@pulumi/aws-native

Version:

The Pulumi AWS Cloud Control Provider enables you to build, deploy, and manage [any AWS resource that's supported by the AWS Cloud Control API](https://github.com/pulumi/pulumi-aws-native/blob/master/provider/cmd/pulumi-gen-aws-native/supported-types.txt)

pulumi.com

pulumi/pulumi-aws-native

769 lines (768 loc) • 40.3 kB

TypeScript

import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; import * as enums from "../types/enums"; /** * The ``AWS::S3::Bucket`` resource creates an Amazon S3 bucket in the same AWS Region where you create the AWS CloudFormation stack. * To control how AWS CloudFormation handles the bucket when the stack is deleted, you can set a deletion policy for your bucket. You can choose to *retain* the bucket or to *delete* the bucket. For more information, see [DeletionPolicy Attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html). * You can only delete empty buckets. Deletion fails for buckets that have contents. * * ## Example Usage * ### Example * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws_native from "@pulumi/aws-native"; * * const s3Bucket = new aws_native.s3.Bucket("s3Bucket", {}); * const recordingConfiguration = new aws_native.ivs.RecordingConfiguration("recordingConfiguration", { * name: "MyRecordingConfiguration", * destinationConfiguration: { * s3: { * bucketName: s3Bucket.id, * }, * }, * thumbnailConfiguration: { * recordingMode: aws_native.ivs.RecordingConfigurationThumbnailConfigurationRecordingMode.Interval, * targetIntervalSeconds: 60, * storage: [ * aws_native.ivs.RecordingConfigurationThumbnailConfigurationStorageItem.Sequential, * aws_native.ivs.RecordingConfigurationThumbnailConfigurationStorageItem.Latest, * ], * resolution: aws_native.ivs.RecordingConfigurationThumbnailConfigurationResolution.Hd, * }, * renditionConfiguration: { * renditionSelection: aws_native.ivs.RecordingConfigurationRenditionConfigurationRenditionSelection.Custom, * renditions: [ * aws_native.ivs.RecordingConfigurationRenditionConfigurationRenditionsItem.Hd, * aws_native.ivs.RecordingConfigurationRenditionConfigurationRenditionsItem.Sd, * ], * }, * }, { * dependsOn: [s3Bucket], * }); * const channel = new aws_native.ivs.Channel("channel", { * name: "MyRecordedChannel", * recordingConfigurationArn: recordingConfiguration.id, * }, { * dependsOn: [recordingConfiguration], * }); * * ``` * ### Example * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws_native from "@pulumi/aws-native"; * * const s3Bucket = new aws_native.s3.Bucket("s3Bucket", {}); * const recordingConfiguration = new aws_native.ivs.RecordingConfiguration("recordingConfiguration", { * name: "MyRecordingConfiguration", * destinationConfiguration: { * s3: { * bucketName: s3Bucket.id, * }, * }, * thumbnailConfiguration: { * recordingMode: aws_native.ivs.RecordingConfigurationThumbnailConfigurationRecordingMode.Interval, * targetIntervalSeconds: 60, * resolution: aws_native.ivs.RecordingConfigurationThumbnailConfigurationResolution.Hd, * storage: [ * aws_native.ivs.RecordingConfigurationThumbnailConfigurationStorageItem.Sequential, * aws_native.ivs.RecordingConfigurationThumbnailConfigurationStorageItem.Latest, * ], * }, * renditionConfiguration: { * renditionSelection: aws_native.ivs.RecordingConfigurationRenditionConfigurationRenditionSelection.Custom, * renditions: [ * aws_native.ivs.RecordingConfigurationRenditionConfigurationRenditionsItem.Hd, * aws_native.ivs.RecordingConfigurationRenditionConfigurationRenditionsItem.Sd, * ], * }, * }, { * dependsOn: [s3Bucket], * }); * const channel = new aws_native.ivs.Channel("channel", { * name: "MyRecordedChannel", * recordingConfigurationArn: recordingConfiguration.id, * }, { * dependsOn: [recordingConfiguration], * }); * * ``` * ### Example * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws_native from "@pulumi/aws-native"; * * const config = new pulumi.Config(); * const latestAmiId = config.get("latestAmiId") || ""; * const latestAmiIdValue = latestAmiId == "" ? "/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2" : aws_native.getSsmParameterString({ * name: latestAmiId, * }).then(invoke => invoke.value); * const gitHubOwner = config.require("gitHubOwner"); * const gitHubRepo = config.require("gitHubRepo"); * const gitHubBranch = config.require("gitHubBranch"); * const ssmAssocLogs = new aws_native.s3.Bucket("ssmAssocLogs", {}); * const ssmInstanceRole = new aws_native.iam.Role("ssmInstanceRole", { * policies: [ * { * policyDocument: { * version: "2012-10-17", * statement: [{ * action: ["s3:GetObject"], * resource: [ * "arn:aws:s3:::aws-ssm-${AWS::Region}/*", * "arn:aws:s3:::aws-windows-downloads-${AWS::Region}/*", * "arn:aws:s3:::amazon-ssm-${AWS::Region}/*", * "arn:aws:s3:::amazon-ssm-packages-${AWS::Region}/*", * "arn:aws:s3:::${AWS::Region}-birdwatcher-prod/*", * "arn:aws:s3:::patch-baseline-snapshot-${AWS::Region}/*", * ], * effect: "Allow", * }], * }, * policyName: "ssm-custom-s3-policy", * }, * { * policyDocument: { * version: "2012-10-17", * statement: [{ * action: [ * "s3:GetObject", * "s3:PutObject", * "s3:PutObjectAcl", * "s3:ListBucket", * ], * resource: [ * "arn:${AWS::Partition}:s3:::${SSMAssocLogs}/*", * "arn:${AWS::Partition}:s3:::${SSMAssocLogs}", * ], * effect: "Allow", * }], * }, * policyName: "s3-instance-bucket-policy", * }, * ], * path: "/", * managedPolicyArns: ["arn:${AWS::Partition}:iam::aws:policy/AmazonSSMManagedInstanceCore"], * assumeRolePolicyDocument: { * version: "2012-10-17", * statement: [{ * effect: "Allow", * principal: { * service: [ * "ec2.amazonaws.com", * "ssm.amazonaws.com", * ], * }, * action: "sts:AssumeRole", * }], * }, * }); * const ssmInstanceProfile = new aws_native.iam.InstanceProfile("ssmInstanceProfile", {roles: ["SSMInstanceRole"]}); * const ec2Instance = new aws_native.ec2.Instance("ec2Instance", { * imageId: "LatestAmiId", * instanceType: "t3.small", * iamInstanceProfile: "SSMInstanceProfile", * }); * const ansibleAssociation = new aws_native.ssm.Association("ansibleAssociation", { * name: "AWS-ApplyAnsiblePlaybooks", * targets: [{ * key: "InstanceIds", * values: ["EC2Instance"], * }], * outputLocation: { * s3Location: { * outputS3BucketName: "SSMAssocLogs", * outputS3KeyPrefix: "logs/", * }, * }, * parameters: { * sourceType: ["GitHub"], * sourceInfo: [`{"owner":"\${GitHubOwner}", * "repository":"\${GitHubRepo}", * "path":"", * "getOptions":"branch:\${GitHubBranch}"} * `], * installDependencies: ["True"], * playbookFile: ["playbook.yml"], * extraVariables: ["SSM=True"], * check: ["False"], * verbose: ["-v"], * }, * }); * export const webServerPublic = "EC2Instance.PublicDnsName"; * * ``` * ### Example * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws_native from "@pulumi/aws-native"; * * const config = new pulumi.Config(); * const latestAmiId = config.get("latestAmiId") || ""; * const latestAmiIdValue = latestAmiId == "" ? "/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2" : aws_native.getSsmParameterString({ * name: latestAmiId, * }).then(invoke => invoke.value); * const ssmAssocLogs = new aws_native.s3.Bucket("ssmAssocLogs", {}); * const ssmInstanceRole = new aws_native.iam.Role("ssmInstanceRole", { * policies: [ * { * policyDocument: { * version: "2012-10-17", * statement: [{ * action: ["s3:GetObject"], * resource: [ * "arn:aws:s3:::aws-ssm-${AWS::Region}/*", * "arn:aws:s3:::aws-windows-downloads-${AWS::Region}/*", * "arn:aws:s3:::amazon-ssm-${AWS::Region}/*", * "arn:aws:s3:::amazon-ssm-packages-${AWS::Region}/*", * "arn:aws:s3:::${AWS::Region}-birdwatcher-prod/*", * "arn:aws:s3:::patch-baseline-snapshot-${AWS::Region}/*", * ], * effect: "Allow", * }], * }, * policyName: "ssm-custom-s3-policy", * }, * { * policyDocument: { * version: "2012-10-17", * statement: [{ * action: [ * "s3:GetObject", * "s3:PutObject", * "s3:PutObjectAcl", * "s3:ListBucket", * ], * resource: [ * "arn:${AWS::Partition}:s3:::${SSMAssocLogs}/*", * "arn:${AWS::Partition}:s3:::${SSMAssocLogs}", * ], * effect: "Allow", * }], * }, * policyName: "s3-instance-bucket-policy", * }, * ], * path: "/", * managedPolicyArns: [ * "arn:${AWS::Partition}:iam::aws:policy/AmazonSSMManagedInstanceCore", * "arn:${AWS::Partition}:iam::aws:policy/CloudWatchAgentServerPolicy", * ], * assumeRolePolicyDocument: { * version: "2012-10-17", * statement: [{ * effect: "Allow", * principal: { * service: [ * "ec2.amazonaws.com", * "ssm.amazonaws.com", * ], * }, * action: "sts:AssumeRole", * }], * }, * }); * const ssmInstanceProfile = new aws_native.iam.InstanceProfile("ssmInstanceProfile", {roles: ["SSMInstanceRole"]}); * const ec2Instance = new aws_native.ec2.Instance("ec2Instance", { * imageId: "LatestAmiId", * instanceType: "t3.medium", * iamInstanceProfile: "SSMInstanceProfile", * tags: [{ * key: "nginx", * value: "yes", * }], * }); * const nginxAssociation = new aws_native.ssm.Association("nginxAssociation", { * name: "AWS-RunShellScript", * targets: [{ * key: "tag:nginx", * values: ["yes"], * }], * outputLocation: { * s3Location: { * outputS3BucketName: "SSMAssocLogs", * outputS3KeyPrefix: "logs/", * }, * }, * parameters: { * commands: [`sudo amazon-linux-extras install nginx1 -y * sudo service nginx start * `], * }, * }, { * dependsOn: [ec2Instance], * }); * export const webServerPublic = "EC2Instance.PublicDnsName"; * * ``` * ### Example * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws_native from "@pulumi/aws-native"; * * const config = new pulumi.Config(); * const latestAmiId = config.get("latestAmiId") || ""; * const latestAmiIdValue = latestAmiId == "" ? "/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2" : aws_native.getSsmParameterString({ * name: latestAmiId, * }).then(invoke => invoke.value); * const ssmAssocLogs = new aws_native.s3.Bucket("ssmAssocLogs", {}); * const nginxInstallAutomation = new aws_native.ssm.Document("nginxInstallAutomation", { * documentType: aws_native.ssm.DocumentType.Automation, * content: { * schemaVersion: "0.3", * description: "Updates AMI with Linux distribution packages and installs Nginx software", * assumeRole: "{{AutomationAssumeRole}}", * parameters: { * instanceId: { * description: "ID of the Instance.", * type: "String", * }, * automationAssumeRole: { * "default": "", * description: "(Optional) The ARN of the role that allows Automation to perform the actions on your behalf.", * type: "String", * }, * }, * mainSteps: [ * { * name: "updateOSSoftware", * action: "aws:runCommand", * maxAttempts: 3, * timeoutSeconds: 3600, * inputs: { * documentName: "AWS-RunShellScript", * instanceIds: ["{{InstanceId}}"], * cloudWatchOutputConfig: { * cloudWatchOutputEnabled: "true", * }, * parameters: { * commands: [`#!/bin/bash * sudo yum update -y * needs-restarting -r * if [ ? -eq 1 ] * then * exit 194 * else * exit 0 * fi * `], * }, * }, * }, * { * name: "InstallNginx", * action: "aws:runCommand", * inputs: { * documentName: "AWS-RunShellScript", * instanceIds: ["{{InstanceId}}"], * cloudWatchOutputConfig: { * cloudWatchOutputEnabled: "true", * }, * parameters: { * commands: [`sudo amazon-linux-extras install nginx1 -y * sudo service nginx start * `], * }, * }, * }, * { * name: "TestInstall", * action: "aws:runCommand", * maxAttempts: 3, * timeoutSeconds: 3600, * onFailure: "Abort", * inputs: { * documentName: "AWS-RunShellScript", * instanceIds: ["{{InstanceId}}"], * parameters: { * commands: ["curl localhost\n"], * }, * }, * }, * ], * }, * }); * const ssmExecutionRole = new aws_native.iam.Role("ssmExecutionRole", { * policies: [{ * policyDocument: { * version: "2012-10-17", * statement: [{ * action: [ * "ssm:StartAssociationsOnce", * "ssm:CreateAssociation", * "ssm:CreateAssociationBatch", * "ssm:UpdateAssociation", * ], * resource: "*", * effect: "Allow", * }], * }, * policyName: "ssm-association", * }], * path: "/", * managedPolicyArns: ["arn:${AWS::Partition}:iam::aws:policy/service-role/AmazonSSMAutomationRole"], * assumeRolePolicyDocument: { * version: "2012-10-17", * statement: [{ * effect: "Allow", * principal: { * service: [ * "ec2.amazonaws.com", * "ssm.amazonaws.com", * ], * }, * action: "sts:AssumeRole", * }], * }, * }); * const ssmInstanceRole = new aws_native.iam.Role("ssmInstanceRole", { * policies: [ * { * policyDocument: { * version: "2012-10-17", * statement: [{ * action: ["s3:GetObject"], * resource: [ * "arn:aws:s3:::aws-ssm-${AWS::Region}/*", * "arn:aws:s3:::aws-windows-downloads-${AWS::Region}/*", * "arn:aws:s3:::amazon-ssm-${AWS::Region}/*", * "arn:aws:s3:::amazon-ssm-packages-${AWS::Region}/*", * "arn:aws:s3:::${AWS::Region}-birdwatcher-prod/*", * "arn:aws:s3:::patch-baseline-snapshot-${AWS::Region}/*", * ], * effect: "Allow", * }], * }, * policyName: "ssm-custom-s3-policy", * }, * { * policyDocument: { * version: "2012-10-17", * statement: [{ * action: [ * "s3:GetObject", * "s3:PutObject", * "s3:PutObjectAcl", * "s3:ListBucket", * ], * resource: [ * "arn:${AWS::Partition}:s3:::${SSMAssocLogs}/*", * "arn:${AWS::Partition}:s3:::${SSMAssocLogs}", * ], * effect: "Allow", * }], * }, * policyName: "s3-instance-bucket-policy", * }, * ], * path: "/", * managedPolicyArns: [ * "arn:${AWS::Partition}:iam::aws:policy/AmazonSSMManagedInstanceCore", * "arn:${AWS::Partition}:iam::aws:policy/CloudWatchAgentServerPolicy", * ], * assumeRolePolicyDocument: { * version: "2012-10-17", * statement: [{ * effect: "Allow", * principal: { * service: [ * "ec2.amazonaws.com", * "ssm.amazonaws.com", * ], * }, * action: "sts:AssumeRole", * }], * }, * }); * const ssmInstanceProfile = new aws_native.iam.InstanceProfile("ssmInstanceProfile", {roles: ["SSMInstanceRole"]}); * const ec2Instance = new aws_native.ec2.Instance("ec2Instance", { * imageId: "LatestAmiId", * instanceType: "t3.medium", * iamInstanceProfile: "SSMInstanceProfile", * tags: [{ * key: "nginx", * value: "true", * }], * }); * const nginxAssociation = new aws_native.ssm.Association("nginxAssociation", { * name: "nginxInstallAutomation", * outputLocation: { * s3Location: { * outputS3BucketName: "SSMAssocLogs", * outputS3KeyPrefix: "logs/", * }, * }, * automationTargetParameterName: "InstanceId", * parameters: { * automationAssumeRole: ["SSMExecutionRole.Arn"], * }, * targets: [{ * key: "tag:nginx", * values: ["true"], * }], * }, { * dependsOn: [ec2Instance], * }); * export const webServerPublic = "EC2Instance.PublicDnsName"; * * ``` */ export declare class Bucket extends pulumi.CustomResource { /** * Get an existing Bucket resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, opts?: pulumi.CustomResourceOptions): Bucket; /** * Returns true if the given object is an instance of Bucket. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is Bucket; /** * Configures the transfer acceleration state for an Amazon S3 bucket. For more information, see [Amazon S3 Transfer Acceleration](https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html) in the *Amazon S3 User Guide*. */ readonly accelerateConfiguration: pulumi.Output<outputs.s3.BucketAccelerateConfiguration | undefined>; /** * This is a legacy property, and it is not recommended for most use cases. A majority of modern use cases in Amazon S3 no longer require the use of ACLs, and we recommend that you keep ACLs disabled. For more information, see [Controlling object ownership](https://docs.aws.amazon.com//AmazonS3/latest/userguide/about-object-ownership.html) in the *Amazon S3 User Guide*. * A canned access control list (ACL) that grants predefined permissions to the bucket. For more information about canned ACLs, see [Canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl) in the *Amazon S3 User Guide*. * S3 buckets are created with ACLs disabled by default. Therefore, unless you explicitly set the [AWS::S3::OwnershipControls](https://docs.aws.amazon.com//AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-ownershipcontrols.html) property to enable ACLs, your resource will fail to deploy with any value other than Private. Use cases requiring ACLs are uncommon. * The majority of access control configurations can be successfully and more easily achieved with bucket policies. For more information, see [AWS::S3::BucketPolicy](https://docs.aws.amazon.com//AWSCloudFormation/latest/UserGuide/aws-properties-s3-policy.html). For examples of common policy configurations, including S3 Server Access Logs buckets and more, see [Bucket policy examples](https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html) in the *Amazon S3 User