aws.s3.Bucket
Provides a S3 bucket resource.
This functionality is for managing S3 in an AWS Partition. To manage S3 on Outposts, see the
aws.s3control.Bucketresource.
Example Usage
Private Bucket w/ Tags
using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var bucket = new Aws.S3.Bucket("bucket", new()
{
Acl = "private",
Tags =
{
{ "Environment", "Dev" },
{ "Name", "My bucket" },
},
});
});
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/s3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := s3.NewBucket(ctx, "bucket", &s3.BucketArgs{
Acl: pulumi.String("private"),
Tags: pulumi.StringMap{
"Environment": pulumi.String("Dev"),
"Name": pulumi.String("My bucket"),
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.Bucket;
import com.pulumi.aws.s3.BucketArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var bucket = new Bucket("bucket", BucketArgs.builder()
.acl("private")
.tags(Map.ofEntries(
Map.entry("Environment", "Dev"),
Map.entry("Name", "My bucket")
))
.build());
}
}
import pulumi
import pulumi_aws as aws
bucket = aws.s3.Bucket("bucket",
acl="private",
tags={
"Environment": "Dev",
"Name": "My bucket",
})
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const bucket = new aws.s3.Bucket("bucket", {
acl: "private",
tags: {
Environment: "Dev",
Name: "My bucket",
},
});
resources:
bucket:
type: aws:s3:Bucket
properties:
acl: private
tags:
Environment: Dev
Name: My bucket
Static Website Hosting
using System.Collections.Generic;
using System.IO;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var bucket = new Aws.S3.Bucket("bucket", new()
{
Acl = "public-read",
Policy = File.ReadAllText("policy.json"),
Website = new Aws.S3.Inputs.BucketWebsiteArgs
{
IndexDocument = "index.html",
ErrorDocument = "error.html",
RoutingRules = @"[{
""Condition"": {
""KeyPrefixEquals"": ""docs/""
},
""Redirect"": {
""ReplaceKeyPrefixWith"": ""documents/""
}
}]
",
},
});
});
package main
import (
"os"
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/iam"
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/s3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func readFileOrPanic(path string) pulumi.StringPtrInput {
data, err := os.ReadFile(path)
if err != nil {
panic(err.Error())
}
return pulumi.String(string(data))
}
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := s3.NewBucket(ctx, "bucket", &s3.BucketArgs{
Acl: pulumi.String("public-read"),
Policy: readFileOrPanic("policy.json"),
Website: &s3.BucketWebsiteArgs{
IndexDocument: pulumi.String("index.html"),
ErrorDocument: pulumi.String("error.html"),
RoutingRules: pulumi.Any("[{\n \"Condition\": {\n \"KeyPrefixEquals\": \"docs/\"\n },\n \"Redirect\": {\n \"ReplaceKeyPrefixWith\": \"documents/\"\n }\n}]\n"),
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.Bucket;
import com.pulumi.aws.s3.BucketArgs;
import com.pulumi.aws.s3.inputs.BucketWebsiteArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var bucket = new Bucket("bucket", BucketArgs.builder()
.acl("public-read")
.policy(Files.readString(Paths.get("policy.json")))
.website(BucketWebsiteArgs.builder()
.indexDocument("index.html")
.errorDocument("error.html")
.routingRules("""
[{
"Condition": {
"KeyPrefixEquals": "docs/"
},
"Redirect": {
"ReplaceKeyPrefixWith": "documents/"
}
}]
""")
.build())
.build());
}
}
import pulumi
import pulumi_aws as aws
bucket = aws.s3.Bucket("bucket",
acl="public-read",
policy=(lambda path: open(path).read())("policy.json"),
website=aws.s3.BucketWebsiteArgs(
index_document="index.html",
error_document="error.html",
routing_rules="""[{
"Condition": {
"KeyPrefixEquals": "docs/"
},
"Redirect": {
"ReplaceKeyPrefixWith": "documents/"
}
}]
""",
))
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as fs from "fs";
const bucket = new aws.s3.Bucket("bucket", {
acl: "public-read",
policy: fs.readFileSync("policy.json"),
website: {
indexDocument: "index.html",
errorDocument: "error.html",
routingRules: `[{
"Condition": {
"KeyPrefixEquals": "docs/"
},
"Redirect": {
"ReplaceKeyPrefixWith": "documents/"
}
}]
`,
},
});
resources:
bucket:
type: aws:s3:Bucket
properties:
acl: public-read
policy:
fn::readFile: policy.json
website:
indexDocument: index.html
errorDocument: error.html
routingRules: |
[{
"Condition": {
"KeyPrefixEquals": "docs/"
},
"Redirect": {
"ReplaceKeyPrefixWith": "documents/"
}
}]
Using CORS
using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var bucket = new Aws.S3.Bucket("bucket", new()
{
Acl = "public-read",
CorsRules = new[]
{
new Aws.S3.Inputs.BucketCorsRuleArgs
{
AllowedHeaders = new[]
{
"*",
},
AllowedMethods = new[]
{
"PUT",
"POST",
},
AllowedOrigins = new[]
{
"https://s3-website-test.mydomain.com",
},
ExposeHeaders = new[]
{
"ETag",
},
MaxAgeSeconds = 3000,
},
},
});
});
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/s3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := s3.NewBucket(ctx, "bucket", &s3.BucketArgs{
Acl: pulumi.String("public-read"),
CorsRules: s3.BucketCorsRuleArray{
&s3.BucketCorsRuleArgs{
AllowedHeaders: pulumi.StringArray{
pulumi.String("*"),
},
AllowedMethods: pulumi.StringArray{
pulumi.String("PUT"),
pulumi.String("POST"),
},
AllowedOrigins: pulumi.StringArray{
pulumi.String("https://s3-website-test.mydomain.com"),
},
ExposeHeaders: pulumi.StringArray{
pulumi.String("ETag"),
},
MaxAgeSeconds: pulumi.Int(3000),
},
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.Bucket;
import com.pulumi.aws.s3.BucketArgs;
import com.pulumi.aws.s3.inputs.BucketCorsRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var bucket = new Bucket("bucket", BucketArgs.builder()
.acl("public-read")
.corsRules(BucketCorsRuleArgs.builder()
.allowedHeaders("*")
.allowedMethods(
"PUT",
"POST")
.allowedOrigins("https://s3-website-test.mydomain.com")
.exposeHeaders("ETag")
.maxAgeSeconds(3000)
.build())
.build());
}
}
import pulumi
import pulumi_aws as aws
bucket = aws.s3.Bucket("bucket",
acl="public-read",
cors_rules=[aws.s3.BucketCorsRuleArgs(
allowed_headers=["*"],
allowed_methods=[
"PUT",
"POST",
],
allowed_origins=["https://s3-website-test.mydomain.com"],
expose_headers=["ETag"],
max_age_seconds=3000,
)])
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const bucket = new aws.s3.Bucket("bucket", {
acl: "public-read",
corsRules: [{
allowedHeaders: ["*"],
allowedMethods: [
"PUT",
"POST",
],
allowedOrigins: ["https://s3-website-test.mydomain.com"],
exposeHeaders: ["ETag"],
maxAgeSeconds: 3000,
}],
});
resources:
bucket:
type: aws:s3:Bucket
properties:
acl: public-read
corsRules:
- allowedHeaders:
- '*'
allowedMethods:
- PUT
- POST
allowedOrigins:
- https://s3-website-test.mydomain.com
exposeHeaders:
- ETag
maxAgeSeconds: 3000
Using versioning
using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var bucket = new Aws.S3.Bucket("bucket", new()
{
Acl = "private",
Versioning = new Aws.S3.Inputs.BucketVersioningArgs
{
Enabled = true,
},
});
});
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/s3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := s3.NewBucket(ctx, "bucket", &s3.BucketArgs{
Acl: pulumi.String("private"),
Versioning: &s3.BucketVersioningArgs{
Enabled: pulumi.Bool(true),
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.Bucket;
import com.pulumi.aws.s3.BucketArgs;
import com.pulumi.aws.s3.inputs.BucketVersioningArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var bucket = new Bucket("bucket", BucketArgs.builder()
.acl("private")
.versioning(BucketVersioningArgs.builder()
.enabled(true)
.build())
.build());
}
}
import pulumi
import pulumi_aws as aws
bucket = aws.s3.Bucket("bucket",
acl="private",
versioning=aws.s3.BucketVersioningArgs(
enabled=True,
))
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const bucket = new aws.s3.Bucket("bucket", {
acl: "private",
versioning: {
enabled: true,
},
});
resources:
bucket:
type: aws:s3:Bucket
properties:
acl: private
versioning:
enabled: true
Enable Logging
using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var logBucket = new Aws.S3.Bucket("logBucket", new()
{
Acl = "log-delivery-write",
});
var bucket = new Aws.S3.Bucket("bucket", new()
{
Acl = "private",
Loggings = new[]
{
new Aws.S3.Inputs.BucketLoggingArgs
{
TargetBucket = logBucket.Id,
TargetPrefix = "log/",
},
},
});
});
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/s3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
logBucket, err := s3.NewBucket(ctx, "logBucket", &s3.BucketArgs{
Acl: pulumi.String("log-delivery-write"),
})
if err != nil {
return err
}
_, err = s3.NewBucket(ctx, "bucket", &s3.BucketArgs{
Acl: pulumi.String("private"),
Loggings: s3.BucketLoggingArray{
&s3.BucketLoggingArgs{
TargetBucket: logBucket.ID(),
TargetPrefix: pulumi.String("log/"),
},
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.Bucket;
import com.pulumi.aws.s3.BucketArgs;
import com.pulumi.aws.s3.inputs.BucketLoggingArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var logBucket = new Bucket("logBucket", BucketArgs.builder()
.acl("log-delivery-write")
.build());
var bucket = new Bucket("bucket", BucketArgs.builder()
.acl("private")
.loggings(BucketLoggingArgs.builder()
.targetBucket(logBucket.id())
.targetPrefix("log/")
.build())
.build());
}
}
import pulumi
import pulumi_aws as aws
log_bucket = aws.s3.Bucket("logBucket", acl="log-delivery-write")
bucket = aws.s3.Bucket("bucket",
acl="private",
loggings=[aws.s3.BucketLoggingArgs(
target_bucket=log_bucket.id,
target_prefix="log/",
)])
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const logBucket = new aws.s3.Bucket("logBucket", {acl: "log-delivery-write"});
const bucket = new aws.s3.Bucket("bucket", {
acl: "private",
loggings: [{
targetBucket: logBucket.id,
targetPrefix: "log/",
}],
});
resources:
logBucket:
type: aws:s3:Bucket
properties:
acl: log-delivery-write
bucket:
type: aws:s3:Bucket
properties:
acl: private
loggings:
- targetBucket: ${logBucket.id}
targetPrefix: log/
Using object lifecycle
using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var bucket = new Aws.S3.Bucket("bucket", new()
{
Acl = "private",
LifecycleRules = new[]
{
new Aws.S3.Inputs.BucketLifecycleRuleArgs
{
Enabled = true,
Expiration = new Aws.S3.Inputs.BucketLifecycleRuleExpirationArgs
{
Days = 90,
},
Id = "log",
Prefix = "log/",
Tags =
{
{ "autoclean", "true" },
{ "rule", "log" },
},
Transitions = new[]
{
new Aws.S3.Inputs.BucketLifecycleRuleTransitionArgs
{
Days = 30,
StorageClass = "STANDARD_IA",
},
new Aws.S3.Inputs.BucketLifecycleRuleTransitionArgs
{
Days = 60,
StorageClass = "GLACIER",
},
},
},
new Aws.S3.Inputs.BucketLifecycleRuleArgs
{
Enabled = true,
Expiration = new Aws.S3.Inputs.BucketLifecycleRuleExpirationArgs
{
Date = "2016-01-12",
},
Id = "tmp",
Prefix = "tmp/",
},
},
});
var versioningBucket = new Aws.S3.Bucket("versioningBucket", new()
{
Acl = "private",
LifecycleRules = new[]
{
new Aws.S3.Inputs.BucketLifecycleRuleArgs
{
Enabled = true,
NoncurrentVersionExpiration = new Aws.S3.Inputs.BucketLifecycleRuleNoncurrentVersionExpirationArgs
{
Days = 90,
},
NoncurrentVersionTransitions = new[]
{
new Aws.S3.Inputs.BucketLifecycleRuleNoncurrentVersionTransitionArgs
{
Days = 30,
StorageClass = "STANDARD_IA",
},
new Aws.S3.Inputs.BucketLifecycleRuleNoncurrentVersionTransitionArgs
{
Days = 60,
StorageClass = "GLACIER",
},
},
Prefix = "config/",
},
},
Versioning = new Aws.S3.Inputs.BucketVersioningArgs
{
Enabled = true,
},
});
});
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/s3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := s3.NewBucket(ctx, "bucket", &s3.BucketArgs{
Acl: pulumi.String("private"),
LifecycleRules: s3.BucketLifecycleRuleArray{
&s3.BucketLifecycleRuleArgs{
Enabled: pulumi.Bool(true),
Expiration: &s3.BucketLifecycleRuleExpirationArgs{
Days: pulumi.Int(90),
},
Id: pulumi.String("log"),
Prefix: pulumi.String("log/"),
Tags: pulumi.StringMap{
"autoclean": pulumi.String("true"),
"rule": pulumi.String("log"),
},
Transitions: s3.BucketLifecycleRuleTransitionArray{
&s3.BucketLifecycleRuleTransitionArgs{
Days: pulumi.Int(30),
StorageClass: pulumi.String("STANDARD_IA"),
},
&s3.BucketLifecycleRuleTransitionArgs{
Days: pulumi.Int(60),
StorageClass: pulumi.String("GLACIER"),
},
},
},
&s3.BucketLifecycleRuleArgs{
Enabled: pulumi.Bool(true),
Expiration: &s3.BucketLifecycleRuleExpirationArgs{
Date: pulumi.String("2016-01-12"),
},
Id: pulumi.String("tmp"),
Prefix: pulumi.String("tmp/"),
},
},
})
if err != nil {
return err
}
_, err = s3.NewBucket(ctx, "versioningBucket", &s3.BucketArgs{
Acl: pulumi.String("private"),
LifecycleRules: s3.BucketLifecycleRuleArray{
&s3.BucketLifecycleRuleArgs{
Enabled: pulumi.Bool(true),
NoncurrentVersionExpiration: &s3.BucketLifecycleRuleNoncurrentVersionExpirationArgs{
Days: pulumi.Int(90),
},
NoncurrentVersionTransitions: s3.BucketLifecycleRuleNoncurrentVersionTransitionArray{
&s3.BucketLifecycleRuleNoncurrentVersionTransitionArgs{
Days: pulumi.Int(30),
StorageClass: pulumi.String("STANDARD_IA"),
},
&s3.BucketLifecycleRuleNoncurrentVersionTransitionArgs{
Days: pulumi.Int(60),
StorageClass: pulumi.String("GLACIER"),
},
},
Prefix: pulumi.String("config/"),
},
},
Versioning: &s3.BucketVersioningArgs{
Enabled: pulumi.Bool(true),
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.Bucket;
import com.pulumi.aws.s3.BucketArgs;
import com.pulumi.aws.s3.inputs.BucketLifecycleRuleArgs;
import com.pulumi.aws.s3.inputs.BucketLifecycleRuleExpirationArgs;
import com.pulumi.aws.s3.inputs.BucketLifecycleRuleNoncurrentVersionExpirationArgs;
import com.pulumi.aws.s3.inputs.BucketVersioningArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var bucket = new Bucket("bucket", BucketArgs.builder()
.acl("private")
.lifecycleRules(
BucketLifecycleRuleArgs.builder()
.enabled(true)
.expiration(BucketLifecycleRuleExpirationArgs.builder()
.days(90)
.build())
