Access
Provides a resource to manage an S3 Access Grant. Each access grant has its own ID and gives an IAM user or role or a directory user, or group (the grantee) access to a registered location. You determine the level of access, such as READ or READWRITE. Before you can create a grant, you must have an S3 Access Grants instance in the same Region as the S3 data.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.s3control.AccessGrantsInstance("example", {});
const exampleAccessGrantsLocation = new aws.s3control.AccessGrantsLocation("example", {
iamRoleArn: exampleAwsIamRole.arn,
locationScope: `s3://${exampleAwsS3Bucket.bucket}/prefixA*`,
}, {
dependsOn: [example],
});
const exampleAccessGrant = new aws.s3control.AccessGrant("example", {
accessGrantsLocationId: exampleAccessGrantsLocation.accessGrantsLocationId,
permission: "READ",
accessGrantsLocationConfiguration: {
s3SubPrefix: "prefixB*",
},
grantee: {
granteeType: "IAM",
granteeIdentifier: exampleAwsIamUser.arn,
},
});Content copied to clipboard
import pulumi
import pulumi_aws as aws
example = aws.s3control.AccessGrantsInstance("example")
example_access_grants_location = aws.s3control.AccessGrantsLocation("example",
iam_role_arn=example_aws_iam_role["arn"],
location_scope=f"s3://{example_aws_s3_bucket['bucket']}/prefixA*",
opts=pulumi.ResourceOptions(depends_on=[example]))
example_access_grant = aws.s3control.AccessGrant("example",
access_grants_location_id=example_access_grants_location.access_grants_location_id,
permission="READ",
access_grants_location_configuration=aws.s3control.AccessGrantAccessGrantsLocationConfigurationArgs(
s3_sub_prefix="prefixB*",
),
grantee=aws.s3control.AccessGrantGranteeArgs(
grantee_type="IAM",
grantee_identifier=example_aws_iam_user["arn"],
))Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.S3Control.AccessGrantsInstance("example");
var exampleAccessGrantsLocation = new Aws.S3Control.AccessGrantsLocation("example", new()
{
IamRoleArn = exampleAwsIamRole.Arn,
LocationScope = $"s3://{exampleAwsS3Bucket.Bucket}/prefixA*",
}, new CustomResourceOptions
{
DependsOn =
{
example,
},
});
var exampleAccessGrant = new Aws.S3Control.AccessGrant("example", new()
{
AccessGrantsLocationId = exampleAccessGrantsLocation.AccessGrantsLocationId,
Permission = "READ",
AccessGrantsLocationConfiguration = new Aws.S3Control.Inputs.AccessGrantAccessGrantsLocationConfigurationArgs
{
S3SubPrefix = "prefixB*",
},
Grantee = new Aws.S3Control.Inputs.AccessGrantGranteeArgs
{
GranteeType = "IAM",
GranteeIdentifier = exampleAwsIamUser.Arn,
},
});
});Content copied to clipboard
package main
import (
"fmt"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3control"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := s3control.NewAccessGrantsInstance(ctx, "example", nil)
if err != nil {
return err
}
exampleAccessGrantsLocation, err := s3control.NewAccessGrantsLocation(ctx, "example", &s3control.AccessGrantsLocationArgs{
IamRoleArn: pulumi.Any(exampleAwsIamRole.Arn),
LocationScope: pulumi.String(fmt.Sprintf("s3://%v/prefixA*", exampleAwsS3Bucket.Bucket)),
}, pulumi.DependsOn([]pulumi.Resource{
example,
}))
if err != nil {
return err
}
_, err = s3control.NewAccessGrant(ctx, "example", &s3control.AccessGrantArgs{
AccessGrantsLocationId: exampleAccessGrantsLocation.AccessGrantsLocationId,
Permission: pulumi.String("READ"),
AccessGrantsLocationConfiguration: &s3control.AccessGrantAccessGrantsLocationConfigurationArgs{
S3SubPrefix: pulumi.String("prefixB*"),
},
Grantee: &s3control.AccessGrantGranteeArgs{
GranteeType: pulumi.String("IAM"),
GranteeIdentifier: pulumi.Any(exampleAwsIamUser.Arn),
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3control.AccessGrantsInstance;
import com.pulumi.aws.s3control.AccessGrantsLocation;
import com.pulumi.aws.s3control.AccessGrantsLocationArgs;
import com.pulumi.aws.s3control.AccessGrant;
import com.pulumi.aws.s3control.AccessGrantArgs;
import com.pulumi.aws.s3control.inputs.AccessGrantAccessGrantsLocationConfigurationArgs;
import com.pulumi.aws.s3control.inputs.AccessGrantGranteeArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new AccessGrantsInstance("example");
var exampleAccessGrantsLocation = new AccessGrantsLocation("exampleAccessGrantsLocation", AccessGrantsLocationArgs.builder()
.iamRoleArn(exampleAwsIamRole.arn())
.locationScope(String.format("s3://%s/prefixA*", exampleAwsS3Bucket.bucket()))
.build(), CustomResourceOptions.builder()
.dependsOn(example)
.build());
var exampleAccessGrant = new AccessGrant("exampleAccessGrant", AccessGrantArgs.builder()
.accessGrantsLocationId(exampleAccessGrantsLocation.accessGrantsLocationId())
.permission("READ")
.accessGrantsLocationConfiguration(AccessGrantAccessGrantsLocationConfigurationArgs.builder()
.s3SubPrefix("prefixB*")
.build())
.grantee(AccessGrantGranteeArgs.builder()
.granteeType("IAM")
.granteeIdentifier(exampleAwsIamUser.arn())
.build())
.build());
}
}Content copied to clipboard
resources:
example:
type: aws:s3control:AccessGrantsInstance
exampleAccessGrantsLocation:
type: aws:s3control:AccessGrantsLocation
name: example
properties:
iamRoleArn: ${exampleAwsIamRole.arn}
locationScope: s3://${exampleAwsS3Bucket.bucket}/prefixA*
options:
dependson:
- ${example}
exampleAccessGrant:
type: aws:s3control:AccessGrant
name: example
properties:
accessGrantsLocationId: ${exampleAccessGrantsLocation.accessGrantsLocationId}
permission: READ
accessGrantsLocationConfiguration:
s3SubPrefix: prefixB*
grantee:
granteeType: IAM
granteeIdentifier: ${exampleAwsIamUser.arn}Content copied to clipboard
Import
Using pulumi import, import S3 Access Grants using the account_id and access_grant_id, separated by a comma (,). For example:
$ pulumi import aws:s3control/accessGrant:AccessGrant example 123456789012,04549c5e-2f3c-4a07-824d-2cafe720aa22Content copied to clipboard