Namespace Pulumi.Aws.S3
Classes
AccessPoint
Provides a resource to manage an S3 Access Point.
Example Usage
Basic Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var exampleBucket = new Aws.S3.Bucket("exampleBucket", new Aws.S3.BucketArgs
{
});
var exampleAccessPoint = new Aws.S3.AccessPoint("exampleAccessPoint", new Aws.S3.AccessPointArgs
{
Bucket = exampleBucket.Id,
});
}
}
AccessPointArgs
AccessPointState
AccountPublicAccessBlock
Manages S3 account-level Public Access Block configuration. For more information about these settings, see the AWS S3 Block Public Access documentation.
NOTE: Each AWS account may only have one S3 Public Access Block configuration. Multiple configurations of the resource against the same AWS account will cause a perpetual difference.
Advanced usage: To use a custom API endpoint for this resource, use the
s3controlendpoint provider configuration, not thes3endpoint provider configuration.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var example = new Aws.S3.AccountPublicAccessBlock("example", new Aws.S3.AccountPublicAccessBlockArgs
{
BlockPublicAcls = true,
BlockPublicPolicy = true,
});
}
}
AccountPublicAccessBlockArgs
AccountPublicAccessBlockState
AnalyticsConfiguration
Provides a S3 bucket analytics configuration resource.
Example Usage
Add analytics configuration with S3 bucket object filter
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var example = new Aws.S3.Bucket("example", new Aws.S3.BucketArgs
{
});
var example_filtered = new Aws.S3.AnalyticsConfiguration("example-filtered", new Aws.S3.AnalyticsConfigurationArgs
{
Bucket = example.BucketName,
Filter = new Aws.S3.Inputs.AnalyticsConfigurationFilterArgs
{
Prefix = "documents/",
Tags =
{
{ "priority", "high" },
{ "class", "blue" },
},
},
});
}
}
AnalyticsConfigurationArgs
AnalyticsConfigurationState
Bucket
Provides a S3 bucket resource.
Example Usage
Private Bucket w/ Tags
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var bucket = new Aws.S3.Bucket("bucket", new Aws.S3.BucketArgs
{
Acl = "private",
Tags =
{
{ "Environment", "Dev" },
{ "Name", "My bucket" },
},
});
}
}
Static Website Hosting
using System.IO;
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var bucket = new Aws.S3.Bucket("bucket", new Aws.S3.BucketArgs
{
Acl = "public-read",
Policy = File.ReadAllText("policy.json"),
Website = new Aws.S3.Inputs.BucketWebsiteArgs
{
Website = "error.html",
Website = "index.html",
Website = @"[{
""Condition"": {
""KeyPrefixEquals"": ""docs/""
},
""Redirect"": {
""ReplaceKeyPrefixWith"": ""documents/""
}
}]
",
},
});
}
}
Using CORS
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var bucket = new Aws.S3.Bucket("bucket", new Aws.S3.BucketArgs
{
Acl = "public-read",
CorsRules =
{
new Aws.S3.Inputs.BucketCorsRuleArgs
{
AllowedHeaders =
{
"*",
},
AllowedMethods =
{
"PUT",
"POST",
},
AllowedOrigins =
{
"https://s3-website-test.mydomain.com",
},
ExposeHeaders =
{
"ETag",
},
MaxAgeSeconds = 3000,
},
},
});
}
}
Using versioning
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var bucket = new Aws.S3.Bucket("bucket", new Aws.S3.BucketArgs
{
Acl = "private",
Versioning = new Aws.S3.Inputs.BucketVersioningArgs
{
Enabled = true,
},
});
}
}
Enable Logging
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var logBucket = new Aws.S3.Bucket("logBucket", new Aws.S3.BucketArgs
{
Acl = "log-delivery-write",
});
var bucket = new Aws.S3.Bucket("bucket", new Aws.S3.BucketArgs
{
Acl = "private",
Loggings =
{
new Aws.S3.Inputs.BucketLoggingArgs
{
TargetBucket = logBucket.Id,
TargetPrefix = "log/",
},
},
});
}
}
Using object lifecycle
