1. Docs
2. Reference
3. API
4. @pulumi/aws
5. s3

Module s3

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-aws repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-aws repo.

Resources

• AccessPoint
• AccountPublicAccessBlock
• AnalyticsConfiguration
• Bucket
• BucketMetric
• BucketNotification
• BucketObject
• BucketPolicy
• BucketPublicAccessBlock
• Inventory

Functions

• getBucket
• getBucketObject
• getBucketObjects

Others

• AccessPointArgs
• AccessPointState
• AccountPublicAccessBlockArgs
• AccountPublicAccessBlockState
• AnalyticsConfigurationArgs
• AnalyticsConfigurationState
• AuthenticatedReadAcl
• AwsExecReadAcl
• BucketArgs
• BucketEvent
• BucketEventHandler
• BucketEventSubscription
• BucketEventSubscriptionArgs
• BucketMetricArgs
• BucketMetricState
• BucketNotificationArgs
• BucketNotificationState
• BucketObjectArgs
• BucketObjectState
• BucketOwnerFullControlAcl
• BucketOwnerReadAcl
• BucketPolicyArgs
• BucketPolicyState
• BucketPublicAccessBlockArgs
• BucketPublicAccessBlockState
• BucketRecord
• BucketState
• CannedAcl
• CommonBucketSubscriptionArgs
• Condition
• GetBucketArgs
• GetBucketObjectArgs
• GetBucketObjectResult
• GetBucketObjectsArgs
• GetBucketObjectsResult
• GetBucketResult
• InventoryArgs
• InventoryState
• LogDeliveryWriteAcl
• ObjectCreatedSubscriptionArgs
• ObjectRemovedSubscriptionArgs
• PrivateAcl
• PublicReadAcl
• PublicReadWriteAcl
• Redirect
• RoutingRule

Resources

Resource AccessPoint

class AccessPoint extends CustomResource

Provides a resource to manage an S3 Access Point.

Example Usage

Basic Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const exampleBucket = new aws.s3.Bucket("exampleBucket", {});
const exampleAccessPoint = new aws.s3.AccessPoint("exampleAccessPoint", {bucket: exampleBucket.id});

Access Point Restricted to a VPC

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const exampleBucket = new aws.s3.Bucket("exampleBucket", {});
const exampleVpc = new aws.ec2.Vpc("exampleVpc", {cidrBlock: "10.0.0.0/16"});
const exampleAccessPoint = new aws.s3.AccessPoint("exampleAccessPoint", {
    bucket: exampleBucket.id,
    vpc_configuration: {
        vpcId: exampleVpc.id,
    },
});

constructor

new AccessPoint(name: string, args: AccessPointArgs, opts?: pulumi.CustomResourceOptions)

Create a AccessPoint resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AccessPointState, opts?: pulumi.CustomResourceOptions): AccessPoint

Get an existing AccessPoint resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is AccessPoint

Returns true if the given object is an instance of AccessPoint. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property accountId

public accountId: pulumi.Output<string>;

The AWS account ID for the owner of the bucket for which you want to create an access point. Defaults to automatically determined account ID of the provider.

property arn

public arn: pulumi.Output<string>;

Amazon Resource Name (ARN) of the S3 Access Point.

property bucket

public bucket: pulumi.Output<string>;

The name of the bucket that you want to associate this access point with.

property domainName

public domainName: pulumi.Output<string>;

The DNS domain name of the S3 Access Point in the format name-accountId.s3-accesspoint.region.amazonaws.com. Note: S3 access points only support secure access by HTTPS. HTTP isn’t supported.

property hasPublicAccessPolicy

public hasPublicAccessPolicy: pulumi.Output<boolean>;

Indicates whether this access point currently has a policy that allows public access.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

The name you want to assign to this access point.

property networkOrigin

public networkOrigin: pulumi.Output<string>;

Indicates whether this access point allows access from the public Internet. Values are VPC (the access point doesn’t allow access from the public Internet) and Internet (the access point allows access from the public Internet, subject to the access point and bucket access policies).

property policy

public policy: pulumi.Output<string | undefined>;

A valid JSON document that specifies the policy that you want to apply to this access point.

property publicAccessBlockConfiguration

public publicAccessBlockConfiguration: pulumi.Output<AccessPointPublicAccessBlockConfiguration | undefined>;

Configuration block to manage the PublicAccessBlock configuration that you want to apply to this Amazon S3 bucket. You can enable the configuration options in any combination. Detailed below.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property vpcConfiguration

public vpcConfiguration: pulumi.Output<AccessPointVpcConfiguration | undefined>;

Configuration block to restrict access to this access point to requests from the specified Virtual Private Cloud (VPC). Detailed below.

Resource AccountPublicAccessBlock

class AccountPublicAccessBlock extends CustomResource

Manages S3 account-level Public Access Block configuration. For more information about these settings, see the AWS S3 Block Public Access documentation.

NOTE: Each AWS account may only have one S3 Public Access Block configuration. Multiple configurations of the resource against the same AWS account will cause a perpetual difference.

Advanced usage: To use a custom API endpoint for this resource, use the s3control endpoint provider configuration, not the s3 endpoint provider configuration.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.s3.AccountPublicAccessBlock("example", {
    blockPublicAcls: true,
    blockPublicPolicy: true,
});

constructor

new AccountPublicAccessBlock(name: string, args?: AccountPublicAccessBlockArgs, opts?: pulumi.CustomResourceOptions)

Create a AccountPublicAccessBlock resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AccountPublicAccessBlockState, opts?: pulumi.CustomResourceOptions): AccountPublicAccessBlock

Get an existing AccountPublicAccessBlock resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is AccountPublicAccessBlock

Returns true if the given object is an instance of AccountPublicAccessBlock. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property accountId

public accountId: pulumi.Output<string>;

AWS account ID to configure. Defaults to automatically determined account ID of the this provider AWS provider.

property blockPublicAcls

public blockPublicAcls: pulumi.Output<boolean | undefined>;

Whether Amazon S3 should block public ACLs for buckets in this account. Defaults to false. Enabling this setting does not affect existing policies or ACLs. When set to true causes the following behavior: * PUT Bucket acl and PUT Object acl calls will fail if the specified ACL allows public access. * PUT Object calls will fail if the request includes an object ACL.

property blockPublicPolicy

public blockPublicPolicy: pulumi.Output<boolean | undefined>;

Whether Amazon S3 should block public bucket policies for buckets in this account. Defaults to false. Enabling this setting does not affect existing bucket policies. When set to true causes Amazon S3 to: * Reject calls to PUT Bucket policy if the specified bucket policy allows public access.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property ignorePublicAcls

public ignorePublicAcls: pulumi.Output<boolean | undefined>;

Whether Amazon S3 should ignore public ACLs for buckets in this account. Defaults to false. Enabling this setting does not affect the persistence of any existing ACLs and doesn’t prevent new public ACLs from being set. When set to true causes Amazon S3 to: * Ignore all public ACLs on buckets in this account and any objects that they contain.

property restrictPublicBuckets

public restrictPublicBuckets: pulumi.Output<boolean | undefined>;

Whether Amazon S3 should restrict public bucket policies for buckets in this account. Defaults to false. Enabling this setting does not affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked. When set to true: * Only the bucket owner and AWS Services can access buckets with public policies.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource AnalyticsConfiguration

class AnalyticsConfiguration extends CustomResource

Provides a S3 bucket analytics configuration resource.

Example Usage

Add analytics configuration for entire S3 bucket and export results to a second S3 bucket

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.s3.Bucket("example", {});
const analytics = new aws.s3.Bucket("analytics", {});
const example_entire_bucket = new aws.s3.AnalyticsConfiguration("example-entire-bucket", {
    bucket: example.bucket,
    storage_class_analysis: {
        data_export: {
            destination: {
                s3_bucket_destination: {
                    bucketArn: analytics.arn,
                },
            },
        },
    },
});

Add analytics configuration with S3 bucket object filter

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.s3.Bucket("example", {});
const example_filtered = new aws.s3.AnalyticsConfiguration("example-filtered", {
    bucket: example.bucket,
    filter: {
        prefix: "documents/",
        tags: {
            priority: "high",
            "class": "blue",
        },
    },
});

constructor

new AnalyticsConfiguration(name: string, args: AnalyticsConfigurationArgs, opts?: pulumi.CustomResourceOptions)

Create a AnalyticsConfiguration resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AnalyticsConfigurationState, opts?: pulumi.CustomResourceOptions): AnalyticsConfiguration

Get an existing AnalyticsConfiguration resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is AnalyticsConfiguration

Returns true if the given object is an instance of AnalyticsConfiguration. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property bucket

public bucket: pulumi.Output<string>;

The name of the bucket this analytics configuration is associated with.

property filter

public filter: pulumi.Output<AnalyticsConfigurationFilter | undefined>;

Object filtering that accepts a prefix, tags, or a logical AND of prefix and tags (documented below).

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

Unique identifier of the analytics configuration for the bucket.

property storageClassAnalysis

public storageClassAnalysis: pulumi.Output<AnalyticsConfigurationStorageClassAnalysis | undefined>;

Configuration for the analytics data export (documented below).

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource Bucket

class Bucket extends CustomResource

Provides a S3 bucket resource.

Example Usage

Private Bucket w/ Tags

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const bucket = new aws.s3.Bucket("b", {
    acl: "private",
    tags: {
        Environment: "Dev",
        Name: "My bucket",
    },
});

Static Website Hosting

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as fs from "fs";

const bucket = new aws.s3.Bucket("b", {
    acl: "public-read",
    policy: fs.readFileSync("policy.json", "utf-8"),
    website: {
        errorDocument: "error.html",
        indexDocument: "index.html",
        routingRules: `[{
    "Condition": {
        "KeyPrefixEquals": "docs/"
    },
    "Redirect": {
        "ReplaceKeyPrefixWith": "documents/"
    }
}]
`,
    },
});

Using CORS

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const bucket = new aws.s3.Bucket("b", {
    acl: "public-read",
    corsRules: [{
        allowedHeaders: ["*"],
        allowedMethods: [
            "PUT",
            "POST",
        ],
        allowedOrigins: ["https://s3-website-test.mydomain.com"],
        exposeHeaders: ["ETag"],
        maxAgeSeconds: 3000,
    }],
});

Using versioning

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const bucket = new aws.s3.Bucket("b", {
    acl: "private",
    versioning: {
        enabled: true,
    },
});

Enable Logging

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const logBucket = new aws.s3.Bucket("log_bucket", {
    acl: "log-delivery-write",
});
const bucket = new aws.s3.Bucket("b", {
    acl: "private",
    loggings: [{
        targetBucket: logBucket.id,
        targetPrefix: "log/",
    }],
});

Using object lifecycle

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const bucket = new aws.s3.Bucket("bucket", {
    acl: "private",
    lifecycleRules: [
        {
            enabled: true,
            expiration: {
                days: 90,
            },
            id: "log",
            prefix: "log/",
            tags: {
                autoclean: "true",
                rule: "log",
            },
            transitions: [
                {
                    days: 30,
                    storageClass: "STANDARD_IA", // or "ONEZONE_IA"
                },
                {
                    days: 60,
                    storageClass: "GLACIER",
                },
            ],
        },
        {
            enabled: true,
            expiration: {
                date: "2016-01-12",
            },
            id: "tmp",
            prefix: "tmp/",
        },
    ],
});
const versioningBucket = new aws.s3.Bucket("versioning_bucket", {
    acl: "private",
    lifecycleRules: [{
        enabled: true,
        noncurrentVersionExpiration: {
            days: 90,
        },
        noncurrentVersionTransitions: [
            {
                days: 30,
                storageClass: "STANDARD_IA",
            },
            {
                days: 60,
                storageClass: "GLACIER",
            },
        ],
        prefix: "config/",
    }],
    versioning: {
        enabled: true,
    },
});

Using replication configuration

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const central = new aws.Provider("central", {
    region: "eu-central-1",
});
const replicationRole = new aws.iam.Role("replication", {
    assumeRolePolicy: `{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "s3.amazonaws.com"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
`,
});
const destination = new aws.s3.Bucket("destination", {
    region: "eu-west-1",
    versioning: {
        enabled: true,
    },
});
const bucket = new aws.s3.Bucket("bucket", {
    acl: "private",
    region: "eu-central-1",
    replicationConfiguration: {
        role: replicationRole.arn,
        rules: [{
            destination: {
                bucket: destination.arn,
                storageClass: "STANDARD",
            },
            id: "foobar",
            prefix: "foo",
            status: "Enabled",
        }],
    },
    versioning: {
        enabled: true,
    },
}, { provider: central });
const replicationPolicy = new aws.iam.Policy("replication", {
    policy: pulumi.interpolate`{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "s3:GetReplicationConfiguration",
        "s3:ListBucket"
      ],
      "Effect": "Allow",
      "Resource": [
        "${bucket.arn}"
      ]
    },
    {
      "Action": [
        "s3:GetObjectVersion",
        "s3:GetObjectVersionAcl"
      ],
      "Effect": "Allow",
      "Resource": [
        "${bucket.arn}/*"
      ]
    },
    {
      "Action": [
        "s3:ReplicateObject",
        "s3:ReplicateDelete"
      ],
      "Effect": "Allow",
      "Resource": "${destination.arn}/*"
    }
  ]
}
`,
});
const replicationRolePolicyAttachment = new aws.iam.RolePolicyAttachment("replication", {
    policyArn: replicationPolicy.arn,
    role: replicationRole.name,
});

Enable Default Server Side Encryption

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const mykey = new aws.kms.Key("mykey", {
    deletionWindowInDays: 10,
    description: "This key is used to encrypt bucket objects",
});
const mybucket = new aws.s3.Bucket("mybucket", {
    serverSideEncryptionConfiguration: {
        rule: {
            applyServerSideEncryptionByDefault: {
                kmsMasterKeyId: mykey.arn,
                sseAlgorithm: "aws:kms",
            },
        },
    },
});

Using ACL policy grants

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const currentUser = pulumi.output(aws.getCanonicalUserId({ async: true }));
const bucket = new aws.s3.Bucket("bucket", {
    grants: [
        {
            id: currentUser.id,
            permissions: ["FULL_CONTROL"],
            type: "CanonicalUser",
        },
        {
            permissions: [
                "READ",
                "WRITE",
            ],
            type: "Group",
            uri: "http://acs.amazonaws.com/groups/s3/LogDelivery",
        },
    ],
});

constructor

new Bucket(name: string, args?: BucketArgs, opts?: pulumi.CustomResourceOptions)

Create a Bucket resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: BucketState, opts?: pulumi.CustomResourceOptions): Bucket

Get an existing Bucket resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Bucket

Returns true if the given object is an instance of Bucket. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

method onEvent

onEvent(name: string, handler: BucketEventHandler, args: BucketEventSubscriptionArgs, opts?: pulumi.ComponentResourceOptions): BucketEventSubscription

Creates a new subscription to events fired from this Bucket to the handler provided, along with options to control the behavior of the subscription. This function should be used when full control over the subscription is wanted, and other helpers (like onObjectCreated/onObjectRemoved) are not sufficient.

method onObjectCreated

onObjectCreated(name: string, handler: BucketEventHandler, args?: ObjectCreatedSubscriptionArgs, opts?: pulumi.ComponentResourceOptions): BucketEventSubscription

Creates a new subscription to events fired from this Bucket to the handler provided, along with options to control the behavior of the subscription. The handler will be called whenever a matching [s3.Object] is created.

method onObjectRemoved

onObjectRemoved(name: string, handler: BucketEventHandler, args?: ObjectRemovedSubscriptionArgs, opts?: pulumi.ComponentResourceOptions): BucketEventSubscription

Creates a new subscription to events fired from this Bucket to the handler provided, along with options to control the behavior of the subscription. The handler will be called whenever an matching [s3.Object] is removed.

property accelerationStatus

public accelerationStatus: pulumi.Output<string>;

Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended.

property acl

public acl: pulumi.Output<string | undefined>;

The canned ACL to apply. Defaults to “private”. Conflicts with grant.

property arn

public arn: pulumi.Output<string>;

The ARN of the bucket. Will be of format arn:aws:s3:::bucketname.

property bucket

public bucket: pulumi.Output<string>;

The name of the bucket. If omitted, this provider will assign a random, unique name.

property bucketDomainName

public bucketDomainName: pulumi.Output<string>;

The bucket domain name. Will be of format bucketname.s3.amazonaws.com.

property bucketPrefix

public bucketPrefix: pulumi.Output<string | undefined>;

Creates a unique bucket name beginning with the specified prefix. Conflicts with bucket.

property bucketRegionalDomainName

public bucketRegionalDomainName: pulumi.Output<string>;

The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.

property corsRules

public corsRules: pulumi.Output<BucketCorsRule[] | undefined>;

A rule of Cross-Origin Resource Sharing (documented below).

property forceDestroy

public forceDestroy: pulumi.Output<boolean | undefined>;

A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.

property grants

public grants: pulumi.Output<BucketGrant[] | undefined>;

An ACL policy grant (documented below). Conflicts with acl.

property hostedZoneId

public hostedZoneId: pulumi.Output<string>;

The Route 53 Hosted Zone ID for this bucket’s region.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property lifecycleRules

public lifecycleRules: pulumi.Output<BucketLifecycleRule[] | undefined>;

A configuration of object lifecycle management (documented below).

property loggings

public loggings: pulumi.Output<BucketLogging[] | undefined>;

A settings of bucket logging (documented below).

property objectLockConfiguration

public objectLockConfiguration: pulumi.Output<BucketObjectLockConfiguration | undefined>;

A configuration of S3 object locking (documented below)

property policy

public policy: pulumi.Output<string | undefined>;

A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), the provider may view the policy as constantly changing in a pulumi up / preview / update. In this case, please make sure you use the verbose/specific version of the policy.

property region

public region: pulumi.Output<string>;

If specified, the AWS region this bucket should reside in. Otherwise, the region used by the callee.

property replicationConfiguration

public replicationConfiguration: pulumi.Output<BucketReplicationConfiguration | undefined>;

A configuration of replication configuration (documented below).

property requestPayer

public requestPayer: pulumi.Output<string>;

Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information.

property serverSideEncryptionConfiguration

public serverSideEncryptionConfiguration: pulumi.Output<BucketServerSideEncryptionConfiguration | undefined>;

A configuration of server-side encryption configuration (documented below)

property tags

public tags: pulumi.Output<{[key: string]: any} | undefined>;

A mapping of tags to assign to the bucket.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property versioning

public versioning: pulumi.Output<BucketVersioning>;

A state of versioning (documented below)

property website

public website: pulumi.Output<BucketWebsite | undefined>;

A website object (documented below).

property websiteDomain

public websiteDomain: pulumi.Output<string>;

The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.

property websiteEndpoint

public websiteEndpoint: pulumi.Output<string>;

The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.

Resource BucketMetric

class BucketMetric extends CustomResource

Provides a S3 bucket metrics configuration resource.

Example Usage

Add metrics configuration for entire S3 bucket

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.s3.Bucket("example", {});
const example_entire_bucket = new aws.s3.BucketMetric("example-entire-bucket", {
    bucket: example.bucket,
});

Add metrics configuration with S3 bucket object filter

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.s3.Bucket("example", {});
const example_filtered = new aws.s3.BucketMetric("example-filtered", {
    bucket: example.bucket,
    filter: {
        prefix: "documents/",
        tags: {
            class: "blue",
            priority: "high",
        },
    },
});

constructor

new BucketMetric(name: string, args: BucketMetricArgs, opts?: pulumi.CustomResourceOptions)

Create a BucketMetric resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: BucketMetricState, opts?: pulumi.CustomResourceOptions): BucketMetric

Get an existing BucketMetric resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is BucketMetric

Returns true if the given object is an instance of BucketMetric. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property bucket

public bucket: pulumi.Output<string>;

The name of the bucket to put metric configuration.

property filter

public filter: pulumi.Output<BucketMetricFilter | undefined>;

Object filtering that accepts a prefix, tags, or a logical AND of prefix and tags (documented below).

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

Unique identifier of the metrics configuration for the bucket.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource BucketNotification

class BucketNotification extends CustomResource

Manages a S3 Bucket Notification Configuration. For additional information, see the Configuring S3 Event Notifications section in the Amazon S3 Developer Guide.

NOTE: S3 Buckets only support a single notification configuration. Declaring multiple aws.s3.BucketNotification resources to the same S3 Bucket will cause a perpetual difference in configuration. See the example “Trigger multiple Lambda functions” for an option.

Example Usage

Add notification configuration to SNS Topic

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const bucket = new aws.s3.Bucket("bucket", {});
const topic = new aws.sns.Topic("topic", {
    policy: pulumi.interpolate`{
    "Version":"2012-10-17",
    "Statement":[{
        "Effect": "Allow",
        "Principal": {"AWS":"*"},
        "Action": "SNS:Publish",
        "Resource": "arn:aws:sns:*:*:s3-event-notification-topic",
        "Condition":{
            "ArnLike":{"aws:SourceArn":"${bucket.arn}"}
        }
    }]
}
`,
});
const bucketNotification = new aws.s3.BucketNotification("bucket_notification", {
    bucket: bucket.id,
    topics: [{
        events: ["s3:ObjectCreated:*"],
        filterSuffix: ".log",
        topicArn: topic.arn,
    }],
});

Add notification configuration to SQS Queue

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const bucket = new aws.s3.Bucket("bucket", {});
const queue = new aws.sqs.Queue("queue", {
    policy: pulumi.interpolate`{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": "*",
      "Action": "sqs:SendMessage",
	  "Resource": "arn:aws:sqs:*:*:s3-event-notification-queue",
      "Condition": {
        "ArnEquals": { "aws:SourceArn": "${bucket.arn}" }
      }
    }
  ]
}
`,
});
const bucketNotification = new aws.s3.BucketNotification("bucket_notification", {
    bucket: bucket.id,
    queues: [{
        events: ["s3:ObjectCreated:*"],
        filterSuffix: ".log",
        queueArn: queue.arn,
    }],
});

Add notification configuration to Lambda Function

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const iamForLambda = new aws.iam.Role("iamForLambda", {assumeRolePolicy: `{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "lambda.amazonaws.com"
      },
      "Effect": "Allow"
    }
  ]
}
`});
const func = new aws.lambda.Function("func", {
    code: new pulumi.asset.FileArchive("your-function.zip"),
    role: iamForLambda.arn,
    handler: "exports.example",
    runtime: "go1.x",
});
const bucket = new aws.s3.Bucket("bucket", {});
const allowBucket = new aws.lambda.Permission("allowBucket", {
    action: "lambda:InvokeFunction",
    "function": func.arn,
    principal: "s3.amazonaws.com",
    sourceArn: bucket.arn,
});
const bucketNotification = new aws.s3.BucketNotification("bucketNotification", {
    bucket: bucket.id,
    lambda_function: [{
        lambdaFunctionArn: func.arn,
        events: ["s3:ObjectCreated:*"],
        filterPrefix: "AWSLogs/",
        filterSuffix: ".log",
    }],
});

Trigger multiple Lambda functions

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const iamForLambda = new aws.iam.Role("iamForLambda", {assumeRolePolicy: `{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "lambda.amazonaws.com"
      },
      "Effect": "Allow"
    }
  ]
}
`});
const func1 = new aws.lambda.Function("func1", {
    code: new pulumi.asset.FileArchive("your-function1.zip"),
    role: iamForLambda.arn,
    handler: "exports.example",
    runtime: "go1.x",
});
const bucket = new aws.s3.Bucket("bucket", {});
const allowBucket1 = new aws.lambda.Permission("allowBucket1", {
    action: "lambda:InvokeFunction",
    "function": func1.arn,
    principal: "s3.amazonaws.com",
    sourceArn: bucket.arn,
});
const func2 = new aws.lambda.Function("func2", {
    code: new pulumi.asset.FileArchive("your-function2.zip"),
    role: iamForLambda.arn,
    handler: "exports.example",
});
const allowBucket2 = new aws.lambda.Permission("allowBucket2", {
    action: "lambda:InvokeFunction",
    "function": func2.arn,
    principal: "s3.amazonaws.com",
    sourceArn: bucket.arn,
});
const bucketNotification = new aws.s3.BucketNotification("bucketNotification", {
    bucket: bucket.id,
    lambda_function: [
        {
            lambdaFunctionArn: func1.arn,
            events: ["s3:ObjectCreated:*"],
            filterPrefix: "AWSLogs/",
            filterSuffix: ".log",
        },
        {
            lambdaFunctionArn: func2.arn,
            events: ["s3:ObjectCreated:*"],
            filterPrefix: "OtherLogs/",
            filterSuffix: ".log",
        },
    ],
});

Add multiple notification configurations to SQS Queue

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const bucket = new aws.s3.Bucket("bucket", {});
const queue = new aws.sqs.Queue("queue", {
    policy: pulumi.interpolate`{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": "*",
      "Action": "sqs:SendMessage",
	  "Resource": "arn:aws:sqs:*:*:s3-event-notification-queue",
      "Condition": {
        "ArnEquals": { "aws:SourceArn": "${bucket.arn}" }
      }
    }
  ]
}
`,
});
const bucketNotification = new aws.s3.BucketNotification("bucket_notification", {
    bucket: bucket.id,
    queues: [
        {
            events: ["s3:ObjectCreated:*"],
            filterPrefix: "images/",
            id: "image-upload-event",
            queueArn: queue.arn,
        },
        {
            events: ["s3:ObjectCreated:*"],
            filterPrefix: "videos/",
            id: "video-upload-event",
            queueArn: queue.arn,
        },
    ],
});

constructor

new BucketNotification(name: string, args: BucketNotificationArgs, opts?: pulumi.CustomResourceOptions)

Create a BucketNotification resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: BucketNotificationState, opts?: pulumi.CustomResourceOptions): BucketNotification

Get an existing BucketNotification resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is BucketNotification

Returns true if the given object is an instance of BucketNotification. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property bucket

public bucket: pulumi.Output<string>;

The name of the bucket to put notification configuration.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property lambdaFunctions

public lambdaFunctions: pulumi.Output<BucketNotificationLambdaFunction[] | undefined>;

Used to configure notifications to a Lambda Function (documented below).

property queues

public queues: pulumi.Output<BucketNotificationQueue[] | undefined>;

The notification configuration to SQS Queue (documented below).

property topics

public topics: pulumi.Output<BucketNotificationTopic[] | undefined>;

The notification configuration to SNS Topic (documented below).

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource BucketObject

class BucketObject extends CustomResource

Provides a S3 bucket object resource.

Example Usage

Uploading a file to a bucket

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const object = new aws.s3.BucketObject("object", {
    bucket: "your_bucket_name",
    // The filemd5() function is available in this provider 0.11.12 and later
    // For this provider 0.11.11 and earlier, use the md5() function and the file() function:
    // etag = "${md5(file("path/to/file"))}"
    etag: (() => {
        throw "tf2pulumi error: NYI: call to filemd5";
        return (() => { throw "NYI: call to filemd5"; })();
    })(),
    key: "new_object_key",
    source: new pulumi.asset.FileAsset("path/to/file"),
});

Encrypting with KMS Key

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const examplekms = new aws.kms.Key("examplekms", {
    deletionWindowInDays: 7,
    description: "KMS key 1",
});
const examplebucket = new aws.s3.Bucket("examplebucket", {
    acl: "private",
});
const examplebucketObject = new aws.s3.BucketObject("examplebucket_object", {
    bucket: examplebucket.id,
    key: "someobject",
    kmsKeyId: examplekms.arn,
    source: new pulumi.asset.FileAsset("index.html"),
});

Server Side Encryption with S3 Default Master Key

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const examplebucket = new aws.s3.Bucket("examplebucket", {
    acl: "private",
});
const examplebucketObject = new aws.s3.BucketObject("examplebucket_object", {
    bucket: examplebucket.id,
    key: "someobject",
    serverSideEncryption: "aws:kms",
    source: new pulumi.asset.FileAsset("index.html"),
});

Server Side Encryption with AWS-Managed Key

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const examplebucket = new aws.s3.Bucket("examplebucket", {
    acl: "private",
});
const examplebucketObject = new aws.s3.BucketObject("examplebucket_object", {
    bucket: examplebucket.id,
    key: "someobject",
    serverSideEncryption: "AES256",
    source: new pulumi.asset.FileAsset("index.html"),
});

S3 Object Lock

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const examplebucket = new aws.s3.Bucket("examplebucket", {
    acl: "private",
    objectLockConfiguration: {
        objectLockEnabled: "Enabled",
    },
    versioning: {
        enabled: true,
    },
});
const examplebucketObject = new aws.s3.BucketObject("examplebucket_object", {
    bucket: examplebucket.id,
    forceDestroy: true,
    key: "someobject",
    objectLockLegalHoldStatus: "ON",
    objectLockMode: "GOVERNANCE",
    objectLockRetainUntilDate: "2021-12-31T23:59:60Z",
    source: new pulumi.asset.FileAsset("important.txt"),
});

constructor

new BucketObject(name: string, args: BucketObjectArgs, opts?: pulumi.CustomResourceOptions)

Create a BucketObject resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: BucketObjectState, opts?: pulumi.CustomResourceOptions): BucketObject

Get an existing BucketObject resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is BucketObject

Returns true if the given object is an instance of BucketObject. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property acl

public acl: pulumi.Output<string | undefined>;

The canned ACL to apply. Defaults to “private”.

property bucket

public bucket: pulumi.Output<string>;

The name of the bucket to put the file in. Alternatively, an S3 access point ARN can be specified.

property cacheControl

public cacheControl: pulumi.Output<string | undefined>;

Specifies caching behavior along the request/reply chain Read w3c cacheControl for further details.

property content

public content: pulumi.Output<string | undefined>;

Literal string value to use as the object content, which will be uploaded as UTF-8-encoded text.

property contentBase64

public contentBase64: pulumi.Output<string | undefined>;