.id("log")
.prefix("log/")
.tags(Map.ofEntries(
Map.entry("autoclean", "true"),
Map.entry("rule", "log")
))
.transitions(
BucketLifecycleRuleTransitionArgs.builder()
.days(30)
.storageClass("STANDARD_IA")
.build(),
BucketLifecycleRuleTransitionArgs.builder()
.days(60)
.storageClass("GLACIER")
.build())
.build(),
BucketLifecycleRuleArgs.builder()
.enabled(true)
.expiration(BucketLifecycleRuleExpirationArgs.builder()
.date("2016-01-12")
.build())
.id("tmp")
.prefix("tmp/")
.build())
.build());
var versioningBucket = new Bucket("versioningBucket", BucketArgs.builder()
.acl("private")
.lifecycleRules(BucketLifecycleRuleArgs.builder()
.enabled(true)
.noncurrentVersionExpiration(BucketLifecycleRuleNoncurrentVersionExpirationArgs.builder()
.days(90)
.build())
.noncurrentVersionTransitions(
BucketLifecycleRuleNoncurrentVersionTransitionArgs.builder()
.days(30)
.storageClass("STANDARD_IA")
.build(),
BucketLifecycleRuleNoncurrentVersionTransitionArgs.builder()
.days(60)
.storageClass("GLACIER")
.build())
.prefix("config/")
.build())
.versioning(BucketVersioningArgs.builder()
.enabled(true)
.build())
.build());
}
}
import pulumi
import pulumi_aws as aws
bucket = aws.s3.Bucket("bucket",
acl="private",
lifecycle_rules=[
aws.s3.BucketLifecycleRuleArgs(
enabled=True,
expiration=aws.s3.BucketLifecycleRuleExpirationArgs(
days=90,
),
id="log",
prefix="log/",
tags={
"autoclean": "true",
"rule": "log",
},
transitions=[
aws.s3.BucketLifecycleRuleTransitionArgs(
days=30,
storage_class="STANDARD_IA",
),
aws.s3.BucketLifecycleRuleTransitionArgs(
days=60,
storage_class="GLACIER",
),
],
),
aws.s3.BucketLifecycleRuleArgs(
enabled=True,
expiration=aws.s3.BucketLifecycleRuleExpirationArgs(
date="2016-01-12",
),
id="tmp",
prefix="tmp/",
),
])
versioning_bucket = aws.s3.Bucket("versioningBucket",
acl="private",
lifecycle_rules=[aws.s3.BucketLifecycleRuleArgs(
enabled=True,
noncurrent_version_expiration=aws.s3.BucketLifecycleRuleNoncurrentVersionExpirationArgs(
days=90,
),
noncurrent_version_transitions=[
aws.s3.BucketLifecycleRuleNoncurrentVersionTransitionArgs(
days=30,
storage_class="STANDARD_IA",
),
aws.s3.BucketLifecycleRuleNoncurrentVersionTransitionArgs(
days=60,
storage_class="GLACIER",
),
],
prefix="config/",
)],
versioning=aws.s3.BucketVersioningArgs(
enabled=True,
))
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const bucket = new aws.s3.Bucket("bucket", {
acl: "private",
lifecycleRules: [
{
enabled: true,
expiration: {
days: 90,
},
id: "log",
prefix: "log/",
tags: {
autoclean: "true",
rule: "log",
},
transitions: [
{
days: 30,
storageClass: "STANDARD_IA",
},
{
days: 60,
storageClass: "GLACIER",
},
],
},
{
enabled: true,
expiration: {
date: "2016-01-12",
},
id: "tmp",
prefix: "tmp/",
},
],
});
const versioningBucket = new aws.s3.Bucket("versioningBucket", {
acl: "private",
lifecycleRules: [{
enabled: true,
noncurrentVersionExpiration: {
days: 90,
},
noncurrentVersionTransitions: [
{
days: 30,
storageClass: "STANDARD_IA",
},
{
days: 60,
storageClass: "GLACIER",
},
],
prefix: "config/",
}],
versioning: {
enabled: true,
},
});
resources:
bucket:
type: aws:s3:Bucket
properties:
acl: private
lifecycleRules:
- enabled: true
expiration:
days: 90
id: log
prefix: log/
tags:
autoclean: 'true'
rule: log
transitions:
- days: 30
storageClass: STANDARD_IA
- days: 60
storageClass: GLACIER
- enabled: true
expiration:
date: 2016-01-12
id: tmp
prefix: tmp/
versioningBucket:
type: aws:s3:Bucket
properties:
acl: private
lifecycleRules:
- enabled: true
noncurrentVersionExpiration:
days: 90
noncurrentVersionTransitions:
- days: 30
storageClass: STANDARD_IA
- days: 60
storageClass: GLACIER
prefix: config/
versioning:
enabled: true
Using replication configuration
using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var central = new Aws.Provider("central", new()
{
Region = "eu-central-1",
});
var replicationRole = new Aws.Iam.Role("replicationRole", new()
{
AssumeRolePolicy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Action"": ""sts:AssumeRole"",
""Principal"": {
""Service"": ""s3.amazonaws.com""
},
""Effect"": ""Allow"",
""Sid"": """"
}
]
}
",
});
var destination = new Aws.S3.Bucket("destination", new()
{
Versioning = new Aws.S3.Inputs.BucketVersioningArgs
{
Enabled = true,
},
});
var source = new Aws.S3.Bucket("source", new()
{
Acl = "private",
Versioning = new Aws.S3.Inputs.BucketVersioningArgs
{
Enabled = true,
},
ReplicationConfiguration = new Aws.S3.Inputs.BucketReplicationConfigurationArgs
{
Role = replicationRole.Arn,
Rules = new[]
{
new Aws.S3.Inputs.BucketReplicationConfigurationRuleArgs
{
Id = "foobar",
Status = "Enabled",
Filter = new Aws.S3.Inputs.BucketReplicationConfigurationRuleFilterArgs
{
Tags = null,
},
Destination = new Aws.S3.Inputs.BucketReplicationConfigurationRuleDestinationArgs
{
Bucket = destination.Arn,
StorageClass = "STANDARD",
ReplicationTime = new Aws.S3.Inputs.BucketReplicationConfigurationRuleDestinationReplicationTimeArgs
{
Status = "Enabled",
Minutes = 15,
},
Metrics = new Aws.S3.Inputs.BucketReplicationConfigurationRuleDestinationMetricsArgs
{
Status = "Enabled",
Minutes = 15,
},
},
},
},
},
}, new CustomResourceOptions
{
Provider = aws.Central,
});
var replicationPolicy = new Aws.Iam.Policy("replicationPolicy", new()
{
PolicyDocument = Output.Tuple(source.Arn, source.Arn, destination.Arn).Apply(values =>
{
var sourceArn = values.Item1;
var sourceArn1 = values.Item2;
var destinationArn = values.Item3;
return @$"{{
""Version"": ""2012-10-17"",
""Statement"": [
{{
""Action"": [
""s3:GetReplicationConfiguration"",
""s3:ListBucket""
],
""Effect"": ""Allow"",
""Resource"": [
""{sourceArn}""
]
}},
{{
""Action"": [
""s3:GetObjectVersionForReplication"",
""s3:GetObjectVersionAcl"",
""s3:GetObjectVersionTagging""
],
""Effect"": ""Allow"",
""Resource"": [
""{sourceArn1}/*""
]
}},
{{
""Action"": [
""s3:ReplicateObject"",
""s3:ReplicateDelete"",
""s3:ReplicateTags""
],
""Effect"": ""Allow"",
""Resource"": ""{destinationArn}/*""
}}
]
}}
";
}),
});
var replicationRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment("replicationRolePolicyAttachment", new()
{
Role = replicationRole.Name,
PolicyArn = replicationPolicy.Arn,
});
});
package main
import (
"fmt"
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws"
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/iam"
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/s3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := aws.NewProvider(ctx, "central", &aws.ProviderArgs{
Region: pulumi.String("eu-central-1"),
})
if err != nil {
return err
}
replicationRole, err := iam.NewRole(ctx, "replicationRole", &iam.RoleArgs{
AssumeRolePolicy: pulumi.Any("{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"s3.amazonaws.com\"\n },\n \"Effect\": \"Allow\",\n \"Sid\": \"\"\n }\n ]\n}\n"),
})
if err != nil {
return err
}
destination, err := s3.NewBucket(ctx, "destination", &s3.BucketArgs{
Versioning: &s3.BucketVersioningArgs{
Enabled: pulumi.Bool(true),
},
})
if err != nil {
return err
}
source, err := s3.NewBucket(ctx, "source", &s3.BucketArgs{
Acl: pulumi.String("private"),
Versioning: &s3.BucketVersioningArgs{
Enabled: pulumi.Bool(true),
},
ReplicationConfiguration: &s3.BucketReplicationConfigurationArgs{
Role: replicationRole.Arn,
Rules: s3.BucketReplicationConfigurationRuleArray{
&s3.BucketReplicationConfigurationRuleArgs{
Id: pulumi.String("foobar"),
Status: pulumi.String("Enabled"),
Filter: &s3.BucketReplicationConfigurationRuleFilterArgs{
Tags: nil,
},
Destination: &s3.BucketReplicationConfigurationRuleDestinationArgs{
Bucket: destination.Arn,
StorageClass: pulumi.String("STANDARD"),
ReplicationTime: &s3.BucketReplicationConfigurationRuleDestinationReplicationTimeArgs{
Status: pulumi.String("Enabled"),
Minutes: pulumi.Int(15),
},
Metrics: &s3.BucketReplicationConfigurationRuleDestinationMetricsArgs{
Status: pulumi.String("Enabled"),
Minutes: pulumi.Int(15),
},
},
},
},
},
}, pulumi.Provider(aws.Central))
if err != nil {
return err
}
replicationPolicy, err := iam.NewPolicy(ctx, "replicationPolicy", &iam.PolicyArgs{
Policy: pulumi.All(source.Arn, source.Arn, destination.Arn).ApplyT(func(_args []interface{}) (string, error) {
sourceArn := _args[0].(string)
sourceArn1 := _args[1].(string)
destinationArn := _args[2].(string)
return fmt.Sprintf(`{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:GetReplicationConfiguration",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": [
"%v"
]
},
{
"Action": [
"s3:GetObjectVersionForReplication",
"s3:GetObjectVersionAcl",
"s3:GetObjectVersionTagging"
],
"Effect": "Allow",
"Resource": [
"%v/*"
]
},
{
"Action": [
"s3:ReplicateObject",
"s3:ReplicateDelete",
"s3:ReplicateTags"
],
"Effect": "Allow",
"Resource": "%v/*"
}
]
}
`, sourceArn, sourceArn1, destinationArn), nil
}).(pulumi.StringOutput),
})
if err != nil {
return err
}
_, err = iam.NewRolePolicyAttachment(ctx, "replicationRolePolicyAttachment", &iam.RolePolicyAttachmentArgs{
Role: replicationRole.Name,
PolicyArn: replicationPolicy.Arn,
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.Provider;
import com.pulumi.aws.ProviderArgs;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.aws.s3.Bucket;
import com.pulumi.aws.s3.BucketArgs;
import com.pulumi.aws.s3.inputs.BucketVersioningArgs;
import com.pulumi.aws.s3.inputs.BucketReplicationConfigurationArgs;
import com.pulumi.aws.iam.Policy;
import com.pulumi.aws.iam.PolicyArgs;
import com.pulumi.aws.iam.RolePolicyAttachment;
import com.pulumi.aws.iam.RolePolicyAttachmentArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var central = new Provider("central", ProviderArgs.builder()
.region("eu-central-1")
.build());
var replicationRole = new Role("replicationRole", RoleArgs.builder()
.assumeRolePolicy("""
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "s3.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
""")
.build());
var destination = new Bucket("destination", BucketArgs.builder()
.versioning(BucketVersioningArgs.builder()
.enabled(true)
.build())
.build());
var source = new Bucket("source", BucketArgs.builder()
.acl("private")
.versioning(BucketVersioningArgs.builder()
.enabled(true)
.build())
.replicationConfiguration(BucketReplicationConfigurationArgs.builder()
.role(replicationRole.arn())
.rules(BucketReplicationConfigurationRuleArgs.builder()
.id("foobar")
.status("Enabled")
.filter(BucketReplicationConfigurationRuleFilterArgs.builder()
.tags()
.build())
.destination(BucketReplicationConfigurationRuleDestinationArgs.builder()
.bucket(destination.arn())
.storageClass("STANDARD")
.replicationTime(BucketReplicationConfigurationRuleDestinationReplicationTimeArgs.builder()
.status("Enabled")
.minutes(15)
.build())
.metrics(BucketReplicationConfigurationRuleDestinationMetricsArgs.builder()
.status("Enabled")
.minutes(15)
.build())
.build())
.build())
.build())
.build(), CustomResourceOptions.builder()
.provider(aws.central())
.build());
var replicationPolicy = new Policy("replicationPolicy", PolicyArgs.builder()
.policy(Output.tuple(source.arn(), source.arn(), destination.arn()).applyValue(values -> {
var sourceArn = values.t1;
var sourceArn1 = values.t2;
var destinationArn = values.t3;
return """
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:GetReplicationConfiguration",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": [
"%s"
]
},
{
"Action": [
"s3:GetObjectVersionForReplication",
"s3:GetObjectVersionAcl",
"s3:GetObjectVersionTagging"
],
"Effect": "Allow",
"Resource": [
"%s/*"
]
},
{
"Action": [
"s3:ReplicateObject",
"s3:ReplicateDelete",
"s3:ReplicateTags"
],
"Effect": "Allow",
"Resource": "%s/*"
}
]
}
", sourceArn,sourceArn1,destinationArn);
}))
.build());
var replicationRolePolicyAttachment = new RolePolicyAttachment("replicationRolePolicyAttachment", RolePolicyAttachmentArgs.builder()
.role(replicationRole.name())
.policyArn(replicationPolicy.arn())
.build());
}
}
import pulumi
import pulumi_aws as aws
central = aws.Provider("central", region="eu-central-1")
replication_role = aws.iam.Role("replicationRole", assume_role_policy="""{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "s3.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
""")
destination = aws.s3.Bucket("destination", versioning=aws.s3.BucketVersioningArgs(
enabled=True,
))
source = aws.s3.Bucket("source",
acl="private",
versioning=aws.s3.BucketVersioningArgs(
enabled=True,
),
replication_configuration=aws.s3.BucketReplicationConfigurationArgs(
role=replication_role.arn,
rules=[aws.s3.BucketReplicationConfigurationRuleArgs(
id="foobar",
status="Enabled",
filter=aws.s3.BucketReplicationConfigurationRuleFilterArgs(
tags={},
),
destination=aws.s3.BucketReplicationConfigurationRuleDestinationArgs(
bucket=destination.arn,
storage_class="STANDARD",
replication_time=aws.s3.BucketReplicationConfigurationRuleDestinationReplicationTimeArgs(
status="Enabled",
minutes=15,
),
metrics=aws.s3.BucketReplicationConfigurationRuleDestinationMetricsArgs(
status="Enabled",
minutes=15,
),
),
)],
),
opts=pulumi.ResourceOptions(provider=aws["central"]))
replication_policy = aws.iam.Policy("replicationPolicy", policy=pulumi.Output.all(source.arn, source.arn, destination.arn).apply(lambda sourceArn, sourceArn1, destinationArn: f"""{{
"Version": "2012-10-17",
"Statement": [
{{
"Action": [
"s3:GetReplicationConfiguration",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": [
"{source_arn}"
]
}},
{{
"Action": [
"s3:GetObjectVersionForReplication",
"s3:GetObjectVersionAcl",
"s3:GetObjectVersionTagging"
],
"Effect": "Allow",
"Resource": [
"{source_arn1}/*"
]
}},
{{
"Action": [
"s3:ReplicateObject",
"s3:ReplicateDelete",
"s3:ReplicateTags"
],
"Effect": "Allow",
"Resource": "{destination_arn}/*"
}}
]
}}
"""))
replication_role_policy_attachment = aws.iam.RolePolicyAttachment("replicationRolePolicyAttachment",
role=replication_role.name,
policy_arn=replication_policy.arn)
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const central = new aws.Provider("central", {region: "eu-central-1"});
const replicationRole = new aws.iam.Role("replicationRole", {assumeRolePolicy: `{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "s3.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
`});
const destination = new aws.s3.Bucket("destination", {versioning: {
enabled: true,
}});
const source = new aws.s3.Bucket("source", {
acl: "private",
versioning: {
enabled: true,
},
replicationConfiguration: {
role: replicationRole.arn,
rules: [{
id: "foobar",
status: "Enabled",
filter: {
tags: {},
},
destination: {
bucket: destination.arn,
storageClass: "STANDARD",
replicationTime: {
status: "Enabled",
minutes: 15,
},
metrics: {
status: "Enabled",
minutes: 15,
},
},
}],
},
}, {
provider: aws.central,
});
const replicationPolicy = new aws.iam.Policy("replicationPolicy", {policy: pulumi.interpolate`{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:GetReplicationConfiguration",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": [
"${source.arn}"
]
},
{
"Action": [
"s3:GetObjectVersionForReplication",
"s3:GetObjectVersionAcl",
"s3:GetObjectVersionTagging"
],
"Effect": "Allow",
"Resource": [
"${source.arn}/*"
]
},
{
"Action": [
"s3:ReplicateObject",
"s3:ReplicateDelete",
"s3:ReplicateTags"
],
"Effect": "Allow",
"Resource": "${destination.arn}/*"
}
]
}
`});
const replicationRolePolicyAttachment = new aws.iam.RolePolicyAttachment("replicationRolePolicyAttachment", {
role: replicationRole.name,
policyArn: replicationPolicy.arn,
});
resources:
central:
type: pulumi:providers:aws
properties:
region: eu-central-1
replicationRole:
type: aws:iam:Role
properties:
assumeRolePolicy: |
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "s3.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
replicationPolicy:
type: aws:iam:Policy
properties:
policy: |
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:GetReplicationConfiguration",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": [
"${source.arn}"
]
},
{
"Action": [
"s3:GetObjectVersionForReplication",
"s3:GetObjectVersionAcl",
"s3:GetObjectVersionTagging"
],
"Effect": "Allow",
"Resource": [
"${source.arn}/*"
]
},
{
"Action": [
"s3:ReplicateObject",
"s3:ReplicateDelete",
"s3:ReplicateTags"
],
"Effect": "Allow",
"Resource": "${destination.arn}/*"
}
]
}
replicationRolePolicyAttachment:
type: aws:iam:RolePolicyAttachment
properties:
role: ${replicationRole.name}
policyArn: ${replicationPolicy.arn}
destination:
type: aws:s3:Bucket
properties:
versioning:
enabled: true
source:
type: aws:s3:Bucket
properties:
acl: private
versioning:
enabled: true
replicationConfiguration:
role: ${replicationRole.arn}
rules:
- id: foobar
status: Enabled
filter:
tags: {}
destination:
bucket: ${destination.arn}
storageClass: STANDARD
replicationTime:
status: Enabled
minutes: 15
metrics:
status: Enabled
minutes: 15
options:
provider: ${aws.central}
Enable Default Server Side Encryption
using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var mykey = new Aws.Kms.Key("mykey", new()
{
Description = "This key is used to encrypt bucket objects",
DeletionWindowInDays = 10,
});
var mybucket = new Aws.S3.Bucket("mybucket", new()
{
ServerSideEncryptionConfiguration = new Aws.S3.Inputs.BucketServerSideEncryptionConfigurationArgs
{
Rule = new Aws.S3.Inputs.BucketServerSideEncryptionConfigurationRuleArgs
{
ApplyServerSideEncryptionByDefault = new Aws.S3.Inputs.BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefaultArgs
{
KmsMasterKeyId = mykey.Arn,
SseAlgorithm = "aws:kms",
},
},
},
});
});
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/kms"
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/s3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
mykey, err := kms.NewKey(ctx, "mykey", &kms.KeyArgs{
Description: pulumi.String("This key is used to encrypt bucket objects"),
DeletionWindowInDays: pulumi.Int(10),
})
if err != nil {
return err
}
_, err = s3.NewBucket(ctx, "mybucket", &s3.BucketArgs{
ServerSideEncryptionConfiguration: &s3.BucketServerSideEncryptionConfigurationArgs{
Rule: &s3.BucketServerSideEncryptionConfigurationRuleArgs{
ApplyServerSideEncryptionByDefault: &s3.BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefaultArgs{
KmsMasterKeyId: mykey.Arn,
SseAlgorithm: pulumi.String("aws:kms"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.kms.Key;
import com.pulumi.aws.kms.KeyArgs;
import com.pulumi.aws.s3.Bucket;
import com.pulumi.aws.s3.BucketArgs;
import com.pulumi.aws.s3.inputs.BucketServerSideEncryptionConfigurationArgs;
import com.pulumi.aws.s3.inputs.BucketServerSideEncryptionConfigurationRuleArgs;
import com.pulumi.aws.s3.inputs.BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefaultArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var mykey = new Key("mykey", KeyArgs.builder()
.description("This key is used to encrypt bucket objects")
.deletionWindowInDays(10)
.build());
var mybucket = new Bucket("mybucket", BucketArgs.builder()
.serverSideEncryptionConfiguration(BucketServerSideEncryptionConfigurationArgs.builder()
.rule(BucketServerSideEncryptionConfigurationRuleArgs.builder()
.applyServerSideEncryptionByDefault(BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefaultArgs.builder()
.kmsMasterKeyId(mykey.arn())
.sseAlgorithm("aws:kms")
.build())
.build())
.build())
.build());
}
}
import pulumi
import pulumi_aws as aws
mykey = aws.kms.Key("mykey",
description="This key is used to encrypt bucket objects",
deletion_window_in_days=10)
mybucket = aws.s3.Bucket("mybucket", server_side_encryption_configuration=aws.s3.BucketServerSideEncryptionConfigurationArgs(
rule=aws.s3.BucketServerSideEncryptionConfigurationRuleArgs(
apply_server_side_encryption_by_default=aws.s3.BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefaultArgs(
kms_master_key_id=mykey.arn,
sse_algorithm="aws:kms",
),
),
))
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const mykey = new aws.kms.Key("mykey", {
description: "This key is used to encrypt bucket objects",
deletionWindowInDays: 10,
});
const mybucket = new aws.s3.Bucket("mybucket", {serverSideEncryptionConfiguration: {
rule: {
applyServerSideEncryptionByDefault: {
kmsMasterKeyId: mykey.arn,
sseAlgorithm: "aws:kms",
},
},
}});
resources:
mykey:
type: aws:kms:Key
properties:
description: This key is used to encrypt bucket objects
deletionWindowInDays: 10
mybucket:
type: aws:s3:Bucket
properties:
serverSideEncryptionConfiguration:
rule:
applyServerSideEncryptionByDefault:
kmsMasterKeyId: ${mykey.arn}
sseAlgorithm: aws:kms
Using ACL policy grants
using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var currentUser = Aws.S3.GetCanonicalUserId.Invoke();
var bucket = new Aws.S3.Bucket("bucket", new()
{
Grants = new[]
{
new Aws.S3.Inputs.BucketGrantArgs
{
Id = currentUser.Apply(getCanonicalUserIdResult => getCanonicalUserIdResult.Id),
Type = "CanonicalUser",
Permissions = new[]
{
"FULL_CONTROL",
},
},
new Aws.S3.Inputs.BucketGrantArgs
{
Type = "Group",
Permissions = new[]
{
"READ_ACP",
"WRITE",
},
Uri = "http://acs.amazonaws.com/groups/s3/LogDelivery",
},
},
});
});
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/s3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
currentUser, err := s3.GetCanonicalUserId(ctx, nil, nil)
if err != nil {
return err
}
_, err = s3.NewBucket(ctx, "bucket", &s3.BucketArgs{
Grants: s3.BucketGrantArray{
&s3.BucketGrantArgs{
Id: *pulumi.String(currentUser.Id),
Type: pulumi.String("CanonicalUser"),
Permissions: pulumi.StringArray{
pulumi.String("FULL_CONTROL"),
},
},
&s3.BucketGrantArgs{
Type: pulumi.String("Group"),
Permissions: pulumi.StringArray{
pulumi.String("READ_ACP"),
pulumi.String("WRITE"),
},
Uri: pulumi.String("http://acs.amazonaws.com/groups/s3/LogDelivery"),
},
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.S3Functions;
import com.pulumi.aws.s3.Bucket;
import com.pulumi.aws.s3.BucketArgs;
import com.pulumi.aws.s3.inputs.BucketGrantArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var currentUser = S3Functions.getCanonicalUserId();
var bucket = new Bucket("bucket", BucketArgs.builder()
.grants(
BucketGrantArgs.builder()
.id(currentUser.applyValue(getCanonicalUserIdResult -> getCanonicalUserIdResult.id()))
.type("CanonicalUser")
.permissions("FULL_CONTROL")
.build(),
BucketGrantArgs.builder()
.type("Group")
.permissions(
"READ_ACP",
"WRITE")
.uri("http://acs.amazonaws.com/groups/s3/LogDelivery")
.build())
.build());
}
}
import pulumi
import pulumi_aws as aws
current_user = aws.s3.get_canonical_user_id()
bucket = aws.s3.Bucket("bucket", grants=[
aws.s3.BucketGrantArgs(
id=current_user.id,
type="CanonicalUser",
permissions=["FULL_CONTROL"],
),
aws.s3.BucketGrantArgs(
type="Group",
permissions=[
"READ_ACP",
"WRITE",
],
uri="http://acs.amazonaws.com/groups/s3/LogDelivery",
),
])
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const currentUser = aws.s3.getCanonicalUserId({});
const bucket = new aws.s3.Bucket("bucket", {grants: [
{
id: currentUser.then(currentUser => currentUser.id),
type: "CanonicalUser",
permissions: ["FULL_CONTROL"],
},
{
type: "Group",
permissions: [
"READ_ACP",
"WRITE",
],
uri: "http://acs.amazonaws.com/groups/s3/LogDelivery",
},
]});
resources:
bucket:
type: aws:s3:Bucket
properties:
grants:
- id: ${currentUser.id}
type: CanonicalUser
permissions:
- FULL_CONTROL
- type: Group
permissions:
- READ_ACP
- WRITE
uri: http://acs.amazonaws.com/groups/s3/LogDelivery
variables:
currentUser:
fn::invoke:
Function: aws:s3:getCanonicalUserId
Arguments: {}
Create Bucket Resource
new Bucket(name: string, args?: BucketArgs, opts?: CustomResourceOptions);@overload
def Bucket(resource_name: str,
opts: Optional[ResourceOptions] = None,
acceleration_status: Optional[str] = None,
acl: Optional[Union[str, CannedAcl]] = None,
arn: Optional[str] = None,
bucket: Optional[str] = None,
bucket_prefix: Optional[str] = None,
cors_rules: Optional[Sequence[BucketCorsRuleArgs]] = None,
force_destroy: Optional[bool] = None,
grants: Optional[Sequence[BucketGrantArgs]] = None,
hosted_zone_id: Optional[str] = None,
lifecycle_rules: Optional[Sequence[BucketLifecycleRuleArgs]] = None,
loggings: Optional[Sequence[BucketLoggingArgs]] = None,
object_lock_configuration: Optional[BucketObjectLockConfigurationArgs] = None,
policy: Optional[str] = None,
replication_configuration: Optional[BucketReplicationConfigurationArgs] = None,
request_payer: Optional[str] = None,
server_side_encryption_configuration: Optional[BucketServerSideEncryptionConfigurationArgs] = None,
tags: Optional[Mapping[str, str]] = None,
versioning: Optional[BucketVersioningArgs] = None,
website: Optional[BucketWebsiteArgs] = None,
website_domain: Optional[str] = None,
website_endpoint: Optional[str] = None)
@overload
def Bucket(resource_name: str,
args: Optional[BucketArgs] = None,
opts: Optional[ResourceOptions] = None)func NewBucket(ctx *Context, name string, args *BucketArgs, opts ...ResourceOption) (*Bucket, error)public Bucket(string name, BucketArgs? args = null, CustomResourceOptions? opts = null)
public Bucket(String name, BucketArgs args)
public Bucket(String name, BucketArgs args, CustomResourceOptions options)
type: aws:s3:Bucket
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args BucketArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args BucketArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args BucketArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args BucketArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args BucketArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Bucket Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The Bucket resource accepts the following input properties:
- Acceleration
Status string Sets the accelerate configuration of an existing bucket. Can be
EnabledorSuspended.- Acl
string | Pulumi.
Aws. S3. Canned Acl The canned ACL to apply. Valid values are
private,public-read,public-read-write,aws-exec-read,authenticated-read, andlog-delivery-write. Defaults toprivate. Conflicts withgrant.- Arn string
The ARN of the bucket. Will be of format
arn:aws:s3:::bucketname.- Bucket
Name string The name of the bucket. If omitted, this provider will assign a random, unique name. Must be lowercase and less than or equal to 63 characters in length. A full list of bucket naming rules may be found here.
- Bucket
Prefix string Creates a unique bucket name beginning with the specified prefix. Conflicts with
bucket. Must be lowercase and less than or equal to 37 characters in length. A full list of bucket naming rules may be found here.- Cors
Rules List<BucketCors Rule Args> A rule of Cross-Origin Resource Sharing (documented below).
- Force
Destroy bool A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.
- Grants
List<Bucket
Grant Args> An ACL policy grant (documented below). Conflicts with
acl.- Hosted
Zone stringId The Route 53 Hosted Zone ID for this bucket's region.
- Lifecycle
Rules List<BucketLifecycle Rule Args> A configuration of object lifecycle management (documented below).
- Loggings
List<Bucket
Logging Args> A settings of bucket logging (documented below).
- Object
Lock BucketConfiguration Object Lock Configuration Args A configuration of S3 object locking (documented below)
- Policy string | string
A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), this provider may view the policy as constantly changing in a
pulumi preview. In this case, please make sure you use the verbose/specific version of the policy.- Replication
Configuration BucketReplication Configuration Args A configuration of replication configuration (documented below).
- Request
Payer string Specifies who should bear the cost of Amazon S3 data transfer. Can be either
BucketOwnerorRequester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information.- Server
Side BucketEncryption Configuration Server Side Encryption Configuration Args A configuration of server-side encryption configuration (documented below)
- Dictionary<string, string>
A map of tags to assign to the bucket. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.- Versioning
Bucket
Versioning Args A state of versioning (documented below)
- Website
Bucket
Website Args A website object (documented below).
- Website
Domain string The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.
- Website
Endpoint string The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.
- Acceleration
Status string Sets the accelerate configuration of an existing bucket. Can be
EnabledorSuspended.- Acl
string | Canned
Acl The canned ACL to apply. Valid values are
private,public-read,public-read-write,aws-exec-read,authenticated-read, andlog-delivery-write. Defaults toprivate. Conflicts withgrant.- Arn string
The ARN of the bucket. Will be of format
arn:aws:s3:::bucketname.- Bucket string
The name of the bucket. If omitted, this provider will assign a random, unique name. Must be lowercase and less than or equal to 63 characters in length. A full list of bucket naming rules may be found here.
- Bucket
Prefix string Creates a unique bucket name beginning with the specified prefix. Conflicts with
bucket. Must be lowercase and less than or equal to 37 characters in length. A full list of bucket naming rules may be found here.- Cors
Rules []BucketCors Rule Args A rule of Cross-Origin Resource Sharing (documented below).
- Force
Destroy bool A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.
- Grants
[]Bucket
Grant Args An ACL policy grant (documented below). Conflicts with
acl.- Hosted
Zone stringId The Route 53 Hosted Zone ID for this bucket's region.
- Lifecycle
Rules []BucketLifecycle Rule Args A configuration of object lifecycle management (documented below).
- Loggings
[]Bucket
Logging Args A settings of bucket logging (documented below).
- Object
Lock BucketConfiguration Object Lock Configuration Args A configuration of S3 object locking (documented below)
- Policy string | string
A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), this provider may view the policy as constantly changing in a
pulumi preview. In this case, please make sure you use the verbose/specific version of the policy.- Replication
Configuration BucketReplication Configuration Args A configuration of replication configuration (documented below).
- Request
Payer string Specifies who should bear the cost of Amazon S3 data transfer. Can be either
BucketOwnerorRequester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information.- Server
Side BucketEncryption Configuration Server Side Encryption Configuration Args A configuration of server-side encryption configuration (documented below)
- map[string]string
A map of tags to assign to the bucket. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.- Versioning
Bucket
Versioning Args A state of versioning (documented below)
- Website
Bucket
Website Args A website object (documented below).
- Website
Domain string The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.
- Website
Endpoint string The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.
- acceleration
Status String Sets the accelerate configuration of an existing bucket. Can be
EnabledorSuspended.- acl
String | Canned
Acl The canned ACL to apply. Valid values are
private,public-read,public-read-write,aws-exec-read,authenticated-read, andlog-delivery-write. Defaults toprivate. Conflicts withgrant.- arn String
The ARN of the bucket. Will be of format
arn:aws:s3:::bucketname.- bucket String
The name of the bucket. If omitted, this provider will assign a random, unique name. Must be lowercase and less than or equal to 63 characters in length. A full list of bucket naming rules may be found here.
- bucket
Prefix String Creates a unique bucket name beginning with the specified prefix. Conflicts with
bucket. Must be lowercase and less than or equal to 37 characters in length. A full list of bucket naming rules may be found here.- cors
Rules List<BucketCors Rule Args> A rule of Cross-Origin Resource Sharing (documented below).
- force
Destroy Boolean A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.
- grants
List<Bucket
Grant Args> An ACL policy grant (documented below). Conflicts with
acl.- hosted
Zone StringId The Route 53 Hosted Zone ID for this bucket's region.
- lifecycle
Rules List<BucketLifecycle Rule Args> A configuration of object lifecycle management (documented below).
- loggings
List<Bucket
Logging Args> A settings of bucket logging (documented below).
- object
Lock BucketConfiguration Object Lock Configuration Args A configuration of S3 object locking (documented below)
- policy String | String
A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), this provider may view the policy as constantly changing in a
pulumi preview. In this case, please make sure you use the verbose/specific version of the policy.- replication
Configuration BucketReplication Configuration Args A configuration of replication configuration (documented below).
- request
Payer String Specifies who should bear the cost of Amazon S3 data transfer. Can be either
BucketOwnerorRequester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information.- server
Side BucketEncryption Configuration Server Side Encryption Configuration Args A configuration of server-side encryption configuration (documented below)
- Map<String,String>
A map of tags to assign to the bucket. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.- versioning
Bucket
Versioning Args A state of versioning (documented below)
- website
Bucket
Website Args A website object (documented below).
- website
Domain String The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.
- website
Endpoint String The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.
- acceleration
Status string Sets the accelerate configuration of an existing bucket. Can be
EnabledorSuspended.- acl
string | Canned
Acl The canned ACL to apply. Valid values are
private,public-read,public-read-write,aws-exec-read,authenticated-read, andlog-delivery-write. Defaults toprivate. Conflicts withgrant.- arn string
The ARN of the bucket. Will be of format
arn:aws:s3:::bucketname.- bucket string
The name of the bucket. If omitted, this provider will assign a random, unique name. Must be lowercase and less than or equal to 63 characters in length. A full list of bucket naming rules may be found here.
- bucket
Prefix string Creates a unique bucket name beginning with the specified prefix. Conflicts with
bucket. Must be lowercase and less than or equal to 37 characters in length. A full list of bucket naming rules may be found here.- cors
Rules BucketCors Rule Args[] A rule of Cross-Origin Resource Sharing (documented below).
- force
Destroy boolean A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.
- grants
Bucket
Grant Args[] An ACL policy grant (documented below). Conflicts with
acl.- hosted
Zone stringId The Route 53 Hosted Zone ID for this bucket's region.
- lifecycle
Rules BucketLifecycle Rule Args[] A configuration of object lifecycle management (documented below).
- loggings
Bucket
Logging Args[] A settings of bucket logging (documented below).
- object
Lock BucketConfiguration Object Lock Configuration Args A configuration of S3 object locking (documented below)
- policy
string | Policy
Document A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), this provider may view the policy as constantly changing in a
pulumi preview. In this case, please make sure you use the verbose/specific version of the policy.- replication
Configuration BucketReplication Configuration Args A configuration of replication configuration (documented below).
- request
Payer string Specifies who should bear the cost of Amazon S3 data transfer. Can be either
BucketOwnerorRequester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information.- server
Side BucketEncryption Configuration Server Side Encryption Configuration Args A configuration of server-side encryption configuration (documented below)
- {[key: string]: string}
A map of tags to assign to the bucket. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.- versioning
Bucket
Versioning Args A state of versioning (documented below)
- website
Bucket
Website Args A website object (documented below).
- website
Domain string The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.
- website
Endpoint string The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.
- acceleration_
status str Sets the accelerate configuration of an existing bucket. Can be
EnabledorSuspended.- acl
str | Canned
Acl The canned ACL to apply. Valid values are
private,public-read,public-read-write,aws-exec-read,authenticated-read, andlog-delivery-write. Defaults toprivate. Conflicts withgrant.- arn str
The ARN of the bucket. Will be of format
arn:aws:s3:::bucketname.- bucket str
The name of the bucket. If omitted, this provider will assign a random, unique name. Must be lowercase and less than or equal to 63 characters in length. A full list of bucket naming rules may be found here.
- bucket_
prefix str Creates a unique bucket name beginning with the specified prefix. Conflicts with
bucket. Must be lowercase and less than or equal to 37 characters in length. A full list of bucket naming rules may be found here.- cors_
rules Sequence[BucketCors Rule Args] A rule of Cross-Origin Resource Sharing (documented below).
- force_
destroy bool A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.
- grants
Sequence[Bucket
Grant Args] An ACL policy grant (documented below). Conflicts with
acl.- hosted_
zone_ strid The Route 53 Hosted Zone ID for this bucket's region.
- lifecycle_
rules Sequence[BucketLifecycle Rule Args] A configuration of object lifecycle management (documented below).
- loggings
Sequence[Bucket
Logging Args] A settings of bucket logging (documented below).
- object_
lock_ Bucketconfiguration Object Lock Configuration Args A configuration of S3 object locking (documented below)
- policy str | str
A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), this provider may view the policy as constantly changing in a
pulumi preview. In this case, please make sure you use the verbose/specific version of the policy.- replication_
configuration BucketReplication Configuration Args A configuration of replication configuration (documented below).
- request_
payer str Specifies who should bear the cost of Amazon S3 data transfer. Can be either
BucketOwnerorRequester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information.- server_
side_ Bucketencryption_ configuration Server Side Encryption Configuration Args A configuration of server-side encryption configuration (documented below)
- Mapping[str, str]
A map of tags to assign to the bucket. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.- versioning
Bucket
Versioning Args A state of versioning (documented below)
- website
Bucket
Website Args A website object (documented below).
- website_
domain str The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.
- website_
endpoint str The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.
- acceleration
Status String Sets the accelerate configuration of an existing bucket. Can be
EnabledorSuspended.- acl String | "private" | "public-read" | "public-read-write" | "aws-exec-read" | "authenticated-read" | "bucket-owner-read" | "bucket-owner-full-control" | "log-delivery-write"
The canned ACL to apply. Valid values are
private,public-read,public-read-write,aws-exec-read,authenticated-read, andlog-delivery-write. Defaults toprivate. Conflicts withgrant.- arn String
The ARN of the bucket. Will be of format
arn:aws:s3:::bucketname.- bucket String
The name of the bucket. If omitted, this provider will assign a random, unique name. Must be lowercase and less than or equal to 63 characters in length. A full list of bucket naming rules may be found here.
- bucket
Prefix String Creates a unique bucket name beginning with the specified prefix. Conflicts with
bucket. Must be lowercase and less than or equal to 37 characters in length. A full list of bucket naming rules may be found here.- cors
Rules List<Property Map> A rule of Cross-Origin Resource Sharing (documented below).
- force
Destroy Boolean A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.
- grants List<Property Map>
An ACL policy grant (documented below). Conflicts with
acl.- hosted
Zone StringId The Route 53 Hosted Zone ID for this bucket's region.
- lifecycle
Rules List<Property Map> A configuration of object lifecycle management (documented below).
- loggings List<Property Map>
A settings of bucket logging (documented below).
- object
Lock Property MapConfiguration A configuration of S3 object locking (documented below)
- policy String |
A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), this provider may view the policy as constantly changing in a
pulumi preview. In this case, please make sure you use the verbose/specific version of the policy.- replication
Configuration Property Map A configuration of replication configuration (documented below).
- request
Payer String Specifies who should bear the cost of Amazon S3 data transfer. Can be either
BucketOwnerorRequester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information.- server
Side Property MapEncryption Configuration A configuration of server-side encryption configuration (documented below)
- Map<String>
A map of tags to assign to the bucket. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.- versioning Property Map
A state of versioning (documented below)
- website Property Map
A website object (documented below).
- website
Domain String The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.
- website
Endpoint String The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.
Outputs
All input properties are implicitly available as output properties. Additionally, the Bucket resource produces the following output properties:
- Bucket
Domain stringName The bucket domain name. Will be of format
bucketname.s3.amazonaws.com.- Bucket
Regional stringDomain Name The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.
- Id string
The provider-assigned unique ID for this managed resource.
- Region string
The AWS region this bucket resides in.
- Dictionary<string, string>
A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- Bucket
Domain stringName The bucket domain name. Will be of format
bucketname.s3.amazonaws.com.- Bucket
Regional stringDomain Name The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.
- Id string
The provider-assigned unique ID for this managed resource.
- Region string
The AWS region this bucket resides in.
- map[string]string
A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- bucket
Domain StringName The bucket domain name. Will be of format
bucketname.s3.amazonaws.com.- bucket
Regional StringDomain Name The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.
- id String
The provider-assigned unique ID for this managed resource.
- region String
The AWS region this bucket resides in.
- Map<String,String>
A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- bucket
Domain stringName The bucket domain name. Will be of format
bucketname.s3.amazonaws.com.- bucket
Regional stringDomain Name The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.
- id string
The provider-assigned unique ID for this managed resource.
- region string
The AWS region this bucket resides in.
- {[key: string]: string}
A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- bucket_
domain_ strname The bucket domain name. Will be of format
bucketname.s3.amazonaws.com.- bucket_
regional_ strdomain_ name The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.
- id str
The provider-assigned unique ID for this managed resource.
- region str
The AWS region this bucket resides in.
- Mapping[str, str]
A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- bucket
Domain StringName The bucket domain name. Will be of format
bucketname.s3.amazonaws.com.- bucket
Regional StringDomain Name The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.
- id String
The provider-assigned unique ID for this managed resource.
- region String
The AWS region this bucket resides in.
- Map<String>
A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
Look up Existing Bucket Resource
Get an existing Bucket resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: BucketState, opts?: CustomResourceOptions): Bucket@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
acceleration_status: Optional[str] = None,
acl: Optional[Union[str, CannedAcl]] = None,
arn: Optional[str] = None,
bucket: Optional[str] = None,
bucket_domain_name: Optional[str] = None,
bucket_prefix: Optional[str] = None,
bucket_regional_domain_name: Optional[str] = None,
cors_rules: Optional[Sequence[BucketCorsRuleArgs]] = None,
force_destroy: Optional[bool] = None,
grants: Optional[Sequence[BucketGrantArgs]] = None,
hosted_zone_id: Optional[str] = None,
lifecycle_rules: Optional[Sequence[BucketLifecycleRuleArgs]] = None,
loggings: Optional[Sequence[BucketLoggingArgs]] = None,
object_lock_configuration: Optional[BucketObjectLockConfigurationArgs] = None,
policy: Optional[str] = None,
region: Optional[str] = None,
replication_configuration: Optional[BucketReplicationConfigurationArgs] = None,
request_payer: Optional[str] = None,
server_side_encryption_configuration: Optional[BucketServerSideEncryptionConfigurationArgs] = None,
tags: Optional[Mapping[str, str]] = None,
tags_all: Optional[Mapping[str, str]] = None,
versioning: Optional[BucketVersioningArgs] = None,
website: Optional[BucketWebsiteArgs] = None,
website_domain: Optional[str] = None,
website_endpoint: Optional[str] = None) -> Bucketfunc GetBucket(ctx *Context, name string, id IDInput, state *BucketState, opts ...ResourceOption) (*Bucket, error)public static Bucket Get(string name, Input<string> id, BucketState? state, CustomResourceOptions? opts = null)public static Bucket get(String name, Output<String> id, BucketState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Acceleration
Status string Sets the accelerate configuration of an existing bucket. Can be
EnabledorSuspended.- Acl
string | Pulumi.
Aws. S3. Canned Acl The canned ACL to apply. Valid values are
private,public-read,public-read-write,aws-exec-read,authenticated-read, andlog-delivery-write. Defaults toprivate. Conflicts withgrant.- Arn string
The ARN of the bucket. Will be of format
arn:aws:s3:::bucketname.- Bucket
Domain stringName The bucket domain name. Will be of format
bucketname.s3.amazonaws.com.- Bucket
Name string The name of the bucket. If omitted, this provider will assign a random, unique name. Must be lowercase and less than or equal to 63 characters in length. A full list of bucket naming rules may be found here.
