1. Docs
  2. Reference
  3. API
  4. @pulumi/aws
  5. glacier

Module glacier

This page documents the language specification for the aws package. If you're looking for help working with the inputs, outputs, or functions of aws resources in a Pulumi program, please see the resource documentation for examples and API reference.

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-aws repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-aws repo.

Resources

Others

Resources

Resource Vault

class Vault extends CustomResource

Provides a Glacier Vault Resource. You can refer to the Glacier Developer Guide for a full explanation of the Glacier Vault functionality

NOTE: When removing a Glacier Vault, the Vault must be empty.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const awsSnsTopic = new aws.sns.Topic("aws_sns_topic", {});
const myArchive = new aws.glacier.Vault("my_archive", {
    accessPolicy: `{
    "Version":"2012-10-17",
    "Statement":[
       {
          "Sid": "add-read-only-perm",
          "Principal": "*",
          "Effect": "Allow",
          "Action": [
             "glacier:InitiateJob",
             "glacier:GetJobOutput"
          ],
          "Resource": "arn:aws:glacier:eu-west-1:432981146916:vaults/MyArchive"
       }
    ]
}
`,
    notifications: [{
        events: [
            "ArchiveRetrievalCompleted",
            "InventoryRetrievalCompleted",
        ],
        snsTopic: awsSnsTopic.arn,
    }],
    tags: {
        Test: "MyArchive",
    },
});

constructor

new Vault(name: string, args?: VaultArgs, opts?: pulumi.CustomResourceOptions)

Create a Vault resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: VaultState, opts?: pulumi.CustomResourceOptions): Vault

Get an existing Vault resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Vault

Returns true if the given object is an instance of Vault. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property accessPolicy

public accessPolicy: pulumi.Output<string | undefined>;

The policy document. This is a JSON formatted string. The heredoc syntax or file function is helpful here. Use the Glacier Developer Guide for more information on Glacier Vault Policy

property arn

public arn: pulumi.Output<string>;

The ARN of the vault.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property location

public location: pulumi.Output<string>;

The URI of the vault that was created.

property name

public name: pulumi.Output<string>;

The name of the Vault. Names can be between 1 and 255 characters long and the valid characters are a-z, A-Z, 0-9, ‘_’ (underscore), ‘-’ (hyphen), and ‘.’ (period).

property notifications

public notifications: pulumi.Output<VaultNotification[] | undefined>;

The notifications for the Vault. Fields documented below.

property tags

public tags: pulumi.Output<{[key: string]: any} | undefined>;

A map of tags to assign to the resource.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource VaultLock

class VaultLock extends CustomResource

Manages a Glacier Vault Lock. You can refer to the Glacier Developer Guide for a full explanation of the Glacier Vault Lock functionality.

NOTE: This resource allows you to test Glacier Vault Lock policies by setting the completeLock argument to false. When testing policies in this manner, the Glacier Vault Lock automatically expires after 24 hours and this provider will show this resource as needing recreation after that time. To permanently apply the policy, set the completeLock argument to true. When changing completeLock to true, it is expected the resource will show as recreating.

!> WARNING: Once a Glacier Vault Lock is completed, it is immutable. The deletion of the Glacier Vault Lock is not be possible and attempting to remove it from this provider will return an error. Set the ignoreDeletionError argument to true and apply this configuration before attempting to delete this resource via this provider or remove this resource from this provider’s management.

Example Usage

Testing Glacier Vault Lock Policy
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const exampleVault = new aws.glacier.Vault("example", {});
const examplePolicyDocument = exampleVault.arn.apply(arn => aws.iam.getPolicyDocument({
    statements: [{
        actions: ["glacier:DeleteArchive"],
        conditions: [{
            test: "NumericLessThanEquals",
            values: ["365"],
            variable: "glacier:ArchiveAgeinDays",
        }],
        effect: "Deny",
        resources: [arn],
    }],
}, { async: true }));
const exampleVaultLock = new aws.glacier.VaultLock("example", {
    completeLock: false,
    policy: examplePolicyDocument.json,
    vaultName: exampleVault.name,
});
Permanently Applying Glacier Vault Lock Policy
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.glacier.VaultLock("example", {
    completeLock: true,
    policy: aws_iam_policy_document_example.json,
    vaultName: aws_glacier_vault_example.name,
});

constructor

new VaultLock(name: string, args: VaultLockArgs, opts?: pulumi.CustomResourceOptions)

Create a VaultLock resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: VaultLockState, opts?: pulumi.CustomResourceOptions): VaultLock

Get an existing VaultLock resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is VaultLock

Returns true if the given object is an instance of VaultLock. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property completeLock

public completeLock: pulumi.Output<boolean>;

Boolean whether to permanently apply this Glacier Lock Policy. Once completed, this cannot be undone. If set to false, the Glacier Lock Policy remains in a testing mode for 24 hours. After that time, the Glacier Lock Policy is automatically removed by Glacier and the this provider resource will show as needing recreation. Changing this from false to true will show as resource recreation, which is expected. Changing this from true to false is not possible unless the Glacier Vault is recreated at the same time.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property ignoreDeletionError

public ignoreDeletionError: pulumi.Output<boolean | undefined>;

Allow this provider to ignore the error returned when attempting to delete the Glacier Lock Policy. This can be used to delete or recreate the Glacier Vault via this provider, for example, if the Glacier Vault Lock policy permits that action. This should only be used in conjunction with completeLock being set to true.

property policy

public policy: pulumi.Output<string>;

JSON string containing the IAM policy to apply as the Glacier Vault Lock policy.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property vaultName

public vaultName: pulumi.Output<string>;

The name of the Glacier Vault.

Others

interface VaultArgs

interface VaultArgs

The set of arguments for constructing a Vault resource.

property accessPolicy

accessPolicy?: pulumi.Input<string>;

The policy document. This is a JSON formatted string. The heredoc syntax or file function is helpful here. Use the Glacier Developer Guide for more information on Glacier Vault Policy

property name

name?: pulumi.Input<string>;

The name of the Vault. Names can be between 1 and 255 characters long and the valid characters are a-z, A-Z, 0-9, ‘_’ (underscore), ‘-’ (hyphen), and ‘.’ (period).

property notifications

notifications?: pulumi.Input<pulumi.Input<VaultNotification>[]>;

The notifications for the Vault. Fields documented below.

property tags

tags?: pulumi.Input<{[key: string]: any}>;

A map of tags to assign to the resource.

interface VaultLockArgs

interface VaultLockArgs

The set of arguments for constructing a VaultLock resource.

property completeLock

completeLock: pulumi.Input<boolean>;

Boolean whether to permanently apply this Glacier Lock Policy. Once completed, this cannot be undone. If set to false, the Glacier Lock Policy remains in a testing mode for 24 hours. After that time, the Glacier Lock Policy is automatically removed by Glacier and the this provider resource will show as needing recreation. Changing this from false to true will show as resource recreation, which is expected. Changing this from true to false is not possible unless the Glacier Vault is recreated at the same time.

property ignoreDeletionError

ignoreDeletionError?: pulumi.Input<boolean>;

Allow this provider to ignore the error returned when attempting to delete the Glacier Lock Policy. This can be used to delete or recreate the Glacier Vault via this provider, for example, if the Glacier Vault Lock policy permits that action. This should only be used in conjunction with completeLock being set to true.

property policy

policy: pulumi.Input<string>;

JSON string containing the IAM policy to apply as the Glacier Vault Lock policy.

property vaultName

vaultName: pulumi.Input<string>;

The name of the Glacier Vault.

interface VaultLockState

interface VaultLockState

Input properties used for looking up and filtering VaultLock resources.

property completeLock

completeLock?: pulumi.Input<boolean>;

Boolean whether to permanently apply this Glacier Lock Policy. Once completed, this cannot be undone. If set to false, the Glacier Lock Policy remains in a testing mode for 24 hours. After that time, the Glacier Lock Policy is automatically removed by Glacier and the this provider resource will show as needing recreation. Changing this from false to true will show as resource recreation, which is expected. Changing this from true to false is not possible unless the Glacier Vault is recreated at the same time.

property ignoreDeletionError

ignoreDeletionError?: pulumi.Input<boolean>;

Allow this provider to ignore the error returned when attempting to delete the Glacier Lock Policy. This can be used to delete or recreate the Glacier Vault via this provider, for example, if the Glacier Vault Lock policy permits that action. This should only be used in conjunction with completeLock being set to true.

property policy

policy?: pulumi.Input<string>;

JSON string containing the IAM policy to apply as the Glacier Vault Lock policy.

property vaultName

vaultName?: pulumi.Input<string>;

The name of the Glacier Vault.

interface VaultState

interface VaultState

Input properties used for looking up and filtering Vault resources.

property accessPolicy

accessPolicy?: pulumi.Input<string>;

The policy document. This is a JSON formatted string. The heredoc syntax or file function is helpful here. Use the Glacier Developer Guide for more information on Glacier Vault Policy

property arn

arn?: pulumi.Input<string>;

The ARN of the vault.

property location

location?: pulumi.Input<string>;

The URI of the vault that was created.

property name

name?: pulumi.Input<string>;

The name of the Vault. Names can be between 1 and 255 characters long and the valid characters are a-z, A-Z, 0-9, ‘_’ (underscore), ‘-’ (hyphen), and ‘.’ (period).

property notifications

notifications?: pulumi.Input<pulumi.Input<VaultNotification>[]>;

The notifications for the Vault. Fields documented below.

property tags

tags?: pulumi.Input<{[key: string]: any}>;

A map of tags to assign to the resource.