This page documents the language specification for the aws package. If you're looking for help working with the inputs, outputs, or functions of aws resources in a Pulumi program, please see the resource documentation for examples and API reference.

s3¶

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-aws repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-aws repo.

class pulumi_aws.s3.AccessPoint(resource_name, opts=None, account_id=None, bucket=None, name=None, policy=None, public_access_block_configuration=None, vpc_configuration=None, __props__=None, __name__=None, __opts__=None)¶

Provides a resource to manage an S3 Access Point.

import pulumi
import pulumi_aws as aws

example_bucket = aws.s3.Bucket("exampleBucket")
example_access_point = aws.s3.AccessPoint("exampleAccessPoint", bucket=example_bucket.id)

import pulumi
import pulumi_aws as aws

example_bucket = aws.s3.Bucket("exampleBucket")
example_vpc = aws.ec2.Vpc("exampleVpc", cidr_block="10.0.0.0/16")
example_access_point = aws.s3.AccessPoint("exampleAccessPoint",
    bucket=example_bucket.id,
    vpc_configuration={
        "vpc_id": example_vpc.id,
    })

Parameters

resource_name (str) – The name of the resource.
opts (pulumi.ResourceOptions) – Options for the resource.
account_id (pulumi.Input[str]) – The AWS account ID for the owner of the bucket for which you want to create an access point. Defaults to automatically determined account ID of the provider.
bucket (pulumi.Input[str]) – The name of the bucket that you want to associate this access point with.
name (pulumi.Input[str]) – The name you want to assign to this access point.
policy (pulumi.Input[str]) – A valid JSON document that specifies the policy that you want to apply to this access point.
public_access_block_configuration (pulumi.Input[dict]) – Configuration block to manage the PublicAccessBlock configuration that you want to apply to this Amazon S3 bucket. You can enable the configuration options in any combination. Detailed below.
vpc_configuration (pulumi.Input[dict]) – Configuration block to restrict access to this access point to requests from the specified Virtual Private Cloud (VPC). Detailed below.

The public_access_block_configuration object supports the following:

block_public_acls (pulumi.Input[bool]) - Whether Amazon S3 should block public ACLs for buckets in this account. Defaults to true. Enabling this setting does not affect existing policies or ACLs. When set to true causes the following behavior:
- PUT Bucket acl and PUT Object acl calls fail if the specified ACL is public.
- PUT Object calls fail if the request includes a public ACL.
- PUT Bucket calls fail if the request includes a public ACL.
block_public_policy (pulumi.Input[bool]) - Whether Amazon S3 should block public bucket policies for buckets in this account. Defaults to true. Enabling this setting does not affect existing bucket policies. When set to true causes Amazon S3 to:
- Reject calls to PUT Bucket policy if the specified bucket policy allows public access.
ignore_public_acls (pulumi.Input[bool]) - Whether Amazon S3 should ignore public ACLs for buckets in this account. Defaults to true. Enabling this setting does not affect the persistence of any existing ACLs and doesn’t prevent new public ACLs from being set. When set to true causes Amazon S3 to:
- Ignore all public ACLs on buckets in this account and any objects that they contain.
restrict_public_buckets (pulumi.Input[bool]) - Whether Amazon S3 should restrict public bucket policies for buckets in this account. Defaults to true. Enabling this setting does not affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked. When set to true:
- Only the bucket owner and AWS Services can access buckets with public policies.

The vpc_configuration object supports the following:

vpc_id (pulumi.Input[str]) - This access point will only allow connections from the specified VPC ID.

account_id: pulumi.Output[str] = None¶: The AWS account ID for the owner of the bucket for which you want to create an access point. Defaults to automatically determined account ID of the provider.

arn: pulumi.Output[str] = None¶: Amazon Resource Name (ARN) of the S3 Access Point.

bucket: pulumi.Output[str] = None¶: The name of the bucket that you want to associate this access point with.

domain_name: pulumi.Output[str] = None¶: The DNS domain name of the S3 Access Point in the format ``name``*-_`account_id`_.s3-accesspoint.*region.amazonaws.com. Note: S3 access points only support secure access by HTTPS. HTTP isn’t supported.

has_public_access_policy: pulumi.Output[bool] = None¶: Indicates whether this access point currently has a policy that allows public access.

name: pulumi.Output[str] = None¶: The name you want to assign to this access point.

network_origin: pulumi.Output[str] = None¶: Indicates whether this access point allows access from the public Internet. Values are VPC (the access point doesn’t allow access from the public Internet) and Internet (the access point allows access from the public Internet, subject to the access point and bucket access policies).

policy: pulumi.Output[str] = None¶: A valid JSON document that specifies the policy that you want to apply to this access point.

public_access_block_configuration: pulumi.Output[dict] = None¶

Configuration block to manage the PublicAccessBlock configuration that you want to apply to this Amazon S3 bucket. You can enable the configuration options in any combination. Detailed below.

block_public_acls (bool) - Whether Amazon S3 should block public ACLs for buckets in this account. Defaults to true. Enabling this setting does not affect existing policies or ACLs. When set to true causes the following behavior:
- PUT Bucket acl and PUT Object acl calls fail if the specified ACL is public.
- PUT Object calls fail if the request includes a public ACL.
- PUT Bucket calls fail if the request includes a public ACL.
block_public_policy (bool) - Whether Amazon S3 should block public bucket policies for buckets in this account. Defaults to true. Enabling this setting does not affect existing bucket policies. When set to true causes Amazon S3 to:
- Reject calls to PUT Bucket policy if the specified bucket policy allows public access.
ignore_public_acls (bool) - Whether Amazon S3 should ignore public ACLs for buckets in this account. Defaults to true. Enabling this setting does not affect the persistence of any existing ACLs and doesn’t prevent new public ACLs from being set. When set to true causes Amazon S3 to:
- Ignore all public ACLs on buckets in this account and any objects that they contain.
restrict_public_buckets (bool) - Whether Amazon S3 should restrict public bucket policies for buckets in this account. Defaults to true. Enabling this setting does not affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked. When set to true:
- Only the bucket owner and AWS Services can access buckets with public policies.

vpc_configuration: pulumi.Output[dict] = None¶

Configuration block to restrict access to this access point to requests from the specified Virtual Private Cloud (VPC). Detailed below.

vpc_id (str) - This access point will only allow connections from the specified VPC ID.

static get(resource_name, id, opts=None, account_id=None, arn=None, bucket=None, domain_name=None, has_public_access_policy=None, name=None, network_origin=None, policy=None, public_access_block_configuration=None, vpc_configuration=None)¶

Get an existing AccessPoint resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

resource_name (str) – The unique name of the resulting resource.
id (str) – The unique provider ID of the resource to lookup.
opts (pulumi.ResourceOptions) – Options for the resource.
account_id (pulumi.Input[str]) – The AWS account ID for the owner of the bucket for which you want to create an access point. Defaults to automatically determined account ID of the provider.
arn (pulumi.Input[str]) – Amazon Resource Name (ARN) of the S3 Access Point.
bucket (pulumi.Input[str]) – The name of the bucket that you want to associate this access point with.
domain*name (pulumi.Input[str]) –
The DNS domain name of the S3 Access Point in the format `name`_-_`account_id`_.s3-accesspoint.*region.amazonaws.com. Note: S3 access points only support secure access by HTTPS. HTTP isn’t supported.
has_public_access_policy (pulumi.Input[bool]) – Indicates whether this access point currently has a policy that allows public access.
name (pulumi.Input[str]) – The name you want to assign to this access point.
network_origin (pulumi.Input[str]) – Indicates whether this access point allows access from the public Internet. Values are VPC (the access point doesn’t allow access from the public Internet) and Internet (the access point allows access from the public Internet, subject to the access point and bucket access policies).
policy (pulumi.Input[str]) – A valid JSON document that specifies the policy that you want to apply to this access point.
public_access_block_configuration (pulumi.Input[dict]) – Configuration block to manage the PublicAccessBlock configuration that you want to apply to this Amazon S3 bucket. You can enable the configuration options in any combination. Detailed below.
vpc_configuration (pulumi.Input[dict]) – Configuration block to restrict access to this access point to requests from the specified Virtual Private Cloud (VPC). Detailed below.

The public_access_block_configuration object supports the following:

block_public_acls (pulumi.Input[bool]) - Whether Amazon S3 should block public ACLs for buckets in this account. Defaults to true. Enabling this setting does not affect existing policies or ACLs. When set to true causes the following behavior:
- PUT Bucket acl and PUT Object acl calls fail if the specified ACL is public.
- PUT Object calls fail if the request includes a public ACL.
- PUT Bucket calls fail if the request includes a public ACL.
block_public_policy (pulumi.Input[bool]) - Whether Amazon S3 should block public bucket policies for buckets in this account. Defaults to true. Enabling this setting does not affect existing bucket policies. When set to true causes Amazon S3 to:
- Reject calls to PUT Bucket policy if the specified bucket policy allows public access.
ignore_public_acls (pulumi.Input[bool]) - Whether Amazon S3 should ignore public ACLs for buckets in this account. Defaults to true. Enabling this setting does not affect the persistence of any existing ACLs and doesn’t prevent new public ACLs from being set. When set to true causes Amazon S3 to:
- Ignore all public ACLs on buckets in this account and any objects that they contain.
restrict_public_buckets (pulumi.Input[bool]) - Whether Amazon S3 should restrict public bucket policies for buckets in this account. Defaults to true. Enabling this setting does not affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked. When set to true:
- Only the bucket owner and AWS Services can access buckets with public policies.

The vpc_configuration object supports the following:

vpc_id (pulumi.Input[str]) - This access point will only allow connections from the specified VPC ID.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

class pulumi_aws.s3.AccountPublicAccessBlock(resource_name, opts=None, account_id=None, block_public_acls=None, block_public_policy=None, ignore_public_acls=None, restrict_public_buckets=None, __props__=None, __name__=None, __opts__=None)¶

Manages S3 account-level Public Access Block configuration. For more information about these settings, see the AWS S3 Block Public Access documentation.

NOTE: Each AWS account may only have one S3 Public Access Block configuration. Multiple configurations of the resource against the same AWS account will cause a perpetual difference.
Advanced usage: To use a custom API endpoint for this resource, use the s3control endpoint provider configuration, not the s3 endpoint provider configuration.

import pulumi
import pulumi_aws as aws

example = aws.s3.AccountPublicAccessBlock("example",
    block_public_acls=True,
    block_public_policy=True)

Parameters

resource_name (str) – The name of the resource.
opts (pulumi.ResourceOptions) – Options for the resource.
account_id (pulumi.Input[str]) – AWS account ID to configure. Defaults to automatically determined account ID of the this provider AWS provider.
block_public_acls (pulumi.Input[bool]) – Whether Amazon S3 should block public ACLs for buckets in this account. Defaults to false. Enabling this setting does not affect existing policies or ACLs. When set to true causes the following behavior:

* PUT Bucket acl and PUT Object acl calls will fail if the specified ACL allows public access.
* PUT Object calls will fail if the request includes an object ACL.

Parameters: block_public_policy (pulumi.Input[bool]) – Whether Amazon S3 should block public bucket policies for buckets in this account. Defaults to false. Enabling this setting does not affect existing bucket policies. When set to true causes Amazon S3 to:

* Reject calls to PUT Bucket policy if the specified bucket policy allows public access.

Parameters: ignore_public_acls (pulumi.Input[bool]) – Whether Amazon S3 should ignore public ACLs for buckets in this account. Defaults to false. Enabling this setting does not affect the persistence of any existing ACLs and doesn’t prevent new public ACLs from being set. When set to true causes Amazon S3 to:

* Ignore all public ACLs on buckets in this account and any objects that they contain.

Parameters: restrict_public_buckets (pulumi.Input[bool]) – Whether Amazon S3 should restrict public bucket policies for buckets in this account. Defaults to false. Enabling this setting does not affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked. When set to true:

* Only the bucket owner and AWS Services can access buckets with public policies.

account_id: pulumi.Output[str] = None¶: AWS account ID to configure. Defaults to automatically determined account ID of the this provider AWS provider.

block_public_acls: pulumi.Output[bool] = None¶

Whether Amazon S3 should block public ACLs for buckets in this account. Defaults to false. Enabling this setting does not affect existing policies or ACLs. When set to true causes the following behavior:

PUT Bucket acl and PUT Object acl calls will fail if the specified ACL allows public access.
PUT Object calls will fail if the request includes an object ACL.

block_public_policy: pulumi.Output[bool] = None¶

Whether Amazon S3 should block public bucket policies for buckets in this account. Defaults to false. Enabling this setting does not affect existing bucket policies. When set to true causes Amazon S3 to:

Reject calls to PUT Bucket policy if the specified bucket policy allows public access.

ignore_public_acls: pulumi.Output[bool] = None¶

Whether Amazon S3 should ignore public ACLs for buckets in this account. Defaults to false. Enabling this setting does not affect the persistence of any existing ACLs and doesn’t prevent new public ACLs from being set. When set to true causes Amazon S3 to:

Ignore all public ACLs on buckets in this account and any objects that they contain.

restrict_public_buckets: pulumi.Output[bool] = None¶

Whether Amazon S3 should restrict public bucket policies for buckets in this account. Defaults to false. Enabling this setting does not affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked. When set to true:

Only the bucket owner and AWS Services can access buckets with public policies.

static get(resource_name, id, opts=None, account_id=None, block_public_acls=None, block_public_policy=None, ignore_public_acls=None, restrict_public_buckets=None)¶

Get an existing AccountPublicAccessBlock resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

resource_name (str) – The unique name of the resulting resource.
id (str) – The unique provider ID of the resource to lookup.
opts (pulumi.ResourceOptions) – Options for the resource.
account_id (pulumi.Input[str]) – AWS account ID to configure. Defaults to automatically determined account ID of the this provider AWS provider.
block_public_acls (pulumi.Input[bool]) – Whether Amazon S3 should block public ACLs for buckets in this account. Defaults to false. Enabling this setting does not affect existing policies or ACLs. When set to true causes the following behavior:

* PUT Bucket acl and PUT Object acl calls will fail if the specified ACL allows public access.
* PUT Object calls will fail if the request includes an object ACL.