- Bucket
Prefix string Creates a unique bucket name beginning with the specified prefix. Conflicts with
bucket. Must be lowercase and less than or equal to 37 characters in length. A full list of bucket naming rules may be found here.- Bucket
Regional stringDomain Name The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.
- Cors
Rules List<BucketCors Rule Args> A rule of Cross-Origin Resource Sharing (documented below).
- Force
Destroy bool A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.
- Grants
List<Bucket
Grant Args> An ACL policy grant (documented below). Conflicts with
acl.- Hosted
Zone stringId The Route 53 Hosted Zone ID for this bucket's region.
- Lifecycle
Rules List<BucketLifecycle Rule Args> A configuration of object lifecycle management (documented below).
- Loggings
List<Bucket
Logging Args> A settings of bucket logging (documented below).
- Object
Lock BucketConfiguration Object Lock Configuration Args A configuration of S3 object locking (documented below)
- Policy string | string
A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), this provider may view the policy as constantly changing in a
pulumi preview. In this case, please make sure you use the verbose/specific version of the policy.- Region string
The AWS region this bucket resides in.
- Replication
Configuration BucketReplication Configuration Args A configuration of replication configuration (documented below).
- Request
Payer string Specifies who should bear the cost of Amazon S3 data transfer. Can be either
BucketOwnerorRequester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information.- Server
Side BucketEncryption Configuration Server Side Encryption Configuration Args A configuration of server-side encryption configuration (documented below)
- Dictionary<string, string>
A map of tags to assign to the bucket. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.- Dictionary<string, string>
A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.- Versioning
Bucket
Versioning Args A state of versioning (documented below)
- Website
Bucket
Website Args A website object (documented below).
- Website
Domain string The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.
- Website
Endpoint string The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.
- Acceleration
Status string Sets the accelerate configuration of an existing bucket. Can be
EnabledorSuspended.- Acl
string | Canned
Acl The canned ACL to apply. Valid values are
private,public-read,public-read-write,aws-exec-read,authenticated-read, andlog-delivery-write. Defaults toprivate. Conflicts withgrant.- Arn string
The ARN of the bucket. Will be of format
arn:aws:s3:::bucketname.- Bucket string
The name of the bucket. If omitted, this provider will assign a random, unique name. Must be lowercase and less than or equal to 63 characters in length. A full list of bucket naming rules may be found here.
- Bucket
Domain stringName The bucket domain name. Will be of format
bucketname.s3.amazonaws.com.- Bucket
Prefix string Creates a unique bucket name beginning with the specified prefix. Conflicts with
bucket. Must be lowercase and less than or equal to 37 characters in length. A full list of bucket naming rules may be found here.- Bucket
Regional stringDomain Name The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.
- Cors
Rules []BucketCors Rule Args A rule of Cross-Origin Resource Sharing (documented below).
- Force
Destroy bool A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.
- Grants
[]Bucket
Grant Args An ACL policy grant (documented below). Conflicts with
acl.- Hosted
Zone stringId The Route 53 Hosted Zone ID for this bucket's region.
- Lifecycle
Rules []BucketLifecycle Rule Args A configuration of object lifecycle management (documented below).
- Loggings
[]Bucket
Logging Args A settings of bucket logging (documented below).
- Object
Lock BucketConfiguration Object Lock Configuration Args A configuration of S3 object locking (documented below)
- Policy string | string
A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), this provider may view the policy as constantly changing in a
pulumi preview. In this case, please make sure you use the verbose/specific version of the policy.- Region string
The AWS region this bucket resides in.
- Replication
Configuration BucketReplication Configuration Args A configuration of replication configuration (documented below).
- Request
Payer string Specifies who should bear the cost of Amazon S3 data transfer. Can be either
BucketOwnerorRequester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information.- Server
Side BucketEncryption Configuration Server Side Encryption Configuration Args A configuration of server-side encryption configuration (documented below)
- map[string]string
A map of tags to assign to the bucket. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.- map[string]string
A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.- Versioning
Bucket
Versioning Args A state of versioning (documented below)
- Website
Bucket
Website Args A website object (documented below).
- Website
Domain string The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.
- Website
Endpoint string The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.
- acceleration
Status String Sets the accelerate configuration of an existing bucket. Can be
EnabledorSuspended.- acl
String | Canned
Acl The canned ACL to apply. Valid values are
private,public-read,public-read-write,aws-exec-read,authenticated-read, andlog-delivery-write. Defaults toprivate. Conflicts withgrant.- arn String
The ARN of the bucket. Will be of format
arn:aws:s3:::bucketname.- bucket String
The name of the bucket. If omitted, this provider will assign a random, unique name. Must be lowercase and less than or equal to 63 characters in length. A full list of bucket naming rules may be found here.
- bucket
Domain StringName The bucket domain name. Will be of format
bucketname.s3.amazonaws.com.- bucket
Prefix String Creates a unique bucket name beginning with the specified prefix. Conflicts with
bucket. Must be lowercase and less than or equal to 37 characters in length. A full list of bucket naming rules may be found here.- bucket
Regional StringDomain Name The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.
- cors
Rules List<BucketCors Rule Args> A rule of Cross-Origin Resource Sharing (documented below).
- force
Destroy Boolean A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.
- grants
List<Bucket
Grant Args> An ACL policy grant (documented below). Conflicts with
acl.- hosted
Zone StringId The Route 53 Hosted Zone ID for this bucket's region.
- lifecycle
Rules List<BucketLifecycle Rule Args> A configuration of object lifecycle management (documented below).
- loggings
List<Bucket
Logging Args> A settings of bucket logging (documented below).
- object
Lock BucketConfiguration Object Lock Configuration Args A configuration of S3 object locking (documented below)
- policy String | String
A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), this provider may view the policy as constantly changing in a
pulumi preview. In this case, please make sure you use the verbose/specific version of the policy.- region String
The AWS region this bucket resides in.
- replication
Configuration BucketReplication Configuration Args A configuration of replication configuration (documented below).
- request
Payer String Specifies who should bear the cost of Amazon S3 data transfer. Can be either
BucketOwnerorRequester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information.- server
Side BucketEncryption Configuration Server Side Encryption Configuration Args A configuration of server-side encryption configuration (documented below)
- Map<String,String>
A map of tags to assign to the bucket. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.- Map<String,String>
A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.- versioning
Bucket
Versioning Args A state of versioning (documented below)
- website
Bucket
Website Args A website object (documented below).
- website
Domain String The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.
- website
Endpoint String The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.
- acceleration
Status string Sets the accelerate configuration of an existing bucket. Can be
EnabledorSuspended.- acl
string | Canned
Acl The canned ACL to apply. Valid values are
private,public-read,public-read-write,aws-exec-read,authenticated-read, andlog-delivery-write. Defaults toprivate. Conflicts withgrant.- arn string
The ARN of the bucket. Will be of format
arn:aws:s3:::bucketname.- bucket string
The name of the bucket. If omitted, this provider will assign a random, unique name. Must be lowercase and less than or equal to 63 characters in length. A full list of bucket naming rules may be found here.
- bucket
Domain stringName The bucket domain name. Will be of format
bucketname.s3.amazonaws.com.- bucket
Prefix string Creates a unique bucket name beginning with the specified prefix. Conflicts with
bucket. Must be lowercase and less than or equal to 37 characters in length. A full list of bucket naming rules may be found here.- bucket
Regional stringDomain Name The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.
- cors
Rules BucketCors Rule Args[] A rule of Cross-Origin Resource Sharing (documented below).
- force
Destroy boolean A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.
- grants
Bucket
Grant Args[] An ACL policy grant (documented below). Conflicts with
acl.- hosted
Zone stringId The Route 53 Hosted Zone ID for this bucket's region.
- lifecycle
Rules BucketLifecycle Rule Args[] A configuration of object lifecycle management (documented below).
- loggings
Bucket
Logging Args[] A settings of bucket logging (documented below).
- object
Lock BucketConfiguration Object Lock Configuration Args A configuration of S3 object locking (documented below)
- policy
string | Policy
Document A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), this provider may view the policy as constantly changing in a
pulumi preview. In this case, please make sure you use the verbose/specific version of the policy.- region string
The AWS region this bucket resides in.
- replication
Configuration BucketReplication Configuration Args A configuration of replication configuration (documented below).
- request
Payer string Specifies who should bear the cost of Amazon S3 data transfer. Can be either
BucketOwnerorRequester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information.- server
Side BucketEncryption Configuration Server Side Encryption Configuration Args A configuration of server-side encryption configuration (documented below)
- {[key: string]: string}
A map of tags to assign to the bucket. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.- {[key: string]: string}
A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.- versioning
Bucket
Versioning Args A state of versioning (documented below)
- website
Bucket
Website Args A website object (documented below).
- website
Domain string The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.
- website
Endpoint string The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.
- acceleration_
status str Sets the accelerate configuration of an existing bucket. Can be
EnabledorSuspended.- acl
str | Canned
Acl The canned ACL to apply. Valid values are
private,public-read,public-read-write,aws-exec-read,authenticated-read, andlog-delivery-write. Defaults toprivate. Conflicts withgrant.- arn str
The ARN of the bucket. Will be of format
arn:aws:s3:::bucketname.- bucket str
The name of the bucket. If omitted, this provider will assign a random, unique name. Must be lowercase and less than or equal to 63 characters in length. A full list of bucket naming rules may be found here.
- bucket_
domain_ strname The bucket domain name. Will be of format
bucketname.s3.amazonaws.com.- bucket_
prefix str Creates a unique bucket name beginning with the specified prefix. Conflicts with
bucket. Must be lowercase and less than or equal to 37 characters in length. A full list of bucket naming rules may be found here.- bucket_
regional_ strdomain_ name The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.
- cors_
rules Sequence[BucketCors Rule Args] A rule of Cross-Origin Resource Sharing (documented below).
- force_
destroy bool A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.
- grants
Sequence[Bucket
Grant Args] An ACL policy grant (documented below). Conflicts with
acl.- hosted_
zone_ strid The Route 53 Hosted Zone ID for this bucket's region.
- lifecycle_
rules Sequence[BucketLifecycle Rule Args] A configuration of object lifecycle management (documented below).
- loggings
Sequence[Bucket
Logging Args] A settings of bucket logging (documented below).
- object_
lock_ Bucketconfiguration Object Lock Configuration Args A configuration of S3 object locking (documented below)
- policy str | str
A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), this provider may view the policy as constantly changing in a
pulumi preview. In this case, please make sure you use the verbose/specific version of the policy.- region str
The AWS region this bucket resides in.
- replication_
configuration BucketReplication Configuration Args A configuration of replication configuration (documented below).
- request_
payer str Specifies who should bear the cost of Amazon S3 data transfer. Can be either
BucketOwnerorRequester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information.- server_
side_ Bucketencryption_ configuration Server Side Encryption Configuration Args A configuration of server-side encryption configuration (documented below)
- Mapping[str, str]
A map of tags to assign to the bucket. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.- Mapping[str, str]
A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.- versioning
Bucket
Versioning Args A state of versioning (documented below)
- website
Bucket
Website Args A website object (documented below).
- website_
domain str The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.
- website_
endpoint str The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.
- acceleration
Status String Sets the accelerate configuration of an existing bucket. Can be
EnabledorSuspended.- acl String | "private" | "public-read" | "public-read-write" | "aws-exec-read" | "authenticated-read" | "bucket-owner-read" | "bucket-owner-full-control" | "log-delivery-write"
The canned ACL to apply. Valid values are
private,public-read,public-read-write,aws-exec-read,authenticated-read, andlog-delivery-write. Defaults toprivate. Conflicts withgrant.- arn String
The ARN of the bucket. Will be of format
arn:aws:s3:::bucketname.- bucket String
The name of the bucket. If omitted, this provider will assign a random, unique name. Must be lowercase and less than or equal to 63 characters in length. A full list of bucket naming rules may be found here.
- bucket
Domain StringName The bucket domain name. Will be of format
bucketname.s3.amazonaws.com.- bucket
Prefix String Creates a unique bucket name beginning with the specified prefix. Conflicts with
bucket. Must be lowercase and less than or equal to 37 characters in length. A full list of bucket naming rules may be found here.- bucket
Regional StringDomain Name The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.
- cors
Rules List<Property Map> A rule of Cross-Origin Resource Sharing (documented below).
- force
Destroy Boolean A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.
- grants List<Property Map>
An ACL policy grant (documented below). Conflicts with
acl.- hosted
Zone StringId The Route 53 Hosted Zone ID for this bucket's region.
- lifecycle
Rules List<Property Map> A configuration of object lifecycle management (documented below).
- loggings List<Property Map>
A settings of bucket logging (documented below).
- object
Lock Property MapConfiguration A configuration of S3 object locking (documented below)
- policy String |
A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), this provider may view the policy as constantly changing in a
pulumi preview. In this case, please make sure you use the verbose/specific version of the policy.- region String
The AWS region this bucket resides in.
- replication
Configuration Property Map A configuration of replication configuration (documented below).
- request
Payer String Specifies who should bear the cost of Amazon S3 data transfer. Can be either
BucketOwnerorRequester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information.- server
Side Property MapEncryption Configuration A configuration of server-side encryption configuration (documented below)
- Map<String>
A map of tags to assign to the bucket. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.- Map<String>
A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.- versioning Property Map
A state of versioning (documented below)
- website Property Map
A website object (documented below).
- website
Domain String The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.
- website
Endpoint String The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.
Supporting Types
BucketCorsRule
- Allowed
Methods List<string> Specifies which methods are allowed. Can be
GET,PUT,POST,DELETEorHEAD.- Allowed
Origins List<string> Specifies which origins are allowed.
- Allowed
Headers List<string> Specifies which headers are allowed.
- Expose
Headers List<string> Specifies expose header in the response.
- Max
Age intSeconds Specifies time in seconds that browser can cache the response for a preflight request.
- Allowed
Methods []string Specifies which methods are allowed. Can be
GET,PUT,POST,DELETEorHEAD.- Allowed
Origins []string Specifies which origins are allowed.
- Allowed
Headers []string Specifies which headers are allowed.
- Expose
Headers []string Specifies expose header in the response.
- Max
Age intSeconds Specifies time in seconds that browser can cache the response for a preflight request.
- allowed
Methods List<String> Specifies which methods are allowed. Can be
GET,PUT,POST,DELETEorHEAD.- allowed
Origins List<String> Specifies which origins are allowed.
- allowed
Headers List<String> Specifies which headers are allowed.
- expose
Headers List<String> Specifies expose header in the response.
- max
Age IntegerSeconds Specifies time in seconds that browser can cache the response for a preflight request.
- allowed
Methods string[] Specifies which methods are allowed. Can be
GET,PUT,POST,DELETEorHEAD.- allowed
Origins string[] Specifies which origins are allowed.
- allowed
Headers string[] Specifies which headers are allowed.
- expose
Headers string[] Specifies expose header in the response.
- max
Age numberSeconds Specifies time in seconds that browser can cache the response for a preflight request.
- allowed_
methods Sequence[str] Specifies which methods are allowed. Can be
GET,PUT,POST,DELETEorHEAD.- allowed_
origins Sequence[str] Specifies which origins are allowed.
