valid values are GOVERNANCE and COMPLIANCE.

    days Integer

    The number of days that you want to specify for the default retention period.

    years Integer

    The number of years that you want to specify for the default retention period.

    Either days or years must be specified, but not both.

    NOTE on object_lock_configuration: You can only enable S3 Object Lock for new buckets. If you need to turn on S3 Object Lock for an existing bucket, please contact AWS Support. When you create a bucket with S3 Object Lock enabled, Amazon S3 automatically enables versioning for the bucket. Once you create a bucket with S3 Object Lock enabled, you can't disable Object Lock or suspend versioning for the bucket.

    mode string

    The default Object Lock retention mode you want to apply to new objects placed in this bucket. Valid values are GOVERNANCE and COMPLIANCE.

    days number

    The number of days that you want to specify for the default retention period.

    years number

    The number of years that you want to specify for the default retention period.

    Either days or years must be specified, but not both.

    NOTE on object_lock_configuration: You can only enable S3 Object Lock for new buckets. If you need to turn on S3 Object Lock for an existing bucket, please contact AWS Support. When you create a bucket with S3 Object Lock enabled, Amazon S3 automatically enables versioning for the bucket. Once you create a bucket with S3 Object Lock enabled, you can't disable Object Lock or suspend versioning for the bucket.

    mode str

    The default Object Lock retention mode you want to apply to new objects placed in this bucket. Valid values are GOVERNANCE and COMPLIANCE.

    days int

    The number of days that you want to specify for the default retention period.

    years int

    The number of years that you want to specify for the default retention period.

    Either days or years must be specified, but not both.

    NOTE on object_lock_configuration: You can only enable S3 Object Lock for new buckets. If you need to turn on S3 Object Lock for an existing bucket, please contact AWS Support. When you create a bucket with S3 Object Lock enabled, Amazon S3 automatically enables versioning for the bucket. Once you create a bucket with S3 Object Lock enabled, you can't disable Object Lock or suspend versioning for the bucket.

    mode String

    The default Object Lock retention mode you want to apply to new objects placed in this bucket. Valid values are GOVERNANCE and COMPLIANCE.

    days Number

    The number of days that you want to specify for the default retention period.

    years Number

    The number of years that you want to specify for the default retention period.

    Either days or years must be specified, but not both.

    NOTE on object_lock_configuration: You can only enable S3 Object Lock for new buckets. If you need to turn on S3 Object Lock for an existing bucket, please contact AWS Support. When you create a bucket with S3 Object Lock enabled, Amazon S3 automatically enables versioning for the bucket. Once you create a bucket with S3 Object Lock enabled, you can't disable Object Lock or suspend versioning for the bucket.

    BucketReplicationConfiguration, BucketReplicationConfigurationArgs

    Role string

    The ARN of the IAM role for Amazon S3 to assume when replicating the objects.

    Rules List<BucketReplicationConfigurationRule>

    Specifies the rules managing the replication (documented below).

    Role string

    The ARN of the IAM role for Amazon S3 to assume when replicating the objects.

    Rules []BucketReplicationConfigurationRule

    Specifies the rules managing the replication (documented below).

    role String

    The ARN of the IAM role for Amazon S3 to assume when replicating the objects.

    rules List<BucketReplicationConfigurationRule>

    Specifies the rules managing the replication (documented below).

    role string

    The ARN of the IAM role for Amazon S3 to assume when replicating the objects.

    rules BucketReplicationConfigurationRule[]

    Specifies the rules managing the replication (documented below).

    role str

    The ARN of the IAM role for Amazon S3 to assume when replicating the objects.

    rules Sequence[BucketReplicationConfigurationRule]

    Specifies the rules managing the replication (documented below).

    role String

    The ARN of the IAM role for Amazon S3 to assume when replicating the objects.

    rules List<Property Map>

    Specifies the rules managing the replication (documented below).

    BucketReplicationConfigurationRule, BucketReplicationConfigurationRuleArgs

    Destination BucketReplicationConfigurationRuleDestination

    Specifies the destination for the rule (documented below).

    Status string

    The status of the rule. Either Enabled or Disabled. The rule is ignored if status is not Enabled.

    NOTE: Replication to multiple destination buckets requires that priority is specified in the rules object. If the corresponding rule requires no filter, an empty configuration block filter {} must be specified.

    DeleteMarkerReplicationStatus string

    Whether delete markers are replicated. The only valid value is Enabled. To disable, omit this argument. This argument is only valid with V2 replication configurations (i.e., when filter is used).