Base64-encoded data that will be decoded and uploaded as raw bytes for the object content. This allows safely uploading non-UTF8 binary data, but is recommended only for small content such as the result of the gzipbase64 function with small text strings. For larger objects, use source to stream the content from a disk file.

property contentDisposition

public contentDisposition: pulumi.Output<string | undefined>;

Specifies presentational information for the object. Read w3c contentDisposition for further information.

property contentEncoding

public contentEncoding: pulumi.Output<string | undefined>;

Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field. Read w3c content encoding for further information.

property contentLanguage

public contentLanguage: pulumi.Output<string | undefined>;

The language the content is in e.g. en-US or en-GB.

property contentType

public contentType: pulumi.Output<string>;

A standard MIME type describing the format of the object data, e.g. application/octet-stream. All Valid MIME Types are valid for this input.

property etag

public etag: pulumi.Output<string>;

Used to trigger updates. The only meaningful value is ${filemd5("path/to/file")} (this provider 0.11.12 or later) or ${md5(file("path/to/file"))} (this provider 0.11.11 or earlier). This attribute is not compatible with KMS encryption, kmsKeyId or serverSideEncryption = "aws:kms".

property forceDestroy

public forceDestroy: pulumi.Output<boolean | undefined>;

Allow the object to be deleted by removing any legal hold on any object version. Default is false. This value should be set to true only if the bucket has S3 object lock enabled.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property key

public key: pulumi.Output<string>;

The name of the object once it is in the bucket.

property kmsKeyId

public kmsKeyId: pulumi.Output<string | undefined>;

Specifies the AWS KMS Key ARN to use for object encryption. This value is a fully qualified ARN of the KMS Key. If using aws.kms.Key, use the exported arn attribute: kmsKeyId = "${aws_kms_key.foo.arn}"

property metadata

public metadata: pulumi.Output<{[key: string]: string} | undefined>;

A map of keys/values to provision metadata (will be automatically prefixed by x-amz-meta-, note that only lowercase label are currently supported by the AWS Go API).

property objectLockLegalHoldStatus

public objectLockLegalHoldStatus: pulumi.Output<string | undefined>;

The legal hold status that you want to apply to the specified object. Valid values are ON and OFF.

property objectLockMode

public objectLockMode: pulumi.Output<string | undefined>;

The object lock retention mode that you want to apply to this object. Valid values are GOVERNANCE and COMPLIANCE.

property objectLockRetainUntilDate

public objectLockRetainUntilDate: pulumi.Output<string | undefined>;

The date and time, in RFC3339 format, when this object’s object lock will expire.

property serverSideEncryption

public serverSideEncryption: pulumi.Output<string>;

Specifies server-side encryption of the object in S3. Valid values are “AES256” and “aws:kms”.

property source

public source: pulumi.Output<Asset | Archive | undefined>;

The path to a file that will be read and uploaded as raw bytes for the object content.

property storageClass

public storageClass: pulumi.Output<string>;

Specifies the desired Storage Class for the object. Can be either “STANDARD”, “REDUCED_REDUNDANCY”, “ONEZONE_IA”, “INTELLIGENT_TIERING”, “GLACIER”, “DEEP_ARCHIVE”, or “STANDARD_IA”. Defaults to “STANDARD”.

property tags

public tags: pulumi.Output<{[key: string]: any} | undefined>;

A map of tags to assign to the object.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property versionId

public versionId: pulumi.Output<string>;

A unique version ID value for the object, if bucket versioning is enabled.

property websiteRedirect

public websiteRedirect: pulumi.Output<string | undefined>;

Specifies a target URL for website redirect.

Resource BucketPolicy

class BucketPolicy extends CustomResource

Attaches a policy to an S3 bucket resource.

Example Usage

Basic Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const bucket = new aws.s3.Bucket("b", {});
const bucketPolicy = new aws.s3.BucketPolicy("b", {
    bucket: bucket.id,
    policy: `{
  "Version": "2012-10-17",
  "Id": "MYBUCKETPOLICY",
  "Statement": [
    {
      "Sid": "IPAllow",
      "Effect": "Deny",
      "Principal": "*",
      "Action": "s3:*",
      "Resource": "arn:aws:s3:::my_tf_test_bucket/*",
      "Condition": {
         "IpAddress": {"aws:SourceIp": "8.8.8.8/32"}
      }
    }
  ]
}
`,
});

constructor

new BucketPolicy(name: string, args: BucketPolicyArgs, opts?: pulumi.CustomResourceOptions)

Create a BucketPolicy resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: BucketPolicyState, opts?: pulumi.CustomResourceOptions): BucketPolicy

Get an existing BucketPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is BucketPolicy

Returns true if the given object is an instance of BucketPolicy. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property bucket

public bucket: pulumi.Output<string>;

The name of the bucket to which to apply the policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property policy

public policy: pulumi.Output<string>;

The text of the policy.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource BucketPublicAccessBlock

class BucketPublicAccessBlock extends CustomResource

Manages S3 bucket-level Public Access Block configuration. For more information about these settings, see the AWS S3 Block Public Access documentation.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const exampleBucket = new aws.s3.Bucket("example", {});
const exampleBucketPublicAccessBlock = new aws.s3.BucketPublicAccessBlock("example", {
    blockPublicAcls: true,
    blockPublicPolicy: true,
    bucket: exampleBucket.id,
});

constructor

new BucketPublicAccessBlock(name: string, args: BucketPublicAccessBlockArgs, opts?: pulumi.CustomResourceOptions)

Create a BucketPublicAccessBlock resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: BucketPublicAccessBlockState, opts?: pulumi.CustomResourceOptions): BucketPublicAccessBlock

Get an existing BucketPublicAccessBlock resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is BucketPublicAccessBlock

Returns true if the given object is an instance of BucketPublicAccessBlock. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property blockPublicAcls

public blockPublicAcls: pulumi.Output<boolean | undefined>;

Whether Amazon S3 should block public ACLs for this bucket. Defaults to false. Enabling this setting does not affect existing policies or ACLs. When set to true causes the following behavior: * PUT Bucket acl and PUT Object acl calls will fail if the specified ACL allows public access. * PUT Object calls will fail if the request includes an object ACL.

property blockPublicPolicy

public blockPublicPolicy: pulumi.Output<boolean | undefined>;

Whether Amazon S3 should block public bucket policies for this bucket. Defaults to false. Enabling this setting does not affect the existing bucket policy. When set to true causes Amazon S3 to: * Reject calls to PUT Bucket policy if the specified bucket policy allows public access.

property bucket

public bucket: pulumi.Output<string>;

S3 Bucket to which this Public Access Block configuration should be applied.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property ignorePublicAcls

public ignorePublicAcls: pulumi.Output<boolean | undefined>;

Whether Amazon S3 should ignore public ACLs for this bucket. Defaults to false. Enabling this setting does not affect the persistence of any existing ACLs and doesn’t prevent new public ACLs from being set. When set to true causes Amazon S3 to: * Ignore public ACLs on this bucket and any objects that it contains.

property restrictPublicBuckets

public restrictPublicBuckets: pulumi.Output<boolean | undefined>;

Whether Amazon S3 should restrict public bucket policies for this bucket. Defaults to false. Enabling this setting does not affect the previously stored bucket policy, except that public and cross-account access within the public bucket policy, including non-public delegation to specific accounts, is blocked. When set to true: * Only the bucket owner and AWS Services can access this buckets if it has a public policy.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource Inventory

class Inventory extends CustomResource

Provides a S3 bucket inventory configuration resource.

Example Usage

Add inventory configuration

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const testBucket = new aws.s3.Bucket("test", {});
const inventory = new aws.s3.Bucket("inventory", {});
const testInventory = new aws.s3.Inventory("test", {
    bucket: testBucket.id,
    destination: {
        bucket: {
            bucketArn: inventory.arn,
            format: "ORC",
        },
    },
    includedObjectVersions: "All",
    schedule: {
        frequency: "Daily",
    },
});

Add inventory configuration with S3 bucket object prefix

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const test = new aws.s3.Bucket("test", {});
const inventory = new aws.s3.Bucket("inventory", {});
const test_prefix = new aws.s3.Inventory("test-prefix", {
    bucket: test.id,
    destination: {
        bucket: {
            bucketArn: inventory.arn,
            format: "ORC",
            prefix: "inventory",
        },
    },
    filter: {
        prefix: "documents/",
    },
    includedObjectVersions: "All",
    schedule: {
        frequency: "Daily",
    },
});

constructor

new Inventory(name: string, args: InventoryArgs, opts?: pulumi.CustomResourceOptions)

Create a Inventory resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: InventoryState, opts?: pulumi.CustomResourceOptions): Inventory

Get an existing Inventory resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Inventory

Returns true if the given object is an instance of Inventory. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property bucket

public bucket: pulumi.Output<string>;

The name of the bucket where the inventory configuration will be stored.

property destination

public destination: pulumi.Output<InventoryDestination>;

Contains information about where to publish the inventory results (documented below).

property enabled

public enabled: pulumi.Output<boolean | undefined>;

Specifies whether the inventory is enabled or disabled.

property filter

public filter: pulumi.Output<InventoryFilter | undefined>;

Specifies an inventory filter. The inventory only includes objects that meet the filter’s criteria (documented below).

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property includedObjectVersions

public includedObjectVersions: pulumi.Output<string>;

Object versions to include in the inventory list. Valid values: All, Current.

property name

public name: pulumi.Output<string>;

Unique identifier of the inventory configuration for the bucket.

property optionalFields

public optionalFields: pulumi.Output<string[] | undefined>;

List of optional fields that are included in the inventory results. Valid values: Size, LastModifiedDate, StorageClass, ETag, IsMultipartUploaded, ReplicationStatus, EncryptionStatus, ObjectLockRetainUntilDate, ObjectLockMode, ObjectLockLegalHoldStatus, IntelligentTieringAccessTier.

property schedule

public schedule: pulumi.Output<InventorySchedule>;

Specifies the schedule for generating inventory results (documented below).

