Expand description
Provides a S3 bucket resource.
NOTE: Please use aws.s3.BucketV2 instead. This resource is maintained for backwards compatibility only. Please see BucketV2 Migration Guide for instructions on migrating existing Bucket resources to BucketV2.
§Example Usage
§Private Bucket w/ Tags
resources:
b:
type: aws:s3:Bucket
properties:
bucket: my-tf-test-bucket
acl: private
tags:
Name: My bucket
Environment: Dev§Static Website Hosting
resources:
b:
type: aws:s3:Bucket
properties:
bucket: s3-website-test.mydomain.com
acl: public-read
policy:
fn::invoke:
function: std:file
arguments:
input: policy.json
return: result
website:
indexDocument: index.html
errorDocument: error.html
routingRules: |
[{
"Condition": {
"KeyPrefixEquals": "docs/"
},
"Redirect": {
"ReplaceKeyPrefixWith": "documents/"
}
}]§Using CORS
ⓘ
use pulumi_wasm_rust::Output;
use pulumi_wasm_rust::{add_export, pulumi_main};
#[pulumi_main]
fn test_main() -> Result<(), Error> {
let b = bucket::create(
"b",
BucketArgs::builder()
.acl("public-read")
.bucket("s3-website-test.mydomain.com")
.cors_rules(
vec![
BucketCorsRule::builder().allowedHeaders(vec!["*",])
.allowedMethods(vec!["PUT", "POST",])
.allowedOrigins(vec!["https://s3-website-test.mydomain.com",])
.exposeHeaders(vec!["ETag",]).maxAgeSeconds(3000).build_struct(),
],
)
.build_struct(),
);
}§Using versioning
ⓘ
use pulumi_wasm_rust::Output;
use pulumi_wasm_rust::{add_export, pulumi_main};
#[pulumi_main]
fn test_main() -> Result<(), Error> {
let b = bucket::create(
"b",
BucketArgs::builder()
.acl("private")
.bucket("my-tf-test-bucket")
.versioning(BucketVersioning::builder().enabled(true).build_struct())
.build_struct(),
);
}§Enable Logging
ⓘ
use pulumi_wasm_rust::Output;
use pulumi_wasm_rust::{add_export, pulumi_main};
#[pulumi_main]
fn test_main() -> Result<(), Error> {
let b = bucket::create(
"b",
BucketArgs::builder()
.acl("private")
.bucket("my-tf-test-bucket")
.loggings(
vec![
BucketLogging::builder().targetBucket("${logBucket.id}")
.targetPrefix("log/").build_struct(),
],
)
.build_struct(),
);
let logBucket = bucket::create(
"logBucket",
BucketArgs::builder()
.acl("log-delivery-write")
.bucket("my-tf-log-bucket")
.build_struct(),
);
}§Using object lifecycle
resources:
bucket:
type: aws:s3:Bucket
properties:
bucket: my-bucket
acl: private
lifecycleRules:
- id: log
enabled: true
prefix: log/
tags:
rule: log
autoclean: 'true'
transitions:
- days: 30
storageClass: STANDARD_IA
- days: 60
storageClass: GLACIER
expiration:
days: 90
- id: tmp
prefix: tmp/
enabled: true
expiration:
date: 2016-01-12
versioningBucket:
type: aws:s3:Bucket
name: versioning_bucket
properties:
bucket: my-versioning-bucket
acl: private
versioning:
enabled: true
lifecycleRules:
- prefix: config/
enabled: true
noncurrentVersionTransitions:
- days: 30
storageClass: STANDARD_IA
- days: 60
storageClass: GLACIER
noncurrentVersionExpiration:
days: 90§Using replication configuration
NOTE: See the
aws.s3.BucketReplicationConfigresource to support bi-directional replication configuration and additional features.
resources:
replication:
type: aws:iam:Role
properties:
name: tf-iam-role-replication-12345
assumeRolePolicy: |
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "s3.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
replicationPolicy:
type: aws:iam:Policy
name: replication
properties:
name: tf-iam-role-policy-replication-12345
policy: |
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:GetReplicationConfiguration",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": [
"${source.arn}"
]
},
{
"Action": [
"s3:GetObjectVersionForReplication",
"s3:GetObjectVersionAcl",
"s3:GetObjectVersionTagging"
],
"Effect": "Allow",
"Resource": [
"${source.arn}/*"
]
},
{
"Action": [
"s3:ReplicateObject",
"s3:ReplicateDelete",
"s3:ReplicateTags"
],
"Effect": "Allow",
"Resource": "${destination.arn}/*"
}
]
}
replicationRolePolicyAttachment:
type: aws:iam:RolePolicyAttachment
name: replication
properties:
role: ${replication.name}
policyArn: ${replicationPolicy.arn}
destination:
type: aws:s3:Bucket
properties:
bucket: tf-test-bucket-destination-12345
versioning:
enabled: true
source:
type: aws:s3:Bucket
properties:
bucket: tf-test-bucket-source-12345
acl: private
versioning:
enabled: true
replicationConfiguration:
role: ${replication.arn}
rules:
- id: foobar
status: Enabled
filter:
tags: {}
destination:
bucket: ${destination.arn}
storageClass: STANDARD
replicationTime:
status: Enabled
minutes: 15
metrics:
status: Enabled
minutes: 15§Enable Default Server Side Encryption
ⓘ
use pulumi_wasm_rust::Output;
use pulumi_wasm_rust::{add_export, pulumi_main};
#[pulumi_main]
fn test_main() -> Result<(), Error> {
let mybucket = bucket::create(
"mybucket",
BucketArgs::builder()
.bucket("mybucket")
.server_side_encryption_configuration(
BucketServerSideEncryptionConfiguration::builder()
.rule(
BucketServerSideEncryptionConfigurationRule::builder()
.applyServerSideEncryptionByDefault(
BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefault::builder()
.kmsMasterKeyId("${mykey.arn}")
.sseAlgorithm("aws:kms")
.build_struct(),
)
.build_struct(),
)
.build_struct(),
)
.build_struct(),
);
let mykey = key::create(
"mykey",
KeyArgs::builder()
.deletion_window_in_days(10)
.description("This key is used to encrypt bucket objects")
.build_struct(),
);
}§Using ACL policy grants
resources:
bucket:
type: aws:s3:Bucket
properties:
bucket: mybucket
grants:
- id: ${currentUser.id}
type: CanonicalUser
permissions:
- FULL_CONTROL
- type: Group
permissions:
- READ_ACP
- WRITE
uri: http://acs.amazonaws.com/groups/s3/LogDelivery
variables:
currentUser:
fn::invoke:
function: aws:s3:getCanonicalUserId
arguments: {}§Import
S3 bucket can be imported using the bucket, e.g.,
$ pulumi import aws:s3/bucket:Bucket bucket bucket-nameThe policy argument is not imported and will be deprecated in a future version of the provider. Use the aws_s3_bucket_policy resource to manage the S3 Bucket Policy instead.
Structs§
- Use builder syntax to set the inputs and finish with
build_struct().
Functions§
- Registers a new resource with the given unique name and arguments