Bucket
Provides a S3 bucket resource.
Example Usage
Private Bucket w/ Tags
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var bucket = new Aws.S3.Bucket("bucket", new Aws.S3.BucketArgs
{
Acl = "private",
Tags =
{
{ "Environment", "Dev" },
{ "Name", "My bucket" },
},
});
}
}
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v2/go/aws/s3"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := s3.NewBucket(ctx, "bucket", &s3.BucketArgs{
Acl: pulumi.String("private"),
Tags: pulumi.StringMap{
"Environment": pulumi.String("Dev"),
"Name": pulumi.String("My bucket"),
},
})
if err != nil {
return err
}
return nil
})
}import pulumi
import pulumi_aws as aws
bucket = aws.s3.Bucket("bucket",
acl="private",
tags={
"Environment": "Dev",
"Name": "My bucket",
})import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const bucket = new aws.s3.Bucket("b", {
acl: "private",
tags: {
Environment: "Dev",
Name: "My bucket",
},
});Static Website Hosting
using System.IO;
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var bucket = new Aws.S3.Bucket("bucket", new Aws.S3.BucketArgs
{
Acl = "public-read",
Policy = File.ReadAllText("policy.json"),
Website = new Aws.S3.Inputs.BucketWebsiteArgs
{
ErrorDocument = "error.html",
IndexDocument = "index.html",
RoutingRules = @"[{
""Condition"": {
""KeyPrefixEquals"": ""docs/""
},
""Redirect"": {
""ReplaceKeyPrefixWith"": ""documents/""
}
}]
",
},
});
}
}
Coming soon!
import pulumi
import pulumi_aws as aws
bucket = aws.s3.Bucket("bucket",
acl="public-read",
policy=(lambda path: open(path).read())("policy.json"),
website={
"errorDocument": "error.html",
"indexDocument": "index.html",
"routingRules": """[{
"Condition": {
"KeyPrefixEquals": "docs/"
},
"Redirect": {
"ReplaceKeyPrefixWith": "documents/"
}
}]
""",
})import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as fs from "fs";
const bucket = new aws.s3.Bucket("b", {
acl: "public-read",
policy: fs.readFileSync("policy.json", "utf-8"),
website: {
errorDocument: "error.html",
indexDocument: "index.html",
routingRules: `[{
"Condition": {
"KeyPrefixEquals": "docs/"
},
"Redirect": {
"ReplaceKeyPrefixWith": "documents/"
}
}]
`,
},
});Using CORS
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var bucket = new Aws.S3.Bucket("bucket", new Aws.S3.BucketArgs
{
Acl = "public-read",
CorsRules =
{
new Aws.S3.Inputs.BucketCorsRuleArgs
{
AllowedHeaders =
{
"*",
},
AllowedMethods =
{
"PUT",
"POST",
},
AllowedOrigins =
{
"https://s3-website-test.mydomain.com",
},
ExposeHeaders =
{
"ETag",
},
MaxAgeSeconds = 3000,
},
},
});
}
}
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v2/go/aws/s3"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := s3.NewBucket(ctx, "bucket", &s3.BucketArgs{
Acl: pulumi.String("public-read"),
CorsRules: s3.BucketCorsRuleArray{
&s3.BucketCorsRuleArgs{
AllowedHeaders: pulumi.StringArray{
pulumi.String("*"),
},
AllowedMethods: pulumi.StringArray{
pulumi.String("PUT"),
pulumi.String("POST"),
},
AllowedOrigins: pulumi.StringArray{
pulumi.String("https://s3-website-test.mydomain.com"),
},
ExposeHeaders: pulumi.StringArray{
pulumi.String("ETag"),
},
MaxAgeSeconds: pulumi.Int(3000),
},
},
})
if err != nil {
return err
}
return nil
})
}import pulumi
import pulumi_aws as aws
bucket = aws.s3.Bucket("bucket",
acl="public-read",
cors_rules=[{
"allowedHeaders": ["*"],
"allowedMethods": [
"PUT",
"POST",
],
"allowedOrigins": ["https://s3-website-test.mydomain.com"],
"exposeHeaders": ["ETag"],
"maxAgeSeconds": 3000,
}])import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const bucket = new aws.s3.Bucket("b", {
acl: "public-read",
corsRules: [{
allowedHeaders: ["*"],
allowedMethods: [
"PUT",
"POST",
],
allowedOrigins: ["https://s3-website-test.mydomain.com"],
exposeHeaders: ["ETag"],
maxAgeSeconds: 3000,
}],
});Using versioning
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var bucket = new Aws.S3.Bucket("bucket", new Aws.S3.BucketArgs
{
Acl = "private",
Versioning = new Aws.S3.Inputs.BucketVersioningArgs
{
Enabled = true,
},
});
}
}
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v2/go/aws/s3"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := s3.NewBucket(ctx, "bucket", &s3.BucketArgs{
Acl: pulumi.String("private"),
Versioning: &s3.BucketVersioningArgs{
Enabled: pulumi.Bool(true),
},
})
if err != nil {
return err
}
return nil
})
}import pulumi
import pulumi_aws as aws
bucket = aws.s3.Bucket("bucket",
acl="private",
versioning={
"enabled": True,
})import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const bucket = new aws.s3.Bucket("b", {
acl: "private",
versioning: {
enabled: true,
},
});Enable Logging
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var logBucket = new Aws.S3.Bucket("logBucket", new Aws.S3.BucketArgs
{
Acl = "log-delivery-write",
});
var bucket = new Aws.S3.Bucket("bucket", new Aws.S3.BucketArgs
{
Acl = "private",
Loggings =
{
new Aws.S3.Inputs.BucketLoggingArgs
{
TargetBucket = logBucket.Id,
TargetPrefix = "log/",
},
},
});
}
}
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v2/go/aws/s3"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
logBucket, err := s3.NewBucket(ctx, "logBucket", &s3.BucketArgs{
Acl: pulumi.String("log-delivery-write"),
})
if err != nil {
return err
}
_, err = s3.NewBucket(ctx, "bucket", &s3.BucketArgs{
Acl: pulumi.String("private"),
Loggings: s3.BucketLoggingArray{
&s3.BucketLoggingArgs{
TargetBucket: logBucket.ID(),
TargetPrefix: pulumi.String("log/"),
},
},
})
if err != nil {
return err
}
return nil
})
}import pulumi
import pulumi_aws as aws
log_bucket = aws.s3.Bucket("logBucket", acl="log-delivery-write")
bucket = aws.s3.Bucket("bucket",
acl="private",
loggings=[{
"targetBucket": log_bucket.id,
"targetPrefix": "log/",
}])import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const logBucket = new aws.s3.Bucket("log_bucket", {
acl: "log-delivery-write",
});
const bucket = new aws.s3.Bucket("b", {
acl: "private",
loggings: [{
targetBucket: logBucket.id,
targetPrefix: "log/",
}],
});Using object lifecycle
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var bucket = new Aws.S3.Bucket("bucket", new Aws.S3.BucketArgs
{
Acl = "private",
LifecycleRules =
{
new Aws.S3.Inputs.BucketLifecycleRuleArgs
{
Enabled = true,
Expiration = new Aws.S3.Inputs.BucketLifecycleRuleExpirationArgs
{
Days = 90,
},
Id = "log",
Prefix = "log/",
Tags =
{
{ "autoclean", "true" },
{ "rule", "log" },
},
Transitions =
{
new Aws.S3.Inputs.BucketLifecycleRuleTransitionArgs
{
Days = 30,
StorageClass = "STANDARD_IA",
},
new Aws.S3.Inputs.BucketLifecycleRuleTransitionArgs
{
Days = 60,
StorageClass = "GLACIER",
},
},
},
new Aws.S3.Inputs.BucketLifecycleRuleArgs
{
Enabled = true,
Expiration = new Aws.S3.Inputs.BucketLifecycleRuleExpirationArgs
{
Date = "2016-01-12",
},
Id = "tmp",
Prefix = "tmp/",
},
},
});
var versioningBucket = new Aws.S3.Bucket("versioningBucket", new Aws.S3.BucketArgs
{
Acl = "private",
LifecycleRules =
{
new Aws.S3.Inputs.BucketLifecycleRuleArgs
{
Enabled = true,
NoncurrentVersionExpiration = new Aws.S3.Inputs.BucketLifecycleRuleNoncurrentVersionExpirationArgs
{
Days = 90,
},
NoncurrentVersionTransitions =
{
new Aws.S3.Inputs.BucketLifecycleRuleNoncurrentVersionTransitionArgs
{
Days = 30,
StorageClass = "STANDARD_IA",
},
new Aws.S3.Inputs.BucketLifecycleRuleNoncurrentVersionTransitionArgs
{
Days = 60,
StorageClass = "GLACIER",
},
},
Prefix = "config/",
},
},
Versioning = new Aws.S3.Inputs.BucketVersioningArgs
{
Enabled = true,
},
});
}
}
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v2/go/aws/s3"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := s3.NewBucket(ctx, "bucket", &s3.BucketArgs{
Acl: pulumi.String("private"),
LifecycleRules: s3.BucketLifecycleRuleArray{
&s3.BucketLifecycleRuleArgs{
Enabled: pulumi.Bool(true),
Expiration: &s3.BucketLifecycleRuleExpirationArgs{
Days: pulumi.Int(90),
},
Id: pulumi.String("log"),
Prefix: pulumi.String("log/"),
Tags: pulumi.StringMap{
"autoclean": pulumi.String("true"),
"rule": pulumi.String("log"),
},
Transitions: s3.BucketLifecycleRuleTransitionArray{
