AWS v7.10.0 published on Friday, Oct 24, 2025 by Pulumi
aws.s3.BucketLogging
Provides an S3 bucket (server access) logging resource. For more information, see Logging requests using server access logging in the AWS S3 User Guide.
Note: Amazon S3 supports server access logging, AWS CloudTrail, or a combination of both. Refer to the Logging options for Amazon S3 to decide which method meets your requirements.
This resource cannot be used with S3 directory buckets.
Example Usage
Grant permission by using bucket policy
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const current = aws.getCallerIdentity({});
const logging = new aws.s3.Bucket("logging", {bucket: "access-logging-bucket"});
const loggingBucketPolicy = pulumi.all([logging.arn, current]).apply(([arn, current]) => aws.iam.getPolicyDocumentOutput({
statements: [{
principals: [{
identifiers: ["logging.s3.amazonaws.com"],
type: "Service",
}],
actions: ["s3:PutObject"],
resources: [`${arn}/*`],
conditions: [{
test: "StringEquals",
variable: "aws:SourceAccount",
values: [current.accountId],
}],
}],
}));
const loggingBucketPolicy2 = new aws.s3.BucketPolicy("logging", {
bucket: logging.bucket,
policy: loggingBucketPolicy.apply(loggingBucketPolicy => loggingBucketPolicy.json),
});
const example = new aws.s3.Bucket("example", {bucket: "example-bucket"});
const exampleBucketLogging = new aws.s3.BucketLogging("example", {
bucket: example.bucket,
targetBucket: logging.bucket,
targetPrefix: "log/",
targetObjectKeyFormat: {
partitionedPrefix: {
partitionDateSource: "EventTime",
},
},
});
import pulumi
import pulumi_aws as aws
current = aws.get_caller_identity()
logging = aws.s3.Bucket("logging", bucket="access-logging-bucket")
logging_bucket_policy = logging.arn.apply(lambda arn: aws.iam.get_policy_document(statements=[{
"principals": [{
"identifiers": ["logging.s3.amazonaws.com"],
"type": "Service",
}],
"actions": ["s3:PutObject"],
"resources": [f"{arn}/*"],
"conditions": [{
"test": "StringEquals",
"variable": "aws:SourceAccount",
"values": [current.account_id],
}],
}]))
logging_bucket_policy2 = aws.s3.BucketPolicy("logging",
bucket=logging.bucket,
policy=logging_bucket_policy.json)
example = aws.s3.Bucket("example", bucket="example-bucket")
example_bucket_logging = aws.s3.BucketLogging("example",
bucket=example.bucket,
target_bucket=logging.bucket,
target_prefix="log/",
target_object_key_format={
"partitioned_prefix": {
"partition_date_source": "EventTime",
},
})
package main
import (
"fmt"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/iam"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/s3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
current, err := aws.GetCallerIdentity(ctx, &aws.GetCallerIdentityArgs{
}, nil);
if err != nil {
return err
}
logging, err := s3.NewBucket(ctx, "logging", &s3.BucketArgs{
Bucket: pulumi.String("access-logging-bucket"),
})
if err != nil {
return err
}
loggingBucketPolicy := logging.Arn.ApplyT(func(arn string) (iam.GetPolicyDocumentResult, error) {
return iam.GetPolicyDocumentResult(iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
Statements: []iam.GetPolicyDocumentStatement{
{
Principals: []iam.GetPolicyDocumentStatementPrincipal{
{
Identifiers: []string{
"logging.s3.amazonaws.com",
},
Type: "Service",
},
},
Actions: []string{
"s3:PutObject",
},
Resources: []string{
fmt.Sprintf("%v/*", arn),
},
Conditions: []iam.GetPolicyDocumentStatementCondition{
{
Test: "StringEquals",
Variable: "aws:SourceAccount",
Values: interface{}{
current.AccountId,
},
},
},
},
},
}, nil)), nil
}).(iam.GetPolicyDocumentResultOutput)
_, err = s3.NewBucketPolicy(ctx, "logging", &s3.BucketPolicyArgs{
Bucket: logging.Bucket,
Policy: pulumi.String(loggingBucketPolicy.Json),
})
if err != nil {
return err
}
example, err := s3.NewBucket(ctx, "example", &s3.BucketArgs{
Bucket: pulumi.String("example-bucket"),
})
if err != nil {
return err
}
_, err = s3.NewBucketLogging(ctx, "example", &s3.BucketLoggingArgs{
Bucket: example.Bucket,
TargetBucket: logging.Bucket,
TargetPrefix: pulumi.String("log/"),
TargetObjectKeyFormat: &s3.BucketLoggingTargetObjectKeyFormatArgs{
PartitionedPrefix: &s3.BucketLoggingTargetObjectKeyFormatPartitionedPrefixArgs{
PartitionDateSource: pulumi.String("EventTime"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var current = Aws.GetCallerIdentity.Invoke();
var logging = new Aws.S3.Bucket("logging", new()
{
BucketName = "access-logging-bucket",
});
