com.pulumi.aws.s3control.kotlin.AccessPointPolicy.kt Maven / Gradle / Ivy
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.aws.s3control.kotlin
import com.pulumi.core.Output
import com.pulumi.kotlin.KotlinCustomResource
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.ResourceMapper
import com.pulumi.kotlin.options.CustomResourceOptions
import com.pulumi.kotlin.options.CustomResourceOptionsBuilder
import com.pulumi.resources.Resource
import kotlin.Boolean
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
/**
* Builder for [AccessPointPolicy].
*/
@PulumiTagMarker
public class AccessPointPolicyResourceBuilder internal constructor() {
public var name: String? = null
public var args: AccessPointPolicyArgs = AccessPointPolicyArgs()
public var opts: CustomResourceOptions = CustomResourceOptions()
/**
* @param name The _unique_ name of the resulting resource.
*/
public fun name(`value`: String) {
this.name = value
}
/**
* @param block The arguments to use to populate this resource's properties.
*/
public suspend fun args(block: suspend AccessPointPolicyArgsBuilder.() -> Unit) {
val builder = AccessPointPolicyArgsBuilder()
block(builder)
this.args = builder.build()
}
/**
* @param block A bag of options that control this resource's behavior.
*/
public suspend fun opts(block: suspend CustomResourceOptionsBuilder.() -> Unit) {
this.opts = com.pulumi.kotlin.options.CustomResourceOptions.opts(block)
}
internal fun build(): AccessPointPolicy {
val builtJavaResource = com.pulumi.aws.s3control.AccessPointPolicy(
this.name,
this.args.toJava(),
this.opts.toJava(),
)
return AccessPointPolicy(builtJavaResource)
}
}
/**
* Provides a resource to manage an S3 Access Point resource policy.
* > **NOTE on Access Points and Access Point Policies:** The provider provides both a standalone Access Point Policy resource and an Access Point resource with a resource policy defined in-line. You cannot use an Access Point with in-line resource policy in conjunction with an Access Point Policy resource. Doing so will cause a conflict of policies and will overwrite the access point's resource policy.
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
* const example = new aws.s3.BucketV2("example", {bucket: "example"});
* const exampleAccessPoint = new aws.s3.AccessPoint("example", {
* bucket: example.id,
* name: "example",
* publicAccessBlockConfiguration: {
* blockPublicAcls: true,
* blockPublicPolicy: false,
* ignorePublicAcls: true,
* restrictPublicBuckets: false,
* },
* });
* const exampleAccessPointPolicy = new aws.s3control.AccessPointPolicy("example", {
* accessPointArn: exampleAccessPoint.arn,
* policy: pulumi.jsonStringify({
* Version: "2008-10-17",
* Statement: [{
* Effect: "Allow",
* Action: "s3:GetObjectTagging",
* Principal: {
* AWS: "*",
* },
* Resource: pulumi.interpolate`${exampleAccessPoint.arn}/object/*`,
* }],
* }),
* });
* ```
* ```python
* import pulumi
* import json
* import pulumi_aws as aws
* example = aws.s3.BucketV2("example", bucket="example")
* example_access_point = aws.s3.AccessPoint("example",
* bucket=example.id,
* name="example",
* public_access_block_configuration={
* "block_public_acls": True,
* "block_public_policy": False,
* "ignore_public_acls": True,
* "restrict_public_buckets": False,
* })
* example_access_point_policy = aws.s3control.AccessPointPolicy("example",
* access_point_arn=example_access_point.arn,
* policy=pulumi.Output.json_dumps({
* "Version": "2008-10-17",
* "Statement": [{
* "Effect": "Allow",
* "Action": "s3:GetObjectTagging",
* "Principal": {
* "AWS": "*",
* },
* "Resource": example_access_point.arn.apply(lambda arn: f"{arn}/object/*"),
* }],
* }))
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using System.Text.Json;
* using Pulumi;
* using Aws = Pulumi.Aws;
* return await Deployment.RunAsync(() =>
* {
* var example = new Aws.S3.BucketV2("example", new()
* {
* Bucket = "example",
* });
* var exampleAccessPoint = new Aws.S3.AccessPoint("example", new()
* {
* Bucket = example.Id,
* Name = "example",
* PublicAccessBlockConfiguration = new Aws.S3.Inputs.AccessPointPublicAccessBlockConfigurationArgs
* {
* BlockPublicAcls = true,
* BlockPublicPolicy = false,
* IgnorePublicAcls = true,
* RestrictPublicBuckets = false,
* },
* });
* var exampleAccessPointPolicy = new Aws.S3Control.AccessPointPolicy("example", new()
* {
* AccessPointArn = exampleAccessPoint.Arn,
* Policy = Output.JsonSerialize(Output.Create(new Dictionary
* {
* ["Version"] = "2008-10-17",
* ["Statement"] = new[]
* {
* new Dictionary
* {
* ["Effect"] = "Allow",
* ["Action"] = "s3:GetObjectTagging",
* ["Principal"] = new Dictionary
* {
* ["AWS"] = "*",
* },
* ["Resource"] = exampleAccessPoint.Arn.Apply(arn => $"{arn}/object/*"),
* },
* },
* })),
* });
* });
* ```
* ```go
* package main
* import (
* "encoding/json"
* "fmt"
* "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3"
* "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3control"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* example, err := s3.NewBucketV2(ctx, "example", &s3.BucketV2Args{
* Bucket: pulumi.String("example"),
* })
* if err != nil {
* return err
* }
* exampleAccessPoint, err := s3.NewAccessPoint(ctx, "example", &s3.AccessPointArgs{
* Bucket: example.ID(),
* Name: pulumi.String("example"),
* PublicAccessBlockConfiguration: &s3.AccessPointPublicAccessBlockConfigurationArgs{
* BlockPublicAcls: pulumi.Bool(true),
* BlockPublicPolicy: pulumi.Bool(false),
* IgnorePublicAcls: pulumi.Bool(true),
* RestrictPublicBuckets: pulumi.Bool(false),
* },
* })
* if err != nil {
* return err
* }
* _, err = s3control.NewAccessPointPolicy(ctx, "example", &s3control.AccessPointPolicyArgs{
* AccessPointArn: exampleAccessPoint.Arn,
* Policy: exampleAccessPoint.Arn.ApplyT(func(arn string) (pulumi.String, error) {
* var _zero pulumi.String
* tmpJSON0, err := json.Marshal(map[string]interface{}{
* "Version": "2008-10-17",
* "Statement": []map[string]interface{}{
* map[string]interface{}{
* "Effect": "Allow",
* "Action": "s3:GetObjectTagging",
* "Principal": map[string]interface{}{
* "AWS": "*",
* },
* "Resource": fmt.Sprintf("%v/object/*", arn),
* },
* },
* })
* if err != nil {
* return _zero, err
* }
* json0 := string(tmpJSON0)
* return pulumi.String(json0), nil
* }).(pulumi.StringOutput),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.aws.s3.BucketV2;
* import com.pulumi.aws.s3.BucketV2Args;
* import com.pulumi.aws.s3.AccessPoint;
* import com.pulumi.aws.s3.AccessPointArgs;
* import com.pulumi.aws.s3.inputs.AccessPointPublicAccessBlockConfigurationArgs;
* import com.pulumi.aws.s3control.AccessPointPolicy;
* import com.pulumi.aws.s3control.AccessPointPolicyArgs;
* import static com.pulumi.codegen.internal.Serialization.*;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var example = new BucketV2("example", BucketV2Args.builder()
* .bucket("example")
* .build());
* var exampleAccessPoint = new AccessPoint("exampleAccessPoint", AccessPointArgs.builder()
* .bucket(example.id())
* .name("example")