&s3.BucketLifecycleRuleTransitionArgs{
Days: pulumi.Int(30),
StorageClass: pulumi.String("STANDARD_IA"),
},
&s3.BucketLifecycleRuleTransitionArgs{
Days: pulumi.Int(60),
StorageClass: pulumi.String("GLACIER"),
},
},
},
&s3.BucketLifecycleRuleArgs{
Enabled: pulumi.Bool(true),
Expiration: &s3.BucketLifecycleRuleExpirationArgs{
Date: pulumi.String("2016-01-12"),
},
Id: pulumi.String("tmp"),
Prefix: pulumi.String("tmp/"),
},
},
})
if err != nil {
return err
}
_, err = s3.NewBucket(ctx, "versioningBucket", &s3.BucketArgs{
Acl: pulumi.String("private"),
LifecycleRules: s3.BucketLifecycleRuleArray{
&s3.BucketLifecycleRuleArgs{
Enabled: pulumi.Bool(true),
NoncurrentVersionExpiration: &s3.BucketLifecycleRuleNoncurrentVersionExpirationArgs{
Days: pulumi.Int(90),
},
NoncurrentVersionTransitions: s3.BucketLifecycleRuleNoncurrentVersionTransitionArray{
&s3.BucketLifecycleRuleNoncurrentVersionTransitionArgs{
Days: pulumi.Int(30),
StorageClass: pulumi.String("STANDARD_IA"),
},
&s3.BucketLifecycleRuleNoncurrentVersionTransitionArgs{
Days: pulumi.Int(60),
StorageClass: pulumi.String("GLACIER"),
},
},
Prefix: pulumi.String("config/"),
},
},
Versioning: &s3.BucketVersioningArgs{
Enabled: pulumi.Bool(true),
},
})
if err != nil {
return err
}
return nil
})
}import pulumi
import pulumi_aws as aws
bucket = aws.s3.Bucket("bucket",
acl="private",
lifecycle_rules=[
{
"enabled": True,
"expiration": {
"days": 90,
},
"id": "log",
"prefix": "log/",
"tags": {
"autoclean": "true",
"rule": "log",
},
"transitions": [
{
"days": 30,
"storage_class": "STANDARD_IA",
},
{
"days": 60,
"storage_class": "GLACIER",
},
],
},
{
"enabled": True,
"expiration": {
"date": "2016-01-12",
},
"id": "tmp",
"prefix": "tmp/",
},
])
versioning_bucket = aws.s3.Bucket("versioningBucket",
acl="private",
lifecycle_rules=[{
"enabled": True,
"noncurrentVersionExpiration": {
"days": 90,
},
"noncurrentVersionTransitions": [
{
"days": 30,
"storage_class": "STANDARD_IA",
},
{
"days": 60,
"storage_class": "GLACIER",
},
],
"prefix": "config/",
}],
versioning={
"enabled": True,
})import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const bucket = new aws.s3.Bucket("bucket", {
acl: "private",
lifecycleRules: [
{
enabled: true,
expiration: {
days: 90,
},
id: "log",
prefix: "log/",
tags: {
autoclean: "true",
rule: "log",
},
transitions: [
{
days: 30,
storageClass: "STANDARD_IA", // or "ONEZONE_IA"
},
{
days: 60,
storageClass: "GLACIER",
},
],
},
{
enabled: true,
expiration: {
date: "2016-01-12",
},
id: "tmp",
prefix: "tmp/",
},
],
});
const versioningBucket = new aws.s3.Bucket("versioning_bucket", {
acl: "private",
lifecycleRules: [{
enabled: true,
noncurrentVersionExpiration: {
days: 90,
},
noncurrentVersionTransitions: [
{
days: 30,
storageClass: "STANDARD_IA",
},
{
days: 60,
storageClass: "GLACIER",
},
],
prefix: "config/",
}],
versioning: {
enabled: true,
},
});Using replication configuration
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var central = new Aws.Provider("central", new Aws.ProviderArgs
{
Region = "eu-central-1",
});
var replicationRole = new Aws.Iam.Role("replicationRole", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Action"": ""sts:AssumeRole"",
""Principal"": {
""Service"": ""s3.amazonaws.com""
},
""Effect"": ""Allow"",
""Sid"": """"
}
]
}
",
});
var destination = new Aws.S3.Bucket("destination", new Aws.S3.BucketArgs
{
Region = "eu-west-1",
Versioning = new Aws.S3.Inputs.BucketVersioningArgs
{
Enabled = true,
},
});
var bucket = new Aws.S3.Bucket("bucket", new Aws.S3.BucketArgs
{
Acl = "private",
Region = "eu-central-1",
ReplicationConfiguration = new Aws.S3.Inputs.BucketReplicationConfigurationArgs
{
Role = replicationRole.Arn,
Rules =
{
new Aws.S3.Inputs.BucketReplicationConfigurationRuleArgs
{
Destination = new Aws.S3.Inputs.BucketReplicationConfigurationRuleDestinationArgs
{
Bucket = destination.Arn,
StorageClass = "STANDARD",
},
Id = "foobar",
Prefix = "foo",
Status = "Enabled",
},
},
},
Versioning = new Aws.S3.Inputs.BucketVersioningArgs
{
Enabled = true,
},
}, new CustomResourceOptions
{
Provider = "aws.central",
});
var replicationPolicy = new Aws.Iam.Policy("replicationPolicy", new Aws.Iam.PolicyArgs
{
Policy = Output.Tuple(bucket.Arn, bucket.Arn, destination.Arn).Apply(values =>
{
var bucketArn = values.Item1;
var bucketArn1 = values.Item2;
var destinationArn = values.Item3;
return @$"{{
""Version"": ""2012-10-17"",
""Statement"": [
{{
""Action"": [
""s3:GetReplicationConfiguration"",
""s3:ListBucket""
],
""Effect"": ""Allow"",
""Resource"": [
""{bucketArn}""
]
}},
{{
""Action"": [
""s3:GetObjectVersion"",
""s3:GetObjectVersionAcl""
],
""Effect"": ""Allow"",
""Resource"": [
""{bucketArn1}/*""
]
}},
{{
""Action"": [
""s3:ReplicateObject"",
""s3:ReplicateDelete""
],
""Effect"": ""Allow"",
""Resource"": ""{destinationArn}/*""
}}
]
}}
";
}),
});
var replicationRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment("replicationRolePolicyAttachment", new Aws.Iam.RolePolicyAttachmentArgs
{
PolicyArn = replicationPolicy.Arn,
Role = replicationRole.Name,
});
}
}
package main
import (
"fmt"
"github.com/pulumi/pulumi-aws/sdk/v2/go/aws/iam"
"github.com/pulumi/pulumi-aws/sdk/v2/go/aws/providers"
"github.com/pulumi/pulumi-aws/sdk/v2/go/aws/s3"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := providers.Newaws(ctx, "central", &providers.awsArgs{
Region: pulumi.String("eu-central-1"),
})
if err != nil {
return err
}
replicationRole, err := iam.NewRole(ctx, "replicationRole", &iam.RoleArgs{
AssumeRolePolicy: pulumi.String(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v%v%v", "{\n", " \"Version\": \"2012-10-17\",\n", " \"Statement\": [\n", " {\n", " \"Action\": \"sts:AssumeRole\",\n", " \"Principal\": {\n", " \"Service\": \"s3.amazonaws.com\"\n", " },\n", " \"Effect\": \"Allow\",\n", " \"Sid\": \"\"\n", " }\n", " ]\n", "}\n", "\n")),
})
if err != nil {
return err
}
destination, err := s3.NewBucket(ctx, "destination", &s3.BucketArgs{
Region: pulumi.String("eu-west-1"),
Versioning: &s3.BucketVersioningArgs{
Enabled: pulumi.Bool(true),
},
})
if err != nil {
return err
}
bucket, err := s3.NewBucket(ctx, "bucket", &s3.BucketArgs{
Acl: pulumi.String("private"),
Region: pulumi.String("eu-central-1"),
ReplicationConfiguration: &s3.BucketReplicationConfigurationArgs{
Role: replicationRole.Arn,
Rules: s3.BucketReplicationConfigurationRuleArray{
&s3.BucketReplicationConfigurationRuleArgs{
Destination: &s3.BucketReplicationConfigurationRuleDestinationArgs{
Bucket: destination.Arn,
StorageClass: pulumi.String("STANDARD"),
},
Id: pulumi.String("foobar"),
Prefix: pulumi.String("foo"),
Status: pulumi.String("Enabled"),
},
},
},
Versioning: &s3.BucketVersioningArgs{
Enabled: pulumi.Bool(true),
},
}, pulumi.Provider("aws.central"))
if err != nil {
return err
}
replicationPolicy, err := iam.NewPolicy(ctx, "replicationPolicy", &iam.PolicyArgs{
Policy: pulumi.All(bucket.Arn, bucket.Arn, destination.Arn).ApplyT(func(_args []interface{}) (string, error) {
bucketArn := _args[0].(string)
bucketArn1 := _args[1].(string)
destinationArn := _args[2].(string)
return fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v", "{\n", " \"Version\": \"2012-10-17\",\n", " \"Statement\": [\n", " {\n", " \"Action\": [\n", " \"s3:GetReplicationConfiguration\",\n", " \"s3:ListBucket\"\n", " ],\n", " \"Effect\": \"Allow\",\n", " \"Resource\": [\n", " \"", bucketArn, "\"\n", " ]\n", " },\n", " {\n", " \"Action\": [\n", " \"s3:GetObjectVersion\",\n", " \"s3:GetObjectVersionAcl\"\n", " ],\n", " \"Effect\": \"Allow\",\n", " \"Resource\": [\n", " \"", bucketArn1, "/*\"\n", " ]\n", " },\n", " {\n", " \"Action\": [\n", " \"s3:ReplicateObject\",\n", " \"s3:ReplicateDelete\"\n", " ],\n", " \"Effect\": \"Allow\",\n", " \"Resource\": \"", destinationArn, "/*\"\n", " }\n", " ]\n", "}\n", "\n"), nil
}).(pulumi.StringOutput),
})
if err != nil {
return err
}
_, err = iam.NewRolePolicyAttachment(ctx, "replicationRolePolicyAttachment", &iam.RolePolicyAttachmentArgs{
PolicyArn: replicationPolicy.Arn,
Role: replicationRole.Name,
})
if err != nil {