- allowed_
headers Sequence[str] Specifies which headers are allowed.
- expose_
headers Sequence[str] Specifies expose header in the response.
- max_
age_ intseconds Specifies time in seconds that browser can cache the response for a preflight request.
- allowed
Methods List<String> Specifies which methods are allowed. Can be
GET,PUT,POST,DELETEorHEAD.- allowed
Origins List<String> Specifies which origins are allowed.
- allowed
Headers List<String> Specifies which headers are allowed.
- expose
Headers List<String> Specifies expose header in the response.
- max
Age NumberSeconds Specifies time in seconds that browser can cache the response for a preflight request.
BucketGrant
- Permissions List<string>
List of permissions to apply for grantee. Valid values are
READ,WRITE,READ_ACP,WRITE_ACP,FULL_CONTROL.- Type string
Type of grantee to apply for. Valid values are
CanonicalUserandGroup.AmazonCustomerByEmailis not supported.- Id string
Canonical user id to grant for. Used only when
typeisCanonicalUser.- Uri string
Uri address to grant for. Used only when
typeisGroup.
- Permissions []string
List of permissions to apply for grantee. Valid values are
READ,WRITE,READ_ACP,WRITE_ACP,FULL_CONTROL.- Type string
Type of grantee to apply for. Valid values are
CanonicalUserandGroup.AmazonCustomerByEmailis not supported.- Id string
Canonical user id to grant for. Used only when
typeisCanonicalUser.- Uri string
Uri address to grant for. Used only when
typeisGroup.
- permissions List<String>
List of permissions to apply for grantee. Valid values are
READ,WRITE,READ_ACP,WRITE_ACP,FULL_CONTROL.- type String
Type of grantee to apply for. Valid values are
CanonicalUserandGroup.AmazonCustomerByEmailis not supported.- id String
Canonical user id to grant for. Used only when
typeisCanonicalUser.- uri String
Uri address to grant for. Used only when
typeisGroup.
- permissions string[]
List of permissions to apply for grantee. Valid values are
READ,WRITE,READ_ACP,WRITE_ACP,FULL_CONTROL.- type string
Type of grantee to apply for. Valid values are
CanonicalUserandGroup.AmazonCustomerByEmailis not supported.- id string
Canonical user id to grant for. Used only when
typeisCanonicalUser.- uri string
Uri address to grant for. Used only when
typeisGroup.
- permissions Sequence[str]
List of permissions to apply for grantee. Valid values are
READ,WRITE,READ_ACP,WRITE_ACP,FULL_CONTROL.- type str
Type of grantee to apply for. Valid values are
CanonicalUserandGroup.AmazonCustomerByEmailis not supported.- id str
Canonical user id to grant for. Used only when
typeisCanonicalUser.- uri str
Uri address to grant for. Used only when
typeisGroup.
- permissions List<String>
List of permissions to apply for grantee. Valid values are
READ,WRITE,READ_ACP,WRITE_ACP,FULL_CONTROL.- type String
Type of grantee to apply for. Valid values are
CanonicalUserandGroup.AmazonCustomerByEmailis not supported.- id String
Canonical user id to grant for. Used only when
typeisCanonicalUser.- uri String
Uri address to grant for. Used only when
typeisGroup.
BucketLifecycleRule
- Enabled bool
Specifies lifecycle rule status.
- Abort
Incomplete intMultipart Upload Days Specifies the number of days after initiating a multipart upload when the multipart upload must be completed.
- Expiration
Bucket
Lifecycle Rule Expiration Specifies a period in the object's expire (documented below).
- Id string
Unique identifier for the rule. Must be less than or equal to 255 characters in length.
- Noncurrent
Version BucketExpiration Lifecycle Rule Noncurrent Version Expiration Specifies when noncurrent object versions expire (documented below).
- Noncurrent
Version List<BucketTransitions Lifecycle Rule Noncurrent Version Transition> Specifies when noncurrent object versions transitions (documented below).
- Prefix string
Object key prefix identifying one or more objects to which the rule applies.
- Dictionary<string, string>
Specifies object tags key and value.
- Transitions
List<Bucket
Lifecycle Rule Transition> Specifies a period in the object's transitions (documented below).
- Enabled bool
Specifies lifecycle rule status.
- Abort
Incomplete intMultipart Upload Days Specifies the number of days after initiating a multipart upload when the multipart upload must be completed.
- Expiration
Bucket
Lifecycle Rule Expiration Specifies a period in the object's expire (documented below).
- Id string
Unique identifier for the rule. Must be less than or equal to 255 characters in length.
- Noncurrent
Version BucketExpiration Lifecycle Rule Noncurrent Version Expiration Specifies when noncurrent object versions expire (documented below).
- Noncurrent
Version []BucketTransitions Lifecycle Rule Noncurrent Version Transition Specifies when noncurrent object versions transitions (documented below).
- Prefix string
Object key prefix identifying one or more objects to which the rule applies.
- map[string]string
Specifies object tags key and value.
- Transitions
[]Bucket
Lifecycle Rule Transition Specifies a period in the object's transitions (documented below).
- enabled Boolean
Specifies lifecycle rule status.
- abort
Incomplete IntegerMultipart Upload Days Specifies the number of days after initiating a multipart upload when the multipart upload must be completed.
- expiration
Bucket
Lifecycle Rule Expiration Specifies a period in the object's expire (documented below).
- id String
Unique identifier for the rule. Must be less than or equal to 255 characters in length.
- noncurrent
Version BucketExpiration Lifecycle Rule Noncurrent Version Expiration Specifies when noncurrent object versions expire (documented below).
- noncurrent
Version List<BucketTransitions Lifecycle Rule Noncurrent Version Transition> Specifies when noncurrent object versions transitions (documented below).
- prefix String
Object key prefix identifying one or more objects to which the rule applies.
- Map<String,String>
Specifies object tags key and value.
- transitions
List<Bucket
Lifecycle Rule Transition> Specifies a period in the object's transitions (documented below).
- enabled boolean
Specifies lifecycle rule status.
- abort
Incomplete numberMultipart Upload Days Specifies the number of days after initiating a multipart upload when the multipart upload must be completed.
- expiration
Bucket
Lifecycle Rule Expiration Specifies a period in the object's expire (documented below).
- id string
Unique identifier for the rule. Must be less than or equal to 255 characters in length.
- noncurrent
Version BucketExpiration Lifecycle Rule Noncurrent Version Expiration Specifies when noncurrent object versions expire (documented below).
- noncurrent
Version BucketTransitions Lifecycle Rule Noncurrent Version Transition[] Specifies when noncurrent object versions transitions (documented below).
- prefix string
Object key prefix identifying one or more objects to which the rule applies.
- {[key: string]: string}
Specifies object tags key and value.
- transitions
Bucket
Lifecycle Rule Transition[] Specifies a period in the object's transitions (documented below).
- enabled bool
Specifies lifecycle rule status.
- abort_
incomplete_ intmultipart_ upload_ days Specifies the number of days after initiating a multipart upload when the multipart upload must be completed.
- expiration
Bucket
Lifecycle Rule Expiration Specifies a period in the object's expire (documented below).
- id str
Unique identifier for the rule. Must be less than or equal to 255 characters in length.
- noncurrent_
version_ Bucketexpiration Lifecycle Rule Noncurrent Version Expiration Specifies when noncurrent object versions expire (documented below).
- noncurrent_
version_ Sequence[Buckettransitions Lifecycle Rule Noncurrent Version Transition] Specifies when noncurrent object versions transitions (documented below).
- prefix str
Object key prefix identifying one or more objects to which the rule applies.
- Mapping[str, str]
Specifies object tags key and value.
- transitions
Sequence[Bucket
Lifecycle Rule Transition] Specifies a period in the object's transitions (documented below).
- enabled Boolean
Specifies lifecycle rule status.
- abort
Incomplete NumberMultipart Upload Days Specifies the number of days after initiating a multipart upload when the multipart upload must be completed.
- expiration Property Map
Specifies a period in the object's expire (documented below).
- id String
Unique identifier for the rule. Must be less than or equal to 255 characters in length.
- noncurrent
Version Property MapExpiration Specifies when noncurrent object versions expire (documented below).
- noncurrent
Version List<Property Map>Transitions Specifies when noncurrent object versions transitions (documented below).
- prefix String
Object key prefix identifying one or more objects to which the rule applies.
- Map<String>
Specifies object tags key and value.
- transitions List<Property Map>
Specifies a period in the object's transitions (documented below).
BucketLifecycleRuleExpiration
- Date string
Specifies the date after which you want the corresponding action to take effect.
- Days int
Specifies the number of days after object creation when the specific rule action takes effect.
- Expired
Object boolDelete Marker On a versioned bucket (versioning-enabled or versioning-suspended bucket), you can add this element in the lifecycle configuration to direct Amazon S3 to delete expired object delete markers. This cannot be specified with Days or Date in a Lifecycle Expiration Policy.
- Date string
Specifies the date after which you want the corresponding action to take effect.
- Days int
Specifies the number of days after object creation when the specific rule action takes effect.
- Expired
Object boolDelete Marker On a versioned bucket (versioning-enabled or versioning-suspended bucket), you can add this element in the lifecycle configuration to direct Amazon S3 to delete expired object delete markers. This cannot be specified with Days or Date in a Lifecycle Expiration Policy.
- date String
Specifies the date after which you want the corresponding action to take effect.
- days Integer
Specifies the number of days after object creation when the specific rule action takes effect.
- expired
Object BooleanDelete Marker On a versioned bucket (versioning-enabled or versioning-suspended bucket), you can add this element in the lifecycle configuration to direct Amazon S3 to delete expired object delete markers. This cannot be specified with Days or Date in a Lifecycle Expiration Policy.
- date string
Specifies the date after which you want the corresponding action to take effect.
- days number
Specifies the number of days after object creation when the specific rule action takes effect.
- expired
Object booleanDelete Marker On a versioned bucket (versioning-enabled or versioning-suspended bucket), you can add this element in the lifecycle configuration to direct Amazon S3 to delete expired object delete markers. This cannot be specified with Days or Date in a Lifecycle Expiration Policy.
- date str
Specifies the date after which you want the corresponding action to take effect.
- days int
Specifies the number of days after object creation when the specific rule action takes effect.
- expired_
object_ booldelete_ marker On a versioned bucket (versioning-enabled or versioning-suspended bucket), you can add this element in the lifecycle configuration to direct Amazon S3 to delete expired object delete markers. This cannot be specified with Days or Date in a Lifecycle Expiration Policy.
- date String
Specifies the date after which you want the corresponding action to take effect.
- days Number
Specifies the number of days after object creation when the specific rule action takes effect.
- expired
Object BooleanDelete Marker On a versioned bucket (versioning-enabled or versioning-suspended bucket), you can add this element in the lifecycle configuration to direct Amazon S3 to delete expired object delete markers. This cannot be specified with Days or Date in a Lifecycle Expiration Policy.
BucketLifecycleRuleNoncurrentVersionExpiration
- Days int
Specifies the number of days noncurrent object versions expire.
- Days int
Specifies the number of days noncurrent object versions expire.
- days Integer
Specifies the number of days noncurrent object versions expire.
- days number
Specifies the number of days noncurrent object versions expire.
- days int
Specifies the number of days noncurrent object versions expire.
- days Number
Specifies the number of days noncurrent object versions expire.
BucketLifecycleRuleNoncurrentVersionTransition
- Storage
Class string Specifies the Amazon S3 storage class to which you want the object to transition.
- Days int
Specifies the number of days noncurrent object versions transition.
- Storage
Class string Specifies the Amazon S3 storage class to which you want the object to transition.
- Days int
Specifies the number of days noncurrent object versions transition.
- storage
Class String Specifies the Amazon S3 storage class to which you want the object to transition.
- days Integer
Specifies the number of days noncurrent object versions transition.
- storage
Class string Specifies the Amazon S3 storage class to which you want the object to transition.
- days number
Specifies the number of days noncurrent object versions transition.
- storage_
class str Specifies the Amazon S3 storage class to which you want the object to transition.
- days int
Specifies the number of days noncurrent object versions transition.
- storage
Class String Specifies the Amazon S3 storage class to which you want the object to transition.
- days Number
Specifies the number of days noncurrent object versions transition.
BucketLifecycleRuleTransition
- Storage
Class string Specifies the Amazon S3 storage class to which you want the object to transition.
- Date string
Specifies the date after which you want the corresponding action to take effect.
- Days int
Specifies the number of days after object creation when the specific rule action takes effect.
- Storage
Class string Specifies the Amazon S3 storage class to which you want the object to transition.
- Date string
Specifies the date after which you want the corresponding action to take effect.
- Days int
Specifies the number of days after object creation when the specific rule action takes effect.
- storage
Class String Specifies the Amazon S3 storage class to which you want the object to transition.
- date String
Specifies the date after which you want the corresponding action to take effect.
- days Integer
Specifies the number of days after object creation when the specific rule action takes effect.
- storage
Class string Specifies the Amazon S3 storage class to which you want the object to transition.
- date string
Specifies the date after which you want the corresponding action to take effect.
- days number
Specifies the number of days after object creation when the specific rule action takes effect.
- storage_
class str Specifies the Amazon S3 storage class to which you want the object to transition.
- date str
Specifies the date after which you want the corresponding action to take effect.
- days int
Specifies the number of days after object creation when the specific rule action takes effect.
- storage
Class String Specifies the Amazon S3 storage class to which you want the object to transition.
- date String
Specifies the date after which you want the corresponding action to take effect.
- days Number
Specifies the number of days after object creation when the specific rule action takes effect.
BucketLogging
- Target
Bucket string The name of the bucket that will receive the log objects.
- Target
Prefix string To specify a key prefix for log objects.
- Target
Bucket string The name of the bucket that will receive the log objects.
- Target
Prefix string To specify a key prefix for log objects.
- target
Bucket String The name of the bucket that will receive the log objects.
- target
Prefix String To specify a key prefix for log objects.
- target
Bucket string The name of the bucket that will receive the log objects.
- target
Prefix string To specify a key prefix for log objects.
- target_
bucket str The name of the bucket that will receive the log objects.
- target_
prefix str To specify a key prefix for log objects.
- target
Bucket String The name of the bucket that will receive the log objects.
- target
Prefix String To specify a key prefix for log objects.
BucketObjectLockConfiguration
- Object
Lock stringEnabled Indicates whether this bucket has an Object Lock configuration enabled. Valid value is
Enabled.- Rule
Bucket
Object Lock Configuration Rule The Object Lock rule in place for this bucket.
- Object
Lock stringEnabled Indicates whether this bucket has an Object Lock configuration enabled. Valid value is
Enabled.- Rule
Bucket
Object Lock Configuration Rule The Object Lock rule in place for this bucket.
- object
Lock StringEnabled Indicates whether this bucket has an Object Lock configuration enabled. Valid value is
Enabled.- rule
Bucket
Object Lock Configuration Rule The Object Lock rule in place for this bucket.
- object
Lock stringEnabled Indicates whether this bucket has an Object Lock configuration enabled. Valid value is
Enabled.- rule
Bucket
Object Lock Configuration Rule The Object Lock rule in place for this bucket.
- object_
lock_ strenabled Indicates whether this bucket has an Object Lock configuration enabled. Valid value is
Enabled.- rule
Bucket
Object Lock Configuration Rule The Object Lock rule in place for this bucket.