Parameters: block_public_policy (pulumi.Input[bool]) – Whether Amazon S3 should block public bucket policies for buckets in this account. Defaults to false. Enabling this setting does not affect existing bucket policies. When set to true causes Amazon S3 to:

* Reject calls to PUT Bucket policy if the specified bucket policy allows public access.

Parameters: ignore_public_acls (pulumi.Input[bool]) – Whether Amazon S3 should ignore public ACLs for buckets in this account. Defaults to false. Enabling this setting does not affect the persistence of any existing ACLs and doesn’t prevent new public ACLs from being set. When set to true causes Amazon S3 to:

* Ignore all public ACLs on buckets in this account and any objects that they contain.

Parameters: restrict_public_buckets (pulumi.Input[bool]) – Whether Amazon S3 should restrict public bucket policies for buckets in this account. Defaults to false. Enabling this setting does not affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked. When set to true:

* Only the bucket owner and AWS Services can access buckets with public policies.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

class pulumi_aws.s3.AnalyticsConfiguration(resource_name, opts=None, bucket=None, filter=None, name=None, storage_class_analysis=None, __props__=None, __name__=None, __opts__=None)¶

Provides a S3 bucket analytics configuration resource.

import pulumi
import pulumi_aws as aws

example = aws.s3.Bucket("example")
analytics = aws.s3.Bucket("analytics")
example_entire_bucket = aws.s3.AnalyticsConfiguration("example-entire-bucket",
    bucket=example.bucket,
    storage_class_analysis={
        "data_export": {
            "destination": {
                "s3_bucket_destination": {
                    "bucketArn": analytics.arn,
                },
            },
        },
    })

import pulumi
import pulumi_aws as aws

example = aws.s3.Bucket("example")
example_filtered = aws.s3.AnalyticsConfiguration("example-filtered",
    bucket=example.bucket,
    filter={
        "prefix": "documents/",
        "tags": {
            "priority": "high",
            "class": "blue",
        },
    })

Parameters

resource_name (str) – The name of the resource.
opts (pulumi.ResourceOptions) – Options for the resource.
bucket (pulumi.Input[str]) – The name of the bucket this analytics configuration is associated with.
filter (pulumi.Input[dict]) – Object filtering that accepts a prefix, tags, or a logical AND of prefix and tags (documented below).
name (pulumi.Input[str]) – Unique identifier of the analytics configuration for the bucket.
storage_class_analysis (pulumi.Input[dict]) – Configuration for the analytics data export (documented below).

The filter object supports the following:

prefix (pulumi.Input[str]) - Object prefix for filtering.
tags (pulumi.Input[dict]) - Set of object tags for filtering.

The storage_class_analysis object supports the following:

dataExport (pulumi.Input[dict]) - Data export configuration (documented below).
- destination (pulumi.Input[dict]) - Specifies the destination for the exported analytics data (documented below).
  - s3BucketDestination (pulumi.Input[dict]) - Analytics data export currently only supports an S3 bucket destination (documented below).
    - bucketAccountId (pulumi.Input[str]) - The account ID that owns the destination bucket.
    - bucketArn (pulumi.Input[str]) - The ARN of the destination bucket.
    - format (pulumi.Input[str]) - The output format of exported analytics data. Allowed values: CSV. Default value: CSV.
    - prefix (pulumi.Input[str]) - Object prefix for filtering.
- outputSchemaVersion (pulumi.Input[str]) - The schema version of exported analytics data. Allowed values: V_1. Default value: V_1.

bucket: pulumi.Output[str] = None¶: The name of the bucket this analytics configuration is associated with.

filter: pulumi.Output[dict] = None¶

Object filtering that accepts a prefix, tags, or a logical AND of prefix and tags (documented below).

prefix (str) - Object prefix for filtering.
tags (dict) - Set of object tags for filtering.

name: pulumi.Output[str] = None¶: Unique identifier of the analytics configuration for the bucket.

storage_class_analysis: pulumi.Output[dict] = None¶

Configuration for the analytics data export (documented below).

dataExport (dict) - Data export configuration (documented below).
- destination (dict) - Specifies the destination for the exported analytics data (documented below).
  - s3BucketDestination (dict) - Analytics data export currently only supports an S3 bucket destination (documented below).
    - bucketAccountId (str) - The account ID that owns the destination bucket.
    - bucketArn (str) - The ARN of the destination bucket.
    - format (str) - The output format of exported analytics data. Allowed values: CSV. Default value: CSV.
    - prefix (str) - Object prefix for filtering.
- outputSchemaVersion (str) - The schema version of exported analytics data. Allowed values: V_1. Default value: V_1.

static get(resource_name, id, opts=None, bucket=None, filter=None, name=None, storage_class_analysis=None)¶

Get an existing AnalyticsConfiguration resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

resource_name (str) – The unique name of the resulting resource.
id (str) – The unique provider ID of the resource to lookup.
opts (pulumi.ResourceOptions) – Options for the resource.
bucket (pulumi.Input[str]) – The name of the bucket this analytics configuration is associated with.
filter (pulumi.Input[dict]) – Object filtering that accepts a prefix, tags, or a logical AND of prefix and tags (documented below).
name (pulumi.Input[str]) – Unique identifier of the analytics configuration for the bucket.
storage_class_analysis (pulumi.Input[dict]) – Configuration for the analytics data export (documented below).

The filter object supports the following:

prefix (pulumi.Input[str]) - Object prefix for filtering.
tags (pulumi.Input[dict]) - Set of object tags for filtering.

The storage_class_analysis object supports the following:

dataExport (pulumi.Input[dict]) - Data export configuration (documented below).
- destination (pulumi.Input[dict]) - Specifies the destination for the exported analytics data (documented below).
  - s3BucketDestination (pulumi.Input[dict]) - Analytics data export currently only supports an S3 bucket destination (documented below).
    - bucketAccountId (pulumi.Input[str]) - The account ID that owns the destination bucket.
    - bucketArn (pulumi.Input[str]) - The ARN of the destination bucket.
    - format (pulumi.Input[str]) - The output format of exported analytics data. Allowed values: CSV. Default value: CSV.
    - prefix (pulumi.Input[str]) - Object prefix for filtering.
- outputSchemaVersion (pulumi.Input[str]) - The schema version of exported analytics data. Allowed values: V_1. Default value: V_1.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

class pulumi_aws.s3.AwaitableGetBucketObjectResult(body=None, bucket=None, cache_control=None, content_disposition=None, content_encoding=None, content_language=None, content_length=None, content_type=None, etag=None, expiration=None, expires=None, id=None, key=None, last_modified=None, metadata=None, object_lock_legal_hold_status=None, object_lock_mode=None, object_lock_retain_until_date=None, range=None, server_side_encryption=None, sse_kms_key_id=None, storage_class=None, tags=None, version_id=None, website_redirect_location=None)¶

class pulumi_aws.s3.AwaitableGetBucketObjectsResult(bucket=None, common_prefixes=None, delimiter=None, encoding_type=None, fetch_owner=None, id=None, keys=None, max_keys=None, owners=None, prefix=None, start_after=None)¶

class pulumi_aws.s3.AwaitableGetBucketResult(arn=None, bucket=None, bucket_domain_name=None, bucket_regional_domain_name=None, hosted_zone_id=None, id=None, region=None, website_domain=None, website_endpoint=None)¶

class pulumi_aws.s3.Bucket(resource_name, opts=None, acceleration_status=None, acl=None, arn=None, bucket=None, bucket_prefix=None, cors_rules=None, force_destroy=None, grants=None, hosted_zone_id=None, lifecycle_rules=None, loggings=None, object_lock_configuration=None, policy=None, region=None, replication_configuration=None, request_payer=None, server_side_encryption_configuration=None, tags=None, versioning=None, website=None, website_domain=None, website_endpoint=None, __props__=None, __name__=None, __opts__=None)¶

Provides a S3 bucket resource.

import pulumi
import pulumi_aws as aws

bucket = aws.s3.Bucket("bucket",
    acl="private",
    tags={
        "Environment": "Dev",
        "Name": "My bucket",
    })

import pulumi
import pulumi_aws as aws

bucket = aws.s3.Bucket("bucket",
    acl="public-read",
    policy=(lambda path: open(path).read())("policy.json"),
    website={
        "website": "error.html",
        "website": "index.html",
        "website": """[{
    "Condition": {
        "KeyPrefixEquals": "docs/"
    },
    "Redirect": {
        "ReplaceKeyPrefixWith": "documents/"
    }
}]

""",
    })

import pulumi
import pulumi_aws as aws

bucket = aws.s3.Bucket("bucket",
    acl="public-read",
    cors_rules=[{
        "allowedHeaders": ["*"],
        "allowedMethods": [
            "PUT",
            "POST",
        ],
        "allowedOrigins": ["https://s3-website-test.mydomain.com"],
        "exposeHeaders": ["ETag"],
        "maxAgeSeconds": 3000,
    }])

import pulumi
import pulumi_aws as aws

bucket = aws.s3.Bucket("bucket",
    acl="private",
    versioning={
        "enabled": True,
    })

import pulumi
import pulumi_aws as aws

log_bucket = aws.s3.Bucket("logBucket", acl="log-delivery-write")
bucket = aws.s3.Bucket("bucket",
    acl="private",
    loggings=[{
        "targetBucket": log_bucket.id,
        "targetPrefix": "log/",
    }])

import pulumi
import pulumi_aws as aws

bucket = aws.s3.Bucket("bucket",
    acl="private",
    lifecycle_rules=[
        {
            "enabled": True,
            "expiration": {
                "days": 90,
            },
            "id": "log",
            "prefix": "log/",
            "tags": {
                "autoclean": "true",
                "rule": "log",
            },
            "transition": [
                {
                    "days": 30,
                    "storage_class": "STANDARD_IA",
                },
                {
                    "days": 60,
                    "storage_class": "GLACIER",
                },
            ],
        },
        {
            "enabled": True,
            "expiration": {
                "date": "2016-01-12",
            },
            "id": "tmp",
            "prefix": "tmp/",
        },
    ])
versioning_bucket = aws.s3.Bucket("versioningBucket",
    acl="private",
    lifecycle_rules=[{
        "enabled": True,
        "noncurrentVersionExpiration": {
            "days": 90,
        },
        "noncurrentVersionTransition": [
            {
                "days": 30,
                "storage_class": "STANDARD_IA",
            },
            {
                "days": 60,
                "storage_class": "GLACIER",
            },
        ],
        "prefix": "config/",
    }],
    versioning={
        "enabled": True,
    })

import pulumi
import pulumi_aws as aws
import pulumi_pulumi as pulumi

central = pulumi.providers.Aws("central", region="eu-central-1")
replication_role = aws.iam.Role("replicationRole", assume_role_policy="""{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "s3.amazonaws.com"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}

""")
destination = aws.s3.Bucket("destination",
    region="eu-west-1",
    versioning={
        "enabled": True,
    })
bucket = aws.s3.Bucket("bucket",
    acl="private",
    region="eu-central-1",
    replication_configuration={
        "role": replication_role.arn,
        "rules": [{
            "destination": {
                "bucket": destination.arn,
                "storage_class": "STANDARD",
            },
            "id": "foobar",
            "prefix": "foo",
            "status": "Enabled",
        }],
    },
    versioning={
        "enabled": True,
    })
replication_policy = aws.iam.Policy("replicationPolicy", policy=pulumi.Output.all(bucket.arn, bucket.arn, destination.arn).apply(lambda bucketArn, bucketArn1, destinationArn: f"""{{
  "Version": "2012-10-17",
  "Statement": [
    {{
      "Action": [
        "s3:GetReplicationConfiguration",
        "s3:ListBucket"
      ],
      "Effect": "Allow",
      "Resource": [
        "{bucket_arn}"
      ]
    }},
    {{
      "Action": [
        "s3:GetObjectVersion",
        "s3:GetObjectVersionAcl"
      ],
      "Effect": "Allow",
      "Resource": [
        "{bucket_arn1}/*"
      ]
    }},
    {{
      "Action": [
        "s3:ReplicateObject",
        "s3:ReplicateDelete"
      ],
      "Effect": "Allow",
      "Resource": "{destination_arn}/*"
    }}
  ]
}}