return err
}
return nil
})
}import pulumi
import pulumi_aws as aws
import pulumi_pulumi as pulumi
central = pulumi.providers.Aws("central", region="eu-central-1")
replication_role = aws.iam.Role("replicationRole", assume_role_policy="""{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "s3.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
""")
destination = aws.s3.Bucket("destination",
region="eu-west-1",
versioning={
"enabled": True,
})
bucket = aws.s3.Bucket("bucket",
acl="private",
region="eu-central-1",
replication_configuration={
"role": replication_role.arn,
"rules": [{
"destination": {
"bucket": destination.arn,
"storage_class": "STANDARD",
},
"id": "foobar",
"prefix": "foo",
"status": "Enabled",
}],
},
versioning={
"enabled": True,
},
opts=ResourceOptions(provider="aws.central"))
replication_policy = aws.iam.Policy("replicationPolicy", policy=pulumi.Output.all(bucket.arn, bucket.arn, destination.arn).apply(lambda bucketArn, bucketArn1, destinationArn: f"""{{
"Version": "2012-10-17",
"Statement": [
{{
"Action": [
"s3:GetReplicationConfiguration",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": [
"{bucket_arn}"
]
}},
{{
"Action": [
"s3:GetObjectVersion",
"s3:GetObjectVersionAcl"
],
"Effect": "Allow",
"Resource": [
"{bucket_arn1}/*"
]
}},
{{
"Action": [
"s3:ReplicateObject",
"s3:ReplicateDelete"
],
"Effect": "Allow",
"Resource": "{destination_arn}/*"
}}
]
}}
"""))
replication_role_policy_attachment = aws.iam.RolePolicyAttachment("replicationRolePolicyAttachment",
policy_arn=replication_policy.arn,
role=replication_role.name)import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const central = new aws.Provider("central", {
region: "eu-central-1",
});
const replicationRole = new aws.iam.Role("replication", {
assumeRolePolicy: `{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "s3.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
`,
});
const destination = new aws.s3.Bucket("destination", {
region: "eu-west-1",
versioning: {
enabled: true,
},
});
const bucket = new aws.s3.Bucket("bucket", {
acl: "private",
region: "eu-central-1",
replicationConfiguration: {
role: replicationRole.arn,
rules: [{
destination: {
bucket: destination.arn,
storageClass: "STANDARD",
},
id: "foobar",
prefix: "foo",
status: "Enabled",
}],
},
versioning: {
enabled: true,
},
}, { provider: central });
const replicationPolicy = new aws.iam.Policy("replication", {
policy: pulumi.interpolate`{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:GetReplicationConfiguration",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": [
"${bucket.arn}"
]
},
{
"Action": [
"s3:GetObjectVersion",
"s3:GetObjectVersionAcl"
],
"Effect": "Allow",
"Resource": [
"${bucket.arn}/*"
]
},
{
"Action": [
"s3:ReplicateObject",
"s3:ReplicateDelete"
],
"Effect": "Allow",
"Resource": "${destination.arn}/*"
}
]
}
`,
});
const replicationRolePolicyAttachment = new aws.iam.RolePolicyAttachment("replication", {
policyArn: replicationPolicy.arn,
role: replicationRole.name,
});Enable Default Server Side Encryption
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var mykey = new Aws.Kms.Key("mykey", new Aws.Kms.KeyArgs
{
DeletionWindowInDays = 10,
Description = "This key is used to encrypt bucket objects",
});
var mybucket = new Aws.S3.Bucket("mybucket", new Aws.S3.BucketArgs
{
ServerSideEncryptionConfiguration = new Aws.S3.Inputs.BucketServerSideEncryptionConfigurationArgs
{
Rule = new Aws.S3.Inputs.BucketServerSideEncryptionConfigurationRuleArgs
{
ApplyServerSideEncryptionByDefault = new Aws.S3.Inputs.BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefaultArgs
{
KmsMasterKeyId = mykey.Arn,
SseAlgorithm = "aws:kms",
},
},
},
});
}
}
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v2/go/aws/kms"
"github.com/pulumi/pulumi-aws/sdk/v2/go/aws/s3"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
mykey, err := kms.NewKey(ctx, "mykey", &kms.KeyArgs{
DeletionWindowInDays: pulumi.Int(10),
Description: pulumi.String("This key is used to encrypt bucket objects"),
})
if err != nil {
return err
}
_, err = s3.NewBucket(ctx, "mybucket", &s3.BucketArgs{
ServerSideEncryptionConfiguration: &s3.BucketServerSideEncryptionConfigurationArgs{
Rule: &s3.BucketServerSideEncryptionConfigurationRuleArgs{
ApplyServerSideEncryptionByDefault: &s3.BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefaultArgs{
KmsMasterKeyId: mykey.Arn,
SseAlgorithm: pulumi.String("aws:kms"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}import pulumi
import pulumi_aws as aws
mykey = aws.kms.Key("mykey",
deletion_window_in_days=10,
description="This key is used to encrypt bucket objects")
mybucket = aws.s3.Bucket("mybucket", server_side_encryption_configuration={
"rule": {
"applyServerSideEncryptionByDefault": {
"kms_master_key_id": mykey.arn,
"sseAlgorithm": "aws:kms",
},
},
})import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const mykey = new aws.kms.Key("mykey", {
deletionWindowInDays: 10,
description: "This key is used to encrypt bucket objects",
});
const mybucket = new aws.s3.Bucket("mybucket", {
serverSideEncryptionConfiguration: {
rule: {
applyServerSideEncryptionByDefault: {
kmsMasterKeyId: mykey.arn,
sseAlgorithm: "aws:kms",
},
},
},
});Using ACL policy grants
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var currentUser = Output.Create(Aws.GetCanonicalUserId.InvokeAsync());
var bucket = new Aws.S3.Bucket("bucket", new Aws.S3.BucketArgs
{
Grants =
{
new Aws.S3.Inputs.BucketGrantArgs
{
Id = currentUser.Apply(currentUser => currentUser.Id),
Permissions =
{
"FULL_CONTROL",
},
Type = "CanonicalUser",
},
new Aws.S3.Inputs.BucketGrantArgs
{
Permissions =
{
"READ",
"WRITE",
},
Type = "Group",
Uri = "http://acs.amazonaws.com/groups/s3/LogDelivery",
},
},
});
}
}
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v2/go/aws"
"github.com/pulumi/pulumi-aws/sdk/v2/go/aws/s3"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
currentUser, err := aws.GetCanonicalUserId(ctx, nil, nil)
if err != nil {
return err
}
_, err = s3.NewBucket(ctx, "bucket", &s3.BucketArgs{
Grants: s3.BucketGrantArray{
&s3.BucketGrantArgs{
Id: pulumi.String(currentUser.Id),
Permissions: pulumi.StringArray{
pulumi.String("FULL_CONTROL"),
},
Type: pulumi.String("CanonicalUser"),
},
&s3.BucketGrantArgs{
Permissions: pulumi.StringArray{
pulumi.String("READ"),
pulumi.String("WRITE"),
},
Type: pulumi.String("Group"),
Uri: pulumi.String("http://acs.amazonaws.com/groups/s3/LogDelivery"),
},
},
})
if err != nil {
return err
}
return nil
})
}import pulumi
import pulumi_aws as aws
current_user = aws.get_canonical_user_id()
bucket = aws.s3.Bucket("bucket", grants=[
{
"id": current_user.id,
"permissions": ["FULL_CONTROL"],
"type": "CanonicalUser",
},
{
"permissions": [
"READ",
"WRITE",
],
"type": "Group",
"uri": "http://acs.amazonaws.com/groups/s3/LogDelivery",
},
])import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const currentUser = pulumi.output(aws.getCanonicalUserId({ async: true }));
const bucket = new aws.s3.Bucket("bucket", {
grants: [
{
id: currentUser.id,
permissions: ["FULL_CONTROL"],
type: "CanonicalUser",
},
{
permissions: [
"READ",
"WRITE",
],
type: "Group",
uri: "http://acs.amazonaws.com/groups/s3/LogDelivery",
},
],
});Create a Bucket Resource
new Bucket(name: string, args?: BucketArgs, opts?: CustomResourceOptions);def Bucket(resource_name, opts=None, acceleration_status=None, acl=None, arn=None, bucket=None, bucket_prefix=None, cors_rules=None, force_destroy=None, grants=None, hosted_zone_id=None, lifecycle_rules=None, loggings=None, object_lock_configuration=None, policy=None, region=None, replication_configuration=None, request_payer=None, server_side_encryption_configuration=None, tags=None, versioning=None, website=None, website_domain=None, website_endpoint=None, __props__=None);func NewBucket(ctx *Context, name string, args *BucketArgs, opts ...ResourceOption) (*Bucket, error)public Bucket(string name, BucketArgs? args = null, CustomResourceOptions? opts = null)- name string
- The unique name of the resource.
