Module s3

@pulumi/aws > s3

Index ▾

class AccountPublicAccessBlock

extends CustomResource

Manages S3 account-level Public Access Block configuration. For more information about these settings, see the AWS S3 Block Public Access documentation.

NOTE: Each AWS account may only have one S3 Public Access Block configuration. Multiple configurations of the resource against the same AWS account will cause a perpetual difference.

Advanced usage: To use a custom API endpoint for this Terraform resource, use the s3control endpoint provider configuration, not the s3 endpoint provider configuration.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.s3.AccountPublicAccessBlock("example", {
    blockPublicAcls: true,
    blockPublicPolicy: true,
});

constructor

new AccountPublicAccessBlock(name: string, args?: AccountPublicAccessBlockArgs, opts?: pulumi.CustomResourceOptions)

Create a AccountPublicAccessBlock resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AccountPublicAccessBlockState, opts?: pulumi.CustomResourceOptions): AccountPublicAccessBlock

Get an existing AccountPublicAccessBlock resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property accountId

public accountId: pulumi.Output<string>;

AWS account ID to configure. Defaults to automatically determined account ID of the Terraform AWS provider.

property blockPublicAcls

public blockPublicAcls: pulumi.Output<boolean | undefined>;

Whether Amazon S3 should block public ACLs for buckets in this account. Defaults to false. Enabling this setting does not affect existing policies or ACLs. When set to true causes the following behavior:

  • PUT Bucket acl and PUT Object acl calls will fail if the specified ACL allows public access.
  • PUT Object calls will fail if the request includes an object ACL.

property blockPublicPolicy

public blockPublicPolicy: pulumi.Output<boolean | undefined>;

Whether Amazon S3 should block public bucket policies for buckets in this account. Defaults to false. Enabling this setting does not affect existing bucket policies. When set to true causes Amazon S3 to:

  • Reject calls to PUT Bucket policy if the specified bucket policy allows public access.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property ignorePublicAcls

public ignorePublicAcls: pulumi.Output<boolean | undefined>;

Whether Amazon S3 should ignore public ACLs for buckets in this account. Defaults to false. Enabling this setting does not affect the persistence of any existing ACLs and doesn’t prevent new public ACLs from being set. When set to true causes Amazon S3 to:

  • Ignore all public ACLs on buckets in this account and any objects that they contain.

property restrictPublicBuckets

public restrictPublicBuckets: pulumi.Output<boolean | undefined>;

Whether Amazon S3 should restrict public bucket policies for buckets in this account. Defaults to false. Enabling this setting does not affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked. When set to true:

  • Only the bucket owner and AWS Services can access buckets with public policies.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class Bucket

extends CustomResource

Provides a S3 bucket resource.

Example Usage

Private Bucket w/ Tags

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const bucket = new aws.s3.Bucket("b", {
    acl: "private",
    bucket: "my-tf-test-bucket",
    tags: {
        Environment: "Dev",
        Name: "My bucket",
    },
});

Static Website Hosting

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as fs from "fs";

const bucket = new aws.s3.Bucket("b", {
    acl: "public-read",
    bucket: "s3-website-test.hashicorp.com",
    policy: fs.readFileSync("policy.json", "utf-8"),
    website: {
        errorDocument: "error.html",
        indexDocument: "index.html",
        routingRules: `[{
    "Condition": {
        "KeyPrefixEquals": "docs/"
    },
    "Redirect": {
        "ReplaceKeyPrefixWith": "documents/"
    }
}]
`,
    },
});

Using CORS

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const bucket = new aws.s3.Bucket("b", {
    acl: "public-read",
    bucket: "s3-website-test.hashicorp.com",
    corsRules: [{
        allowedHeaders: ["*"],
        allowedMethods: [
            "PUT",
            "POST",
        ],
        allowedOrigins: ["https://s3-website-test.hashicorp.com"],
        exposeHeaders: ["ETag"],
        maxAgeSeconds: 3000,
    }],
});

Using versioning

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const bucket = new aws.s3.Bucket("b", {
    acl: "private",
    bucket: "my-tf-test-bucket",
    versioning: {
        enabled: true,
    },
});

Enable Logging

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const logBucket = new aws.s3.Bucket("log_bucket", {
    acl: "log-delivery-write",
    bucket: "my-tf-log-bucket",
});
const bucket = new aws.s3.Bucket("b", {
    acl: "private",
    bucket: "my-tf-test-bucket",
    loggings: [{
        targetBucket: logBucket.id,
        targetPrefix: "log/",
    }],
});

Using object lifecycle

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const bucket = new aws.s3.Bucket("bucket", {
    acl: "private",
    bucket: "my-bucket",
    lifecycleRules: [
        {
            enabled: true,
            expiration: {
                days: 90,
            },
            id: "log",
            prefix: "log/",
            tags: {
                autoclean: "true",
                rule: "log",
            },
            transitions: [
                {
                    days: 30,
                    storageClass: "STANDARD_IA", // or "ONEZONE_IA"
                },
                {
                    days: 60,
                    storageClass: "GLACIER",
                },
            ],
        },
        {
            enabled: true,
            expiration: {
                date: "2016-01-12",
            },
            id: "tmp",
            prefix: "tmp/",
        },
    ],
});
const versioningBucket = new aws.s3.Bucket("versioning_bucket", {
    acl: "private",
    bucket: "my-versioning-bucket",
    lifecycleRules: [{
        enabled: true,
        noncurrentVersionExpiration: {
            days: 90,
        },
        noncurrentVersionTransitions: [
            {
                days: 30,
                storageClass: "STANDARD_IA",
            },
            {
                days: 60,
                storageClass: "GLACIER",
            },
        ],
        prefix: "config/",
    }],
    versioning: {
        enabled: true,
    },
});

Enable Default Server Side Encryption

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const mykey = new aws.kms.Key("mykey", {
    deletionWindowInDays: 10,
    description: "This key is used to encrypt bucket objects",
});
const mybucket = new aws.s3.Bucket("mybucket", {
    bucket: "mybucket",
    serverSideEncryptionConfiguration: {
        rule: {
            applyServerSideEncryptionByDefault: {
                kmsMasterKeyId: mykey.arn,
                sseAlgorithm: "aws:kms",
            },
        },
    },
});

constructor

new Bucket(name: string, args?: BucketArgs, opts?: pulumi.CustomResourceOptions)

Create a Bucket resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: BucketState, opts?: pulumi.CustomResourceOptions): Bucket

Get an existing Bucket resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

method onEvent

onEvent(name: string, handler: BucketEventHandler, args: BucketEventSubscriptionArgs, opts?: pulumi.ComponentResourceOptions): BucketEventSubscription

Creates a new subscription to events fired from this Bucket to the handler provided, along with options to control the behavior of the subscription. This function should be used when full control over the subscription is wanted, and other helpers (like onObjectCreated/onObjectRemoved) are not sufficient.

method onObjectCreated

onObjectCreated(name: string, handler: BucketEventHandler, args?: ObjectCreatedSubscriptionArgs, opts?: pulumi.ComponentResourceOptions): BucketEventSubscription

Creates a new subscription to events fired from this Bucket to the handler provided, along with options to control the behavior of the subscription. The handler will be called whenever a matching [s3.Object] is created.

method onObjectRemoved

onObjectRemoved(name: string, handler: BucketEventHandler, args?: ObjectRemovedSubscriptionArgs, opts?: pulumi.ComponentResourceOptions): BucketEventSubscription

Creates a new subscription to events fired from this Bucket to the handler provided, along with options to control the behavior of the subscription. The handler will be called whenever an matching [s3.Object] is removed.

property accelerationStatus

public accelerationStatus: pulumi.Output<string>;

Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended.

property acl

public acl: pulumi.Output<string | undefined>;

The canned ACL to apply. Defaults to “private”.

property arn

public arn: pulumi.Output<string>;

The ARN of the bucket. Will be of format arn:aws:s3:::bucketname.

property bucket

public bucket: pulumi.Output<string>;

The ARN of the S3 bucket where you want Amazon S3 to store replicas of the object identified by the rule.

property bucketDomainName

public bucketDomainName: pulumi.Output<string>;

The bucket domain name. Will be of format bucketname.s3.amazonaws.com.

property bucketPrefix

public bucketPrefix: pulumi.Output<string | undefined>;

Creates a unique bucket name beginning with the specified prefix. Conflicts with bucket.

property bucketRegionalDomainName

public bucketRegionalDomainName: pulumi.Output<string>;

The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.

property corsRules

public corsRules: pulumi.Output<{
    allowedHeaders: string[];
    allowedMethods: string[];
    allowedOrigins: string[];
    exposeHeaders: string[];
    maxAgeSeconds: number;
}[] | undefined>;

A rule of Cross-Origin Resource Sharing (documented below).

property forceDestroy

public forceDestroy: pulumi.Output<boolean | undefined>;

A boolean that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.

property hostedZoneId

public hostedZoneId: pulumi.Output<string>;

The Route 53 Hosted Zone ID for this bucket’s region.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property lifecycleRules

public lifecycleRules: pulumi.Output<{
    abortIncompleteMultipartUploadDays: number;
    enabled: boolean;
    expiration: {
        date: string;
        days: number;
        expiredObjectDeleteMarker: boolean;
    };
    id: string;
    noncurrentVersionExpiration: {
        days: number;
    };
    noncurrentVersionTransitions: {
        days: number;
        storageClass: string;
    }[];
    prefix: string;
    tags: {[key: string]: any};
    transitions: {
        date: string;
        days: number;
        storageClass: string;
    }[];
}[] | undefined>;

A configuration of object lifecycle management (documented below).

property loggings

public loggings: pulumi.Output<{
    targetBucket: string;
    targetPrefix: string;
}[] | undefined>;

A settings of bucket logging (documented below).

property objectLockConfiguration

public objectLockConfiguration: pulumi.Output<{
    objectLockEnabled: string;
    rule: {
        defaultRetention: {
            days: number;
            mode: string;
            years: number;
        };
    };
} | undefined>;

A configuration of S3 object locking (documented below)

property policy

public policy: pulumi.Output<string | undefined>;

A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), Terraform may view the policy as constantly changing in a terraform plan. In this case, please make sure you use the verbose/specific version of the policy. For more information about building AWS IAM policy documents with Terraform, see the AWS IAM Policy Document Guide.

property region

public region: pulumi.Output<string>;

If specified, the AWS region this bucket should reside in. Otherwise, the region used by the callee.

property replicationConfiguration

public replicationConfiguration: pulumi.Output<{
    role: string;
    rules: {
        destination: {
            accessControlTranslation: {
                owner: string;
            };
            accountId: string;
            bucket: string;
            replicaKmsKeyId: string;
            storageClass: string;
        };
        filter: {
            prefix: string;
            tags: {[key: string]: any};
        };
        id: string;
        prefix: string;
        priority: number;
        sourceSelectionCriteria: {
            sseKmsEncryptedObjects: {
                enabled: boolean;
            };
        };
        status: string;
    }[];
} | undefined>;

A configuration of replication configuration (documented below).

property requestPayer

public requestPayer: pulumi.Output<string>;

Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information.

property serverSideEncryptionConfiguration

public serverSideEncryptionConfiguration: pulumi.Output<{
    rule: {
        applyServerSideEncryptionByDefault: {
            kmsMasterKeyId: string;
            sseAlgorithm: string;
        };
    };
} | undefined>;

A configuration of server-side encryption configuration (documented below)

property tags

public tags: pulumi.Output<{[key: string]: any} | undefined>;

A mapping of tags that identifies subset of objects to which the rule applies. The rule applies only to objects having all the tags in its tagset.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property versioning

public versioning: pulumi.Output<{
    enabled: boolean;
    mfaDelete: boolean;
}>;

A state of versioning (documented below)

property website

public website: pulumi.Output<{
    errorDocument: string;
    indexDocument: string;
    redirectAllRequestsTo: string;
    routingRules: string;
} | undefined>;

A website object (documented below).

property websiteDomain

public websiteDomain: pulumi.Output<string>;

The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.

property websiteEndpoint

public websiteEndpoint: pulumi.Output<string>;

The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.

class BucketEventSubscription

extends EventSubscription

A component corresponding to a single underlying aws.s3.BucketNotification created for a bucket. Note: due to the AWS requirement that all notifications for a bucket be defined at once, the actual aws.s3.BucketNotification instances will only be created once the pulumi program runs to completion and all subscriptions have been heard about.

constructor

public new BucketEventSubscription(name: string, bucket: Bucket, handler: BucketEventHandler, args: BucketEventSubscriptionArgs, opts?: pulumi.ComponentResourceOptions)

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

method registerOutputs

protected registerOutputs(outputs?: Inputs | Promise<Inputs> | Output<Inputs>): void

property bucket

public bucket: pulumi.Output<Bucket>;

property func

public func: LambdaFunction;

property permission

public permission: permission.Permission;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class BucketMetric

extends CustomResource

Provides a S3 bucket metrics configuration resource.

Example Usage

Add metrics configuration for entire S3 bucket

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.s3.Bucket("example", {
    bucket: "example",
});
const example_entire_bucket = new aws.s3.BucketMetric("example-entire-bucket", {
    bucket: example.bucket,
});

Add metrics configuration with S3 bucket object filter

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.s3.Bucket("example", {
    bucket: "example",
});
const example_filtered = new aws.s3.BucketMetric("example-filtered", {
    bucket: example.bucket,
    filter: {
        prefix: "documents/",
        tags: {
            class: "blue",
            priority: "high",
        },
    },
});

constructor

new BucketMetric(name: string, args: BucketMetricArgs, opts?: pulumi.CustomResourceOptions)

Create a BucketMetric resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: BucketMetricState, opts?: pulumi.CustomResourceOptions): BucketMetric

Get an existing BucketMetric resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property bucket

public bucket: pulumi.Output<string>;

The name of the bucket to put metric configuration.

property filter

public filter: pulumi.Output<{
    prefix: string;
    tags: {[key: string]: any};
} | undefined>;

Object filtering that accepts a prefix, tags, or a logical AND of prefix and tags (documented below).

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

Unique identifier of the metrics configuration for the bucket.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class BucketNotification

extends CustomResource

Provides a S3 bucket notification resource.

Example Usage

Add notification configuration to SNS Topic

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const bucket = new aws.s3.Bucket("bucket", {
    bucket: "your_bucket_name",
});
const topic = new aws.sns.Topic("topic", {
    policy: bucket.arn.apply(arn => `{
    "Version":"2012-10-17",
    "Statement":[{
        "Effect": "Allow",
        "Principal": {"AWS":"*"},
        "Action": "SNS:Publish",
        "Resource": "arn:aws:sns:*:*:s3-event-notification-topic",
        "Condition":{
            "ArnLike":{"aws:SourceArn":"${arn}"}
        }
    }]
}
`),
});
const bucketNotification = new aws.s3.BucketNotification("bucket_notification", {
    bucket: bucket.id,
    topics: [{
        events: ["s3:ObjectCreated:*"],
        filterSuffix: ".log",
        topicArn: topic.arn,
    }],
});

Add notification configuration to SQS Queue

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const bucket = new aws.s3.Bucket("bucket", {
    bucket: "your_bucket_name",
});
const queue = new aws.sqs.Queue("queue", {
    policy: bucket.arn.apply(arn => `{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": "*",
      "Action": "sqs:SendMessage",
	  "Resource": "arn:aws:sqs:*:*:s3-event-notification-queue",
      "Condition": {
        "ArnEquals": { "aws:SourceArn": "${arn}" }
      }
    }
  ]
}
`),
});
const bucketNotification = new aws.s3.BucketNotification("bucket_notification", {
    bucket: bucket.id,
    queues: [{
        events: ["s3:ObjectCreated:*"],
        filterSuffix: ".log",
        queueArn: queue.arn,
    }],
});

Add notification configuration to Lambda Function

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const iamForLambda = new aws.iam.Role("iam_for_lambda", {
    assumeRolePolicy: `{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "lambda.amazonaws.com"
      },
      "Effect": "Allow"
    }
  ]
}
`,
});
const bucket = new aws.s3.Bucket("bucket", {
    bucket: "your_bucket_name",
});
const func = new aws.lambda.Function("func", {
    code: new pulumi.asset.FileArchive("your-function.zip"),
    name: "example_lambda_name",
    handler: "exports.example",
    role: iamForLambda.arn,
    runtime: "go1.x",
});
const allowBucket = new aws.lambda.Permission("allow_bucket", {
    action: "lambda:InvokeFunction",
    function: func.arn,
    principal: "s3.amazonaws.com",
    sourceArn: bucket.arn,
    statementId: "AllowExecutionFromS3Bucket",
});
const bucketNotification = new aws.s3.BucketNotification("bucket_notification", {
    bucket: bucket.id,
    lambdaFunctions: [{
        events: ["s3:ObjectCreated:*"],
        filterPrefix: "AWSLogs/",
        filterSuffix: ".log",
        lambdaFunctionArn: func.arn,
    }],
});

Trigger multiple Lambda functions

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const iamForLambda = new aws.iam.Role("iam_for_lambda", {
    assumeRolePolicy: `{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "lambda.amazonaws.com"
      },
      "Effect": "Allow"
    }
  ]
}
`,
});
const bucket = new aws.s3.Bucket("bucket", {
    bucket: "your_bucket_name",
});
const func1 = new aws.lambda.Function("func1", {
    code: new pulumi.asset.FileArchive("your-function1.zip"),
    name: "example_lambda_name1",
    handler: "exports.example",
    role: iamForLambda.arn,
    runtime: "go1.x",
});
const func2 = new aws.lambda.Function("func2", {
    code: new pulumi.asset.FileArchive("your-function2.zip"),
    name: "example_lambda_name2",
    handler: "exports.example",
    role: iamForLambda.arn,
});
const allowBucket1 = new aws.lambda.Permission("allow_bucket1", {
    action: "lambda:InvokeFunction",
    function: func1.arn,
    principal: "s3.amazonaws.com",
    sourceArn: bucket.arn,
    statementId: "AllowExecutionFromS3Bucket1",
});
const allowBucket2 = new aws.lambda.Permission("allow_bucket2", {
    action: "lambda:InvokeFunction",
    function: func2.arn,
    principal: "s3.amazonaws.com",
    sourceArn: bucket.arn,
    statementId: "AllowExecutionFromS3Bucket2",
});
const bucketNotification = new aws.s3.BucketNotification("bucket_notification", {
    bucket: bucket.id,
    lambdaFunctions: [
        {
            events: ["s3:ObjectCreated:*"],
            filterPrefix: "AWSLogs/",
            filterSuffix: ".log",
            lambdaFunctionArn: func1.arn,
        },
        {
            events: ["s3:ObjectCreated:*"],
            filterPrefix: "OtherLogs/",
            filterSuffix: ".log",
            lambdaFunctionArn: func2.arn,
        },
    ],
});

