Bucket
Provides a S3 bucket resource.
This functionality is for managing S3 in an AWS Partition. To manage S3 on Outposts, see the
aws.s3control.Bucketresource.
Example Usage
Private Bucket w/ Tags
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.Bucket;
import com.pulumi.aws.s3.BucketArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var bucket = new Bucket("bucket", BucketArgs.builder()
.acl("private")
.tags(Map.ofEntries(
Map.entry("Environment", "Dev"),
Map.entry("Name", "My bucket")
))
.build());
}
}Content copied to clipboard
Static Website Hosting
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.Bucket;
import com.pulumi.aws.s3.BucketArgs;
import com.pulumi.aws.s3.inputs.BucketWebsiteArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var bucket = new Bucket("bucket", BucketArgs.builder()
.acl("public-read")
.policy(Files.readString(Paths.get("policy.json")))
.website(BucketWebsiteArgs.builder()
.indexDocument("index.html")
.errorDocument("error.html")
.routingRules("""
[{
"Condition": {
"KeyPrefixEquals": "docs/"
},
"Redirect": {
"ReplaceKeyPrefixWith": "documents/"
}
}]
""")
.build())
.build());
}
}Content copied to clipboard
Using CORS
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.Bucket;
import com.pulumi.aws.s3.BucketArgs;
import com.pulumi.aws.s3.inputs.BucketCorsRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var bucket = new Bucket("bucket", BucketArgs.builder()
.acl("public-read")
.corsRules(BucketCorsRuleArgs.builder()
.allowedHeaders("*")
.allowedMethods(
"PUT",
"POST")
.allowedOrigins("https://s3-website-test.mydomain.com")
.exposeHeaders("ETag")
.maxAgeSeconds(3000)
.build())
.build());
}
}Content copied to clipboard
Using versioning
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.Bucket;
import com.pulumi.aws.s3.BucketArgs;
import com.pulumi.aws.s3.inputs.BucketVersioningArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var bucket = new Bucket("bucket", BucketArgs.builder()
.acl("private")
.versioning(BucketVersioningArgs.builder()
.enabled(true)
.build())
.build());
}
}Content copied to clipboard
Enable Logging
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.Bucket;
import com.pulumi.aws.s3.BucketArgs;
import com.pulumi.aws.s3.inputs.BucketLoggingArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var logBucket = new Bucket("logBucket", BucketArgs.builder()
.acl("log-delivery-write")
.build());
var bucket = new Bucket("bucket", BucketArgs.builder()
.acl("private")
.loggings(BucketLoggingArgs.builder()
.targetBucket(logBucket.id())
.targetPrefix("log/")
.build())
.build());
}
}Content copied to clipboard
Using object lifecycle
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.Bucket;
import com.pulumi.aws.s3.BucketArgs;
import com.pulumi.aws.s3.inputs.BucketLifecycleRuleArgs;
import com.pulumi.aws.s3.inputs.BucketLifecycleRuleExpirationArgs;
import com.pulumi.aws.s3.inputs.BucketLifecycleRuleNoncurrentVersionExpirationArgs;
import com.pulumi.aws.s3.inputs.BucketVersioningArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var bucket = new Bucket("bucket", BucketArgs.builder()
.acl("private")
.lifecycleRules(
BucketLifecycleRuleArgs.builder()
.enabled(true)
.expiration(BucketLifecycleRuleExpirationArgs.builder()
.days(90)
.build())
.id("log")
.prefix("log/")
.tags(Map.ofEntries(
Map.entry("autoclean", "true"),
Map.entry("rule", "log")
))
.transitions(
BucketLifecycleRuleTransitionArgs.builder()
.days(30)
.storageClass("STANDARD_IA")
.build(),
BucketLifecycleRuleTransitionArgs.builder()
.days(60)
.storageClass("GLACIER")
.build())
.build(),
BucketLifecycleRuleArgs.builder()
.enabled(true)
.expiration(BucketLifecycleRuleExpirationArgs.builder()
.date("2016-01-12")
.build())
.id("tmp")
.prefix("tmp/")
.build())
.build());
var versioningBucket = new Bucket("versioningBucket", BucketArgs.builder()
.acl("private")
.lifecycleRules(BucketLifecycleRuleArgs.builder()
.enabled(true)
.noncurrentVersionExpiration(BucketLifecycleRuleNoncurrentVersionExpirationArgs.builder()
.days(90)
.build())
.noncurrentVersionTransitions(
BucketLifecycleRuleNoncurrentVersionTransitionArgs.builder()
.days(30)
.storageClass("STANDARD_IA")
.build(),
BucketLifecycleRuleNoncurrentVersionTransitionArgs.builder()
.days(60)
.storageClass("GLACIER")
.build())
.prefix("config/")
.build())
.versioning(BucketVersioningArgs.builder()
.enabled(true)
.build())
.build());
}
}Content copied to clipboard
Using replication configuration
NOTE: See the
aws.s3.BucketReplicationConfigresource to support bi-directional replication configuration and additional features.
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.Provider;
import com.pulumi.aws.ProviderArgs;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.aws.s3.Bucket;
import com.pulumi.aws.s3.BucketArgs;
import com.pulumi.aws.s3.inputs.BucketVersioningArgs;
import com.pulumi.aws.s3.inputs.BucketReplicationConfigurationArgs;
import com.pulumi.aws.iam.Policy;
import com.pulumi.aws.iam.PolicyArgs;
import com.pulumi.aws.iam.RolePolicyAttachment;
import com.pulumi.aws.iam.RolePolicyAttachmentArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var central = new Provider("central", ProviderArgs.builder()
.region("eu-central-1")
.build());
var replicationRole = new Role("replicationRole", RoleArgs.builder()
.assumeRolePolicy("""
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "s3.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
""")
.build());
var destination = new Bucket("destination", BucketArgs.builder()
.versioning(BucketVersioningArgs.builder()
.enabled(true)
.build())
.build());
var source = new Bucket("source", BucketArgs.builder()
.acl("private")
.versioning(BucketVersioningArgs.builder()
.enabled(true)
.build())
.replicationConfiguration(BucketReplicationConfigurationArgs.builder()
.role(replicationRole.arn())
.rules(BucketReplicationConfigurationRuleArgs.builder()
.id("foobar")
.status("Enabled")
.filter(BucketReplicationConfigurationRuleFilterArgs.builder()
.tags()
.build())
.destination(BucketReplicationConfigurationRuleDestinationArgs.builder()
.bucket(destination.arn())
.storageClass("STANDARD")
.replicationTime(BucketReplicationConfigurationRuleDestinationReplicationTimeArgs.builder()
.status("Enabled")
.minutes(15)
.build())
.metrics(BucketReplicationConfigurationRuleDestinationMetricsArgs.builder()
.status("Enabled")
.minutes(15)
.build())
.build())
.build())
.build())
.build(), CustomResourceOptions.builder()
.provider(aws.central())
.build());
var replicationPolicy = new Policy("replicationPolicy", PolicyArgs.builder()
.policy(Output.tuple(source.arn(), source.arn(), destination.arn()).applyValue(values -> {
var sourceArn = values.t1;
var sourceArn1 = values.t2;
var destinationArn = values.t3;
return """
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:GetReplicationConfiguration",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": [
"%s"
]
},
{
"Action": [
"s3:GetObjectVersionForReplication",
"s3:GetObjectVersionAcl",
"s3:GetObjectVersionTagging"
],
"Effect": "Allow",
"Resource": [
"%s/*"
]
},
{
"Action": [
"s3:ReplicateObject",
"s3:ReplicateDelete",
"s3:ReplicateTags"
],
"Effect": "Allow",
"Resource": "%s/*"
}
]
}
", sourceArn,sourceArn1,destinationArn);
}))
.build());
var replicationRolePolicyAttachment = new RolePolicyAttachment("replicationRolePolicyAttachment", RolePolicyAttachmentArgs.builder()
.role(replicationRole.name())
.policyArn(replicationPolicy.arn())
.build());
}
}Content copied to clipboard
Enable Default Server Side Encryption
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.kms.Key;
import com.pulumi.aws.kms.KeyArgs;
import com.pulumi.aws.s3.Bucket;
import com.pulumi.aws.s3.BucketArgs;
import com.pulumi.aws.s3.inputs.BucketServerSideEncryptionConfigurationArgs;
import com.pulumi.aws.s3.inputs.BucketServerSideEncryptionConfigurationRuleArgs;
import com.pulumi.aws.s3.inputs.BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefaultArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var mykey = new Key("mykey", KeyArgs.builder()
.description("This key is used to encrypt bucket objects")
.deletionWindowInDays(10)
.build());
var mybucket = new Bucket("mybucket", BucketArgs.builder()
.serverSideEncryptionConfiguration(BucketServerSideEncryptionConfigurationArgs.builder()
