All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.pulumi.aws.s3.kotlin.BucketPolicy.kt Maven / Gradle / Ivy

Go to download

Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.

There is a newer version: 6.57.0.0
Show newest version
@file:Suppress("NAME_SHADOWING", "DEPRECATION")

package com.pulumi.aws.s3.kotlin

import com.pulumi.core.Output
import com.pulumi.kotlin.KotlinCustomResource
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.ResourceMapper
import com.pulumi.kotlin.options.CustomResourceOptions
import com.pulumi.kotlin.options.CustomResourceOptionsBuilder
import com.pulumi.resources.Resource
import kotlin.Boolean
import kotlin.String
import kotlin.Suppress
import kotlin.Unit

/**
 * Builder for [BucketPolicy].
 */
@PulumiTagMarker
public class BucketPolicyResourceBuilder internal constructor() {
    public var name: String? = null

    public var args: BucketPolicyArgs = BucketPolicyArgs()

    public var opts: CustomResourceOptions = CustomResourceOptions()

    /**
     * @param name The _unique_ name of the resulting resource.
     */
    public fun name(`value`: String) {
        this.name = value
    }

    /**
     * @param block The arguments to use to populate this resource's properties.
     */
    public suspend fun args(block: suspend BucketPolicyArgsBuilder.() -> Unit) {
        val builder = BucketPolicyArgsBuilder()
        block(builder)
        this.args = builder.build()
    }

    /**
     * @param block A bag of options that control this resource's behavior.
     */
    public suspend fun opts(block: suspend CustomResourceOptionsBuilder.() -> Unit) {
        this.opts = com.pulumi.kotlin.options.CustomResourceOptions.opts(block)
    }

    internal fun build(): BucketPolicy {
        val builtJavaResource = com.pulumi.aws.s3.BucketPolicy(
            this.name,
            this.args.toJava(),
            this.opts.toJava(),
        )
        return BucketPolicy(builtJavaResource)
    }
}

/**
 * Attaches a policy to an S3 bucket resource.
 * > Policies can be attached to both S3 general purpose buckets and S3 directory buckets.
 * ## Example Usage
 * ### Basic Usage
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as aws from "@pulumi/aws";
 * const example = new aws.s3.BucketV2("example", {bucket: "my-tf-test-bucket"});
 * const allowAccessFromAnotherAccount = aws.iam.getPolicyDocumentOutput({
 *     statements: [{
 *         principals: [{
 *             type: "AWS",
 *             identifiers: ["123456789012"],
 *         }],
 *         actions: [
 *             "s3:GetObject",
 *             "s3:ListBucket",
 *         ],
 *         resources: [
 *             example.arn,
 *             pulumi.interpolate`${example.arn}/*`,
 *         ],
 *     }],
 * });
 * const allowAccessFromAnotherAccountBucketPolicy = new aws.s3.BucketPolicy("allow_access_from_another_account", {
 *     bucket: example.id,
 *     policy: allowAccessFromAnotherAccount.apply(allowAccessFromAnotherAccount => allowAccessFromAnotherAccount.json),
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_aws as aws
 * example = aws.s3.BucketV2("example", bucket="my-tf-test-bucket")
 * allow_access_from_another_account = aws.iam.get_policy_document_output(statements=[{
 *     "principals": [{
 *         "type": "AWS",
 *         "identifiers": ["123456789012"],
 *     }],
 *     "actions": [
 *         "s3:GetObject",
 *         "s3:ListBucket",
 *     ],
 *     "resources": [
 *         example.arn,
 *         example.arn.apply(lambda arn: f"{arn}/*"),
 *     ],
 * }])
 * allow_access_from_another_account_bucket_policy = aws.s3.BucketPolicy("allow_access_from_another_account",
 *     bucket=example.id,
 *     policy=allow_access_from_another_account.json)
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Aws = Pulumi.Aws;
 * return await Deployment.RunAsync(() =>
 * {
 *     var example = new Aws.S3.BucketV2("example", new()
 *     {
 *         Bucket = "my-tf-test-bucket",
 *     });
 *     var allowAccessFromAnotherAccount = Aws.Iam.GetPolicyDocument.Invoke(new()
 *     {
 *         Statements = new[]
 *         {
 *             new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
 *             {
 *                 Principals = new[]
 *                 {
 *                     new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
 *                     {
 *                         Type = "AWS",
 *                         Identifiers = new[]
 *                         {
 *                             "123456789012",
 *                         },
 *                     },
 *                 },
 *                 Actions = new[]
 *                 {
 *                     "s3:GetObject",
 *                     "s3:ListBucket",
 *                 },
 *                 Resources = new[]
 *                 {
 *                     example.Arn,
 *                     $"{example.Arn}/*",
 *                 },
 *             },
 *         },
 *     });
 *     var allowAccessFromAnotherAccountBucketPolicy = new Aws.S3.BucketPolicy("allow_access_from_another_account", new()
 *     {
 *         Bucket = example.Id,
 *         Policy = allowAccessFromAnotherAccount.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"fmt"
 * 	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
 * 	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		example, err := s3.NewBucketV2(ctx, "example", &s3.BucketV2Args{
 * 			Bucket: pulumi.String("my-tf-test-bucket"),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		allowAccessFromAnotherAccount := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{
 * 			Statements: iam.GetPolicyDocumentStatementArray{
 * 				&iam.GetPolicyDocumentStatementArgs{
 * 					Principals: iam.GetPolicyDocumentStatementPrincipalArray{
 * 						&iam.GetPolicyDocumentStatementPrincipalArgs{
 * 							Type: pulumi.String("AWS"),
 * 							Identifiers: pulumi.StringArray{
 * 								pulumi.String("123456789012"),
 * 							},
 * 						},
 * 					},
 * 					Actions: pulumi.StringArray{
 * 						pulumi.String("s3:GetObject"),
 * 						pulumi.String("s3:ListBucket"),
 * 					},
 * 					Resources: pulumi.StringArray{
 * 						example.Arn,
 * 						example.Arn.ApplyT(func(arn string) (string, error) {
 * 							return fmt.Sprintf("%v/*", arn), nil
 * 						}).(pulumi.StringOutput),
 * 					},
 * 				},
 * 			},
 * 		}, nil)
 * 		_, err = s3.NewBucketPolicy(ctx, "allow_access_from_another_account", &s3.BucketPolicyArgs{
 * 			Bucket: example.ID(),
 * 			Policy: pulumi.String(allowAccessFromAnotherAccount.ApplyT(func(allowAccessFromAnotherAccount iam.GetPolicyDocumentResult) (*string, error) {
 * 				return &allowAccessFromAnotherAccount.Json, nil
 * 			}).(pulumi.StringPtrOutput)),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.aws.s3.BucketV2;
 * import com.pulumi.aws.s3.BucketV2Args;
 * import com.pulumi.aws.iam.IamFunctions;
 * import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
 * import com.pulumi.aws.s3.BucketPolicy;
 * import com.pulumi.aws.s3.BucketPolicyArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var example = new BucketV2("example", BucketV2Args.builder()
 *             .bucket("my-tf-test-bucket")
 *             .build());
 *         final var allowAccessFromAnotherAccount = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
 *             .statements(GetPolicyDocumentStatementArgs.builder()
 *                 .principals(GetPolicyDocumentStatementPrincipalArgs.builder()
 *                     .type("AWS")
 *                     .identifiers("123456789012")
 *                     .build())
 *                 .actions(
 *                     "s3:GetObject",
 *                     "s3:ListBucket")
 *                 .resources(
 *                     example.arn(),
 *                     example.arn().applyValue(arn -> String.format("%s/*", arn)))
 *                 .build())
 *             .build());
 *         var allowAccessFromAnotherAccountBucketPolicy = new BucketPolicy("allowAccessFromAnotherAccountBucketPolicy", BucketPolicyArgs.builder()
 *             .bucket(example.id())
 *             .policy(allowAccessFromAnotherAccount.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult).applyValue(allowAccessFromAnotherAccount -> allowAccessFromAnotherAccount.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json())))
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   example:
 *     type: aws:s3:BucketV2
 *     properties:
 *       bucket: my-tf-test-bucket
 *   allowAccessFromAnotherAccountBucketPolicy:
 *     type: aws:s3:BucketPolicy
 *     name: allow_access_from_another_account
 *     properties:
 *       bucket: ${example.id}
 *       policy: ${allowAccessFromAnotherAccount.json}
 * variables:
 *   allowAccessFromAnotherAccount:
 *     fn::invoke:
 *       Function: aws:iam:getPolicyDocument
 *       Arguments:
 *         statements:
 *           - principals:
 *               - type: AWS
 *                 identifiers:
 *                   - '123456789012'
 *             actions:
 *               - s3:GetObject
 *               - s3:ListBucket
 *             resources:
 *               - ${example.arn}
 *               - ${example.arn}/*
 * ```
 * 
 * ## Import
 * Using `pulumi import`, import S3 bucket policies using the bucket name. For example:
 * ```sh
 * $ pulumi import aws:s3/bucketPolicy:BucketPolicy allow_access_from_another_account my-tf-test-bucket
 * ```
 * */*/*/*/*/*/
 */
public class BucketPolicy internal constructor(
    override val javaResource: com.pulumi.aws.s3.BucketPolicy,
) : KotlinCustomResource(javaResource, BucketPolicyMapper) {
    /**
     * Name of the bucket to which to apply the policy.
     */
    public val bucket: Output
        get() = javaResource.bucket().applyValue({ args0 -> args0 })

    /**
     * Text of the policy. Although this is a bucket policy rather than an IAM policy, the `aws.iam.getPolicyDocument` data source may be used, so long as it specifies a principal. For more information about building AWS IAM policy documents, see the AWS IAM Policy Document Guide. Note: Bucket policies are limited to 20 KB in size.
     */
    public val policy: Output
        get() = javaResource.policy().applyValue({ args0 -> args0 })
}

public object BucketPolicyMapper : ResourceMapper {
    override fun supportsMappingOfType(javaResource: Resource): Boolean =
        com.pulumi.aws.s3.BucketPolicy::class == javaResource::class

    override fun map(javaResource: Resource): BucketPolicy = BucketPolicy(
        javaResource as
            com.pulumi.aws.s3.BucketPolicy,
    )
}

/**
 * @see [BucketPolicy].
 * @param name The _unique_ name of the resulting resource.
 * @param block Builder for [BucketPolicy].
 */
public suspend fun bucketPolicy(
    name: String,
    block: suspend BucketPolicyResourceBuilder.() -> Unit,
): BucketPolicy {
    val builder = BucketPolicyResourceBuilder()
    builder.name(name)
    block(builder)
    return builder.build()
}

/**
 * @see [BucketPolicy].
 * @param name The _unique_ name of the resulting resource.
 */
public fun bucketPolicy(name: String): BucketPolicy {
    val builder = BucketPolicyResourceBuilder()
    builder.name(name)
    return builder.build()
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy