pulumi-aws-kotlin/com.pulumi.aws.s3.kotlin/BucketAclV2Args

BucketAclV2Args

data class BucketAclV2Args(val accessControlPolicy: Output<BucketAclV2AccessControlPolicyArgs>? = null, val acl: Output<String>? = null, val bucket: Output<String>? = null, val expectedBucketOwner: Output<String>? = null) : ConvertibleToJava<BucketAclV2Args>

Provides an S3 bucket ACL resource.

Note: destroy does not delete the S3 Bucket ACL but does remove the resource from state.

Example Usage

With private ACL

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.BucketV2;
import com.pulumi.aws.s3.BucketOwnershipControls;
import com.pulumi.aws.s3.BucketOwnershipControlsArgs;
import com.pulumi.aws.s3.inputs.BucketOwnershipControlsRuleArgs;
import com.pulumi.aws.s3.BucketAclV2;
import com.pulumi.aws.s3.BucketAclV2Args;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var exampleBucketV2 = new BucketV2("exampleBucketV2");
        var exampleBucketOwnershipControls = new BucketOwnershipControls("exampleBucketOwnershipControls", BucketOwnershipControlsArgs.builder()
            .bucket(exampleBucketV2.id())
            .rule(BucketOwnershipControlsRuleArgs.builder()
                .objectOwnership("BucketOwnerPreferred")
                .build())
            .build());
        var exampleBucketAclV2 = new BucketAclV2("exampleBucketAclV2", BucketAclV2Args.builder()
            .bucket(exampleBucketV2.id())
            .acl("private")
            .build(), CustomResourceOptions.builder()
                .dependsOn(exampleBucketOwnershipControls)
                .build());
    }
}
Content copied to clipboard

With public-read ACL

This example explicitly disables the default S3 bucket security settings. This should be done with caution, as all bucket objects become publicly exposed.

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.BucketV2;
import com.pulumi.aws.s3.BucketOwnershipControls;
import com.pulumi.aws.s3.BucketOwnershipControlsArgs;
import com.pulumi.aws.s3.inputs.BucketOwnershipControlsRuleArgs;
import com.pulumi.aws.s3.BucketPublicAccessBlock;
import com.pulumi.aws.s3.BucketPublicAccessBlockArgs;
import com.pulumi.aws.s3.BucketAclV2;
import com.pulumi.aws.s3.BucketAclV2Args;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var exampleBucketV2 = new BucketV2("exampleBucketV2");
        var exampleBucketOwnershipControls = new BucketOwnershipControls("exampleBucketOwnershipControls", BucketOwnershipControlsArgs.builder()
            .bucket(exampleBucketV2.id())
            .rule(BucketOwnershipControlsRuleArgs.builder()
                .objectOwnership("BucketOwnerPreferred")
                .build())
            .build());
        var exampleBucketPublicAccessBlock = new BucketPublicAccessBlock("exampleBucketPublicAccessBlock", BucketPublicAccessBlockArgs.builder()
            .bucket(exampleBucketV2.id())
            .blockPublicAcls(false)
            .blockPublicPolicy(false)
            .ignorePublicAcls(false)
            .restrictPublicBuckets(false)
            .build());
        var exampleBucketAclV2 = new BucketAclV2("exampleBucketAclV2", BucketAclV2Args.builder()
            .bucket(exampleBucketV2.id())
            .acl("public-read")
            .build(), CustomResourceOptions.builder()
                .dependsOn(
                    exampleBucketOwnershipControls,
                    exampleBucketPublicAccessBlock)
                .build());
    }
}
Content copied to clipboard

With Grants

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.S3Functions;
import com.pulumi.aws.s3.BucketV2;
import com.pulumi.aws.s3.BucketOwnershipControls;
import com.pulumi.aws.s3.BucketOwnershipControlsArgs;
import com.pulumi.aws.s3.inputs.BucketOwnershipControlsRuleArgs;
import com.pulumi.aws.s3.BucketAclV2;
import com.pulumi.aws.s3.BucketAclV2Args;
import com.pulumi.aws.s3.inputs.BucketAclV2AccessControlPolicyArgs;
import com.pulumi.aws.s3.inputs.BucketAclV2AccessControlPolicyOwnerArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        final var current = S3Functions.getCanonicalUserId();
        var exampleBucketV2 = new BucketV2("exampleBucketV2");
        var exampleBucketOwnershipControls = new BucketOwnershipControls("exampleBucketOwnershipControls", BucketOwnershipControlsArgs.builder()
            .bucket(exampleBucketV2.id())
            .rule(BucketOwnershipControlsRuleArgs.builder()
                .objectOwnership("BucketOwnerPreferred")
                .build())
            .build());
        var exampleBucketAclV2 = new BucketAclV2("exampleBucketAclV2", BucketAclV2Args.builder()
            .bucket(exampleBucketV2.id())
            .accessControlPolicy(BucketAclV2AccessControlPolicyArgs.builder()
                .grants(
                    BucketAclV2AccessControlPolicyGrantArgs.builder()
                        .grantee(BucketAclV2AccessControlPolicyGrantGranteeArgs.builder()
                            .id(current.applyValue(getCanonicalUserIdResult -> getCanonicalUserIdResult.id()))
                            .type("CanonicalUser")
                            .build())
                        .permission("READ")
                        .build(),
                    BucketAclV2AccessControlPolicyGrantArgs.builder()
                        .grantee(BucketAclV2AccessControlPolicyGrantGranteeArgs.builder()
                            .type("Group")
                            .uri("http://acs.amazonaws.com/groups/s3/LogDelivery")
                            .build())
                        .permission("READ_ACP")
                        .build())
                .owner(BucketAclV2AccessControlPolicyOwnerArgs.builder()
                    .id(current.applyValue(getCanonicalUserIdResult -> getCanonicalUserIdResult.id()))
                    .build())
                .build())
            .build(), CustomResourceOptions.builder()
                .dependsOn(exampleBucketOwnershipControls)
                .build());
    }
}
Content copied to clipboard

Import

S3 bucket ACL can be imported in one of four ways. If the owner (account ID) of the source bucket is the same account used to configure the AWS Provider, and the source bucket is not configured with a 1 (i.e. predefined grant), the S3 bucket ACL resource should be imported using the bucket e.g.,

$ pulumi import aws:s3/bucketAclV2:BucketAclV2 example bucket-name
Content copied to clipboard

If the owner (account ID) of the source bucket is the same account used to configure the AWS Provider, and the source bucket is configured with a 1 (i.e. predefined grant), the S3 bucket ACL resource should be imported using the bucket and acl separated by a comma (,), e.g.

$ pulumi import aws:s3/bucketAclV2:BucketAclV2 example bucket-name,private
Content copied to clipboard

If the owner (account ID) of the source bucket differs from the account used to configure the AWS Provider, and the source bucket is not configured with a 1 (i.e. predefined grant), the S3 bucket ACL resource should be imported using the bucket and expected_bucket_owner separated by a comma (,) e.g.,

$ pulumi import aws:s3/bucketAclV2:BucketAclV2 example bucket-name,123456789012
Content copied to clipboard

If the owner (account ID) of the source bucket differs from the account used to configure the AWS Provider, and the source bucket is configured with a 1 (i.e. predefined grant), the S3 bucket ACL resource should be imported using the bucket, expected_bucket_owner, and acl separated by commas (,), e.g.,

$ pulumi import aws:s3/bucketAclV2:BucketAclV2 example bucket-name,123456789012,private
Content copied to clipboard

1https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#canned-acl

Constructors

Link copied to clipboard
constructor(accessControlPolicy: Output<BucketAclV2AccessControlPolicyArgs>? = null, acl: Output<String>? = null, bucket: Output<String>? = null, expectedBucketOwner: Output<String>? = null)

Properties

Link copied to clipboard
val accessControlPolicy: Output<BucketAclV2AccessControlPolicyArgs>? = null

Configuration block that sets the ACL permissions for an object per grantee. See below.

Link copied to clipboard
val acl: Output<String>? = null

Canned ACL to apply to the bucket.

Link copied to clipboard
val bucket: Output<String>? = null

Name of the bucket.

Link copied to clipboard
val expectedBucketOwner: Output<String>? = null

Account ID of the expected bucket owner.

Functions

Link copied to clipboard
open override fun toJava(): BucketAclV2Args