pulumi-aws-kotlin/com.pulumi.aws.s3.kotlin/Bucket

Bucket

class Bucket : KotlinCustomResource

Provides a S3 bucket resource.

This functionality is for managing S3 in an AWS Partition. To manage S3 on Outposts, see the aws.s3control.Bucket resource.

Example Usage

Private Bucket w/ Tags

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.Bucket;
import com.pulumi.aws.s3.BucketArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var bucket = new Bucket("bucket", BucketArgs.builder()
            .acl("private")
            .tags(Map.ofEntries(
                Map.entry("Environment", "Dev"),
                Map.entry("Name", "My bucket")
            ))
            .build());
    }
}
Content copied to clipboard

Static Website Hosting

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.Bucket;
import com.pulumi.aws.s3.BucketArgs;
import com.pulumi.aws.s3.inputs.BucketWebsiteArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var bucket = new Bucket("bucket", BucketArgs.builder()
            .acl("public-read")
            .policy(Files.readString(Paths.get("policy.json")))
            .website(BucketWebsiteArgs.builder()
                .indexDocument("index.html")
                .errorDocument("error.html")
                .routingRules("""
[{
    "Condition": {
        "KeyPrefixEquals": "docs/"
    },
    "Redirect": {
        "ReplaceKeyPrefixWith": "documents/"
    }
}]
                """)
                .build())
            .build());
    }
}
Content copied to clipboard

Using CORS

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.Bucket;
import com.pulumi.aws.s3.BucketArgs;
import com.pulumi.aws.s3.inputs.BucketCorsRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var bucket = new Bucket("bucket", BucketArgs.builder()
            .acl("public-read")
            .corsRules(BucketCorsRuleArgs.builder()
                .allowedHeaders("*")
                .allowedMethods(
                    "PUT",
                    "POST")
                .allowedOrigins("https://s3-website-test.mydomain.com")
                .exposeHeaders("ETag")
                .maxAgeSeconds(3000)
                .build())
            .build());
    }
}
Content copied to clipboard

Using versioning

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.Bucket;
import com.pulumi.aws.s3.BucketArgs;
import com.pulumi.aws.s3.inputs.BucketVersioningArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var bucket = new Bucket("bucket", BucketArgs.builder()
            .acl("private")
            .versioning(BucketVersioningArgs.builder()
                .enabled(true)
                .build())
            .build());
    }
}
Content copied to clipboard

Enable Logging

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.Bucket;
import com.pulumi.aws.s3.BucketArgs;
import com.pulumi.aws.s3.inputs.BucketLoggingArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var logBucket = new Bucket("logBucket", BucketArgs.builder()
            .acl("log-delivery-write")
            .build());
        var bucket = new Bucket("bucket", BucketArgs.builder()
            .acl("private")
            .loggings(BucketLoggingArgs.builder()
                .targetBucket(logBucket.id())
                .targetPrefix("log/")
                .build())
            .build());
    }
}
Content copied to clipboard

Using object lifecycle

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.Bucket;
import com.pulumi.aws.s3.BucketArgs;
import com.pulumi.aws.s3.inputs.BucketLifecycleRuleArgs;
import com.pulumi.aws.s3.inputs.BucketLifecycleRuleExpirationArgs;
import com.pulumi.aws.s3.inputs.BucketLifecycleRuleNoncurrentVersionExpirationArgs;
import com.pulumi.aws.s3.inputs.BucketVersioningArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var bucket = new Bucket("bucket", BucketArgs.builder()
            .acl("private")
            .lifecycleRules(
                BucketLifecycleRuleArgs.builder()
                    .enabled(true)
                    .expiration(BucketLifecycleRuleExpirationArgs.builder()
                        .days(90)
                        .build())
                    .id("log")
                    .prefix("log/")
                    .tags(Map.ofEntries(
                        Map.entry("autoclean", "true"),
                        Map.entry("rule", "log")
                    ))
                    .transitions(
                        BucketLifecycleRuleTransitionArgs.builder()
                            .days(30)
                            .storageClass("STANDARD_IA")
                            .build(),
                        BucketLifecycleRuleTransitionArgs.builder()
                            .days(60)
                            .storageClass("GLACIER")
                            .build())
                    .build(),
                BucketLifecycleRuleArgs.builder()
                    .enabled(true)
                    .expiration(BucketLifecycleRuleExpirationArgs.builder()
                        .date("2016-01-12")
                        .build())
                    .id("tmp")
                    .prefix("tmp/")
                    .build())
            .build());
        var versioningBucket = new Bucket("versioningBucket", BucketArgs.builder()
            .acl("private")
            .lifecycleRules(BucketLifecycleRuleArgs.builder()
                .enabled(true)
                .noncurrentVersionExpiration(BucketLifecycleRuleNoncurrentVersionExpirationArgs.builder()
                    .days(90)
                    .build())
                .noncurrentVersionTransitions(
                    BucketLifecycleRuleNoncurrentVersionTransitionArgs.builder()
                        .days(30)
                        .storageClass("STANDARD_IA")
                        .build(),
                    BucketLifecycleRuleNoncurrentVersionTransitionArgs.builder()
                        .days(60)
                        .storageClass("GLACIER")
                        .build())
                .prefix("config/")
                .build())
            .versioning(BucketVersioningArgs.builder()
                .enabled(true)
                .build())
            .build());
    }
}
Content copied to clipboard

Using replication configuration

NOTE: See the aws.s3.BucketReplicationConfig resource to support bi-directional replication configuration and additional features.

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.Provider;
import com.pulumi.aws.ProviderArgs;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.aws.s3.Bucket;
import com.pulumi.aws.s3.BucketArgs;
import com.pulumi.aws.s3.inputs.BucketVersioningArgs;
import com.pulumi.aws.s3.inputs.BucketReplicationConfigurationArgs;
import com.pulumi.aws.iam.Policy;
import com.pulumi.aws.iam.PolicyArgs;
import com.pulumi.aws.iam.RolePolicyAttachment;
import com.pulumi.aws.iam.RolePolicyAttachmentArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var central = new Provider("central", ProviderArgs.builder()
            .region("eu-central-1")
            .build());
        var replicationRole = new Role("replicationRole", RoleArgs.builder()
            .assumeRolePolicy("""
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "s3.amazonaws.com"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
            """)
            .build());
        var destination = new Bucket("destination", BucketArgs.builder()
            .versioning(BucketVersioningArgs.builder()
                .enabled(true)
                .build())
            .build());
        var source = new Bucket("source", BucketArgs.builder()
            .acl("private")
            .versioning(BucketVersioningArgs.builder()
                .enabled(true)
                .build())
            .replicationConfiguration(BucketReplicationConfigurationArgs.builder()
                .role(replicationRole.arn())
                .rules(BucketReplicationConfigurationRuleArgs.builder()
                    .id("foobar")
                    .status("Enabled")
                    .filter(BucketReplicationConfigurationRuleFilterArgs.builder()
                        .tags()
                        .build())
                    .destination(BucketReplicationConfigurationRuleDestinationArgs.builder()
                        .bucket(destination.arn())
                        .storageClass("STANDARD")
                        .replicationTime(BucketReplicationConfigurationRuleDestinationReplicationTimeArgs.builder()
                            .status("Enabled")
                            .minutes(15)
                            .build())
                        .metrics(BucketReplicationConfigurationRuleDestinationMetricsArgs.builder()
                            .status("Enabled")
                            .minutes(15)
                            .build())
                        .build())
                    .build())
                .build())
            .build(), CustomResourceOptions.builder()
                .provider(aws.central())
                .build());
        var replicationPolicy = new Policy("replicationPolicy", PolicyArgs.builder()
            .policy(Output.tuple(source.arn(), source.arn(), destination.arn()).applyValue(values -> {
                var sourceArn = values.t1;
                var sourceArn1 = values.t2;
                var destinationArn = values.t3;
                return """
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "s3:GetReplicationConfiguration",
        "s3:ListBucket"
      ],
      "Effect": "Allow",
      "Resource": [
        "%s"
      ]
    },
    {
      "Action": [
        "s3:GetObjectVersionForReplication",
        "s3:GetObjectVersionAcl",
         "s3:GetObjectVersionTagging"
      ],
      "Effect": "Allow",
      "Resource": [
        "%s/*"
      ]
    },
    {
      "Action": [
        "s3:ReplicateObject",
        "s3:ReplicateDelete",
        "s3:ReplicateTags"
      ],
      "Effect": "Allow",
      "Resource": "%s/*"
    }
  ]
}
", sourceArn,sourceArn1,destinationArn);
            }))
            .build());
        var replicationRolePolicyAttachment = new RolePolicyAttachment("replicationRolePolicyAttachment", RolePolicyAttachmentArgs.builder()
            .role(replicationRole.name())
            .policyArn(replicationPolicy.arn())
            .build());
    }
}
Content copied to clipboard

Enable Default Server Side Encryption

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.kms.Key;
import com.pulumi.aws.kms.KeyArgs;
import com.pulumi.aws.s3.Bucket;
import com.pulumi.aws.s3.BucketArgs;
import com.pulumi.aws.s3.inputs.BucketServerSideEncryptionConfigurationArgs;
import com.pulumi.aws.s3.inputs.BucketServerSideEncryptionConfigurationRuleArgs;
import com.pulumi.aws.s3.inputs.BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefaultArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var mykey = new Key("mykey", KeyArgs.builder()
            .description("This key is used to encrypt bucket objects")
            .deletionWindowInDays(10)
            .build());
        var mybucket = new Bucket("mybucket", BucketArgs.builder()
            .serverSideEncryptionConfiguration(BucketServerSideEncryptionConfigurationArgs.builder()
                .rule(BucketServerSideEncryptionConfigurationRuleArgs.builder()
                    .applyServerSideEncryptionByDefault(BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefaultArgs.builder()
                        .kmsMasterKeyId(mykey.arn())
                        .sseAlgorithm("aws:kms")
                        .build())
                    .build())
                .build())
            .build());
    }
}
Content copied to clipboard

