@pulumi/aws
Version:
A Pulumi package for creating and managing Amazon Web Services (AWS) cloud resources.
653 lines (652 loc) • 32.2 kB
TypeScript
import * as pulumi from "@pulumi/pulumi";
import * as inputs from "../types/input";
import * as outputs from "../types/output";
import { Bucket } from "./index";
/**
* Provides an S3 object resource.
*
* ## Example Usage
*
* ### Uploading a file to a bucket
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
* import * as std from "@pulumi/std";
*
* const object = new aws.s3.BucketObjectv2("object", {
* bucket: "your_bucket_name",
* key: "new_object_key",
* source: new pulumi.asset.FileAsset("path/to/file"),
* etag: std.filemd5({
* input: "path/to/file",
* }).then(invoke => invoke.result),
* });
* ```
*
* ### Encrypting with KMS Key
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
*
* const examplekms = new aws.kms.Key("examplekms", {
* description: "KMS key 1",
* deletionWindowInDays: 7,
* });
* const examplebucket = new aws.s3.Bucket("examplebucket", {bucket: "examplebuckettftest"});
* const example = new aws.s3.BucketAcl("example", {
* bucket: examplebucket.id,
* acl: "private",
* });
* const exampleBucketObjectv2 = new aws.s3.BucketObjectv2("example", {
* key: "someobject",
* bucket: examplebucket.id,
* source: new pulumi.asset.FileAsset("index.html"),
* kmsKeyId: examplekms.arn,
* });
* ```
*
* ### Server Side Encryption with S3 Default Master Key
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
*
* const examplebucket = new aws.s3.Bucket("examplebucket", {bucket: "examplebuckettftest"});
* const example = new aws.s3.BucketAcl("example", {
* bucket: examplebucket.id,
* acl: "private",
* });
* const exampleBucketObjectv2 = new aws.s3.BucketObjectv2("example", {
* key: "someobject",
* bucket: examplebucket.id,
* source: new pulumi.asset.FileAsset("index.html"),
* serverSideEncryption: "aws:kms",
* });
* ```
*
* ### Server Side Encryption with AWS-Managed Key
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
*
* const examplebucket = new aws.s3.Bucket("examplebucket", {bucket: "examplebuckettftest"});
* const example = new aws.s3.BucketAcl("example", {
* bucket: examplebucket.id,
* acl: "private",
* });
* const exampleBucketObjectv2 = new aws.s3.BucketObjectv2("example", {
* key: "someobject",
* bucket: examplebucket.id,
* source: new pulumi.asset.FileAsset("index.html"),
* serverSideEncryption: "AES256",
* });
* ```
*
* ### S3 Object Lock
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
*
* const examplebucket = new aws.s3.Bucket("examplebucket", {
* bucket: "examplebuckettftest",
* objectLockEnabled: true,
* });
* const example = new aws.s3.BucketAcl("example", {
* bucket: examplebucket.id,
* acl: "private",
* });
* const exampleBucketVersioning = new aws.s3.BucketVersioning("example", {
* bucket: examplebucket.id,
* versioningConfiguration: {
* status: "Enabled",
* },
* });
* const examplebucketObject = new aws.s3.BucketObjectv2("examplebucket_object", {
* key: "someobject",
* bucket: examplebucket.id,
* source: new pulumi.asset.FileAsset("important.txt"),
* objectLockLegalHoldStatus: "ON",
* objectLockMode: "GOVERNANCE",
* objectLockRetainUntilDate: "2021-12-31T23:59:60Z",
* forceDestroy: true,
* }, {
* dependsOn: [exampleBucketVersioning],
* });
* ```
*
* ### Ignoring Provider `defaultTags`
*
* S3 objects support a [maximum of 10 tags](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-tagging.html).
* If the resource's own `tags` and the provider-level `defaultTags` would together lead to more than 10 tags on an S3 object, use the `overrideProvider` configuration block to suppress any provider-level `defaultTags`.
*
* > S3 objects stored in Amazon S3 Express directory buckets do not support tags, so any provider-level `defaultTags` must be suppressed.
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
*
* const examplebucket = new aws.s3.Bucket("examplebucket", {bucket: "examplebuckettftest"});
* const examplebucketObject = new aws.s3.BucketObjectv2("examplebucket_object", {
* key: "someobject",
* bucket: examplebucket.id,
* source: new pulumi.asset.FileAsset("important.txt"),
* tags: {
* Env: "test",
* },
* overrideProvider: {
* defaultTags: {
* tags: {},
* },
* },
* });
* ```
*
* ## Import
*
* ### Identity Schema
*
* #### Required
*
* * `bucket` (String) S3 bucket name.
*
* * `key` (String) Object key.
*
* #### Optional
*
* * `account_id` (String) AWS Account where this resource is managed.
*
* * `region` (String) Region where this resource is managed.
*
* Import using S3 URL syntax:
*
* terraform
*
* import {
*
* to = aws_s3_object.example
*
* id = "s3://some-bucket-name/some/key.txt"
*
* }
*
* **Using `pulumi import` to import** objects using the `id` or S3 URL. For example:
*
* Import using the `id`, which is the bucket name and the key together:
*
* console
*
* % pulumi import aws_s3_object.example some-bucket-name/some/key.txt
*
* Import using S3 URL syntax:
*
* console
*
* % pulumi import aws_s3_object.example s3://some-bucket-name/some/key.txt
*/
export declare class BucketObjectv2 extends pulumi.CustomResource {
/**
* Get an existing BucketObjectv2 resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name: string, id: pulumi.Input<pulumi.ID>, state?: BucketObjectv2State, opts?: pulumi.CustomResourceOptions): BucketObjectv2;
/**
* Returns true if the given object is an instance of BucketObjectv2. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj: any): obj is BucketObjectv2;
/**
* [Canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl) to apply. Valid values are `private`, `public-read`, `public-read-write`, `aws-exec-read`, `authenticated-read`, `bucket-owner-read`, and `bucket-owner-full-control`.
*/
readonly acl: pulumi.Output<string>;
/**
* ARN of the object.
*/
readonly arn: pulumi.Output<string>;
/**
* Name of the bucket to put the file in. Alternatively, an [S3 access point](https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html) ARN can be specified.
*/
readonly bucket: pulumi.Output<string>;
/**
* Whether or not to use [Amazon S3 Bucket Keys](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html) for SSE-KMS.
*/
readonly bucketKeyEnabled: pulumi.Output<boolean>;
/**
* Caching behavior along the request/reply chain Read [w3c cacheControl](http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9) for further details.
*/
readonly cacheControl: pulumi.Output<string | undefined>;
/**
* Indicates the algorithm used to create the checksum for the object. If a value is specified and the object is encrypted with KMS, you must have permission to use the `kms:Decrypt` action. Valid values: `CRC32`, `CRC32C`, `CRC64NVME`, `SHA1`, `SHA256`.
*/
readonly checksumAlgorithm: pulumi.Output<string | undefined>;
/**
* The base64-encoded, 32-bit CRC32 checksum of the object.
*/
readonly checksumCrc32: pulumi.Output<string>;
/**
* The base64-encoded, 32-bit CRC32C checksum of the object.
*/
readonly checksumCrc32c: pulumi.Output<string>;
/**
* The base64-encoded, 64-bit CRC64NVME checksum of the object.
*/
readonly checksumCrc64nvme: pulumi.Output<string>;
/**
* The base64-encoded, 160-bit SHA-1 digest of the object.
*/
readonly checksumSha1: pulumi.Output<string>;
/**
* The base64-encoded, 256-bit SHA-256 digest of the object.
*/
readonly checksumSha256: pulumi.Output<string>;
/**
* Literal string value to use as the object content, which will be uploaded as UTF-8-encoded text.
*/
readonly content: pulumi.Output<string | undefined>;
/**
* Base64-encoded data that will be decoded and uploaded as raw bytes for the object content. This allows safely uploading non-UTF8 binary data, but is recommended only for small content such as the result of the `gzipbase64` function with small text strings. For larger objects, use `source` to stream the content from a disk file.
*/
readonly contentBase64: pulumi.Output<string | undefined>;
/**
* Presentational information for the object. Read [w3c contentDisposition](http://www.w3.org/Protocols/rfc2616/rfc2616-sec19.html#sec19.5.1) for further information.
*/
readonly contentDisposition: pulumi.Output<string | undefined>;
/**
* Content encodings that have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field. Read [w3c content encoding](http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.11) for further information.
*/
readonly contentEncoding: pulumi.Output<string | undefined>;
/**
* Language the content is in e.g., en-US or en-GB.
*/
readonly contentLanguage: pulumi.Output<string | undefined>;
/**
* Standard MIME type describing the format of the object data, e.g., application/octet-stream. All Valid MIME Types are valid for this input.
*/
readonly contentType: pulumi.Output<string>;
/**
* Triggers updates when the value changes. This attribute is not compatible with KMS encryption, `kmsKeyId` or `serverSideEncryption = "aws:kms"`, also if an object is larger than 16 MB, the AWS Management Console will upload or copy that object as a Multipart Upload, and therefore the ETag will not be an MD5 digest (see `sourceHash` instead).
*/
readonly etag: pulumi.Output<string>;
/**
* Whether to allow the object to be deleted by removing any legal hold on any object version. Default is `false`. This value should be set to `true` only if the bucket has S3 object lock enabled.
*/
readonly forceDestroy: pulumi.Output<boolean | undefined>;
/**
* Name of the object once it is in the bucket.
*
* The following arguments are optional:
*/
readonly key: pulumi.Output<string>;
/**
* ARN of the KMS Key to use for object encryption. If the S3 Bucket has server-side encryption enabled, that value will automatically be used. If referencing the `aws.kms.Key` resource, use the `arn` attribute. If referencing the `aws.kms.Alias` data source or resource, use the `targetKeyArn` attribute. The provider will only perform drift detection if a configuration value is provided.
*/
readonly kmsKeyId: pulumi.Output<string>;
/**
* Map of keys/values to provision metadata (will be automatically prefixed by `x-amz-meta-`, note that only lowercase label are currently supported by the AWS Go API).
*/
readonly metadata: pulumi.Output<{
[key: string]: string;
} | undefined>;
/**
* [Legal hold](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html#object-lock-legal-holds) status that you want to apply to the specified object. Valid values are `ON` and `OFF`.
*/
readonly objectLockLegalHoldStatus: pulumi.Output<string | undefined>;
/**
* Object lock [retention mode](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html#object-lock-retention-modes) that you want to apply to this object. Valid values are `GOVERNANCE` and `COMPLIANCE`.
*/
readonly objectLockMode: pulumi.Output<string | undefined>;
/**
* Date and time, in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8), when this object's object lock will [expire](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html#object-lock-retention-periods).
*/
readonly objectLockRetainUntilDate: pulumi.Output<string | undefined>;
/**
* Override provider-level configuration options. See Override Provider below for more details.
*/
readonly overrideProvider: pulumi.Output<outputs.s3.BucketObjectv2OverrideProvider | undefined>;
/**
* Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration.
*/
readonly region: pulumi.Output<string>;
/**
* Server-side encryption of the object in S3. Valid values are `"AES256"`, `"aws:kms"`, `"aws:kms:dsse"`, and `"aws:fsx"`.
*/
readonly serverSideEncryption: pulumi.Output<string>;
/**
* Path to a file that will be read and uploaded as raw bytes for the object content.
*/
readonly source: pulumi.Output<pulumi.asset.Asset | pulumi.asset.Archive | undefined>;
/**
* Triggers updates like `etag` but useful to address `etag` encryption limitations. (The value is only stored in state and not saved by AWS.)
*/
readonly sourceHash: pulumi.Output<string | undefined>;
/**
* [Storage Class](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html#AmazonS3-PutObject-request-header-StorageClass) for the object. Defaults to "`STANDARD`".
*/
readonly storageClass: pulumi.Output<string>;
/**
* Map of tags to assign to the object. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
*/
readonly tags: pulumi.Output<{
[key: string]: string;
} | undefined>;
/**
* Map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block.
*/
readonly tagsAll: pulumi.Output<{
[key: string]: string;
}>;
/**
* Unique version ID value for the object, if bucket versioning is enabled.
*/
readonly versionId: pulumi.Output<string>;
/**
* Target URL for [website redirect](http://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html).
*
* If no content is provided through `source`, `content` or `contentBase64`, then the object will be empty.
*
* > **Note:** If you specify `contentEncoding` you are responsible for encoding the body appropriately. `source`, `content`, and `contentBase64` all expect already encoded/compressed bytes.
*
* > **Note:** The provider ignores all leading `/`s in the object's `key` and treats multiple `/`s in the rest of the object's `key` as a single `/`, so values of `/index.html` and `index.html` correspond to the same S3 object as do `first//second///third//` and `first/second/third/`.
*/
readonly websiteRedirect: pulumi.Output<string | undefined>;
/**
* Create a BucketObjectv2 resource with the given unique name, arguments, and options.
*
* @param name The _unique_ name of the resource.
* @param args The arguments to use to populate this resource's properties.
* @param opts A bag of options that control this resource's behavior.
*/
constructor(name: string, args: BucketObjectv2Args, opts?: pulumi.CustomResourceOptions);
}
/**
* Input properties used for looking up and filtering BucketObjectv2 resources.
*/
export interface BucketObjectv2State {
/**
* [Canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl) to apply. Valid values are `private`, `public-read`, `public-read-write`, `aws-exec-read`, `authenticated-read`, `bucket-owner-read`, and `bucket-owner-full-control`.
*/
acl?: pulumi.Input<string>;
/**
* ARN of the object.
*/
arn?: pulumi.Input<string>;
/**
* Name of the bucket to put the file in. Alternatively, an [S3 access point](https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html) ARN can be specified.
*/
bucket?: pulumi.Input<string | Bucket>;
/**
* Whether or not to use [Amazon S3 Bucket Keys](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html) for SSE-KMS.
*/
bucketKeyEnabled?: pulumi.Input<boolean>;
/**
* Caching behavior along the request/reply chain Read [w3c cacheControl](http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9) for further details.
*/
cacheControl?: pulumi.Input<string>;
/**
* Indicates the algorithm used to create the checksum for the object. If a value is specified and the object is encrypted with KMS, you must have permission to use the `kms:Decrypt` action. Valid values: `CRC32`, `CRC32C`, `CRC64NVME`, `SHA1`, `SHA256`.
*/
checksumAlgorithm?: pulumi.Input<string>;
/**
* The base64-encoded, 32-bit CRC32 checksum of the object.
*/
checksumCrc32?: pulumi.Input<string>;
/**
* The base64-encoded, 32-bit CRC32C checksum of the object.
*/
checksumCrc32c?: pulumi.Input<string>;
/**
* The base64-encoded, 64-bit CRC64NVME checksum of the object.
*/
checksumCrc64nvme?: pulumi.Input<string>;
/**
* The base64-encoded, 160-bit SHA-1 digest of the object.
*/
checksumSha1?: pulumi.Input<string>;
/**
* The base64-encoded, 256-bit SHA-256 digest of the object.
*/
checksumSha256?: pulumi.Input<string>;
/**
* Literal string value to use as the object content, which will be uploaded as UTF-8-encoded text.
*/
content?: pulumi.Input<string>;
/**
* Base64-encoded data that will be decoded and uploaded as raw bytes for the object content. This allows safely uploading non-UTF8 binary data, but is recommended only for small content such as the result of the `gzipbase64` function with small text strings. For larger objects, use `source` to stream the content from a disk file.
*/
contentBase64?: pulumi.Input<string>;
/**
* Presentational information for the object. Read [w3c contentDisposition](http://www.w3.org/Protocols/rfc2616/rfc2616-sec19.html#sec19.5.1) for further information.
*/
contentDisposition?: pulumi.Input<string>;
/**
* Content encodings that have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field. Read [w3c content encoding](http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.11) for further information.
*/
contentEncoding?: pulumi.Input<string>;
/**
* Language the content is in e.g., en-US or en-GB.
*/
contentLanguage?: pulumi.Input<string>;
/**
* Standard MIME type describing the format of the object data, e.g., application/octet-stream. All Valid MIME Types are valid for this input.
*/
contentType?: pulumi.Input<string>;
/**
* Triggers updates when the value changes. This attribute is not compatible with KMS encryption, `kmsKeyId` or `serverSideEncryption = "aws:kms"`, also if an object is larger than 16 MB, the AWS Management Console will upload or copy that object as a Multipart Upload, and therefore the ETag will not be an MD5 digest (see `sourceHash` instead).
*/
etag?: pulumi.Input<string>;
/**
* Whether to allow the object to be deleted by removing any legal hold on any object version. Default is `false`. This value should be set to `true` only if the bucket has S3 object lock enabled.
*/
forceDestroy?: pulumi.Input<boolean>;
/**
* Name of the object once it is in the bucket.
*
* The following arguments are optional:
*/
key?: pulumi.Input<string>;
/**
* ARN of the KMS Key to use for object encryption. If the S3 Bucket has server-side encryption enabled, that value will automatically be used. If referencing the `aws.kms.Key` resource, use the `arn` attribute. If referencing the `aws.kms.Alias` data source or resource, use the `targetKeyArn` attribute. The provider will only perform drift detection if a configuration value is provided.