var loggingBucketPolicy = Aws.Iam.GetPolicyDocument.Invoke(new()
{
Statements = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Principals = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
{
Identifiers = new[]
{
"logging.s3.amazonaws.com",
},
Type = "Service",
},
},
Actions = new[]
{
"s3:PutObject",
},
Resources = new[]
{
$"{logging.Arn}/*",
},
Conditions = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs
{
Test = "StringEquals",
Variable = "aws:SourceAccount",
Values = new[]
{
current.Apply(getCallerIdentityResult => getCallerIdentityResult.AccountId),
},
},
},
},
},
});
var loggingBucketPolicy2 = new Aws.S3.BucketPolicy("logging", new()
{
Bucket = logging.BucketName,
Policy = loggingBucketPolicy.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
});
var example = new Aws.S3.Bucket("example", new()
{
BucketName = "example-bucket",
});
var exampleBucketLogging = new Aws.S3.BucketLogging("example", new()
{
Bucket = example.BucketName,
TargetBucket = logging.BucketName,
TargetPrefix = "log/",
TargetObjectKeyFormat = new Aws.S3.Inputs.BucketLoggingTargetObjectKeyFormatArgs
{
PartitionedPrefix = new Aws.S3.Inputs.BucketLoggingTargetObjectKeyFormatPartitionedPrefixArgs
{
PartitionDateSource = "EventTime",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.AwsFunctions;
import com.pulumi.aws.inputs.GetCallerIdentityArgs;
import com.pulumi.aws.s3.Bucket;
import com.pulumi.aws.s3.BucketArgs;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.s3.BucketPolicy;
import com.pulumi.aws.s3.BucketPolicyArgs;
import com.pulumi.aws.s3.BucketLogging;
import com.pulumi.aws.s3.BucketLoggingArgs;
import com.pulumi.aws.s3.inputs.BucketLoggingTargetObjectKeyFormatArgs;
import com.pulumi.aws.s3.inputs.BucketLoggingTargetObjectKeyFormatPartitionedPrefixArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var current = AwsFunctions.getCallerIdentity(GetCallerIdentityArgs.builder()
.build());
var logging = new Bucket("logging", BucketArgs.builder()
.bucket("access-logging-bucket")
.build());
final var loggingBucketPolicy = logging.arn().applyValue(_arn -> IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.principals(GetPolicyDocumentStatementPrincipalArgs.builder()
.identifiers("logging.s3.amazonaws.com")
.type("Service")
.build())
.actions("s3:PutObject")
.resources(String.format("%s/*", _arn))
.conditions(GetPolicyDocumentStatementConditionArgs.builder()
.test("StringEquals")
.variable("aws:SourceAccount")
.values(current.accountId())
.build())
.build())
.build()));
var loggingBucketPolicy2 = new BucketPolicy("loggingBucketPolicy2", BucketPolicyArgs.builder()
.bucket(logging.bucket())
.policy(loggingBucketPolicy.json())
.build());
var example = new Bucket("example", BucketArgs.builder()
.bucket("example-bucket")
.build());
var exampleBucketLogging = new BucketLogging("exampleBucketLogging", BucketLoggingArgs.builder()
.bucket(example.bucket())
.targetBucket(logging.bucket())
.targetPrefix("log/")
.targetObjectKeyFormat(BucketLoggingTargetObjectKeyFormatArgs.builder()
.partitionedPrefix(BucketLoggingTargetObjectKeyFormatPartitionedPrefixArgs.builder()
.partitionDateSource("EventTime")
.build())
.build())
.build());
}
}
resources:
logging:
type: aws:s3:Bucket
properties:
bucket: access-logging-bucket
loggingBucketPolicy2:
type: aws:s3:BucketPolicy
name: logging
properties:
bucket: ${logging.bucket}
policy: ${loggingBucketPolicy.json}
example:
type: aws:s3:Bucket
properties:
bucket: example-bucket
exampleBucketLogging:
type: aws:s3:BucketLogging
name: example
properties:
bucket: ${example.bucket}
targetBucket: ${logging.bucket}
targetPrefix: log/
targetObjectKeyFormat:
partitionedPrefix:
partitionDateSource: EventTime
variables:
current:
fn::invoke:
function: aws:getCallerIdentity
arguments: {}
loggingBucketPolicy:
fn::invoke:
function: aws:iam:getPolicyDocument
arguments:
statements:
- principals:
- identifiers:
- logging.s3.amazonaws.com
type: Service
actions:
- s3:PutObject
resources:
- ${logging.arn}/*
conditions:
- test: StringEquals
variable: aws:SourceAccount
values:
- ${current.accountId}
Grant permission by using bucket ACL
The AWS Documentation does not recommend using the ACL.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.s3.Bucket("example", {bucket: "my-tf-example-bucket"});
const exampleBucketAcl = new aws.s3.BucketAcl("example", {
bucket: example.id,
acl: "private",
});
const logBucket = new aws.s3.Bucket("log_bucket", {bucket: "my-tf-log-bucket"});
const logBucketAcl = new aws.s3.BucketAcl("log_bucket_acl", {
bucket: logBucket.id,
acl: "log-delivery-write",
});
const exampleBucketLogging = new aws.s3.BucketLogging("example", {
bucket: example.id,
targetBucket: logBucket.id,
targetPrefix: "log/",
});
import pulumi
import pulumi_aws as aws
example = aws.s3.Bucket("example", bucket="my-tf-example-bucket")
example_bucket_acl = aws.s3.BucketAcl("example",
bucket=example.id,
acl="private")
log_bucket = aws.s3.Bucket("log_bucket", bucket="my-tf-log-bucket")
log_bucket_acl = aws.s3.BucketAcl("log_bucket_acl",
bucket=log_bucket.id,
acl="log-delivery-write")
example_bucket_logging = aws.s3.BucketLogging("example",
bucket=example.id,
target_bucket=log_bucket.id,
target_prefix="log/")
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/s3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := s3.NewBucket(ctx, "example", &s3.BucketArgs{
Bucket: pulumi.String("my-tf-example-bucket"),
})
if err != nil {
return err
}
_, err = s3.NewBucketAcl(ctx, "example", &s3.BucketAclArgs{
Bucket: example.ID(),
Acl: pulumi.String("private"),
})
if err != nil {
return err
}
logBucket, err := s3.NewBucket(ctx, "log_bucket", &s3.BucketArgs{
Bucket: pulumi.String("my-tf-log-bucket"),
})
if err != nil {
return err
}
_, err = s3.NewBucketAcl(ctx, "log_bucket_acl", &s3.BucketAclArgs{
Bucket: logBucket.ID(),
Acl: pulumi.String("log-delivery-write"),
})
if err != nil {
return err
}
_, err = s3.NewBucketLogging(ctx, "example", &s3.BucketLoggingArgs{
Bucket: example.ID(),
TargetBucket: logBucket.ID(),
TargetPrefix: pulumi.String("log/"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.S3.Bucket("example", new()
{
BucketName = "my-tf-example-bucket",
});
var exampleBucketAcl = new Aws.S3.BucketAcl("example", new()
{
Bucket = example.Id,
Acl = "private",
});
var logBucket = new Aws.S3.Bucket("log_bucket", new()
{
BucketName = "my-tf-log-bucket",
});
var logBucketAcl = new Aws.S3.BucketAcl("log_bucket_acl", new()
{
Bucket = logBucket.Id,
Acl = "log-delivery-write",
});
var exampleBucketLogging = new Aws.S3.BucketLogging("example", new()
{
Bucket = example.Id,
TargetBucket = logBucket.Id,
TargetPrefix = "log/",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.Bucket;
import com.pulumi.aws.s3.BucketArgs;
import com.pulumi.aws.s3.BucketAcl;
import com.pulumi.aws.s3.BucketAclArgs;
import com.pulumi.aws.s3.BucketLogging;
import com.pulumi.aws.s3.BucketLoggingArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Bucket("example", BucketArgs.builder()
.bucket("my-tf-example-bucket")
.build());
var exampleBucketAcl = new BucketAcl("exampleBucketAcl", BucketAclArgs.builder()
.bucket(example.id())
.acl("private")
.build());
var logBucket = new Bucket("logBucket", BucketArgs.builder()
.bucket("my-tf-log-bucket")
.build());
var logBucketAcl = new BucketAcl("logBucketAcl", BucketAclArgs.builder()
.bucket(logBucket.id())
.acl("log-delivery-write")
.build());
var exampleBucketLogging = new BucketLogging("exampleBucketLogging", BucketLoggingArgs.builder()
.bucket(example.id())
.targetBucket(logBucket.id())
.targetPrefix("log/")
.build());
}
}
resources:
example:
type: aws:s3:Bucket
properties:
bucket: my-tf-example-bucket
exampleBucketAcl:
type: aws:s3:BucketAcl
name: example
properties:
bucket: ${example.id}
acl: private
logBucket:
type: aws:s3:Bucket
name: log_bucket
properties:
bucket: my-tf-log-bucket
logBucketAcl:
type: aws:s3:BucketAcl
name: log_bucket_acl
properties:
bucket: ${logBucket.id}
acl: log-delivery-write
exampleBucketLogging:
type: aws:s3:BucketLogging
name: example
properties:
bucket: ${example.id}
targetBucket: ${logBucket.id}
targetPrefix: log/
Create BucketLogging Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new BucketLogging(name: string, args: BucketLoggingArgs, opts?: CustomResourceOptions);@overload
def BucketLogging(resource_name: str,
args: BucketLoggingInitArgs,
opts: Optional[ResourceOptions] = None)
@overload
def BucketLogging(resource_name: str,
opts: Optional[ResourceOptions] = None,
bucket: Optional[str] = None,
target_bucket: Optional[str] = None,
target_prefix: Optional[str] = None,
expected_bucket_owner: Optional[str] = None,
region: Optional[str] = None,
target_grants: Optional[Sequence[BucketLoggingTargetGrantArgs]] = None,
target_object_key_format: Optional[BucketLoggingTargetObjectKeyFormatArgs] = None)func NewBucketLogging(ctx *Context, name string, args BucketLoggingArgs, opts ...ResourceOption) (*BucketLogging, error)public BucketLogging(string name, BucketLoggingArgs args, CustomResourceOptions? opts = null)