Guide*. */ readonly accessControl: pulumi.Output<enums.s3.BucketAccessControl | undefined>; /** * Specifies the configuration and any analyses for the analytics filter of an Amazon S3 bucket. */ readonly analyticsConfigurations: pulumi.Output<outputs.s3.BucketAnalyticsConfiguration[] | undefined>; /** * Returns the Amazon Resource Name (ARN) of the specified bucket. * * Example: `arn:aws:s3:::DOC-EXAMPLE-BUCKET` */ readonly arn: pulumi.Output<string>; /** * Specifies default encryption for a bucket using server-side encryption with Amazon S3-managed keys (SSE-S3), AWS KMS-managed keys (SSE-KMS), or dual-layer server-side encryption with KMS-managed keys (DSSE-KMS). For information about the Amazon S3 default encryption feature, see [Amazon S3 Default Encryption for S3 Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) in the *Amazon S3 User Guide*. */ readonly bucketEncryption: pulumi.Output<outputs.s3.BucketEncryption | undefined>; /** * A name for the bucket. If you don't specify a name, AWS CloudFormation generates a unique ID and uses that ID for the bucket name. The bucket name must contain only lowercase letters, numbers, periods (.), and dashes (-) and must follow [Amazon S3 bucket restrictions and limitations](https://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html). For more information, see [Rules for naming Amazon S3 buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html) in the *Amazon S3 User Guide*. * If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you need to replace the resource, specify a new name. */ readonly bucketName: pulumi.Output<string | undefined>; /** * Describes the cross-origin access configuration for objects in an Amazon S3 bucket. For more information, see [Enabling Cross-Origin Resource Sharing](https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html) in the *Amazon S3 User Guide*. */ readonly corsConfiguration: pulumi.Output<outputs.s3.BucketCorsConfiguration | undefined>; /** * Returns the IPv4 DNS name of the specified bucket. * * Example: `DOC-EXAMPLE-BUCKET.s3.amazonaws.com` */ readonly domainName: pulumi.Output<string>; /** * Returns the IPv6 DNS name of the specified bucket. * * Example: `DOC-EXAMPLE-BUCKET.s3.dualstack.us-east-2.amazonaws.com` * * For more information about dual-stack endpoints, see [Using Amazon S3 Dual-Stack Endpoints](https://docs.aws.amazon.com/AmazonS3/latest/dev/dual-stack-endpoints.html) . */ readonly dualStackDomainName: pulumi.Output<string>; /** * Defines how Amazon S3 handles Intelligent-Tiering storage. */ readonly intelligentTieringConfigurations: pulumi.Output<outputs.s3.BucketIntelligentTieringConfiguration[] | undefined>; /** * Specifies the inventory configuration for an Amazon S3 bucket. For more information, see [GET Bucket inventory](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETInventoryConfig.html) in the *Amazon S3 API Reference*. */ readonly inventoryConfigurations: pulumi.Output<outputs.s3.BucketInventoryConfiguration[] | undefined>; /** * Specifies the lifecycle configuration for objects in an Amazon S3 bucket. For more information, see [Object Lifecycle Management](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html) in the *Amazon S3 User Guide*. */ readonly lifecycleConfiguration: pulumi.Output<outputs.s3.BucketLifecycleConfiguration | undefined>; /** * Settings that define where logs are stored. */ readonly loggingConfiguration: pulumi.Output<outputs.s3.BucketLoggingConfiguration | undefined>; readonly metadataConfiguration: pulumi.Output<outputs.s3.BucketMetadataConfiguration | undefined>; /** * The metadata table configuration of an S3 general purpose bucket. */ readonly metadataTableConfiguration: pulumi.Output<outputs.s3.BucketMetadataTableConfiguration | undefined>; /** * Specifies a metrics configuration for the CloudWatch request metrics (specified by the metrics configuration ID) from an Amazon S3 bucket. If you're updating an existing metrics configuration, note that this is a full replacement of the existing metrics configuration. If you don't include the elements you want to keep, they are erased. For more information, see [PutBucketMetricsConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTMetricConfiguration.html). */ readonly metricsConfigurations: pulumi.Output<outputs.s3.BucketMetricsConfiguration[] | undefined>; /** * Configuration that defines how Amazon S3 handles bucket notifications. */ readonly notificationConfiguration: pulumi.Output<outputs.s3.BucketNotificationConfiguration | undefined>; /** * This operation is not supported for directory buckets. * Places an Object Lock configuration on the specified bucket. The rule specified in the Object Lock configuration will be applied by default to every new object placed in the specified bucket. For more information, see [Locking Objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html). * + The ``DefaultRetention`` settings require both a mode and a period. * + The ``DefaultRetention`` period can be either ``Days`` or ``Years`` but you must select one. You cannot specify ``Days`` and ``Years`` at the same time. * + You can enable Object Lock for new or existing buckets. For more information, see [Configuring Object Lock](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-configure.html). */ readonly objectLockConfiguration: pulumi.Output<outputs.s3.BucketObjectLockConfiguration | undefined>; /** * Indicates whether this bucket has an Object Lock configuration enabled. Enable ``ObjectLockEnabled`` when you apply ``ObjectLockConfiguration`` to a bucket. */ readonly objectLockEnabled: pulumi.Output<boolean | undefined>; /** * Configuration that defines how Amazon S3 handles Object Ownership rules. */ readonly ownershipControls: pulumi.Output<outputs.s3.BucketOwnershipControls | undefined>; /** * Configuration that defines how Amazon S3 handles public access. */ readonly publicAccessBlockConfiguration: pulumi.Output<outputs.s3.BucketPublicAccessBlockConfiguration | undefined>; /** * Returns the regional domain name of the specified bucket. * * Example: `DOC-EXAMPLE-BUCKET.s3.us-east-2.amazonaws.com` */ readonly regionalDomainName: pulumi.Output<string>; /** * Configuration for replicating objects in an S3 bucket. To enable replication, you must also enable versioning by using the ``VersioningConfiguration`` property. * Amazon S3 can store replicated objects in a single destination bucket or multiple destination buckets. The destination bucket or buckets must already exist. */ readonly replicationConfiguration: pulumi.Output<outputs.s3.BucketReplicationConfiguration | undefined>; /** * An arbitrary set of tags (key-value pairs) for this S3 bucket. */ readonly tags: pulumi.Output<outputs.Tag[] | undefined>; /** * Enables multiple versions of all objects in this bucket. You might enable versioning to prevent objects from being deleted or overwritten by mistake or to archive objects so that you can retrieve previous versions of them. * When you enable versioning on a bucket for the first time, it might take a short amount of time for the change to be fully propagated. We recommend that you wait for 15 minutes after enabling versioning before issuing write operations (``PUT`` or ``DELETE``) on objects in the bucket. */ readonly versioningConfiguration: pulumi.Output<outputs.s3.BucketVersioningConfiguration | undefined>; /** * Information used to configure the bucket as a static website. For more information, see [Hosting Websites on Amazon S3](https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html). */ readonly websiteConfiguration: pulumi.Output<outputs.s3.BucketWebsiteConfiguration | undefined>; /** * Returns the Amazon S3 website endpoint for the specified bucket. * * Example (IPv4): `http://DOC-EXAMPLE-BUCKET.s3-website.us-east-2.amazonaws.com` * * Example (IPv6): `http://DOC-EXAMPLE-BUCKET.s3.dualstack.us-east-2.amazonaws.com` */ readonly websiteUrl: pulumi.Output<string>; /** * Create a Bucket resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args?: BucketArgs, opts?: pulumi.CustomResourceOptions); } /** * The set of arguments for constructing a Bucket resource. */ export interface BucketArgs { /** * Configures the transfer acceleration state for an Amazon S3 bucket. For more information, see [Amazon S3 Transfer Acceleration](https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html) in the *Amazon S3 User Guide*. */ accelerateConfiguration?: pulumi.Input<inputs.s3.BucketAccelerateConfigurationArgs>; /** * This is a legacy property, and it is not recommended for most use cases. A majority of modern use cases in Amazon S3 no longer require the use of ACLs, and we recommend that you keep ACLs disabled. For more information, see [Controlling object ownership](https://docs.aws.amazon.com//AmazonS3/latest/userguide/about-object-ownership.html) in the *Amazon S3 User Guide*. * A canned access control list (ACL) that grants predefined permissions to the bucket. For more information about canned ACLs, see [Canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl) in the *Amazon S3 User Guide*. * S3 buckets are created with ACLs disabled by default. Therefore, unless you explicitly set the [AWS::S3::OwnershipControls](https://docs.aws.amazon.com//AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-ownershipcontrols.html) property to enable ACLs, your resource will fail to deploy with any value other than Private. Use cases requiring ACLs are uncommon. * The majority of access control configurations can be successfully and more easily achieved with bucket policies. For more information, see [AWS::S3::BucketPolicy](https://docs.aws.amazon.com//AWSCloudFormation/latest/UserGuide/aws-properties-s3-policy.html). For examples of common policy configurations, including S3 Server Access Logs buckets and more, see [Bucket policy examples](https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html) in the *Amazon S3 User Guide*. */ accessControl?: pulumi.Input<enums.s3.BucketAccessControl>; /** * Specifies the configuration and any analyses for the analytics filter of an Amazon S3 bucket. */ analyticsConfigurations?: pulumi.Input<pulumi.Input<inputs.s3.BucketAnalyticsConfigurationArgs>[]>; /** * Specifies default encryption for a bucket using server-side encryption with Amazon S3-managed keys (SSE-S3), AWS KMS-managed keys (SSE-KMS), or dual-layer server-side encryption with KMS-managed keys (DSSE-KMS). For information about the Amazon S3 default encryption feature, see [Amazon S3 Default Encryption for S3 Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) in the *Amazon S3 User Guide*. */ bucketEncryption?: pulumi.Input<inputs.s3.BucketEncryptionArgs>; /** * A name for the bucket. If you don't specify a name, AWS CloudFormation generates a unique ID and uses that ID for the bucket name. The bucket name must contain only lowercase letters, numbers, periods (.), and dashes (-) and must follow [Amazon S3 bucket restrictions and limitations](https://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html). For more information, see [Rules for naming Amazon S3 buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html) in the *Amazon S3 User Guide*. * If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you need to replace the resource, specify a new name. */ bucketName?: pulumi.Input<string>; /** * Describes the cross-origin access configuration for objects in an Amazon S3 bucket. For more information, see [Enabling Cross-Origin Resource Sharing](https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html) in the *Amazon S3 User Guide*. */ corsConfiguration?: pulumi.Input<inputs.s3.BucketCorsConfigurationArgs>; /** * Defines how Amazon S3 handles Intelligent-Tiering storage. */ intelligentTieringConfigurations?: pulumi.Input<pulumi.Input<inputs.s3.BucketIntelligentTieringConfigurationArgs>[]>; /** * Specifies the inventory configuration for an Amazon S3 bucket. For more information, see [GET Bucket inventory](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETInventoryConfig.html) in the *Amazon S3 API Reference*. */ inventoryConfigurations?: pulumi.Input<pulumi.Input<inputs.s3.BucketInventoryConfigurationArgs>[]>; /** * Specifies the lifecycle configuration for objects in an Amazon S3 bucket. For more information, see [Object Lifecycle