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var bucket = new Aws.S3.Bucket("bucket", new Aws.S3.BucketArgs
{
Acl = "private",
LifecycleRules =
{
new Aws.S3.Inputs.BucketLifecycleRuleArgs
{
Enabled = true,
Expiration = new Aws.S3.Inputs.BucketLifecycleRuleExpirationArgs
{
Days = 90,
},
Id = "log",
Prefix = "log/",
Tags =
{
{ "autoclean", "true" },
{ "rule", "log" },
},
Transition =
{
{
{ "days", 30 },
{ "storageClass", "STANDARD_IA" },
},
{
{ "days", 60 },
{ "storageClass", "GLACIER" },
},
},
},
new Aws.S3.Inputs.BucketLifecycleRuleArgs
{
Enabled = true,
Expiration = new Aws.S3.Inputs.BucketLifecycleRuleExpirationArgs
{
Date = "2016-01-12",
},
Id = "tmp",
Prefix = "tmp/",
},
},
});
var versioningBucket = new Aws.S3.Bucket("versioningBucket", new Aws.S3.BucketArgs
{
Acl = "private",
LifecycleRules =
{
new Aws.S3.Inputs.BucketLifecycleRuleArgs
{
Enabled = true,
NoncurrentVersionExpiration = new Aws.S3.Inputs.BucketLifecycleRuleNoncurrentVersionExpirationArgs
{
Days = 90,
},
NoncurrentVersionTransition =
{
{
{ "days", 30 },
{ "storageClass", "STANDARD_IA" },
},
{
{ "days", 60 },
{ "storageClass", "GLACIER" },
},
},
Prefix = "config/",
},
},
Versioning = new Aws.S3.Inputs.BucketVersioningArgs
{
Enabled = true,
},
});
}
}
Using replication configuration
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var central = new Aws.Provider("central", new Aws.ProviderArgs
{
Region = "eu-central-1",
});
var replicationRole = new Aws.Iam.Role("replicationRole", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Action"": ""sts:AssumeRole"",
""Principal"": {
""Service"": ""s3.amazonaws.com""
},
""Effect"": ""Allow"",
""Sid"": """"
}
]
}
",
});
var destination = new Aws.S3.Bucket("destination", new Aws.S3.BucketArgs
{
Region = "eu-west-1",
Versioning = new Aws.S3.Inputs.BucketVersioningArgs
{
Enabled = true,
},
});
var bucket = new Aws.S3.Bucket("bucket", new Aws.S3.BucketArgs
{
Acl = "private",
Region = "eu-central-1",
ReplicationConfiguration = new Aws.S3.Inputs.BucketReplicationConfigurationArgs
{
Role = replicationRole.Arn,
Rules =
{
new Aws.S3.Inputs.BucketReplicationConfigurationRuleArgs
{
Destination = new Aws.S3.Inputs.BucketReplicationConfigurationRuleDestinationArgs
{
Bucket = destination.Arn,
StorageClass = "STANDARD",
},
Id = "foobar",
Prefix = "foo",
Status = "Enabled",
},
},
},
Versioning = new Aws.S3.Inputs.BucketVersioningArgs
{
Enabled = true,
},
});
var replicationPolicy = new Aws.Iam.Policy("replicationPolicy", new Aws.Iam.PolicyArgs
{
Policy = Output.Tuple(bucket.Arn, bucket.Arn, destination.Arn).Apply(values =>
{
var bucketArn = values.Item1;
var bucketArn1 = values.Item2;
var destinationArn = values.Item3;
return @$"{{
""Version"": ""2012-10-17"",
""Statement"": [
{{
""Action"": [
""s3:GetReplicationConfiguration"",
""s3:ListBucket""
],
""Effect"": ""Allow"",
""Resource"": [
""{bucketArn}""
]
}},
{{
""Action"": [
""s3:GetObjectVersion"",
""s3:GetObjectVersionAcl""
],
""Effect"": ""Allow"",
""Resource"": [
""{bucketArn1}/*""
]
}},
{{
""Action"": [
""s3:ReplicateObject"",
""s3:ReplicateDelete""
],
""Effect"": ""Allow"",
""Resource"": ""{destinationArn}/*""
}}
]
}}
";
}),
});
var replicationRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment("replicationRolePolicyAttachment", new Aws.Iam.RolePolicyAttachmentArgs
{
PolicyArn = replicationPolicy.Arn,
Role = replicationRole.Name,
});
}
}
Enable Default Server Side Encryption
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var mykey = new Aws.Kms.Key("mykey", new Aws.Kms.KeyArgs
{
DeletionWindowInDays = 10,
Description = "This key is used to encrypt bucket objects",
});
var mybucket = new Aws.S3.Bucket("mybucket", new Aws.S3.BucketArgs