"""))
replication_role_policy_attachment = aws.iam.RolePolicyAttachment("replicationRolePolicyAttachment",
    policy_arn=replication_policy.arn,
    role=replication_role.name)

import pulumi
import pulumi_aws as aws

mykey = aws.kms.Key("mykey",
    deletion_window_in_days=10,
    description="This key is used to encrypt bucket objects")
mybucket = aws.s3.Bucket("mybucket", server_side_encryption_configuration={
    "rule": {
        "applyServerSideEncryptionByDefault": {
            "kms_master_key_id": mykey.arn,
            "sseAlgorithm": "aws:kms",
        },
    },
})

import pulumi
import pulumi_aws as aws

current_user = aws.get_canonical_user_id()
bucket = aws.s3.Bucket("bucket", grants=[
    {
        "id": current_user.id,
        "permissions": ["FULL_CONTROL"],
        "type": "CanonicalUser",
    },
    {
        "permissions": [
            "READ",
            "WRITE",
        ],
        "type": "Group",
        "uri": "http://acs.amazonaws.com/groups/s3/LogDelivery",
    },
])

Parameters

resource_name (str) – The name of the resource.
opts (pulumi.ResourceOptions) – Options for the resource.
acceleration_status (pulumi.Input[str]) – Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended.
acl (pulumi.Input[dict]) – The canned ACL to apply. Defaults to “private”. Conflicts with grant.
arn (pulumi.Input[str]) – The ARN of the bucket. Will be of format arn:aws:s3:::bucketname.
bucket (pulumi.Input[str]) – The name of the bucket. If omitted, this provider will assign a random, unique name.
bucket_prefix (pulumi.Input[str]) – Creates a unique bucket name beginning with the specified prefix. Conflicts with bucket.
cors_rules (pulumi.Input[list]) – A rule of Cross-Origin Resource Sharing (documented below).
force_destroy (pulumi.Input[bool]) – A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.
grants (pulumi.Input[list]) – An ACL policy grant (documented below). Conflicts with acl.
hosted_zone_id (pulumi.Input[str]) – The Route 53 Hosted Zone ID for this bucket’s region.
lifecycle_rules (pulumi.Input[list]) – A configuration of object lifecycle management (documented below).
loggings (pulumi.Input[list]) – A settings of bucket logging (documented below).
object_lock_configuration (pulumi.Input[dict]) – A configuration of S3 object locking (documented below)
policy (pulumi.Input[dict]) – A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), the provider may view the policy as constantly changing in a pulumi up / preview / update. In this case, please make sure you use the verbose/specific version of the policy.
region (pulumi.Input[str]) – If specified, the AWS region this bucket should reside in. Otherwise, the region used by the callee.
replication_configuration (pulumi.Input[dict]) – A configuration of replication configuration (documented below).
request_payer (pulumi.Input[str]) – Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information.
server_side_encryption_configuration (pulumi.Input[dict]) – A configuration of server-side encryption configuration (documented below)
tags (pulumi.Input[dict]) – A mapping of tags to assign to the bucket.
versioning (pulumi.Input[dict]) – A state of versioning (documented below)
website (pulumi.Input[dict]) – A website object (documented below).
website_domain (pulumi.Input[str]) – The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.
website_endpoint (pulumi.Input[str]) – The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.

The cors_rules object supports the following:

allowedHeaders (pulumi.Input[list]) - Specifies which headers are allowed.
allowedMethods (pulumi.Input[list]) - Specifies which methods are allowed. Can be GET, PUT, POST, DELETE or HEAD.
allowedOrigins (pulumi.Input[list]) - Specifies which origins are allowed.
exposeHeaders (pulumi.Input[list]) - Specifies expose header in the response.
maxAgeSeconds (pulumi.Input[float]) - Specifies time in seconds that browser can cache the response for a preflight request.

The grants object supports the following:

id (pulumi.Input[str]) - Canonical user id to grant for. Used only when type is CanonicalUser.
permissions (pulumi.Input[list]) - List of permissions to apply for grantee. Valid values are READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL.
type (pulumi.Input[str]) - - Type of grantee to apply for. Valid values are CanonicalUser and Group. AmazonCustomerByEmail is not supported.
uri (pulumi.Input[str]) - Uri address to grant for. Used only when type is Group.

The lifecycle_rules object supports the following:

abortIncompleteMultipartUploadDays (pulumi.Input[float]) - Specifies the number of days after initiating a multipart upload when the multipart upload must be completed.
enabled (pulumi.Input[bool]) - Specifies lifecycle rule status.
expiration (pulumi.Input[dict]) - Specifies a period in the object’s expire (documented below).
- date (pulumi.Input[str]) - Specifies the date after which you want the corresponding action to take effect.
- days (pulumi.Input[float]) - Specifies the number of days after object creation when the specific rule action takes effect.
- expiredObjectDeleteMarker (pulumi.Input[bool]) - On a versioned bucket (versioning-enabled or versioning-suspended bucket), you can add this element in the lifecycle configuration to direct Amazon S3 to delete expired object delete markers.
id (pulumi.Input[str]) - Unique identifier for the rule.
noncurrentVersionExpiration (pulumi.Input[dict]) - Specifies when noncurrent object versions expire (documented below).
- days (pulumi.Input[float]) - Specifies the number of days noncurrent object versions expire.
noncurrentVersionTransitions (pulumi.Input[list]) - Specifies when noncurrent object versions transitions (documented below).
- days (pulumi.Input[float]) - Specifies the number of days noncurrent object versions transition.
- storage_class (pulumi.Input[str]) - Specifies the Amazon S3 storage class to which you want the noncurrent object versions to transition. Can be ONEZONE_IA, STANDARD_IA, INTELLIGENT_TIERING, GLACIER, or DEEP_ARCHIVE.
prefix (pulumi.Input[str]) - Object key prefix identifying one or more objects to which the rule applies.
tags (pulumi.Input[dict]) - Specifies object tags key and value.
transitions (pulumi.Input[list]) - Specifies a period in the object’s transitions (documented below).
- date (pulumi.Input[str]) - Specifies the date after which you want the corresponding action to take effect.
- days (pulumi.Input[float]) - Specifies the number of days after object creation when the specific rule action takes effect.
- storage_class (pulumi.Input[str]) - Specifies the Amazon S3 storage class to which you want the object to transition. Can be ONEZONE_IA, STANDARD_IA, INTELLIGENT_TIERING, GLACIER, or DEEP_ARCHIVE.

The loggings object supports the following:

targetBucket (pulumi.Input[str]) - The name of the bucket that will receive the log objects.
targetPrefix (pulumi.Input[str]) - To specify a key prefix for log objects.

The object_lock_configuration object supports the following:

objectLockEnabled (pulumi.Input[str]) - Indicates whether this bucket has an Object Lock configuration enabled. Valid value is Enabled.
rule (pulumi.Input[dict]) - The Object Lock rule in place for this bucket.
- defaultRetention (pulumi.Input[dict]) - The default retention period that you want to apply to new objects placed in this bucket.
  - days (pulumi.Input[float]) - The number of days that you want to specify for the default retention period.
  - mode (pulumi.Input[str]) - The default Object Lock retention mode you want to apply to new objects placed in this bucket. Valid values are GOVERNANCE and COMPLIANCE.
  - years (pulumi.Input[float]) - The number of years that you want to specify for the default retention period.

The replication_configuration object supports the following:

role (pulumi.Input[str]) - The ARN of the IAM role for Amazon S3 to assume when replicating the objects.
rules (pulumi.Input[list]) - Specifies the rules managing the replication (documented below).
- destination (pulumi.Input[dict]) - Specifies the destination for the rule (documented below).
  - accessControlTranslation (pulumi.Input[dict]) - Specifies the overrides to use for object owners on replication. Must be used in conjunction with account_id owner override configuration.
    - owner (pulumi.Input[str]) - The override value for the owner on replicated objects. Currently only Destination is supported.
  - account_id (pulumi.Input[str]) - The Account ID to use for overriding the object owner on replication. Must be used in conjunction with access_control_translation override configuration.
  - bucket (pulumi.Input[str]) - The ARN of the S3 bucket where you want Amazon S3 to store replicas of the object identified by the rule.
  - replicaKmsKeyId (pulumi.Input[str]) - Destination KMS encryption key ARN for SSE-KMS replication. Must be used in conjunction with sse_kms_encrypted_objects source selection criteria.
  - storage_class (pulumi.Input[str]) - The class of storage used to store the object. Can be STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, or DEEP_ARCHIVE.
- filter (pulumi.Input[dict]) - Filter that identifies subset of objects to which the replication rule applies (documented below).
  - prefix (pulumi.Input[str]) - Object keyname prefix that identifies subset of objects to which the rule applies.
  - tags (pulumi.Input[dict]) - A map of tags that identifies subset of objects to which the rule applies. The rule applies only to objects having all the tags in its tagset.
- id (pulumi.Input[str]) - Unique identifier for the rule.
- prefix (pulumi.Input[str]) - Object keyname prefix identifying one or more objects to which the rule applies.
- priority (pulumi.Input[float]) - is optional (with a default value of 0) but must be unique between multiple rules
- sourceSelectionCriteria (pulumi.Input[dict]) - Specifies special object selection criteria (documented below).
  - sseKmsEncryptedObjects (pulumi.Input[dict]) - Match SSE-KMS encrypted objects (documented below). If specified, replica_kms_key_id in destination must be specified as well.
    - enabled (pulumi.Input[bool]) - Boolean which indicates if this criteria is enabled.
- status (pulumi.Input[str]) - The status of the rule. Either Enabled or Disabled. The rule is ignored if status is not Enabled.

The server_side_encryption_configuration object supports the following:

rule (pulumi.Input[dict]) - A single object for server-side encryption by default configuration. (documented below)
- applyServerSideEncryptionByDefault (pulumi.Input[dict]) - A single object for setting server-side encryption by default. (documented below)
  - kms_master_key_id (pulumi.Input[str]) - The AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of sse_algorithm as aws:kms. The default aws/s3 AWS KMS master key is used if this element is absent while the sse_algorithm is aws:kms.
  - sseAlgorithm (pulumi.Input[str]) - The server-side encryption algorithm to use. Valid values are AES256 and aws:kms

The versioning object supports the following:

enabled (pulumi.Input[bool]) - Enable versioning. Once you version-enable a bucket, it can never return to an unversioned state. You can, however, suspend versioning on that bucket.
mfaDelete (pulumi.Input[bool]) - Enable MFA delete for either Change the versioning state of your bucket or Permanently delete an object version. Default is false. This cannot be used to toggle this setting but is available to allow managed buckets to reflect the state in AWS

The website object supports the following:

errorDocument (pulumi.Input[str]) - An absolute path to the document to return in case of a 4XX error.
indexDocument (pulumi.Input[str]) - Amazon S3 returns this index document when requests are made to the root domain or any of the subfolders.
redirectAllRequestsTo (pulumi.Input[str]) - A hostname to redirect all website requests for this bucket to. Hostname can optionally be prefixed with a protocol (http:// or https://) to use when redirecting requests. The default is the protocol that is used in the original request.
routingRules (pulumi.Input[dict]) - A json array containing routing rules describing redirect behavior and when redirects are applied.

acceleration_status: pulumi.Output[str] = None¶: Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended.

acl: pulumi.Output[str] = None¶: The canned ACL to apply. Defaults to “private”. Conflicts with grant.

arn: pulumi.Output[str] = None¶: The ARN of the bucket. Will be of format arn:aws:s3:::bucketname.

bucket: pulumi.Output[str] = None¶: The name of the bucket. If omitted, this provider will assign a random, unique name.

bucket_domain_name: pulumi.Output[str] = None¶: The bucket domain name. Will be of format bucketname.s3.amazonaws.com.

bucket_prefix: pulumi.Output[str] = None¶: Creates a unique bucket name beginning with the specified prefix. Conflicts with bucket.

bucket_regional_domain_name: pulumi.Output[str] = None¶: The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.

cors_rules: pulumi.Output[list] = None¶

A rule of Cross-Origin Resource Sharing (documented below).

allowedHeaders (list) - Specifies which headers are allowed.
allowedMethods (list) - Specifies which methods are allowed. Can be GET, PUT, POST, DELETE or HEAD.
allowedOrigins (list) - Specifies which origins are allowed.
exposeHeaders (list) - Specifies expose header in the response.
maxAgeSeconds (float) - Specifies time in seconds that browser can cache the response for a preflight request.

force_destroy: pulumi.Output[bool] = None¶: A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.

grants: pulumi.Output[list] = None¶

An ACL policy grant (documented below). Conflicts with acl.

id (str) - Canonical user id to grant for. Used only when type is CanonicalUser.
permissions (list) - List of permissions to apply for grantee. Valid values are READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL.
type (str) - - Type of grantee to apply for. Valid values are CanonicalUser and Group. AmazonCustomerByEmail is not supported.
uri (str) - Uri address to grant for. Used only when type is Group.

hosted_zone_id: pulumi.Output[str] = None¶: The Route 53 Hosted Zone ID for this bucket’s region.

lifecycle_rules: pulumi.Output[list] = None¶

A configuration of object lifecycle management (documented below).

abortIncompleteMultipartUploadDays (float) - Specifies the number of days after initiating a multipart upload when the multipart upload must be completed.
enabled (bool) - Specifies lifecycle rule status.
expiration (dict) - Specifies a period in the object’s expire (documented below).
- date (str) - Specifies the date after which you want the corresponding action to take effect.
- days (float) - Specifies the number of days after object creation when the specific rule action takes effect.
- expiredObjectDeleteMarker (bool) - On a versioned bucket (versioning-enabled or versioning-suspended bucket), you can add this element in the lifecycle configuration to direct Amazon S3 to delete expired object delete markers.
id (str) - Unique identifier for the rule.
noncurrentVersionExpiration (dict) - Specifies when noncurrent object versions expire (documented below).
- days (float) - Specifies the number of days noncurrent object versions expire.
noncurrentVersionTransitions (list) - Specifies when noncurrent object versions transitions (documented below).
- days (float) - Specifies the number of days noncurrent object versions transition.
- storage_class (str) - Specifies the Amazon S3 storage class to which you want the noncurrent object versions to transition. Can be ONEZONE_IA, STANDARD_IA, INTELLIGENT_TIERING, GLACIER, or DEEP_ARCHIVE.
prefix (str) - Object key prefix identifying one or more objects to which the rule applies.
tags (dict) - Specifies object tags key and value.
transitions (list) - Specifies a period in the object’s transitions (documented below).
- date (str) - Specifies the date after which you want the corresponding action to take effect.
- days (float) - Specifies the number of days after object creation when the specific rule action takes effect.
- storage_class (str) - Specifies the Amazon S3 storage class to which you want the object to transition. Can be ONEZONE_IA, STANDARD_IA, INTELLIGENT_TIERING, GLACIER, or DEEP_ARCHIVE.

loggings: pulumi.Output[list] = None¶

A settings of bucket logging (documented below).

targetBucket (str) - The name of the bucket that will receive the log objects.
targetPrefix (str) - To specify a key prefix for log objects.

object_lock_configuration: pulumi.Output[dict] = None¶

A configuration of S3 object locking (documented below)

objectLockEnabled (str) - Indicates whether this bucket has an Object Lock configuration enabled. Valid value is Enabled.
rule (dict) - The Object Lock rule in place for this bucket.
- defaultRetention (dict) - The default retention period that you want to apply to new objects placed in this bucket.
  - days (float) - The number of days that you want to specify for the default retention period.
  - mode (str) - The default Object Lock retention mode you want to apply to new objects placed in this bucket. Valid values are GOVERNANCE and COMPLIANCE.
  - years (float) - The number of years that you want to specify for the default retention period.

policy: pulumi.Output[str] = None¶: A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), the provider may view the policy as constantly changing in a pulumi up / preview / update. In this case, please make sure you use the verbose/specific version of the policy.

region: pulumi.Output[str] = None¶: If specified, the AWS region this bucket should reside in. Otherwise, the region used by the callee.

replication_configuration: pulumi.Output[dict] = None¶

A configuration of replication configuration (documented below).

role (str) - The ARN of the IAM role for Amazon S3 to assume when replicating the objects.
rules (list) - Specifies the rules managing the replication (documented below).
- destination (dict) - Specifies the destination for the rule (documented below).
  - accessControlTranslation (dict) - Specifies the overrides to use for object owners on replication. Must be used in conjunction with account_id owner override configuration.
    - owner (str) - The override value for the owner on replicated objects. Currently only Destination is supported.
  - account_id (str) - The Account ID to use for overriding the object owner on replication. Must be used in conjunction with access_control_translation override configuration.
  - bucket (str) - The ARN of the S3 bucket where you want Amazon S3 to store replicas of the object identified by the rule.
  - replicaKmsKeyId (str) - Destination KMS encryption key ARN for SSE-KMS replication. Must be used in conjunction with sse_kms_encrypted_objects source selection criteria.
  - storage_class (str) - The class of storage used to store the object. Can be STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, or DEEP_ARCHIVE.
- filter (dict) - Filter that identifies subset of objects to which the replication rule applies (documented below).
  - prefix (str) - Object keyname prefix that identifies subset of objects to which the rule applies.
  - tags (dict) - A map of tags that identifies subset of objects to which the rule applies. The rule applies only to objects having all the tags in its tagset.
- id (str) - Unique identifier for the rule.
- prefix (str) - Object keyname prefix identifying one or more objects to which the rule applies.
- priority (float) - is optional (with a default value of 0) but must be unique between multiple rules
- sourceSelectionCriteria (dict) - Specifies special object selection criteria (documented below).
  - sseKmsEncryptedObjects (dict) - Match SSE-KMS encrypted objects (documented below). If specified, replica_kms_key_id in destination must be specified as well.
    - enabled (bool) - Boolean which indicates if this criteria is enabled.
- status (str) - The status of the rule. Either Enabled or Disabled. The rule is ignored if status is not Enabled.

request_payer: pulumi.Output[str] = None¶: Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information.

server_side_encryption_configuration: pulumi.Output[dict] = None¶

A configuration of server-side encryption configuration (documented below)

rule (dict) - A single object for server-side encryption by default configuration. (documented below)
- applyServerSideEncryptionByDefault (dict) - A single object for setting server-side encryption by default. (documented below)
  - kms_master_key_id (str) - The AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of sse_algorithm as aws:kms. The default aws/s3 AWS KMS master key is used if this element is absent while the sse_algorithm is aws:kms.
  - sseAlgorithm (str) - The server-side encryption algorithm to use. Valid values are AES256 and aws:kms

tags: pulumi.Output[dict] = None¶: A mapping of tags to assign to the bucket.

versioning: pulumi.Output[dict] = None¶

A state of versioning (documented below)

enabled (bool) - Enable versioning. Once you version-enable a bucket, it can never return to an unversioned state. You can, however, suspend versioning on that bucket.
mfaDelete (bool) - Enable MFA delete for either Change the versioning state of your bucket or Permanently delete an object version. Default is false. This cannot be used to toggle this setting but is available to allow managed buckets to reflect the state in AWS

website: pulumi.Output[dict] = None¶

A website object (documented below).

errorDocument (str) - An absolute path to the document to return in case of a 4XX error.
indexDocument (str) - Amazon S3 returns this index document when requests are made to the root domain or any of the subfolders.
redirectAllRequestsTo (str) - A hostname to redirect all website requests for this bucket to. Hostname can optionally be prefixed with a protocol (http:// or https://) to use when redirecting requests. The default is the protocol that is used in the original request.
routingRules (dict) - A json array containing routing rules describing redirect behavior and when redirects are applied.

website_domain: pulumi.Output[str] = None¶: The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.

website_endpoint: pulumi.Output[str] = None¶: The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.

static get(resource_name, id, opts=None, acceleration_status=None, acl=None, arn=None, bucket=None, bucket_domain_name=None, bucket_prefix=None, bucket_regional_domain_name=None, cors_rules=None, force_destroy=None, grants=None, hosted_zone_id=None, lifecycle_rules=None, loggings=None, object_lock_configuration=None, policy=None, region=None, replication_configuration=None, request_payer=None, server_side_encryption_configuration=None, tags=None, versioning=None, website=None, website_domain=None, website_endpoint=None)¶

Get an existing Bucket resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

resource_name (str) – The unique name of the resulting resource.
id (str) – The unique provider ID of the resource to lookup.
opts (pulumi.ResourceOptions) – Options for the resource.
acceleration_status (pulumi.Input[str]) – Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended.
acl (pulumi.Input[dict]) –
The canned ACL to apply. Defaults to “private”. Conflicts with grant.
arn (pulumi.Input[str]) – The ARN of the bucket. Will be of format arn:aws:s3:::bucketname.
bucket (pulumi.Input[str]) – The name of the bucket. If omitted, this provider will assign a random, unique name.
bucket_domain_name (pulumi.Input[str]) – The bucket domain name. Will be of format bucketname.s3.amazonaws.com.
bucket_prefix (pulumi.Input[str]) – Creates a unique bucket name beginning with the specified prefix. Conflicts with bucket.
bucket_regional_domain_name (pulumi.Input[str]) –
The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.
cors_rules (pulumi.Input[list]) –
A rule of Cross-Origin Resource Sharing (documented below).
force_destroy (pulumi.Input[bool]) –
A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.
grants (pulumi.Input[list]) –
An ACL policy grant (documented below). Conflicts with acl.
hosted_zone_id (pulumi.Input[str]) –
The Route 53 Hosted Zone ID for this bucket’s region.
lifecycle_rules (pulumi.Input[list]) –
A configuration of object lifecycle management (documented below).
loggings (pulumi.Input[list]) –
A settings of bucket logging (documented below).
object_lock_configuration (pulumi.Input[dict]) –
A configuration of S3 object locking (documented below)
policy (pulumi.Input[dict]) –
A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), the provider may view the policy as constantly changing in a pulumi up / preview / update. In this case, please make sure you use the verbose/specific version of the policy.
region (pulumi.Input[str]) – If specified, the AWS region this bucket should reside in. Otherwise, the region used by the callee.
replication_configuration (pulumi.Input[dict]) –
A configuration of replication configuration (documented below).
request_payer (pulumi.Input[str]) –
Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information.
server_side_encryption_configuration (pulumi.Input[dict]) –
A configuration of server-side encryption configuration (documented below)
tags (pulumi.Input[dict]) – A mapping of tags to assign to the bucket.
versioning (pulumi.Input[dict]) –
A state of versioning (documented below)
website (pulumi.Input[dict]) – A website object (documented below).
website_domain (pulumi.Input[str]) – The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.
website_endpoint (pulumi.Input[str]) – The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.

The cors_rules object supports the following:

allowedHeaders (pulumi.Input[list]) - Specifies which headers are allowed.
allowedMethods (pulumi.Input[list]) - Specifies which methods are allowed. Can be GET, PUT, POST, DELETE or HEAD.
allowedOrigins (pulumi.Input[list]) - Specifies which origins are allowed.
exposeHeaders (pulumi.Input[list]) - Specifies expose header in the response.
maxAgeSeconds (pulumi.Input[float]) - Specifies time in seconds that browser can cache the response for a preflight request.

The grants object supports the following:

id (pulumi.Input[str]) - Canonical user id to grant for. Used only when type is CanonicalUser.
permissions (pulumi.Input[list]) - List of permissions to apply for grantee. Valid values are READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL.
type (pulumi.Input[str]) - - Type of grantee to apply for. Valid values are CanonicalUser and Group. AmazonCustomerByEmail is not supported.
uri (pulumi.Input[str]) - Uri address to grant for. Used only when type is Group.

The lifecycle_rules object supports the following:

abortIncompleteMultipartUploadDays (pulumi.Input[float]) - Specifies the number of days after initiating a multipart upload when the multipart upload must be completed.
enabled (pulumi.Input[bool]) - Specifies lifecycle rule status.
expiration (pulumi.Input[dict]) - Specifies a period in the object’s expire (documented below).
- date (pulumi.Input[str]) - Specifies the date after which you want the corresponding action to take effect.
- days (pulumi.Input[float]) - Specifies the number of days after object creation when the specific rule action takes effect.
- expiredObjectDeleteMarker (pulumi.Input[bool]) - On a versioned bucket (versioning-enabled or versioning-suspended bucket), you can add this element in the lifecycle configuration to direct Amazon S3 to delete expired object delete markers.
id (pulumi.Input[str]) - Unique identifier for the rule.
noncurrentVersionExpiration (pulumi.Input[dict]) - Specifies when noncurrent object versions expire (documented below).
- days (pulumi.Input[float]) - Specifies the number of days noncurrent object versions expire.
noncurrentVersionTransitions (pulumi.Input[list]) - Specifies when noncurrent object versions transitions (documented below).
- days (pulumi.Input[float]) - Specifies the number of days noncurrent object versions transition.
- storage_class (pulumi.Input[str]) - Specifies the Amazon S3 storage class to which you want the noncurrent object versions to transition. Can be ONEZONE_IA, STANDARD_IA, INTELLIGENT_TIERING, GLACIER, or DEEP_ARCHIVE.
prefix (pulumi.Input[str]) - Object key prefix identifying one or more objects to which the rule applies.
tags (pulumi.Input[dict]) - Specifies object tags key and value.
transitions (pulumi.Input[list]) - Specifies a period in the object’s transitions (documented below).
- date (pulumi.Input[str]) - Specifies the date after which you want the corresponding action to take effect.
- days (pulumi.Input[float]) - Specifies the number of days after object creation when the specific rule action takes effect.
- storage_class (pulumi.Input[str]) - Specifies the Amazon S3 storage class to which you want the object to transition. Can be ONEZONE_IA, STANDARD_IA, INTELLIGENT_TIERING, GLACIER, or DEEP_ARCHIVE.

The loggings object supports the following:

targetBucket (pulumi.Input[str]) - The name of the bucket that will receive the log objects.
targetPrefix (pulumi.Input[str]) - To specify a key prefix for log objects.

The object_lock_configuration object supports the following:

objectLockEnabled (pulumi.Input[str]) - Indicates whether this bucket has an Object Lock configuration enabled. Valid value is Enabled.
rule (pulumi.Input[dict]) - The Object Lock rule in place for this bucket.
- defaultRetention (pulumi.Input[dict]) - The default retention period that you want to apply to new objects placed in this bucket.
  - days (pulumi.Input[float]) - The number of days that you want to specify for the default retention period.
  - mode (pulumi.Input[str]) - The default Object Lock retention mode you want to apply to new objects placed in this bucket. Valid values are GOVERNANCE and COMPLIANCE.
  - years (pulumi.Input[float]) - The number of years that you want to specify for the default retention period.

The replication_configuration object supports the following:

role (pulumi.Input[str]) - The ARN of the IAM role for Amazon S3 to assume when replicating the objects.
rules (pulumi.Input[list]) - Specifies the rules managing the replication (documented below).
- destination (pulumi.Input[dict]) - Specifies the destination for the rule (documented below).
  - accessControlTranslation (pulumi.Input[dict]) - Specifies the overrides to use for object owners on replication. Must be used in conjunction with account_id owner override configuration.
    - owner (pulumi.Input[str]) - The override value for the owner on replicated objects. Currently only Destination is supported.
  - account_id (pulumi.Input[str]) - The Account ID to use for overriding the object owner on replication. Must be used in conjunction with access_control_translation override configuration.
  - bucket (pulumi.Input[str]) - The ARN of the S3 bucket where you want Amazon S3 to store replicas of the object identified by the rule.
  - replicaKmsKeyId (pulumi.Input[str]) - Destination KMS encryption key ARN for SSE-KMS replication. Must be used in conjunction with sse_kms_encrypted_objects source selection criteria.
  - storage_class (pulumi.Input[str]) - The class of storage used to store the object. Can be STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, or DEEP_ARCHIVE.
- filter (pulumi.Input[dict]) - Filter that identifies subset of objects to which the replication rule applies (documented below).
  - prefix (pulumi.Input[str]) - Object keyname prefix that identifies subset of objects to which the rule applies.
  - tags (pulumi.Input[dict]) - A map of tags that identifies subset of objects to which the rule applies. The rule applies only to objects having all the tags in its tagset.
- id (pulumi.Input[str]) - Unique identifier for the rule.
- prefix (pulumi.Input[str]) - Object keyname prefix identifying one or more objects to which the rule applies.
- priority (pulumi.Input[float]) - is optional (with a default value of 0) but must be unique between multiple rules
- sourceSelectionCriteria (pulumi.Input[dict]) - Specifies special object selection criteria (documented below).
  - sseKmsEncryptedObjects (pulumi.Input[dict]) - Match SSE-KMS encrypted objects (documented below). If specified, replica_kms_key_id in destination must be specified as well.
    - enabled (pulumi.Input[bool]) - Boolean which indicates if this criteria is enabled.
- status (pulumi.Input[str]) - The status of the rule. Either Enabled or Disabled. The rule is ignored if status is not Enabled.

The server_side_encryption_configuration object supports the following:

rule (pulumi.Input[dict]) - A single object for server-side encryption by default configuration. (documented below)
- applyServerSideEncryptionByDefault (pulumi.Input[dict]) - A single object for setting server-side encryption by default. (documented below)
  - kms_master_key_id (pulumi.Input[str]) - The AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of sse_algorithm as aws:kms. The default aws/s3 AWS KMS master key is used if this element is absent while the sse_algorithm is aws:kms.
  - sseAlgorithm (pulumi.Input[str]) - The server-side encryption algorithm to use. Valid values are AES256 and aws:kms

The versioning object supports the following:

enabled (pulumi.Input[bool]) - Enable versioning. Once you version-enable a bucket, it can never return to an unversioned state. You can, however, suspend versioning on that bucket.
mfaDelete (pulumi.Input[bool]) - Enable MFA delete for either Change the versioning state of your bucket or Permanently delete an object version. Default is false. This cannot be used to toggle this setting but is available to allow managed buckets to reflect the state in AWS

The website object supports the following:

errorDocument (pulumi.Input[str]) - An absolute path to the document to return in case of a 4XX error.
indexDocument (pulumi.Input[str]) - Amazon S3 returns this index document when requests are made to the root domain or any of the subfolders.
redirectAllRequestsTo (pulumi.Input[str]) - A hostname to redirect all website requests for this bucket to. Hostname can optionally be prefixed with a protocol (http:// or https://) to use when redirecting requests. The default is the protocol that is used in the original request.
routingRules (pulumi.Input[dict]) - A json array containing routing rules describing redirect behavior and when redirects are applied.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

class pulumi_aws.s3.BucketMetric(resource_name, opts=None, bucket=None, filter=None, name=None, __props__=None, __name__=None, __opts__=None)¶

Provides a S3 bucket metrics configuration resource.

import pulumi
import pulumi_aws as aws

example = aws.s3.Bucket("example")
example_entire_bucket = aws.s3.BucketMetric("example-entire-bucket", bucket=example.bucket)

import pulumi
import pulumi_aws as aws

example = aws.s3.Bucket("example")
example_filtered = aws.s3.BucketMetric("example-filtered",
    bucket=example.bucket,
    filter={
        "prefix": "documents/",
        "tags": {
            "class": "blue",
            "priority": "high",
        },
    })

Parameters

resource_name (str) – The name of the resource.
opts (pulumi.ResourceOptions) – Options for the resource.
bucket (pulumi.Input[str]) – The name of the bucket to put metric configuration.
filter (pulumi.Input[dict]) – Object filtering that accepts a prefix, tags, or a logical AND of prefix and tags (documented below).
name (pulumi.Input[str]) – Unique identifier of the metrics configuration for the bucket.

The filter object supports the following:

prefix (pulumi.Input[str]) - Object prefix for filtering (singular).
tags (pulumi.Input[dict]) - Object tags for filtering (up to 10).

bucket: pulumi.Output[str] = None¶: The name of the bucket to put metric configuration.

filter: pulumi.Output[dict] = None¶

Object filtering that accepts a prefix, tags, or a logical AND of prefix and tags (documented below).

prefix (str) - Object prefix for filtering (singular).
tags (dict) - Object tags for filtering (up to 10).

name: pulumi.Output[str] = None¶: Unique identifier of the metrics configuration for the bucket.

static get(resource_name, id, opts=None, bucket=None, filter=None, name=None)¶

Get an existing BucketMetric resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

resource_name (str) – The unique name of the resulting resource.
id (str) – The unique provider ID of the resource to lookup.
opts (pulumi.ResourceOptions) – Options for the resource.
bucket (pulumi.Input[str]) – The name of the bucket to put metric configuration.
filter (pulumi.Input[dict]) –
Object filtering that accepts a prefix, tags, or a logical AND of prefix and tags (documented below).
name (pulumi.Input[str]) – Unique identifier of the metrics configuration for the bucket.

The filter object supports the following:

prefix (pulumi.Input[str]) - Object prefix for filtering (singular).
tags (pulumi.Input[dict]) - Object tags for filtering (up to 10).

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

class pulumi_aws.s3.BucketNotification(resource_name, opts=None, bucket=None, lambda_functions=None, queues=None, topics=None, __props__=None, __name__=None, __opts__=None)¶

Manages a S3 Bucket Notification Configuration. For additional information, see the Configuring S3 Event Notifications section in the Amazon S3 Developer Guide.

NOTE: S3 Buckets only support a single notification configuration. Declaring multiple s3.BucketNotification resources to the same S3 Bucket will cause a perpetual difference in configuration. See the example “Trigger multiple Lambda functions” for an option.

import pulumi
import pulumi_aws as aws

bucket = aws.s3.Bucket("bucket")
topic = aws.sns.Topic("topic", policy=bucket.arn.apply(lambda arn: f"""{{
    "Version":"2012-10-17",
    "Statement":[{{
        "Effect": "Allow",
        "Principal": {{"AWS":"*"}},
        "Action": "SNS:Publish",
        "Resource": "arn:aws:sns:*:*:s3-event-notification-topic",
        "Condition":{{
            "ArnLike":{{"aws:SourceArn":"{arn}"}}
        }}
    }}]
}}

"""))
bucket_notification = aws.s3.BucketNotification("bucketNotification",
    bucket=bucket.id,
    topics=[{
        "events": ["s3:ObjectCreated:*"],
        "filterSuffix": ".log",
        "topic_arn": topic.arn,
    }])

import pulumi
import pulumi_aws as aws

bucket = aws.s3.Bucket("bucket")
queue = aws.sqs.Queue("queue", policy=bucket.arn.apply(lambda arn: f"""{{
  "Version": "2012-10-17",
  "Statement": [
    {{
      "Effect": "Allow",
      "Principal": "*",
      "Action": "sqs:SendMessage",
          "Resource": "arn:aws:sqs:*:*:s3-event-notification-queue",
      "Condition": {{
        "ArnEquals": {{ "aws:SourceArn": "{arn}" }}
      }}
    }}
  ]
}}

"""))
bucket_notification = aws.s3.BucketNotification("bucketNotification",
    bucket=bucket.id,
    queues=[{
        "events": ["s3:ObjectCreated:*"],
        "filterSuffix": ".log",
        "queueArn": queue.arn,
    }])

import pulumi
import pulumi_aws as aws

iam_for_lambda = aws.iam.Role("iamForLambda", assume_role_policy="""{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "lambda.amazonaws.com"
      },
      "Effect": "Allow"
    }
  ]
}
""")
func = aws.lambda_.Function("func",
    code=pulumi.FileArchive("your-function.zip"),
    role=iam_for_lambda.arn,
    handler="exports.example",
    runtime="go1.x")
bucket = aws.s3.Bucket("bucket")
allow_bucket = aws.lambda_.Permission("allowBucket",
    action="lambda:InvokeFunction",
    function=func.arn,
    principal="s3.amazonaws.com",
    source_arn=bucket.arn)
bucket_notification = aws.s3.BucketNotification("bucketNotification",
    bucket=bucket.id,
    lambda_function=[{
        "lambda_function_arn": func.arn,
        "events": ["s3:ObjectCreated:*"],
        "filterPrefix": "AWSLogs/",
        "filterSuffix": ".log",
    }])

import pulumi
import pulumi_aws as aws

iam_for_lambda = aws.iam.Role("iamForLambda", assume_role_policy="""{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "lambda.amazonaws.com"
      },
      "Effect": "Allow"
    }
  ]
}
""")
func1 = aws.lambda_.Function("func1",
    code=pulumi.FileArchive("your-function1.zip"),
    role=iam_for_lambda.arn,
    handler="exports.example",
    runtime="go1.x")
bucket = aws.s3.Bucket("bucket")
allow_bucket1 = aws.lambda_.Permission("allowBucket1",
    action="lambda:InvokeFunction",
    function=func1.arn,
    principal="s3.amazonaws.com",
    source_arn=bucket.arn)
func2 = aws.lambda_.Function("func2",
    code=pulumi.FileArchive("your-function2.zip"),
    role=iam_for_lambda.arn,
    handler="exports.example")
allow_bucket2 = aws.lambda_.Permission("allowBucket2",
    action="lambda:InvokeFunction",
    function=func2.arn,
    principal="s3.amazonaws.com",
    source_arn=bucket.arn)
bucket_notification = aws.s3.BucketNotification("bucketNotification",
    bucket=bucket.id,
    lambda_function=[
        {
            "lambda_function_arn": func1.arn,
            "events": ["s3:ObjectCreated:*"],
            "filterPrefix": "AWSLogs/",
            "filterSuffix": ".log",
        },
        {
            "lambda_function_arn": func2.arn,
            "events": ["s3:ObjectCreated:*"],
            "filterPrefix": "OtherLogs/",
            "filterSuffix": ".log",
        },
    ])

import pulumi
import pulumi_aws as aws

bucket = aws.s3.Bucket("bucket")
queue = aws.sqs.Queue("queue", policy=bucket.arn.apply(lambda arn: f"""{{
  "Version": "2012-10-17",
  "Statement": [
    {{
      "Effect": "Allow",
      "Principal": "*",
      "Action": "sqs:SendMessage",
          "Resource": "arn:aws:sqs:*:*:s3-event-notification-queue",
      "Condition": {{
        "ArnEquals": {{ "aws:SourceArn": "{arn}" }}
      }}
    }}
  ]
}}

"""))
bucket_notification = aws.s3.BucketNotification("bucketNotification",
    bucket=bucket.id,
    queues=[
        {
            "events": ["s3:ObjectCreated:*"],
            "filterPrefix": "images/",
            "id": "image-upload-event",
            "queueArn": queue.arn,
        },
        {
            "events": ["s3:ObjectCreated:*"],
            "filterPrefix": "videos/",
            "id": "video-upload-event",
            "queueArn": queue.arn,
        },
    ])

Parameters

resource_name (str) – The name of the resource.
opts (pulumi.ResourceOptions) – Options for the resource.
bucket (pulumi.Input[str]) – The name of the bucket to put notification configuration.
lambda_functions (pulumi.Input[list]) – Used to configure notifications to a Lambda Function (documented below).
queues (pulumi.Input[list]) – The notification configuration to SQS Queue (documented below).
topics (pulumi.Input[list]) – The notification configuration to SNS Topic (documented below).

The lambda_functions object supports the following:

events (pulumi.Input[list]) - Specifies event for which to send notifications.
filterPrefix (pulumi.Input[str]) - Specifies object key name prefix.
filterSuffix (pulumi.Input[str]) - Specifies object key name suffix.
id (pulumi.Input[str]) - Specifies unique identifier for each of the notification configurations.
lambda_function_arn (pulumi.Input[str]) - Specifies Amazon Lambda function ARN.

The queues object supports the following:

events (pulumi.Input[list]) - Specifies event for which to send notifications.
filterPrefix (pulumi.Input[str]) - Specifies object key name prefix.
filterSuffix (pulumi.Input[str]) - Specifies object key name suffix.
id (pulumi.Input[str]) - Specifies unique identifier for each of the notification configurations.
queueArn (pulumi.Input[str]) - Specifies Amazon SQS queue ARN.