    Filter BucketReplicationConfigurationRuleFilter

    Filter that identifies subset of objects to which the replication rule applies (documented below).

    Id string

    Unique identifier for the rule. Must be less than or equal to 255 characters in length.

    Prefix string

    Object keyname prefix identifying one or more objects to which the rule applies. Must be less than or equal to 1024 characters in length.

    Priority int

    The priority associated with the rule. Priority should only be set if filter is configured. If not provided, defaults to 0. Priority must be unique between multiple rules.

    SourceSelectionCriteria BucketReplicationConfigurationRuleSourceSelectionCriteria

    Specifies special object selection criteria (documented below).

    Destination BucketReplicationConfigurationRuleDestination

    Specifies the destination for the rule (documented below).

    Status string

    The status of the rule. Either Enabled or Disabled. The rule is ignored if status is not Enabled.

    NOTE: Replication to multiple destination buckets requires that priority is specified in the rules object. If the corresponding rule requires no filter, an empty configuration block filter {} must be specified.

    DeleteMarkerReplicationStatus string

    Whether delete markers are replicated. The only valid value is Enabled. To disable, omit this argument. This argument is only valid with V2 replication configurations (i.e., when filter is used).

    Filter BucketReplicationConfigurationRuleFilter

    Filter that identifies subset of objects to which the replication rule applies (documented below).

    Id string

    Unique identifier for the rule. Must be less than or equal to 255 characters in length.

    Prefix string

    Object keyname prefix identifying one or more objects to which the rule applies. Must be less than or equal to 1024 characters in length.

    Priority int

    The priority associated with the rule. Priority should only be set if filter is configured. If not provided, defaults to 0. Priority must be unique between multiple rules.

    SourceSelectionCriteria BucketReplicationConfigurationRuleSourceSelectionCriteria

    Specifies special object selection criteria (documented below).

    destination BucketReplicationConfigurationRuleDestination

    Specifies the destination for the rule (documented below).

    status String

    The status of the rule. Either Enabled or Disabled. The rule is ignored if status is not Enabled.

    NOTE: Replication to multiple destination buckets requires that priority is specified in the rules object. If the corresponding rule requires no filter, an empty configuration block filter {} must be specified.

    deleteMarkerReplicationStatus String

    Whether delete markers are replicated. The only valid value is Enabled. To disable, omit this argument. This argument is only valid with V2 replication configurations (i.e., when filter is used).

    filter BucketReplicationConfigurationRuleFilter

    Filter that identifies subset of objects to which the replication rule applies (documented below).

    id String

    Unique identifier for the rule. Must be less than or equal to 255 characters in length.

    prefix String

    Object keyname prefix identifying one or more objects to which the rule applies. Must be less than or equal to 1024 characters in length.

    priority Integer

    The priority associated with the rule. Priority should only be set if filter is configured. If not provided, defaults to 0. Priority must be unique between multiple rules.

    sourceSelectionCriteria BucketReplicationConfigurationRuleSourceSelectionCriteria

    Specifies special object selection criteria (documented below).

    destination BucketReplicationConfigurationRuleDestination

    Specifies the destination for the rule (documented below).

    status string

    The status of the rule. Either Enabled or Disabled. The rule is ignored if status is not Enabled.

    NOTE: Replication to multiple destination buckets requires that priority is specified in the rules object. If the corresponding rule requires no filter, an empty configuration block filter {} must be specified.

    deleteMarkerReplicationStatus string

    Whether delete markers are replicated. The only valid value is Enabled. To disable, omit this argument. This argument is only valid with V2 replication configurations (i.e., when filter is used).

    filter BucketReplicationConfigurationRuleFilter

    Filter that identifies subset of objects to which the replication rule applies (documented below).

    id string

    Unique identifier for the rule. Must be less than or equal to 255 characters in length.

    prefix string

    Object keyname prefix identifying one or more objects to which the rule applies. Must be less than or equal to 1024 characters in length.

    priority number

    The priority associated with the rule. Priority should only be set if filter is configured. If not provided, defaults to 0. Priority must be unique between multiple rules.

    sourceSelectionCriteria BucketReplicationConfigurationRuleSourceSelectionCriteria

    Specifies special object selection criteria (documented below).

    destination BucketReplicationConfigurationRuleDestination

    Specifies the destination for the rule (documented below).

    status str

    The status of the rule. Either Enabled or Disabled. The rule is ignored if status is not Enabled.

    NOTE: Replication to multiple destination buckets requires that priority is specified in the rules object. If the corresponding rule requires no filter, an empty configuration block filter {} must be specified.

    delete_marker_replication_status str

    Whether delete markers are replicated. The only valid value is Enabled. To disable, omit this argument. This argument is only valid with V2 replication configurations (i.e., when filter is used).

    filter BucketReplicationConfigurationRuleFilter

    Filter that identifies subset of objects to which the replication rule applies (documented below).

    id str

    Unique identifier for the rule. Must be less than or equal to 255 characters in length.

    prefix str

    Object keyname prefix identifying one or more objects to which the rule applies. Must be less than or equal to 1024 characters in length.

    priority int

    The priority associated with the rule. Priority should only be set if filter is configured. If not provided, defaults to 0. Priority must be unique between multiple rules.

    source_selection_criteria BucketReplicationConfigurationRuleSourceSelectionCriteria

    Specifies special object selection criteria (documented below).

    destination Property Map

    Specifies the destination for the rule (documented below).

    status String

    The status of the rule. Either Enabled or Disabled. The rule is ignored if status is not Enabled.

    NOTE: Replication to multiple destination buckets requires that priority is specified in the rules object. If the corresponding rule requires no filter, an empty configuration block filter {} must be specified.

    deleteMarkerReplicationStatus String

    Whether delete markers are replicated. The only valid value is Enabled. To disable, omit this argument. This argument is only valid with V2 replication configurations (i.e., when filter is used).

    filter Property Map

    Filter that identifies subset of objects to which the replication rule applies (documented below).

    id String

    Unique identifier for the rule. Must be less than or equal to 255 characters in length.

    prefix String

    Object keyname prefix identifying one or more objects to which the rule applies. Must be less than or equal to 1024 characters in length.

    priority Number

    The priority associated with the rule. Priority should only be set if filter is configured. If not provided, defaults to 0. Priority must be unique between multiple rules.

    sourceSelectionCriteria Property Map

    Specifies special object selection criteria (documented below).

    BucketReplicationConfigurationRuleDestination, BucketReplicationConfigurationRuleDestinationArgs

    Bucket string

    The ARN of the S3 bucket where you want Amazon S3 to store replicas of the object identified by the rule.

    AccessControlTranslation BucketReplicationConfigurationRuleDestinationAccessControlTranslation

    Specifies the overrides to use for object owners on replication. Must be used in conjunction with account_id owner override configuration.

    AccountId string

    The Account ID to use for overriding the object owner on replication. Must be used in conjunction with access_control_translation override configuration.

    Metrics BucketReplicationConfigurationRuleDestinationMetrics

    Enables replication metrics (required for S3 RTC) (documented below).

    ReplicaKmsKeyId string

    Destination KMS encryption key ARN for SSE-KMS replication. Must be used in conjunction with sse_kms_encrypted_objects source selection criteria.

    ReplicationTime BucketReplicationConfigurationRuleDestinationReplicationTime

    Enables S3 Replication Time Control (S3 RTC) (documented below).

    StorageClass string

    The storage class used to store the object. By default, Amazon S3 uses the storage class of the source object to create the object replica.

    Bucket string

    The ARN of the S3 bucket where you want Amazon S3 to store replicas of the object identified by the rule.

    AccessControlTranslation BucketReplicationConfigurationRuleDestinationAccessControlTranslation

    Specifies the overrides to use for object owners on replication. Must be used in conjunction with account_id owner override configuration.

    AccountId string

    The Account ID to use for overriding the object owner on replication. Must be used in conjunction with access_control_translation override configuration.

    Metrics BucketReplicationConfigurationRuleDestinationMetrics

    Enables replication metrics (required for S3 RTC) (documented below).

    ReplicaKmsKeyId string

    Destination KMS encryption key ARN for SSE-KMS replication. Must be used in conjunction with sse_kms_encrypted_objects source selection criteria.

    ReplicationTime BucketReplicationConfigurationRuleDestinationReplicationTime

    Enables S3 Replication Time Control (S3 RTC) (documented below).

    StorageClass string

    The storage class used to store the object. By default, Amazon S3 uses the storage class of the source object to create the object replica.

    bucket String

    The ARN of the S3 bucket where you want Amazon S3 to store replicas of the object identified by the rule.

    accessControlTranslation BucketReplicationConfigurationRuleDestinationAccessControlTranslation

    Specifies the overrides to use for object owners on replication. Must be used in conjunction with account_id owner override configuration.

    accountId String

    The Account ID to use for overriding the object owner on replication. Must be used in conjunction with access_control_translation override configuration.

    metrics BucketReplicationConfigurationRuleDestinationMetrics

    Enables replication metrics (required for S3 RTC) (documented below).

    replicaKmsKeyId String

    Destination KMS encryption key ARN for SSE-KMS replication. Must be used in conjunction with sse_kms_encrypted_objects source selection criteria.

    replicationTime BucketReplicationConfigurationRuleDestinationReplicationTime

    Enables S3 Replication Time Control (S3 RTC) (documented below).

    storageClass String

    The storage class used to store the object. By default, Amazon S3 uses the storage class of the source object to create the object replica.

    bucket string

    The ARN of the S3 bucket where you want Amazon S3 to store replicas of the object identified by the rule.

    accessControlTranslation BucketReplicationConfigurationRuleDestinationAccessControlTranslation

    Specifies the overrides to use for object owners on replication. Must be used in conjunction with account_id owner override configuration.

    accountId string

    The Account ID to use for overriding the object owner on replication. Must be used in conjunction with access_control_translation override configuration.

    metrics BucketReplicationConfigurationRuleDestinationMetrics

    Enables replication metrics (required for S3 RTC) (documented below).

    replicaKmsKeyId string

    Destination KMS encryption key ARN for SSE-KMS replication. Must be used in conjunction with sse_kms_encrypted_objects source selection criteria.

    replicationTime BucketReplicationConfigurationRuleDestinationReplicationTime

    Enables S3 Replication Time Control (S3 RTC) (documented below).

    storageClass string

    The storage class used to store the object. By default, Amazon S3 uses the storage class of the source object to create the object replica.

    bucket str

    The ARN of the S3 bucket where you want Amazon S3 to store replicas of the object identified by the rule.

    access_control_translation BucketReplicationConfigurationRuleDestinationAccessControlTranslation

    Specifies the overrides to use for object owners on replication. Must be used in conjunction with account_id owner override configuration.

    account_id str

    The Account ID to use for overriding the object owner on replication. Must be used in conjunction with access_control_translation override configuration.

    metrics BucketReplicationConfigurationRuleDestinationMetrics

    Enables replication metrics (required for S3 RTC) (documented below).

    replica_kms_key_id str

    Destination KMS encryption key ARN for SSE-KMS replication. Must be used in conjunction with sse_kms_encrypted_objects source selection criteria.

    replication_time BucketReplicationConfigurationRuleDestinationReplicationTime

    Enables S3 Replication Time Control (S3 RTC) (documented below).

    storage_class str

    The storage class used to store the object. By default, Amazon S3 uses the storage class of the source object to create the object replica.

    bucket String

    The ARN of the S3 bucket where you want Amazon S3 to store replicas of the object identified by the rule.

    accessControlTranslation Property Map

    Specifies the overrides to use for object owners on replication. Must be used in conjunction with account_id owner override configuration.

    accountId String

    The Account ID to use for overriding the object owner on replication. Must be used in conjunction with access_control_translation override configuration.

    metrics Property Map

    Enables replication metrics (required for S3 RTC) (documented below).

    replicaKmsKeyId String

    Destination KMS encryption key ARN for SSE-KMS replication. Must be used in conjunction with sse_kms_encrypted_objects source selection criteria.

    replicationTime Property Map

    Enables S3 Replication Time Control (S3 RTC) (documented below).

    storageClass String

    The storage class used to store the object. By default, Amazon S3 uses the storage class of the source object to create the object replica.

    BucketReplicationConfigurationRuleDestinationAccessControlTranslation, BucketReplicationConfigurationRuleDestinationAccessControlTranslationArgs

    Owner string

    The override value for the owner on replicated objects. Currently only Destination is supported.

    Owner string

    The override value for the owner on replicated objects. Currently only Destination is supported.

    owner String

    The override value for the owner on replicated objects. Currently only Destination is supported.

    owner string

    The override value for the owner on replicated objects. Currently only Destination is supported.

    owner str

    The override value for the owner on replicated objects. Currently only Destination is supported.

    owner String

    The override value for the owner on replicated objects. Currently only Destination is supported.

    BucketReplicationConfigurationRuleDestinationMetrics, BucketReplicationConfigurationRuleDestinationMetricsArgs

    Minutes int

    Threshold within which objects are to be replicated. The only valid value is 15.

    Status string

    The status of replication metrics. Either Enabled or Disabled.

    Minutes int

    Threshold within which objects are to be replicated. The only valid value is 15.

    Status string

    The status of replication metrics. Either Enabled or Disabled.

    minutes Integer

    Threshold within which objects are to be replicated. The only valid value is 15.

    status String

    The status of replication metrics. Either Enabled or Disabled.

    minutes number

    Threshold within which objects are to be replicated. The only valid value is 15.

    status string

    The status of replication metrics. Either Enabled or Disabled.

    minutes int

    Threshold within which objects are to be replicated. The only valid value is 15.

    status str

    The status of replication metrics. Either Enabled or Disabled.

    minutes Number

    Threshold within which objects are to be replicated. The only valid value is 15.

    status String

    The status of replication metrics. Either Enabled or Disabled.

    BucketReplicationConfigurationRuleDestinationReplicationTime, BucketReplicationConfigurationRuleDestinationReplicationTimeArgs

    Minutes int

    Threshold within which objects are to be replicated. The only valid value is 15.

    Status string

    The status of RTC. Either Enabled or Disabled.

    Minutes int

    Threshold within which objects are to be replicated. The only valid value is 15.

    Status string

    The status of RTC. Either Enabled or Disabled.

    minutes Integer

    Threshold within which objects are to be replicated. The only valid value is 15.

    status String

    The status of RTC. Either Enabled or Disabled.

    minutes number

    Threshold within which objects are to be replicated. The only valid value is 15.

    status string

    The status of RTC. Either Enabled or Disabled.

    minutes int

    Threshold within which objects are to be replicated. The only valid value is 15.

    status str

    The status of RTC. Either Enabled or Disabled.

    minutes Number

    Threshold within which objects are to be replicated. The only valid value is 15.

    status String

    The status of RTC. Either Enabled or Disabled.

    BucketReplicationConfigurationRuleFilter, BucketReplicationConfigurationRuleFilterArgs

    Prefix string

    Object keyname prefix that identifies subset of objects to which the rule applies. Must be less than or equal to 1024 characters in length.

    Tags Dictionary<string, string>

    A map of tags that identifies subset of objects to which the rule applies. The rule applies only to objects having all the tags in its tagset.

    Prefix string

    Object keyname prefix that identifies subset of objects to which the rule applies. Must be less than or equal to 1024 characters in length.

    Tags map[string]string

    A map of tags that identifies subset of objects to which the rule applies. The rule applies only to objects having all the tags in its tagset.

    prefix String

    Object keyname prefix that identifies subset of objects to which the rule applies. Must be less than or equal to 1024 characters in length.

    tags Map<String,String>

    A map of tags that identifies subset of objects to which the rule applies. The rule applies only to objects having all the tags in its tagset.

    prefix string

    Object keyname prefix that identifies subset of objects to which the rule applies. Must be less than or equal to 1024 characters in length.

    tags {[key: string]: string}

    A map of tags that identifies subset of objects to which the rule applies. The rule applies only to objects having all the tags in its tagset.

    prefix str

    Object keyname prefix that identifies subset of objects to which the rule applies. Must be less than or equal to 1024 characters in length.

    tags Mapping[str, str]

    A map of tags that identifies subset of objects to which the rule applies. The rule applies only to objects having all the tags in its tagset.

    prefix String

    Object keyname prefix that identifies subset of objects to which the rule applies. Must be less than or equal to 1024 characters in length.

    tags Map<String>

    A map of tags that identifies subset of objects to which the rule applies. The rule applies only to objects having all the tags in its tagset.

    BucketReplicationConfigurationRuleSourceSelectionCriteria, BucketReplicationConfigurationRuleSourceSelectionCriteriaArgs

    SseKmsEncryptedObjects BucketReplicationConfigurationRuleSourceSelectionCriteriaSseKmsEncryptedObjects

    Match SSE-KMS encrypted objects (documented below). If specified, replica_kms_key_id in destination must be specified as well.

    SseKmsEncryptedObjects BucketReplicationConfigurationRuleSourceSelectionCriteriaSseKmsEncryptedObjects

    Match SSE-KMS encrypted objects (documented below). If specified, replica_kms_key_id in destination must be specified as well.

    sseKmsEncryptedObjects BucketReplicationConfigurationRuleSourceSelectionCriteriaSseKmsEncryptedObjects

    Match SSE-KMS encrypted objects (documented below). If specified, replica_kms_key_id in destination must be specified as well.

    sseKmsEncryptedObjects BucketReplicationConfigurationRuleSourceSelectionCriteriaSseKmsEncryptedObjects

    Match SSE-KMS encrypted objects (documented below). If specified, replica_kms_key_id in destination must be specified as well.

    sse_kms_encrypted_objects BucketReplicationConfigurationRuleSourceSelectionCriteriaSseKmsEncryptedObjects

    Match SSE-KMS encrypted objects (documented below). If specified, replica_kms_key_id in destination must be specified as well.

    sseKmsEncryptedObjects Property Map

    Match SSE-KMS encrypted objects (documented below). If specified, replica_kms_key_id in destination must be specified as well.

