pulumi-aws-kotlin/com.pulumi.aws.s3.kotlin/BucketAclV2

BucketAclV2

class BucketAclV2 : KotlinCustomResource

Provides an S3 bucket ACL resource.

Note: destroy does not delete the S3 Bucket ACL but does remove the resource from state.

Example Usage

With `private` ACL

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.BucketV2;
import com.pulumi.aws.s3.BucketOwnershipControls;
import com.pulumi.aws.s3.BucketOwnershipControlsArgs;
import com.pulumi.aws.s3.inputs.BucketOwnershipControlsRuleArgs;
import com.pulumi.aws.s3.BucketAclV2;
import com.pulumi.aws.s3.BucketAclV2Args;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var exampleBucketV2 = new BucketV2("exampleBucketV2");
        var exampleBucketOwnershipControls = new BucketOwnershipControls("exampleBucketOwnershipControls", BucketOwnershipControlsArgs.builder()
            .bucket(exampleBucketV2.id())
            .rule(BucketOwnershipControlsRuleArgs.builder()
                .objectOwnership("BucketOwnerPreferred")
                .build())
            .build());
        var exampleBucketAclV2 = new BucketAclV2("exampleBucketAclV2", BucketAclV2Args.builder()
            .bucket(exampleBucketV2.id())
            .acl("private")
            .build(), CustomResourceOptions.builder()
                .dependsOn(exampleBucketOwnershipControls)
                .build());
    }
}

With `public-read` ACL

This example explicitly disables the default S3 bucket security settings. This should be done with caution, as all bucket objects become publicly exposed.

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.BucketV2;
import com.pulumi.aws.s3.BucketOwnershipControls;
import com.pulumi.aws.s3.BucketOwnershipControlsArgs;
import com.pulumi.aws.s3.inputs.BucketOwnershipControlsRuleArgs;
import com.pulumi.aws.s3.BucketPublicAccessBlock;
import com.pulumi.aws.s3.BucketPublicAccessBlockArgs;
import com.pulumi.aws.s3.BucketAclV2;
import com.pulumi.aws.s3.BucketAclV2Args;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var exampleBucketV2 = new BucketV2("exampleBucketV2");
        var exampleBucketOwnershipControls = new BucketOwnershipControls("exampleBucketOwnershipControls", BucketOwnershipControlsArgs.builder()
            .bucket(exampleBucketV2.id())
            .rule(BucketOwnershipControlsRuleArgs.builder()
                .objectOwnership("BucketOwnerPreferred")
                .build())
            .build());
        var exampleBucketPublicAccessBlock = new BucketPublicAccessBlock("exampleBucketPublicAccessBlock", BucketPublicAccessBlockArgs.builder()
            .bucket(exampleBucketV2.id())
            .blockPublicAcls(false)
            .blockPublicPolicy(false)
            .ignorePublicAcls(false)
            .restrictPublicBuckets(false)
            .build());
        var exampleBucketAclV2 = new BucketAclV2("exampleBucketAclV2", BucketAclV2Args.builder()
            .bucket(exampleBucketV2.id())
            .acl("public-read")
            .build(), CustomResourceOptions.builder()
                .dependsOn(
                    exampleBucketOwnershipControls,
                    exampleBucketPublicAccessBlock)
                .build());
    }
}

With Grants

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.S3Functions;
import com.pulumi.aws.s3.BucketV2;
import com.pulumi.aws.s3.BucketOwnershipControls;
import com.pulumi.aws.s3.BucketOwnershipControlsArgs;
import com.pulumi.aws.s3.inputs.BucketOwnershipControlsRuleArgs;
import com.pulumi.aws.s3.BucketAclV2;
import com.pulumi.aws.s3.BucketAclV2Args;
import com.pulumi.aws.s3.inputs.BucketAclV2AccessControlPolicyArgs;
import com.pulumi.aws.s3.inputs.BucketAclV2AccessControlPolicyOwnerArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        final var current = S3Functions.getCanonicalUserId();
        var exampleBucketV2 = new BucketV2("exampleBucketV2");
        var exampleBucketOwnershipControls = new BucketOwnershipControls("exampleBucketOwnershipControls", BucketOwnershipControlsArgs.builder()
            .bucket(exampleBucketV2.id())
            .rule(BucketOwnershipControlsRuleArgs.builder()
                .objectOwnership("BucketOwnerPreferred")
                .build())
            .build());
        var exampleBucketAclV2 = new BucketAclV2("exampleBucketAclV2", BucketAclV2Args.builder()
            .bucket(exampleBucketV2.id())
            .accessControlPolicy(BucketAclV2AccessControlPolicyArgs.builder()
                .grants(
                    BucketAclV2AccessControlPolicyGrantArgs.builder()
                        .grantee(BucketAclV2AccessControlPolicyGrantGranteeArgs.builder()
                            .id(current.applyValue(getCanonicalUserIdResult -> getCanonicalUserIdResult.id()))
                            .type("CanonicalUser")
                            .build())
                        .permission("READ")
                        .build(),
                    BucketAclV2AccessControlPolicyGrantArgs.builder()
                        .grantee(BucketAclV2AccessControlPolicyGrantGranteeArgs.builder()
                            .type("Group")
                            .uri("http://acs.amazonaws.com/groups/s3/LogDelivery")
                            .build())
                        .permission("READ_ACP")
                        .build())
                .owner(BucketAclV2AccessControlPolicyOwnerArgs.builder()
                    .id(current.applyValue(getCanonicalUserIdResult -> getCanonicalUserIdResult.id()))
                    .build())
                .build())
            .build(), CustomResourceOptions.builder()
                .dependsOn(exampleBucketOwnershipControls)
                .build());
    }
}

Import

S3 bucket ACL can be imported in one of four ways. If the owner (account ID) of the source bucket is the same account used to configure the AWS Provider, and the source bucket is not configured with a 1 (i.e. predefined grant), the S3 bucket ACL resource should be imported using the bucket e.g.,

$ pulumi import aws:s3/bucketAclV2:BucketAclV2 example bucket-name

If the owner (account ID) of the source bucket is the same account used to configure the AWS Provider, and the source bucket is configured with a 1 (i.e. predefined grant), the S3 bucket ACL resource should be imported using the bucket and acl separated by a comma (,), e.g.

$ pulumi import aws:s3/bucketAclV2:BucketAclV2 example bucket-name,private

If the owner (account ID) of the source bucket differs from the account used to configure the AWS Provider, and the source bucket is not configured with a 1 (i.e. predefined grant), the S3 bucket ACL resource should be imported using the bucket and expected_bucket_owner separated by a comma (,) e.g.,

$ pulumi import aws:s3/bucketAclV2:BucketAclV2 example bucket-name,123456789012

If the owner (account ID) of the source bucket differs from the account used to configure the AWS Provider, and the source bucket is configured with a 1 (i.e. predefined grant), the S3 bucket ACL resource should be imported using the bucket, expected_bucket_owner, and acl separated by commas (,), e.g.,

$ pulumi import aws:s3/bucketAclV2:BucketAclV2 example bucket-name,123456789012,private

1https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#canned-acl

Properties

accessControlPolicy

val accessControlPolicy: Output<BucketAclV2AccessControlPolicy>

Configuration block that sets the ACL permissions for an object per grantee. See below.

acl

val acl: Output<String>?

Canned ACL to apply to the bucket.

bucket

val bucket: Output<String>

Name of the bucket.

expectedBucketOwner

val expectedBucketOwner: Output<String>?

Account ID of the expected bucket owner.

val id: Output<String>

pulumiChildResources

val pulumiChildResources: Set<KotlinResource>

pulumiResourceName

val pulumiResourceName: String

pulumiResourceType

val pulumiResourceType: String

urn

val urn: Output<String>