Namespace Pulumi.Aws.Glacier
Classes
Vault
Provides a Glacier Vault Resource. You can refer to the Glacier Developer Guide for a full explanation of the Glacier Vault functionality
NOTE: When removing a Glacier Vault, the Vault must be empty.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var awsSnsTopic = new Aws.Sns.Topic("awsSnsTopic", new Aws.Sns.TopicArgs
{
});
var myArchive = new Aws.Glacier.Vault("myArchive", new Aws.Glacier.VaultArgs
{
AccessPolicy = @"{
""Version"":""2012-10-17"",
""Statement"":[
{
""Sid"": ""add-read-only-perm"",
""Principal"": ""*"",
""Effect"": ""Allow"",
""Action"": [
""glacier:InitiateJob"",
""glacier:GetJobOutput""
],
""Resource"": ""arn:aws:glacier:eu-west-1:432981146916:vaults/MyArchive""
}
]
}
",
Notifications =
{
new Aws.Glacier.Inputs.VaultNotificationArgs
{
Events =
{
"ArchiveRetrievalCompleted",
"InventoryRetrievalCompleted",
},
SnsTopic = awsSnsTopic.Arn,
},
},
Tags =
{
{ "Test", "MyArchive" },
},
});
}
}
VaultArgs
VaultLock
Manages a Glacier Vault Lock. You can refer to the Glacier Developer Guide for a full explanation of the Glacier Vault Lock functionality.
NOTE: This resource allows you to test Glacier Vault Lock policies by setting the
complete_lockargument tofalse. When testing policies in this manner, the Glacier Vault Lock automatically expires after 24 hours and this provider will show this resource as needing recreation after that time. To permanently apply the policy, set thecomplete_lockargument totrue. When changingcomplete_locktotrue, it is expected the resource will show as recreating.
!> WARNING: Once a Glacier Vault Lock is completed, it is immutable. The deletion of the Glacier Vault Lock is not be possible and attempting to remove it from this provider will return an error. Set the ignore_deletion_error argument to true and apply this configuration before attempting to delete this resource via this provider or remove this resource from this provider's management.
Example Usage
Testing Glacier Vault Lock Policy
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var exampleVault = new Aws.Glacier.Vault("exampleVault", new Aws.Glacier.VaultArgs
{
});
var examplePolicyDocument = exampleVault.Arn.Apply(arn => Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs
{
Statements =
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs
{
Actions =
{
"glacier:DeleteArchive",
},
Condition =
{
{
{ "test", "NumericLessThanEquals" },
{ "values",
{
"365",
} },
{ "variable", "glacier:ArchiveAgeinDays" },
},
},
Effect = "Deny",
Resources =
{
arn,
},
},
},
}));
var exampleVaultLock = new Aws.Glacier.VaultLock("exampleVaultLock", new Aws.Glacier.VaultLockArgs
{
CompleteLock = false,
Policy = examplePolicyDocument.Apply(examplePolicyDocument => examplePolicyDocument.Json),
VaultName = exampleVault.Name,
});
}
}
Permanently Applying Glacier Vault Lock Policy
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var example = new Aws.Glacier.VaultLock("example", new Aws.Glacier.VaultLockArgs
{
CompleteLock = true,
Policy = data.Aws_iam_policy_document.Example.Json,
VaultName = aws_glacier_vault.Example.Name,
});
}
}