- args BucketArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- opts ResourceOptions
- A bag of options that control this resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args BucketArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args BucketArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
Bucket Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.
Inputs
The Bucket resource accepts the following input properties:
- Acceleration
Status string Sets the accelerate configuration of an existing bucket. Can be
EnabledorSuspended.- Acl string
The canned ACL to apply. Defaults to “private”. Conflicts with
grant.- Arn string
The ARN of the bucket. Will be of format
arn:aws:s3:::bucketname.- Bucket
Name string The name of the bucket. If omitted, this provider will assign a random, unique name.
- Bucket
Prefix string Creates a unique bucket name beginning with the specified prefix. Conflicts with
bucket.- Cors
Rules List<BucketCors Rule Args> A rule of Cross-Origin Resource Sharing (documented below).
- Force
Destroy bool A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.
- Grants
List<Bucket
Grant Args> An ACL policy grant (documented below). Conflicts with
acl.- Hosted
Zone stringId The Route 53 Hosted Zone ID for this bucket’s region.
- Lifecycle
Rules List<BucketLifecycle Rule Args> A configuration of object lifecycle management (documented below).
- Loggings
List<Bucket
Logging Args> A settings of bucket logging (documented below).
- Object
Lock BucketConfiguration Object Lock Configuration Args A configuration of S3 object locking (documented below)
- Policy string
A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), the provider may view the policy as constantly changing in a
pulumi up / preview / update. In this case, please make sure you use the verbose/specific version of the policy.- Region string
If specified, the AWS region this bucket should reside in. Otherwise, the region used by the callee.
- Replication
Configuration BucketReplication Configuration Args A configuration of replication configuration (documented below).
- Request
Payer string Specifies who should bear the cost of Amazon S3 data transfer. Can be either
BucketOwnerorRequester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information.- Server
Side BucketEncryption Configuration Server Side Encryption Configuration Args A configuration of server-side encryption configuration (documented below)
- Dictionary<string, string>
A mapping of tags to assign to the bucket.
- Versioning
Bucket
Versioning Args A state of versioning (documented below)
- Website
Bucket
Website Args A website object (documented below).
- Website
Domain string The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.
- Website
Endpoint string The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.
- Acceleration
Status string Sets the accelerate configuration of an existing bucket. Can be
EnabledorSuspended.- Acl interface{}
The canned ACL to apply. Defaults to “private”. Conflicts with
grant.- Arn string
The ARN of the bucket. Will be of format
arn:aws:s3:::bucketname.- Bucket string
The name of the bucket. If omitted, this provider will assign a random, unique name.
- Bucket
Prefix string Creates a unique bucket name beginning with the specified prefix. Conflicts with
bucket.- Cors
Rules []BucketCors Rule A rule of Cross-Origin Resource Sharing (documented below).
- Force
Destroy bool A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.
- Grants
[]Bucket
Grant An ACL policy grant (documented below). Conflicts with
acl.- Hosted
Zone stringId The Route 53 Hosted Zone ID for this bucket’s region.
- Lifecycle
Rules []BucketLifecycle Rule A configuration of object lifecycle management (documented below).
- Loggings
[]Bucket
Logging A settings of bucket logging (documented below).
- Object
Lock BucketConfiguration Object Lock Configuration A configuration of S3 object locking (documented below)
- Policy interface{}
A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), the provider may view the policy as constantly changing in a
pulumi up / preview / update. In this case, please make sure you use the verbose/specific version of the policy.- Region string
If specified, the AWS region this bucket should reside in. Otherwise, the region used by the callee.
- Replication
Configuration BucketReplication Configuration A configuration of replication configuration (documented below).
- Request
Payer string Specifies who should bear the cost of Amazon S3 data transfer. Can be either
BucketOwnerorRequester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information.- Server
Side BucketEncryption Configuration Server Side Encryption Configuration A configuration of server-side encryption configuration (documented below)
- map[string]string
A mapping of tags to assign to the bucket.
- Versioning
Bucket
Versioning A state of versioning (documented below)
- Website
Bucket
Website A website object (documented below).
- Website
Domain string The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.
- Website
Endpoint string The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.
- acceleration
Status string Sets the accelerate configuration of an existing bucket. Can be
EnabledorSuspended.- acl
string | Canned
Acl The canned ACL to apply. Defaults to “private”. Conflicts with
grant.- arn string
The ARN of the bucket. Will be of format
arn:aws:s3:::bucketname.- bucket string
The name of the bucket. If omitted, this provider will assign a random, unique name.
- bucket
Prefix string Creates a unique bucket name beginning with the specified prefix. Conflicts with
bucket.- cors
Rules BucketCors Rule[] A rule of Cross-Origin Resource Sharing (documented below).
- force
Destroy boolean A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.
- grants
Bucket
Grant[] An ACL policy grant (documented below). Conflicts with
acl.- hosted
Zone stringId The Route 53 Hosted Zone ID for this bucket’s region.
- lifecycle
Rules BucketLifecycle Rule[] A configuration of object lifecycle management (documented below).
- loggings
Bucket
Logging[] A settings of bucket logging (documented below).
- object
Lock BucketConfiguration Object Lock Configuration A configuration of S3 object locking (documented below)
- policy
string | Policy
Document A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), the provider may view the policy as constantly changing in a
pulumi up / preview / update. In this case, please make sure you use the verbose/specific version of the policy.- region string
If specified, the AWS region this bucket should reside in. Otherwise, the region used by the callee.
- replication
Configuration BucketReplication Configuration A configuration of replication configuration (documented below).
- request
Payer string Specifies who should bear the cost of Amazon S3 data transfer. Can be either
BucketOwnerorRequester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information.- server
Side BucketEncryption Configuration Server Side Encryption Configuration A configuration of server-side encryption configuration (documented below)
- {[key: string]: string}
A mapping of tags to assign to the bucket.
- versioning
Bucket
Versioning A state of versioning (documented below)
- website
Bucket
Website A website object (documented below).
- website
Domain string The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.
- website
Endpoint string The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.
- acceleration_
status str Sets the accelerate configuration of an existing bucket. Can be
EnabledorSuspended.- acl string | str
The canned ACL to apply. Defaults to “private”. Conflicts with
grant.- arn str
The ARN of the bucket. Will be of format
arn:aws:s3:::bucketname.- bucket str
The name of the bucket. If omitted, this provider will assign a random, unique name.
- bucket_
prefix str Creates a unique bucket name beginning with the specified prefix. Conflicts with
bucket.- cors_
rules List[BucketCors Rule] A rule of Cross-Origin Resource Sharing (documented below).
- force_
destroy bool A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.
- grants
List[Bucket
Grant] An ACL policy grant (documented below). Conflicts with
acl.- hosted_
zone_ strid The Route 53 Hosted Zone ID for this bucket’s region.
- lifecycle_
rules List[BucketLifecycle Rule] A configuration of object lifecycle management (documented below).
- loggings
List[Bucket
Logging] A settings of bucket logging (documented below).
- object_
lock_ Dict[Bucketconfiguration Object Lock Configuration] A configuration of S3 object locking (documented below)
- policy string | str
A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), the provider may view the policy as constantly changing in a
pulumi up / preview / update. In this case, please make sure you use the verbose/specific version of the policy.- region str
If specified, the AWS region this bucket should reside in. Otherwise, the region used by the callee.
- replication_
configuration Dict[BucketReplication Configuration] A configuration of replication configuration (documented below).
- request_
payer str Specifies who should bear the cost of Amazon S3 data transfer. Can be either
BucketOwnerorRequester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information.- server_
side_ Dict[Bucketencryption_ configuration Server Side Encryption Configuration] A configuration of server-side encryption configuration (documented below)
- Dict[str, str]
A mapping of tags to assign to the bucket.
- versioning
Dict[Bucket
Versioning] A state of versioning (documented below)
- website
Dict[Bucket
Website] A website object (documented below).
- website_
domain str The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.
- website_
endpoint str The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.
Outputs
All input properties are implicitly available as output properties. Additionally, the Bucket resource produces the following output properties:
- Bucket
Domain stringName The bucket domain name. Will be of format
bucketname.s3.amazonaws.com.- Bucket
Regional stringDomain Name The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.
- Id string
- The provider-assigned unique ID for this managed resource.
- Bucket
Domain stringName The bucket domain name. Will be of format
bucketname.s3.amazonaws.com.- Bucket
Regional stringDomain Name The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.
- Id string
- The provider-assigned unique ID for this managed resource.
- bucket
Domain stringName The bucket domain name. Will be of format
bucketname.s3.amazonaws.com.- bucket
Regional stringDomain Name The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.
- id string
- The provider-assigned unique ID for this managed resource.