Using ACL policy grants

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.S3Functions;
import com.pulumi.aws.s3.Bucket;
import com.pulumi.aws.s3.BucketArgs;
import com.pulumi.aws.s3.inputs.BucketGrantArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        final var currentUser = S3Functions.getCanonicalUserId();
        var bucket = new Bucket("bucket", BucketArgs.builder()
            .grants(
                BucketGrantArgs.builder()
                    .id(currentUser.applyValue(getCanonicalUserIdResult -> getCanonicalUserIdResult.id()))
                    .type("CanonicalUser")
                    .permissions("FULL_CONTROL")
                    .build(),
                BucketGrantArgs.builder()
                    .type("Group")
                    .permissions(
                        "READ_ACP",
                        "WRITE")
                    .uri("http://acs.amazonaws.com/groups/s3/LogDelivery")
                    .build())
            .build());
    }
}
Content copied to clipboard

Import

S3 bucket can be imported using the bucket, e.g.,

$ pulumi import aws:s3/bucket:Bucket bucket bucket-name
Content copied to clipboard

The policy argument is not imported and will be deprecated in a future version of the provider. Use the aws_s3_bucket_policy resource to manage the S3 Bucket Policy instead. //

Properties

Link copied to clipboard
val accelerationStatus: Output<String>

Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended.

Link copied to clipboard
val acl: Output<String>?

The canned ACL to apply. Valid values are private, public-read, public-read-write, aws-exec-read, authenticated-read, and log-delivery-write. Defaults to private. Conflicts with grant.

Link copied to clipboard
val arn: Output<String>

The ARN of the bucket. Will be of format arn:aws:s3:::bucketname.

Link copied to clipboard
val bucket: Output<String>

The name of the bucket. If omitted, this provider will assign a random, unique name. Must be lowercase and less than or equal to 63 characters in length. A full list of bucket naming rules may be found here.

Link copied to clipboard
val bucketDomainName: Output<String>

The bucket domain name. Will be of format bucketname.s3.amazonaws.com.

Link copied to clipboard
val bucketPrefix: Output<String>?

Creates a unique bucket name beginning with the specified prefix. Conflicts with bucket. Must be lowercase and less than or equal to 37 characters in length. A full list of bucket naming rules may be found here.

Link copied to clipboard
val bucketRegionalDomainName: Output<String>

The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.

Link copied to clipboard
val corsRules: Output<List<BucketCorsRule>>?

A rule of Cross-Origin Resource Sharing (documented below).

Link copied to clipboard
val forceDestroy: Output<Boolean>?

A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.

Link copied to clipboard
val grants: Output<List<BucketGrant>>?

An ACL policy grant (documented below). Conflicts with acl.

Link copied to clipboard
val hostedZoneId: Output<String>

The Route 53 Hosted Zone ID for this bucket's region.

Link copied to clipboard
val id: Output<String>
Link copied to clipboard
val lifecycleRules: Output<List<BucketLifecycleRule>>?

A configuration of object lifecycle management (documented below).

Link copied to clipboard
val loggings: Output<List<BucketLogging>>?

A settings of bucket logging (documented below).

Link copied to clipboard
val objectLockConfiguration: Output<BucketObjectLockConfiguration>?

A configuration of S3 object locking (documented below)

Link copied to clipboard
val policy: Output<String>?

A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), this provider may view the policy as constantly changing in a pulumi preview. In this case, please make sure you use the verbose/specific version of the policy.

Link copied to clipboard
val pulumiChildResources: Set<KotlinResource>
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
val region: Output<String>

The AWS region this bucket resides in.

Link copied to clipboard
val replicationConfiguration: Output<BucketReplicationConfiguration>?

A configuration of replication configuration (documented below).

Link copied to clipboard
val requestPayer: Output<String>

Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information.

Link copied to clipboard
Link copied to clipboard
val tags: Output<Map<String, String>>?

A map of tags to assign to the bucket. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Link copied to clipboard
val tagsAll: Output<Map<String, String>>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Link copied to clipboard
val urn: Output<String>
Link copied to clipboard
val versioning: Output<BucketVersioning>

A state of versioning (documented below)

Link copied to clipboard
val website: Output<BucketWebsite>?

A website object (documented below).

Link copied to clipboard
val websiteDomain: Output<String>

The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.

Link copied to clipboard
val websiteEndpoint: Output<String>

The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.