Docs
PackagesTry AWS Native preview for resources not in the classic version.
aws.s3control.MultiRegionAccessPointPolicy
Explore with Pulumi AI
Try AWS Native preview for resources not in the classic version.
Provides a resource to manage an S3 Multi-Region Access Point access control policy.
Example Usage
Basic Example
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var currentCallerIdentity = Aws.GetCallerIdentity.Invoke();
var currentPartition = Aws.GetPartition.Invoke();
var fooBucket = new Aws.S3.BucketV2("fooBucket");
var exampleMultiRegionAccessPoint = new Aws.S3Control.MultiRegionAccessPoint("exampleMultiRegionAccessPoint", new()
{
Details = new Aws.S3Control.Inputs.MultiRegionAccessPointDetailsArgs
{
Name = "example",
Regions = new[]
{
new Aws.S3Control.Inputs.MultiRegionAccessPointDetailsRegionArgs
{
Bucket = fooBucket.Id,
},
},
},
});
var exampleMultiRegionAccessPointPolicy = new Aws.S3Control.MultiRegionAccessPointPolicy("exampleMultiRegionAccessPointPolicy", new()
{
Details = new Aws.S3Control.Inputs.MultiRegionAccessPointPolicyDetailsArgs
{
Name = exampleMultiRegionAccessPoint.Id.Apply(id => id.Split(":"))[1],
Policy = Output.Tuple(currentCallerIdentity, currentPartition, currentCallerIdentity, exampleMultiRegionAccessPoint.Alias).Apply(values =>
{
var currentCallerIdentity = values.Item1;
var currentPartition = values.Item2;
var currentCallerIdentity1 = values.Item3;
var @alias = values.Item4;
return JsonSerializer.Serialize(new Dictionary<string, object?>
{
["Version"] = "2012-10-17",
["Statement"] = new[]
{
new Dictionary<string, object?>
{
["Sid"] = "Example",
["Effect"] = "Allow",
["Principal"] = new Dictionary<string, object?>
{
["AWS"] = currentCallerIdentity.Apply(getCallerIdentityResult => getCallerIdentityResult.AccountId),
},
["Action"] = new[]
{
"s3:GetObject",
"s3:PutObject",
},
["Resource"] = $"arn:{currentPartition.Apply(getPartitionResult => getPartitionResult.Partition)}:s3::{currentCallerIdentity1.AccountId}:accesspoint/{@alias}/object/*",
},
},
});
}),
},
});
});
Coming soon!
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.AwsFunctions;
import com.pulumi.aws.s3.BucketV2;
import com.pulumi.aws.s3control.MultiRegionAccessPoint;
import com.pulumi.aws.s3control.MultiRegionAccessPointArgs;
import com.pulumi.aws.s3control.inputs.MultiRegionAccessPointDetailsArgs;
import com.pulumi.aws.s3control.MultiRegionAccessPointPolicy;
import com.pulumi.aws.s3control.MultiRegionAccessPointPolicyArgs;
import com.pulumi.aws.s3control.inputs.MultiRegionAccessPointPolicyDetailsArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var currentCallerIdentity = AwsFunctions.getCallerIdentity();
final var currentPartition = AwsFunctions.getPartition();
var fooBucket = new BucketV2("fooBucket");
var exampleMultiRegionAccessPoint = new MultiRegionAccessPoint("exampleMultiRegionAccessPoint", MultiRegionAccessPointArgs.builder()
.details(MultiRegionAccessPointDetailsArgs.builder()
.name("example")
.regions(MultiRegionAccessPointDetailsRegionArgs.builder()
.bucket(fooBucket.id())
.build())
.build())
.build());
var exampleMultiRegionAccessPointPolicy = new MultiRegionAccessPointPolicy("exampleMultiRegionAccessPointPolicy", MultiRegionAccessPointPolicyArgs.builder()
.details(MultiRegionAccessPointPolicyDetailsArgs.builder()
.name(exampleMultiRegionAccessPoint.id().applyValue(id -> id.split(":"))[1])
.policy(exampleMultiRegionAccessPoint.alias().applyValue(alias -> serializeJson(
jsonObject(
jsonProperty("Version", "2012-10-17"),
jsonProperty("Statement", jsonArray(jsonObject(
jsonProperty("Sid", "Example"),
jsonProperty("Effect", "Allow"),
jsonProperty("Principal", jsonObject(
jsonProperty("AWS", currentCallerIdentity.applyValue(getCallerIdentityResult -> getCallerIdentityResult.accountId()))
)),
jsonProperty("Action", jsonArray(
"s3:GetObject",
"s3:PutObject"
)),
jsonProperty("Resource", String.format("arn:%s:s3::%s:accesspoint/%s/object/*", currentPartition.applyValue(getPartitionResult -> getPartitionResult.partition()),currentCallerIdentity.applyValue(getCallerIdentityResult -> getCallerIdentityResult.accountId()),alias))
)))
))))
.build())
.build());
}
}
import pulumi
import json
import pulumi_aws as aws
current_caller_identity = aws.get_caller_identity()
current_partition = aws.get_partition()
foo_bucket = aws.s3.BucketV2("fooBucket")
example_multi_region_access_point = aws.s3control.MultiRegionAccessPoint("exampleMultiRegionAccessPoint", details=aws.s3control.MultiRegionAccessPointDetailsArgs(
name="example",
regions=[aws.s3control.MultiRegionAccessPointDetailsRegionArgs(
bucket=foo_bucket.id,
)],
))
example_multi_region_access_point_policy = aws.s3control.MultiRegionAccessPointPolicy("exampleMultiRegionAccessPointPolicy", details=aws.s3control.MultiRegionAccessPointPolicyDetailsArgs(
name=example_multi_region_access_point.id.apply(lambda id: id.split(":"))[1],
policy=example_multi_region_access_point.alias.apply(lambda alias: json.dumps({
"Version": "2012-10-17",
"Statement": [{
"Sid": "Example",
"Effect": "Allow",
"Principal": {
"AWS": current_caller_identity.account_id,
},
"Action": [
"s3:GetObject",
"s3:PutObject",
],
"Resource": f"arn:{current_partition.partition}:s3::{current_caller_identity.account_id}:accesspoint/{alias}/object/*",
}],
})),
))
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const currentCallerIdentity = aws.getCallerIdentity({});
const currentPartition = aws.getPartition({});
const fooBucket = new aws.s3.BucketV2("fooBucket", {});
const exampleMultiRegionAccessPoint = new aws.s3control.MultiRegionAccessPoint("exampleMultiRegionAccessPoint", {details: {
name: "example",
regions: [{
bucket: fooBucket.id,
}],
}});
const exampleMultiRegionAccessPointPolicy = new aws.s3control.MultiRegionAccessPointPolicy("exampleMultiRegionAccessPointPolicy", {details: {
name: exampleMultiRegionAccessPoint.id.apply(id => id.split(":"))[1],
policy: pulumi.all([currentCallerIdentity, currentPartition, currentCallerIdentity, exampleMultiRegionAccessPoint.alias]).apply(([currentCallerIdentity, currentPartition, currentCallerIdentity1, alias]) => JSON.stringify({
Version: "2012-10-17",
Statement: [{
Sid: "Example",
Effect: "Allow",
Principal: {
AWS: currentCallerIdentity.accountId,
},
Action: [
"s3:GetObject",
"s3:PutObject",
],
Resource: `arn:${currentPartition.partition}:s3::${currentCallerIdentity1.accountId}:accesspoint/${alias}/object/*`,
}],
})),
}});
resources:
fooBucket:
type: aws:s3:BucketV2
exampleMultiRegionAccessPoint:
type: aws:s3control:MultiRegionAccessPoint
properties:
details:
name: example
regions:
- bucket: ${fooBucket.id}
exampleMultiRegionAccessPointPolicy:
type: aws:s3control:MultiRegionAccessPointPolicy
properties:
details:
name:
fn::select:
- 1
- fn::split:
- ${exampleMultiRegionAccessPoint.id}
- ':'
policy:
fn::toJSON:
Version: 2012-10-17
Statement:
- Sid: Example
Effect: Allow
Principal:
AWS: ${currentCallerIdentity.accountId}
Action:
- s3:GetObject
- s3:PutObject
Resource: arn:${currentPartition.partition}:s3::${currentCallerIdentity.accountId}:accesspoint/${exampleMultiRegionAccessPoint.alias}/object/*
variables:
currentCallerIdentity:
fn::invoke:
Function: aws:getCallerIdentity
Arguments: {}
currentPartition:
fn::invoke:
Function: aws:getPartition
Arguments: {}
Create MultiRegionAccessPointPolicy Resource
new MultiRegionAccessPointPolicy(name: string, args: MultiRegionAccessPointPolicyArgs, opts?: CustomResourceOptions);@overload
def MultiRegionAccessPointPolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
account_id: Optional[str] = None,
details: Optional[MultiRegionAccessPointPolicyDetailsArgs] = None)
@overload
def MultiRegionAccessPointPolicy(resource_name: str,
args: MultiRegionAccessPointPolicyArgs,
opts: Optional[ResourceOptions] = None)func NewMultiRegionAccessPointPolicy(ctx *Context, name string, args MultiRegionAccessPointPolicyArgs, opts ...ResourceOption) (*MultiRegionAccessPointPolicy, error)public MultiRegionAccessPointPolicy(string name, MultiRegionAccessPointPolicyArgs args, CustomResourceOptions? opts = null)
public MultiRegionAccessPointPolicy(String name, MultiRegionAccessPointPolicyArgs args)
public MultiRegionAccessPointPolicy(String name, MultiRegionAccessPointPolicyArgs args, CustomResourceOptions options)
type: aws:s3control:MultiRegionAccessPointPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args MultiRegionAccessPointPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args MultiRegionAccessPointPolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args MultiRegionAccessPointPolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args MultiRegionAccessPointPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args MultiRegionAccessPointPolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
MultiRegionAccessPointPolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The MultiRegionAccessPointPolicy resource accepts the following input properties:
- Details
Multi
Region Access Point Policy Details Args A configuration block containing details about the policy for the Multi-Region Access Point. See Details Configuration Block below for more details
- Account
Id string The AWS account ID for the owner of the Multi-Region Access Point. Defaults to automatically determined account ID of the AWS provider.