- object
Lock StringEnabled Indicates whether this bucket has an Object Lock configuration enabled. Valid value is
Enabled.- rule Property Map
The Object Lock rule in place for this bucket.
BucketObjectLockConfigurationRule
- Default
Retention BucketObject Lock Configuration Rule Default Retention The default retention period that you want to apply to new objects placed in this bucket.
- Default
Retention BucketObject Lock Configuration Rule Default Retention The default retention period that you want to apply to new objects placed in this bucket.
- default
Retention BucketObject Lock Configuration Rule Default Retention The default retention period that you want to apply to new objects placed in this bucket.
- default
Retention BucketObject Lock Configuration Rule Default Retention The default retention period that you want to apply to new objects placed in this bucket.
- default_
retention BucketObject Lock Configuration Rule Default Retention The default retention period that you want to apply to new objects placed in this bucket.
- default
Retention Property Map The default retention period that you want to apply to new objects placed in this bucket.
BucketObjectLockConfigurationRuleDefaultRetention
- Mode string
The default Object Lock retention mode you want to apply to new objects placed in this bucket. Valid values are
GOVERNANCEandCOMPLIANCE.- Days int
The number of days that you want to specify for the default retention period.
- Years int
The number of years that you want to specify for the default retention period.
- Mode string
The default Object Lock retention mode you want to apply to new objects placed in this bucket. Valid values are
GOVERNANCEandCOMPLIANCE.- Days int
The number of days that you want to specify for the default retention period.
- Years int
The number of years that you want to specify for the default retention period.
- mode String
The default Object Lock retention mode you want to apply to new objects placed in this bucket. Valid values are
GOVERNANCEandCOMPLIANCE.- days Integer
The number of days that you want to specify for the default retention period.
- years Integer
The number of years that you want to specify for the default retention period.
- mode string
The default Object Lock retention mode you want to apply to new objects placed in this bucket. Valid values are
GOVERNANCEandCOMPLIANCE.- days number
The number of days that you want to specify for the default retention period.
- years number
The number of years that you want to specify for the default retention period.
- mode str
The default Object Lock retention mode you want to apply to new objects placed in this bucket. Valid values are
GOVERNANCEandCOMPLIANCE.- days int
The number of days that you want to specify for the default retention period.
- years int
The number of years that you want to specify for the default retention period.
- mode String
The default Object Lock retention mode you want to apply to new objects placed in this bucket. Valid values are
GOVERNANCEandCOMPLIANCE.- days Number
The number of days that you want to specify for the default retention period.
- years Number
The number of years that you want to specify for the default retention period.
BucketReplicationConfiguration
- Role string
The ARN of the IAM role for Amazon S3 to assume when replicating the objects.
- Rules
List<Bucket
Replication Configuration Rule> Specifies the rules managing the replication (documented below).
- Role string
The ARN of the IAM role for Amazon S3 to assume when replicating the objects.
- Rules
[]Bucket
Replication Configuration Rule Specifies the rules managing the replication (documented below).
- role String
The ARN of the IAM role for Amazon S3 to assume when replicating the objects.
- rules
List<Bucket
Replication Configuration Rule> Specifies the rules managing the replication (documented below).
- role string
The ARN of the IAM role for Amazon S3 to assume when replicating the objects.
- rules
Bucket
Replication Configuration Rule[] Specifies the rules managing the replication (documented below).
- role str
The ARN of the IAM role for Amazon S3 to assume when replicating the objects.
- rules
Sequence[Bucket
Replication Configuration Rule] Specifies the rules managing the replication (documented below).
- role String
The ARN of the IAM role for Amazon S3 to assume when replicating the objects.
- rules List<Property Map>
Specifies the rules managing the replication (documented below).
BucketReplicationConfigurationRule
- Destination
Bucket
Replication Configuration Rule Destination Specifies the destination for the rule (documented below).
- Status string
The status of the rule. Either
EnabledorDisabled. The rule is ignored if status is not Enabled.- Delete
Marker stringReplication Status Whether delete markers are replicated. The only valid value is
Enabled. To disable, omit this argument. This argument is only valid with V2 replication configurations (i.e., whenfilteris used).- Filter
Bucket
Replication Configuration Rule Filter Filter that identifies subset of objects to which the replication rule applies (documented below).
- Id string
Unique identifier for the rule. Must be less than or equal to 255 characters in length.
- Prefix string
Object keyname prefix identifying one or more objects to which the rule applies. Must be less than or equal to 1024 characters in length.
- Priority int
The priority associated with the rule. Priority should only be set if
filteris configured. If not provided, defaults to0. Priority must be unique between multiple rules.- Source
Selection BucketCriteria Replication Configuration Rule Source Selection Criteria Specifies special object selection criteria (documented below).
- Destination
Bucket
Replication Configuration Rule Destination Specifies the destination for the rule (documented below).
- Status string
The status of the rule. Either
EnabledorDisabled. The rule is ignored if status is not Enabled.- Delete
Marker stringReplication Status Whether delete markers are replicated. The only valid value is
Enabled. To disable, omit this argument. This argument is only valid with V2 replication configurations (i.e., whenfilteris used).- Filter
Bucket
Replication Configuration Rule Filter Filter that identifies subset of objects to which the replication rule applies (documented below).
- Id string
Unique identifier for the rule. Must be less than or equal to 255 characters in length.
- Prefix string
Object keyname prefix identifying one or more objects to which the rule applies. Must be less than or equal to 1024 characters in length.
- Priority int
The priority associated with the rule. Priority should only be set if
filteris configured. If not provided, defaults to0. Priority must be unique between multiple rules.- Source
Selection BucketCriteria Replication Configuration Rule Source Selection Criteria Specifies special object selection criteria (documented below).
- destination
Bucket
Replication Configuration Rule Destination Specifies the destination for the rule (documented below).
- status String
The status of the rule. Either
EnabledorDisabled. The rule is ignored if status is not Enabled.- delete
Marker StringReplication Status Whether delete markers are replicated. The only valid value is
Enabled. To disable, omit this argument. This argument is only valid with V2 replication configurations (i.e., whenfilteris used).- filter
Bucket
Replication Configuration Rule Filter Filter that identifies subset of objects to which the replication rule applies (documented below).
- id String
Unique identifier for the rule. Must be less than or equal to 255 characters in length.
- prefix String
Object keyname prefix identifying one or more objects to which the rule applies. Must be less than or equal to 1024 characters in length.
- priority Integer
The priority associated with the rule. Priority should only be set if
filteris configured. If not provided, defaults to0. Priority must be unique between multiple rules.- source
Selection BucketCriteria Replication Configuration Rule Source Selection Criteria Specifies special object selection criteria (documented below).
- destination
Bucket
Replication Configuration Rule Destination Specifies the destination for the rule (documented below).
- status string
The status of the rule. Either
EnabledorDisabled. The rule is ignored if status is not Enabled.- delete
Marker stringReplication Status Whether delete markers are replicated. The only valid value is
Enabled. To disable, omit this argument. This argument is only valid with V2 replication configurations (i.e., whenfilteris used).- filter
Bucket
Replication Configuration Rule Filter Filter that identifies subset of objects to which the replication rule applies (documented below).
- id string
Unique identifier for the rule. Must be less than or equal to 255 characters in length.
- prefix string
Object keyname prefix identifying one or more objects to which the rule applies. Must be less than or equal to 1024 characters in length.
- priority number
The priority associated with the rule. Priority should only be set if
filteris configured. If not provided, defaults to0. Priority must be unique between multiple rules.- source
Selection BucketCriteria Replication Configuration Rule Source Selection Criteria Specifies special object selection criteria (documented below).
- destination
Bucket
Replication Configuration Rule Destination Specifies the destination for the rule (documented below).
- status str
The status of the rule. Either
EnabledorDisabled. The rule is ignored if status is not Enabled.- delete_
marker_ strreplication_ status Whether delete markers are replicated. The only valid value is
Enabled. To disable, omit this argument. This argument is only valid with V2 replication configurations (i.e., whenfilteris used).- filter
Bucket
Replication Configuration Rule Filter Filter that identifies subset of objects to which the replication rule applies (documented below).
- id str
Unique identifier for the rule. Must be less than or equal to 255 characters in length.
- prefix str
Object keyname prefix identifying one or more objects to which the rule applies. Must be less than or equal to 1024 characters in length.
- priority int
The priority associated with the rule. Priority should only be set if
filteris configured. If not provided, defaults to0. Priority must be unique between multiple rules.- source_
selection_ Bucketcriteria Replication Configuration Rule Source Selection Criteria Specifies special object selection criteria (documented below).
- destination Property Map
Specifies the destination for the rule (documented below).
- status String
The status of the rule. Either
EnabledorDisabled. The rule is ignored if status is not Enabled.- delete
Marker StringReplication Status Whether delete markers are replicated. The only valid value is
Enabled. To disable, omit this argument. This argument is only valid with V2 replication configurations (i.e., whenfilteris used).- filter Property Map
Filter that identifies subset of objects to which the replication rule applies (documented below).
- id String
Unique identifier for the rule. Must be less than or equal to 255 characters in length.
- prefix String
Object keyname prefix identifying one or more objects to which the rule applies. Must be less than or equal to 1024 characters in length.
- priority Number
The priority associated with the rule. Priority should only be set if
filteris configured. If not provided, defaults to0. Priority must be unique between multiple rules.- source
Selection Property MapCriteria Specifies special object selection criteria (documented below).
BucketReplicationConfigurationRuleDestination
- Bucket string
The ARN of the S3 bucket where you want Amazon S3 to store replicas of the object identified by the rule.
- Access
Control BucketTranslation Replication Configuration Rule Destination Access Control Translation Specifies the overrides to use for object owners on replication. Must be used in conjunction with
account_idowner override configuration.- Account
Id string The Account ID to use for overriding the object owner on replication. Must be used in conjunction with
access_control_translationoverride configuration.- Metrics
Bucket
Replication Configuration Rule Destination Metrics Enables replication metrics (required for S3 RTC) (documented below).
- Replica
Kms stringKey Id Destination KMS encryption key ARN for SSE-KMS replication. Must be used in conjunction with
sse_kms_encrypted_objectssource selection criteria.- Replication
Time BucketReplication Configuration Rule Destination Replication Time Enables S3 Replication Time Control (S3 RTC) (documented below).
- Storage
Class string The storage class used to store the object. By default, Amazon S3 uses the storage class of the source object to create the object replica.
- Bucket string
The ARN of the S3 bucket where you want Amazon S3 to store replicas of the object identified by the rule.
- Access
Control BucketTranslation Replication Configuration Rule Destination Access Control Translation Specifies the overrides to use for object owners on replication. Must be used in conjunction with
account_idowner override configuration.- Account
Id string The Account ID to use for overriding the object owner on replication. Must be used in conjunction with
access_control_translationoverride configuration.- Metrics
Bucket
Replication Configuration Rule Destination Metrics Enables replication metrics (required for S3 RTC) (documented below).
- Replica
Kms stringKey Id Destination KMS encryption key ARN for SSE-KMS replication. Must be used in conjunction with
sse_kms_encrypted_objectssource selection criteria.- Replication
Time BucketReplication Configuration Rule Destination Replication Time Enables S3 Replication Time Control (S3 RTC) (documented below).
- Storage
Class string The storage class used to store the object. By default, Amazon S3 uses the storage class of the source object to create the object replica.
- bucket String
The ARN of the S3 bucket where you want Amazon S3 to store replicas of the object identified by the rule.
- access
Control BucketTranslation Replication Configuration Rule Destination Access Control Translation Specifies the overrides to use for object owners on replication. Must be used in conjunction with
account_idowner override configuration.- account
Id String The Account ID to use for overriding the object owner on replication. Must be used in conjunction with
access_control_translationoverride configuration.- metrics
Bucket
Replication Configuration Rule Destination Metrics Enables replication metrics (required for S3 RTC) (documented below).
- replica
Kms StringKey Id Destination KMS encryption key ARN for SSE-KMS replication. Must be used in conjunction with
sse_kms_encrypted_objectssource selection criteria.- replication
Time BucketReplication Configuration Rule Destination Replication Time Enables S3 Replication Time Control (S3 RTC) (documented below).
- storage
Class String The storage class used to store the object. By default, Amazon S3 uses the storage class of the source object to create the object replica.
- bucket string
The ARN of the S3 bucket where you want Amazon S3 to store replicas of the object identified by the rule.
- access
Control BucketTranslation Replication Configuration Rule Destination Access Control Translation Specifies the overrides to use for object owners on replication. Must be used in conjunction with
account_idowner override configuration.- account
Id string The Account ID to use for overriding the object owner on replication. Must be used in conjunction with
access_control_translationoverride configuration.- metrics
Bucket
Replication Configuration Rule Destination Metrics Enables replication metrics (required for S3 RTC) (documented below).
- replica
Kms stringKey Id Destination KMS encryption key ARN for SSE-KMS replication. Must be used in conjunction with
sse_kms_encrypted_objectssource selection criteria.- replication
Time BucketReplication Configuration Rule Destination Replication Time Enables S3 Replication Time Control (S3 RTC) (documented below).
- storage
Class string The storage class used to store the object. By default, Amazon S3 uses the storage class of the source object to create the object replica.
- bucket str
The ARN of the S3 bucket where you want Amazon S3 to store replicas of the object identified by the rule.
- access_
control_ Buckettranslation Replication Configuration Rule Destination Access Control Translation Specifies the overrides to use for object owners on replication. Must be used in conjunction with
account_idowner override configuration.- account_
id str The Account ID to use for overriding the object owner on replication. Must be used in conjunction with
access_control_translationoverride configuration.- metrics
Bucket
Replication Configuration Rule Destination Metrics Enables replication metrics (required for S3 RTC) (documented below).
- replica_
kms_ strkey_ id Destination KMS encryption key ARN for SSE-KMS replication. Must be used in conjunction with
sse_kms_encrypted_objectssource selection criteria.- replication_
time BucketReplication Configuration Rule Destination Replication Time Enables S3 Replication Time Control (S3 RTC) (documented below).
- storage_
class str The storage class used to store the object. By default, Amazon S3 uses the storage class of the source object to create the object replica.
- bucket String
The ARN of the S3 bucket where you want Amazon S3 to store replicas of the object identified by the rule.
- access
Control Property MapTranslation Specifies the overrides to use for object owners on replication. Must be used in conjunction with
account_idowner override configuration.- account
Id String The Account ID to use for overriding the object owner on replication. Must be used in conjunction with
access_control_translationoverride configuration.- metrics Property Map
Enables replication metrics (required for S3 RTC) (documented below).
- replica
Kms StringKey Id Destination KMS encryption key ARN for SSE-KMS replication. Must be used in conjunction with
sse_kms_encrypted_objectssource selection criteria.- replication
Time Property Map Enables S3 Replication Time Control (S3 RTC) (documented below).
- storage
Class String The storage class used to store the object. By default, Amazon S3 uses the storage class of the source object to create the object replica.
BucketReplicationConfigurationRuleDestinationAccessControlTranslation
- Owner string
The override value for the owner on replicated objects. Currently only
Destinationis supported.
- Owner string
The override value for the owner on replicated objects. Currently only
Destinationis supported.
- owner String
The override value for the owner on replicated objects. Currently only
Destinationis supported.
- owner string
The override value for the owner on replicated objects. Currently only
Destinationis supported.