The topics object supports the following:

events (pulumi.Input[list]) - Specifies event for which to send notifications.
filterPrefix (pulumi.Input[str]) - Specifies object key name prefix.
filterSuffix (pulumi.Input[str]) - Specifies object key name suffix.
id (pulumi.Input[str]) - Specifies unique identifier for each of the notification configurations.
topic_arn (pulumi.Input[str]) - Specifies Amazon SNS topic ARN.

bucket: pulumi.Output[str] = None¶: The name of the bucket to put notification configuration.

lambda_functions: pulumi.Output[list] = None¶

Used to configure notifications to a Lambda Function (documented below).

events (list) - Specifies event for which to send notifications.
filterPrefix (str) - Specifies object key name prefix.
filterSuffix (str) - Specifies object key name suffix.
id (str) - Specifies unique identifier for each of the notification configurations.
lambda_function_arn (str) - Specifies Amazon Lambda function ARN.

queues: pulumi.Output[list] = None¶

The notification configuration to SQS Queue (documented below).

events (list) - Specifies event for which to send notifications.
filterPrefix (str) - Specifies object key name prefix.
filterSuffix (str) - Specifies object key name suffix.
id (str) - Specifies unique identifier for each of the notification configurations.
queueArn (str) - Specifies Amazon SQS queue ARN.

topics: pulumi.Output[list] = None¶

The notification configuration to SNS Topic (documented below).

events (list) - Specifies event for which to send notifications.
filterPrefix (str) - Specifies object key name prefix.
filterSuffix (str) - Specifies object key name suffix.
id (str) - Specifies unique identifier for each of the notification configurations.
topic_arn (str) - Specifies Amazon SNS topic ARN.

static get(resource_name, id, opts=None, bucket=None, lambda_functions=None, queues=None, topics=None)¶

Get an existing BucketNotification resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

resource_name (str) – The unique name of the resulting resource.
id (str) – The unique provider ID of the resource to lookup.
opts (pulumi.ResourceOptions) – Options for the resource.
bucket (pulumi.Input[str]) – The name of the bucket to put notification configuration.
lambda_functions (pulumi.Input[list]) – Used to configure notifications to a Lambda Function (documented below).
queues (pulumi.Input[list]) – The notification configuration to SQS Queue (documented below).
topics (pulumi.Input[list]) – The notification configuration to SNS Topic (documented below).

The lambda_functions object supports the following:

events (pulumi.Input[list]) - Specifies event for which to send notifications.
filterPrefix (pulumi.Input[str]) - Specifies object key name prefix.
filterSuffix (pulumi.Input[str]) - Specifies object key name suffix.
id (pulumi.Input[str]) - Specifies unique identifier for each of the notification configurations.
lambda_function_arn (pulumi.Input[str]) - Specifies Amazon Lambda function ARN.

The queues object supports the following:

events (pulumi.Input[list]) - Specifies event for which to send notifications.
filterPrefix (pulumi.Input[str]) - Specifies object key name prefix.
filterSuffix (pulumi.Input[str]) - Specifies object key name suffix.
id (pulumi.Input[str]) - Specifies unique identifier for each of the notification configurations.
queueArn (pulumi.Input[str]) - Specifies Amazon SQS queue ARN.

The topics object supports the following:

events (pulumi.Input[list]) - Specifies event for which to send notifications.
filterPrefix (pulumi.Input[str]) - Specifies object key name prefix.
filterSuffix (pulumi.Input[str]) - Specifies object key name suffix.
id (pulumi.Input[str]) - Specifies unique identifier for each of the notification configurations.
topic_arn (pulumi.Input[str]) - Specifies Amazon SNS topic ARN.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

class pulumi_aws.s3.BucketObject(resource_name, opts=None, acl=None, bucket=None, cache_control=None, content=None, content_base64=None, content_disposition=None, content_encoding=None, content_language=None, content_type=None, etag=None, force_destroy=None, key=None, kms_key_id=None, metadata=None, object_lock_legal_hold_status=None, object_lock_mode=None, object_lock_retain_until_date=None, server_side_encryption=None, source=None, storage_class=None, tags=None, website_redirect=None, __props__=None, __name__=None, __opts__=None)¶

Provides a S3 bucket object resource.

import pulumi
import pulumi_aws as aws

examplekms = aws.kms.Key("examplekms",
    deletion_window_in_days=7,
    description="KMS key 1")
examplebucket = aws.s3.Bucket("examplebucket", acl="private")
examplebucket_object = aws.s3.BucketObject("examplebucketObject",
    bucket=examplebucket.id,
    key="someobject",
    kms_key_id=examplekms.arn,
    source=pulumi.FileAsset("index.html"))

import pulumi
import pulumi_aws as aws

examplebucket = aws.s3.Bucket("examplebucket", acl="private")
examplebucket_object = aws.s3.BucketObject("examplebucketObject",
    bucket=examplebucket.id,
    key="someobject",
    server_side_encryption="aws:kms",
    source=pulumi.FileAsset("index.html"))

import pulumi
import pulumi_aws as aws

examplebucket = aws.s3.Bucket("examplebucket", acl="private")
examplebucket_object = aws.s3.BucketObject("examplebucketObject",
    bucket=examplebucket.id,
    key="someobject",
    server_side_encryption="AES256",
    source=pulumi.FileAsset("index.html"))

import pulumi
import pulumi_aws as aws

examplebucket = aws.s3.Bucket("examplebucket",
    acl="private",
    object_lock_configuration={
        "objectLockEnabled": "Enabled",
    },
    versioning={
        "enabled": True,
    })
examplebucket_object = aws.s3.BucketObject("examplebucketObject",
    bucket=examplebucket.id,
    force_destroy=True,
    key="someobject",
    object_lock_legal_hold_status="ON",
    object_lock_mode="GOVERNANCE",
    object_lock_retain_until_date="2021-12-31T23:59:60Z",
    source=pulumi.FileAsset("important.txt"))

Parameters

resource_name (str) – The name of the resource.
opts (pulumi.ResourceOptions) – Options for the resource.
acl (pulumi.Input[str]) –
The canned ACL to apply. Defaults to “private”.
bucket (pulumi.Input[dict]) – The name of the bucket to put the file in. Alternatively, an S3 access point ARN can be specified.
cache_control (pulumi.Input[str]) – Specifies caching behavior along the request/reply chain Read w3c cache_control for further details.
content (pulumi.Input[str]) – Literal string value to use as the object content, which will be uploaded as UTF-8-encoded text.
content_base64 (pulumi.Input[str]) – Base64-encoded data that will be decoded and uploaded as raw bytes for the object content. This allows safely uploading non-UTF8 binary data, but is recommended only for small content such as the result of the gzipbase64 function with small text strings. For larger objects, use source to stream the content from a disk file.
content_disposition (pulumi.Input[str]) – Specifies presentational information for the object. Read w3c content_disposition for further information.
content_encoding (pulumi.Input[str]) – Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field. Read w3c content encoding for further information.
content_language (pulumi.Input[str]) – The language the content is in e.g. en-US or en-GB.
content_type (pulumi.Input[str]) – A standard MIME type describing the format of the object data, e.g. application/octet-stream. All Valid MIME Types are valid for this input.
etag (pulumi.Input[str]) – Used to trigger updates. The only meaningful value is ${filemd5("path/to/file")} (this provider 0.11.12 or later) or ${md5(file("path/to/file"))} (this provider 0.11.11 or earlier). This attribute is not compatible with KMS encryption, kms_key_id or server_side_encryption = "aws:kms".
force_destroy (pulumi.Input[bool]) – Allow the object to be deleted by removing any legal hold on any object version. Default is false. This value should be set to true only if the bucket has S3 object lock enabled.
key (pulumi.Input[str]) – The name of the object once it is in the bucket.
kms_key_id (pulumi.Input[str]) – Specifies the AWS KMS Key ARN to use for object encryption. This value is a fully qualified ARN of the KMS Key. If using kms.Key, use the exported arn attribute: kms_key_id = "${aws_kms_key.foo.arn}"
metadata (pulumi.Input[dict]) – A map of keys/values to provision metadata (will be automatically prefixed by x-amz-meta-, note that only lowercase label are currently supported by the AWS Go API).
object_lock_legal_hold_status (pulumi.Input[str]) – The legal hold status that you want to apply to the specified object. Valid values are ON and OFF.
object_lock_mode (pulumi.Input[str]) – The object lock retention mode that you want to apply to this object. Valid values are GOVERNANCE and COMPLIANCE.
object_lock_retain_until_date (pulumi.Input[str]) – The date and time, in RFC3339 format, when this object’s object lock will expire.
server_side_encryption (pulumi.Input[str]) – Specifies server-side encryption of the object in S3. Valid values are “AES256” and “aws:kms”.
pulumi.Archive]] source (pulumi.Input[Union[pulumi.Asset,) – The path to a file that will be read and uploaded as raw bytes for the object content.
storage_class (pulumi.Input[str]) – Specifies the desired Storage Class for the object. Can be either “STANDARD”, “REDUCED_REDUNDANCY”, “ONEZONE_IA”, “INTELLIGENT_TIERING”, “GLACIER”, “DEEP_ARCHIVE”, or “STANDARD_IA”. Defaults to “STANDARD”.
tags (pulumi.Input[dict]) – A map of tags to assign to the object.
website_redirect (pulumi.Input[str]) – Specifies a target URL for website redirect.

acl: pulumi.Output[str] = None¶: The canned ACL to apply. Defaults to “private”.

bucket: pulumi.Output[str] = None¶: The name of the bucket to put the file in. Alternatively, an S3 access point ARN can be specified.

cache_control: pulumi.Output[str] = None¶: Specifies caching behavior along the request/reply chain Read w3c cache_control for further details.

content: pulumi.Output[str] = None¶: Literal string value to use as the object content, which will be uploaded as UTF-8-encoded text.

content_base64: pulumi.Output[str] = None¶: Base64-encoded data that will be decoded and uploaded as raw bytes for the object content. This allows safely uploading non-UTF8 binary data, but is recommended only for small content such as the result of the gzipbase64 function with small text strings. For larger objects, use source to stream the content from a disk file.

content_disposition: pulumi.Output[str] = None¶: Specifies presentational information for the object. Read w3c content_disposition for further information.

content_encoding: pulumi.Output[str] = None¶: Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field. Read w3c content encoding for further information.

content_language: pulumi.Output[str] = None¶: The language the content is in e.g. en-US or en-GB.

content_type: pulumi.Output[str] = None¶: A standard MIME type describing the format of the object data, e.g. application/octet-stream. All Valid MIME Types are valid for this input.

etag: pulumi.Output[str] = None¶: Used to trigger updates. The only meaningful value is ${filemd5("path/to/file")} (this provider 0.11.12 or later) or ${md5(file("path/to/file"))} (this provider 0.11.11 or earlier). This attribute is not compatible with KMS encryption, kms_key_id or server_side_encryption = "aws:kms".

force_destroy: pulumi.Output[bool] = None¶: Allow the object to be deleted by removing any legal hold on any object version. Default is false. This value should be set to true only if the bucket has S3 object lock enabled.

key: pulumi.Output[str] = None¶: The name of the object once it is in the bucket.

kms_key_id: pulumi.Output[str] = None¶: Specifies the AWS KMS Key ARN to use for object encryption. This value is a fully qualified ARN of the KMS Key. If using kms.Key, use the exported arn attribute: kms_key_id = "${aws_kms_key.foo.arn}"

metadata: pulumi.Output[dict] = None¶: A map of keys/values to provision metadata (will be automatically prefixed by x-amz-meta-, note that only lowercase label are currently supported by the AWS Go API).

object_lock_legal_hold_status: pulumi.Output[str] = None¶: The legal hold status that you want to apply to the specified object. Valid values are ON and OFF.

object_lock_mode: pulumi.Output[str] = None¶: The object lock retention mode that you want to apply to this object. Valid values are GOVERNANCE and COMPLIANCE.

object_lock_retain_until_date: pulumi.Output[str] = None¶: The date and time, in RFC3339 format, when this object’s object lock will expire.

server_side_encryption: pulumi.Output[str] = None¶: Specifies server-side encryption of the object in S3. Valid values are “AES256” and “aws:kms”.

source: pulumi.Output[Union[pulumi.Asset, pulumi.Archive]] = None¶: The path to a file that will be read and uploaded as raw bytes for the object content.

storage_class: pulumi.Output[str] = None¶: Specifies the desired Storage Class for the object. Can be either “STANDARD”, “REDUCED_REDUNDANCY”, “ONEZONE_IA”, “INTELLIGENT_TIERING”, “GLACIER”, “DEEP_ARCHIVE”, or “STANDARD_IA”. Defaults to “STANDARD”.

tags: pulumi.Output[dict] = None¶: A map of tags to assign to the object.

version_id: pulumi.Output[str] = None¶: A unique version ID value for the object, if bucket versioning is enabled.

website_redirect: pulumi.Output[str] = None¶: Specifies a target URL for website redirect.

static get(resource_name, id, opts=None, acl=None, bucket=None, cache_control=None, content=None, content_base64=None, content_disposition=None, content_encoding=None, content_language=None, content_type=None, etag=None, force_destroy=None, key=None, kms_key_id=None, metadata=None, object_lock_legal_hold_status=None, object_lock_mode=None, object_lock_retain_until_date=None, server_side_encryption=None, source=None, storage_class=None, tags=None, version_id=None, website_redirect=None)¶

