Viewing docs for CoreWeave v1.0.1
published on Monday, May 18, 2026 by Pulumi
published on Monday, May 18, 2026 by Pulumi
Viewing docs for CoreWeave v1.0.1
published on Monday, May 18, 2026 by Pulumi
published on Monday, May 18, 2026 by Pulumi
Organization access policies enforce permissions for AI Object Storage across your entire CoreWeave organization, automatically covering every resource, bucket, and user in your account. At least one organization access policy must be in place before you can create a bucket.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as coreweave from "@pulumi/coreweave";
const test = new coreweave.ObjectStorageOrganizationAccessPolicy("test", {
name: "full-s3-api-access",
statements: [{
name: "allow-full-s3-api-access-to-all",
effect: "Allow",
resources: ["*"],
principals: ["*"],
actions: [
"s3:*",
"cwobject:*",
],
}],
});
import pulumi
import pulumi_coreweave as coreweave
test = coreweave.ObjectStorageOrganizationAccessPolicy("test",
name="full-s3-api-access",
statements=[{
"name": "allow-full-s3-api-access-to-all",
"effect": "Allow",
"resources": ["*"],
"principals": ["*"],
"actions": [
"s3:*",
"cwobject:*",
],
}])
package main
import (
"github.com/pulumi/pulumi-coreweave/sdk/go/coreweave"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := coreweave.NewObjectStorageOrganizationAccessPolicy(ctx, "test", &coreweave.ObjectStorageOrganizationAccessPolicyArgs{
Name: pulumi.String("full-s3-api-access"),
Statements: coreweave.ObjectStorageOrganizationAccessPolicyStatementArray{
&coreweave.ObjectStorageOrganizationAccessPolicyStatementArgs{
Name: pulumi.String("allow-full-s3-api-access-to-all"),
Effect: pulumi.String("Allow"),
Resources: pulumi.StringArray{
pulumi.String("*"),
},
Principals: pulumi.StringArray{
pulumi.String("*"),
},
Actions: pulumi.StringArray{
pulumi.String("s3:*"),
pulumi.String("cwobject:*"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using CoreWeave = Pulumi.CoreWeave;
return await Deployment.RunAsync(() =>
{
var test = new CoreWeave.ObjectStorageOrganizationAccessPolicy("test", new()
{
Name = "full-s3-api-access",
Statements = new[]
{
new CoreWeave.Inputs.ObjectStorageOrganizationAccessPolicyStatementArgs
{
Name = "allow-full-s3-api-access-to-all",
Effect = "Allow",
Resources = new[]
{
"*",
},
Principals = new[]
{
"*",
},
Actions = new[]
{
"s3:*",
"cwobject:*",
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.coreweave.ObjectStorageOrganizationAccessPolicy;
import com.pulumi.coreweave.ObjectStorageOrganizationAccessPolicyArgs;
import com.pulumi.coreweave.inputs.ObjectStorageOrganizationAccessPolicyStatementArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var test = new ObjectStorageOrganizationAccessPolicy("test", ObjectStorageOrganizationAccessPolicyArgs.builder()
.name("full-s3-api-access")
.statements(ObjectStorageOrganizationAccessPolicyStatementArgs.builder()
.name("allow-full-s3-api-access-to-all")
.effect("Allow")
.resources("*")
.principals("*")
.actions(
"s3:*",
"cwobject:*")
.build())
.build());
}
}
resources:
test:
type: coreweave:ObjectStorageOrganizationAccessPolicy
properties:
name: full-s3-api-access
statements:
- name: allow-full-s3-api-access-to-all
effect: Allow
resources:
- '*'
principals:
- '*'
actions:
- s3:*
- cwobject:*
Example coming soon!
Create ObjectStorageOrganizationAccessPolicy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ObjectStorageOrganizationAccessPolicy(name: string, args: ObjectStorageOrganizationAccessPolicyArgs, opts?: CustomResourceOptions);@overload
def ObjectStorageOrganizationAccessPolicy(resource_name: str,
args: ObjectStorageOrganizationAccessPolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ObjectStorageOrganizationAccessPolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
statements: Optional[Sequence[ObjectStorageOrganizationAccessPolicyStatementArgs]] = None,
name: Optional[str] = None)func NewObjectStorageOrganizationAccessPolicy(ctx *Context, name string, args ObjectStorageOrganizationAccessPolicyArgs, opts ...ResourceOption) (*ObjectStorageOrganizationAccessPolicy, error)public ObjectStorageOrganizationAccessPolicy(string name, ObjectStorageOrganizationAccessPolicyArgs args, CustomResourceOptions? opts = null)
public ObjectStorageOrganizationAccessPolicy(String name, ObjectStorageOrganizationAccessPolicyArgs args)
public ObjectStorageOrganizationAccessPolicy(String name, ObjectStorageOrganizationAccessPolicyArgs args, CustomResourceOptions options)
type: coreweave:ObjectStorageOrganizationAccessPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
resource "coreweave_objectstorageorganizationaccesspolicy" "name" {
# resource properties
}Parameters
- name string
- The unique name of the resource.
- args ObjectStorageOrganizationAccessPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ObjectStorageOrganizationAccessPolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ObjectStorageOrganizationAccessPolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ObjectStorageOrganizationAccessPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ObjectStorageOrganizationAccessPolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var objectStorageOrganizationAccessPolicyResource = new CoreWeave.ObjectStorageOrganizationAccessPolicy("objectStorageOrganizationAccessPolicyResource", new()
{
Statements = new[]
{
new CoreWeave.Inputs.ObjectStorageOrganizationAccessPolicyStatementArgs
{
Actions = new[]
{
"string",
},
Effect = "string",
Name = "string",
Principals = new[]
{
"string",
},
Resources = new[]
{
"string",
},
},
},
Name = "string",
});
example, err := coreweave.NewObjectStorageOrganizationAccessPolicy(ctx, "objectStorageOrganizationAccessPolicyResource", &coreweave.ObjectStorageOrganizationAccessPolicyArgs{
Statements: coreweave.ObjectStorageOrganizationAccessPolicyStatementArray{
&coreweave.ObjectStorageOrganizationAccessPolicyStatementArgs{
Actions: pulumi.StringArray{
pulumi.String("string"),
},
Effect: pulumi.String("string"),
Name: pulumi.String("string"),
Principals: pulumi.StringArray{
pulumi.String("string"),
},
Resources: pulumi.StringArray{
pulumi.String("string"),
},
},
},
Name: pulumi.String("string"),
})
resource "coreweave_objectstorageorganizationaccesspolicy" "objectStorageOrganizationAccessPolicyResource" {
statements {
actions = ["string"]
effect = "string"
name = "string"
principals = ["string"]
resources = ["string"]
}
name = "string"
}
var objectStorageOrganizationAccessPolicyResource = new ObjectStorageOrganizationAccessPolicy("objectStorageOrganizationAccessPolicyResource", ObjectStorageOrganizationAccessPolicyArgs.builder()
.statements(ObjectStorageOrganizationAccessPolicyStatementArgs.builder()
.actions("string")
.effect("string")
.name("string")
.principals("string")
.resources("string")
.build())
.name("string")
.build());
object_storage_organization_access_policy_resource = coreweave.ObjectStorageOrganizationAccessPolicy("objectStorageOrganizationAccessPolicyResource",
statements=[{
"actions": ["string"],
"effect": "string",
"name": "string",
"principals": ["string"],
"resources": ["string"],
}],
name="string")
const objectStorageOrganizationAccessPolicyResource = new coreweave.ObjectStorageOrganizationAccessPolicy("objectStorageOrganizationAccessPolicyResource", {
statements: [{
actions: ["string"],
effect: "string",
name: "string",
principals: ["string"],
resources: ["string"],
}],
name: "string",
});
type: coreweave:ObjectStorageOrganizationAccessPolicy
properties:
name: string
statements:
- actions:
- string
effect: string
name: string
principals:
- string
resources:
- string
ObjectStorageOrganizationAccessPolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ObjectStorageOrganizationAccessPolicy resource accepts the following input properties:
- Statements
List<Pulumi.
Core Weave. Inputs. Object Storage Organization Access Policy Statement> - The list of access policy statements associated with this policy. At least one statement is required.
- Name string
- The name of the organization access policy, must be unique.
- Statements
[]Object
Storage Organization Access Policy Statement Args - The list of access policy statements associated with this policy. At least one statement is required.
- Name string
- The name of the organization access policy, must be unique.
- statements list(object)
- The list of access policy statements associated with this policy. At least one statement is required.
- name string
- The name of the organization access policy, must be unique.
- statements
List<Object
Storage Organization Access Policy Statement> - The list of access policy statements associated with this policy. At least one statement is required.
- name String
- The name of the organization access policy, must be unique.
- statements
Object
Storage Organization Access Policy Statement[] - The list of access policy statements associated with this policy. At least one statement is required.
- name string
- The name of the organization access policy, must be unique.
- statements
Sequence[Object
Storage Organization Access Policy Statement Args] - The list of access policy statements associated with this policy. At least one statement is required.