Add multiple notification configurations to SQS Queue

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const bucket = new aws.s3.Bucket("bucket", {
    bucket: "your_bucket_name",
});
const queue = new aws.sqs.Queue("queue", {
    policy: bucket.arn.apply(arn => `{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": "*",
      "Action": "sqs:SendMessage",
	  "Resource": "arn:aws:sqs:*:*:s3-event-notification-queue",
      "Condition": {
        "ArnEquals": { "aws:SourceArn": "${arn}" }
      }
    }
  ]
}
`),
});
const bucketNotification = new aws.s3.BucketNotification("bucket_notification", {
    bucket: bucket.id,
    queues: [
        {
            events: ["s3:ObjectCreated:*"],
            filterPrefix: "images/",
            id: "image-upload-event",
            queueArn: queue.arn,
        },
        {
            events: ["s3:ObjectCreated:*"],
            filterPrefix: "videos/",
            id: "video-upload-event",
            queueArn: queue.arn,
        },
    ],
});

For Terraform’s JSON syntax, use an array instead of defining the queue key twice.

import * as pulumi from "@pulumi/pulumi";

constructor

new BucketNotification(name: string, args: BucketNotificationArgs, opts?: pulumi.CustomResourceOptions)

Create a BucketNotification resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: BucketNotificationState, opts?: pulumi.CustomResourceOptions): BucketNotification

Get an existing BucketNotification resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property bucket

public bucket: pulumi.Output<string>;

The name of the bucket to put notification configuration.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property lambdaFunctions

public lambdaFunctions: pulumi.Output<{
    events: string[];
    filterPrefix: string;
    filterSuffix: string;
    id: string;
    lambdaFunctionArn: string;
}[] | undefined>;

Used to configure notifications to a Lambda Function (documented below).

property queues

public queues: pulumi.Output<{
    events: string[];
    filterPrefix: string;
    filterSuffix: string;
    id: string;
    queueArn: string;
}[] | undefined>;

The notification configuration to SQS Queue (documented below).

property topics

public topics: pulumi.Output<{
    events: string[];
    filterPrefix: string;
    filterSuffix: string;
    id: string;
    topicArn: string;
}[] | undefined>;

The notification configuration to SNS Topic (documented below).

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class BucketObject

extends CustomResource

Provides a S3 bucket object resource.

Example Usage

Uploading a file to a bucket

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as fs from "fs";

const object = new aws.s3.BucketObject("object", {
    bucket: "your_bucket_name",
    etag: (() => {
        throw "tf2pulumi error: NYI: call to md5";
        return (() => { throw "NYI: call to md5"; })();
    })(),
    key: "new_object_key",
    source: new pulumi.asset.FileAsset("path/to/file"),
});

Encrypting with KMS Key

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const examplekms = new aws.kms.Key("examplekms", {
    deletionWindowInDays: 7,
    description: "KMS key 1",
});
const examplebucket = new aws.s3.Bucket("examplebucket", {
    acl: "private",
    bucket: "examplebuckettftest",
});
const examplebucketObject = new aws.s3.BucketObject("examplebucket_object", {
    bucket: examplebucket.id,
    key: "someobject",
    kmsKeyId: examplekms.arn,
    source: new pulumi.asset.FileAsset("index.html"),
});

Server Side Encryption with S3 Default Master Key

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const examplebucket = new aws.s3.Bucket("examplebucket", {
    acl: "private",
    bucket: "examplebuckettftest",
});
const examplebucketObject = new aws.s3.BucketObject("examplebucket_object", {
    bucket: examplebucket.id,
    key: "someobject",
    serverSideEncryption: "aws:kms",
    source: new pulumi.asset.FileAsset("index.html"),
});

Server Side Encryption with AWS-Managed Key

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const examplebucket = new aws.s3.Bucket("examplebucket", {
    acl: "private",
    bucket: "examplebuckettftest",
});
const examplebucketObject = new aws.s3.BucketObject("examplebucket_object", {
    bucket: examplebucket.id,
    key: "someobject",
    serverSideEncryption: "AES256",
    source: new pulumi.asset.FileAsset("index.html"),
});

constructor

new BucketObject(name: string, args: BucketObjectArgs, opts?: pulumi.CustomResourceOptions)

Create a BucketObject resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: BucketObjectState, opts?: pulumi.CustomResourceOptions): BucketObject

Get an existing BucketObject resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property acl

public acl: pulumi.Output<string | undefined>;

The canned ACL to apply. Defaults to “private”.

property bucket

public bucket: pulumi.Output<string>;

The name of the bucket to put the file in.

property cacheControl

public cacheControl: pulumi.Output<string | undefined>;

Specifies caching behavior along the request/reply chain Read w3c cache_control for further details.

property content

public content: pulumi.Output<string | undefined>;

Literal string value to use as the object content, which will be uploaded as UTF-8-encoded text.

property contentBase64

public contentBase64: pulumi.Output<string | undefined>;

Base64-encoded data that will be decoded and uploaded as raw bytes for the object content. This allows safely uploading non-UTF8 binary data, but is recommended only for small content such as the result of the gzipbase64 function with small text strings. For larger objects, use source to stream the content from a disk file.

property contentDisposition

public contentDisposition: pulumi.Output<string | undefined>;

Specifies presentational information for the object. Read w3c content_disposition for further information.

property contentEncoding

public contentEncoding: pulumi.Output<string | undefined>;

Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field. Read w3c content encoding for further information.

property contentLanguage

public contentLanguage: pulumi.Output<string | undefined>;

The language the content is in e.g. en-US or en-GB.

property contentType

public contentType: pulumi.Output<string>;

A standard MIME type describing the format of the object data, e.g. application/octet-stream. All Valid MIME Types are valid for this input.

property etag

public etag: pulumi.Output<string>;

Used to trigger updates. The only meaningful value is ${md5(file("path/to/file"))}. This attribute is not compatible with KMS encryption, kms_key_id or server_side_encryption = "aws:kms".

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property key

public key: pulumi.Output<string>;

The name of the object once it is in the bucket.

property kmsKeyId

public kmsKeyId: pulumi.Output<string | undefined>;

Specifies the AWS KMS Key ARN to use for object encryption. This value is a fully qualified ARN of the KMS Key. If using aws_kms_key, use the exported arn attribute: kms_key_id = "${aws_kms_key.foo.arn}"

property serverSideEncryption

public serverSideEncryption: pulumi.Output<string>;

Specifies server-side encryption of the object in S3. Valid values are “AES256” and “aws:kms”.

property source

public source: pulumi.Output<pulumi.asset.Asset | undefined>;

The path to a file that will be read and uploaded as raw bytes for the object content.

property storageClass

public storageClass: pulumi.Output<string>;

Specifies the desired Storage Class for the object. Can be either “STANDARD”, “REDUCED_REDUNDANCY”, “ONEZONE_IA”, “INTELLIGENT_TIERING”, “GLACIER”, or “STANDARD_IA”. Defaults to “STANDARD”.

property tags

public tags: pulumi.Output<{[key: string]: any} | undefined>;

A mapping of tags to assign to the object.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property versionId

public versionId: pulumi.Output<string>;

A unique version ID value for the object, if bucket versioning is enabled.

property websiteRedirect

public websiteRedirect: pulumi.Output<string | undefined>;

Specifies a target URL for website redirect.

class BucketPolicy

extends CustomResource

Attaches a policy to an S3 bucket resource.

Example Usage

Basic Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const bucket = new aws.s3.Bucket("b", {
    bucket: "my_tf_test_bucket",
});
const bucketPolicy = new aws.s3.BucketPolicy("b", {
    bucket: bucket.id,
    policy: `{
  "Version": "2012-10-17",
  "Id": "MYBUCKETPOLICY",
  "Statement": [
    {
      "Sid": "IPAllow",
      "Effect": "Deny",
      "Principal": "*",
      "Action": "s3:*",
      "Resource": "arn:aws:s3:::my_tf_test_bucket/*",
      "Condition": {
         "IpAddress": {"aws:SourceIp": "8.8.8.8/32"}
      }
    }
  ]
}
`,
});

constructor

new BucketPolicy(name: string, args: BucketPolicyArgs, opts?: pulumi.CustomResourceOptions)

Create a BucketPolicy resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: BucketPolicyState, opts?: pulumi.CustomResourceOptions): BucketPolicy

Get an existing BucketPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property bucket

public bucket: pulumi.Output<string>;

The name of the bucket to which to apply the policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property policy

public policy: pulumi.Output<string>;

The text of the policy. For more information about building AWS IAM policy documents with Terraform, see the AWS IAM Policy Document Guide.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class BucketPublicAccessBlock

extends CustomResource

Manages S3 bucket-level Public Access Block configuration. For more information about these settings, see the AWS S3 Block Public Access documentation.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const exampleBucket = new aws.s3.Bucket("example", {
    bucket: "example",
});
const exampleBucketPublicAccessBlock = new aws.s3.BucketPublicAccessBlock("example", {
    blockPublicAcls: true,
    blockPublicPolicy: true,
    bucket: aws_s3_bucket_bucket.id,
});

constructor

new BucketPublicAccessBlock(name: string, args: BucketPublicAccessBlockArgs, opts?: pulumi.CustomResourceOptions)

Create a BucketPublicAccessBlock resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: BucketPublicAccessBlockState, opts?: pulumi.CustomResourceOptions): BucketPublicAccessBlock

Get an existing BucketPublicAccessBlock resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property blockPublicAcls

public blockPublicAcls: pulumi.Output<boolean | undefined>;

Whether Amazon S3 should block public ACLs for this bucket. Defaults to false. Enabling this setting does not affect existing policies or ACLs. When set to true causes the following behavior:

  • PUT Bucket acl and PUT Object acl calls will fail if the specified ACL allows public access.
  • PUT Object calls will fail if the request includes an object ACL.

property blockPublicPolicy

public blockPublicPolicy: pulumi.Output<boolean | undefined>;

Whether Amazon S3 should block public bucket policies for this bucket. Defaults to false. Enabling this setting does not affect the existing bucket policy. When set to true causes Amazon S3 to:

  • Reject calls to PUT Bucket policy if the specified bucket policy allows public access.

property bucket

public bucket: pulumi.Output<string>;

S3 Bucket to which this Public Access Block configuration should be applied.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property ignorePublicAcls

public ignorePublicAcls: pulumi.Output<boolean | undefined>;

Whether Amazon S3 should ignore public ACLs for this bucket. Defaults to false. Enabling this setting does not affect the persistence of any existing ACLs and doesn’t prevent new public ACLs from being set. When set to true causes Amazon S3 to:

  • Ignore all public ACLs on buckets in this account and any objects that they contain.

property restrictPublicBuckets

public restrictPublicBuckets: pulumi.Output<boolean | undefined>;

Whether Amazon S3 should restrict public bucket policies for this bucket. Defaults to false. Enabling this setting does not affect the previously stored bucket policy, except that public and cross-account access within the public bucket policy, including non-public delegation to specific accounts, is blocked. When set to true:

  • Only the bucket owner and AWS Services can access this buckets if it has a public policy.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class Inventory

extends CustomResource

Provides a S3 bucket inventory configuration resource.

Example Usage

Add inventory configuration

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const inventory = new aws.s3.Bucket("inventory", {
    bucket: "my-tf-inventory-bucket",
});
const testBucket = new aws.s3.Bucket("test", {
    bucket: "my-tf-test-bucket",
});
const testInventory = new aws.s3.Inventory("test", {
    bucket: testBucket.id,
    destination: {
        bucket: {
            bucketArn: inventory.arn,
            format: "ORC",
        },
    },
    includedObjectVersions: "All",
    schedule: {
        frequency: "Daily",
    },
});

Add inventory configuration with S3 bucket object prefix

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const inventory = new aws.s3.Bucket("inventory", {
    bucket: "my-tf-inventory-bucket",
});
const test = new aws.s3.Bucket("test", {
    bucket: "my-tf-test-bucket",
});
const test_prefix = new aws.s3.Inventory("test-prefix", {
    bucket: test.id,
    destination: {
        bucket: {
            bucketArn: inventory.arn,
            format: "ORC",
            prefix: "inventory",
        },
    },
    filter: {
        prefix: "documents/",
    },
    includedObjectVersions: "All",
    schedule: {
        frequency: "Daily",
    },
});

constructor

new Inventory(name: string, args: InventoryArgs, opts?: pulumi.CustomResourceOptions)

Create a Inventory resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: InventoryState, opts?: pulumi.CustomResourceOptions): Inventory

Get an existing Inventory resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property bucket

public bucket: pulumi.Output<string>;

The S3 bucket configuration where inventory results are published (documented below).

property destination

public destination: pulumi.Output<{
    bucket: {
        accountId: string;
        bucketArn: string;
        encryption: {
            sseKms: {
                keyId: string;
            };
            sseS3: __type;
        };
        format: string;
        prefix: string;
    };
}>;

Destination bucket where inventory list files are written (documented below).

property enabled

public enabled: pulumi.Output<boolean | undefined>;

Specifies whether the inventory is enabled or disabled.

property filter

public filter: pulumi.Output<{
    prefix: string;
} | undefined>;

Object filtering that accepts a prefix (documented below).

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property includedObjectVersions

public includedObjectVersions: pulumi.Output<string>;

Object filtering that accepts a prefix (documented below). Can be All or Current.

property name

public name: pulumi.Output<string>;

Unique identifier of the inventory configuration for the bucket.

property optionalFields

public optionalFields: pulumi.Output<string[] | undefined>;

Contains the optional fields that are included in the inventory results.

property schedule

public schedule: pulumi.Output<{
    frequency: string;
}>;

Contains the frequency for generating inventory results (documented below).

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

function getBucket

getBucket(args: GetBucketArgs, opts?: pulumi.InvokeOptions): Promise<GetBucketResult>

Provides details about a specific S3 bucket.

This resource may prove useful when setting up a Route53 record, or an origin for a CloudFront Distribution.

Example Usage

Route53 Record

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const testZone = pulumi.output(aws.route53.getZone({
    name: "test.com.",
}));
const selected = pulumi.output(aws.s3.getBucket({
    bucket: "bucket.test.com",
}));
const example = new aws.route53.Record("example", {
    aliases: [{
        name: selected.apply(selected => selected.websiteDomain),
        zoneId: selected.apply(selected => selected.hostedZoneId),
    }],
    type: "A",
    zoneId: testZone.apply(testZone => testZone.id),
});

CloudFront Origin

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const selected = pulumi.output(aws.s3.getBucket({
    bucket: "a-test-bucket",
}));
const test = new aws.cloudfront.Distribution("test", {
    origins: [{
        domainName: selected.apply(selected => selected.bucketDomainName),
        originId: "s3-selected-bucket",
    }],
});

function getBucketObject

getBucketObject(args: GetBucketObjectArgs, opts?: pulumi.InvokeOptions): Promise<GetBucketObjectResult>

The S3 object data source allows access to the metadata and optionally (see below) content of an object stored inside S3 bucket.

Note: The content of an object (body field) is available only for objects which have a human-readable Content-Type (text/* and application/json). This is to prevent printing unsafe characters and potentially downloading large amount of data which would be thrown away in favour of metadata.

Example Usage

The following example retrieves a text object (which must have a Content-Type value starting with text/) and uses it as the user_data for an EC2 instance:

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const bootstrapScript = pulumi.output(aws.s3.getBucketObject({
    bucket: "ourcorp-deploy-config",
    key: "ec2-bootstrap-script.sh",
}));
const example = new aws.ec2.Instance("example", {
    ami: "ami-2757f631",
    instanceType: "t2.micro",
    userData: bootstrapScript.apply(bootstrapScript => bootstrapScript.body),
});

The following, more-complex example retrieves only the metadata for a zip file stored in S3, which is then used to pass the most recent version_id to AWS Lambda for use as a function implementation. More information about Lambda functions is available in the documentation for aws_lambda_function.

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const lambda = pulumi.output(aws.s3.getBucketObject({
    bucket: "ourcorp-lambda-functions",
    key: "hello-world.zip",
}));
const testLambda = new aws.lambda.Function("test_lambda", {
    name: "lambda_function_name",
    handler: "exports.test",
    role: aws_iam_role_iam_for_lambda.arn, // (not shown)
    s3Bucket: lambda.apply(lambda => lambda.bucket),
    s3Key: lambda.apply(lambda => lambda.key),
    s3ObjectVersion: lambda.apply(lambda => lambda.versionId),
});

interface AccountPublicAccessBlockArgs

The set of arguments for constructing a AccountPublicAccessBlock resource.

property accountId

accountId?: pulumi.Input<string>;

AWS account ID to configure. Defaults to automatically determined account ID of the Terraform AWS provider.

property blockPublicAcls

blockPublicAcls?: pulumi.Input<boolean>;

Whether Amazon S3 should block public ACLs for buckets in this account. Defaults to false. Enabling this setting does not affect existing policies or ACLs. When set to true causes the following behavior:

  • PUT Bucket acl and PUT Object acl calls will fail if the specified ACL allows public access.
  • PUT Object calls will fail if the request includes an object ACL.

property blockPublicPolicy

blockPublicPolicy?: pulumi.Input<boolean>;

Whether Amazon S3 should block public bucket policies for buckets in this account. Defaults to false. Enabling this setting does not affect existing bucket policies. When set to true causes Amazon S3 to:

  • Reject calls to PUT Bucket policy if the specified bucket policy allows public access.

property ignorePublicAcls

ignorePublicAcls?: pulumi.Input<boolean>;

Whether Amazon S3 should ignore public ACLs for buckets in this account. Defaults to false. Enabling this setting does not affect the persistence of any existing ACLs and doesn’t prevent new public ACLs from being set. When set to true causes Amazon S3 to:

  • Ignore all public ACLs on buckets in this account and any objects that they contain.

property restrictPublicBuckets

restrictPublicBuckets?: pulumi.Input<boolean>;

Whether Amazon S3 should restrict public bucket policies for buckets in this account. Defaults to false. Enabling this setting does not affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked. When set to true:

  • Only the bucket owner and AWS Services can access buckets with public policies.

interface AccountPublicAccessBlockState

Input properties used for looking up and filtering AccountPublicAccessBlock resources.

property accountId

accountId?: pulumi.Input<string>;