public BucketLogging(String name, BucketLoggingArgs args)
public BucketLogging(String name, BucketLoggingArgs args, CustomResourceOptions options)
type: aws:s3:BucketLogging
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args BucketLoggingArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args BucketLoggingInitArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args BucketLoggingArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args BucketLoggingArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args BucketLoggingArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var bucketLoggingResource = new Aws.S3.BucketLogging("bucketLoggingResource", new()
{
Bucket = "string",
TargetBucket = "string",
TargetPrefix = "string",
ExpectedBucketOwner = "string",
Region = "string",
TargetGrants = new[]
{
new Aws.S3.Inputs.BucketLoggingTargetGrantArgs
{
Grantee = new Aws.S3.Inputs.BucketLoggingTargetGrantGranteeArgs
{
Type = "string",
EmailAddress = "string",
Id = "string",
Uri = "string",
},
Permission = "string",
},
},
TargetObjectKeyFormat = new Aws.S3.Inputs.BucketLoggingTargetObjectKeyFormatArgs
{
PartitionedPrefix = new Aws.S3.Inputs.BucketLoggingTargetObjectKeyFormatPartitionedPrefixArgs
{
PartitionDateSource = "string",
},
SimplePrefix = null,
},
});
example, err := s3.NewBucketLogging(ctx, "bucketLoggingResource", &s3.BucketLoggingArgs{
Bucket: pulumi.String("string"),
TargetBucket: pulumi.String("string"),
TargetPrefix: pulumi.String("string"),
ExpectedBucketOwner: pulumi.String("string"),
Region: pulumi.String("string"),
TargetGrants: s3.BucketLoggingTargetGrantArray{
&s3.BucketLoggingTargetGrantArgs{
Grantee: &s3.BucketLoggingTargetGrantGranteeArgs{
Type: pulumi.String("string"),
EmailAddress: pulumi.String("string"),
Id: pulumi.String("string"),
Uri: pulumi.String("string"),
},
Permission: pulumi.String("string"),
},
},
TargetObjectKeyFormat: &s3.BucketLoggingTargetObjectKeyFormatArgs{
PartitionedPrefix: &s3.BucketLoggingTargetObjectKeyFormatPartitionedPrefixArgs{
PartitionDateSource: pulumi.String("string"),
},
SimplePrefix: &s3.BucketLoggingTargetObjectKeyFormatSimplePrefixArgs{},
},
})
var bucketLoggingResource = new BucketLogging("bucketLoggingResource", BucketLoggingArgs.builder()
.bucket("string")
.targetBucket("string")
.targetPrefix("string")
.expectedBucketOwner("string")
.region("string")
.targetGrants(BucketLoggingTargetGrantArgs.builder()
.grantee(BucketLoggingTargetGrantGranteeArgs.builder()
.type("string")
.emailAddress("string")
.id("string")
.uri("string")
.build())
.permission("string")
.build())
.targetObjectKeyFormat(BucketLoggingTargetObjectKeyFormatArgs.builder()
.partitionedPrefix(BucketLoggingTargetObjectKeyFormatPartitionedPrefixArgs.builder()
.partitionDateSource("string")
.build())
.simplePrefix(BucketLoggingTargetObjectKeyFormatSimplePrefixArgs.builder()
.build())
.build())
.build());
bucket_logging_resource = aws.s3.BucketLogging("bucketLoggingResource",
bucket="string",
target_bucket="string",
target_prefix="string",
expected_bucket_owner="string",
region="string",
target_grants=[{
"grantee": {
"type": "string",
"email_address": "string",
"id": "string",
"uri": "string",
},
"permission": "string",
}],
target_object_key_format={
"partitioned_prefix": {
"partition_date_source": "string",
},
"simple_prefix": {},
})
const bucketLoggingResource = new aws.s3.BucketLogging("bucketLoggingResource", {
bucket: "string",
targetBucket: "string",
targetPrefix: "string",
expectedBucketOwner: "string",
region: "string",
targetGrants: [{
grantee: {
type: "string",
emailAddress: "string",
id: "string",
uri: "string",
},
permission: "string",
}],
targetObjectKeyFormat: {
partitionedPrefix: {
partitionDateSource: "string",
},
simplePrefix: {},
},
});
type: aws:s3:BucketLogging
properties:
bucket: string
expectedBucketOwner: string
region: string
targetBucket: string
targetGrants:
- grantee:
emailAddress: string
id: string
type: string
uri: string
permission: string
targetObjectKeyFormat:
partitionedPrefix:
partitionDateSource: string
simplePrefix: {}
targetPrefix: string
BucketLogging Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The BucketLogging resource accepts the following input properties:
- Bucket string
- Name of the bucket.
- Target
Bucket string - Name of the bucket where you want Amazon S3 to store server access logs.
- Target
Prefix string - Prefix for all log object keys.