- name str
- The name of the organization access policy, must be unique.
- statements List<Property Map>
- The list of access policy statements associated with this policy. At least one statement is required.
- name String
- The name of the organization access policy, must be unique.
Outputs
All input properties are implicitly available as output properties. Additionally, the ObjectStorageOrganizationAccessPolicy resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing ObjectStorageOrganizationAccessPolicy Resource
Get an existing ObjectStorageOrganizationAccessPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ObjectStorageOrganizationAccessPolicyState, opts?: CustomResourceOptions): ObjectStorageOrganizationAccessPolicy@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
name: Optional[str] = None,
statements: Optional[Sequence[ObjectStorageOrganizationAccessPolicyStatementArgs]] = None) -> ObjectStorageOrganizationAccessPolicyfunc GetObjectStorageOrganizationAccessPolicy(ctx *Context, name string, id IDInput, state *ObjectStorageOrganizationAccessPolicyState, opts ...ResourceOption) (*ObjectStorageOrganizationAccessPolicy, error)public static ObjectStorageOrganizationAccessPolicy Get(string name, Input<string> id, ObjectStorageOrganizationAccessPolicyState? state, CustomResourceOptions? opts = null)public static ObjectStorageOrganizationAccessPolicy get(String name, Output<String> id, ObjectStorageOrganizationAccessPolicyState state, CustomResourceOptions options)resources: _: type: coreweave:ObjectStorageOrganizationAccessPolicy get: id: ${id}import {
to = coreweave_objectstorageorganizationaccesspolicy.example
id = "${id}"
}
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Name string
- The name of the organization access policy, must be unique.
- Statements
List<Pulumi.
Core Weave. Inputs. Object Storage Organization Access Policy Statement> - The list of access policy statements associated with this policy. At least one statement is required.
- Name string
- The name of the organization access policy, must be unique.
- Statements
[]Object
Storage Organization Access Policy Statement Args - The list of access policy statements associated with this policy. At least one statement is required.
- name string
- The name of the organization access policy, must be unique.
- statements list(object)
- The list of access policy statements associated with this policy. At least one statement is required.
- name String
- The name of the organization access policy, must be unique.
- statements
List<Object
Storage Organization Access Policy Statement> - The list of access policy statements associated with this policy. At least one statement is required.
- name string
- The name of the organization access policy, must be unique.
- statements
Object
Storage Organization Access Policy Statement[] - The list of access policy statements associated with this policy. At least one statement is required.
- name str
- The name of the organization access policy, must be unique.
- statements
Sequence[Object
Storage Organization Access Policy Statement Args] - The list of access policy statements associated with this policy. At least one statement is required.
- name String
- The name of the organization access policy, must be unique.
- statements List<Property Map>
- The list of access policy statements associated with this policy. At least one statement is required.
Supporting Types
ObjectStorageOrganizationAccessPolicyStatement, ObjectStorageOrganizationAccessPolicyStatementArgs
- Actions List<string>
- Defines which operations the policy allows or denies. Organization access policies can include actions from two APIs - S3 (s3:) and AI Object Storage API (cwobject:). You can use wildcards (like s3:* or cwobject:*) to cover multiple actions at once.
- Effect string
- Must be either Allow or Deny (case-sensitive). Determines whether the statement grants or denies the specified actions on the listed resources for the designated principals. By default, all access is denied.
- Name string
- A short, human-readable identifier for this specific policy statement, similar to Sid in bucket access policies.
- Principals List<string>
- Defines which users, roles, or groups the policy applies to. Only short-form identifiers are supported. If you use a full ARN, the policy will fail with an error. See the AI Object Storage documentation for guidelines on defining principals.
- Resources List<string>
- Defines which resources the policy applies to. See the AI Object Storage documentation for guidelines on defining resources.
- Actions []string
- Defines which operations the policy allows or denies. Organization access policies can include actions from two APIs - S3 (s3:) and AI Object Storage API (cwobject:). You can use wildcards (like s3:* or cwobject:*) to cover multiple actions at once.
- Effect string
- Must be either Allow or Deny (case-sensitive). Determines whether the statement grants or denies the specified actions on the listed resources for the designated principals. By default, all access is denied.
- Name string
- A short, human-readable identifier for this specific policy statement, similar to Sid in bucket access policies.
- Principals []string
- Defines which users, roles, or groups the policy applies to. Only short-form identifiers are supported. If you use a full ARN, the policy will fail with an error. See the AI Object Storage documentation for guidelines on defining principals.
- Resources []string
- Defines which resources the policy applies to. See the AI Object Storage documentation for guidelines on defining resources.