Get an existing BucketObject resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

resource_name (str) – The unique name of the resulting resource.
id (str) – The unique provider ID of the resource to lookup.
opts (pulumi.ResourceOptions) – Options for the resource.
acl (pulumi.Input[str]) –
The canned ACL to apply. Defaults to “private”.
bucket (pulumi.Input[dict]) –
The name of the bucket to put the file in. Alternatively, an S3 access point ARN can be specified.
cache_control (pulumi.Input[str]) –
Specifies caching behavior along the request/reply chain Read w3c cache_control for further details.
content (pulumi.Input[str]) – Literal string value to use as the object content, which will be uploaded as UTF-8-encoded text.
content_base64 (pulumi.Input[str]) – Base64-encoded data that will be decoded and uploaded as raw bytes for the object content. This allows safely uploading non-UTF8 binary data, but is recommended only for small content such as the result of the gzipbase64 function with small text strings. For larger objects, use source to stream the content from a disk file.
content_disposition (pulumi.Input[str]) –
Specifies presentational information for the object. Read w3c content_disposition for further information.
content_encoding (pulumi.Input[str]) –
Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field. Read w3c content encoding for further information.
content_language (pulumi.Input[str]) – The language the content is in e.g. en-US or en-GB.
content_type (pulumi.Input[str]) – A standard MIME type describing the format of the object data, e.g. application/octet-stream. All Valid MIME Types are valid for this input.
etag (pulumi.Input[str]) – Used to trigger updates. The only meaningful value is ${filemd5("path/to/file")} (this provider 0.11.12 or later) or ${md5(file("path/to/file"))} (this provider 0.11.11 or earlier). This attribute is not compatible with KMS encryption, kms_key_id or server_side_encryption = "aws:kms".
force_destroy (pulumi.Input[bool]) – Allow the object to be deleted by removing any legal hold on any object version. Default is false. This value should be set to true only if the bucket has S3 object lock enabled.
key (pulumi.Input[str]) – The name of the object once it is in the bucket.
kms_key_id (pulumi.Input[str]) – Specifies the AWS KMS Key ARN to use for object encryption. This value is a fully qualified ARN of the KMS Key. If using kms.Key, use the exported arn attribute: kms_key_id = "${aws_kms_key.foo.arn}"
metadata (pulumi.Input[dict]) – A map of keys/values to provision metadata (will be automatically prefixed by x-amz-meta-, note that only lowercase label are currently supported by the AWS Go API).
object_lock_legal_hold_status (pulumi.Input[str]) –
The legal hold status that you want to apply to the specified object. Valid values are ON and OFF.
object_lock_mode (pulumi.Input[str]) –
The object lock retention mode that you want to apply to this object. Valid values are GOVERNANCE and COMPLIANCE.
object_lock_retain_until_date (pulumi.Input[str]) –
The date and time, in RFC3339 format, when this object’s object lock will expire.
server_side_encryption (pulumi.Input[str]) – Specifies server-side encryption of the object in S3. Valid values are “AES256” and “aws:kms”.
pulumi.Archive]] source (pulumi.Input[Union[pulumi.Asset,) – The path to a file that will be read and uploaded as raw bytes for the object content.
storage_class (pulumi.Input[str]) –
Specifies the desired Storage Class for the object. Can be either “STANDARD”, “REDUCED_REDUNDANCY”, “ONEZONE_IA”, “INTELLIGENT_TIERING”, “GLACIER”, “DEEP_ARCHIVE”, or “STANDARD_IA”. Defaults to “STANDARD”.
tags (pulumi.Input[dict]) – A map of tags to assign to the object.
version_id (pulumi.Input[str]) – A unique version ID value for the object, if bucket versioning is enabled.
website_redirect (pulumi.Input[str]) –
Specifies a target URL for website redirect.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

class pulumi_aws.s3.BucketPolicy(resource_name, opts=None, bucket=None, policy=None, __props__=None, __name__=None, __opts__=None)¶

Attaches a policy to an S3 bucket resource.

import pulumi
import pulumi_aws as aws

bucket = aws.s3.Bucket("bucket")
bucket_policy = aws.s3.BucketPolicy("bucketPolicy",
    bucket=bucket.id,
    policy="""{
  "Version": "2012-10-17",
  "Id": "MYBUCKETPOLICY",
  "Statement": [
    {
      "Sid": "IPAllow",
      "Effect": "Deny",
      "Principal": "*",
      "Action": "s3:*",
      "Resource": "arn:aws:s3:::my_tf_test_bucket/*",
      "Condition": {
         "IpAddress": {"aws:SourceIp": "8.8.8.8/32"}
      }
    }
  ]
}

""")

Parameters

resource_name (str) – The name of the resource.
opts (pulumi.ResourceOptions) – Options for the resource.
bucket (pulumi.Input[str]) – The name of the bucket to which to apply the policy.
policy (pulumi.Input[dict]) – The text of the policy.

bucket: pulumi.Output[str] = None¶: The name of the bucket to which to apply the policy.

policy: pulumi.Output[str] = None¶: The text of the policy.

static get(resource_name, id, opts=None, bucket=None, policy=None)¶

Get an existing BucketPolicy resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

resource_name (str) – The unique name of the resulting resource.
id (str) – The unique provider ID of the resource to lookup.
opts (pulumi.ResourceOptions) – Options for the resource.
bucket (pulumi.Input[str]) – The name of the bucket to which to apply the policy.
policy (pulumi.Input[dict]) – The text of the policy.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

class pulumi_aws.s3.BucketPublicAccessBlock(resource_name, opts=None, block_public_acls=None, block_public_policy=None, bucket=None, ignore_public_acls=None, restrict_public_buckets=None, __props__=None, __name__=None, __opts__=None)¶

Manages S3 bucket-level Public Access Block configuration. For more information about these settings, see the AWS S3 Block Public Access documentation.

import pulumi
import pulumi_aws as aws

example_bucket = aws.s3.Bucket("exampleBucket")
example_bucket_public_access_block = aws.s3.BucketPublicAccessBlock("exampleBucketPublicAccessBlock",
    block_public_acls=True,
    block_public_policy=True,
    bucket=example_bucket.id)

Parameters

resource_name (str) – The name of the resource.
opts (pulumi.ResourceOptions) – Options for the resource.
block_public_acls (pulumi.Input[bool]) – Whether Amazon S3 should block public ACLs for this bucket. Defaults to false. Enabling this setting does not affect existing policies or ACLs. When set to true causes the following behavior:

* PUT Bucket acl and PUT Object acl calls will fail if the specified ACL allows public access.
* PUT Object calls will fail if the request includes an object ACL.

Parameters: block_public_policy (pulumi.Input[bool]) – Whether Amazon S3 should block public bucket policies for this bucket. Defaults to false. Enabling this setting does not affect the existing bucket policy. When set to true causes Amazon S3 to:

* Reject calls to PUT Bucket policy if the specified bucket policy allows public access.

Parameters

bucket (pulumi.Input[str]) – S3 Bucket to which this Public Access Block configuration should be applied.
ignore_public_acls (pulumi.Input[bool]) – Whether Amazon S3 should ignore public ACLs for this bucket. Defaults to false. Enabling this setting does not affect the persistence of any existing ACLs and doesn’t prevent new public ACLs from being set. When set to true causes Amazon S3 to:

* Ignore public ACLs on this bucket and any objects that it contains.

Parameters: restrict_public_buckets (pulumi.Input[bool]) – Whether Amazon S3 should restrict public bucket policies for this bucket. Defaults to false. Enabling this setting does not affect the previously stored bucket policy, except that public and cross-account access within the public bucket policy, including non-public delegation to specific accounts, is blocked. When set to true:

* Only the bucket owner and AWS Services can access this buckets if it has a public policy.

block_public_acls: pulumi.Output[bool] = None¶

Whether Amazon S3 should block public ACLs for this bucket. Defaults to false. Enabling this setting does not affect existing policies or ACLs. When set to true causes the following behavior:

PUT Bucket acl and PUT Object acl calls will fail if the specified ACL allows public access.
PUT Object calls will fail if the request includes an object ACL.

block_public_policy: pulumi.Output[bool] = None¶

Whether Amazon S3 should block public bucket policies for this bucket. Defaults to false. Enabling this setting does not affect the existing bucket policy. When set to true causes Amazon S3 to:

Reject calls to PUT Bucket policy if the specified bucket policy allows public access.

bucket: pulumi.Output[str] = None¶: S3 Bucket to which this Public Access Block configuration should be applied.

ignore_public_acls: pulumi.Output[bool] = None¶

Whether Amazon S3 should ignore public ACLs for this bucket. Defaults to false. Enabling this setting does not affect the persistence of any existing ACLs and doesn’t prevent new public ACLs from being set. When set to true causes Amazon S3 to:

Ignore public ACLs on this bucket and any objects that it contains.

restrict_public_buckets: pulumi.Output[bool] = None¶

Whether Amazon S3 should restrict public bucket policies for this bucket. Defaults to false. Enabling this setting does not affect the previously stored bucket policy, except that public and cross-account access within the public bucket policy, including non-public delegation to specific accounts, is blocked. When set to true:

Only the bucket owner and AWS Services can access this buckets if it has a public policy.

static get(resource_name, id, opts=None, block_public_acls=None, block_public_policy=None, bucket=None, ignore_public_acls=None, restrict_public_buckets=None)¶

Get an existing BucketPublicAccessBlock resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

resource_name (str) – The unique name of the resulting resource.
id (str) – The unique provider ID of the resource to lookup.
opts (pulumi.ResourceOptions) – Options for the resource.
block_public_acls (pulumi.Input[bool]) – Whether Amazon S3 should block public ACLs for this bucket. Defaults to false. Enabling this setting does not affect existing policies or ACLs. When set to true causes the following behavior:

* PUT Bucket acl and PUT Object acl calls will fail if the specified ACL allows public access.
* PUT Object calls will fail if the request includes an object ACL.

Parameters: block_public_policy (pulumi.Input[bool]) – Whether Amazon S3 should block public bucket policies for this bucket. Defaults to false. Enabling this setting does not affect the existing bucket policy. When set to true causes Amazon S3 to:

* Reject calls to PUT Bucket policy if the specified bucket policy allows public access.

Parameters

bucket (pulumi.Input[str]) – S3 Bucket to which this Public Access Block configuration should be applied.
ignore_public_acls (pulumi.Input[bool]) – Whether Amazon S3 should ignore public ACLs for this bucket. Defaults to false. Enabling this setting does not affect the persistence of any existing ACLs and doesn’t prevent new public ACLs from being set. When set to true causes Amazon S3 to:

* Ignore public ACLs on this bucket and any objects that it contains.

Parameters: restrict_public_buckets (pulumi.Input[bool]) – Whether Amazon S3 should restrict public bucket policies for this bucket. Defaults to false. Enabling this setting does not affect the previously stored bucket policy, except that public and cross-account access within the public bucket policy, including non-public delegation to specific accounts, is blocked. When set to true:

* Only the bucket owner and AWS Services can access this buckets if it has a public policy.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

class pulumi_aws.s3.GetBucketObjectResult(body=None, bucket=None, cache_control=None, content_disposition=None, content_encoding=None, content_language=None, content_length=None, content_type=None, etag=None, expiration=None, expires=None, id=None, key=None, last_modified=None, metadata=None, object_lock_legal_hold_status=None, object_lock_mode=None, object_lock_retain_until_date=None, range=None, server_side_encryption=None, sse_kms_key_id=None, storage_class=None, tags=None, version_id=None, website_redirect_location=None)¶

A collection of values returned by getBucketObject.

body = None¶: Object data (see limitations above to understand cases in which this field is actually available)

cache_control = None¶: Specifies caching behavior along the request/reply chain.

content_disposition = None¶: Specifies presentational information for the object.

content_encoding = None¶: Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field.

content_language = None¶: The language the content is in.

content_length = None¶: Size of the body in bytes.

content_type = None¶: A standard MIME type describing the format of the object data.

etag = None¶: ETag generated for the object (an MD5 sum of the object content in case it’s not encrypted)

expiration = None¶: If the object expiration is configured (see object lifecycle management), the field includes this header. It includes the expiry-date and rule-id key value pairs providing object expiration information. The value of the rule-id is URL encoded.

expires = None¶: The date and time at which the object is no longer cacheable.

id = None¶: The provider-assigned unique ID for this managed resource.

last_modified = None¶: Last modified date of the object in RFC1123 format (e.g. Mon, 02 Jan 2006 15:04:05 MST)

metadata = None¶: A map of metadata stored with the object in S3

object_lock_legal_hold_status = None¶: Indicates whether this object has an active legal hold. This field is only returned if you have permission to view an object’s legal hold status.

object_lock_mode = None¶: The object lock retention mode currently in place for this object.

object_lock_retain_until_date = None¶: The date and time when this object’s object lock will expire.

server_side_encryption = None¶: If the object is stored using server-side encryption (KMS or Amazon S3-managed encryption key), this field includes the chosen encryption and algorithm used.

sse_kms_key_id = None¶: If present, specifies the ID of the Key Management Service (KMS) master encryption key that was used for the object.

storage_class = None¶: Storage class information of the object. Available for all objects except for Standard storage class objects.

tags = None¶: A map of tags assigned to the object.

version_id = None¶: The latest version ID of the object returned.

website_redirect_location = None¶: If the bucket is configured as a website, redirects requests for this object to another object in the same bucket or to an external URL. Amazon S3 stores the value of this header in the object metadata.

class pulumi_aws.s3.GetBucketObjectsResult(bucket=None, common_prefixes=None, delimiter=None, encoding_type=None, fetch_owner=None, id=None, keys=None, max_keys=None, owners=None, prefix=None, start_after=None)¶