- bucket_
domain_ strname The bucket domain name. Will be of format
bucketname.s3.amazonaws.com.- bucket_
regional_ strdomain_ name The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.
- id str
- The provider-assigned unique ID for this managed resource.
Look up an Existing Bucket Resource
Get an existing Bucket resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: BucketState, opts?: CustomResourceOptions): Bucketstatic get(resource_name, id, opts=None, acceleration_status=None, acl=None, arn=None, bucket=None, bucket_domain_name=None, bucket_prefix=None, bucket_regional_domain_name=None, cors_rules=None, force_destroy=None, grants=None, hosted_zone_id=None, lifecycle_rules=None, loggings=None, object_lock_configuration=None, policy=None, region=None, replication_configuration=None, request_payer=None, server_side_encryption_configuration=None, tags=None, versioning=None, website=None, website_domain=None, website_endpoint=None, __props__=None);func GetBucket(ctx *Context, name string, id IDInput, state *BucketState, opts ...ResourceOption) (*Bucket, error)public static Bucket Get(string name, Input<string> id, BucketState? state, CustomResourceOptions? opts = null)- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
The following state arguments are supported:
- Acceleration
Status string Sets the accelerate configuration of an existing bucket. Can be
EnabledorSuspended.- Acl string
The canned ACL to apply. Defaults to “private”. Conflicts with
grant.- Arn string
The ARN of the bucket. Will be of format
arn:aws:s3:::bucketname.- Bucket
Domain stringName The bucket domain name. Will be of format
bucketname.s3.amazonaws.com.- Bucket
Name string The name of the bucket. If omitted, this provider will assign a random, unique name.
- Bucket
Prefix string Creates a unique bucket name beginning with the specified prefix. Conflicts with
bucket.- Bucket
Regional stringDomain Name The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.
- Cors
Rules List<BucketCors Rule Args> A rule of Cross-Origin Resource Sharing (documented below).
- Force
Destroy bool A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.
- Grants
List<Bucket
Grant Args> An ACL policy grant (documented below). Conflicts with
acl.- Hosted
Zone stringId The Route 53 Hosted Zone ID for this bucket’s region.
- Lifecycle
Rules List<BucketLifecycle Rule Args> A configuration of object lifecycle management (documented below).
- Loggings
List<Bucket
Logging Args> A settings of bucket logging (documented below).
- Object
Lock BucketConfiguration Object Lock Configuration Args A configuration of S3 object locking (documented below)
- Policy string
A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), the provider may view the policy as constantly changing in a
pulumi up / preview / update. In this case, please make sure you use the verbose/specific version of the policy.- Region string
If specified, the AWS region this bucket should reside in. Otherwise, the region used by the callee.
- Replication
Configuration BucketReplication Configuration Args A configuration of replication configuration (documented below).
- Request
Payer string Specifies who should bear the cost of Amazon S3 data transfer. Can be either
BucketOwnerorRequester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information.- Server
Side BucketEncryption Configuration Server Side Encryption Configuration Args A configuration of server-side encryption configuration (documented below)
- Dictionary<string, string>
A mapping of tags to assign to the bucket.
- Versioning
Bucket
Versioning Args A state of versioning (documented below)
- Website
Bucket
Website Args A website object (documented below).
- Website
Domain string The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.
- Website
Endpoint string The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.
- Acceleration
Status string Sets the accelerate configuration of an existing bucket. Can be
EnabledorSuspended.- Acl interface{}
The canned ACL to apply. Defaults to “private”. Conflicts with
grant.- Arn string
The ARN of the bucket. Will be of format
arn:aws:s3:::bucketname.- Bucket string
The name of the bucket. If omitted, this provider will assign a random, unique name.
- Bucket
Domain stringName The bucket domain name. Will be of format
bucketname.s3.amazonaws.com.- Bucket
Prefix string Creates a unique bucket name beginning with the specified prefix. Conflicts with
bucket.- Bucket
Regional stringDomain Name The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.
- Cors
Rules []BucketCors Rule A rule of Cross-Origin Resource Sharing (documented below).
- Force
Destroy bool A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.
- Grants
[]Bucket
Grant An ACL policy grant (documented below). Conflicts with
acl.- Hosted
Zone stringId The Route 53 Hosted Zone ID for this bucket’s region.
- Lifecycle
Rules []BucketLifecycle Rule A configuration of object lifecycle management (documented below).
- Loggings
[]Bucket
Logging A settings of bucket logging (documented below).
- Object
Lock BucketConfiguration Object Lock Configuration A configuration of S3 object locking (documented below)
- Policy interface{}
A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), the provider may view the policy as constantly changing in a
pulumi up / preview / update. In this case, please make sure you use the verbose/specific version of the policy.- Region string
If specified, the AWS region this bucket should reside in. Otherwise, the region used by the callee.
- Replication
Configuration BucketReplication Configuration A configuration of replication configuration (documented below).
- Request
Payer string Specifies who should bear the cost of Amazon S3 data transfer. Can be either
BucketOwnerorRequester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information.- Server
Side BucketEncryption Configuration Server Side Encryption Configuration A configuration of server-side encryption configuration (documented below)
- map[string]string
A mapping of tags to assign to the bucket.
- Versioning
Bucket
Versioning A state of versioning (documented below)
- Website
Bucket
Website A website object (documented below).
- Website
Domain string The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.
- Website
Endpoint string The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.
- acceleration
Status string Sets the accelerate configuration of an existing bucket. Can be
EnabledorSuspended.- acl
string | Canned
Acl The canned ACL to apply. Defaults to “private”. Conflicts with
grant.- arn string
The ARN of the bucket. Will be of format
arn:aws:s3:::bucketname.- bucket string
The name of the bucket. If omitted, this provider will assign a random, unique name.
- bucket
Domain stringName The bucket domain name. Will be of format
bucketname.s3.amazonaws.com.- bucket
Prefix string Creates a unique bucket name beginning with the specified prefix. Conflicts with
bucket.- bucket
Regional stringDomain Name The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.
- cors
Rules BucketCors Rule[] A rule of Cross-Origin Resource Sharing (documented below).
- force
Destroy boolean A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.
- grants
Bucket
Grant[] An ACL policy grant (documented below). Conflicts with
acl.- hosted
Zone stringId The Route 53 Hosted Zone ID for this bucket’s region.
- lifecycle
Rules BucketLifecycle Rule[] A configuration of object lifecycle management (documented below).
- loggings
Bucket
Logging[] A settings of bucket logging (documented below).
- object
Lock BucketConfiguration Object Lock Configuration A configuration of S3 object locking (documented below)
- policy
string | Policy
Document A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), the provider may view the policy as constantly changing in a
pulumi up / preview / update. In this case, please make sure you use the verbose/specific version of the policy.- region string
If specified, the AWS region this bucket should reside in. Otherwise, the region used by the callee.
- replication
Configuration BucketReplication Configuration A configuration of replication configuration (documented below).
- request
Payer string Specifies who should bear the cost of Amazon S3 data transfer. Can be either
BucketOwnerorRequester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information.- server
Side BucketEncryption Configuration Server Side Encryption Configuration A configuration of server-side encryption configuration (documented below)
- {[key: string]: string}
A mapping of tags to assign to the bucket.
- versioning
Bucket
Versioning A state of versioning (documented below)
- website
Bucket
Website A website object (documented below).
- website
Domain string The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.
- website
Endpoint string The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.
- acceleration_
status str Sets the accelerate configuration of an existing bucket. Can be
EnabledorSuspended.- acl string | str
The canned ACL to apply. Defaults to “private”. Conflicts with
grant.- arn str
The ARN of the bucket. Will be of format
arn:aws:s3:::bucketname.- bucket str
The name of the bucket. If omitted, this provider will assign a random, unique name.
- bucket_
domain_ strname The bucket domain name. Will be of format
bucketname.s3.amazonaws.com.- bucket_
prefix str Creates a unique bucket name beginning with the specified prefix. Conflicts with
bucket.- bucket_
regional_ strdomain_ name The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.
- cors_
rules List[BucketCors Rule] A rule of Cross-Origin Resource Sharing (documented below).
- force_
destroy bool A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.
- grants
List[Bucket
Grant] An ACL policy grant (documented below). Conflicts with
acl.- hosted_
zone_ strid The Route 53 Hosted Zone ID for this bucket’s region.
- lifecycle_
rules List[BucketLifecycle Rule] A configuration of object lifecycle management (documented below).
- loggings
List[Bucket
Logging] A settings of bucket logging (documented below).
- object_
lock_ Dict[Bucketconfiguration Object Lock Configuration] A configuration of S3 object locking (documented below)
- policy string | str
A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), the provider may view the policy as constantly changing in a
pulumi up / preview / update. In this case, please make sure you use the verbose/specific version of the policy.- region str
If specified, the AWS region this bucket should reside in. Otherwise, the region used by the callee.
- replication_
configuration Dict[BucketReplication Configuration] A configuration of replication configuration (documented below).
- request_
payer str Specifies who should bear the cost of Amazon S3 data transfer. Can be either
BucketOwnerorRequester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information.- server_
side_ Dict[Bucketencryption_ configuration Server Side Encryption Configuration] A configuration of server-side encryption configuration (documented below)
- Dict[str, str]
A mapping of tags to assign to the bucket.
- versioning
Dict[Bucket
Versioning] A state of versioning (documented below)
- website
Dict[Bucket
Website] A website object (documented below).