- actions list(string)
- Defines which operations the policy allows or denies. Organization access policies can include actions from two APIs - S3 (s3:) and AI Object Storage API (cwobject:). You can use wildcards (like s3:* or cwobject:*) to cover multiple actions at once.
- effect string
- Must be either Allow or Deny (case-sensitive). Determines whether the statement grants or denies the specified actions on the listed resources for the designated principals. By default, all access is denied.
- name string
- A short, human-readable identifier for this specific policy statement, similar to Sid in bucket access policies.
- principals list(string)
- Defines which users, roles, or groups the policy applies to. Only short-form identifiers are supported. If you use a full ARN, the policy will fail with an error. See the AI Object Storage documentation for guidelines on defining principals.
- resources list(string)
- Defines which resources the policy applies to. See the AI Object Storage documentation for guidelines on defining resources.
- actions List<String>
- Defines which operations the policy allows or denies. Organization access policies can include actions from two APIs - S3 (s3:) and AI Object Storage API (cwobject:). You can use wildcards (like s3:* or cwobject:*) to cover multiple actions at once.
- effect String
- Must be either Allow or Deny (case-sensitive). Determines whether the statement grants or denies the specified actions on the listed resources for the designated principals. By default, all access is denied.
- name String
- A short, human-readable identifier for this specific policy statement, similar to Sid in bucket access policies.
- principals List<String>
- Defines which users, roles, or groups the policy applies to. Only short-form identifiers are supported. If you use a full ARN, the policy will fail with an error. See the AI Object Storage documentation for guidelines on defining principals.
- resources List<String>
- Defines which resources the policy applies to. See the AI Object Storage documentation for guidelines on defining resources.
- actions string[]
- Defines which operations the policy allows or denies. Organization access policies can include actions from two APIs - S3 (s3:) and AI Object Storage API (cwobject:). You can use wildcards (like s3:* or cwobject:*) to cover multiple actions at once.
- effect string
- Must be either Allow or Deny (case-sensitive). Determines whether the statement grants or denies the specified actions on the listed resources for the designated principals. By default, all access is denied.
- name string
- A short, human-readable identifier for this specific policy statement, similar to Sid in bucket access policies.
- principals string[]
- Defines which users, roles, or groups the policy applies to. Only short-form identifiers are supported. If you use a full ARN, the policy will fail with an error. See the AI Object Storage documentation for guidelines on defining principals.
- resources string[]
- Defines which resources the policy applies to. See the AI Object Storage documentation for guidelines on defining resources.
- actions Sequence[str]
- Defines which operations the policy allows or denies. Organization access policies can include actions from two APIs - S3 (s3:) and AI Object Storage API (cwobject:). You can use wildcards (like s3:* or cwobject:*) to cover multiple actions at once.
- effect str
- Must be either Allow or Deny (case-sensitive). Determines whether the statement grants or denies the specified actions on the listed resources for the designated principals. By default, all access is denied.
- name str
- A short, human-readable identifier for this specific policy statement, similar to Sid in bucket access policies.
- principals Sequence[str]
- Defines which users, roles, or groups the policy applies to. Only short-form identifiers are supported. If you use a full ARN, the policy will fail with an error. See the AI Object Storage documentation for guidelines on defining principals.
- resources Sequence[str]
- Defines which resources the policy applies to. See the AI Object Storage documentation for guidelines on defining resources.
- actions List<String>
- Defines which operations the policy allows or denies. Organization access policies can include actions from two APIs - S3 (s3:) and AI Object Storage API (cwobject:). You can use wildcards (like s3:* or cwobject:*) to cover multiple actions at once.
- effect String
- Must be either Allow or Deny (case-sensitive). Determines whether the statement grants or denies the specified actions on the listed resources for the designated principals. By default, all access is denied.
- name String
- A short, human-readable identifier for this specific policy statement, similar to Sid in bucket access policies.
- principals List<String>
- Defines which users, roles, or groups the policy applies to. Only short-form identifiers are supported. If you use a full ARN, the policy will fail with an error. See the AI Object Storage documentation for guidelines on defining principals.
- resources List<String>
- Defines which resources the policy applies to. See the AI Object Storage documentation for guidelines on defining resources.
Import
$ pulumi import coreweave:index/objectStorageOrganizationAccessPolicy:ObjectStorageOrganizationAccessPolicy default {{name}}
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- coreweave pulumi/pulumi-coreweave
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
coreweaveTerraform Provider.
Viewing docs for CoreWeave v1.0.1
published on Monday, May 18, 2026 by Pulumi
published on Monday, May 18, 2026 by Pulumi
