UNPKG

@pulumi/aws

Version:

A Pulumi package for creating and managing Amazon Web Services (AWS) cloud resources.

pulumi.io

pulumi/pulumi-aws

147 lines (146 loc) 7.39 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
import * as pulumi from "@pulumi/pulumi"; /** * ## Example Usage * * ### Testing Glacier Vault Lock Policy * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const exampleVault = new aws.glacier.Vault("example", {name: "example"}); * const example = aws.iam.getPolicyDocumentOutput({ * statements: [{ * actions: ["glacier:DeleteArchive"], * effect: "Deny", * resources: [exampleVault.arn], * conditions: [{ * test: "NumericLessThanEquals", * variable: "glacier:ArchiveAgeinDays", * values: ["365"], * }], * }], * }); * const exampleVaultLock = new aws.glacier.VaultLock("example", { * completeLock: false, * policy: example.apply(example => example.json), * vaultName: exampleVault.name, * }); * ``` * * ### Permanently Applying Glacier Vault Lock Policy * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const example = new aws.glacier.VaultLock("example", { * completeLock: true, * policy: exampleAwsIamPolicyDocument.json, * vaultName: exampleAwsGlacierVault.name, * }); * ``` * * ## Import * * Using `pulumi import`, import Glacier Vault Locks using the Glacier Vault name. For example: * * ```sh * $ pulumi import aws:glacier/vaultLock:VaultLock example example-vault * ``` */ export declare class VaultLock extends pulumi.CustomResource { /** * Get an existing VaultLock resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, state?: VaultLockState, opts?: pulumi.CustomResourceOptions): VaultLock; /** * Returns true if the given object is an instance of VaultLock. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is VaultLock; /** * Boolean whether to permanently apply this Glacier Lock Policy. Once completed, this cannot be undone. If set to `false`, the Glacier Lock Policy remains in a testing mode for 24 hours. After that time, the Glacier Lock Policy is automatically removed by Glacier and the this provider resource will show as needing recreation. Changing this from `false` to `true` will show as resource recreation, which is expected. Changing this from `true` to `false` is not possible unless the Glacier Vault is recreated at the same time. */ readonly completeLock: pulumi.Output<boolean>; /** * Allow this provider to ignore the error returned when attempting to delete the Glacier Lock Policy. This can be used to delete or recreate the Glacier Vault via this provider, for example, if the Glacier Vault Lock policy permits that action. This should only be used in conjunction with `completeLock` being set to `true`. */ readonly ignoreDeletionError: pulumi.Output<boolean | undefined>; /** * JSON string containing the IAM policy to apply as the Glacier Vault Lock policy. */ readonly policy: pulumi.Output<string>; /** * Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration. */ readonly region: pulumi.Output<string>; /** * The name of the Glacier Vault. */ readonly vaultName: pulumi.Output<string>; /** * Create a VaultLock resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: VaultLockArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering VaultLock resources. */ export interface VaultLockState { /** * Boolean whether to permanently apply this Glacier Lock Policy. Once completed, this cannot be undone. If set to `false`, the Glacier Lock Policy remains in a testing mode for 24 hours. After that time, the Glacier Lock Policy is automatically removed by Glacier and the this provider resource will show as needing recreation. Changing this from `false` to `true` will show as resource recreation, which is expected. Changing this from `true` to `false` is not possible unless the Glacier Vault is recreated at the same time. */ completeLock?: pulumi.Input<boolean>; /** * Allow this provider to ignore the error returned when attempting to delete the Glacier Lock Policy. This can be used to delete or recreate the Glacier Vault via this provider, for example, if the Glacier Vault Lock policy permits that action. This should only be used in conjunction with `completeLock` being set to `true`. */ ignoreDeletionError?: pulumi.Input<boolean>; /** * JSON string containing the IAM policy to apply as the Glacier Vault Lock policy. */ policy?: pulumi.Input<string>; /** * Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration. */ region?: pulumi.Input<string>; /** * The name of the Glacier Vault. */ vaultName?: pulumi.Input<string>; } /** * The set of arguments for constructing a VaultLock resource. */ export interface VaultLockArgs { /** * Boolean whether to permanently apply this Glacier Lock Policy. Once completed, this cannot be undone. If set to `false`, the Glacier Lock Policy remains in a testing mode for 24 hours. After that time, the Glacier Lock Policy is automatically removed by Glacier and the this provider resource will show as needing recreation. Changing this from `false` to `true` will show as resource recreation, which is expected. Changing this from `true` to `false` is not possible unless the Glacier Vault is recreated at the same time. */ completeLock: pulumi.Input<boolean>; /** * Allow this provider to ignore the error returned when attempting to delete the Glacier Lock Policy. This can be used to delete or recreate the Glacier Vault via this provider, for example, if the Glacier Vault Lock policy permits that action. This should only be used in conjunction with `completeLock` being set to `true`. */ ignoreDeletionError?: pulumi.Input<boolean>; /** * JSON string containing the IAM policy to apply as the Glacier Vault Lock policy. */ policy: pulumi.Input<string>; /** * Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration. */ region?: pulumi.Input<string>; /** * The name of the Glacier Vault. */ vaultName: pulumi.Input<string>; }