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Functions

Function getBucket

getBucket(args: GetBucketArgs, opts?: pulumi.InvokeOptions): Promise<GetBucketResult>

Provides details about a specific S3 bucket.

This resource may prove useful when setting up a Route53 record, or an origin for a CloudFront Distribution.

Example Usage

Route53 Record

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const selected = pulumi.output(aws.s3.getBucket({
    bucket: "bucket.test.com",
}, { async: true }));
const testZone = pulumi.output(aws.route53.getZone({
    name: "test.com.",
}, { async: true }));
const example = new aws.route53.Record("example", {
    aliases: [{
        name: selected.websiteDomain,
        zoneId: selected.hostedZoneId,
    }],
    name: "bucket",
    type: "A",
    zoneId: testZone.id,
});

CloudFront Origin

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const selected = pulumi.output(aws.s3.getBucket({
    bucket: "a-test-bucket",
}, { async: true }));
const test = new aws.cloudfront.Distribution("test", {
    origins: [{
        domainName: selected.bucketDomainName,
        originId: "s3-selected-bucket",
    }],
});

Function getBucketObject

getBucketObject(args: GetBucketObjectArgs, opts?: pulumi.InvokeOptions): Promise<GetBucketObjectResult>

The S3 object data source allows access to the metadata and optionally (see below) content of an object stored inside S3 bucket.

Note: The content of an object (body field) is available only for objects which have a human-readable Content-Type (text/* and application/json). This is to prevent printing unsafe characters and potentially downloading large amount of data which would be thrown away in favour of metadata.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const bootstrapScript = pulumi.output(aws.s3.getBucketObject({
    bucket: "ourcorp-deploy-config",
    key: "ec2-bootstrap-script.sh",
}, { async: true }));
const example = new aws.ec2.Instance("example", {
    ami: "ami-2757f631",
    instanceType: "t2.micro",
    userData: bootstrapScript.body,
});

Function getBucketObjects

getBucketObjects(args: GetBucketObjectsArgs, opts?: pulumi.InvokeOptions): Promise<GetBucketObjectsResult>

NOTE on maxKeys: Retrieving very large numbers of keys can adversely affect this provider’s performance.

The bucket-objects data source returns keys (i.e., file names) and other metadata about objects in an S3 bucket.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const myObjects = pulumi.output(aws.s3.getBucketObjects({
    bucket: "ourcorp",
}, { async: true }));
const objectInfo: pulumi.Output<aws.s3.GetBucketObjectResult>[] = [];
for (let i = 0; i < myObjects.apply(myObjects => myObjects.keys.length); i++) {
    objectInfo.push(pulumi.all([myObjects, myObjects]).apply(([myObjects, myObjects1]) => aws.s3.getBucketObject({
        bucket: myObjects.bucket,
        key: myObjects1.keys[i],
    }, { async: true })));
}

Others

interface AccessPointArgs

interface AccessPointArgs

The set of arguments for constructing a AccessPoint resource.

property accountId

accountId?: pulumi.Input<string>;

The AWS account ID for the owner of the bucket for which you want to create an access point. Defaults to automatically determined account ID of the provider.

property bucket

bucket: pulumi.Input<string>;

The name of the bucket that you want to associate this access point with.

property name

name?: pulumi.Input<string>;

The name you want to assign to this access point.

property policy

policy?: pulumi.Input<string>;

A valid JSON document that specifies the policy that you want to apply to this access point.

property publicAccessBlockConfiguration

publicAccessBlockConfiguration?: pulumi.Input<AccessPointPublicAccessBlockConfiguration>;

Configuration block to manage the PublicAccessBlock configuration that you want to apply to this Amazon S3 bucket. You can enable the configuration options in any combination. Detailed below.

property vpcConfiguration

vpcConfiguration?: pulumi.Input<AccessPointVpcConfiguration>;

Configuration block to restrict access to this access point to requests from the specified Virtual Private Cloud (VPC). Detailed below.

interface AccessPointState

interface AccessPointState

Input properties used for looking up and filtering AccessPoint resources.

property accountId

accountId?: pulumi.Input<string>;

The AWS account ID for the owner of the bucket for which you want to create an access point. Defaults to automatically determined account ID of the provider.

property arn

arn?: pulumi.Input<string>;

Amazon Resource Name (ARN) of the S3 Access Point.

property bucket

bucket?: pulumi.Input<string>;

The name of the bucket that you want to associate this access point with.

property domainName

domainName?: pulumi.Input<string>;

The DNS domain name of the S3 Access Point in the format name-accountId.s3-accesspoint.region.amazonaws.com. Note: S3 access points only support secure access by HTTPS. HTTP isn’t supported.

property hasPublicAccessPolicy

hasPublicAccessPolicy?: pulumi.Input<boolean>;

Indicates whether this access point currently has a policy that allows public access.

property name

name?: pulumi.Input<string>;

The name you want to assign to this access point.

property networkOrigin

networkOrigin?: pulumi.Input<string>;

Indicates whether this access point allows access from the public Internet. Values are VPC (the access point doesn’t allow access from the public Internet) and Internet (the access point allows access from the public Internet, subject to the access point and bucket access policies).

property policy

policy?: pulumi.Input<string>;

A valid JSON document that specifies the policy that you want to apply to this access point.

property publicAccessBlockConfiguration

publicAccessBlockConfiguration?: pulumi.Input<AccessPointPublicAccessBlockConfiguration>;

Configuration block to manage the PublicAccessBlock configuration that you want to apply to this Amazon S3 bucket. You can enable the configuration options in any combination. Detailed below.

property vpcConfiguration

vpcConfiguration?: pulumi.Input<AccessPointVpcConfiguration>;

Configuration block to restrict access to this access point to requests from the specified Virtual Private Cloud (VPC). Detailed below.

interface AccountPublicAccessBlockArgs

interface AccountPublicAccessBlockArgs

The set of arguments for constructing a AccountPublicAccessBlock resource.

property accountId

accountId?: pulumi.Input<string>;

AWS account ID to configure. Defaults to automatically determined account ID of the this provider AWS provider.

property blockPublicAcls

blockPublicAcls?: pulumi.Input<boolean>;

Whether Amazon S3 should block public ACLs for buckets in this account. Defaults to false. Enabling this setting does not affect existing policies or ACLs. When set to true causes the following behavior: * PUT Bucket acl and PUT Object acl calls will fail if the specified ACL allows public access. * PUT Object calls will fail if the request includes an object ACL.

property blockPublicPolicy

blockPublicPolicy?: pulumi.Input<boolean>;

Whether Amazon S3 should block public bucket policies for buckets in this account. Defaults to false. Enabling this setting does not affect existing bucket policies. When set to true causes Amazon S3 to: * Reject calls to PUT Bucket policy if the specified bucket policy allows public access.

property ignorePublicAcls

ignorePublicAcls?: pulumi.Input<boolean>;

Whether Amazon S3 should ignore public ACLs for buckets in this account. Defaults to false. Enabling this setting does not affect the persistence of any existing ACLs and doesn’t prevent new public ACLs from being set. When set to true causes Amazon S3 to: * Ignore all public ACLs on buckets in this account and any objects that they contain.

property restrictPublicBuckets

restrictPublicBuckets?: pulumi.Input<boolean>;

Whether Amazon S3 should restrict public bucket policies for buckets in this account. Defaults to false. Enabling this setting does not affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked. When set to true: * Only the bucket owner and AWS Services can access buckets with public policies.

interface AccountPublicAccessBlockState

interface AccountPublicAccessBlockState

Input properties used for looking up and filtering AccountPublicAccessBlock resources.

property accountId

accountId?: pulumi.Input<string>;

AWS account ID to configure. Defaults to automatically determined account ID of the this provider AWS provider.

property blockPublicAcls

blockPublicAcls?: pulumi.Input<boolean>;

Whether Amazon S3 should block public ACLs for buckets in this account. Defaults to false. Enabling this setting does not affect existing policies or ACLs. When set to true causes the following behavior: * PUT Bucket acl and PUT Object acl calls will fail if the specified ACL allows public access. * PUT Object calls will fail if the request includes an object ACL.

property blockPublicPolicy

blockPublicPolicy?: pulumi.Input<boolean>;

Whether Amazon S3 should block public bucket policies for buckets in this account. Defaults to false. Enabling this setting does not affect existing bucket policies. When set to true causes Amazon S3 to: * Reject calls to PUT Bucket policy if the specified bucket policy allows public access.

property ignorePublicAcls

ignorePublicAcls?: pulumi.Input<boolean>;

Whether Amazon S3 should ignore public ACLs for buckets in this account. Defaults to false. Enabling this setting does not affect the persistence of any existing ACLs and doesn’t prevent new public ACLs from being set. When set to true causes Amazon S3 to: * Ignore all public ACLs on buckets in this account and any objects that they contain.

property restrictPublicBuckets

restrictPublicBuckets?: pulumi.Input<boolean>;

Whether Amazon S3 should restrict public bucket policies for buckets in this account. Defaults to false. Enabling this setting does not affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked. When set to true: * Only the bucket owner and AWS Services can access buckets with public policies.

interface AnalyticsConfigurationArgs

interface AnalyticsConfigurationArgs

The set of arguments for constructing a AnalyticsConfiguration resource.

property bucket

bucket: pulumi.Input<string>;

The name of the bucket this analytics configuration is associated with.

property filter

filter?: pulumi.Input<AnalyticsConfigurationFilter>;

Object filtering that accepts a prefix, tags, or a logical AND of prefix and tags (documented below).

property name

name?: pulumi.Input<string>;

Unique identifier of the analytics configuration for the bucket.

property storageClassAnalysis

storageClassAnalysis?: pulumi.Input<AnalyticsConfigurationStorageClassAnalysis>;

Configuration for the analytics data export (documented below).

interface AnalyticsConfigurationState

interface AnalyticsConfigurationState

Input properties used for looking up and filtering AnalyticsConfiguration resources.

property bucket

bucket?: pulumi.Input<string>;

The name of the bucket this analytics configuration is associated with.

property filter

filter?: pulumi.Input<AnalyticsConfigurationFilter>;

Object filtering that accepts a prefix, tags, or a logical AND of prefix and tags (documented below).

property name

name?: pulumi.Input<string>;

Unique identifier of the analytics configuration for the bucket.

property storageClassAnalysis

storageClassAnalysis?: pulumi.Input<AnalyticsConfigurationStorageClassAnalysis>;

Configuration for the analytics data export (documented below).

let AuthenticatedReadAcl

let AuthenticatedReadAcl: CannedAcl = "authenticated-read";

let AwsExecReadAcl

let AwsExecReadAcl: CannedAcl = "aws-exec-read";

interface BucketArgs

interface BucketArgs

The set of arguments for constructing a Bucket resource.

property accelerationStatus

accelerationStatus?: pulumi.Input<string>;

Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended.

property acl

acl?: pulumi.Input<string | CannedAcl>;

The canned ACL to apply. Defaults to “private”. Conflicts with grant.

property arn

arn?: pulumi.Input<string>;

The ARN of the bucket. Will be of format arn:aws:s3:::bucketname.

property bucket

bucket?: pulumi.Input<string>;

The name of the bucket. If omitted, this provider will assign a random, unique name.

property bucketPrefix

bucketPrefix?: pulumi.Input<string>;

Creates a unique bucket name beginning with the specified prefix. Conflicts with bucket.

property corsRules

corsRules?: pulumi.Input<pulumi.Input<BucketCorsRule>[]>;

A rule of Cross-Origin Resource Sharing (documented below).

property forceDestroy

forceDestroy?: pulumi.Input<boolean>;

A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.

property grants

grants?: pulumi.Input<pulumi.Input<BucketGrant>[]>;

An ACL policy grant (documented below). Conflicts with acl.

property hostedZoneId

hostedZoneId?: pulumi.Input<string>;

The Route 53 Hosted Zone ID for this bucket’s region.

property lifecycleRules

lifecycleRules?: pulumi.Input<pulumi.Input<BucketLifecycleRule>[]>;

A configuration of object lifecycle management (documented below).

property loggings

loggings?: pulumi.Input<pulumi.Input<BucketLogging>[]>;

A settings of bucket logging (documented below).

property objectLockConfiguration

objectLockConfiguration?: pulumi.Input<BucketObjectLockConfiguration>;

A configuration of S3 object locking (documented below)

property policy

policy?: pulumi.Input<string | PolicyDocument>;

A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), the provider may view the policy as constantly changing in a pulumi up / preview / update. In this case, please make sure you use the verbose/specific version of the policy.

property region

region?: pulumi.Input<string>;

If specified, the AWS region this bucket should reside in. Otherwise, the region used by the callee.

property replicationConfiguration

replicationConfiguration?: pulumi.Input<BucketReplicationConfiguration>;

A configuration of replication configuration (documented below).

property requestPayer

requestPayer?: pulumi.Input<string>;

Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information.

property serverSideEncryptionConfiguration

serverSideEncryptionConfiguration?: pulumi.Input<BucketServerSideEncryptionConfiguration>;

A configuration of server-side encryption configuration (documented below)

property tags

tags?: pulumi.Input<{[key: string]: any}>;

A mapping of tags to assign to the bucket.

property versioning

versioning?: pulumi.Input<BucketVersioning>;

A state of versioning (documented below)

property website

website?: pulumi.Input<BucketWebsite>;

A website object (documented below).

property websiteDomain

websiteDomain?: pulumi.Input<string>;

The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.

property websiteEndpoint

websiteEndpoint?: pulumi.Input<string>;

The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.

interface BucketEvent

interface BucketEvent

property Records

Records?: BucketRecord[];

type BucketEventHandler

type BucketEventHandler = lambda.EventHandler<BucketEvent, void>;

class BucketEventSubscription

class BucketEventSubscription extends EventSubscription

A component corresponding to a single underlying aws.s3.BucketNotification created for a bucket. Note: due to the AWS requirement that all notifications for a bucket be defined at once, the actual aws.s3.BucketNotification instances will only be created once the pulumi program runs to completion and all subscriptions have been heard about.

constructor

public new BucketEventSubscription(name: string, bucket: Bucket, handler: BucketEventHandler, args: BucketEventSubscriptionArgs, opts: ComponentResourceOptions)

method getData

protected getData(): Promise<TData>

Retrieves the data produces by [initialize]. The data is immediately available in a derived class’s constructor after the super(...) call to ComponentResource.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method initialize

protected initialize(args: Inputs): Promise<TData>

Can be overridden by a subclass to asynchronously initialize data for this Component automatically when constructed. The data will be available immediately for subclass constructors to use. To access the data use .getData.

method isInstance

static isInstance(obj: any): obj is ComponentResource

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

method registerOutputs

protected registerOutputs(outputs?: Inputs | Promise<Inputs> | Output<Inputs>): void

registerOutputs registers synthetic outputs that a component has initialized, usually by allocating other child sub-resources and propagating their resulting property values.

ComponentResources can call this at the end of their constructor to indicate that they are done creating child resources. This is not strictly necessary as this will automatically be called after the initialize method completes.

property bucket

public bucket: Bucket;

property func

public func: LambdaFunction;

property permission

public permission: Permission;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

interface BucketEventSubscriptionArgs

interface BucketEventSubscriptionArgs extends CommonBucketSubscriptionArgs

property events

events: string[];

Events to subscribe to. For example: “[s3:ObjectCreated:*]“. Cannot be empty.

property filterPrefix

filterPrefix?: undefined | string;

An optional prefix to filter down notifications. See aws.s3.BucketNotification.lambdaFunctions for more details.

property filterSuffix

filterSuffix?: undefined | string;

An optional suffix to filter down notifications. See aws.s3.BucketNotification.lambdaFunctions for more details.

interface BucketMetricArgs

interface BucketMetricArgs

The set of arguments for constructing a BucketMetric resource.

property bucket

bucket: pulumi.Input<string>;

The name of the bucket to put metric configuration.

property filter

filter?: pulumi.Input<BucketMetricFilter>;

Object filtering that accepts a prefix, tags, or a logical AND of prefix and tags (documented below).

property name

name?: pulumi.Input<string>;

Unique identifier of the metrics configuration for the bucket.

interface BucketMetricState

interface BucketMetricState

Input properties used for looking up and filtering BucketMetric resources.

property bucket

bucket?: pulumi.Input<string>;

The name of the bucket to put metric configuration.

property filter

filter?: pulumi.Input<BucketMetricFilter>;

Object filtering that accepts a prefix, tags, or a logical AND of prefix and tags (documented below).

property name

name?: pulumi.Input<string>;

Unique identifier of the metrics configuration for the bucket.

interface BucketNotificationArgs

interface BucketNotificationArgs

The set of arguments for constructing a BucketNotification resource.

property bucket

bucket: pulumi.Input<string>;

The name of the bucket to put notification configuration.

property lambdaFunctions

lambdaFunctions?: pulumi.Input<pulumi.Input<BucketNotificationLambdaFunction>[]>;

Used to configure notifications to a Lambda Function (documented below).

property queues

queues?: pulumi.Input<pulumi.Input<BucketNotificationQueue>[]>;

The notification configuration to SQS Queue (documented below).

property topics

topics?: pulumi.Input<pulumi.Input<BucketNotificationTopic>[]>;

The notification configuration to SNS Topic (documented below).

interface BucketNotificationState

interface BucketNotificationState

Input properties used for looking up and filtering BucketNotification resources.

property bucket

bucket?: pulumi.Input<string>;

The name of the bucket to put notification configuration.

property lambdaFunctions

lambdaFunctions?: pulumi.Input<pulumi.Input<BucketNotificationLambdaFunction>[]>;

Used to configure notifications to a Lambda Function (documented below).

property queues

queues?: pulumi.Input<pulumi.Input<BucketNotificationQueue>[]>;

The notification configuration to SQS Queue (documented below).

property topics

topics?: pulumi.Input<pulumi.Input<BucketNotificationTopic>[]>;

The notification configuration to SNS Topic (documented below).

interface BucketObjectArgs

interface BucketObjectArgs

The set of arguments for constructing a BucketObject resource.

property acl

acl?: pulumi.Input<string>;

The canned ACL to apply. Defaults to “private”.

property bucket

bucket: pulumi.Input<string | Bucket>;

The name of the bucket to put the file in. Alternatively, an S3 access point ARN can be specified.

property cacheControl

cacheControl?: pulumi.Input<string>;

Specifies caching behavior along the request/reply chain Read w3c cacheControl for further details.

property content

content?: pulumi.Input<string>;

Literal string value to use as the object content, which will be uploaded as UTF-8-encoded text.

property contentBase64

contentBase64?: pulumi.Input<string>;

Base64-encoded data that will be decoded and uploaded as raw bytes for the object content. This allows safely uploading non-UTF8 binary data, but is recommended only for small content such as the result of the gzipbase64 function with small text strings. For larger objects, use source to stream the content from a disk file.

property contentDisposition

contentDisposition?: pulumi.Input<string>;

Specifies presentational information for the object. Read w3c contentDisposition for further information.

property contentEncoding

contentEncoding?: pulumi.Input<string>;

Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field. Read w3c content encoding for further information.

property contentLanguage

contentLanguage?: pulumi.Input<string>;

The language the content is in e.g. en-US or en-GB.

property contentType

contentType?: pulumi.Input<string>;

A standard MIME type describing the format of the object data, e.g. application/octet-stream. All Valid MIME Types are valid for this input.

property etag

etag?: pulumi.Input<string>;

Used to trigger updates. The only meaningful value is ${filemd5("path/to/file")} (this provider 0.11.12 or later) or ${md5(file("path/to/file"))} (this provider 0.11.11 or earlier). This attribute is not compatible with KMS encryption, kmsKeyId or serverSideEncryption = "aws:kms".

property forceDestroy

forceDestroy?: pulumi.Input<boolean>;

Allow the object to be deleted by removing any legal hold on any object version. Default is false. This value should be set to true only if the bucket has S3 object lock enabled.

property key

key?: pulumi.Input<string>;

The name of the object once it is in the bucket.

property kmsKeyId

kmsKeyId?: pulumi.Input<string>;

Specifies the AWS KMS Key ARN to use for object encryption. This value is a fully qualified ARN of the KMS Key. If using aws.kms.Key, use the exported arn attribute: kmsKeyId = "${aws_kms_key.foo.arn}"

property metadata

metadata?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;

A map of keys/values to provision metadata (will be automatically prefixed by x-amz-meta-, note that only lowercase label are currently supported by the AWS Go API).

property objectLockLegalHoldStatus

objectLockLegalHoldStatus?: pulumi.Input<string>;

The legal hold status that you want to apply to the specified object. Valid values are ON and OFF.

property objectLockMode

objectLockMode?: pulumi.Input<string>;

The object lock retention mode that you want to apply to this object. Valid values are GOVERNANCE and COMPLIANCE.

property objectLockRetainUntilDate

objectLockRetainUntilDate?: pulumi.Input<string>;

The date and time, in RFC3339 format, when this object’s object lock will expire.

property serverSideEncryption

serverSideEncryption?: pulumi.Input<string>;

Specifies server-side encryption of the object in S3. Valid values are “AES256” and “aws:kms”.

property source

source?: pulumi.Input<Asset | Archive>;

The path to a file that will be read and uploaded as raw bytes for the object content.

property storageClass

storageClass?: pulumi.Input<string>;

Specifies the desired Storage Class for the object. Can be either “STANDARD”, “REDUCED_REDUNDANCY”, “ONEZONE_IA”, “INTELLIGENT_TIERING”, “GLACIER”, “DEEP_ARCHIVE”, or “STANDARD_IA”. Defaults to “STANDARD”.

property tags

tags?: pulumi.Input<{[key: string]: any}>;

A map of tags to assign to the object.

property websiteRedirect

websiteRedirect?: pulumi.Input<string>;

Specifies a target URL for website redirect.

interface BucketObjectState

interface BucketObjectState

Input properties used for looking up and filtering BucketObject resources.

property acl

acl?: pulumi.Input<string>;

The canned ACL to apply. Defaults to “private”.

property bucket

bucket?: pulumi.Input<string | Bucket>;

The name of the bucket to put the file in. Alternatively, an S3 access point ARN can be specified.

property cacheControl

cacheControl?: pulumi.Input<string>;

Specifies caching behavior along the request/reply chain Read w3c cacheControl for further details.

property content

content?: pulumi.Input<string>;

Literal string value to use as the object content, which will be uploaded as UTF-8-encoded text.

property contentBase64

contentBase64?: pulumi.Input<string>;

Base64-encoded data that will be decoded and uploaded as raw bytes for the object content. This allows safely uploading non-UTF8 binary data, but is recommended only for small content such as the result of the gzipbase64 function with small text strings. For larger objects, use source to stream the content from a disk file.

property contentDisposition

contentDisposition?: pulumi.Input<string>;

Specifies presentational information for the object. Read w3c contentDisposition for further information.

property contentEncoding

contentEncoding?: pulumi.Input<string>;

Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field. Read w3c content encoding for further information.

property contentLanguage

contentLanguage?: pulumi.Input<string>;

The language the content is in e.g. en-US or en-GB.

property contentType

contentType?: pulumi.Input<string>;

A standard MIME type describing the format of the object data, e.g. application/octet-stream. All Valid MIME Types are valid for this input.

property etag

etag?: pulumi.Input<string>;

Used to trigger updates. The only meaningful value is ${filemd5("path/to/file")} (this provider 0.11.12 or later) or ${md5(file("path/to/file"))} (this provider 0.11.11 or earlier). This attribute is not compatible with KMS encryption, kmsKeyId or serverSideEncryption = "aws:kms".

property forceDestroy

forceDestroy?: pulumi.Input<boolean>;

Allow the object to be deleted by removing any legal hold on any object version. Default is false. This value should be set to true only if the bucket has S3 object lock enabled.

property key

key?: pulumi.Input<string>;

The name of the object once it is in the bucket.

property kmsKeyId

kmsKeyId?: pulumi.Input<string>;

Specifies the AWS KMS Key ARN to use for object encryption. This value is a fully qualified ARN of the KMS Key. If using aws.kms.Key, use the exported arn attribute: kmsKeyId = "${aws_kms_key.foo.arn}"

property metadata

metadata?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;

A map of keys/values to provision metadata (will be automatically prefixed by x-amz-meta-, note that only lowercase label are currently supported by the AWS Go API).

property objectLockLegalHoldStatus

objectLockLegalHoldStatus?: pulumi.Input<string>;

The legal hold status that you want to apply to the specified object. Valid values are ON and OFF.

property objectLockMode

objectLockMode?: pulumi.Input<string>;

The object lock retention mode that you want to apply to this object. Valid values are GOVERNANCE and COMPLIANCE.

property objectLockRetainUntilDate

objectLockRetainUntilDate?: pulumi.Input<string>;

The date and time, in RFC3339 format, when this object’s object lock will expire.

property serverSideEncryption

serverSideEncryption?: pulumi.Input<string>;

Specifies server-side encryption of the object in S3. Valid values are “AES256” and “aws:kms”.

property source

source?: pulumi.Input<Asset | Archive>;

The path to a file that will be read and uploaded as raw bytes for the object content.

property storageClass

storageClass?: pulumi.Input<string>;

Specifies the desired Storage Class for the object. Can be either “STANDARD”, “REDUCED_REDUNDANCY”, “ONEZONE_IA”, “INTELLIGENT_TIERING”, “GLACIER”, “DEEP_ARCHIVE”, or “STANDARD_IA”. Defaults to “STANDARD”.

property tags

tags?: pulumi.Input<{[key: string]: any}>;

A map of tags to assign to the object.

property versionId

versionId?: pulumi.Input<string>;

A unique version ID value for the object, if bucket versioning is enabled.

property websiteRedirect

websiteRedirect?: pulumi.Input<string>;

Specifies a target URL for website redirect.

let BucketOwnerFullControlAcl

let BucketOwnerFullControlAcl: CannedAcl = "bucket-owner-full-control";

let BucketOwnerReadAcl

let BucketOwnerReadAcl: CannedAcl = "bucket-owner-read";

interface BucketPolicyArgs

interface BucketPolicyArgs

The set of arguments for constructing a BucketPolicy resource.

property bucket

bucket: pulumi.Input<string>;

The name of the bucket to which to apply the policy.

property policy

policy: pulumi.Input<string | PolicyDocument>;

The text of the policy.

interface BucketPolicyState

interface BucketPolicyState

Input properties used for looking up and filtering BucketPolicy resources.

property bucket

bucket?: pulumi.Input<string>;

The name of the bucket to which to apply the policy.

property policy

policy?: pulumi.Input<string | PolicyDocument>;

The text of the policy.

interface BucketPublicAccessBlockArgs

interface BucketPublicAccessBlockArgs

The set of arguments for constructing a BucketPublicAccessBlock resource.

property blockPublicAcls

blockPublicAcls?: pulumi.Input<boolean>;

Whether Amazon S3 should block public ACLs for this bucket. Defaults to false. Enabling this setting does not affect existing policies or ACLs. When set to true causes the following behavior: * PUT Bucket acl and PUT Object acl calls will fail if the specified ACL allows public access. * PUT Object calls will fail if the request includes an object ACL.

property blockPublicPolicy

blockPublicPolicy?: pulumi.Input<boolean>;

Whether Amazon S3 should block public bucket policies for this bucket. Defaults to false. Enabling this setting does not affect the existing bucket policy. When set to true causes Amazon S3 to: * Reject calls to PUT Bucket policy if the specified bucket policy allows public access.

property bucket

bucket: pulumi.Input<string>;

S3 Bucket to which this Public Access Block configuration should be applied.

property ignorePublicAcls

ignorePublicAcls?: pulumi.Input<boolean>;

Whether Amazon S3 should ignore public ACLs for this bucket. Defaults to false. Enabling this setting does not affect the persistence of any existing ACLs and doesn’t prevent new public ACLs from being set. When set to true causes Amazon S3 to: * Ignore public ACLs on this bucket and any objects that it contains.

property restrictPublicBuckets

restrictPublicBuckets?: pulumi.Input<boolean>;

Whether Amazon S3 should restrict public bucket policies for this bucket. Defaults to false. Enabling this setting does not affect the previously stored bucket policy, except that public and cross-account access within the public bucket policy, including non-public delegation to specific accounts, is blocked. When set to true: * Only the bucket owner and AWS Services can access this buckets if it has a public policy.

interface BucketPublicAccessBlockState

interface BucketPublicAccessBlockState

Input properties used for looking up and filtering BucketPublicAccessBlock resources.

property blockPublicAcls

blockPublicAcls?: pulumi.Input<boolean>;

Whether Amazon S3 should block public ACLs for this bucket. Defaults to false. Enabling this setting does not affect existing policies or ACLs. When set to true causes the following behavior: * PUT Bucket acl and PUT Object acl calls will fail if the specified ACL allows public access. * PUT Object calls will fail if the request includes an object ACL.

property blockPublicPolicy

blockPublicPolicy?: pulumi.Input<boolean>;

Whether Amazon S3 should block public bucket policies for this bucket. Defaults to false. Enabling this setting does not affect the existing bucket policy. When set to true causes Amazon S3 to: * Reject calls to PUT Bucket policy if the specified bucket policy allows public access.

property bucket

bucket?: pulumi.Input<string>;

S3 Bucket to which this Public Access Block configuration should be applied.

property ignorePublicAcls

ignorePublicAcls?: pulumi.Input<boolean>;

Whether Amazon S3 should ignore public ACLs for this bucket. Defaults to false. Enabling this setting does not affect the persistence of any existing ACLs and doesn’t prevent new public ACLs from being set. When set to true causes Amazon S3 to: * Ignore public ACLs on this bucket and any objects that it contains.

property restrictPublicBuckets

restrictPublicBuckets?: pulumi.Input<boolean>;

Whether Amazon S3 should restrict public bucket policies for this bucket. Defaults to false. Enabling this setting does not affect the previously stored bucket policy, except that public and cross-account access within the public bucket policy, including non-public delegation to specific accounts, is blocked. When set to true: * Only the bucket owner and AWS Services can access this buckets if it has a public policy.