- website_
domain str The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.
- website_
endpoint str The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.
Supporting Types
BucketCorsRule
- Allowed
Methods List<string> Specifies which methods are allowed. Can be
GET,PUT,POST,DELETEorHEAD.- Allowed
Origins List<string> Specifies which origins are allowed.
- Allowed
Headers List<string> Specifies which headers are allowed.
- Expose
Headers List<string> Specifies expose header in the response.
- Max
Age intSeconds Specifies time in seconds that browser can cache the response for a preflight request.
- Allowed
Methods []string Specifies which methods are allowed. Can be
GET,PUT,POST,DELETEorHEAD.- Allowed
Origins []string Specifies which origins are allowed.
- Allowed
Headers []string Specifies which headers are allowed.
- Expose
Headers []string Specifies expose header in the response.
- Max
Age intSeconds Specifies time in seconds that browser can cache the response for a preflight request.
- allowed
Methods string[] Specifies which methods are allowed. Can be
GET,PUT,POST,DELETEorHEAD.- allowed
Origins string[] Specifies which origins are allowed.
- allowed
Headers string[] Specifies which headers are allowed.
- expose
Headers string[] Specifies expose header in the response.
- max
Age numberSeconds Specifies time in seconds that browser can cache the response for a preflight request.
- allowed
Methods List[str] Specifies which methods are allowed. Can be
GET,PUT,POST,DELETEorHEAD.- allowed
Origins List[str] Specifies which origins are allowed.
- allowed
Headers List[str] Specifies which headers are allowed.
- expose
Headers List[str] Specifies expose header in the response.
- max
Age floatSeconds Specifies time in seconds that browser can cache the response for a preflight request.
BucketGrant
- Permissions List<string>
List of permissions to apply for grantee. Valid values are
READ,WRITE,READ_ACP,WRITE_ACP,FULL_CONTROL.- Type string
- Type of grantee to apply for. Valid values are
CanonicalUserandGroup.AmazonCustomerByEmailis not supported.
- Type of grantee to apply for. Valid values are
- Id string
Canonical user id to grant for. Used only when
typeisCanonicalUser.- Uri string
Uri address to grant for. Used only when
typeisGroup.
- Permissions []string
List of permissions to apply for grantee. Valid values are
READ,WRITE,READ_ACP,WRITE_ACP,FULL_CONTROL.- Type string
- Type of grantee to apply for. Valid values are
CanonicalUserandGroup.AmazonCustomerByEmailis not supported.
- Type of grantee to apply for. Valid values are
- Id string
Canonical user id to grant for. Used only when
typeisCanonicalUser.- Uri string
Uri address to grant for. Used only when
typeisGroup.
- permissions string[]
List of permissions to apply for grantee. Valid values are
READ,WRITE,READ_ACP,WRITE_ACP,FULL_CONTROL.- type string
- Type of grantee to apply for. Valid values are
CanonicalUserandGroup.AmazonCustomerByEmailis not supported.
- Type of grantee to apply for. Valid values are
- id string
Canonical user id to grant for. Used only when
typeisCanonicalUser.- uri string
Uri address to grant for. Used only when
typeisGroup.
- permissions List[str]
List of permissions to apply for grantee. Valid values are
READ,WRITE,READ_ACP,WRITE_ACP,FULL_CONTROL.- type str
- Type of grantee to apply for. Valid values are
CanonicalUserandGroup.AmazonCustomerByEmailis not supported.
- Type of grantee to apply for. Valid values are
- id str
Canonical user id to grant for. Used only when
typeisCanonicalUser.- uri str
Uri address to grant for. Used only when
typeisGroup.
BucketLifecycleRule
- Enabled bool
Specifies lifecycle rule status.
- Abort
Incomplete intMultipart Upload Days Specifies the number of days after initiating a multipart upload when the multipart upload must be completed.
- Expiration
Bucket
Lifecycle Rule Expiration Args Specifies a period in the object’s expire (documented below).
- Id string
Unique identifier for the rule.
- Noncurrent
Version BucketExpiration Lifecycle Rule Noncurrent Version Expiration Args Specifies when noncurrent object versions expire (documented below).
- Noncurrent
Version List<BucketTransitions Lifecycle Rule Noncurrent Version Transition Args> Specifies when noncurrent object versions transitions (documented below).
- Prefix string
Object key prefix identifying one or more objects to which the rule applies.
- Dictionary<string, string>
Specifies object tags key and value.
- Transitions
List<Bucket
Lifecycle Rule Transition Args> Specifies a period in the object’s transitions (documented below).
- Enabled bool
Specifies lifecycle rule status.
- Abort
Incomplete intMultipart Upload Days Specifies the number of days after initiating a multipart upload when the multipart upload must be completed.
- Expiration
Bucket
Lifecycle Rule Expiration Specifies a period in the object’s expire (documented below).
- Id string
Unique identifier for the rule.
- Noncurrent
Version BucketExpiration Lifecycle Rule Noncurrent Version Expiration Specifies when noncurrent object versions expire (documented below).
- Noncurrent
Version []BucketTransitions Lifecycle Rule Noncurrent Version Transition Specifies when noncurrent object versions transitions (documented below).
- Prefix string
Object key prefix identifying one or more objects to which the rule applies.
- map[string]string
Specifies object tags key and value.
- Transitions
[]Bucket
Lifecycle Rule Transition Specifies a period in the object’s transitions (documented below).
- enabled boolean
Specifies lifecycle rule status.
- abort
Incomplete numberMultipart Upload Days Specifies the number of days after initiating a multipart upload when the multipart upload must be completed.
- expiration
Bucket
Lifecycle Rule Expiration Specifies a period in the object’s expire (documented below).
- id string
Unique identifier for the rule.
- noncurrent
Version BucketExpiration Lifecycle Rule Noncurrent Version Expiration Specifies when noncurrent object versions expire (documented below).
- noncurrent
Version BucketTransitions Lifecycle Rule Noncurrent Version Transition[] Specifies when noncurrent object versions transitions (documented below).
- prefix string
Object key prefix identifying one or more objects to which the rule applies.
- {[key: string]: string}
Specifies object tags key and value.
- transitions
Bucket
Lifecycle Rule Transition[] Specifies a period in the object’s transitions (documented below).
- enabled bool
Specifies lifecycle rule status.
- abort
Incomplete floatMultipart Upload Days Specifies the number of days after initiating a multipart upload when the multipart upload must be completed.
- expiration
Dict[Bucket
Lifecycle Rule Expiration] Specifies a period in the object’s expire (documented below).
- id str
Unique identifier for the rule.
- noncurrent
Version Dict[BucketExpiration Lifecycle Rule Noncurrent Version Expiration] Specifies when noncurrent object versions expire (documented below).
- noncurrent
Version List[BucketTransitions Lifecycle Rule Noncurrent Version Transition] Specifies when noncurrent object versions transitions (documented below).
- prefix str
Object key prefix identifying one or more objects to which the rule applies.
- Dict[str, str]
Specifies object tags key and value.
- transitions
List[Bucket
Lifecycle Rule Transition] Specifies a period in the object’s transitions (documented below).
BucketLifecycleRuleExpiration
- Date string
Specifies the date after which you want the corresponding action to take effect.
- Days int
Specifies the number of days after object creation when the specific rule action takes effect.
- Expired
Object boolDelete Marker On a versioned bucket (versioning-enabled or versioning-suspended bucket), you can add this element in the lifecycle configuration to direct Amazon S3 to delete expired object delete markers.
- Date string
Specifies the date after which you want the corresponding action to take effect.
- Days int
Specifies the number of days after object creation when the specific rule action takes effect.
- Expired
Object boolDelete Marker On a versioned bucket (versioning-enabled or versioning-suspended bucket), you can add this element in the lifecycle configuration to direct Amazon S3 to delete expired object delete markers.
- date string
Specifies the date after which you want the corresponding action to take effect.
- days number
Specifies the number of days after object creation when the specific rule action takes effect.
- expired
Object booleanDelete Marker On a versioned bucket (versioning-enabled or versioning-suspended bucket), you can add this element in the lifecycle configuration to direct Amazon S3 to delete expired object delete markers.
- date str
Specifies the date after which you want the corresponding action to take effect.
- days float
Specifies the number of days after object creation when the specific rule action takes effect.
- expired
Object boolDelete Marker On a versioned bucket (versioning-enabled or versioning-suspended bucket), you can add this element in the lifecycle configuration to direct Amazon S3 to delete expired object delete markers.
BucketLifecycleRuleNoncurrentVersionExpiration
BucketLifecycleRuleNoncurrentVersionTransition
- Storage
Class string Specifies the Amazon S3 storage class to which you want the noncurrent object versions to transition. Can be
ONEZONE_IA,STANDARD_IA,INTELLIGENT_TIERING,GLACIER, orDEEP_ARCHIVE.- Days int
Specifies the number of days noncurrent object versions transition.
- Storage
Class string Specifies the Amazon S3 storage class to which you want the noncurrent object versions to transition. Can be
ONEZONE_IA,STANDARD_IA,INTELLIGENT_TIERING,GLACIER, orDEEP_ARCHIVE.- Days int
Specifies the number of days noncurrent object versions transition.
- storage
Class string Specifies the Amazon S3 storage class to which you want the noncurrent object versions to transition. Can be
ONEZONE_IA,STANDARD_IA,INTELLIGENT_TIERING,GLACIER, orDEEP_ARCHIVE.- days number
Specifies the number of days noncurrent object versions transition.
