Class Bucket
Provides a S3 bucket resource.
Example Usage
Private Bucket w/ Tags
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var bucket = new Aws.S3.Bucket("bucket", new Aws.S3.BucketArgs
{
Acl = "private",
Tags =
{
{ "Environment", "Dev" },
{ "Name", "My bucket" },
},
});
}
}
Static Website Hosting
using System.IO;
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var bucket = new Aws.S3.Bucket("bucket", new Aws.S3.BucketArgs
{
Acl = "public-read",
Policy = File.ReadAllText("policy.json"),
Website = new Aws.S3.Inputs.BucketWebsiteArgs
{
Website = "error.html",
Website = "index.html",
Website = @"[{
""Condition"": {
""KeyPrefixEquals"": ""docs/""
},
""Redirect"": {
""ReplaceKeyPrefixWith"": ""documents/""
}
}]
",
},
});
}
}
Using CORS
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var bucket = new Aws.S3.Bucket("bucket", new Aws.S3.BucketArgs
{
Acl = "public-read",
CorsRules =
{
new Aws.S3.Inputs.BucketCorsRuleArgs
{
AllowedHeaders =
{
"*",
},
AllowedMethods =
{
"PUT",
"POST",
},
AllowedOrigins =
{
"https://s3-website-test.mydomain.com",
},
ExposeHeaders =
{
"ETag",
},
MaxAgeSeconds = 3000,
},
},
});
}
}
Using versioning
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var bucket = new Aws.S3.Bucket("bucket", new Aws.S3.BucketArgs
{
Acl = "private",
Versioning = new Aws.S3.Inputs.BucketVersioningArgs
{
Enabled = true,
},
});
}
}
Enable Logging
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var logBucket = new Aws.S3.Bucket("logBucket", new Aws.S3.BucketArgs
{
Acl = "log-delivery-write",
});
var bucket = new Aws.S3.Bucket("bucket", new Aws.S3.BucketArgs
{
Acl = "private",
Loggings =
{
new Aws.S3.Inputs.BucketLoggingArgs
{
TargetBucket = logBucket.Id,
TargetPrefix = "log/",
},
},
});
}
}
Using object lifecycle
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var bucket = new Aws.S3.Bucket("bucket", new Aws.S3.BucketArgs
{
Acl = "private",
LifecycleRules =
{
new Aws.S3.Inputs.BucketLifecycleRuleArgs
{
Enabled = true,
Expiration = new Aws.S3.Inputs.BucketLifecycleRuleExpirationArgs
{
Days = 90,
},
Id = "log",
Prefix = "log/",
Tags =
{
{ "autoclean", "true" },
{ "rule", "log" },
},
Transition =
{
{
{ "days", 30 },
{ "storageClass", "STANDARD_IA" },
},
{
{ "days", 60 },
{ "storageClass", "GLACIER" },
},
},
},
new Aws.S3.Inputs.BucketLifecycleRuleArgs
{
Enabled = true,
Expiration = new Aws.S3.Inputs.BucketLifecycleRuleExpirationArgs
{
Date = "2016-01-12",
},
Id = "tmp",
Prefix = "tmp/",
},
},
});
var versioningBucket = new Aws.S3.Bucket("versioningBucket", new Aws.S3.BucketArgs
{
Acl = "private",
LifecycleRules =
{
new Aws.S3.Inputs.BucketLifecycleRuleArgs
{
Enabled = true,
NoncurrentVersionExpiration = new Aws.S3.Inputs.BucketLifecycleRuleNoncurrentVersionExpirationArgs
{
Days = 90,
},
NoncurrentVersionTransition =
{
{
{ "days", 30 },
{ "storageClass", "STANDARD_IA" },
},
{
{ "days", 60 },
{ "storageClass", "GLACIER" },
},
},
Prefix = "config/",
},
},
Versioning = new Aws.S3.Inputs.BucketVersioningArgs
{
Enabled = true,
},
});
}
}
Using replication configuration
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var central = new Aws.Provider("central", new Aws.ProviderArgs
{
Region = "eu-central-1",
});
var replicationRole = new Aws.Iam.Role("replicationRole", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Action"": ""sts:AssumeRole"",
""Principal"": {
""Service"": ""s3.amazonaws.com""
},
""Effect"": ""Allow"",
""Sid"": """"
}
]
}
",
});
var destination = new Aws.S3.Bucket("destination", new Aws.S3.BucketArgs
{
Region = "eu-west-1",
Versioning = new Aws.S3.Inputs.BucketVersioningArgs
{
Enabled = true,
},
});
var bucket = new Aws.S3.Bucket("bucket", new Aws.S3.BucketArgs
{
Acl = "private",
Region = "eu-central-1",
ReplicationConfiguration = new Aws.S3.Inputs.BucketReplicationConfigurationArgs
{
Role = replicationRole.Arn,
Rules =
{
new Aws.S3.Inputs.BucketReplicationConfigurationRuleArgs
{
Destination = new Aws.S3.Inputs.BucketReplicationConfigurationRuleDestinationArgs