AWS account ID to configure. Defaults to automatically determined account ID of the Terraform AWS provider.

property blockPublicAcls

blockPublicAcls?: pulumi.Input<boolean>;

Whether Amazon S3 should block public ACLs for buckets in this account. Defaults to false. Enabling this setting does not affect existing policies or ACLs. When set to true causes the following behavior:

  • PUT Bucket acl and PUT Object acl calls will fail if the specified ACL allows public access.
  • PUT Object calls will fail if the request includes an object ACL.

property blockPublicPolicy

blockPublicPolicy?: pulumi.Input<boolean>;

Whether Amazon S3 should block public bucket policies for buckets in this account. Defaults to false. Enabling this setting does not affect existing bucket policies. When set to true causes Amazon S3 to:

  • Reject calls to PUT Bucket policy if the specified bucket policy allows public access.

property ignorePublicAcls

ignorePublicAcls?: pulumi.Input<boolean>;

Whether Amazon S3 should ignore public ACLs for buckets in this account. Defaults to false. Enabling this setting does not affect the persistence of any existing ACLs and doesn’t prevent new public ACLs from being set. When set to true causes Amazon S3 to:

  • Ignore all public ACLs on buckets in this account and any objects that they contain.

property restrictPublicBuckets

restrictPublicBuckets?: pulumi.Input<boolean>;

Whether Amazon S3 should restrict public bucket policies for buckets in this account. Defaults to false. Enabling this setting does not affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked. When set to true:

  • Only the bucket owner and AWS Services can access buckets with public policies.

interface BucketArgs

The set of arguments for constructing a Bucket resource.

property accelerationStatus

accelerationStatus?: pulumi.Input<string>;

Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended.

property acl

acl?: pulumi.Input<string | CannedAcl>;

The canned ACL to apply. Defaults to “private”.

property arn

arn?: pulumi.Input<string>;

The ARN of the bucket. Will be of format arn:aws:s3:::bucketname.

property bucket

bucket?: pulumi.Input<string>;

The ARN of the S3 bucket where you want Amazon S3 to store replicas of the object identified by the rule.

property bucketPrefix

bucketPrefix?: pulumi.Input<string>;

Creates a unique bucket name beginning with the specified prefix. Conflicts with bucket.

property corsRules

corsRules?: pulumi.Input<pulumi.Input<{
    allowedHeaders: pulumi.Input<pulumi.Input<string>[]>;
    allowedMethods: pulumi.Input<pulumi.Input<string>[]>;
    allowedOrigins: pulumi.Input<pulumi.Input<string>[]>;
    exposeHeaders: pulumi.Input<pulumi.Input<string>[]>;
    maxAgeSeconds: pulumi.Input<number>;
}>[]>;

A rule of Cross-Origin Resource Sharing (documented below).

property forceDestroy

forceDestroy?: pulumi.Input<boolean>;

A boolean that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.

property hostedZoneId

hostedZoneId?: pulumi.Input<string>;

The Route 53 Hosted Zone ID for this bucket’s region.

property lifecycleRules

lifecycleRules?: pulumi.Input<pulumi.Input<{
    abortIncompleteMultipartUploadDays: pulumi.Input<number>;
    enabled: pulumi.Input<boolean>;
    expiration: pulumi.Input<{
        date: pulumi.Input<string>;
        days: pulumi.Input<number>;
        expiredObjectDeleteMarker: pulumi.Input<boolean>;
    }>;
    id: pulumi.Input<string>;
    noncurrentVersionExpiration: pulumi.Input<{
        days: pulumi.Input<number>;
    }>;
    noncurrentVersionTransitions: pulumi.Input<pulumi.Input<{
        days: pulumi.Input<number>;
        storageClass: pulumi.Input<string>;
    }>[]>;
    prefix: pulumi.Input<string>;
    tags: pulumi.Input<{[key: string]: any}>;
    transitions: pulumi.Input<pulumi.Input<{
        date: pulumi.Input<string>;
        days: pulumi.Input<number>;
        storageClass: pulumi.Input<string>;
    }>[]>;
}>[]>;

A configuration of object lifecycle management (documented below).

property loggings

loggings?: pulumi.Input<pulumi.Input<{
    targetBucket: pulumi.Input<string>;
    targetPrefix: pulumi.Input<string>;
}>[]>;

A settings of bucket logging (documented below).

property objectLockConfiguration

objectLockConfiguration?: pulumi.Input<{
    objectLockEnabled: pulumi.Input<string>;
    rule: pulumi.Input<{
        defaultRetention: pulumi.Input<{
            days: pulumi.Input<number>;
            mode: pulumi.Input<string>;
            years: pulumi.Input<number>;
        }>;
    }>;
}>;

A configuration of S3 object locking (documented below)

property policy

policy?: pulumi.Input<string>;

A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), Terraform may view the policy as constantly changing in a terraform plan. In this case, please make sure you use the verbose/specific version of the policy. For more information about building AWS IAM policy documents with Terraform, see the AWS IAM Policy Document Guide.

property region

region?: pulumi.Input<string>;

If specified, the AWS region this bucket should reside in. Otherwise, the region used by the callee.

property replicationConfiguration

replicationConfiguration?: pulumi.Input<{
    role: pulumi.Input<string>;
    rules: pulumi.Input<pulumi.Input<{
        destination: pulumi.Input<{
            accessControlTranslation: pulumi.Input<{
                owner: pulumi.Input<string>;
            }>;
            accountId: pulumi.Input<string>;
            bucket: pulumi.Input<string>;
            replicaKmsKeyId: pulumi.Input<string>;
            storageClass: pulumi.Input<string>;
        }>;
        filter: pulumi.Input<{
            prefix: pulumi.Input<string>;
            tags: pulumi.Input<{[key: string]: any}>;
        }>;
        id: pulumi.Input<string>;
        prefix: pulumi.Input<string>;
        priority: pulumi.Input<number>;
        sourceSelectionCriteria: pulumi.Input<{
            sseKmsEncryptedObjects: pulumi.Input<{
                enabled: pulumi.Input<boolean>;
            }>;
        }>;
        status: pulumi.Input<string>;
    }>[]>;
}>;

A configuration of replication configuration (documented below).

property requestPayer

requestPayer?: pulumi.Input<string>;

Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information.

property serverSideEncryptionConfiguration

serverSideEncryptionConfiguration?: pulumi.Input<{
    rule: pulumi.Input<{
        applyServerSideEncryptionByDefault: pulumi.Input<{
            kmsMasterKeyId: pulumi.Input<string>;
            sseAlgorithm: pulumi.Input<string>;
        }>;
    }>;
}>;

A configuration of server-side encryption configuration (documented below)

property tags

tags?: pulumi.Input<{[key: string]: any}>;

A mapping of tags that identifies subset of objects to which the rule applies. The rule applies only to objects having all the tags in its tagset.

property versioning

versioning?: pulumi.Input<{
    enabled: pulumi.Input<boolean>;
    mfaDelete: pulumi.Input<boolean>;
}>;

A state of versioning (documented below)

property website

website?: pulumi.Input<{
    errorDocument: pulumi.Input<string>;
    indexDocument: pulumi.Input<string>;
    redirectAllRequestsTo: pulumi.Input<string>;
    routingRules: pulumi.Input<string>;
}>;

A website object (documented below).

property websiteDomain

websiteDomain?: pulumi.Input<string>;

The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.

property websiteEndpoint

websiteEndpoint?: pulumi.Input<string>;

The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.

interface BucketEvent

interface BucketEventSubscriptionArgs

extends CommonBucketSubscriptionArgs

property events

events: string[];

Events to subscribe to. For example: “[s3:ObjectCreated:*]”. Cannot be empty.

property filterPrefix

filterPrefix?: string;

An optional prefix to filter down notifications. See aws.s3.BucketNotification.lambdaFunctions for more details.

property filterSuffix

filterSuffix?: string;

An optional suffix to filter down notifications. See aws.s3.BucketNotification.lambdaFunctions for more details.

interface BucketMetricArgs

The set of arguments for constructing a BucketMetric resource.

property bucket

bucket: pulumi.Input<string>;

The name of the bucket to put metric configuration.

property filter

filter?: pulumi.Input<{
    prefix: pulumi.Input<string>;
    tags: pulumi.Input<{[key: string]: any}>;
}>;

Object filtering that accepts a prefix, tags, or a logical AND of prefix and tags (documented below).

property name

name?: pulumi.Input<string>;

Unique identifier of the metrics configuration for the bucket.

interface BucketMetricState

Input properties used for looking up and filtering BucketMetric resources.

property bucket

bucket?: pulumi.Input<string>;

The name of the bucket to put metric configuration.

property filter

filter?: pulumi.Input<{
    prefix: pulumi.Input<string>;
    tags: pulumi.Input<{[key: string]: any}>;
}>;

Object filtering that accepts a prefix, tags, or a logical AND of prefix and tags (documented below).

property name

name?: pulumi.Input<string>;

Unique identifier of the metrics configuration for the bucket.

interface BucketNotificationArgs

The set of arguments for constructing a BucketNotification resource.

property bucket

bucket: pulumi.Input<string>;

The name of the bucket to put notification configuration.

property lambdaFunctions

lambdaFunctions?: pulumi.Input<pulumi.Input<{
    events: pulumi.Input<pulumi.Input<string>[]>;
    filterPrefix: pulumi.Input<string>;
    filterSuffix: pulumi.Input<string>;
    id: pulumi.Input<string>;
    lambdaFunctionArn: pulumi.Input<string>;
}>[]>;