    BucketReplicationConfigurationRuleSourceSelectionCriteriaSseKmsEncryptedObjects, BucketReplicationConfigurationRuleSourceSelectionCriteriaSseKmsEncryptedObjectsArgs

    Enabled bool

    Boolean which indicates if this criteria is enabled.

    Enabled bool

    Boolean which indicates if this criteria is enabled.

    enabled Boolean

    Boolean which indicates if this criteria is enabled.

    enabled boolean

    Boolean which indicates if this criteria is enabled.

    enabled bool

    Boolean which indicates if this criteria is enabled.

    enabled Boolean

    Boolean which indicates if this criteria is enabled.

    BucketServerSideEncryptionConfiguration, BucketServerSideEncryptionConfigurationArgs

    Rule BucketServerSideEncryptionConfigurationRule

    A single object for server-side encryption by default configuration. (documented below)

    Rule BucketServerSideEncryptionConfigurationRule

    A single object for server-side encryption by default configuration. (documented below)

    rule BucketServerSideEncryptionConfigurationRule

    A single object for server-side encryption by default configuration. (documented below)

    rule BucketServerSideEncryptionConfigurationRule

    A single object for server-side encryption by default configuration. (documented below)

    rule BucketServerSideEncryptionConfigurationRule

    A single object for server-side encryption by default configuration. (documented below)

    rule Property Map

    A single object for server-side encryption by default configuration. (documented below)

    BucketServerSideEncryptionConfigurationRule, BucketServerSideEncryptionConfigurationRuleArgs

    ApplyServerSideEncryptionByDefault BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefault

    A single object for setting server-side encryption by default. (documented below)

    BucketKeyEnabled bool

    Whether or not to use Amazon S3 Bucket Keys for SSE-KMS.

    ApplyServerSideEncryptionByDefault BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefault

    A single object for setting server-side encryption by default. (documented below)

    BucketKeyEnabled bool

    Whether or not to use Amazon S3 Bucket Keys for SSE-KMS.

    applyServerSideEncryptionByDefault BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefault

    A single object for setting server-side encryption by default. (documented below)

    bucketKeyEnabled Boolean

    Whether or not to use Amazon S3 Bucket Keys for SSE-KMS.

    applyServerSideEncryptionByDefault BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefault

    A single object for setting server-side encryption by default. (documented below)

    bucketKeyEnabled boolean

    Whether or not to use Amazon S3 Bucket Keys for SSE-KMS.

    apply_server_side_encryption_by_default BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefault

    A single object for setting server-side encryption by default. (documented below)

    bucket_key_enabled bool

    Whether or not to use Amazon S3 Bucket Keys for SSE-KMS.

    applyServerSideEncryptionByDefault Property Map

    A single object for setting server-side encryption by default. (documented below)

    bucketKeyEnabled Boolean

    Whether or not to use Amazon S3 Bucket Keys for SSE-KMS.

    BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefault, BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefaultArgs

    SseAlgorithm string

    The server-side encryption algorithm to use. Valid values are AES256 and aws:kms

    KmsMasterKeyId string

    The AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of sse_algorithm as aws:kms. The default aws/s3 AWS KMS master key is used if this element is absent while the sse_algorithm is aws:kms.

    SseAlgorithm string

    The server-side encryption algorithm to use. Valid values are AES256 and aws:kms

    KmsMasterKeyId string

    The AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of sse_algorithm as aws:kms. The default aws/s3 AWS KMS master key is used if this element is absent while the sse_algorithm is aws:kms.

    sseAlgorithm String

    The server-side encryption algorithm to use. Valid values are AES256 and aws:kms

    kmsMasterKeyId String

    The AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of sse_algorithm as aws:kms. The default aws/s3 AWS KMS master key is used if this element is absent while the sse_algorithm is aws:kms.

    sseAlgorithm string

    The server-side encryption algorithm to use. Valid values are AES256 and aws:kms

    kmsMasterKeyId string

    The AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of sse_algorithm as aws:kms. The default aws/s3 AWS KMS master key is used if this element is absent while the sse_algorithm is aws:kms.

    sse_algorithm str

    The server-side encryption algorithm to use. Valid values are AES256 and aws:kms

    kms_master_key_id str

    The AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of sse_algorithm as aws:kms. The default aws/s3 AWS KMS master key is used if this element is absent while the sse_algorithm is aws:kms.

    sseAlgorithm String

    The server-side encryption algorithm to use. Valid values are AES256 and aws:kms

    kmsMasterKeyId String

    The AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of sse_algorithm as aws:kms. The default aws/s3 AWS KMS master key is used if this element is absent while the sse_algorithm is aws:kms.