{
ServerSideEncryptionConfiguration = new Aws.S3.Inputs.BucketServerSideEncryptionConfigurationArgs
{
Rule = new Aws.S3.Inputs.BucketServerSideEncryptionConfigurationRuleArgs
{
ApplyServerSideEncryptionByDefault = new Aws.S3.Inputs.BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefaultArgs
{
KmsMasterKeyId = mykey.Arn,
SseAlgorithm = "aws:kms",
},
},
},
});
}
}
Using ACL policy grants
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var currentUser = Output.Create(Aws.GetCanonicalUserId.InvokeAsync());
var bucket = new Aws.S3.Bucket("bucket", new Aws.S3.BucketArgs
{
Grants =
{
new Aws.S3.Inputs.BucketGrantArgs
{
Id = currentUser.Apply(currentUser => currentUser.Id),
Permissions =
{
"FULL_CONTROL",
},
Type = "CanonicalUser",
},
new Aws.S3.Inputs.BucketGrantArgs
{
Permissions =
{
"READ",
"WRITE",
},
Type = "Group",
Uri = "http://acs.amazonaws.com/groups/s3/LogDelivery",
},
},
});
}
}
BucketArgs
BucketMetric
Provides a S3 bucket metrics configuration resource.
Example Usage
Add metrics configuration for entire S3 bucket
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var example = new Aws.S3.Bucket("example", new Aws.S3.BucketArgs
{
});
var example_entire_bucket = new Aws.S3.BucketMetric("example-entire-bucket", new Aws.S3.BucketMetricArgs
{
Bucket = example.BucketName,
});
}
}
Add metrics configuration with S3 bucket object filter
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var example = new Aws.S3.Bucket("example", new Aws.S3.BucketArgs
{
});
var example_filtered = new Aws.S3.BucketMetric("example-filtered", new Aws.S3.BucketMetricArgs
{
Bucket = example.BucketName,
Filter = new Aws.S3.Inputs.BucketMetricFilterArgs
{
Prefix = "documents/",
Tags =
{
{ "class", "blue" },
{ "priority", "high" },
},
},
});
}
}
BucketMetricArgs
BucketMetricState
BucketNotification
Manages a S3 Bucket Notification Configuration. For additional information, see the Configuring S3 Event Notifications section in the Amazon S3 Developer Guide.
NOTE: S3 Buckets only support a single notification configuration. Declaring multiple
aws.s3.BucketNotificationresources to the same S3 Bucket will cause a perpetual difference in configuration. See the example "Trigger multiple Lambda functions" for an option.
Example Usage
Add notification configuration to SNS Topic
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var bucket = new Aws.S3.Bucket("bucket", new Aws.S3.BucketArgs
{
});
var topic = new Aws.Sns.Topic("topic", new Aws.Sns.TopicArgs
{
Policy = bucket.Arn.Apply(arn => @$"{{
""Version"":""2012-10-17"",
""Statement"":[{{
""Effect"": ""Allow"",
""Principal"": {{""AWS"":""*""}},
""Action"": ""SNS:Publish"",
""Resource"": ""arn:aws:sns:*:*:s3-event-notification-topic"",
""Condition"":{{
""ArnLike"":{{""aws:SourceArn"":""{arn}""}}
}}
}}]
}}
"),
});
var bucketNotification = new Aws.S3.BucketNotification("bucketNotification", new Aws.S3.BucketNotificationArgs
{
Bucket = bucket.Id,
Topics =
{
new Aws.S3.Inputs.BucketNotificationTopicArgs
{
Events =
{
"s3:ObjectCreated:*",
},
FilterSuffix = ".log",
TopicArn = topic.Arn,
},
},
});
}
}
Add notification configuration to SQS Queue
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var bucket = new Aws.S3.Bucket("bucket", new Aws.S3.BucketArgs
{
});
var queue = new Aws.Sqs.Queue("queue", new Aws.Sqs.QueueArgs
{
Policy = bucket.Arn.Apply(arn => @$"{{
""Version"": ""2012-10-17"",
""Statement"": [
{{
""Effect"": ""Allow"",
""Principal"": ""*"",
""Action"": ""sqs:SendMessage"",
""Resource"": ""arn:aws:sqs:*:*:s3-event-notification-queue"",
""Condition"": {{
""ArnEquals"": {{ ""aws:SourceArn"": ""{arn}"" }}