- Expected
Bucket stringOwner - Account ID of the expected bucket owner.
- Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Target
Grants List<BucketLogging Target Grant> - Set of configuration blocks with information for granting permissions. See below.
- Target
Object BucketKey Format Logging Target Object Key Format - Amazon S3 key format for log objects. See below.
- Bucket string
- Name of the bucket.
- Target
Bucket string - Name of the bucket where you want Amazon S3 to store server access logs.
- Target
Prefix string - Prefix for all log object keys.
- Expected
Bucket stringOwner - Account ID of the expected bucket owner.
- Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Target
Grants []BucketLogging Target Grant Args - Set of configuration blocks with information for granting permissions. See below.
- Target
Object BucketKey Format Logging Target Object Key Format Args - Amazon S3 key format for log objects. See below.
- bucket String
- Name of the bucket.
- target
Bucket String - Name of the bucket where you want Amazon S3 to store server access logs.
- target
Prefix String - Prefix for all log object keys.
- expected
Bucket StringOwner - Account ID of the expected bucket owner.
- region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- target
Grants List<BucketLogging Target Grant> - Set of configuration blocks with information for granting permissions. See below.
- target
Object BucketKey Format Logging Target Object Key Format - Amazon S3 key format for log objects. See below.
- bucket string
- Name of the bucket.
- target
Bucket string - Name of the bucket where you want Amazon S3 to store server access logs.
- target
Prefix string - Prefix for all log object keys.
- expected
Bucket stringOwner - Account ID of the expected bucket owner.
- region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- target
Grants BucketLogging Target Grant[] - Set of configuration blocks with information for granting permissions. See below.
- target
Object BucketKey Format Logging Target Object Key Format - Amazon S3 key format for log objects. See below.
- bucket str
- Name of the bucket.
- target_
bucket str - Name of the bucket where you want Amazon S3 to store server access logs.
- target_
prefix str - Prefix for all log object keys.
- expected_
bucket_ strowner - Account ID of the expected bucket owner.
- region str
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- target_
grants Sequence[BucketLogging Target Grant Args] - Set of configuration blocks with information for granting permissions. See below.
- target_
object_ Bucketkey_ format Logging Target Object Key Format Args - Amazon S3 key format for log objects. See below.
- bucket String
- Name of the bucket.
- target
Bucket String - Name of the bucket where you want Amazon S3 to store server access logs.
- target
Prefix String - Prefix for all log object keys.
- expected
Bucket StringOwner - Account ID of the expected bucket owner.
- region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- target
Grants List<Property Map> - Set of configuration blocks with information for granting permissions. See below.
- target
Object Property MapKey Format - Amazon S3 key format for log objects. See below.
Outputs
All input properties are implicitly available as output properties. Additionally, the BucketLogging resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing BucketLogging Resource
Get an existing BucketLogging resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: BucketLoggingState, opts?: CustomResourceOptions): BucketLogging@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
bucket: Optional[str] = None,
expected_bucket_owner: Optional[str] = None,
region: Optional[str] = None,
target_bucket: Optional[str] = None,
target_grants: Optional[Sequence[BucketLoggingTargetGrantArgs]] = None,
target_object_key_format: Optional[BucketLoggingTargetObjectKeyFormatArgs] = None,
target_prefix: Optional[str] = None) -> BucketLoggingfunc GetBucketLogging(ctx *Context, name string, id IDInput, state *BucketLoggingState, opts ...ResourceOption) (*BucketLogging, error)public static BucketLogging Get(string name, Input<string> id, BucketLoggingState? state, CustomResourceOptions? opts = null)public static BucketLogging get(String name, Output<String> id, BucketLoggingState state, CustomResourceOptions options)resources: _: type: aws:s3:BucketLogging get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Bucket string
- Name of the bucket.
- Expected
Bucket stringOwner - Account ID of the expected bucket owner.
- Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Target
Bucket string - Name of the bucket where you want Amazon S3 to store server access logs.
- Target
Grants List<BucketLogging Target Grant> - Set of configuration blocks with information for granting permissions. See below.
- Target
Object BucketKey Format Logging Target Object Key Format - Amazon S3 key format for log objects. See below.
- Target
Prefix string - Prefix for all log object keys.
- Bucket string
- Name of the bucket.
- Expected
Bucket stringOwner - Account ID of the expected bucket owner.
- Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Target
Bucket string - Name of the bucket where you want Amazon S3 to store server access logs.
- Target
Grants []BucketLogging Target Grant Args - Set of configuration blocks with information for granting permissions. See below.
- Target
Object BucketKey Format Logging Target Object Key Format Args - Amazon S3 key format for log objects. See below.
- Target
Prefix string - Prefix for all log object keys.
- bucket String
- Name of the bucket.
- expected
Bucket StringOwner - Account ID of the expected bucket owner.
- region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- target
Bucket String - Name of the bucket where you want Amazon S3 to store server access logs.
- target
Grants List<BucketLogging Target Grant> - Set of configuration blocks with information for granting permissions. See below.
- target
Object BucketKey Format Logging Target Object Key Format - Amazon S3 key format for log objects. See below.