* .publicAccessBlockConfiguration(AccessPointPublicAccessBlockConfigurationArgs.builder()
* .blockPublicAcls(true)
* .blockPublicPolicy(false)
* .ignorePublicAcls(true)
* .restrictPublicBuckets(false)
* .build())
* .build());
* var exampleAccessPointPolicy = new AccessPointPolicy("exampleAccessPointPolicy", AccessPointPolicyArgs.builder()
* .accessPointArn(exampleAccessPoint.arn())
* .policy(exampleAccessPoint.arn().applyValue(arn -> serializeJson(
* jsonObject(
* jsonProperty("Version", "2008-10-17"),
* jsonProperty("Statement", jsonArray(jsonObject(
* jsonProperty("Effect", "Allow"),
* jsonProperty("Action", "s3:GetObjectTagging"),
* jsonProperty("Principal", jsonObject(
* jsonProperty("AWS", "*")
* )),
* jsonProperty("Resource", String.format("%s/object/*", arn))
* )))
* ))))
* .build());
* }
* }
* ```
* ```yaml
* resources:
* example:
* type: aws:s3:BucketV2
* properties:
* bucket: example
* exampleAccessPoint:
* type: aws:s3:AccessPoint
* name: example
* properties:
* bucket: ${example.id}
* name: example
* publicAccessBlockConfiguration:
* blockPublicAcls: true
* blockPublicPolicy: false
* ignorePublicAcls: true
* restrictPublicBuckets: false
* exampleAccessPointPolicy:
* type: aws:s3control:AccessPointPolicy
* name: example
* properties:
* accessPointArn: ${exampleAccessPoint.arn}
* policy:
* fn::toJSON:
* Version: 2008-10-17
* Statement:
* - Effect: Allow
* Action: s3:GetObjectTagging
* Principal:
* AWS: '*'
* Resource: ${exampleAccessPoint.arn}/object/*
* ```
*
* ## Import
* Using `pulumi import`, import Access Point policies using the `access_point_arn`. For example:
* ```sh
* $ pulumi import aws:s3control/accessPointPolicy:AccessPointPolicy example arn:aws:s3:us-west-2:123456789012:accesspoint/example
* ```
* */*/*/*/*/*/
*/
public class AccessPointPolicy internal constructor(
override val javaResource: com.pulumi.aws.s3control.AccessPointPolicy,
) : KotlinCustomResource(javaResource, AccessPointPolicyMapper) {
/**
* The ARN of the access point that you want to associate with the specified policy.
*/
public val accessPointArn: Output
get() = javaResource.accessPointArn().applyValue({ args0 -> args0 })
/**
* Indicates whether this access point currently has a policy that allows public access.
*/
public val hasPublicAccessPolicy: Output
get() = javaResource.hasPublicAccessPolicy().applyValue({ args0 -> args0 })
/**
* The policy that you want to apply to the specified access point.
*/
public val policy: Output
get() = javaResource.policy().applyValue({ args0 -> args0 })
}
public object AccessPointPolicyMapper : ResourceMapper {
override fun supportsMappingOfType(javaResource: Resource): Boolean =
com.pulumi.aws.s3control.AccessPointPolicy::class == javaResource::class
override fun map(javaResource: Resource): AccessPointPolicy = AccessPointPolicy(
javaResource as
com.pulumi.aws.s3control.AccessPointPolicy,
)
}
/**
* @see [AccessPointPolicy].
* @param name The _unique_ name of the resulting resource.
* @param block Builder for [AccessPointPolicy].
*/
public suspend fun accessPointPolicy(
name: String,
block: suspend AccessPointPolicyResourceBuilder.() -> Unit,
): AccessPointPolicy {
val builder = AccessPointPolicyResourceBuilder()
builder.name(name)
block(builder)
return builder.build()
}
/**
* @see [AccessPointPolicy].
* @param name The _unique_ name of the resulting resource.
*/
public fun accessPointPolicy(name: String): AccessPointPolicy {
val builder = AccessPointPolicyResourceBuilder()
builder.name(name)
return builder.build()
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy