com.pulumi.aws.s3.kotlin.BucketPolicyArgs.kt Maven / Gradle / Ivy
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.aws.s3.kotlin
import com.pulumi.aws.s3.BucketPolicyArgs.builder
import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import kotlin.String
import kotlin.Suppress
import kotlin.jvm.JvmName
/**
* Attaches a policy to an S3 bucket resource.
* > Policies can be attached to both S3 general purpose buckets and S3 directory buckets.
* ## Example Usage
* ### Basic Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
* const example = new aws.s3.BucketV2("example", {bucket: "my-tf-test-bucket"});
* const allowAccessFromAnotherAccount = aws.iam.getPolicyDocumentOutput({
* statements: [{
* principals: [{
* type: "AWS",
* identifiers: ["123456789012"],
* }],
* actions: [
* "s3:GetObject",
* "s3:ListBucket",
* ],
* resources: [
* example.arn,
* pulumi.interpolate`${example.arn}/*`,
* ],
* }],
* });
* const allowAccessFromAnotherAccountBucketPolicy = new aws.s3.BucketPolicy("allow_access_from_another_account", {
* bucket: example.id,
* policy: allowAccessFromAnotherAccount.apply(allowAccessFromAnotherAccount => allowAccessFromAnotherAccount.json),
* });
* ```
* ```python
* import pulumi
* import pulumi_aws as aws
* example = aws.s3.BucketV2("example", bucket="my-tf-test-bucket")
* allow_access_from_another_account = aws.iam.get_policy_document_output(statements=[{
* "principals": [{
* "type": "AWS",
* "identifiers": ["123456789012"],
* }],
* "actions": [
* "s3:GetObject",
* "s3:ListBucket",
* ],
* "resources": [
* example.arn,
* example.arn.apply(lambda arn: f"{arn}/*"),
* ],
* }])
* allow_access_from_another_account_bucket_policy = aws.s3.BucketPolicy("allow_access_from_another_account",
* bucket=example.id,
* policy=allow_access_from_another_account.json)
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Aws = Pulumi.Aws;
* return await Deployment.RunAsync(() =>
* {
* var example = new Aws.S3.BucketV2("example", new()
* {
* Bucket = "my-tf-test-bucket",
* });
* var allowAccessFromAnotherAccount = Aws.Iam.GetPolicyDocument.Invoke(new()
* {
* Statements = new[]
* {
* new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
* {
* Principals = new[]
* {
* new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
* {
* Type = "AWS",
* Identifiers = new[]
* {
* "123456789012",
* },
* },
* },
* Actions = new[]
* {
* "s3:GetObject",
* "s3:ListBucket",
* },
* Resources = new[]
* {
* example.Arn,
* $"{example.Arn}/*",
* },
* },
* },
* });
* var allowAccessFromAnotherAccountBucketPolicy = new Aws.S3.BucketPolicy("allow_access_from_another_account", new()
* {
* Bucket = example.Id,
* Policy = allowAccessFromAnotherAccount.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
* });
* });
* ```
* ```go
* package main
* import (
* "fmt"
* "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
* "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* example, err := s3.NewBucketV2(ctx, "example", &s3.BucketV2Args{
* Bucket: pulumi.String("my-tf-test-bucket"),
* })
* if err != nil {
* return err
* }
* allowAccessFromAnotherAccount := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{
* Statements: iam.GetPolicyDocumentStatementArray{
* &iam.GetPolicyDocumentStatementArgs{
* Principals: iam.GetPolicyDocumentStatementPrincipalArray{
* &iam.GetPolicyDocumentStatementPrincipalArgs{
* Type: pulumi.String("AWS"),
* Identifiers: pulumi.StringArray{
* pulumi.String("123456789012"),
* },
* },
* },
* Actions: pulumi.StringArray{
* pulumi.String("s3:GetObject"),
* pulumi.String("s3:ListBucket"),
* },
* Resources: pulumi.StringArray{
* example.Arn,
* example.Arn.ApplyT(func(arn string) (string, error) {
* return fmt.Sprintf("%v/*", arn), nil
* }).(pulumi.StringOutput),
* },
* },
* },
* }, nil)
* _, err = s3.NewBucketPolicy(ctx, "allow_access_from_another_account", &s3.BucketPolicyArgs{
* Bucket: example.ID(),
* Policy: pulumi.String(allowAccessFromAnotherAccount.ApplyT(func(allowAccessFromAnotherAccount iam.GetPolicyDocumentResult) (*string, error) {
* return &allowAccessFromAnotherAccount.Json, nil
* }).(pulumi.StringPtrOutput)),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.aws.s3.BucketV2;
* import com.pulumi.aws.s3.BucketV2Args;
* import com.pulumi.aws.iam.IamFunctions;
* import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