*/
kmsKeyId?: pulumi.Input<string>;
/**
* Map of keys/values to provision metadata (will be automatically prefixed by `x-amz-meta-`, note that only lowercase label are currently supported by the AWS Go API).
*/
metadata?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
/**
* [Legal hold](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html#object-lock-legal-holds) status that you want to apply to the specified object. Valid values are `ON` and `OFF`.
*/
objectLockLegalHoldStatus?: pulumi.Input<string>;
/**
* Object lock [retention mode](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html#object-lock-retention-modes) that you want to apply to this object. Valid values are `GOVERNANCE` and `COMPLIANCE`.
*/
objectLockMode?: pulumi.Input<string>;
/**
* Date and time, in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8), when this object's object lock will [expire](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html#object-lock-retention-periods).
*/
objectLockRetainUntilDate?: pulumi.Input<string>;
/**
* Override provider-level configuration options. See Override Provider below for more details.
*/
overrideProvider?: pulumi.Input<inputs.s3.BucketObjectv2OverrideProvider>;
/**
* Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration.
*/
region?: pulumi.Input<string>;
/**
* Server-side encryption of the object in S3. Valid values are `"AES256"`, `"aws:kms"`, `"aws:kms:dsse"`, and `"aws:fsx"`.
*/
serverSideEncryption?: pulumi.Input<string>;
/**
* Path to a file that will be read and uploaded as raw bytes for the object content.
*/
source?: pulumi.Input<pulumi.asset.Asset | pulumi.asset.Archive>;
/**
* Triggers updates like `etag` but useful to address `etag` encryption limitations. (The value is only stored in state and not saved by AWS.)
*/
sourceHash?: pulumi.Input<string>;
/**
* [Storage Class](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html#AmazonS3-PutObject-request-header-StorageClass) for the object. Defaults to "`STANDARD`".
*/
storageClass?: pulumi.Input<string>;
/**
* Map of tags to assign to the object. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
*/
tags?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
/**
* Map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block.
*/
tagsAll?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
/**
* Unique version ID value for the object, if bucket versioning is enabled.
*/
versionId?: pulumi.Input<string>;
/**
* Target URL for [website redirect](http://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html).
*
* If no content is provided through `source`, `content` or `contentBase64`, then the object will be empty.
*
* > **Note:** If you specify `contentEncoding` you are responsible for encoding the body appropriately. `source`, `content`, and `contentBase64` all expect already encoded/compressed bytes.
*
* > **Note:** The provider ignores all leading `/`s in the object's `key` and treats multiple `/`s in the rest of the object's `key` as a single `/`, so values of `/index.html` and `index.html` correspond to the same S3 object as do `first//second///third//` and `first/second/third/`.
*/
websiteRedirect?: pulumi.Input<string>;
}
/**
* The set of arguments for constructing a BucketObjectv2 resource.
*/
export interface BucketObjectv2Args {
/**
* [Canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl) to apply. Valid values are `private`, `public-read`, `public-read-write`, `aws-exec-read`, `authenticated-read`, `bucket-owner-read`, and `bucket-owner-full-control`.
*/
acl?: pulumi.Input<string>;
/**
* Name of the bucket to put the file in. Alternatively, an [S3 access point](https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html) ARN can be specified.
*/
bucket: pulumi.Input<string | Bucket>;
/**
* Whether or not to use [Amazon S3 Bucket Keys](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html) for SSE-KMS.
*/
bucketKeyEnabled?: pulumi.Input<boolean>;
/**
* Caching behavior along the request/reply chain Read [w3c cacheControl](http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9) for further details.
*/
cacheControl?: pulumi.Input<string>;
/**
* Indicates the algorithm used to create the checksum for the object. If a value is specified and the object is encrypted with KMS, you must have permission to use the `kms:Decrypt` action. Valid values: `CRC32`, `CRC32C`, `CRC64NVME`, `SHA1`, `SHA256`.
*/
checksumAlgorithm?: pulumi.Input<string>;
/**
* Literal string value to use as the object content, which will be uploaded as UTF-8-encoded text.
*/
content?: pulumi.Input<string>;
/**
* Base64-encoded data that will be decoded and uploaded as raw bytes for the object content. This allows safely uploading non-UTF8 binary data, but is recommended only for small content such as the result of the `gzipbase64` function with small text strings. For larger objects, use `source` to stream the content from a disk file.