.rule(BucketServerSideEncryptionConfigurationRuleArgs.builder()
.applyServerSideEncryptionByDefault(BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefaultArgs.builder()
.kmsMasterKeyId(mykey.arn())
.sseAlgorithm("aws:kms")
.build())
.build())
.build())
.build());
}
}Content copied to clipboard
Using ACL policy grants
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.S3Functions;
import com.pulumi.aws.s3.Bucket;
import com.pulumi.aws.s3.BucketArgs;
import com.pulumi.aws.s3.inputs.BucketGrantArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var currentUser = S3Functions.getCanonicalUserId();
var bucket = new Bucket("bucket", BucketArgs.builder()
.grants(
BucketGrantArgs.builder()
.id(currentUser.applyValue(getCanonicalUserIdResult -> getCanonicalUserIdResult.id()))
.type("CanonicalUser")
.permissions("FULL_CONTROL")
.build(),
BucketGrantArgs.builder()
.type("Group")
.permissions(
"READ_ACP",
"WRITE")
.uri("http://acs.amazonaws.com/groups/s3/LogDelivery")
.build())
.build());
}
}Content copied to clipboard
Import
S3 bucket can be imported using the bucket, e.g.,
$ pulumi import aws:s3/bucket:Bucket bucket bucket-nameContent copied to clipboard
The policy argument is not imported and will be deprecated in a future version of the provider. Use the aws_s3_bucket_policy resource to manage the S3 Bucket Policy instead. //
Properties
Link copied to clipboard
Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended.
Link copied to clipboard
The canned ACL to apply. Valid values are private, public-read, public-read-write, aws-exec-read, authenticated-read, and log-delivery-write. Defaults to private. Conflicts with grant.
Link copied to clipboard
The name of the bucket. If omitted, this provider will assign a random, unique name. Must be lowercase and less than or equal to 63 characters in length. A full list of bucket naming rules may be found here.
Link copied to clipboard
The bucket domain name. Will be of format bucketname.s3.amazonaws.com.
Link copied to clipboard
Creates a unique bucket name beginning with the specified prefix. Conflicts with bucket. Must be lowercase and less than or equal to 37 characters in length. A full list of bucket naming rules may be found here.
Link copied to clipboard
The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.
Link copied to clipboard
A rule of Cross-Origin Resource Sharing (documented below).
Link copied to clipboard
A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.
Link copied to clipboard
An ACL policy grant (documented below). Conflicts with acl.
Link copied to clipboard
The Route 53 Hosted Zone ID for this bucket's region.
Link copied to clipboard
A configuration of object lifecycle management (documented below).
Link copied to clipboard
A settings of bucket logging (documented below).
Link copied to clipboard
A configuration of S3 object locking (documented below)
Link copied to clipboard
A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), this provider may view the policy as constantly changing in a pulumi preview. In this case, please make sure you use the verbose/specific version of the policy.
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
A configuration of replication configuration (documented below).
Link copied to clipboard
Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information.
Link copied to clipboard
A configuration of server-side encryption configuration (documented below)
Link copied to clipboard
A state of versioning (documented below)
Link copied to clipboard
A website object (documented below).
Link copied to clipboard
The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.
Link copied to clipboard
The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.