- Details
Multi
Region Access Point Policy Details Args A configuration block containing details about the policy for the Multi-Region Access Point. See Details Configuration Block below for more details
- Account
Id string The AWS account ID for the owner of the Multi-Region Access Point. Defaults to automatically determined account ID of the AWS provider.
- details
Multi
Region Access Point Policy Details Args A configuration block containing details about the policy for the Multi-Region Access Point. See Details Configuration Block below for more details
- account
Id String The AWS account ID for the owner of the Multi-Region Access Point. Defaults to automatically determined account ID of the AWS provider.
- details
Multi
Region Access Point Policy Details Args A configuration block containing details about the policy for the Multi-Region Access Point. See Details Configuration Block below for more details
- account
Id string The AWS account ID for the owner of the Multi-Region Access Point. Defaults to automatically determined account ID of the AWS provider.
- details
Multi
Region Access Point Policy Details Args A configuration block containing details about the policy for the Multi-Region Access Point. See Details Configuration Block below for more details
- account_
id str The AWS account ID for the owner of the Multi-Region Access Point. Defaults to automatically determined account ID of the AWS provider.
- details Property Map
A configuration block containing details about the policy for the Multi-Region Access Point. See Details Configuration Block below for more details
- account
Id String The AWS account ID for the owner of the Multi-Region Access Point. Defaults to automatically determined account ID of the AWS provider.
Outputs
All input properties are implicitly available as output properties. Additionally, the MultiRegionAccessPointPolicy resource produces the following output properties:
- Established string
The last established policy for the Multi-Region Access Point.
- Id string
The provider-assigned unique ID for this managed resource.
- Proposed string
The proposed policy for the Multi-Region Access Point.
- Established string
The last established policy for the Multi-Region Access Point.
- Id string
The provider-assigned unique ID for this managed resource.
- Proposed string
The proposed policy for the Multi-Region Access Point.
- established String
The last established policy for the Multi-Region Access Point.
- id String
The provider-assigned unique ID for this managed resource.
- proposed String
The proposed policy for the Multi-Region Access Point.
- established string
The last established policy for the Multi-Region Access Point.
- id string
The provider-assigned unique ID for this managed resource.
- proposed string
The proposed policy for the Multi-Region Access Point.
- established str
The last established policy for the Multi-Region Access Point.
- id str
The provider-assigned unique ID for this managed resource.
- proposed str
The proposed policy for the Multi-Region Access Point.
- established String
The last established policy for the Multi-Region Access Point.
- id String
The provider-assigned unique ID for this managed resource.
- proposed String
The proposed policy for the Multi-Region Access Point.
Look up Existing MultiRegionAccessPointPolicy Resource
Get an existing MultiRegionAccessPointPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: MultiRegionAccessPointPolicyState, opts?: CustomResourceOptions): MultiRegionAccessPointPolicy@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
account_id: Optional[str] = None,
details: Optional[MultiRegionAccessPointPolicyDetailsArgs] = None,
established: Optional[str] = None,
proposed: Optional[str] = None) -> MultiRegionAccessPointPolicyfunc GetMultiRegionAccessPointPolicy(ctx *Context, name string, id IDInput, state *MultiRegionAccessPointPolicyState, opts ...ResourceOption) (*MultiRegionAccessPointPolicy, error)public static MultiRegionAccessPointPolicy Get(string name, Input<string> id, MultiRegionAccessPointPolicyState? state, CustomResourceOptions? opts = null)public static MultiRegionAccessPointPolicy get(String name, Output<String> id, MultiRegionAccessPointPolicyState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Account
Id string The AWS account ID for the owner of the Multi-Region Access Point. Defaults to automatically determined account ID of the AWS provider.