A collection of values returned by getBucketObjects.

common_prefixes = None¶: List of any keys between prefix and the next occurrence of delimiter (i.e., similar to subdirectories of the prefix “directory”); the list is only returned when you specify delimiter

id = None¶: The provider-assigned unique ID for this managed resource.

keys = None¶: List of strings representing object keys

owners = None¶: List of strings representing object owner IDs (see fetch_owner above)

class pulumi_aws.s3.GetBucketResult(arn=None, bucket=None, bucket_domain_name=None, bucket_regional_domain_name=None, hosted_zone_id=None, id=None, region=None, website_domain=None, website_endpoint=None)¶

A collection of values returned by getBucket.

arn = None¶: The ARN of the bucket. Will be of format arn:aws:s3:::bucketname.

bucket_domain_name = None¶: The bucket domain name. Will be of format bucketname.s3.amazonaws.com.

bucket_regional_domain_name = None¶: The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.

hosted_zone_id = None¶: The Route 53 Hosted Zone ID for this bucket’s region.

id = None¶: The provider-assigned unique ID for this managed resource.

region = None¶: The AWS region this bucket resides in.

website_domain = None¶: The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.

website_endpoint = None¶: The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.

class pulumi_aws.s3.Inventory(resource_name, opts=None, bucket=None, destination=None, enabled=None, filter=None, included_object_versions=None, name=None, optional_fields=None, schedule=None, __props__=None, __name__=None, __opts__=None)¶

Provides a S3 bucket inventory configuration resource.

import pulumi
import pulumi_aws as aws

test_bucket = aws.s3.Bucket("testBucket")
inventory = aws.s3.Bucket("inventory")
test_inventory = aws.s3.Inventory("testInventory",
    bucket=test_bucket.id,
    destination={
        "bucket": {
            "bucketArn": inventory.arn,
            "format": "ORC",
        },
    },
    included_object_versions="All",
    schedule={
        "frequency": "Daily",
    })

import pulumi
import pulumi_aws as aws

test = aws.s3.Bucket("test")
inventory = aws.s3.Bucket("inventory")
test_prefix = aws.s3.Inventory("test-prefix",
    bucket=test.id,
    destination={
        "bucket": {
            "bucketArn": inventory.arn,
            "format": "ORC",
            "prefix": "inventory",
        },
    },
    filter={
        "prefix": "documents/",
    },
    included_object_versions="All",
    schedule={
        "frequency": "Daily",
    })

Parameters

resource_name (str) – The name of the resource.
opts (pulumi.ResourceOptions) – Options for the resource.
bucket (pulumi.Input[str]) – The name of the bucket where the inventory configuration will be stored.
destination (pulumi.Input[dict]) – Contains information about where to publish the inventory results (documented below).
enabled (pulumi.Input[bool]) – Specifies whether the inventory is enabled or disabled.
filter (pulumi.Input[dict]) – Specifies an inventory filter. The inventory only includes objects that meet the filter’s criteria (documented below).
included_object_versions (pulumi.Input[str]) – Object versions to include in the inventory list. Valid values: All, Current.
name (pulumi.Input[str]) – Unique identifier of the inventory configuration for the bucket.
optional_fields (pulumi.Input[list]) – List of optional fields that are included in the inventory results. Valid values: Size, LastModifiedDate, StorageClass, ETag, IsMultipartUploaded, ReplicationStatus, EncryptionStatus, ObjectLockRetainUntilDate, ObjectLockMode, ObjectLockLegalHoldStatus, IntelligentTieringAccessTier.
schedule (pulumi.Input[dict]) – Specifies the schedule for generating inventory results (documented below).

The destination object supports the following:

bucket (pulumi.Input[dict]) - The S3 bucket configuration where inventory results are published (documented below).
- account_id (pulumi.Input[str]) - The ID of the account that owns the destination bucket. Recommended to be set to prevent problems if the destination bucket ownership changes.
- bucketArn (pulumi.Input[str]) - The Amazon S3 bucket ARN of the destination.
- encryption (pulumi.Input[dict]) - Contains the type of server-side encryption to use to encrypt the inventory (documented below).
  - sseKms (pulumi.Input[dict]) - Specifies to use server-side encryption with AWS KMS-managed keys to encrypt the inventory file (documented below).
    - key_id (pulumi.Input[str]) - The ARN of the KMS customer master key (CMK) used to encrypt the inventory file.
  - sseS3 (pulumi.Input[dict]) - Specifies to use server-side encryption with Amazon S3-managed keys (SSE-S3) to encrypt the inventory file.
- format (pulumi.Input[str]) - Specifies the output format of the inventory results. Can be CSV, ``ORC` <https://orc.apache.org/>`_ or ``Parquet` <https://parquet.apache.org/>`_.
- prefix (pulumi.Input[str]) - The prefix that is prepended to all inventory results.

The filter object supports the following:

prefix (pulumi.Input[str]) - The prefix that an object must have to be included in the inventory results.

The schedule object supports the following:

frequency (pulumi.Input[str]) - Specifies how frequently inventory results are produced. Valid values: Daily, Weekly.

bucket: pulumi.Output[str] = None¶: The name of the bucket where the inventory configuration will be stored.

destination: pulumi.Output[dict] = None¶

Contains information about where to publish the inventory results (documented below).

bucket (dict) - The S3 bucket configuration where inventory results are published (documented below).
- account_id (str) - The ID of the account that owns the destination bucket. Recommended to be set to prevent problems if the destination bucket ownership changes.
- bucketArn (str) - The Amazon S3 bucket ARN of the destination.
- encryption (dict) - Contains the type of server-side encryption to use to encrypt the inventory (documented below).
  - sseKms (dict) - Specifies to use server-side encryption with AWS KMS-managed keys to encrypt the inventory file (documented below).
    - key_id (str) - The ARN of the KMS customer master key (CMK) used to encrypt the inventory file.
  - sseS3 (dict) - Specifies to use server-side encryption with Amazon S3-managed keys (SSE-S3) to encrypt the inventory file.
- format (str) - Specifies the output format of the inventory results. Can be CSV, ``ORC` <https://orc.apache.org/>`_ or ``Parquet` <https://parquet.apache.org/>`_.
- prefix (str) - The prefix that is prepended to all inventory results.

enabled: pulumi.Output[bool] = None¶: Specifies whether the inventory is enabled or disabled.

filter: pulumi.Output[dict] = None¶

Specifies an inventory filter. The inventory only includes objects that meet the filter’s criteria (documented below).

prefix (str) - The prefix that an object must have to be included in the inventory results.

included_object_versions: pulumi.Output[str] = None¶: Object versions to include in the inventory list. Valid values: All, Current.

name: pulumi.Output[str] = None¶: Unique identifier of the inventory configuration for the bucket.

optional_fields: pulumi.Output[list] = None¶: List of optional fields that are included in the inventory results. Valid values: Size, LastModifiedDate, StorageClass, ETag, IsMultipartUploaded, ReplicationStatus, EncryptionStatus, ObjectLockRetainUntilDate, ObjectLockMode, ObjectLockLegalHoldStatus, IntelligentTieringAccessTier.

schedule: pulumi.Output[dict] = None¶

Specifies the schedule for generating inventory results (documented below).

frequency (str) - Specifies how frequently inventory results are produced. Valid values: Daily, Weekly.

static get(resource_name, id, opts=None, bucket=None, destination=None, enabled=None, filter=None, included_object_versions=None, name=None, optional_fields=None, schedule=None)¶

Get an existing Inventory resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

resource_name (str) – The unique name of the resulting resource.
id (str) – The unique provider ID of the resource to lookup.
opts (pulumi.ResourceOptions) – Options for the resource.
bucket (pulumi.Input[str]) – The name of the bucket where the inventory configuration will be stored.
destination (pulumi.Input[dict]) – Contains information about where to publish the inventory results (documented below).
enabled (pulumi.Input[bool]) – Specifies whether the inventory is enabled or disabled.
filter (pulumi.Input[dict]) – Specifies an inventory filter. The inventory only includes objects that meet the filter’s criteria (documented below).
included_object_versions (pulumi.Input[str]) – Object versions to include in the inventory list. Valid values: All, Current.
name (pulumi.Input[str]) – Unique identifier of the inventory configuration for the bucket.
optional_fields (pulumi.Input[list]) – List of optional fields that are included in the inventory results. Valid values: Size, LastModifiedDate, StorageClass, ETag, IsMultipartUploaded, ReplicationStatus, EncryptionStatus, ObjectLockRetainUntilDate, ObjectLockMode, ObjectLockLegalHoldStatus, IntelligentTieringAccessTier.
schedule (pulumi.Input[dict]) – Specifies the schedule for generating inventory results (documented below).

The destination object supports the following:

bucket (pulumi.Input[dict]) - The S3 bucket configuration where inventory results are published (documented below).
- account_id (pulumi.Input[str]) - The ID of the account that owns the destination bucket. Recommended to be set to prevent problems if the destination bucket ownership changes.
- bucketArn (pulumi.Input[str]) - The Amazon S3 bucket ARN of the destination.
- encryption (pulumi.Input[dict]) - Contains the type of server-side encryption to use to encrypt the inventory (documented below).
  - sseKms (pulumi.Input[dict]) - Specifies to use server-side encryption with AWS KMS-managed keys to encrypt the inventory file (documented below).
    - key_id (pulumi.Input[str]) - The ARN of the KMS customer master key (CMK) used to encrypt the inventory file.
  - sseS3 (pulumi.Input[dict]) - Specifies to use server-side encryption with Amazon S3-managed keys (SSE-S3) to encrypt the inventory file.
- format (pulumi.Input[str]) - Specifies the output format of the inventory results. Can be CSV, ``ORC` <https://orc.apache.org/>`_ or ``Parquet` <https://parquet.apache.org/>`_.
- prefix (pulumi.Input[str]) - The prefix that is prepended to all inventory results.

The filter object supports the following:

prefix (pulumi.Input[str]) - The prefix that an object must have to be included in the inventory results.

The schedule object supports the following:

frequency (pulumi.Input[str]) - Specifies how frequently inventory results are produced. Valid values: Daily, Weekly.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

pulumi_aws.s3.get_bucket(bucket=None, opts=None)¶

Provides details about a specific S3 bucket.

This resource may prove useful when setting up a Route53 record, or an origin for a CloudFront Distribution.

import pulumi
import pulumi_aws as aws

selected = aws.s3.get_bucket(bucket="bucket.test.com")
test_zone = aws.route53.get_zone(name="test.com.")
example = aws.route53.Record("example",
    aliases=[{
        "name": selected.website_domain,
        "zone_id": selected.hosted_zone_id,
    }],
    name="bucket",
    type="A",
    zone_id=test_zone.id)

import pulumi
import pulumi_aws as aws

selected = aws.s3.get_bucket(bucket="a-test-bucket")
test = aws.cloudfront.Distribution("test", origins=[{
    "domain_name": selected.bucket_domain_name,
    "originId": "s3-selected-bucket",
}])

Parameters: bucket (str) – The name of the bucket

pulumi_aws.s3.get_bucket_object(bucket=None, key=None, range=None, tags=None, version_id=None, opts=None)¶

The S3 object data source allows access to the metadata and optionally (see below) content of an object stored inside S3 bucket.

Note: The content of an object (body field) is available only for objects which have a human-readable Content-Type (text/* and application/json). This is to prevent printing unsafe characters and potentially downloading large amount of data which would be thrown away in favour of metadata.

import pulumi
import pulumi_aws as aws

bootstrap_script = aws.s3.get_bucket_object(bucket="ourcorp-deploy-config",
    key="ec2-bootstrap-script.sh")
example = aws.ec2.Instance("example",
    ami="ami-2757f631",
    instance_type="t2.micro",
    user_data=bootstrap_script.body)

Parameters

bucket (str) –
The name of the bucket to read the object from. Alternatively, an S3 access point ARN can be specified
key (str) – The full path to the object inside the bucket
tags (dict) – A map of tags assigned to the object.
version_id (str) – Specific version ID of the object returned (defaults to latest version)

pulumi_aws.s3.get_bucket_objects(bucket=None, delimiter=None, encoding_type=None, fetch_owner=None, max_keys=None, prefix=None, start_after=None, opts=None)¶

NOTE on ``max_keys``: Retrieving very large numbers of keys can adversely affect this provider’s performance.

The bucket-objects data source returns keys (i.e., file names) and other metadata about objects in an S3 bucket.

import pulumi
import pulumi_aws as aws

my_objects = aws.s3.get_bucket_objects(bucket="ourcorp")
object_info = [aws.s3.get_bucket_object(bucket=my_objects.bucket,
    key=my_objects.keys[__index]) for __index in range(len(my_objects.keys))]

Parameters

bucket (str) –
Lists object keys in this S3 bucket. Alternatively, an S3 access point ARN can be specified
delimiter (str) – A character used to group keys (Default: none)
encoding_type (str) – Encodes keys using this method (Default: none; besides none, only “url” can be used)
fetch_owner (bool) – Boolean specifying whether to populate the owner list (Default: false)
max_keys (float) – Maximum object keys to return (Default: 1000)
prefix (str) – Limits results to object keys with this prefix (Default: none)
start_after (str) – Returns key names lexicographically after a specific object key in your bucket (Default: none; S3 lists object keys in UTF-8 character encoding in lexicographical order)

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud

s3¶

On This Page