Management](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html) in the *Amazon S3 User Guide*. */ lifecycleConfiguration?: pulumi.Input<inputs.s3.BucketLifecycleConfigurationArgs>; /** * Settings that define where logs are stored. */ loggingConfiguration?: pulumi.Input<inputs.s3.BucketLoggingConfigurationArgs>; metadataConfiguration?: pulumi.Input<inputs.s3.BucketMetadataConfigurationArgs>; /** * The metadata table configuration of an S3 general purpose bucket. */ metadataTableConfiguration?: pulumi.Input<inputs.s3.BucketMetadataTableConfigurationArgs>; /** * Specifies a metrics configuration for the CloudWatch request metrics (specified by the metrics configuration ID) from an Amazon S3 bucket. If you're updating an existing metrics configuration, note that this is a full replacement of the existing metrics configuration. If you don't include the elements you want to keep, they are erased. For more information, see [PutBucketMetricsConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTMetricConfiguration.html). */ metricsConfigurations?: pulumi.Input<pulumi.Input<inputs.s3.BucketMetricsConfigurationArgs>[]>; /** * Configuration that defines how Amazon S3 handles bucket notifications. */ notificationConfiguration?: pulumi.Input<inputs.s3.BucketNotificationConfigurationArgs>; /** * This operation is not supported for directory buckets. * Places an Object Lock configuration on the specified bucket. The rule specified in the Object Lock configuration will be applied by default to every new object placed in the specified bucket. For more information, see [Locking Objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html). * + The ``DefaultRetention`` settings require both a mode and a period. * + The ``DefaultRetention`` period can be either ``Days`` or ``Years`` but you must select one. You cannot specify ``Days`` and ``Years`` at the same time. * + You can enable Object Lock for new or existing buckets. For more information, see [Configuring Object Lock](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-configure.html). */ objectLockConfiguration?: pulumi.Input<inputs.s3.BucketObjectLockConfigurationArgs>; /** * Indicates whether this bucket has an Object Lock configuration enabled. Enable ``ObjectLockEnabled`` when you apply ``ObjectLockConfiguration`` to a bucket. */ objectLockEnabled?: pulumi.Input<boolean>; /** * Configuration that defines how Amazon S3 handles Object Ownership rules. */ ownershipControls?: pulumi.Input<inputs.s3.BucketOwnershipControlsArgs>; /** * Configuration that defines how Amazon S3 handles public access. */ publicAccessBlockConfiguration?: pulumi.Input<inputs.s3.BucketPublicAccessBlockConfigurationArgs>; /** * Configuration for replicating objects in an S3 bucket. To enable replication, you must also enable versioning by using the ``VersioningConfiguration`` property. * Amazon S3 can store replicated objects in a single destination bucket or multiple destination buckets. The destination bucket or buckets must already exist. */ replicationConfiguration?: pulumi.Input<inputs.s3.BucketReplicationConfigurationArgs>; /** * An arbitrary set of tags (key-value pairs) for this S3 bucket. */ tags?: pulumi.Input<pulumi.Input<inputs.TagArgs>[]>; /** * Enables multiple versions of all objects in this bucket. You might enable versioning to prevent objects from being deleted or overwritten by mistake or to archive objects so that you can retrieve previous versions of them. * When you enable versioning on a bucket for the first time, it might take a short amount of time for the change to be fully propagated. We recommend that you wait for 15 minutes after enabling versioning before issuing write operations (``PUT`` or ``DELETE``) on objects in the bucket. */ versioningConfiguration?: pulumi.Input<inputs.s3.BucketVersioningConfigurationArgs>; /** * Information used to configure the bucket as a static website. For more information, see [Hosting Websites on Amazon S3](https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html). */ websiteConfiguration?: pulumi.Input<inputs.s3.BucketWebsiteConfigurationArgs>; }