Expand description
Provides an S3 bucket ACL resource.
Note: destroy does not delete the S3 Bucket ACL but does remove the resource from state.
This resource cannot be used with S3 directory buckets.
§Example Usage
§With private ACL
use pulumi_wasm_rust::Output;
use pulumi_wasm_rust::{add_export, pulumi_main};
#[pulumi_main]
fn test_main() -> Result<(), Error> {
let example = bucket_v_2::create(
"example",
BucketV2Args::builder().bucket("my-tf-example-bucket").build_struct(),
);
let exampleBucketAclV2 = bucket_acl_v_2::create(
"exampleBucketAclV2",
BucketAclV2Args::builder().acl("private").bucket("${example.id}").build_struct(),
);
let exampleBucketOwnershipControls = bucket_ownership_controls::create(
"exampleBucketOwnershipControls",
BucketOwnershipControlsArgs::builder()
.bucket("${example.id}")
.rule(
BucketOwnershipControlsRule::builder()
.objectOwnership("BucketOwnerPreferred")
.build_struct(),
)
.build_struct(),
);
}§With public-read ACL
This example explicitly disables the default S3 bucket security settings. This should be done with caution, as all bucket objects become publicly exposed.
use pulumi_wasm_rust::Output;
use pulumi_wasm_rust::{add_export, pulumi_main};
#[pulumi_main]
fn test_main() -> Result<(), Error> {
let example = bucket_v_2::create(
"example",
BucketV2Args::builder().bucket("my-tf-example-bucket").build_struct(),
);
let exampleBucketAclV2 = bucket_acl_v_2::create(
"exampleBucketAclV2",
BucketAclV2Args::builder()
.acl("public-read")
.bucket("${example.id}")
.build_struct(),
);
let exampleBucketOwnershipControls = bucket_ownership_controls::create(
"exampleBucketOwnershipControls",
BucketOwnershipControlsArgs::builder()
.bucket("${example.id}")
.rule(
BucketOwnershipControlsRule::builder()
.objectOwnership("BucketOwnerPreferred")
.build_struct(),
)
.build_struct(),
);
let exampleBucketPublicAccessBlock = bucket_public_access_block::create(
"exampleBucketPublicAccessBlock",
BucketPublicAccessBlockArgs::builder()
.block_public_acls(false)
.block_public_policy(false)
.bucket("${example.id}")
.ignore_public_acls(false)
.restrict_public_buckets(false)
.build_struct(),
);
}§With Grants
resources:
example:
type: aws:s3:BucketV2
properties:
bucket: my-tf-example-bucket
exampleBucketOwnershipControls:
type: aws:s3:BucketOwnershipControls
name: example
properties:
bucket: ${example.id}
rule:
objectOwnership: BucketOwnerPreferred
exampleBucketAclV2:
type: aws:s3:BucketAclV2
name: example
properties:
bucket: ${example.id}
accessControlPolicy:
grants:
- grantee:
id: ${current.id}
type: CanonicalUser
permission: READ
- grantee:
type: Group
uri: http://acs.amazonaws.com/groups/s3/LogDelivery
permission: READ_ACP
owner:
id: ${current.id}
options:
dependsOn:
- ${exampleBucketOwnershipControls}
variables:
current:
fn::invoke:
function: aws:s3:getCanonicalUserId
arguments: {}§Import
If the owner (account ID) of the source bucket is the same account used to configure the AWS Provider, and the source bucket is configured with a
canned ACL (i.e. predefined grant), import using the bucket and acl separated by a comma (,):
If the owner (account ID) of the source bucket differs from the account used to configure the AWS Provider, and the source bucket is not configured with a canned ACL (i.e. predefined grant), imported using the bucket and expected_bucket_owner separated by a comma (,):
If the owner (account ID) of the source bucket differs from the account used to configure the AWS Provider, and the source bucket is configured with a
canned ACL (i.e. predefined grant), imported using the bucket, expected_bucket_owner, and acl separated by commas (,):
Using pulumi import to import using bucket, expected_bucket_owner, and/or acl, depending on your situation. For example:
If the owner (account ID) of the source bucket is the same account used to configure the AWS Provider, and the source bucket is not configured with a
canned ACL (i.e. predefined grant), import using the bucket:
$ pulumi import aws:s3/bucketAclV2:BucketAclV2 example bucket-nameIf the owner (account ID) of the source bucket is the same account used to configure the AWS Provider, and the source bucket is configured with a canned ACL (i.e. predefined grant), import using the bucket and acl separated by a comma (,):
$ pulumi import aws:s3/bucketAclV2:BucketAclV2 example bucket-name,privateIf the owner (account ID) of the source bucket differs from the account used to configure the AWS Provider, and the source bucket is not configured with a canned ACL (i.e. predefined grant), imported using the bucket and expected_bucket_owner separated by a comma (,):
$ pulumi import aws:s3/bucketAclV2:BucketAclV2 example bucket-name,123456789012If the owner (account ID) of the source bucket differs from the account used to configure the AWS Provider, and the source bucket is configured with a canned ACL (i.e. predefined grant), imported using the bucket, expected_bucket_owner, and acl separated by commas (,):
$ pulumi import aws:s3/bucketAclV2:BucketAclV2 example bucket-name,123456789012,privateStructs§
- Use builder syntax to set the inputs and finish with
build_struct().
Functions§
- Registers a new resource with the given unique name and arguments