Bucket
Provides an independent configuration resource for S3 bucket replication configuration.
NOTE: S3 Buckets only support a single replication configuration. Declaring multiple
aws.s3.BucketReplicationConfigresources to the same S3 Bucket will cause a perpetual difference in configuration.
Example Usage
Using replication configuration
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.Provider;
import com.pulumi.aws.ProviderArgs;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.aws.s3.BucketV2;
import com.pulumi.aws.s3.BucketV2Args;
import com.pulumi.aws.iam.Policy;
import com.pulumi.aws.iam.PolicyArgs;
import com.pulumi.aws.iam.RolePolicyAttachment;
import com.pulumi.aws.iam.RolePolicyAttachmentArgs;
import com.pulumi.aws.s3.BucketVersioningV2;
import com.pulumi.aws.s3.BucketVersioningV2Args;
import com.pulumi.aws.s3.inputs.BucketVersioningV2VersioningConfigurationArgs;
import com.pulumi.aws.s3.BucketAclV2;
import com.pulumi.aws.s3.BucketAclV2Args;
import com.pulumi.aws.s3.BucketReplicationConfig;
import com.pulumi.aws.s3.BucketReplicationConfigArgs;
import com.pulumi.aws.s3.inputs.BucketReplicationConfigRuleArgs;
import com.pulumi.aws.s3.inputs.BucketReplicationConfigRuleFilterArgs;
import com.pulumi.aws.s3.inputs.BucketReplicationConfigRuleDestinationArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var central = new Provider("central", ProviderArgs.builder()
.region("eu-central-1")
.build());
var replicationRole = new Role("replicationRole", RoleArgs.builder()
.assumeRolePolicy("""
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "s3.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
""")
.build());
var destinationBucketV2 = new BucketV2("destinationBucketV2");
var sourceBucketV2 = new BucketV2("sourceBucketV2", BucketV2Args.Empty, CustomResourceOptions.builder()
.provider(aws.central())
.build());
var replicationPolicy = new Policy("replicationPolicy", PolicyArgs.builder()
.policy(Output.tuple(sourceBucketV2.arn(), sourceBucketV2.arn(), destinationBucketV2.arn()).applyValue(values -> {
var sourceBucketV2Arn = values.t1;
var sourceBucketV2Arn1 = values.t2;
var destinationBucketV2Arn = values.t3;
return """
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:GetReplicationConfiguration",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": [
"%s"
]
},
{
"Action": [
"s3:GetObjectVersionForReplication",
"s3:GetObjectVersionAcl",
"s3:GetObjectVersionTagging"
],
"Effect": "Allow",
"Resource": [
"%s/*"
]
},
{
"Action": [
"s3:ReplicateObject",
"s3:ReplicateDelete",
"s3:ReplicateTags"
],
"Effect": "Allow",
"Resource": "%s/*"
}
]
}
", sourceBucketV2Arn,sourceBucketV2Arn1,destinationBucketV2Arn);
}))
.build());
var replicationRolePolicyAttachment = new RolePolicyAttachment("replicationRolePolicyAttachment", RolePolicyAttachmentArgs.builder()
.role(replicationRole.name())
.policyArn(replicationPolicy.arn())
.build());
var destinationBucketVersioningV2 = new BucketVersioningV2("destinationBucketVersioningV2", BucketVersioningV2Args.builder()
.bucket(destinationBucketV2.id())
.versioningConfiguration(BucketVersioningV2VersioningConfigurationArgs.builder()
.status("Enabled")
.build())
.build());
var sourceBucketAcl = new BucketAclV2("sourceBucketAcl", BucketAclV2Args.builder()
.bucket(sourceBucketV2.id())
.acl("private")
.build(), CustomResourceOptions.builder()
.provider(aws.central())
.build());
var sourceBucketVersioningV2 = new BucketVersioningV2("sourceBucketVersioningV2", BucketVersioningV2Args.builder()
.bucket(sourceBucketV2.id())
.versioningConfiguration(BucketVersioningV2VersioningConfigurationArgs.builder()
.status("Enabled")
.build())
.build(), CustomResourceOptions.builder()
.provider(aws.central())
.build());
var replicationBucketReplicationConfig = new BucketReplicationConfig("replicationBucketReplicationConfig", BucketReplicationConfigArgs.builder()
.role(replicationRole.arn())
.bucket(sourceBucketV2.id())
.rules(BucketReplicationConfigRuleArgs.builder()
.id("foobar")
.filter(BucketReplicationConfigRuleFilterArgs.builder()
.prefix("foo")
.build())
.status("Enabled")
.destination(BucketReplicationConfigRuleDestinationArgs.builder()
.bucket(destinationBucketV2.arn())
.storageClass("STANDARD")
.build())
.build())
.build(), CustomResourceOptions.builder()
.provider(aws.central())
.dependsOn(sourceBucketVersioningV2)
.build());
}
}Content copied to clipboard
Bi-Directional Replication
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.BucketV2;
import com.pulumi.aws.s3.BucketVersioningV2;
import com.pulumi.aws.s3.BucketVersioningV2Args;
import com.pulumi.aws.s3.inputs.BucketVersioningV2VersioningConfigurationArgs;
import com.pulumi.aws.s3.BucketV2Args;
import com.pulumi.aws.s3.BucketReplicationConfig;
import com.pulumi.aws.s3.BucketReplicationConfigArgs;
import com.pulumi.aws.s3.inputs.BucketReplicationConfigRuleArgs;
import com.pulumi.aws.s3.inputs.BucketReplicationConfigRuleFilterArgs;
import com.pulumi.aws.s3.inputs.BucketReplicationConfigRuleDestinationArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var eastBucketV2 = new BucketV2("eastBucketV2");
var eastBucketVersioningV2 = new BucketVersioningV2("eastBucketVersioningV2", BucketVersioningV2Args.builder()
.bucket(eastBucketV2.id())
.versioningConfiguration(BucketVersioningV2VersioningConfigurationArgs.builder()
.status("Enabled")
.build())
.build());
var westBucketV2 = new BucketV2("westBucketV2", BucketV2Args.Empty, CustomResourceOptions.builder()
.provider(aws.west())
.build());
var westBucketVersioningV2 = new BucketVersioningV2("westBucketVersioningV2", BucketVersioningV2Args.builder()
.bucket(westBucketV2.id())
.versioningConfiguration(BucketVersioningV2VersioningConfigurationArgs.builder()
.status("Enabled")
.build())
.build(), CustomResourceOptions.builder()
.provider(aws.west())
.build());
var eastToWest = new BucketReplicationConfig("eastToWest", BucketReplicationConfigArgs.builder()
.role(aws_iam_role.east_replication().arn())
.bucket(eastBucketV2.id())
.rules(BucketReplicationConfigRuleArgs.builder()
.id("foobar")
.filter(BucketReplicationConfigRuleFilterArgs.builder()
.prefix("foo")
.build())
.status("Enabled")
.destination(BucketReplicationConfigRuleDestinationArgs.builder()
.bucket(westBucketV2.arn())
.storageClass("STANDARD")
.build())
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(eastBucketVersioningV2)
.build());
var westToEast = new BucketReplicationConfig("westToEast", BucketReplicationConfigArgs.builder()
.role(aws_iam_role.west_replication().arn())
.bucket(westBucketV2.id())
.rules(BucketReplicationConfigRuleArgs.builder()
.id("foobar")
.filter(BucketReplicationConfigRuleFilterArgs.builder()
.prefix("foo")
.build())
.status("Enabled")
.destination(BucketReplicationConfigRuleDestinationArgs.builder()
.bucket(eastBucketV2.arn())
.storageClass("STANDARD")
.build())
.build())
.build(), CustomResourceOptions.builder()
.provider(aws.west())
.dependsOn(westBucketVersioningV2)
.build());
}
}Content copied to clipboard
Import
S3 bucket replication configuration can be imported using the bucket, e.g.
$ pulumi import aws:s3/bucketReplicationConfig:BucketReplicationConfig replication bucket-nameContent copied to clipboard
//
Properties
Link copied to clipboard
Link copied to clipboard
A token to allow replication to be enabled on an Object Lock-enabled bucket. You must contact AWS support for the bucket's "Object Lock token". For more details, see Using S3 Object Lock with replication.