- target
Prefix String - Prefix for all log object keys.
- bucket string
- Name of the bucket.
- expected
Bucket stringOwner - Account ID of the expected bucket owner.
- region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- target
Bucket string - Name of the bucket where you want Amazon S3 to store server access logs.
- target
Grants BucketLogging Target Grant[] - Set of configuration blocks with information for granting permissions. See below.
- target
Object BucketKey Format Logging Target Object Key Format - Amazon S3 key format for log objects. See below.
- target
Prefix string - Prefix for all log object keys.
- bucket str
- Name of the bucket.
- expected_
bucket_ strowner - Account ID of the expected bucket owner.
- region str
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- target_
bucket str - Name of the bucket where you want Amazon S3 to store server access logs.
- target_
grants Sequence[BucketLogging Target Grant Args] - Set of configuration blocks with information for granting permissions. See below.
- target_
object_ Bucketkey_ format Logging Target Object Key Format Args - Amazon S3 key format for log objects. See below.
- target_
prefix str - Prefix for all log object keys.
- bucket String
- Name of the bucket.
- expected
Bucket StringOwner - Account ID of the expected bucket owner.
- region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- target
Bucket String - Name of the bucket where you want Amazon S3 to store server access logs.
- target
Grants List<Property Map> - Set of configuration blocks with information for granting permissions. See below.
- target
Object Property MapKey Format - Amazon S3 key format for log objects. See below.
- target
Prefix String - Prefix for all log object keys.
Supporting Types
BucketLoggingTargetGrant, BucketLoggingTargetGrantArgs
- Grantee
Bucket
Logging Target Grant Grantee - Configuration block for the person being granted permissions. See below.
- Permission string
- Logging permissions assigned to the grantee for the bucket. Valid values:
FULL_CONTROL,READ,WRITE.
- Grantee
Bucket
Logging Target Grant Grantee - Configuration block for the person being granted permissions. See below.
- Permission string
- Logging permissions assigned to the grantee for the bucket. Valid values:
FULL_CONTROL,READ,WRITE.
- grantee
Bucket
Logging Target Grant Grantee - Configuration block for the person being granted permissions. See below.
- permission String
- Logging permissions assigned to the grantee for the bucket. Valid values:
FULL_CONTROL,READ,WRITE.
- grantee
Bucket
Logging Target Grant Grantee - Configuration block for the person being granted permissions. See below.
- permission string
- Logging permissions assigned to the grantee for the bucket. Valid values:
FULL_CONTROL,READ,WRITE.
- grantee
Bucket
Logging Target Grant Grantee - Configuration block for the person being granted permissions. See below.
- permission str
- Logging permissions assigned to the grantee for the bucket. Valid values:
FULL_CONTROL,READ,WRITE.
- grantee Property Map
- Configuration block for the person being granted permissions. See below.
- permission String
- Logging permissions assigned to the grantee for the bucket. Valid values:
FULL_CONTROL,READ,WRITE.
BucketLoggingTargetGrantGrantee, BucketLoggingTargetGrantGranteeArgs
- Type string
- Type of grantee. Valid values:
CanonicalUser,AmazonCustomerByEmail,Group. - Display
Name string - Email
Address string - Email address of the grantee. See Regions and Endpoints for supported AWS regions where this argument can be specified.
- Id string
- Canonical user ID of the grantee.
- Uri string
- URI of the grantee group.
- Type string
- Type of grantee. Valid values:
CanonicalUser,AmazonCustomerByEmail,Group. - Display
Name string - Email
Address string - Email address of the grantee. See Regions and Endpoints for supported AWS regions where this argument can be specified.
- Id string
- Canonical user ID of the grantee.
- Uri string
- URI of the grantee group.
- type String
- Type of grantee. Valid values:
CanonicalUser,AmazonCustomerByEmail,Group. - display
Name String - email
Address String - Email address of the grantee. See Regions and Endpoints for supported AWS regions where this argument can be specified.
- id String
- Canonical user ID of the grantee.
- uri String
- URI of the grantee group.
- type string
- Type of grantee. Valid values:
CanonicalUser,AmazonCustomerByEmail,Group. - display
Name string - email
Address string - Email address of the grantee. See Regions and Endpoints for supported AWS regions where this argument can be specified.
- id string
- Canonical user ID of the grantee.
- uri string
- URI of the grantee group.
- type str
- Type of grantee. Valid values:
CanonicalUser,AmazonCustomerByEmail,Group. - display_
name str - email_
address str - Email address of the grantee. See Regions and Endpoints for supported AWS regions where this argument can be specified.
- id str
- Canonical user ID of the grantee.
- uri str
- URI of the grantee group.
- type String
- Type of grantee. Valid values:
CanonicalUser,AmazonCustomerByEmail,Group. - display
Name String - email
Address String - Email address of the grantee. See Regions and Endpoints for supported AWS regions where this argument can be specified.
- id String
- Canonical user ID of the grantee.
- uri String
- URI of the grantee group.