- storage_
class str Specifies the Amazon S3 storage class to which you want the noncurrent object versions to transition. Can be
ONEZONE_IA,STANDARD_IA,INTELLIGENT_TIERING,GLACIER, orDEEP_ARCHIVE.- days float
Specifies the number of days noncurrent object versions transition.
BucketLifecycleRuleTransition
- Storage
Class string Specifies the Amazon S3 storage class to which you want the object to transition. Can be
ONEZONE_IA,STANDARD_IA,INTELLIGENT_TIERING,GLACIER, orDEEP_ARCHIVE.- Date string
Specifies the date after which you want the corresponding action to take effect.
- Days int
Specifies the number of days after object creation when the specific rule action takes effect.
- Storage
Class string Specifies the Amazon S3 storage class to which you want the object to transition. Can be
ONEZONE_IA,STANDARD_IA,INTELLIGENT_TIERING,GLACIER, orDEEP_ARCHIVE.- Date string
Specifies the date after which you want the corresponding action to take effect.
- Days int
Specifies the number of days after object creation when the specific rule action takes effect.
- storage
Class string Specifies the Amazon S3 storage class to which you want the object to transition. Can be
ONEZONE_IA,STANDARD_IA,INTELLIGENT_TIERING,GLACIER, orDEEP_ARCHIVE.- date string
Specifies the date after which you want the corresponding action to take effect.
- days number
Specifies the number of days after object creation when the specific rule action takes effect.
- storage_
class str Specifies the Amazon S3 storage class to which you want the object to transition. Can be
ONEZONE_IA,STANDARD_IA,INTELLIGENT_TIERING,GLACIER, orDEEP_ARCHIVE.- date str
Specifies the date after which you want the corresponding action to take effect.
- days float
Specifies the number of days after object creation when the specific rule action takes effect.
BucketLogging
- Target
Bucket string The name of the bucket that will receive the log objects.
- Target
Prefix string To specify a key prefix for log objects.
- Target
Bucket string The name of the bucket that will receive the log objects.
- Target
Prefix string To specify a key prefix for log objects.
- target
Bucket string The name of the bucket that will receive the log objects.
- target
Prefix string To specify a key prefix for log objects.
- target
Bucket str The name of the bucket that will receive the log objects.
- target
Prefix str To specify a key prefix for log objects.
BucketObjectLockConfiguration
- Object
Lock stringEnabled Indicates whether this bucket has an Object Lock configuration enabled. Valid value is
Enabled.- Rule
Bucket
Object Lock Configuration Rule Args The Object Lock rule in place for this bucket.
- Object
Lock stringEnabled Indicates whether this bucket has an Object Lock configuration enabled. Valid value is
Enabled.- Rule
Bucket
Object Lock Configuration Rule The Object Lock rule in place for this bucket.
- object
Lock stringEnabled Indicates whether this bucket has an Object Lock configuration enabled. Valid value is
Enabled.- rule
Bucket
Object Lock Configuration Rule The Object Lock rule in place for this bucket.
- object
Lock strEnabled Indicates whether this bucket has an Object Lock configuration enabled. Valid value is
Enabled.- rule
Dict[Bucket
Object Lock Configuration Rule] The Object Lock rule in place for this bucket.
BucketObjectLockConfigurationRule
- Default
Retention BucketObject Lock Configuration Rule Default Retention Args The default retention period that you want to apply to new objects placed in this bucket.
- Default
Retention BucketObject Lock Configuration Rule Default Retention The default retention period that you want to apply to new objects placed in this bucket.
- default
Retention BucketObject Lock Configuration Rule Default Retention The default retention period that you want to apply to new objects placed in this bucket.
- default
Retention Dict[BucketObject Lock Configuration Rule Default Retention] The default retention period that you want to apply to new objects placed in this bucket.
BucketObjectLockConfigurationRuleDefaultRetention
- Mode string
The default Object Lock retention mode you want to apply to new objects placed in this bucket. Valid values are
GOVERNANCEandCOMPLIANCE.- Days int
The number of days that you want to specify for the default retention period.
- Years int
The number of years that you want to specify for the default retention period.
- Mode string
The default Object Lock retention mode you want to apply to new objects placed in this bucket. Valid values are
GOVERNANCEandCOMPLIANCE.- Days int
The number of days that you want to specify for the default retention period.
- Years int
The number of years that you want to specify for the default retention period.
- mode string
The default Object Lock retention mode you want to apply to new objects placed in this bucket. Valid values are
GOVERNANCEandCOMPLIANCE.- days number
The number of days that you want to specify for the default retention period.
- years number
The number of years that you want to specify for the default retention period.
- mode str
The default Object Lock retention mode you want to apply to new objects placed in this bucket. Valid values are
GOVERNANCEandCOMPLIANCE.- days float
The number of days that you want to specify for the default retention period.
- years float
The number of years that you want to specify for the default retention period.
BucketReplicationConfiguration
- Role string
The ARN of the IAM role for Amazon S3 to assume when replicating the objects.
- Rules
List<Bucket
Replication Configuration Rule Args> Specifies the rules managing the replication (documented below).
- Role string
The ARN of the IAM role for Amazon S3 to assume when replicating the objects.
- Rules
[]Bucket
Replication Configuration Rule Specifies the rules managing the replication (documented below).
- role string
The ARN of the IAM role for Amazon S3 to assume when replicating the objects.
- rules
Bucket
Replication Configuration Rule[] Specifies the rules managing the replication (documented below).
- role str
The ARN of the IAM role for Amazon S3 to assume when replicating the objects.
- rules
List[Bucket
Replication Configuration Rule] Specifies the rules managing the replication (documented below).
BucketReplicationConfigurationRule
- Destination
Bucket
Replication Configuration Rule Destination Args Specifies the destination for the rule (documented below).
- Status string
The status of the rule. Either
EnabledorDisabled. The rule is ignored if status is not Enabled.- Filter
Bucket
Replication Configuration Rule Filter Args Filter that identifies subset of objects to which the replication rule applies (documented below).
- Id string
Unique identifier for the rule.
- Prefix string
Object keyname prefix identifying one or more objects to which the rule applies.
- Priority int
is optional (with a default value of
0) but must be unique between multiple rules- Source
Selection BucketCriteria Replication Configuration Rule Source Selection Criteria Args Specifies special object selection criteria (documented below).
- Destination
Bucket
Replication Configuration Rule Destination Specifies the destination for the rule (documented below).
- Status string
The status of the rule. Either
EnabledorDisabled. The rule is ignored if status is not Enabled.- Filter
Bucket
Replication Configuration Rule Filter Filter that identifies subset of objects to which the replication rule applies (documented below).
- Id string
Unique identifier for the rule.
- Prefix string
Object keyname prefix identifying one or more objects to which the rule applies.
- Priority int
is optional (with a default value of
0) but must be unique between multiple rules- Source
Selection BucketCriteria Replication Configuration Rule Source Selection Criteria Specifies special object selection criteria (documented below).
- destination
Bucket
Replication Configuration Rule Destination Specifies the destination for the rule (documented below).
- status string
The status of the rule. Either
EnabledorDisabled. The rule is ignored if status is not Enabled.- filter
Bucket
Replication Configuration Rule Filter Filter that identifies subset of objects to which the replication rule applies (documented below).
- id string
Unique identifier for the rule.
- prefix string
Object keyname prefix identifying one or more objects to which the rule applies.
- priority number
is optional (with a default value of
0) but must be unique between multiple rules- source
Selection BucketCriteria Replication Configuration Rule Source Selection Criteria Specifies special object selection criteria (documented below).
- destination
Dict[Bucket
Replication Configuration Rule Destination] Specifies the destination for the rule (documented below).
- status str
The status of the rule. Either
EnabledorDisabled. The rule is ignored if status is not Enabled.- filter
Dict[Bucket
Replication Configuration Rule Filter] Filter that identifies subset of objects to which the replication rule applies (documented below).
- id str
Unique identifier for the rule.
- prefix str
Object keyname prefix identifying one or more objects to which the rule applies.
- priority float
is optional (with a default value of
0) but must be unique between multiple rules- source
Selection Dict[BucketCriteria Replication Configuration Rule Source Selection Criteria] Specifies special object selection criteria (documented below).
BucketReplicationConfigurationRuleDestination
- Bucket string
The ARN of the S3 bucket where you want Amazon S3 to store replicas of the object identified by the rule.
- Access
Control BucketTranslation Replication Configuration Rule Destination Access Control Translation Args Specifies the overrides to use for object owners on replication. Must be used in conjunction with
account_idowner override configuration.- Account
Id string The Account ID to use for overriding the object owner on replication. Must be used in conjunction with
access_control_translationoverride configuration.- Replica
Kms stringKey Id Destination KMS encryption key ARN for SSE-KMS replication. Must be used in conjunction with
sse_kms_encrypted_objectssource selection criteria.- Storage
Class string The class of storage used to store the object. Can be
STANDARD,REDUCED_REDUNDANCY,STANDARD_IA,ONEZONE_IA,INTELLIGENT_TIERING,GLACIER, orDEEP_ARCHIVE.
- Bucket string
The ARN of the S3 bucket where you want Amazon S3 to store replicas of the object identified by the rule.