Used to configure notifications to a Lambda Function (documented below).

property queues

queues?: pulumi.Input<pulumi.Input<{
    events: pulumi.Input<pulumi.Input<string>[]>;
    filterPrefix: pulumi.Input<string>;
    filterSuffix: pulumi.Input<string>;
    id: pulumi.Input<string>;
    queueArn: pulumi.Input<string>;
}>[]>;

The notification configuration to SQS Queue (documented below).

property topics

topics?: pulumi.Input<pulumi.Input<{
    events: pulumi.Input<pulumi.Input<string>[]>;
    filterPrefix: pulumi.Input<string>;
    filterSuffix: pulumi.Input<string>;
    id: pulumi.Input<string>;
    topicArn: pulumi.Input<string>;
}>[]>;

The notification configuration to SNS Topic (documented below).

interface BucketNotificationState

Input properties used for looking up and filtering BucketNotification resources.

property bucket

bucket?: pulumi.Input<string>;

The name of the bucket to put notification configuration.

property lambdaFunctions

lambdaFunctions?: pulumi.Input<pulumi.Input<{
    events: pulumi.Input<pulumi.Input<string>[]>;
    filterPrefix: pulumi.Input<string>;
    filterSuffix: pulumi.Input<string>;
    id: pulumi.Input<string>;
    lambdaFunctionArn: pulumi.Input<string>;
}>[]>;

Used to configure notifications to a Lambda Function (documented below).

property queues

queues?: pulumi.Input<pulumi.Input<{
    events: pulumi.Input<pulumi.Input<string>[]>;
    filterPrefix: pulumi.Input<string>;
    filterSuffix: pulumi.Input<string>;
    id: pulumi.Input<string>;
    queueArn: pulumi.Input<string>;
}>[]>;

The notification configuration to SQS Queue (documented below).

property topics

topics?: pulumi.Input<pulumi.Input<{
    events: pulumi.Input<pulumi.Input<string>[]>;
    filterPrefix: pulumi.Input<string>;
    filterSuffix: pulumi.Input<string>;
    id: pulumi.Input<string>;
    topicArn: pulumi.Input<string>;
}>[]>;

The notification configuration to SNS Topic (documented below).

interface BucketObjectArgs

The set of arguments for constructing a BucketObject resource.

property acl

acl?: pulumi.Input<string>;

The canned ACL to apply. Defaults to “private”.

property bucket

bucket: pulumi.Input<string | Bucket>;

The name of the bucket to put the file in.

property cacheControl

cacheControl?: pulumi.Input<string>;

Specifies caching behavior along the request/reply chain Read w3c cache_control for further details.

property content

content?: pulumi.Input<string>;

Literal string value to use as the object content, which will be uploaded as UTF-8-encoded text.

property contentBase64

contentBase64?: pulumi.Input<string>;

Base64-encoded data that will be decoded and uploaded as raw bytes for the object content. This allows safely uploading non-UTF8 binary data, but is recommended only for small content such as the result of the gzipbase64 function with small text strings. For larger objects, use source to stream the content from a disk file.

property contentDisposition

contentDisposition?: pulumi.Input<string>;

Specifies presentational information for the object. Read w3c content_disposition for further information.

property contentEncoding

contentEncoding?: pulumi.Input<string>;

Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field. Read w3c content encoding for further information.

property contentLanguage

contentLanguage?: pulumi.Input<string>;

The language the content is in e.g. en-US or en-GB.

property contentType

contentType?: pulumi.Input<string>;

A standard MIME type describing the format of the object data, e.g. application/octet-stream. All Valid MIME Types are valid for this input.

property etag

etag?: pulumi.Input<string>;

Used to trigger updates. The only meaningful value is ${md5(file("path/to/file"))}. This attribute is not compatible with KMS encryption, kms_key_id or server_side_encryption = "aws:kms".

property key

key?: pulumi.Input<string>;

The name of the object once it is in the bucket.

property kmsKeyId

kmsKeyId?: pulumi.Input<string>;

Specifies the AWS KMS Key ARN to use for object encryption. This value is a fully qualified ARN of the KMS Key. If using aws_kms_key, use the exported arn attribute: kms_key_id = "${aws_kms_key.foo.arn}"

property serverSideEncryption

serverSideEncryption?: pulumi.Input<string>;

Specifies server-side encryption of the object in S3. Valid values are “AES256” and “aws:kms”.

property source

source?: pulumi.Input<pulumi.asset.Asset>;

The path to a file that will be read and uploaded as raw bytes for the object content.

property storageClass

storageClass?: pulumi.Input<string>;

Specifies the desired Storage Class for the object. Can be either “STANDARD”, “REDUCED_REDUNDANCY”, “ONEZONE_IA”, “INTELLIGENT_TIERING”, “GLACIER”, or “STANDARD_IA”. Defaults to “STANDARD”.

property tags

tags?: pulumi.Input<{[key: string]: any}>;

A mapping of tags to assign to the object.

property websiteRedirect

websiteRedirect?: pulumi.Input<string>;

Specifies a target URL for website redirect.

interface BucketObjectState

Input properties used for looking up and filtering BucketObject resources.

property acl

acl?: pulumi.Input<string>;

The canned ACL to apply. Defaults to “private”.

property bucket

bucket?: pulumi.Input<string | Bucket>;

The name of the bucket to put the file in.

property cacheControl

cacheControl?: pulumi.Input<string>;

Specifies caching behavior along the request/reply chain Read w3c cache_control for further details.

property content

content?: pulumi.Input<string>;

Literal string value to use as the object content, which will be uploaded as UTF-8-encoded text.

property contentBase64

contentBase64?: pulumi.Input<string>;

Base64-encoded data that will be decoded and uploaded as raw bytes for the object content. This allows safely uploading non-UTF8 binary data, but is recommended only for small content such as the result of the gzipbase64 function with small text strings. For larger objects, use source to stream the content from a disk file.

property contentDisposition

contentDisposition?: pulumi.Input<string>;

Specifies presentational information for the object. Read w3c content_disposition for further information.

property contentEncoding

contentEncoding?: pulumi.Input<string>;

Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field. Read w3c content encoding for further information.

property contentLanguage

contentLanguage?: pulumi.Input<string>;

The language the content is in e.g. en-US or en-GB.

property contentType

contentType?: pulumi.Input<string>;

A standard MIME type describing the format of the object data, e.g. application/octet-stream. All Valid MIME Types are valid for this input.

property etag

etag?: pulumi.Input<string>;

Used to trigger updates. The only meaningful value is ${md5(file("path/to/file"))}. This attribute is not compatible with KMS encryption, kms_key_id or server_side_encryption = "aws:kms".

property key

key?: pulumi.Input<string>;

The name of the object once it is in the bucket.

property kmsKeyId

kmsKeyId?: pulumi.Input<string>;

Specifies the AWS KMS Key ARN to use for object encryption. This value is a fully qualified ARN of the KMS Key. If using aws_kms_key, use the exported arn attribute: kms_key_id = "${aws_kms_key.foo.arn}"

property serverSideEncryption

serverSideEncryption?: pulumi.Input<string>;

Specifies server-side encryption of the object in S3. Valid values are “AES256” and “aws:kms”.

property source

source?: pulumi.Input<pulumi.asset.Asset>;

The path to a file that will be read and uploaded as raw bytes for the object content.

property storageClass

storageClass?: pulumi.Input<string>;

Specifies the desired Storage Class for the object. Can be either “STANDARD”, “REDUCED_REDUNDANCY”, “ONEZONE_IA”, “INTELLIGENT_TIERING”, “GLACIER”, or “STANDARD_IA”. Defaults to “STANDARD”.

property tags

tags?: pulumi.Input<{[key: string]: any}>;

A mapping of tags to assign to the object.

property versionId

versionId?: pulumi.Input<string>;

A unique version ID value for the object, if bucket versioning is enabled.

property websiteRedirect

websiteRedirect?: pulumi.Input<string>;

Specifies a target URL for website redirect.

interface BucketPolicyArgs

The set of arguments for constructing a BucketPolicy resource.

property bucket

bucket: pulumi.Input<string>;

The name of the bucket to which to apply the policy.

property policy

policy: pulumi.Input<string | PolicyDocument>;

The text of the policy. For more information about building AWS IAM policy documents with Terraform, see the AWS IAM Policy Document Guide.

interface BucketPolicyState

Input properties used for looking up and filtering BucketPolicy resources.

property bucket

bucket?: pulumi.Input<string>;

The name of the bucket to which to apply the policy.

property policy

policy?: pulumi.Input<string | PolicyDocument>;

The text of the policy. For more information about building AWS IAM policy documents with Terraform, see the AWS IAM Policy Document Guide.

interface BucketPublicAccessBlockArgs

The set of arguments for constructing a BucketPublicAccessBlock resource.

property blockPublicAcls

blockPublicAcls?: pulumi.Input<boolean>;

Whether Amazon S3 should block public ACLs for this bucket. Defaults to false. Enabling this setting does not affect existing policies or ACLs. When set to true causes the following behavior:

  • PUT Bucket acl and PUT Object acl calls will fail if the specified ACL allows public access.
  • PUT Object calls will fail if the request includes an object ACL.

property blockPublicPolicy

blockPublicPolicy?: pulumi.Input<boolean>;