interface BucketRecord

interface BucketRecord

property awsRegion

awsRegion: string;

property eventName

eventName: string;

property eventSource

eventSource: string;

property eventTime

eventTime: string;

property eventVersion

eventVersion: string;

property requestParameters

requestParameters: {
    sourceIPAddress: string;
};

property responseElements

responseElements: {
    x-amz-id-2: string;
    x-amz-request-id: string;
};

property s3

s3: {
    bucket: {
        arn: string;
        name: string;
        ownerIdentity: {
            principalId: string;
        };
    };
    configurationId: string;
    object: {
        eTag: string;
        key: string;
        sequencer: string;
        size: number;
        versionId?: undefined | string;
    };
    s3SchemaVersion: string;
};

property userIdentity

userIdentity: {
    principalId: string;
};

interface BucketState

interface BucketState

Input properties used for looking up and filtering Bucket resources.

property accelerationStatus

accelerationStatus?: pulumi.Input<string>;

Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended.

property acl

acl?: pulumi.Input<string | CannedAcl>;

The canned ACL to apply. Defaults to “private”. Conflicts with grant.

property arn

arn?: pulumi.Input<string>;

The ARN of the bucket. Will be of format arn:aws:s3:::bucketname.

property bucket

bucket?: pulumi.Input<string>;

The name of the bucket. If omitted, this provider will assign a random, unique name.

property bucketDomainName

bucketDomainName?: pulumi.Input<string>;

The bucket domain name. Will be of format bucketname.s3.amazonaws.com.

property bucketPrefix

bucketPrefix?: pulumi.Input<string>;

Creates a unique bucket name beginning with the specified prefix. Conflicts with bucket.

property bucketRegionalDomainName

bucketRegionalDomainName?: pulumi.Input<string>;

The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.

property corsRules

corsRules?: pulumi.Input<pulumi.Input<BucketCorsRule>[]>;

A rule of Cross-Origin Resource Sharing (documented below).

property forceDestroy

forceDestroy?: pulumi.Input<boolean>;

A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.

property grants

grants?: pulumi.Input<pulumi.Input<BucketGrant>[]>;

An ACL policy grant (documented below). Conflicts with acl.

property hostedZoneId

hostedZoneId?: pulumi.Input<string>;

The Route 53 Hosted Zone ID for this bucket’s region.

property lifecycleRules

lifecycleRules?: pulumi.Input<pulumi.Input<BucketLifecycleRule>[]>;

A configuration of object lifecycle management (documented below).

property loggings

loggings?: pulumi.Input<pulumi.Input<BucketLogging>[]>;

A settings of bucket logging (documented below).

property objectLockConfiguration

objectLockConfiguration?: pulumi.Input<BucketObjectLockConfiguration>;

A configuration of S3 object locking (documented below)

property policy

policy?: pulumi.Input<string | PolicyDocument>;

A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), the provider may view the policy as constantly changing in a pulumi up / preview / update. In this case, please make sure you use the verbose/specific version of the policy.

property region

region?: pulumi.Input<string>;

If specified, the AWS region this bucket should reside in. Otherwise, the region used by the callee.

property replicationConfiguration

replicationConfiguration?: pulumi.Input<BucketReplicationConfiguration>;

A configuration of replication configuration (documented below).

property requestPayer

requestPayer?: pulumi.Input<string>;

Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information.

property serverSideEncryptionConfiguration

serverSideEncryptionConfiguration?: pulumi.Input<BucketServerSideEncryptionConfiguration>;

A configuration of server-side encryption configuration (documented below)

property tags

tags?: pulumi.Input<{[key: string]: any}>;

A mapping of tags to assign to the bucket.

property versioning

versioning?: pulumi.Input<BucketVersioning>;

A state of versioning (documented below)

property website

website?: pulumi.Input<BucketWebsite>;

A website object (documented below).

property websiteDomain

websiteDomain?: pulumi.Input<string>;

The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.

property websiteEndpoint

websiteEndpoint?: pulumi.Input<string>;

The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.

type CannedAcl

type CannedAcl = "private" | "public-read" | "public-read-write" | "aws-exec-read" | "authenticated-read" | "bucket-owner-read" | "bucket-owner-full-control" | "log-delivery-write";

interface CommonBucketSubscriptionArgs

interface CommonBucketSubscriptionArgs

Arguments to help customize a notification subscription for a bucket.

property filterPrefix

filterPrefix?: undefined | string;

An optional prefix to filter down notifications. See aws.s3.BucketNotification.lambdaFunctions for more details.

property filterSuffix

filterSuffix?: undefined | string;

An optional suffix to filter down notifications. See aws.s3.BucketNotification.lambdaFunctions for more details.

interface Condition

interface Condition

A condition that must be met for the specified redirect to be applied.

property HttpErrorCodeReturnedEquals

HttpErrorCodeReturnedEquals?: undefined | string;

The HTTP error code that must match for the redirect to apply. If an error occurs, and if the error code meets this value, then the specified redirect applies.

HttpErrorCodeReturnedEquals is required if KeyPrefixEquals is not specified. If both KeyPrefixEquals and HttpErrorCodeReturnedEquals are specified, both must be true for the condition to be met.

property KeyPrefixEquals

KeyPrefixEquals?: undefined | string;

The prefix of the object key name from which requests are redirected.

KeyPrefixEquals is required if HttpErrorCodeReturnedEquals is not specified. If both KeyPrefixEquals and HttpErrorCodeReturnedEquals are specified, both must be true for the condition to be met.

interface GetBucketArgs

interface GetBucketArgs

A collection of arguments for invoking getBucket.

property bucket

bucket: string;

The name of the bucket

interface GetBucketObjectArgs

interface GetBucketObjectArgs

A collection of arguments for invoking getBucketObject.

property bucket

bucket: string;

The name of the bucket to read the object from. Alternatively, an S3 access point ARN can be specified

property key

key: string;

The full path to the object inside the bucket

property range

range?: undefined | string;

property tags

tags?: undefined | {[key: string]: any};

A map of tags assigned to the object.

property versionId

versionId?: undefined | string;

Specific version ID of the object returned (defaults to latest version)

interface GetBucketObjectResult

interface GetBucketObjectResult

A collection of values returned by getBucketObject.

property body

body: string;

Object data (see limitations above to understand cases in which this field is actually available)

property bucket

bucket: string;

property cacheControl

cacheControl: string;

Specifies caching behavior along the request/reply chain.

property contentDisposition

contentDisposition: string;

Specifies presentational information for the object.

property contentEncoding

contentEncoding: string;

Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field.

property contentLanguage

contentLanguage: string;

The language the content is in.

property contentLength

contentLength: number;

Size of the body in bytes.

property contentType

contentType: string;

A standard MIME type describing the format of the object data.

property etag

etag: string;

ETag generated for the object (an MD5 sum of the object content in case it’s not encrypted)

property expiration

expiration: string;

If the object expiration is configured (see object lifecycle management), the field includes this header. It includes the expiry-date and rule-id key value pairs providing object expiration information. The value of the rule-id is URL encoded.

property expires

expires: string;

The date and time at which the object is no longer cacheable.

property id

id: string;

The provider-assigned unique ID for this managed resource.

property key

key: string;

property lastModified

lastModified: string;

Last modified date of the object in RFC1123 format (e.g. Mon, 02 Jan 2006 15:04:05 MST)

property metadata

metadata: {[key: string]: any};

A map of metadata stored with the object in S3

property objectLockLegalHoldStatus

objectLockLegalHoldStatus: string;

Indicates whether this object has an active legal hold. This field is only returned if you have permission to view an object’s legal hold status.

property objectLockMode

objectLockMode: string;

The object lock retention mode currently in place for this object.

property objectLockRetainUntilDate

objectLockRetainUntilDate: string;

The date and time when this object’s object lock will expire.

property range

range?: undefined | string;

property serverSideEncryption

serverSideEncryption: string;

If the object is stored using server-side encryption (KMS or Amazon S3-managed encryption key), this field includes the chosen encryption and algorithm used.

property sseKmsKeyId

sseKmsKeyId: string;

If present, specifies the ID of the Key Management Service (KMS) master encryption key that was used for the object.

property storageClass

storageClass: string;

Storage class information of the object. Available for all objects except for Standard storage class objects.

property tags

tags: {[key: string]: any};

A map of tags assigned to the object.

property versionId

versionId: string;

The latest version ID of the object returned.

property websiteRedirectLocation

websiteRedirectLocation: string;

If the bucket is configured as a website, redirects requests for this object to another object in the same bucket or to an external URL. Amazon S3 stores the value of this header in the object metadata.

interface GetBucketObjectsArgs

interface GetBucketObjectsArgs

A collection of arguments for invoking getBucketObjects.

property bucket

bucket: string;

Lists object keys in this S3 bucket. Alternatively, an S3 access point ARN can be specified

property delimiter

delimiter?: undefined | string;

A character used to group keys (Default: none)

property encodingType

encodingType?: undefined | string;

Encodes keys using this method (Default: none; besides none, only “url” can be used)

property fetchOwner

fetchOwner?: undefined | false | true;

Boolean specifying whether to populate the owner list (Default: false)

property maxKeys

maxKeys?: undefined | number;

Maximum object keys to return (Default: 1000)

property prefix

prefix?: undefined | string;

Limits results to object keys with this prefix (Default: none)

property startAfter

startAfter?: undefined | string;

Returns key names lexicographically after a specific object key in your bucket (Default: none; S3 lists object keys in UTF-8 character encoding in lexicographical order)

interface GetBucketObjectsResult

interface GetBucketObjectsResult

A collection of values returned by getBucketObjects.

property bucket

bucket: string;

property commonPrefixes

commonPrefixes: string[];

List of any keys between prefix and the next occurrence of delimiter (i.e., similar to subdirectories of the prefix “directory”); the list is only returned when you specify delimiter

property delimiter

delimiter?: undefined | string;

property encodingType

encodingType?: undefined | string;

property fetchOwner

fetchOwner?: undefined | false | true;