*/
contentBase64?: pulumi.Input<string>;
/**
* Presentational information for the object. Read [w3c contentDisposition](http://www.w3.org/Protocols/rfc2616/rfc2616-sec19.html#sec19.5.1) for further information.
*/
contentDisposition?: pulumi.Input<string>;
/**
* Content encodings that have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field. Read [w3c content encoding](http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.11) for further information.
*/
contentEncoding?: pulumi.Input<string>;
/**
* Language the content is in e.g., en-US or en-GB.
*/
contentLanguage?: pulumi.Input<string>;
/**
* Standard MIME type describing the format of the object data, e.g., application/octet-stream. All Valid MIME Types are valid for this input.
*/
contentType?: pulumi.Input<string>;
/**
* Triggers updates when the value changes. This attribute is not compatible with KMS encryption, `kmsKeyId` or `serverSideEncryption = "aws:kms"`, also if an object is larger than 16 MB, the AWS Management Console will upload or copy that object as a Multipart Upload, and therefore the ETag will not be an MD5 digest (see `sourceHash` instead).
*/
etag?: pulumi.Input<string>;
/**
* Whether to allow the object to be deleted by removing any legal hold on any object version. Default is `false`. This value should be set to `true` only if the bucket has S3 object lock enabled.
*/
forceDestroy?: pulumi.Input<boolean>;
/**
* Name of the object once it is in the bucket.
*
* The following arguments are optional:
*/
key?: pulumi.Input<string>;
/**
* ARN of the KMS Key to use for object encryption. If the S3 Bucket has server-side encryption enabled, that value will automatically be used. If referencing the `aws.kms.Key` resource, use the `arn` attribute. If referencing the `aws.kms.Alias` data source or resource, use the `targetKeyArn` attribute. The provider will only perform drift detection if a configuration value is provided.
*/
kmsKeyId?: pulumi.Input<string>;
/**
* Map of keys/values to provision metadata (will be automatically prefixed by `x-amz-meta-`, note that only lowercase label are currently supported by the AWS Go API).
*/
metadata?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
/**
* [Legal hold](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html#object-lock-legal-holds) status that you want to apply to the specified object. Valid values are `ON` and `OFF`.
*/
objectLockLegalHoldStatus?: pulumi.Input<string>;
/**
* Object lock [retention mode](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html#object-lock-retention-modes) that you want to apply to this object. Valid values are `GOVERNANCE` and `COMPLIANCE`.
*/
objectLockMode?: pulumi.Input<string>;
/**
* Date and time, in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8), when this object's object lock will [expire](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html#object-lock-retention-periods).
*/
objectLockRetainUntilDate?: pulumi.Input<string>;
/**
* Override provider-level configuration options. See Override Provider below for more details.
*/
overrideProvider?: pulumi.Input<inputs.s3.BucketObjectv2OverrideProvider>;
/**
* Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration.
*/
region?: pulumi.Input<string>;
/**
* Server-side encryption of the object in S3. Valid values are `"AES256"`, `"aws:kms"`, `"aws:kms:dsse"`, and `"aws:fsx"`.
*/
serverSideEncryption?: pulumi.Input<string>;
/**
* Path to a file that will be read and uploaded as raw bytes for the object content.
*/
source?: pulumi.Input<pulumi.asset.Asset | pulumi.asset.Archive>;
/**
* Triggers updates like `etag` but useful to address `etag` encryption limitations. (The value is only stored in state and not saved by AWS.)
*/
sourceHash?: pulumi.Input<string>;
/**
* [Storage Class](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html#AmazonS3-PutObject-request-header-StorageClass) for the object. Defaults to "`STANDARD`".
*/
storageClass?: pulumi.Input<string>;
/**
* Map of tags to assign to the object. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
*/
tags?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
/**
* Target URL for [website redirect](http://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html).
*
* If no content is provided through `source`, `content` or `contentBase64`, then the object will be empty.
*
* > **Note:** If you specify `contentEncoding` you are responsible for encoding the body appropriately. `source`, `content`, and `contentBase64` all expect already encoded/compressed bytes.
*
* > **Note:** The provider ignores all leading `/`s in the object's `key` and treats multiple `/`s in the rest of the object's `key` as a single `/`, so values of `/index.html` and `index.html` correspond to the same S3 object as do `first//second///third//` and `first/second/third/`.
*/
websiteRedirect?: pulumi.Input<string>;
}