Whether Amazon S3 should block public bucket policies for this bucket. Defaults to false. Enabling this setting does not affect the existing bucket policy. When set to true causes Amazon S3 to:

  • Reject calls to PUT Bucket policy if the specified bucket policy allows public access.

property bucket

bucket: pulumi.Input<string>;

S3 Bucket to which this Public Access Block configuration should be applied.

property ignorePublicAcls

ignorePublicAcls?: pulumi.Input<boolean>;

Whether Amazon S3 should ignore public ACLs for this bucket. Defaults to false. Enabling this setting does not affect the persistence of any existing ACLs and doesn’t prevent new public ACLs from being set. When set to true causes Amazon S3 to:

  • Ignore all public ACLs on buckets in this account and any objects that they contain.

property restrictPublicBuckets

restrictPublicBuckets?: pulumi.Input<boolean>;

Whether Amazon S3 should restrict public bucket policies for this bucket. Defaults to false. Enabling this setting does not affect the previously stored bucket policy, except that public and cross-account access within the public bucket policy, including non-public delegation to specific accounts, is blocked. When set to true:

  • Only the bucket owner and AWS Services can access this buckets if it has a public policy.

interface BucketPublicAccessBlockState

Input properties used for looking up and filtering BucketPublicAccessBlock resources.

property blockPublicAcls

blockPublicAcls?: pulumi.Input<boolean>;

Whether Amazon S3 should block public ACLs for this bucket. Defaults to false. Enabling this setting does not affect existing policies or ACLs. When set to true causes the following behavior:

  • PUT Bucket acl and PUT Object acl calls will fail if the specified ACL allows public access.
  • PUT Object calls will fail if the request includes an object ACL.

property blockPublicPolicy

blockPublicPolicy?: pulumi.Input<boolean>;

Whether Amazon S3 should block public bucket policies for this bucket. Defaults to false. Enabling this setting does not affect the existing bucket policy. When set to true causes Amazon S3 to:

  • Reject calls to PUT Bucket policy if the specified bucket policy allows public access.

property bucket

bucket?: pulumi.Input<string>;

S3 Bucket to which this Public Access Block configuration should be applied.

property ignorePublicAcls

ignorePublicAcls?: pulumi.Input<boolean>;

Whether Amazon S3 should ignore public ACLs for this bucket. Defaults to false. Enabling this setting does not affect the persistence of any existing ACLs and doesn’t prevent new public ACLs from being set. When set to true causes Amazon S3 to:

  • Ignore all public ACLs on buckets in this account and any objects that they contain.

property restrictPublicBuckets

restrictPublicBuckets?: pulumi.Input<boolean>;

Whether Amazon S3 should restrict public bucket policies for this bucket. Defaults to false. Enabling this setting does not affect the previously stored bucket policy, except that public and cross-account access within the public bucket policy, including non-public delegation to specific accounts, is blocked. When set to true:

  • Only the bucket owner and AWS Services can access this buckets if it has a public policy.

interface BucketRecord

property awsRegion

awsRegion: string;

property eventName

eventName: string;

property eventSource

eventSource: string;

property eventTime

eventTime: string;

property eventVersion

eventVersion: string;

property requestParameters

requestParameters: {
    sourceIPAddress: string;
};

property responseElements

responseElements: {
    x-amz-id-2: string;
    x-amz-request-id: string;
};

property s3

s3: {
    bucket: {
        arn: string;
        name: string;
        ownerIdentity: {
            principalId: string;
        };
    };
    configurationId: string;
    object: {
        eTag: string;
        key: string;
        sequencer: string;
        size: number;
        versionId: string;
    };
    s3SchemaVersion: string;
};

property userIdentity

userIdentity: {
    principalId: string;
};

interface BucketState

Input properties used for looking up and filtering Bucket resources.

property accelerationStatus

accelerationStatus?: pulumi.Input<string>;

Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended.

property acl

acl?: pulumi.Input<string | CannedAcl>;

The canned ACL to apply. Defaults to “private”.

property arn

arn?: pulumi.Input<string>;

The ARN of the bucket. Will be of format arn:aws:s3:::bucketname.

property bucket

bucket?: pulumi.Input<string>;

The ARN of the S3 bucket where you want Amazon S3 to store replicas of the object identified by the rule.

property bucketDomainName

bucketDomainName?: pulumi.Input<string>;

The bucket domain name. Will be of format bucketname.s3.amazonaws.com.

property bucketPrefix

bucketPrefix?: pulumi.Input<string>;

Creates a unique bucket name beginning with the specified prefix. Conflicts with bucket.

property bucketRegionalDomainName

bucketRegionalDomainName?: pulumi.Input<string>;

The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.

property corsRules

corsRules?: pulumi.Input<pulumi.Input<{
    allowedHeaders: pulumi.Input<pulumi.Input<string>[]>;
    allowedMethods: pulumi.Input<pulumi.Input<string>[]>;
    allowedOrigins: pulumi.Input<pulumi.Input<string>[]>;
    exposeHeaders: pulumi.Input<pulumi.Input<string>[]>;
    maxAgeSeconds: pulumi.Input<number>;
}>[]>;

A rule of Cross-Origin Resource Sharing (documented below).

property forceDestroy

forceDestroy?: pulumi.Input<boolean>;

A boolean that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.

property hostedZoneId

hostedZoneId?: pulumi.Input<string>;

The Route 53 Hosted Zone ID for this bucket’s region.

property lifecycleRules

lifecycleRules?: pulumi.Input<pulumi.Input<{
    abortIncompleteMultipartUploadDays: pulumi.Input<number>;
    enabled: pulumi.Input<boolean>;
    expiration: pulumi.Input<{
        date: pulumi.Input<string>;
        days: pulumi.Input<number>;
        expiredObjectDeleteMarker: pulumi.Input<boolean>;
    }>;
    id: pulumi.Input<string>;
    noncurrentVersionExpiration: pulumi.Input<{
        days: pulumi.Input<number>;
    }>;
    noncurrentVersionTransitions: pulumi.Input<pulumi.Input<{
        days: pulumi.Input<number>;
        storageClass: pulumi.Input<string>;
    }>[]>;
    prefix: pulumi.Input<string>;
    tags: pulumi.Input<{[key: string]: any}>;
    transitions: pulumi.Input<pulumi.Input<{
        date: pulumi.Input<string>;
        days: pulumi.Input<number>;
        storageClass: pulumi.Input<string>;
    }>[]>;
}>[]>;

A configuration of object lifecycle management (documented below).

property loggings

loggings?: pulumi.Input<pulumi.Input<{
    targetBucket: pulumi.Input<string>;
    targetPrefix: pulumi.Input<string>;
}>[]>;

A settings of bucket logging (documented below).

property objectLockConfiguration

objectLockConfiguration?: pulumi.Input<{
    objectLockEnabled: pulumi.Input<string>;
    rule: pulumi.Input<{
        defaultRetention: pulumi.Input<{
            days: pulumi.Input<number>;
            mode: pulumi.Input<string>;
            years: pulumi.Input<number>;
        }>;
    }>;
}>;

A configuration of S3 object locking (documented below)

property policy

policy?: pulumi.Input<string>;

A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), Terraform may view the policy as constantly changing in a terraform plan. In this case, please make sure you use the verbose/specific version of the policy. For more information about building AWS IAM policy documents with Terraform, see the AWS IAM Policy Document Guide.

property region

region?: pulumi.Input<string>;

If specified, the AWS region this bucket should reside in. Otherwise, the region used by the callee.

property replicationConfiguration

replicationConfiguration?: pulumi.Input<{
    role: pulumi.Input<string>;
    rules: pulumi.Input<pulumi.Input<{
        destination: pulumi.Input<{
            accessControlTranslation: pulumi.Input<{
                owner: pulumi.Input<string>;
            }>;
            accountId: pulumi.Input<string>;
            bucket: pulumi.Input<string>;
            replicaKmsKeyId: pulumi.Input<string>;
            storageClass: pulumi.Input<string>;
        }>;
        filter: pulumi.Input<{
            prefix: pulumi.Input<string>;
            tags: pulumi.Input<{[key: string]: any}>;
        }>;
        id: pulumi.Input<string>;
        prefix: pulumi.Input<string>;
        priority: pulumi.Input<number>;
        sourceSelectionCriteria: pulumi.Input<{
            sseKmsEncryptedObjects: pulumi.Input<{
                enabled: pulumi.Input<boolean>;
            }>;
        }>;
        status: pulumi.Input<string>;
    }>[]>;
}>;

A configuration of replication configuration (documented below).

property requestPayer

requestPayer?: pulumi.Input<string>;

Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information.

property serverSideEncryptionConfiguration

serverSideEncryptionConfiguration?: pulumi.Input<{
    rule: pulumi.Input<{
        applyServerSideEncryptionByDefault: pulumi.Input<{
            kmsMasterKeyId: pulumi.Input<string>;
            sseAlgorithm: pulumi.Input<string>;
        }>;
    }>;
}>;

A configuration of server-side encryption configuration (documented below)

property tags

tags?: pulumi.Input<{[key: string]: any}>;

A mapping of tags that identifies subset of objects to which the rule applies. The rule applies only to objects having all the tags in its tagset.

property versioning

versioning?: pulumi.Input<{
    enabled: pulumi.Input<boolean>;
    mfaDelete: pulumi.Input<boolean>;
}>;

