pulumi-aws-kotlin/com.pulumi.aws.s3.kotlin/BucketAclV2

BucketAclV2

class BucketAclV2 : KotlinCustomResource

Provides an S3 bucket ACL resource.

Note: destroy does not delete the S3 Bucket ACL but does remove the resource from state. This resource cannot be used with S3 directory buckets.

Example Usage

With private ACL

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.BucketV2;
import com.pulumi.aws.s3.BucketOwnershipControls;
import com.pulumi.aws.s3.BucketOwnershipControlsArgs;
import com.pulumi.aws.s3.inputs.BucketOwnershipControlsRuleArgs;
import com.pulumi.aws.s3.BucketAclV2;
import com.pulumi.aws.s3.BucketAclV2Args;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var exampleBucketV2 = new BucketV2("exampleBucketV2");
        var exampleBucketOwnershipControls = new BucketOwnershipControls("exampleBucketOwnershipControls", BucketOwnershipControlsArgs.builder()
            .bucket(exampleBucketV2.id())
            .rule(BucketOwnershipControlsRuleArgs.builder()
                .objectOwnership("BucketOwnerPreferred")
                .build())
            .build());
        var exampleBucketAclV2 = new BucketAclV2("exampleBucketAclV2", BucketAclV2Args.builder()
            .bucket(exampleBucketV2.id())
            .acl("private")
            .build(), CustomResourceOptions.builder()
                .dependsOn(exampleBucketOwnershipControls)
                .build());
    }
}
Content copied to clipboard

With public-read ACL

This example explicitly disables the default S3 bucket security settings. This should be done with caution, as all bucket objects become publicly exposed.

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.BucketV2;
import com.pulumi.aws.s3.BucketOwnershipControls;
import com.pulumi.aws.s3.BucketOwnershipControlsArgs;
import com.pulumi.aws.s3.inputs.BucketOwnershipControlsRuleArgs;
import com.pulumi.aws.s3.BucketPublicAccessBlock;
import com.pulumi.aws.s3.BucketPublicAccessBlockArgs;
import com.pulumi.aws.s3.BucketAclV2;
import com.pulumi.aws.s3.BucketAclV2Args;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var exampleBucketV2 = new BucketV2("exampleBucketV2");
        var exampleBucketOwnershipControls = new BucketOwnershipControls("exampleBucketOwnershipControls", BucketOwnershipControlsArgs.builder()
            .bucket(exampleBucketV2.id())
            .rule(BucketOwnershipControlsRuleArgs.builder()
                .objectOwnership("BucketOwnerPreferred")
                .build())
            .build());
        var exampleBucketPublicAccessBlock = new BucketPublicAccessBlock("exampleBucketPublicAccessBlock", BucketPublicAccessBlockArgs.builder()
            .bucket(exampleBucketV2.id())
            .blockPublicAcls(false)
            .blockPublicPolicy(false)
            .ignorePublicAcls(false)
            .restrictPublicBuckets(false)
            .build());
        var exampleBucketAclV2 = new BucketAclV2("exampleBucketAclV2", BucketAclV2Args.builder()
            .bucket(exampleBucketV2.id())
            .acl("public-read")
            .build(), CustomResourceOptions.builder()
                .dependsOn(
                    exampleBucketOwnershipControls,
                    exampleBucketPublicAccessBlock)
                .build());
    }
}
Content copied to clipboard