BucketLoggingTargetObjectKeyFormat, BucketLoggingTargetObjectKeyFormatArgs
- Partitioned
Prefix BucketLogging Target Object Key Format Partitioned Prefix - Partitioned S3 key for log objects, in the form
<span pulumi-lang-nodejs="[targetPrefix]" pulumi-lang-dotnet="[TargetPrefix]" pulumi-lang-go="[targetPrefix]" pulumi-lang-python="[target_prefix]" pulumi-lang-yaml="[targetPrefix]" pulumi-lang-java="[targetPrefix]">[target_prefix]</span>[SourceAccountId]/[SourceRegion]/[SourceBucket]/[YYYY]/[MM]/[DD]/[YYYY]-[MM]-[DD]-[hh]-[mm]-[ss]-[UniqueString]. Conflicts withsimple_prefix. See below. - Simple
Prefix BucketLogging Target Object Key Format Simple Prefix - Use the simple format for S3 keys for log objects, in the form
<span pulumi-lang-nodejs="[targetPrefix]" pulumi-lang-dotnet="[TargetPrefix]" pulumi-lang-go="[targetPrefix]" pulumi-lang-python="[target_prefix]" pulumi-lang-yaml="[targetPrefix]" pulumi-lang-java="[targetPrefix]">[target_prefix]</span>[YYYY]-[MM]-[DD]-[hh]-[mm]-[ss]-[UniqueString]. To use, setsimple_prefix </span>{}. Conflicts withpartitioned_prefix.
- Partitioned
Prefix BucketLogging Target Object Key Format Partitioned Prefix - Partitioned S3 key for log objects, in the form
<span pulumi-lang-nodejs="[targetPrefix]" pulumi-lang-dotnet="[TargetPrefix]" pulumi-lang-go="[targetPrefix]" pulumi-lang-python="[target_prefix]" pulumi-lang-yaml="[targetPrefix]" pulumi-lang-java="[targetPrefix]">[target_prefix]</span>[SourceAccountId]/[SourceRegion]/[SourceBucket]/[YYYY]/[MM]/[DD]/[YYYY]-[MM]-[DD]-[hh]-[mm]-[ss]-[UniqueString]. Conflicts withsimple_prefix. See below. - Simple
Prefix BucketLogging Target Object Key Format Simple Prefix - Use the simple format for S3 keys for log objects, in the form
<span pulumi-lang-nodejs="[targetPrefix]" pulumi-lang-dotnet="[TargetPrefix]" pulumi-lang-go="[targetPrefix]" pulumi-lang-python="[target_prefix]" pulumi-lang-yaml="[targetPrefix]" pulumi-lang-java="[targetPrefix]">[target_prefix]</span>[YYYY]-[MM]-[DD]-[hh]-[mm]-[ss]-[UniqueString]. To use, setsimple_prefix </span>{}. Conflicts withpartitioned_prefix.
- partitioned
Prefix BucketLogging Target Object Key Format Partitioned Prefix - Partitioned S3 key for log objects, in the form
<span pulumi-lang-nodejs="[targetPrefix]" pulumi-lang-dotnet="[TargetPrefix]" pulumi-lang-go="[targetPrefix]" pulumi-lang-python="[target_prefix]" pulumi-lang-yaml="[targetPrefix]" pulumi-lang-java="[targetPrefix]">[target_prefix]</span>[SourceAccountId]/[SourceRegion]/[SourceBucket]/[YYYY]/[MM]/[DD]/[YYYY]-[MM]-[DD]-[hh]-[mm]-[ss]-[UniqueString]. Conflicts withsimple_prefix. See below. - simple
Prefix BucketLogging Target Object Key Format Simple Prefix - Use the simple format for S3 keys for log objects, in the form
<span pulumi-lang-nodejs="[targetPrefix]" pulumi-lang-dotnet="[TargetPrefix]" pulumi-lang-go="[targetPrefix]" pulumi-lang-python="[target_prefix]" pulumi-lang-yaml="[targetPrefix]" pulumi-lang-java="[targetPrefix]">[target_prefix]</span>[YYYY]-[MM]-[DD]-[hh]-[mm]-[ss]-[UniqueString]. To use, setsimple_prefix </span>{}. Conflicts withpartitioned_prefix.
- partitioned
Prefix BucketLogging Target Object Key Format Partitioned Prefix - Partitioned S3 key for log objects, in the form
<span pulumi-lang-nodejs="[targetPrefix]" pulumi-lang-dotnet="[TargetPrefix]" pulumi-lang-go="[targetPrefix]" pulumi-lang-python="[target_prefix]" pulumi-lang-yaml="[targetPrefix]" pulumi-lang-java="[targetPrefix]">[target_prefix]</span>[SourceAccountId]/[SourceRegion]/[SourceBucket]/[YYYY]/[MM]/[DD]/[YYYY]-[MM]-[DD]-[hh]-[mm]-[ss]-[UniqueString]. Conflicts withsimple_prefix. See below. - simple
Prefix BucketLogging Target Object Key Format Simple Prefix - Use the simple format for S3 keys for log objects, in the form
<span pulumi-lang-nodejs="[targetPrefix]" pulumi-lang-dotnet="[TargetPrefix]" pulumi-lang-go="[targetPrefix]" pulumi-lang-python="[target_prefix]" pulumi-lang-yaml="[targetPrefix]" pulumi-lang-java="[targetPrefix]">[target_prefix]</span>[YYYY]-[MM]-[DD]-[hh]-[mm]-[ss]-[UniqueString]. To use, setsimple_prefix </span>{}. Conflicts withpartitioned_prefix.