- owner str
The override value for the owner on replicated objects. Currently only
Destinationis supported.
- owner String
The override value for the owner on replicated objects. Currently only
Destinationis supported.
BucketReplicationConfigurationRuleDestinationMetrics
BucketReplicationConfigurationRuleDestinationReplicationTime
BucketReplicationConfigurationRuleFilter
- Prefix string
Object keyname prefix that identifies subset of objects to which the rule applies. Must be less than or equal to 1024 characters in length.
- Dictionary<string, string>
A map of tags that identifies subset of objects to which the rule applies. The rule applies only to objects having all the tags in its tagset.
- Prefix string
Object keyname prefix that identifies subset of objects to which the rule applies. Must be less than or equal to 1024 characters in length.
- map[string]string
A map of tags that identifies subset of objects to which the rule applies. The rule applies only to objects having all the tags in its tagset.
- prefix String
Object keyname prefix that identifies subset of objects to which the rule applies. Must be less than or equal to 1024 characters in length.
- Map<String,String>
A map of tags that identifies subset of objects to which the rule applies. The rule applies only to objects having all the tags in its tagset.
- prefix string
Object keyname prefix that identifies subset of objects to which the rule applies. Must be less than or equal to 1024 characters in length.
- {[key: string]: string}
A map of tags that identifies subset of objects to which the rule applies. The rule applies only to objects having all the tags in its tagset.
- prefix str
Object keyname prefix that identifies subset of objects to which the rule applies. Must be less than or equal to 1024 characters in length.
- Mapping[str, str]
A map of tags that identifies subset of objects to which the rule applies. The rule applies only to objects having all the tags in its tagset.
- prefix String
Object keyname prefix that identifies subset of objects to which the rule applies. Must be less than or equal to 1024 characters in length.
- Map<String>
A map of tags that identifies subset of objects to which the rule applies. The rule applies only to objects having all the tags in its tagset.
BucketReplicationConfigurationRuleSourceSelectionCriteria
- Sse
Kms BucketEncrypted Objects Replication Configuration Rule Source Selection Criteria Sse Kms Encrypted Objects Match SSE-KMS encrypted objects (documented below). If specified,
replica_kms_key_idindestinationmust be specified as well.
- Sse
Kms BucketEncrypted Objects Replication Configuration Rule Source Selection Criteria Sse Kms Encrypted Objects Match SSE-KMS encrypted objects (documented below). If specified,
replica_kms_key_idindestinationmust be specified as well.
- sse
Kms BucketEncrypted Objects Replication Configuration Rule Source Selection Criteria Sse Kms Encrypted Objects Match SSE-KMS encrypted objects (documented below). If specified,
replica_kms_key_idindestinationmust be specified as well.
- sse
Kms BucketEncrypted Objects Replication Configuration Rule Source Selection Criteria Sse Kms Encrypted Objects Match SSE-KMS encrypted objects (documented below). If specified,
replica_kms_key_idindestinationmust be specified as well.
- sse_
kms_ Bucketencrypted_ objects Replication Configuration Rule Source Selection Criteria Sse Kms Encrypted Objects Match SSE-KMS encrypted objects (documented below). If specified,
replica_kms_key_idindestinationmust be specified as well.
- sse
Kms Property MapEncrypted Objects Match SSE-KMS encrypted objects (documented below). If specified,
replica_kms_key_idindestinationmust be specified as well.
BucketReplicationConfigurationRuleSourceSelectionCriteriaSseKmsEncryptedObjects
- Enabled bool
Boolean which indicates if this criteria is enabled.
- Enabled bool
Boolean which indicates if this criteria is enabled.
- enabled Boolean
Boolean which indicates if this criteria is enabled.
- enabled boolean
Boolean which indicates if this criteria is enabled.
- enabled bool
Boolean which indicates if this criteria is enabled.
- enabled Boolean
Boolean which indicates if this criteria is enabled.
BucketServerSideEncryptionConfiguration
- Rule
Bucket
Server Side Encryption Configuration Rule A single object for server-side encryption by default configuration. (documented below)
- Rule
Bucket
Server Side Encryption Configuration Rule A single object for server-side encryption by default configuration. (documented below)
- rule
Bucket
Server Side Encryption Configuration Rule A single object for server-side encryption by default configuration. (documented below)
- rule
Bucket
Server Side Encryption Configuration Rule A single object for server-side encryption by default configuration. (documented below)
- rule
Bucket
Server Side Encryption Configuration Rule A single object for server-side encryption by default configuration. (documented below)
- rule Property Map
A single object for server-side encryption by default configuration. (documented below)
BucketServerSideEncryptionConfigurationRule
- Apply
Server BucketSide Encryption By Default Server Side Encryption Configuration Rule Apply Server Side Encryption By Default A single object for setting server-side encryption by default. (documented below)
- Bucket
Key boolEnabled Whether or not to use Amazon S3 Bucket Keys for SSE-KMS.
- Apply
Server BucketSide Encryption By Default Server Side Encryption Configuration Rule Apply Server Side Encryption By Default A single object for setting server-side encryption by default. (documented below)
- Bucket
Key boolEnabled Whether or not to use Amazon S3 Bucket Keys for SSE-KMS.
- apply
Server BucketSide Encryption By Default Server Side Encryption Configuration Rule Apply Server Side Encryption By Default A single object for setting server-side encryption by default. (documented below)
- bucket
Key BooleanEnabled Whether or not to use Amazon S3 Bucket Keys for SSE-KMS.
- apply
Server BucketSide Encryption By Default Server Side Encryption Configuration Rule Apply Server Side Encryption By Default A single object for setting server-side encryption by default. (documented below)
- bucket
Key booleanEnabled Whether or not to use Amazon S3 Bucket Keys for SSE-KMS.
- apply_
server_ Bucketside_ encryption_ by_ default Server Side Encryption Configuration Rule Apply Server Side Encryption By Default A single object for setting server-side encryption by default. (documented below)
- bucket_
key_ boolenabled Whether or not to use Amazon S3 Bucket Keys for SSE-KMS.
- apply
Server Property MapSide Encryption By Default A single object for setting server-side encryption by default. (documented below)
- bucket
Key BooleanEnabled Whether or not to use Amazon S3 Bucket Keys for SSE-KMS.
BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefault
- Sse
Algorithm string The server-side encryption algorithm to use. Valid values are
AES256andaws:kms- Kms
Master stringKey Id The AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of
sse_algorithmasaws:kms. The defaultaws/s3AWS KMS master key is used if this element is absent while thesse_algorithmisaws:kms.
- Sse
Algorithm string The server-side encryption algorithm to use. Valid values are
AES256andaws:kms- Kms
Master stringKey Id The AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of
sse_algorithmasaws:kms. The defaultaws/s3AWS KMS master key is used if this element is absent while thesse_algorithmisaws:kms.
- sse
Algorithm String The server-side encryption algorithm to use. Valid values are
AES256andaws:kms- kms
Master StringKey Id The AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of
sse_algorithmasaws:kms. The defaultaws/s3AWS KMS master key is used if this element is absent while thesse_algorithmisaws:kms.
- sse
Algorithm string The server-side encryption algorithm to use. Valid values are
AES256andaws:kms- kms
Master stringKey Id The AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of
sse_algorithmasaws:kms. The defaultaws/s3AWS KMS master key is used if this element is absent while thesse_algorithmisaws:kms.
- sse_
algorithm str The server-side encryption algorithm to use. Valid values are
AES256andaws:kms- kms_
master_ strkey_ id The AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of
sse_algorithmasaws:kms. The defaultaws/s3AWS KMS master key is used if this element is absent while thesse_algorithmisaws:kms.
- sse
Algorithm String The server-side encryption algorithm to use. Valid values are
AES256andaws:kms- kms
Master StringKey Id The AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of
sse_algorithmasaws:kms. The defaultaws/s3AWS KMS master key is used if this element is absent while thesse_algorithmisaws:kms.
BucketVersioning
- Enabled bool
Enable versioning. Once you version-enable a bucket, it can never return to an unversioned state. You can, however, suspend versioning on that bucket.
- Mfa
Delete bool Enable MFA delete for either
Change the versioning state of your bucketorPermanently delete an object version. Default isfalse. This cannot be used to toggle this setting but is available to allow managed buckets to reflect the state in AWS
- Enabled bool
Enable versioning. Once you version-enable a bucket, it can never return to an unversioned state. You can, however, suspend versioning on that bucket.
- Mfa
Delete bool Enable MFA delete for either
Change the versioning state of your bucketorPermanently delete an object version. Default isfalse. This cannot be used to toggle this setting but is available to allow managed buckets to reflect the state in AWS
- enabled Boolean
Enable versioning. Once you version-enable a bucket, it can never return to an unversioned state. You can, however, suspend versioning on that bucket.
- mfa
Delete Boolean Enable MFA delete for either
Change the versioning state of your bucketorPermanently delete an object version. Default isfalse. This cannot be used to toggle this setting but is available to allow managed buckets to reflect the state in AWS
- enabled boolean
Enable versioning. Once you version-enable a bucket, it can never return to an unversioned state. You can, however, suspend versioning on that bucket.
- mfa
Delete boolean Enable MFA delete for either
Change the versioning state of your bucketorPermanently delete an object version. Default isfalse. This cannot be used to toggle this setting but is available to allow managed buckets to reflect the state in AWS
- enabled bool
Enable versioning. Once you version-enable a bucket, it can never return to an unversioned state. You can, however, suspend versioning on that bucket.
- mfa_
delete bool Enable MFA delete for either
Change the versioning state of your bucketorPermanently delete an object version. Default isfalse. This cannot be used to toggle this setting but is available to allow managed buckets to reflect the state in AWS
- enabled Boolean
Enable versioning. Once you version-enable a bucket, it can never return to an unversioned state. You can, however, suspend versioning on that bucket.
- mfa
Delete Boolean Enable MFA delete for either
Change the versioning state of your bucketorPermanently delete an object version. Default isfalse. This cannot be used to toggle this setting but is available to allow managed buckets to reflect the state in AWS
BucketWebsite
- Error
Document string An absolute path to the document to return in case of a 4XX error.
- Index
Document string Amazon S3 returns this index document when requests are made to the root domain or any of the subfolders.
- Redirect
All stringRequests To A hostname to redirect all website requests for this bucket to. Hostname can optionally be prefixed with a protocol (
http://orhttps://) to use when redirecting requests. The default is the protocol that is used in the original request.- Routing
Rules string | List<string> A json array containing routing rules describing redirect behavior and when redirects are applied.
- Error
Document string An absolute path to the document to return in case of a 4XX error.
- Index
Document string Amazon S3 returns this index document when requests are made to the root domain or any of the subfolders.
- Redirect
All stringRequests To A hostname to redirect all website requests for this bucket to. Hostname can optionally be prefixed with a protocol (
http://orhttps://) to use when redirecting requests. The default is the protocol that is used in the original request.- Routing
Rules string | []string A json array containing routing rules describing redirect behavior and when redirects are applied.
- error
Document String An absolute path to the document to return in case of a 4XX error.
- index
Document String Amazon S3 returns this index document when requests are made to the root domain or any of the subfolders.
- redirect
All StringRequests To A hostname to redirect all website requests for this bucket to. Hostname can optionally be prefixed with a protocol (
http://orhttps://) to use when redirecting requests. The default is the protocol that is used in the original request.- routing
Rules String | List<String> A json array containing routing rules describing redirect behavior and when redirects are applied.
- error
Document string An absolute path to the document to return in case of a 4XX error.
- index
Document string Amazon S3 returns this index document when requests are made to the root domain or any of the subfolders.
- redirect
All stringRequests To A hostname to redirect all website requests for this bucket to. Hostname can optionally be prefixed with a protocol (
http://orhttps://) to use when redirecting requests. The default is the protocol that is used in the original request.- routing
Rules string | RoutingRule[] A json array containing routing rules describing redirect behavior and when redirects are applied.
- error_
document str An absolute path to the document to return in case of a 4XX error.
- index_
document str Amazon S3 returns this index document when requests are made to the root domain or any of the subfolders.
- redirect_
all_ strrequests_ to A hostname to redirect all website requests for this bucket to. Hostname can optionally be prefixed with a protocol (
http://orhttps://) to use when redirecting requests. The default is the protocol that is used in the original request.- routing_
rules str | Sequence[str] A json array containing routing rules describing redirect behavior and when redirects are applied.
- error
Document String An absolute path to the document to return in case of a 4XX error.
- index
Document String Amazon S3 returns this index document when requests are made to the root domain or any of the subfolders.
- redirect
All StringRequests To A hostname to redirect all website requests for this bucket to. Hostname can optionally be prefixed with a protocol (
http://orhttps://) to use when redirecting requests. The default is the protocol that is used in the original request.- routing
Rules String | List<> A json array containing routing rules describing redirect behavior and when redirects are applied.
CannedAcl
- Private
- private
- Public
Read - public-read
- Public
Read Write - public-read-write
- Aws
Exec Read - aws-exec-read
- Authenticated
Read - authenticated-read
- Bucket
Owner Read - bucket-owner-read
- Bucket
Owner Full Control - bucket-owner-full-control
- Log
Delivery Write - log-delivery-write
- Canned
Acl Private - private
- Canned
Acl Public Read - public-read
- Canned
Acl Public Read Write - public-read-write
- Canned
Acl Aws Exec Read - aws-exec-read
- Canned
Acl Authenticated Read - authenticated-read
- Canned
Acl Bucket Owner Read - bucket-owner-read
- Canned
Acl Bucket Owner Full Control - bucket-owner-full-control
- Canned
Acl Log Delivery Write - log-delivery-write
- Private
- private
- Public
Read - public-read
- Public
Read Write - public-read-write
- Aws
Exec Read - aws-exec-read
- Authenticated
Read - authenticated-read
- Bucket
Owner Read - bucket-owner-read
- Bucket
Owner Full Control - bucket-owner-full-control
- Log
Delivery Write - log-delivery-write
- Private
- private
- Public
Read - public-read
- Public
Read Write - public-read-write
- Aws
Exec Read - aws-exec-read
- Authenticated
Read - authenticated-read
- Bucket
Owner Read - bucket-owner-read
- Bucket
Owner Full Control - bucket-owner-full-control
- Log
Delivery Write - log-delivery-write
- PRIVATE
- private
- PUBLIC_READ
- public-read
- PUBLIC_READ_WRITE
- public-read-write
- AWS_EXEC_READ
- aws-exec-read
- AUTHENTICATED_READ
- authenticated-read
- BUCKET_OWNER_READ
- bucket-owner-read
- BUCKET_OWNER_FULL_CONTROL
- bucket-owner-full-control
- LOG_DELIVERY_WRITE
- log-delivery-write
- "private"
- private
- "public-read"
- public-read
- "public-read-write"
- public-read-write
- "aws-exec-read"
- aws-exec-read
- "authenticated-read"
- authenticated-read
- "bucket-owner-read"
- bucket-owner-read
- "bucket-owner-full-control"
- bucket-owner-full-control
- "log-delivery-write"
- log-delivery-write
Import
S3 bucket can be imported using the bucket, e.g.,
$ pulumi import aws:s3/bucket:Bucket bucket bucket-name
The policy argument is not imported and will be deprecated in a future version of the provider. Use the aws_s3_bucket_policy resource to manage the S3 Bucket Policy instead.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
awsTerraform Provider.