    BucketVersioning, BucketVersioningArgs

    Enabled bool

    Enable versioning. Once you version-enable a bucket, it can never return to an unversioned state. You can, however, suspend versioning on that bucket.

    MfaDelete bool

    Enable MFA delete for either Change the versioning state of your bucket or Permanently delete an object version. Default is false. This cannot be used to toggle this setting but is available to allow managed buckets to reflect the state in AWS

    Enabled bool

    Enable versioning. Once you version-enable a bucket, it can never return to an unversioned state. You can, however, suspend versioning on that bucket.

    MfaDelete bool

    Enable MFA delete for either Change the versioning state of your bucket or Permanently delete an object version. Default is false. This cannot be used to toggle this setting but is available to allow managed buckets to reflect the state in AWS

    enabled Boolean

    Enable versioning. Once you version-enable a bucket, it can never return to an unversioned state. You can, however, suspend versioning on that bucket.

    mfaDelete Boolean

    Enable MFA delete for either Change the versioning state of your bucket or Permanently delete an object version. Default is false. This cannot be used to toggle this setting but is available to allow managed buckets to reflect the state in AWS

    enabled boolean

    Enable versioning. Once you version-enable a bucket, it can never return to an unversioned state. You can, however, suspend versioning on that bucket.

    mfaDelete boolean

    Enable MFA delete for either Change the versioning state of your bucket or Permanently delete an object version. Default is false. This cannot be used to toggle this setting but is available to allow managed buckets to reflect the state in AWS

    enabled bool

    Enable versioning. Once you version-enable a bucket, it can never return to an unversioned state. You can, however, suspend versioning on that bucket.

    mfa_delete bool

    Enable MFA delete for either Change the versioning state of your bucket or Permanently delete an object version. Default is false. This cannot be used to toggle this setting but is available to allow managed buckets to reflect the state in AWS

    enabled Boolean

    Enable versioning. Once you version-enable a bucket, it can never return to an unversioned state. You can, however, suspend versioning on that bucket.

    mfaDelete Boolean

    Enable MFA delete for either Change the versioning state of your bucket or Permanently delete an object version. Default is false. This cannot be used to toggle this setting but is available to allow managed buckets to reflect the state in AWS

    BucketWebsite, BucketWebsiteArgs

    ErrorDocument string

    An absolute path to the document to return in case of a 4XX error.

    IndexDocument string

    Amazon S3 returns this index document when requests are made to the root domain or any of the subfolders.

    RedirectAllRequestsTo string

    A hostname to redirect all website requests for this bucket to. Hostname can optionally be prefixed with a protocol (http:// or https://) to use when redirecting requests. The default is the protocol that is used in the original request.

    RoutingRules string | List<string>

    A json array containing routing rules describing redirect behavior and when redirects are applied.

    The CORS object supports the following:

    ErrorDocument string

    An absolute path to the document to return in case of a 4XX error.

    IndexDocument string

    Amazon S3 returns this index document when requests are made to the root domain or any of the subfolders.

    RedirectAllRequestsTo string

    A hostname to redirect all website requests for this bucket to. Hostname can optionally be prefixed with a protocol (http:// or https://) to use when redirecting requests. The default is the protocol that is used in the original request.

    RoutingRules string | []string

    A json array containing routing rules describing redirect behavior and when redirects are applied.

    The CORS object supports the following:

    errorDocument String

    An absolute path to the document to return in case of a 4XX error.

    indexDocument String

    Amazon S3 returns this index document when requests are made to the root domain or any of the subfolders.

    redirectAllRequestsTo String

    A hostname to redirect all website requests for this bucket to. Hostname can optionally be prefixed with a protocol (http:// or https://) to use when redirecting requests. The default is the protocol that is used in the original request.

    routingRules String | List<String>

    A json array containing routing rules describing redirect behavior and when redirects are applied.