- Access
Control BucketTranslation Replication Configuration Rule Destination Access Control Translation Specifies the overrides to use for object owners on replication. Must be used in conjunction with
account_idowner override configuration.- Account
Id string The Account ID to use for overriding the object owner on replication. Must be used in conjunction with
access_control_translationoverride configuration.- Replica
Kms stringKey Id Destination KMS encryption key ARN for SSE-KMS replication. Must be used in conjunction with
sse_kms_encrypted_objectssource selection criteria.- Storage
Class string The class of storage used to store the object. Can be
STANDARD,REDUCED_REDUNDANCY,STANDARD_IA,ONEZONE_IA,INTELLIGENT_TIERING,GLACIER, orDEEP_ARCHIVE.
- bucket string
The ARN of the S3 bucket where you want Amazon S3 to store replicas of the object identified by the rule.
- access
Control BucketTranslation Replication Configuration Rule Destination Access Control Translation Specifies the overrides to use for object owners on replication. Must be used in conjunction with
account_idowner override configuration.- account
Id string The Account ID to use for overriding the object owner on replication. Must be used in conjunction with
access_control_translationoverride configuration.- replica
Kms stringKey Id Destination KMS encryption key ARN for SSE-KMS replication. Must be used in conjunction with
sse_kms_encrypted_objectssource selection criteria.- storage
Class string The class of storage used to store the object. Can be
STANDARD,REDUCED_REDUNDANCY,STANDARD_IA,ONEZONE_IA,INTELLIGENT_TIERING,GLACIER, orDEEP_ARCHIVE.
- bucket str
The ARN of the S3 bucket where you want Amazon S3 to store replicas of the object identified by the rule.
- access
Control Dict[BucketTranslation Replication Configuration Rule Destination Access Control Translation] Specifies the overrides to use for object owners on replication. Must be used in conjunction with
account_idowner override configuration.- account_
id str The Account ID to use for overriding the object owner on replication. Must be used in conjunction with
access_control_translationoverride configuration.- replica
Kms strKey Id Destination KMS encryption key ARN for SSE-KMS replication. Must be used in conjunction with
sse_kms_encrypted_objectssource selection criteria.- storage_
class str The class of storage used to store the object. Can be
STANDARD,REDUCED_REDUNDANCY,STANDARD_IA,ONEZONE_IA,INTELLIGENT_TIERING,GLACIER, orDEEP_ARCHIVE.
BucketReplicationConfigurationRuleDestinationAccessControlTranslation
BucketReplicationConfigurationRuleFilter
BucketReplicationConfigurationRuleSourceSelectionCriteria
- Sse
Kms BucketEncrypted Objects Replication Configuration Rule Source Selection Criteria Sse Kms Encrypted Objects Args Match SSE-KMS encrypted objects (documented below). If specified,
replica_kms_key_idindestinationmust be specified as well.
- Sse
Kms BucketEncrypted Objects Replication Configuration Rule Source Selection Criteria Sse Kms Encrypted Objects Match SSE-KMS encrypted objects (documented below). If specified,
replica_kms_key_idindestinationmust be specified as well.
- sse
Kms BucketEncrypted Objects Replication Configuration Rule Source Selection Criteria Sse Kms Encrypted Objects Match SSE-KMS encrypted objects (documented below). If specified,
replica_kms_key_idindestinationmust be specified as well.
- sse
Kms Dict[BucketEncrypted Objects Replication Configuration Rule Source Selection Criteria Sse Kms Encrypted Objects] Match SSE-KMS encrypted objects (documented below). If specified,
replica_kms_key_idindestinationmust be specified as well.
BucketReplicationConfigurationRuleSourceSelectionCriteriaSseKmsEncryptedObjects
BucketServerSideEncryptionConfiguration
- Rule
Bucket
Server Side Encryption Configuration Rule Args A single object for server-side encryption by default configuration. (documented below)
- Rule
Bucket
Server Side Encryption Configuration Rule A single object for server-side encryption by default configuration. (documented below)
- rule
Bucket
Server Side Encryption Configuration Rule A single object for server-side encryption by default configuration. (documented below)
- rule
Dict[Bucket
Server Side Encryption Configuration Rule] A single object for server-side encryption by default configuration. (documented below)
BucketServerSideEncryptionConfigurationRule
- Apply
Server BucketSide Encryption By Default Server Side Encryption Configuration Rule Apply Server Side Encryption By Default Args A single object for setting server-side encryption by default. (documented below)
- Apply
Server BucketSide Encryption By Default Server Side Encryption Configuration Rule Apply Server Side Encryption By Default A single object for setting server-side encryption by default. (documented below)
- apply
Server BucketSide Encryption By Default Server Side Encryption Configuration Rule Apply Server Side Encryption By Default A single object for setting server-side encryption by default. (documented below)
- apply
Server Dict[BucketSide Encryption By Default Server Side Encryption Configuration Rule Apply Server Side Encryption By Default] A single object for setting server-side encryption by default. (documented below)
BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefault
- Sse
Algorithm string The server-side encryption algorithm to use. Valid values are
AES256andaws:kms- Kms
Master stringKey Id The AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of
sse_algorithmasaws:kms. The defaultaws/s3AWS KMS master key is used if this element is absent while thesse_algorithmisaws:kms.
- Sse
Algorithm string The server-side encryption algorithm to use. Valid values are
AES256andaws:kms- Kms
Master stringKey Id The AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of
sse_algorithmasaws:kms. The defaultaws/s3AWS KMS master key is used if this element is absent while thesse_algorithmisaws:kms.
- sse
Algorithm string The server-side encryption algorithm to use. Valid values are
AES256andaws:kms- kms
Master stringKey Id The AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of
sse_algorithmasaws:kms. The defaultaws/s3AWS KMS master key is used if this element is absent while thesse_algorithmisaws:kms.
- sse
Algorithm str The server-side encryption algorithm to use. Valid values are
AES256andaws:kms- kms_
master_ strkey_ id The AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of
sse_algorithmasaws:kms. The defaultaws/s3AWS KMS master key is used if this element is absent while thesse_algorithmisaws:kms.
BucketVersioning
- Enabled bool
Enable versioning. Once you version-enable a bucket, it can never return to an unversioned state. You can, however, suspend versioning on that bucket.
- Mfa
Delete bool Enable MFA delete for either
Change the versioning state of your bucketorPermanently delete an object version. Default isfalse. This cannot be used to toggle this setting but is available to allow managed buckets to reflect the state in AWS
- Enabled bool
Enable versioning. Once you version-enable a bucket, it can never return to an unversioned state. You can, however, suspend versioning on that bucket.
- Mfa
Delete bool Enable MFA delete for either
Change the versioning state of your bucketorPermanently delete an object version. Default isfalse. This cannot be used to toggle this setting but is available to allow managed buckets to reflect the state in AWS
- enabled boolean
Enable versioning. Once you version-enable a bucket, it can never return to an unversioned state. You can, however, suspend versioning on that bucket.
- mfa
Delete boolean Enable MFA delete for either
Change the versioning state of your bucketorPermanently delete an object version. Default isfalse. This cannot be used to toggle this setting but is available to allow managed buckets to reflect the state in AWS
- enabled bool
Enable versioning. Once you version-enable a bucket, it can never return to an unversioned state. You can, however, suspend versioning on that bucket.
- mfa
Delete bool Enable MFA delete for either
Change the versioning state of your bucketorPermanently delete an object version. Default isfalse. This cannot be used to toggle this setting but is available to allow managed buckets to reflect the state in AWS
BucketWebsite
- Error
Document string An absolute path to the document to return in case of a 4XX error.
- Index
Document string Amazon S3 returns this index document when requests are made to the root domain or any of the subfolders.
- Redirect
All stringRequests To A hostname to redirect all website requests for this bucket to. Hostname can optionally be prefixed with a protocol (
http://orhttps://) to use when redirecting requests. The default is the protocol that is used in the original request.- Routing
Rules Union<string, ImmutableArray<string>> A json array containing routing rules describing redirect behavior and when redirects are applied.
- Error
Document string An absolute path to the document to return in case of a 4XX error.
- Index
Document string Amazon S3 returns this index document when requests are made to the root domain or any of the subfolders.
- Redirect
All stringRequests To A hostname to redirect all website requests for this bucket to. Hostname can optionally be prefixed with a protocol (
http://orhttps://) to use when redirecting requests. The default is the protocol that is used in the original request.- Routing
Rules interface{} A json array containing routing rules describing redirect behavior and when redirects are applied.
- error
Document string An absolute path to the document to return in case of a 4XX error.
- index
Document string Amazon S3 returns this index document when requests are made to the root domain or any of the subfolders.
- redirect
All stringRequests To A hostname to redirect all website requests for this bucket to. Hostname can optionally be prefixed with a protocol (
http://orhttps://) to use when redirecting requests. The default is the protocol that is used in the original request.- routing
Rules string | RoutingRule[] A json array containing routing rules describing redirect behavior and when redirects are applied.
- error
Document str An absolute path to the document to return in case of a 4XX error.
- index
Document str Amazon S3 returns this index document when requests are made to the root domain or any of the subfolders.
- redirect
All strRequests To A hostname to redirect all website requests for this bucket to. Hostname can optionally be prefixed with a protocol (
http://orhttps://) to use when redirecting requests. The default is the protocol that is used in the original request.- routing
Rules string | List[RoutingRule] A json array containing routing rules describing redirect behavior and when redirects are applied.
Package Details
- Repository
- https://github.com/pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.