pulumi-aws-kotlin/com.pulumi.aws.s3.kotlin/BucketPolicyArgs

BucketPolicyArgs

data class BucketPolicyArgs(val bucket: Output<String>? = null, val policy: Output<String>? = null) : ConvertibleToJava<BucketPolicyArgs>

Attaches a policy to an S3 bucket resource.

Example Usage

Basic Usage

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.BucketV2;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.s3.BucketPolicy;
import com.pulumi.aws.s3.BucketPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var example = new BucketV2("example");
        final var allowAccessFromAnotherAccountPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
            .statements(GetPolicyDocumentStatementArgs.builder()
                .principals(GetPolicyDocumentStatementPrincipalArgs.builder()
                    .type("AWS")
                    .identifiers("123456789012")
                    .build())
                .actions(
                    "s3:GetObject",
                    "s3:ListBucket")
                .resources(
                    example.arn(),
                    example.arn().applyValue(arn -> String.format("%s/*", arn)))
                .build())
            .build());
        var allowAccessFromAnotherAccountBucketPolicy = new BucketPolicy("allowAccessFromAnotherAccountBucketPolicy", BucketPolicyArgs.builder()
            .bucket(example.id())
            .policy(allowAccessFromAnotherAccountPolicyDocument.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult).applyValue(allowAccessFromAnotherAccountPolicyDocument -> allowAccessFromAnotherAccountPolicyDocument.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json())))
            .build());
    }
}
Content copied to clipboard

Import

S3 bucket policies can be imported using the bucket name, e.g.,

$ pulumi import aws:s3/bucketPolicy:BucketPolicy allow_access_from_another_account my-tf-test-bucket
Content copied to clipboard

Constructors

Link copied to clipboard
constructor(bucket: Output<String>? = null, policy: Output<String>? = null)

Properties

Link copied to clipboard
val bucket: Output<String>? = null

Name of the bucket to which to apply the policy.

Link copied to clipboard
val policy: Output<String>? = null

Text of the policy. Although this is a bucket policy rather than an IAM policy, the aws.iam.getPolicyDocument data source may be used, so long as it specifies a principal. For more information about building AWS IAM policy documents, see the AWS IAM Policy Document Guide. Note: Bucket policies are limited to 20 KB in size. */

Functions

Link copied to clipboard
open override fun toJava(): BucketPolicyArgs