}}
}}
]
}}
"),
});
var bucketNotification = new Aws.S3.BucketNotification("bucketNotification", new Aws.S3.BucketNotificationArgs
{
Bucket = bucket.Id,
Queues =
{
new Aws.S3.Inputs.BucketNotificationQueueArgs
{
Events =
{
"s3:ObjectCreated:*",
},
FilterSuffix = ".log",
QueueArn = queue.Arn,
},
},
});
}
}
Add multiple notification configurations to SQS Queue
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var bucket = new Aws.S3.Bucket("bucket", new Aws.S3.BucketArgs
{
});
var queue = new Aws.Sqs.Queue("queue", new Aws.Sqs.QueueArgs
{
Policy = bucket.Arn.Apply(arn => @$"{{
""Version"": ""2012-10-17"",
""Statement"": [
{{
""Effect"": ""Allow"",
""Principal"": ""*"",
""Action"": ""sqs:SendMessage"",
""Resource"": ""arn:aws:sqs:*:*:s3-event-notification-queue"",
""Condition"": {{
""ArnEquals"": {{ ""aws:SourceArn"": ""{arn}"" }}
}}
}}
]
}}
"),
});
var bucketNotification = new Aws.S3.BucketNotification("bucketNotification", new Aws.S3.BucketNotificationArgs
{
Bucket = bucket.Id,
Queues =
{
new Aws.S3.Inputs.BucketNotificationQueueArgs
{
Events =
{
"s3:ObjectCreated:*",
},
FilterPrefix = "images/",
Id = "image-upload-event",
QueueArn = queue.Arn,
},
new Aws.S3.Inputs.BucketNotificationQueueArgs
{
Events =
{
"s3:ObjectCreated:*",
},
FilterPrefix = "videos/",
Id = "video-upload-event",
QueueArn = queue.Arn,
},
},
});
}
}
BucketNotificationArgs
BucketNotificationState
BucketObject
Provides a S3 bucket object resource.
Example Usage
Encrypting with KMS Key
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var examplekms = new Aws.Kms.Key("examplekms", new Aws.Kms.KeyArgs
{
DeletionWindowInDays = 7,
Description = "KMS key 1",
});
var examplebucket = new Aws.S3.Bucket("examplebucket", new Aws.S3.BucketArgs
{
Acl = "private",
});
var examplebucketObject = new Aws.S3.BucketObject("examplebucketObject", new Aws.S3.BucketObjectArgs
{
Bucket = examplebucket.Id,
Key = "someobject",
KmsKeyId = examplekms.Arn,
Source = new FileAsset("index.html"),
});
}
}
Server Side Encryption with S3 Default Master Key
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var examplebucket = new Aws.S3.Bucket("examplebucket", new Aws.S3.BucketArgs
{
Acl = "private",
});
var examplebucketObject = new Aws.S3.BucketObject("examplebucketObject", new Aws.S3.BucketObjectArgs
{
Bucket = examplebucket.Id,
Key = "someobject",
ServerSideEncryption = "aws:kms",
Source = new FileAsset("index.html"),
});
}
}
Server Side Encryption with AWS-Managed Key
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var examplebucket = new Aws.S3.Bucket("examplebucket", new Aws.S3.BucketArgs
{
Acl = "private",
});
var examplebucketObject = new Aws.S3.BucketObject("examplebucketObject", new Aws.S3.BucketObjectArgs
{
Bucket = examplebucket.Id,
Key = "someobject",
ServerSideEncryption = "AES256",
Source = new FileAsset("index.html"),
});
}
}
S3 Object Lock
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var examplebucket = new Aws.S3.Bucket("examplebucket", new Aws.S3.BucketArgs
{
Acl = "private",
ObjectLockConfiguration = new Aws.S3.Inputs.BucketObjectLockConfigurationArgs
{
ObjectLockEnabled = "Enabled",
},
Versioning = new Aws.S3.Inputs.BucketVersioningArgs
{
Enabled = true,
},
});
var examplebucketObject = new Aws.S3.BucketObject("examplebucketObject", new Aws.S3.BucketObjectArgs
{
Bucket = examplebucket.Id,
ForceDestroy = true,
Key = "someobject",
ObjectLockLegalHoldStatus = "ON",
ObjectLockMode = "GOVERNANCE",
ObjectLockRetainUntilDate = "2021-12-31T23:59:60Z",
Source = new FileAsset("important.txt"),
});
}
}
BucketObjectArgs
BucketObjectState
BucketPolicy
Attaches a policy to an S3 bucket resource.
