Vault
data class VaultArgs(val accessPolicy: Output<String>? = null, val name: Output<String>? = null, val notification: Output<VaultNotificationArgs>? = null, val tags: Output<Map<String, String>>? = null) : ConvertibleToJava<VaultArgs>
Provides a Glacier Vault Resource. You can refer to the Glacier Developer Guide for a full explanation of the Glacier Vault functionality
NOTE: When removing a Glacier Vault, the Vault must be empty.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const awsSnsTopic = new aws.sns.Topic("aws_sns_topic", {name: "glacier-sns-topic"});
const myArchive = aws.iam.getPolicyDocument({
statements: [{
sid: "add-read-only-perm",
effect: "Allow",
principals: [{
type: "*",
identifiers: ["*"],
}],
actions: [
"glacier:InitiateJob",
"glacier:GetJobOutput",
],
resources: ["arn:aws:glacier:eu-west-1:432981146916:vaults/MyArchive"],
}],
});
const myArchiveVault = new aws.glacier.Vault("my_archive", {
name: "MyArchive",
notification: {
snsTopic: awsSnsTopic.arn,
events: [
"ArchiveRetrievalCompleted",
"InventoryRetrievalCompleted",
],
},
accessPolicy: myArchive.then(myArchive => myArchive.json),
tags: {
Test: "MyArchive",
},
});Content copied to clipboard
import pulumi
import pulumi_aws as aws
aws_sns_topic = aws.sns.Topic("aws_sns_topic", name="glacier-sns-topic")
my_archive = aws.iam.get_policy_document(statements=[{
"sid": "add-read-only-perm",
"effect": "Allow",
"principals": [{
"type": "*",
"identifiers": ["*"],
}],
"actions": [
"glacier:InitiateJob",
"glacier:GetJobOutput",
],
"resources": ["arn:aws:glacier:eu-west-1:432981146916:vaults/MyArchive"],
}])
my_archive_vault = aws.glacier.Vault("my_archive",
name="MyArchive",
notification={
"sns_topic": aws_sns_topic.arn,
"events": [
"ArchiveRetrievalCompleted",
"InventoryRetrievalCompleted",
],
},
access_policy=my_archive.json,
tags={
"Test": "MyArchive",
})Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var awsSnsTopic = new Aws.Sns.Topic("aws_sns_topic", new()
{
Name = "glacier-sns-topic",
});
var myArchive = Aws.Iam.GetPolicyDocument.Invoke(new()
{
Statements = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Sid = "add-read-only-perm",
Effect = "Allow",
Principals = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
{
Type = "*",
Identifiers = new[]
{
"*",
},
},
},
Actions = new[]
{
"glacier:InitiateJob",
"glacier:GetJobOutput",
},
Resources = new[]
{
"arn:aws:glacier:eu-west-1:432981146916:vaults/MyArchive",
},
},
},
});
var myArchiveVault = new Aws.Glacier.Vault("my_archive", new()
{
Name = "MyArchive",
Notification = new Aws.Glacier.Inputs.VaultNotificationArgs
{
SnsTopic = awsSnsTopic.Arn,
Events = new[]
{
"ArchiveRetrievalCompleted",
"InventoryRetrievalCompleted",
},
},
AccessPolicy = myArchive.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
Tags =
{
{ "Test", "MyArchive" },
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/glacier"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
awsSnsTopic, err := sns.NewTopic(ctx, "aws_sns_topic", &sns.TopicArgs{
Name: pulumi.String("glacier-sns-topic"),
})
if err != nil {
return err
}
myArchive, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
Statements: []iam.GetPolicyDocumentStatement{
{
Sid: pulumi.StringRef("add-read-only-perm"),
Effect: pulumi.StringRef("Allow"),
Principals: []iam.GetPolicyDocumentStatementPrincipal{
{
Type: "*",
Identifiers: []string{
"*",
},
},
},
Actions: []string{
"glacier:InitiateJob",
"glacier:GetJobOutput",
},
Resources: []string{
"arn:aws:glacier:eu-west-1:432981146916:vaults/MyArchive",
},
},
},
}, nil)
if err != nil {
return err
}
_, err = glacier.NewVault(ctx, "my_archive", &glacier.VaultArgs{
Name: pulumi.String("MyArchive"),
Notification: &glacier.VaultNotificationArgs{
SnsTopic: awsSnsTopic.Arn,
Events: pulumi.StringArray{
pulumi.String("ArchiveRetrievalCompleted"),
pulumi.String("InventoryRetrievalCompleted"),
},
},
AccessPolicy: pulumi.String(myArchive.Json),
Tags: pulumi.StringMap{
"Test": pulumi.String("MyArchive"),
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.sns.Topic;
import com.pulumi.aws.sns.TopicArgs;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.glacier.Vault;
import com.pulumi.aws.glacier.VaultArgs;
import com.pulumi.aws.glacier.inputs.VaultNotificationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var awsSnsTopic = new Topic("awsSnsTopic", TopicArgs.builder()
.name("glacier-sns-topic")
.build());
final var myArchive = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.sid("add-read-only-perm")
.effect("Allow")
.principals(GetPolicyDocumentStatementPrincipalArgs.builder()
.type("*")
.identifiers("*")
.build())
.actions(
"glacier:InitiateJob",
"glacier:GetJobOutput")
.resources("arn:aws:glacier:eu-west-1:432981146916:vaults/MyArchive")
.build())
.build());
var myArchiveVault = new Vault("myArchiveVault", VaultArgs.builder()
.name("MyArchive")
.notification(VaultNotificationArgs.builder()
.snsTopic(awsSnsTopic.arn())
.events(
"ArchiveRetrievalCompleted",
"InventoryRetrievalCompleted")
.build())
.accessPolicy(myArchive.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
.tags(Map.of("Test", "MyArchive"))
.build());
}
}Content copied to clipboard
resources:
awsSnsTopic:
type: aws:sns:Topic
name: aws_sns_topic
properties:
name: glacier-sns-topic
myArchiveVault:
type: aws:glacier:Vault
name: my_archive
properties:
name: MyArchive
notification:
snsTopic: ${awsSnsTopic.arn}
events:
- ArchiveRetrievalCompleted
- InventoryRetrievalCompleted
accessPolicy: ${myArchive.json}
tags:
Test: MyArchive
variables:
myArchive:
fn::invoke:
function: aws:iam:getPolicyDocument
arguments:
statements:
- sid: add-read-only-perm
effect: Allow
principals:
- type: '*'
identifiers:
- '*'
actions:
- glacier:InitiateJob
- glacier:GetJobOutput
resources:
- arn:aws:glacier:eu-west-1:432981146916:vaults/MyArchiveContent copied to clipboard
Import
Using pulumi import, import Glacier Vaults using the name. For example:
$ pulumi import aws:glacier/vault:Vault archive my_archiveContent copied to clipboard
Constructors
Properties
Link copied to clipboard
The policy document. This is a JSON formatted string. The heredoc syntax or file function is helpful here. Use the Glacier Developer Guide for more information on Glacier Vault Policy
Link copied to clipboard
The notifications for the Vault. Fields documented below.