* import com.pulumi.aws.s3.BucketPolicy;
* import com.pulumi.aws.s3.BucketPolicyArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var example = new BucketV2("example", BucketV2Args.builder()
* .bucket("my-tf-test-bucket")
* .build());
* final var allowAccessFromAnotherAccount = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
* .statements(GetPolicyDocumentStatementArgs.builder()
* .principals(GetPolicyDocumentStatementPrincipalArgs.builder()
* .type("AWS")
* .identifiers("123456789012")
* .build())
* .actions(
* "s3:GetObject",
* "s3:ListBucket")
* .resources(
* example.arn(),
* example.arn().applyValue(arn -> String.format("%s/*", arn)))
* .build())
* .build());
* var allowAccessFromAnotherAccountBucketPolicy = new BucketPolicy("allowAccessFromAnotherAccountBucketPolicy", BucketPolicyArgs.builder()
* .bucket(example.id())
* .policy(allowAccessFromAnotherAccount.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult).applyValue(allowAccessFromAnotherAccount -> allowAccessFromAnotherAccount.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json())))
* .build());
* }
* }
* ```
* ```yaml
* resources:
* example:
* type: aws:s3:BucketV2
* properties:
* bucket: my-tf-test-bucket
* allowAccessFromAnotherAccountBucketPolicy:
* type: aws:s3:BucketPolicy
* name: allow_access_from_another_account
* properties:
* bucket: ${example.id}
* policy: ${allowAccessFromAnotherAccount.json}
* variables:
* allowAccessFromAnotherAccount:
* fn::invoke:
* Function: aws:iam:getPolicyDocument
* Arguments:
* statements:
* - principals:
* - type: AWS
* identifiers:
* - '123456789012'
* actions:
* - s3:GetObject
* - s3:ListBucket
* resources:
* - ${example.arn}
* - ${example.arn}/*
* ```
*
* ## Import
* Using `pulumi import`, import S3 bucket policies using the bucket name. For example:
* ```sh
* $ pulumi import aws:s3/bucketPolicy:BucketPolicy allow_access_from_another_account my-tf-test-bucket
* ```
* @property bucket Name of the bucket to which to apply the policy.
* @property policy Text of the policy. Although this is a bucket policy rather than an IAM policy, the `aws.iam.getPolicyDocument` data source may be used, so long as it specifies a principal. For more information about building AWS IAM policy documents, see the AWS IAM Policy Document Guide. Note: Bucket policies are limited to 20 KB in size.
* */*/*/*/*/*/
*/
public data class BucketPolicyArgs(
public val bucket: Output? = null,
public val policy: Output? = null,
) : ConvertibleToJava {
override fun toJava(): com.pulumi.aws.s3.BucketPolicyArgs =
com.pulumi.aws.s3.BucketPolicyArgs.builder()
.bucket(bucket?.applyValue({ args0 -> args0 }))
.policy(policy?.applyValue({ args0 -> args0 })).build()
}
/**
* Builder for [BucketPolicyArgs].
*/
@PulumiTagMarker
public class BucketPolicyArgsBuilder internal constructor() {
private var bucket: Output? = null
private var policy: Output? = null
/**
* @param value Name of the bucket to which to apply the policy.
*/
@JvmName("fknwtpwdgxecafdn")
public suspend fun bucket(`value`: Output) {
this.bucket = value
}
/**
* @param value Text of the policy. Although this is a bucket policy rather than an IAM policy, the `aws.iam.getPolicyDocument` data source may be used, so long as it specifies a principal. For more information about building AWS IAM policy documents, see the AWS IAM Policy Document Guide. Note: Bucket policies are limited to 20 KB in size.
*/
@JvmName("mrruswoidqjqxcpg")
public suspend fun policy(`value`: Output) {
this.policy = value
}
/**
* @param value Name of the bucket to which to apply the policy.
*/
@JvmName("eimbrrmntlaqnwqn")
public suspend fun bucket(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.bucket = mapped
}
/**
* @param value Text of the policy. Although this is a bucket policy rather than an IAM policy, the `aws.iam.getPolicyDocument` data source may be used, so long as it specifies a principal. For more information about building AWS IAM policy documents, see the AWS IAM Policy Document Guide. Note: Bucket policies are limited to 20 KB in size.
*/
@JvmName("euaoputjqtxiguln")
public suspend fun policy(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.policy = mapped
}
internal fun build(): BucketPolicyArgs = BucketPolicyArgs(
bucket = bucket,
policy = policy,
)
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy