pulumi-aws-kotlin/com.pulumi.aws.s3.kotlin/BucketObjectLockConfigurationV2

BucketObjectLockConfigurationV2

class BucketObjectLockConfigurationV2 : KotlinCustomResource

Provides an S3 bucket Object Lock configuration resource. For more information about Object Locking, go to Using S3 Object Lock in the Amazon S3 User Guide.

NOTE: This resource does not enable Object Lock for new buckets. It configures a default retention period for objects placed in the specified bucket. Thus, to enable Object Lock for a new bucket, see the Using object lock configuration section in the aws.s3.BucketV2 resource or the Object Lock configuration for a new bucket example below. If you want to enable Object Lock for an existing bucket, contact AWS Support and see the Object Lock configuration for an existing bucket example below.

Example Usage

Object Lock configuration for a new bucket

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.BucketV2;
import com.pulumi.aws.s3.BucketV2Args;
import com.pulumi.aws.s3.BucketObjectLockConfigurationV2;
import com.pulumi.aws.s3.BucketObjectLockConfigurationV2Args;
import com.pulumi.aws.s3.inputs.BucketObjectLockConfigurationV2RuleArgs;
import com.pulumi.aws.s3.inputs.BucketObjectLockConfigurationV2RuleDefaultRetentionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var exampleBucketV2 = new BucketV2("exampleBucketV2", BucketV2Args.builder()
            .objectLockEnabled(true)
            .build());
        var exampleBucketObjectLockConfigurationV2 = new BucketObjectLockConfigurationV2("exampleBucketObjectLockConfigurationV2", BucketObjectLockConfigurationV2Args.builder()
            .bucket(exampleBucketV2.id())
            .rule(BucketObjectLockConfigurationV2RuleArgs.builder()
                .defaultRetention(BucketObjectLockConfigurationV2RuleDefaultRetentionArgs.builder()
                    .mode("COMPLIANCE")
                    .days(5)
                    .build())
                .build())
            .build());
    }
}
Content copied to clipboard

Object Lock configuration for an existing bucket

This is a multistep process that requires AWS Support intervention.

  1. Enable versioning on your S3 bucket, if you have not already done so. Doing so will generate an "Object Lock token" in the back-end.

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.BucketV2;
import com.pulumi.aws.s3.BucketVersioningV2;
import com.pulumi.aws.s3.BucketVersioningV2Args;
import com.pulumi.aws.s3.inputs.BucketVersioningV2VersioningConfigurationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var exampleBucketV2 = new BucketV2("exampleBucketV2");
        var exampleBucketVersioningV2 = new BucketVersioningV2("exampleBucketVersioningV2", BucketVersioningV2Args.builder()
            .bucket(exampleBucketV2.id())
            .versioningConfiguration(BucketVersioningV2VersioningConfigurationArgs.builder()
                .status("Enabled")
                .build())
            .build());
    }
}
Content copied to clipboard

Import

S3 bucket Object Lock configuration can be imported in one of two ways. If the owner (account ID) of the source bucket is the same account used to configure the AWS Provider, the S3 bucket Object Lock configuration resource should be imported using the bucket e.g.,

$ pulumi import aws:s3/bucketObjectLockConfigurationV2:BucketObjectLockConfigurationV2 example bucket-name
Content copied to clipboard

If the owner (account ID) of the source bucket differs from the account used to configure the AWS Provider, the S3 bucket Object Lock configuration resource should be imported using the bucket and expected_bucket_owner separated by a comma (,) e.g.,

$ pulumi import aws:s3/bucketObjectLockConfigurationV2:BucketObjectLockConfigurationV2 example bucket-name,123456789012
Content copied to clipboard

Properties

Link copied to clipboard
val bucket: Output<String>

Name of the bucket.

Link copied to clipboard
val expectedBucketOwner: Output<String>?

Account ID of the expected bucket owner.

Link copied to clipboard
val id: Output<String>
Link copied to clipboard
val objectLockEnabled: Output<String>?

Indicates whether this bucket has an Object Lock configuration enabled. Defaults to Enabled. Valid values: Enabled.

Link copied to clipboard
val pulumiChildResources: Set<KotlinResource>
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
val rule: Output<BucketObjectLockConfigurationV2Rule>?

Configuration block for specifying the Object Lock rule for the specified object. See below.

Link copied to clipboard
val token: Output<String>?

Token to allow Object Lock to be enabled for an existing bucket. You must contact AWS support for the bucket's "Object Lock token". The token is generated in the back-end when versioning is enabled on a bucket. For more details on versioning, see the aws.s3.BucketVersioningV2 resource.

Link copied to clipboard
val urn: Output<String>