- partitioned_
prefix BucketLogging Target Object Key Format Partitioned Prefix - Partitioned S3 key for log objects, in the form
<span pulumi-lang-nodejs="[targetPrefix]" pulumi-lang-dotnet="[TargetPrefix]" pulumi-lang-go="[targetPrefix]" pulumi-lang-python="[target_prefix]" pulumi-lang-yaml="[targetPrefix]" pulumi-lang-java="[targetPrefix]">[target_prefix]</span>[SourceAccountId]/[SourceRegion]/[SourceBucket]/[YYYY]/[MM]/[DD]/[YYYY]-[MM]-[DD]-[hh]-[mm]-[ss]-[UniqueString]. Conflicts withsimple_prefix. See below. - simple_
prefix BucketLogging Target Object Key Format Simple Prefix - Use the simple format for S3 keys for log objects, in the form
<span pulumi-lang-nodejs="[targetPrefix]" pulumi-lang-dotnet="[TargetPrefix]" pulumi-lang-go="[targetPrefix]" pulumi-lang-python="[target_prefix]" pulumi-lang-yaml="[targetPrefix]" pulumi-lang-java="[targetPrefix]">[target_prefix]</span>[YYYY]-[MM]-[DD]-[hh]-[mm]-[ss]-[UniqueString]. To use, setsimple_prefix </span>{}. Conflicts withpartitioned_prefix.
- partitioned
Prefix Property Map - Partitioned S3 key for log objects, in the form
<span pulumi-lang-nodejs="[targetPrefix]" pulumi-lang-dotnet="[TargetPrefix]" pulumi-lang-go="[targetPrefix]" pulumi-lang-python="[target_prefix]" pulumi-lang-yaml="[targetPrefix]" pulumi-lang-java="[targetPrefix]">[target_prefix]</span>[SourceAccountId]/[SourceRegion]/[SourceBucket]/[YYYY]/[MM]/[DD]/[YYYY]-[MM]-[DD]-[hh]-[mm]-[ss]-[UniqueString]. Conflicts withsimple_prefix. See below. - simple
Prefix Property Map - Use the simple format for S3 keys for log objects, in the form
<span pulumi-lang-nodejs="[targetPrefix]" pulumi-lang-dotnet="[TargetPrefix]" pulumi-lang-go="[targetPrefix]" pulumi-lang-python="[target_prefix]" pulumi-lang-yaml="[targetPrefix]" pulumi-lang-java="[targetPrefix]">[target_prefix]</span>[YYYY]-[MM]-[DD]-[hh]-[mm]-[ss]-[UniqueString]. To use, setsimple_prefix </span>{}. Conflicts withpartitioned_prefix.
BucketLoggingTargetObjectKeyFormatPartitionedPrefix, BucketLoggingTargetObjectKeyFormatPartitionedPrefixArgs
- Partition
Date stringSource - Specifies the partition date source for the partitioned prefix. Valid values:
EventTime,DeliveryTime.
- Partition
Date stringSource - Specifies the partition date source for the partitioned prefix. Valid values:
EventTime,DeliveryTime.
- partition
Date StringSource - Specifies the partition date source for the partitioned prefix. Valid values:
EventTime,DeliveryTime.
- partition
Date stringSource - Specifies the partition date source for the partitioned prefix. Valid values:
EventTime,DeliveryTime.
- partition_
date_ strsource - Specifies the partition date source for the partitioned prefix. Valid values:
EventTime,DeliveryTime.
- partition
Date StringSource - Specifies the partition date source for the partitioned prefix. Valid values:
EventTime,DeliveryTime.
Import
Identity Schema
Required
bucket(String) S3 bucket name.
Optional
account_id(String) AWS Account where this resource is managed.expected_bucket_owner(String) Account ID of the expected bucket owner.region(String) Region where this resource is managed.
If the owner (account ID) of the source bucket differs from the account used to configure the AWS Provider, import using the bucket and expected_bucket_owner separated by a comma (,):
terraform
import {
to = aws_s3_bucket_logging.example
id = “bucket-name,123456789012”
}
Using pulumi import to import S3 bucket logging using the bucket or using the bucket and expected_bucket_owner separated by a comma (,). For example:
If the owner (account ID) of the source bucket is the same account used to configure the AWS Provider, import using the bucket:
console
% pulumi import aws_s3_bucket_logging.example bucket-name
If the owner (account ID) of the source bucket differs from the account used to configure the AWS Provider, import using the bucket and expected_bucket_owner separated by a comma (,):
console
% pulumi import aws_s3_bucket_logging.example bucket-name,123456789012
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.