- Details
Multi
Region Access Point Policy Details Args A configuration block containing details about the policy for the Multi-Region Access Point. See Details Configuration Block below for more details
- Established string
The last established policy for the Multi-Region Access Point.
- Proposed string
The proposed policy for the Multi-Region Access Point.
- Account
Id string The AWS account ID for the owner of the Multi-Region Access Point. Defaults to automatically determined account ID of the AWS provider.
- Details
Multi
Region Access Point Policy Details Args A configuration block containing details about the policy for the Multi-Region Access Point. See Details Configuration Block below for more details
- Established string
The last established policy for the Multi-Region Access Point.
- Proposed string
The proposed policy for the Multi-Region Access Point.
- account
Id String The AWS account ID for the owner of the Multi-Region Access Point. Defaults to automatically determined account ID of the AWS provider.
- details
Multi
Region Access Point Policy Details Args A configuration block containing details about the policy for the Multi-Region Access Point. See Details Configuration Block below for more details
- established String
The last established policy for the Multi-Region Access Point.
- proposed String
The proposed policy for the Multi-Region Access Point.
- account
Id string The AWS account ID for the owner of the Multi-Region Access Point. Defaults to automatically determined account ID of the AWS provider.
- details
Multi
Region Access Point Policy Details Args A configuration block containing details about the policy for the Multi-Region Access Point. See Details Configuration Block below for more details
- established string
The last established policy for the Multi-Region Access Point.
- proposed string
The proposed policy for the Multi-Region Access Point.
- account_
id str The AWS account ID for the owner of the Multi-Region Access Point. Defaults to automatically determined account ID of the AWS provider.
- details
Multi
Region Access Point Policy Details Args A configuration block containing details about the policy for the Multi-Region Access Point. See Details Configuration Block below for more details
- established str
The last established policy for the Multi-Region Access Point.
- proposed str
The proposed policy for the Multi-Region Access Point.
- account
Id String The AWS account ID for the owner of the Multi-Region Access Point. Defaults to automatically determined account ID of the AWS provider.
- details Property Map
A configuration block containing details about the policy for the Multi-Region Access Point. See Details Configuration Block below for more details
- established String
The last established policy for the Multi-Region Access Point.
- proposed String
The proposed policy for the Multi-Region Access Point.
Supporting Types
MultiRegionAccessPointPolicyDetails
- Name string
The name of the Multi-Region Access Point.
- Policy string
A valid JSON document that specifies the policy that you want to associate with this Multi-Region Access Point. Once applied, the policy can be edited, but not deleted. For more information, see the documentation on Multi-Region Access Point Permissions.
- Name string
The name of the Multi-Region Access Point.
- Policy string
A valid JSON document that specifies the policy that you want to associate with this Multi-Region Access Point. Once applied, the policy can be edited, but not deleted. For more information, see the documentation on Multi-Region Access Point Permissions.
- name String
The name of the Multi-Region Access Point.
- policy String
A valid JSON document that specifies the policy that you want to associate with this Multi-Region Access Point. Once applied, the policy can be edited, but not deleted. For more information, see the documentation on Multi-Region Access Point Permissions.
- name string
The name of the Multi-Region Access Point.
- policy string
A valid JSON document that specifies the policy that you want to associate with this Multi-Region Access Point. Once applied, the policy can be edited, but not deleted. For more information, see the documentation on Multi-Region Access Point Permissions.
- name str
The name of the Multi-Region Access Point.
- policy str
A valid JSON document that specifies the policy that you want to associate with this Multi-Region Access Point. Once applied, the policy can be edited, but not deleted. For more information, see the documentation on Multi-Region Access Point Permissions.
- name String
The name of the Multi-Region Access Point.
- policy String
A valid JSON document that specifies the policy that you want to associate with this Multi-Region Access Point. Once applied, the policy can be edited, but not deleted. For more information, see the documentation on Multi-Region Access Point Permissions.
Import
Multi-Region Access Point Policies can be imported using the account_id and name of the Multi-Region Access Point separated by a colon (:), e.g.
$ pulumi import aws:s3control/multiRegionAccessPointPolicy:MultiRegionAccessPointPolicy example 123456789012:example
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
awsTerraform Provider.
Try AWS Native preview for resources not in the classic version.