{
Bucket = destination.Arn,
StorageClass = "STANDARD",
},
Id = "foobar",
Prefix = "foo",
Status = "Enabled",
},
},
},
Versioning = new Aws.S3.Inputs.BucketVersioningArgs
{
Enabled = true,
},
});
var replicationPolicy = new Aws.Iam.Policy("replicationPolicy", new Aws.Iam.PolicyArgs
{
Policy = Output.Tuple(bucket.Arn, bucket.Arn, destination.Arn).Apply(values =>
{
var bucketArn = values.Item1;
var bucketArn1 = values.Item2;
var destinationArn = values.Item3;
return @$"{{
""Version"": ""2012-10-17"",
""Statement"": [
{{
""Action"": [
""s3:GetReplicationConfiguration"",
""s3:ListBucket""
],
""Effect"": ""Allow"",
""Resource"": [
""{bucketArn}""
]
}},
{{
""Action"": [
""s3:GetObjectVersion"",
""s3:GetObjectVersionAcl""
],
""Effect"": ""Allow"",
""Resource"": [
""{bucketArn1}/*""
]
}},
{{
""Action"": [
""s3:ReplicateObject"",
""s3:ReplicateDelete""
],
""Effect"": ""Allow"",
""Resource"": ""{destinationArn}/*""
}}
]
}}
";
}),
});
var replicationRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment("replicationRolePolicyAttachment", new Aws.Iam.RolePolicyAttachmentArgs
{
PolicyArn = replicationPolicy.Arn,
Role = replicationRole.Name,
});
}
}
Enable Default Server Side Encryption
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var mykey = new Aws.Kms.Key("mykey", new Aws.Kms.KeyArgs
{
DeletionWindowInDays = 10,
Description = "This key is used to encrypt bucket objects",
});
var mybucket = new Aws.S3.Bucket("mybucket", new Aws.S3.BucketArgs
{
ServerSideEncryptionConfiguration = new Aws.S3.Inputs.BucketServerSideEncryptionConfigurationArgs
{
Rule = new Aws.S3.Inputs.BucketServerSideEncryptionConfigurationRuleArgs
{
ApplyServerSideEncryptionByDefault = new Aws.S3.Inputs.BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefaultArgs
{
KmsMasterKeyId = mykey.Arn,
SseAlgorithm = "aws:kms",
},
},
},
});
}
}
Using ACL policy grants
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var currentUser = Output.Create(Aws.GetCanonicalUserId.InvokeAsync());
var bucket = new Aws.S3.Bucket("bucket", new Aws.S3.BucketArgs
{
Grants =
{
new Aws.S3.Inputs.BucketGrantArgs
{
Id = currentUser.Apply(currentUser => currentUser.Id),
Permissions =
{
"FULL_CONTROL",
},
Type = "CanonicalUser",
},
new Aws.S3.Inputs.BucketGrantArgs
{
Permissions =
{
"READ",
"WRITE",
},
Type = "Group",
Uri = "http://acs.amazonaws.com/groups/s3/LogDelivery",
},
},
});
}
}
Inherited Members
System.Object.Equals(System.Object)
System.Object.Equals(System.Object, System.Object)
System.Object.GetHashCode()
System.Object.GetType()
System.Object.MemberwiseClone()
System.Object.ReferenceEquals(System.Object, System.Object)
System.Object.ToString()
Namespace: Pulumi.Aws.S3
Assembly: Pulumi.Aws.dll
Syntax
public class Bucket : CustomResourceConstructors
View SourceBucket(String, BucketArgs, CustomResourceOptions)
Create a Bucket resource with the given unique name, arguments, and options.
Declaration
public Bucket(string name, BucketArgs args = null, CustomResourceOptions options = null)Parameters
| Type | Name | Description |
|---|---|---|
| System.String | name | The unique name of the resource |
| BucketArgs | args | The arguments used to populate this resource's properties |
| CustomResourceOptions | options | A bag of options that control this resource's behavior |
Properties
View SourceAccelerationStatus
Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended.
Declaration
public Output<string> AccelerationStatus { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
Acl
The canned ACL to apply. Defaults to "private". Conflicts with grant.
Declaration
public Output<string> Acl { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
Arn
The ARN of the bucket. Will be of format arn:aws:s3:::bucketname.
Declaration
public Output<string> Arn { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
BucketDomainName
The bucket domain name. Will be of format bucketname.s3.amazonaws.com.
Declaration
public Output<string> BucketDomainName { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
BucketName
The name of the bucket. If omitted, this provider will assign a random, unique name.
Declaration
public Output<string> BucketName { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
BucketPrefix
Creates a unique bucket name beginning with the specified prefix. Conflicts with bucket.
Declaration
public Output<string> BucketPrefix { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
BucketRegionalDomainName
The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.
Declaration
public Output<string> BucketRegionalDomainName { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
CorsRules
A rule of Cross-Origin Resource Sharing (documented below).
Declaration
public Output<ImmutableArray<BucketCorsRule>> CorsRules { get; }Property Value
| Type | Description |
|---|---|
| Output<System.Collections.Immutable.ImmutableArray<BucketCorsRule>> |
ForceDestroy
A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.
Declaration
public Output<bool?> ForceDestroy { get; }Property Value
| Type | Description |
|---|---|
| Output<System.Nullable<System.Boolean>> |
Grants
An ACL policy grant (documented below). Conflicts with acl.
Declaration
public Output<ImmutableArray<BucketGrant>> Grants { get; }Property Value
| Type | Description |
|---|---|
| Output<System.Collections.Immutable.ImmutableArray<BucketGrant>> |
HostedZoneId
The Route 53 Hosted Zone ID for this bucket's region.
Declaration
public Output<string> HostedZoneId { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
LifecycleRules
A configuration of object lifecycle management (documented below).
Declaration
public Output<ImmutableArray<BucketLifecycleRule>> LifecycleRules { get; }Property Value
| Type | Description |
|---|---|
| Output<System.Collections.Immutable.ImmutableArray<BucketLifecycleRule>> |
Loggings
A settings of bucket logging (documented below).
Declaration
public Output<ImmutableArray<BucketLogging>> Loggings { get; }Property Value
| Type | Description |
|---|---|
| Output<System.Collections.Immutable.ImmutableArray<BucketLogging>> |
ObjectLockConfiguration
A configuration of S3 object locking (documented below)
Declaration
public Output<BucketObjectLockConfiguration> ObjectLockConfiguration { get; }Property Value
| Type | Description |
|---|---|
| Output<BucketObjectLockConfiguration> |
Policy
A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), the provider may view the policy as constantly changing in a pulumi up / preview / update. In this case, please make sure you use the verbose/specific version of the policy.
Declaration
public Output<string> Policy { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
Region
If specified, the AWS region this bucket should reside in. Otherwise, the region used by the callee.
Declaration
public Output<string> Region { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
ReplicationConfiguration
A configuration of replication configuration (documented below).
Declaration
public Output<BucketReplicationConfiguration> ReplicationConfiguration { get; }Property Value
| Type | Description |
|---|---|
| Output<BucketReplicationConfiguration> |
RequestPayer
Specifies who should bear the cost of Amazon S3 data transfer.
Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur
the costs of any data transfer. See Requester Pays Buckets
developer guide for more information.
Declaration
public Output<string> RequestPayer { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
ServerSideEncryptionConfiguration
A configuration of server-side encryption configuration (documented below)
Declaration
public Output<BucketServerSideEncryptionConfiguration> ServerSideEncryptionConfiguration { get; }Property Value
| Type | Description |
|---|---|
| Output<BucketServerSideEncryptionConfiguration> |
Tags
A mapping of tags to assign to the bucket.
Declaration
public Output<ImmutableDictionary<string, object>> Tags { get; }Property Value
| Type | Description |
|---|---|
| Output<System.Collections.Immutable.ImmutableDictionary<System.String, System.Object>> |
Versioning
A state of versioning (documented below)
Declaration
public Output<BucketVersioning> Versioning { get; }Property Value
| Type | Description |
|---|---|
| Output<BucketVersioning> |
Website
A website object (documented below).
Declaration
public Output<BucketWebsite> Website { get; }Property Value
| Type | Description |
|---|---|
| Output<BucketWebsite> |
WebsiteDomain
The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.
Declaration
public Output<string> WebsiteDomain { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
WebsiteEndpoint
The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.
Declaration
public Output<string> WebsiteEndpoint { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
Methods
View SourceGet(String, Input<String>, BucketState, CustomResourceOptions)
Get an existing Bucket resource's state with the given name, ID, and optional extra properties used to qualify the lookup.
Declaration
public static Bucket Get(string name, Input<string> id, BucketState state = null, CustomResourceOptions options = null)Parameters
| Type | Name | Description |
|---|---|---|
| System.String | name | The unique name of the resulting resource. |
| Input<System.String> | id | The unique provider ID of the resource to lookup. |
| BucketState | state | Any extra arguments used during the lookup. |
| CustomResourceOptions | options | A bag of options that control this resource's behavior |
Returns
| Type | Description |
|---|---|
| Bucket |