    The CORS object supports the following:

    errorDocument string

    An absolute path to the document to return in case of a 4XX error.

    indexDocument string

    Amazon S3 returns this index document when requests are made to the root domain or any of the subfolders.

    redirectAllRequestsTo string

    A hostname to redirect all website requests for this bucket to. Hostname can optionally be prefixed with a protocol (http:// or https://) to use when redirecting requests. The default is the protocol that is used in the original request.

    routingRules string | RoutingRule[]

    A json array containing routing rules describing redirect behavior and when redirects are applied.

    The CORS object supports the following:

    error_document str

    An absolute path to the document to return in case of a 4XX error.

    index_document str

    Amazon S3 returns this index document when requests are made to the root domain or any of the subfolders.

    redirect_all_requests_to str

    A hostname to redirect all website requests for this bucket to. Hostname can optionally be prefixed with a protocol (http:// or https://) to use when redirecting requests. The default is the protocol that is used in the original request.

    routing_rules str | Sequence[str]

    A json array containing routing rules describing redirect behavior and when redirects are applied.

    The CORS object supports the following:

    errorDocument String

    An absolute path to the document to return in case of a 4XX error.

    indexDocument String

    Amazon S3 returns this index document when requests are made to the root domain or any of the subfolders.

    redirectAllRequestsTo String

    A hostname to redirect all website requests for this bucket to. Hostname can optionally be prefixed with a protocol (http:// or https://) to use when redirecting requests. The default is the protocol that is used in the original request.

    routingRules String | List<>

    A json array containing routing rules describing redirect behavior and when redirects are applied.

    The CORS object supports the following:

    CannedAcl, CannedAclArgs

    Private
    private
    PublicRead
    public-read
    PublicReadWrite
    public-read-write
    AwsExecRead
    aws-exec-read
    AuthenticatedRead
    authenticated-read
    BucketOwnerRead
    bucket-owner-read
    BucketOwnerFullControl
    bucket-owner-full-control
    LogDeliveryWrite
    log-delivery-write
    CannedAclPrivate
    private
    CannedAclPublicRead
    public-read
    CannedAclPublicReadWrite
    public-read-write
    CannedAclAwsExecRead
    aws-exec-read
    CannedAclAuthenticatedRead
    authenticated-read
    CannedAclBucketOwnerRead
    bucket-owner-read
    CannedAclBucketOwnerFullControl
    bucket-owner-full-control
    CannedAclLogDeliveryWrite
    log-delivery-write
    Private
    private
    PublicRead
    public-read
    PublicReadWrite
    public-read-write
    AwsExecRead
    aws-exec-read
    AuthenticatedRead
    authenticated-read
    BucketOwnerRead
    bucket-owner-read
    BucketOwnerFullControl
    bucket-owner-full-control
    LogDeliveryWrite
    log-delivery-write
    Private
    private
    PublicRead
    public-read
    PublicReadWrite
    public-read-write
    AwsExecRead
    aws-exec-read
    AuthenticatedRead
    authenticated-read
    BucketOwnerRead
    bucket-owner-read
    BucketOwnerFullControl
    bucket-owner-full-control
    LogDeliveryWrite
    log-delivery-write
    PRIVATE
    private
    PUBLIC_READ
    public-read
    PUBLIC_READ_WRITE
    public-read-write
    AWS_EXEC_READ
    aws-exec-read
    AUTHENTICATED_READ
    authenticated-read
    BUCKET_OWNER_READ
    bucket-owner-read
    BUCKET_OWNER_FULL_CONTROL
    bucket-owner-full-control
    LOG_DELIVERY_WRITE
    log-delivery-write
    "private"
    private
    "public-read"
    public-read
    "public-read-write"
    public-read-write
    "aws-exec-read"
    aws-exec-read
    "authenticated-read"
    authenticated-read
    "bucket-owner-read"
    bucket-owner-read
    "bucket-owner-full-control"
    bucket-owner-full-control
    "log-delivery-write"
    log-delivery-write

    Import

    S3 bucket can be imported using the bucket, e.g.,

     $ pulumi import aws:s3/bucket:Bucket bucket bucket-name
    

    The policy argument is not imported and will be deprecated in a future version of the provider. Use the aws_s3_bucket_policy resource to manage the S3 Bucket Policy instead.

    Package Details

    Repository
    AWS Classic pulumi/pulumi-aws
    License
    Apache-2.0
    Notes

    This Pulumi package is based on the aws Terraform Provider.

    aws logo

    Try AWS Native preview for resources not in the classic version.

    AWS Classic v6.3.0 published on Thursday, Sep 28, 2023 by Pulumi