With Grants

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.S3Functions;
import com.pulumi.aws.s3.BucketV2;
import com.pulumi.aws.s3.BucketOwnershipControls;
import com.pulumi.aws.s3.BucketOwnershipControlsArgs;
import com.pulumi.aws.s3.inputs.BucketOwnershipControlsRuleArgs;
import com.pulumi.aws.s3.BucketAclV2;
import com.pulumi.aws.s3.BucketAclV2Args;
import com.pulumi.aws.s3.inputs.BucketAclV2AccessControlPolicyArgs;
import com.pulumi.aws.s3.inputs.BucketAclV2AccessControlPolicyOwnerArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        final var current = S3Functions.getCanonicalUserId();
        var exampleBucketV2 = new BucketV2("exampleBucketV2");
        var exampleBucketOwnershipControls = new BucketOwnershipControls("exampleBucketOwnershipControls", BucketOwnershipControlsArgs.builder()
            .bucket(exampleBucketV2.id())
            .rule(BucketOwnershipControlsRuleArgs.builder()
                .objectOwnership("BucketOwnerPreferred")
                .build())
            .build());
        var exampleBucketAclV2 = new BucketAclV2("exampleBucketAclV2", BucketAclV2Args.builder()
            .bucket(exampleBucketV2.id())
            .accessControlPolicy(BucketAclV2AccessControlPolicyArgs.builder()
                .grants(
                    BucketAclV2AccessControlPolicyGrantArgs.builder()
                        .grantee(BucketAclV2AccessControlPolicyGrantGranteeArgs.builder()
                            .id(current.applyValue(getCanonicalUserIdResult -> getCanonicalUserIdResult.id()))
                            .type("CanonicalUser")
                            .build())
                        .permission("READ")
                        .build(),
                    BucketAclV2AccessControlPolicyGrantArgs.builder()
                        .grantee(BucketAclV2AccessControlPolicyGrantGranteeArgs.builder()
                            .type("Group")
                            .uri("http://acs.amazonaws.com/groups/s3/LogDelivery")
                            .build())
                        .permission("READ_ACP")
                        .build())
                .owner(BucketAclV2AccessControlPolicyOwnerArgs.builder()
                    .id(current.applyValue(getCanonicalUserIdResult -> getCanonicalUserIdResult.id()))
                    .build())
                .build())
            .build(), CustomResourceOptions.builder()
                .dependsOn(exampleBucketOwnershipControls)
                .build());
    }
}
Content copied to clipboard

Import

If the owner (account ID) of the source bucket is the same account used to configure the AWS Provider, and the source bucket is configured with a canned ACL (i.e. predefined grant), import using the bucket and acl separated by a comma (,): If the owner (account ID) of the source bucket differs from the account used to configure the AWS Provider, and the source bucket is not configured with a canned ACL (i.e. predefined grant), imported using the bucket and expected_bucket_owner separated by a comma (,): If the owner (account ID) of the source bucket differs from the account used to configure the AWS Provider, and the source bucket is configured with a canned ACL (i.e. predefined grant), imported using the bucket, expected_bucket_owner, and acl separated by commas (,): Using pulumi import to import using bucket, expected_bucket_owner, and/or acl, depending on your situation. For example: If the owner (account ID) of the source bucket is the same account used to configure the AWS Provider, and the source bucket is not configured with a canned ACL (i.e. predefined grant), import using the bucket:

$ pulumi import aws:s3/bucketAclV2:BucketAclV2 example bucket-name
Content copied to clipboard

If the owner (account ID) of the source bucket is the same account used to configure the AWS Provider, and the source bucket is configured with a canned ACL (i.e. predefined grant), import using the bucket and acl separated by a comma (,):

$ pulumi import aws:s3/bucketAclV2:BucketAclV2 example bucket-name,private
Content copied to clipboard

If the owner (account ID) of the source bucket differs from the account used to configure the AWS Provider, and the source bucket is not configured with a canned ACL (i.e. predefined grant), imported using the bucket and expected_bucket_owner separated by a comma (,):

$ pulumi import aws:s3/bucketAclV2:BucketAclV2 example bucket-name,123456789012
Content copied to clipboard

If the owner (account ID) of the source bucket differs from the account used to configure the AWS Provider, and the source bucket is configured with a canned ACL (i.e. predefined grant), imported using the bucket, expected_bucket_owner, and acl separated by commas (,):

$ pulumi import aws:s3/bucketAclV2:BucketAclV2 example bucket-name,123456789012,private
Content copied to clipboard

Properties

Link copied to clipboard
val accessControlPolicy: Output<BucketAclV2AccessControlPolicy>

Configuration block that sets the ACL permissions for an object per grantee. See below.

Link copied to clipboard
val acl: Output<String>?

Canned ACL to apply to the bucket.

Link copied to clipboard
val bucket: Output<String>

Name of the bucket.

Link copied to clipboard
val expectedBucketOwner: Output<String>?

Account ID of the expected bucket owner.

Link copied to clipboard
val id: Output<String>
Link copied to clipboard
val pulumiChildResources: Set<KotlinResource>
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
val urn: Output<String>