Example Usage
Basic Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var bucket = new Aws.S3.Bucket("bucket", new Aws.S3.BucketArgs
{
});
var bucketPolicy = new Aws.S3.BucketPolicy("bucketPolicy", new Aws.S3.BucketPolicyArgs
{
Bucket = bucket.Id,
Policy = @"{
""Version"": ""2012-10-17"",
""Id"": ""MYBUCKETPOLICY"",
""Statement"": [
{
""Sid"": ""IPAllow"",
""Effect"": ""Deny"",
""Principal"": ""*"",
""Action"": ""s3:*"",
""Resource"": ""arn:aws:s3:::my_tf_test_bucket/*"",
""Condition"": {
""IpAddress"": {""aws:SourceIp"": ""8.8.8.8/32""}
}
}
]
}
",
});
}
}
BucketPolicyArgs
BucketPolicyState
BucketPublicAccessBlock
Manages S3 bucket-level Public Access Block configuration. For more information about these settings, see the AWS S3 Block Public Access documentation.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var exampleBucket = new Aws.S3.Bucket("exampleBucket", new Aws.S3.BucketArgs
{
});
var exampleBucketPublicAccessBlock = new Aws.S3.BucketPublicAccessBlock("exampleBucketPublicAccessBlock", new Aws.S3.BucketPublicAccessBlockArgs
{
BlockPublicAcls = true,
BlockPublicPolicy = true,
Bucket = exampleBucket.Id,
});
}
}
BucketPublicAccessBlockArgs
BucketPublicAccessBlockState
BucketState
GetBucket
GetBucketArgs
GetBucketObject
GetBucketObjectArgs
GetBucketObjectResult
GetBucketObjects
GetBucketObjectsArgs
GetBucketObjectsResult
GetBucketResult
Inventory
Provides a S3 bucket inventory configuration resource.
Example Usage
Add inventory configuration
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var testBucket = new Aws.S3.Bucket("testBucket", new Aws.S3.BucketArgs
{
});
var inventory = new Aws.S3.Bucket("inventory", new Aws.S3.BucketArgs
{
});
var testInventory = new Aws.S3.Inventory("testInventory", new Aws.S3.InventoryArgs
{
Bucket = testBucket.Id,
Destination = new Aws.S3.Inputs.InventoryDestinationArgs
{
Bucket = new Aws.S3.Inputs.InventoryDestinationBucketArgs
{
BucketArn = inventory.Arn,
Format = "ORC",
},
},
IncludedObjectVersions = "All",
Schedule = new Aws.S3.Inputs.InventoryScheduleArgs
{
Frequency = "Daily",
},
});
}
}
Add inventory configuration with S3 bucket object prefix
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var test = new Aws.S3.Bucket("test", new Aws.S3.BucketArgs
{
});
var inventory = new Aws.S3.Bucket("inventory", new Aws.S3.BucketArgs
{
});
var test_prefix = new Aws.S3.Inventory("test-prefix", new Aws.S3.InventoryArgs
{
Bucket = test.Id,
Destination = new Aws.S3.Inputs.InventoryDestinationArgs
{
Bucket = new Aws.S3.Inputs.InventoryDestinationBucketArgs
{
BucketArn = inventory.Arn,
Format = "ORC",
Prefix = "inventory",
},
},
Filter = new Aws.S3.Inputs.InventoryFilterArgs
{
Prefix = "documents/",
},
IncludedObjectVersions = "All",
Schedule = new Aws.S3.Inputs.InventoryScheduleArgs
{
Frequency = "Daily",
},
});
}
}