A state of versioning (documented below)

property website

website?: pulumi.Input<{
    errorDocument: pulumi.Input<string>;
    indexDocument: pulumi.Input<string>;
    redirectAllRequestsTo: pulumi.Input<string>;
    routingRules: pulumi.Input<string>;
}>;

A website object (documented below).

property websiteDomain

websiteDomain?: pulumi.Input<string>;

The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.

property websiteEndpoint

websiteEndpoint?: pulumi.Input<string>;

The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.

interface CommonBucketSubscriptionArgs

Arguments to help customize a notification subscription for a bucket.

property filterPrefix

filterPrefix?: string;

An optional prefix to filter down notifications. See aws.s3.BucketNotification.lambdaFunctions for more details.

property filterSuffix

filterSuffix?: string;

An optional suffix to filter down notifications. See aws.s3.BucketNotification.lambdaFunctions for more details.

interface GetBucketArgs

A collection of arguments for invoking getBucket.

property bucket

bucket: string;

The name of the bucket

interface GetBucketObjectArgs

A collection of arguments for invoking getBucketObject.

property bucket

bucket: string;

The name of the bucket to read the object from

property key

key: string;

The full path to the object inside the bucket

property range

range?: string;

property tags

tags?: {[key: string]: any};

property versionId

versionId?: string;

Specific version ID of the object returned (defaults to latest version)

interface GetBucketObjectResult

A collection of values returned by getBucketObject.

property body

body: string;

Object data (see limitations above to understand cases in which this field is actually available)

property cacheControl

cacheControl: string;

Specifies caching behavior along the request/reply chain.

property contentDisposition

contentDisposition: string;

Specifies presentational information for the object.

property contentEncoding

contentEncoding: string;

Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field.

property contentLanguage

contentLanguage: string;

The language the content is in.

property contentLength

contentLength: number;

Size of the body in bytes.

property contentType

contentType: string;

A standard MIME type describing the format of the object data.

property etag

etag: string;

ETag generated for the object (an MD5 sum of the object content in case it’s not encrypted)

property expiration

expiration: string;

If the object expiration is configured (see object lifecycle management), the field includes this header. It includes the expiry-date and rule-id key value pairs providing object expiration information. The value of the rule-id is URL encoded.

property expires

expires: string;

The date and time at which the object is no longer cacheable.

property id

id: string;

id is the provider-assigned unique ID for this managed resource.

property lastModified

lastModified: string;

Last modified date of the object in RFC1123 format (e.g. Mon, 02 Jan 2006 15:04:05 MST)

property metadata

metadata: {[key: string]: any};

A map of metadata stored with the object in S3

property serverSideEncryption

serverSideEncryption: string;

If the object is stored using server-side encryption (KMS or Amazon S3-managed encryption key), this field includes the chosen encryption and algorithm used.

property sseKmsKeyId

sseKmsKeyId: string;

If present, specifies the ID of the Key Management Service (KMS) master encryption key that was used for the object.

property storageClass

storageClass: string;

Storage class information of the object. Available for all objects except for Standard storage class objects.

property tags

tags: {[key: string]: any};

A mapping of tags assigned to the object.

property versionId

versionId: string;

The latest version ID of the object returned.

property websiteRedirectLocation

websiteRedirectLocation: string;

If the bucket is configured as a website, redirects requests for this object to another object in the same bucket or to an external URL. Amazon S3 stores the value of this header in the object metadata.

interface GetBucketResult

A collection of values returned by getBucket.

property arn

arn: string;

The ARN of the bucket. Will be of format arn:aws:s3:::bucketname.

property bucketDomainName

bucketDomainName: string;

The bucket domain name. Will be of format bucketname.s3.amazonaws.com.

property hostedZoneId

hostedZoneId: string;

The Route 53 Hosted Zone ID for this bucket’s region.

property id

id: string;

id is the provider-assigned unique ID for this managed resource.

property region

region: string;

The AWS region this bucket resides in.

property websiteDomain

websiteDomain: string;

The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.

property websiteEndpoint

websiteEndpoint: string;

The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.

interface InventoryArgs

The set of arguments for constructing a Inventory resource.

property bucket

bucket: pulumi.Input<string>;

The S3 bucket configuration where inventory results are published (documented below).

property destination

destination: pulumi.Input<{
    bucket: pulumi.Input<{
        accountId: pulumi.Input<string>;
        bucketArn: pulumi.Input<string>;
        encryption: pulumi.Input<{
            sseKms: pulumi.Input<{
                keyId: pulumi.Input<string>;
            }>;
            sseS3: pulumi.Input<__type>;
        }>;
        format: pulumi.Input<string>;
        prefix: pulumi.Input<string>;
    }>;
}>;

Destination bucket where inventory list files are written (documented below).

property enabled

enabled?: pulumi.Input<boolean>;

Specifies whether the inventory is enabled or disabled.

property filter

filter?: pulumi.Input<{
    prefix: pulumi.Input<string>;
}>;

Object filtering that accepts a prefix (documented below).

property includedObjectVersions

includedObjectVersions: pulumi.Input<string>;

Object filtering that accepts a prefix (documented below). Can be All or Current.

property name

name?: pulumi.Input<string>;

Unique identifier of the inventory configuration for the bucket.

property optionalFields

optionalFields?: pulumi.Input<pulumi.Input<string>[]>;

Contains the optional fields that are included in the inventory results.

property schedule

schedule: pulumi.Input<{
    frequency: pulumi.Input<string>;
}>;

Contains the frequency for generating inventory results (documented below).

interface InventoryState

Input properties used for looking up and filtering Inventory resources.

property bucket

bucket?: pulumi.Input<string>;

The S3 bucket configuration where inventory results are published (documented below).

property destination

destination?: pulumi.Input<{
    bucket: pulumi.Input<{
        accountId: pulumi.Input<string>;
        bucketArn: pulumi.Input<string>;
        encryption: pulumi.Input<{
            sseKms: pulumi.Input<{
                keyId: pulumi.Input<string>;
            }>;
            sseS3: pulumi.Input<__type>;
        }>;
        format: pulumi.Input<string>;
        prefix: pulumi.Input<string>;
    }>;
}>;

Destination bucket where inventory list files are written (documented below).

property enabled

enabled?: pulumi.Input<boolean>;

Specifies whether the inventory is enabled or disabled.

property filter

filter?: pulumi.Input<{
    prefix: pulumi.Input<string>;
}>;

Object filtering that accepts a prefix (documented below).

property includedObjectVersions

includedObjectVersions?: pulumi.Input<string>;

Object filtering that accepts a prefix (documented below). Can be All or Current.

property name

name?: pulumi.Input<string>;

Unique identifier of the inventory configuration for the bucket.

property optionalFields

optionalFields?: pulumi.Input<pulumi.Input<string>[]>;

Contains the optional fields that are included in the inventory results.

property schedule

schedule?: pulumi.Input<{
    frequency: pulumi.Input<string>;
}>;

Contains the frequency for generating inventory results (documented below).

interface ObjectCreatedSubscriptionArgs

extends CommonBucketSubscriptionArgs

Arguments to specifically control a subscription to ‘ObjectCreated’ notifications on a bucket.If more events than just ‘ObjectCreated’ events are desired, the ‘subscribe’ function should be used instead.

property event

event?: "*" | "Put" | "Post" | "Copy" | "CompleteMultipartUpload";

property filterPrefix

filterPrefix?: string;

An optional prefix to filter down notifications. See aws.s3.BucketNotification.lambdaFunctions for more details.

property filterSuffix

filterSuffix?: string;

An optional suffix to filter down notifications. See aws.s3.BucketNotification.lambdaFunctions for more details.

interface ObjectRemovedSubscriptionArgs

extends CommonBucketSubscriptionArgs

Arguments to specifically control a subscription to ‘ObjectRemoved’ notifications on a bucket. If more events than just ‘ObjectRemoved’ events are desired, the ‘subscribe’ function should be used instead.

property event

event?: "*" | "Delete" | "DeleteMarkerCreated";

property filterPrefix

filterPrefix?: string;

An optional prefix to filter down notifications. See aws.s3.BucketNotification.lambdaFunctions for more details.

property filterSuffix

filterSuffix?: string;

An optional suffix to filter down notifications. See aws.s3.BucketNotification.lambdaFunctions for more details.

let AuthenticatedReadAcl

let AuthenticatedReadAcl: CannedAcl = "authenticated-read";

let AwsExecReadAcl

let AwsExecReadAcl: CannedAcl = "aws-exec-read";

let BucketOwnerFullControlAcl

let BucketOwnerFullControlAcl: CannedAcl = "bucket-owner-full-control";

let BucketOwnerReadAcl

let BucketOwnerReadAcl: CannedAcl = "bucket-owner-read";

let LogDeliveryWriteAcl

let LogDeliveryWriteAcl: CannedAcl = "log-delivery-write";

let PrivateAcl

let PrivateAcl: CannedAcl = "private";

let PublicReadAcl

let PublicReadAcl: CannedAcl = "public-read";

let PublicReadWriteAcl

let PublicReadWriteAcl: CannedAcl = "public-read-write";

type BucketEventHandler

type BucketEventHandler = lambda.EventHandler<BucketEvent, void>;

type CannedAcl

type CannedAcl = "private" | "public-read" | "public-read-write" | "aws-exec-read" | "authenticated-read" | "bucket-owner-read" | "bucket-owner-full-control" | "log-delivery-write";