@pulumi/aws

import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * Provides a resource to manage an S3 Access Point. * * > **NOTE on Access Points and Access Point Policies:** This provider provides both a standalone Access Point Policy resource and an Access Point resource with a resource policy defined in-line. You cannot use an Access Point with in-line resource policy in conjunction with an Access Point Policy resource. Doing so will cause a conflict of policies and will overwrite the access point's resource policy. * * > Advanced usage: To use a custom API endpoint for this resource, use the `s3control` endpoint provider configuration), not the `s3` endpoint provider configuration. * * > This resource can be used with s3 directory buckets. Please see [AWS Documentation](https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points-directory-buckets.html) for more information. * * ## Example Usage * * ### AWS Partition General Purpose Bucket * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const example = new aws.s3.Bucket("example", {bucket: "example"}); * const exampleAccessPoint = new aws.s3.AccessPoint("example", { * bucket: example.id, * name: "example", * }); * ``` * * ### S3 on Outposts Bucket * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const example = new aws.s3control.Bucket("example", {bucket: "example"}); * const exampleVpc = new aws.ec2.Vpc("example", {cidrBlock: "10.0.0.0/16"}); * const exampleAccessPoint = new aws.s3.AccessPoint("example", { * bucket: example.arn, * name: "example", * vpcConfiguration: { * vpcId: exampleVpc.id, * }, * }); * ``` * * ### AWS Partition Directory Bucket * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const available = aws.getAvailabilityZones({ * state: "available", * }); * const example = new aws.s3.DirectoryBucket("example", { * bucket: "example--zoneId--x-s3", * location: { * name: available.then(available => available.zoneIds?.[0]), * }, * }); * const exampleAccessPoint = new aws.s3.AccessPoint("example", { * bucket: test.bucket, * name: "example--zoneId--xa-s3", * }); * ``` * * ## Import * * Import using the ARN for Access Points associated with an S3 on Outposts Bucket: * * __Using `pulumi import` to import.__ For example: * * Import using the `account_id` and `name` separated by a colon (`:`) for Access Points associated with an AWS Partition S3 Bucket: * * ```sh * $ pulumi import aws:s3/accessPoint:AccessPoint example 123456789012:example * ``` * Import using the ARN for Access Points associated with an S3 on Outposts Bucket: * * ```sh * $ pulumi import aws:s3/accessPoint:AccessPoint example arn:aws:s3-outposts:us-east-1:123456789012:outpost/op-1234567890123456/accesspoint/example * ``` */ export declare class AccessPoint extends pulumi.CustomResource { /** * Get an existing AccessPoint resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AccessPointState, opts?: pulumi.CustomResourceOptions): AccessPoint; /** * Returns true if the given object is an instance of AccessPoint. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is AccessPoint; /** * AWS account ID for the owner of the bucket for which you want to create an access point. Defaults to automatically determined account ID of the AWS provider. */ readonly accountId: pulumi.Output<string>; /** * Alias of the S3 Access Point. */ readonly alias: pulumi.Output<string>; /** * ARN of the S3 Access Point. */ readonly arn: pulumi.Output<string>; /** * Name of an AWS Partition S3 General Purpose Bucket or the ARN of S3 on Outposts Bucket that you want to associate this access point with. */ readonly bucket: pulumi.Output<string>; /** * AWS account ID associated with the S3 bucket associated with this access point. */ readonly bucketAccountId: pulumi.Output<string>; /** * DNS domain name of the S3 Access Point in the format _`name`_-_`accountId`_.s3-accesspoint._region_.amazonaws.com. * Note: S3 access points only support secure access by HTTPS. HTTP isn't supported. */ readonly domainName: pulumi.Output<string>; /** * VPC endpoints for the S3 Access Point. */ readonly endpoints: pulumi.Output<{ [key: string]: string; }>; /** * Indicates whether this access point currently has a policy that allows public access. */ readonly hasPublicAccessPolicy: pulumi.Output<boolean>; /** * Name you want to assign to this access point. See the [AWS documentation](https://docs.aws.amazon.com/AmazonS3/latest/userguide/creating-access-points.html?icmpid=docs_amazons3_console#access-points-names) for naming conditions. * * The following arguments are optional: */ readonly name: pulumi.Output<string>; /** * Indicates whether this access point allows access from the public Internet. Values are `VPC` (the access point doesn't allow access from the public Internet) and `Internet` (the access point allows access from the public Internet, subject to the access point and bucket access policies). */ readonly networkOrigin: pulumi.Output<string>; /** * Valid JSON document that specifies the policy that you want to apply to this access point. Removing `policy` from your configuration or setting `policy` to null or an empty string (i.e., `policy = ""`) _will not_ delete the policy since it could have been set by `aws.s3control.AccessPointPolicy`. To remove the `policy`, set it to `"{}"` (an empty JSON document). */ readonly policy: pulumi.Output<string>; /** * Configuration block to manage the `PublicAccessBlock` configuration that you want to apply to this Amazon S3 bucket. You can enable the configuration options in any combination. Detailed below. */ readonly publicAccessBlockConfiguration: pulumi.Output<outputs.s3.AccessPointPublicAccessBlockConfiguration | undefined>; /** * Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration. */ readonly region: pulumi.Output<string>; /** * Map of tags to assign to the bucket. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. */ readonly tags: pulumi.Output<{ [key: string]: string; } | undefined>; /** * Map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block. */ readonly tagsAll: pulumi.Output<{ [key: string]: string; }>; /** * Configuration block to restrict access to this access point to requests from the specified Virtual Private Cloud (VPC). Required for S3 on Outposts. Detailed below. */ readonly vpcConfiguration: pulumi.Output<outputs.s3.AccessPointVpcConfiguration | undefined>; /** * Create a AccessPoint resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: AccessPointArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering AccessPoint resources. */ export interface AccessPointState { /** * AWS account ID for the owner of the bucket for which you want to create an access point. Defaults to automatically determined account ID of the AWS provider. */ accountId?: pulumi.Input<string>; /** * Alias of the S3 Access Point. */ alias?: pulumi.Input<string>; /** * ARN of the S3 Access Point. */ arn?: pulumi.Input<string>; /** * Name of an AWS Partition S3 General Purpose Bucket or the ARN of S3 on Outposts Bucket that you want to associate this access point with. */ bucket?: pulumi.Input<string>; /** * AWS account ID associated with the S3 bucket associated with this access point. */ bucketAccountId?: pulumi.Input<string>; /** * DNS domain name of the S3 Access Point in the format _`name`_-_`accountId`_.s3-accesspoint._region_.amazonaws.com. * Note: S3 access points only support secure access by HTTPS. HTTP isn't supported. */ domainName?: pulumi.Input<string>; /** * VPC endpoints for the S3 Access Point. */ endpoints?: pulumi.Input<{ [key: string]: pulumi.Input<string>; }>; /** * Indicates whether this access point currently has a policy that allows public access. */ hasPublicAccessPolicy?: pulumi.Input<boolean>; /** * Name you want to assign to this access point. See the [AWS documentation](https://docs.aws.amazon.com/AmazonS3/latest/userguide/creating-access-points.html?icmpid=docs_amazons3_console#access-points-names) for naming conditions. * * The following arguments are optional: */ name?: pulumi.Input<string>; /** * Indicates whether this access point allows access from the public Internet. Values are `VPC` (the access point doesn't allow access from the public Internet) and `Internet` (the access point allows access from the public Internet, subject to the access point and bucket access policies). */ networkOrigin?: pulumi.Input<string>; /** * Valid JSON document that specifies the policy that you want to apply to this access point. Removing `policy` from your configuration or setting `policy` to null or an empty string (i.e., `policy = ""`) _will not_ delete the policy since it could have been set by `aws.s3control.AccessPointPolicy`. To remove the `policy`, set it to `"{}"` (an empty JSON document). */ policy?: pulumi.Input<string>; /** * Configuration block to manage the `PublicAccessBlock` configuration that you want to apply to this Amazon S3 bucket. You can enable the configuration options in any combination. Detailed below. */ publicAccessBlockConfiguration?: pulumi.Input<inputs.s3.AccessPointPublicAccessBlockConfiguration>; /** * Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration. */ region?: pulumi.Input<string>; /** * Map of tags to assign to the bucket. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. */ tags?: pulumi.Input<{ [key: string]: pulumi.Input<string>; }>; /** * Map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block. */ tagsAll?: pulumi.Input<{ [key: string]: pulumi.Input<string>; }>; /** * Configuration block to restrict access to this access point to requests from the specified Virtual Private Cloud (VPC). Required for S3 on Outposts. Detailed below. */ vpcConfiguration?: pulumi.Input<inputs.s3.AccessPointVpcConfiguration>; } /** * The set of arguments for constructing a AccessPoint resource. */ export interface AccessPointArgs { /** * AWS account ID for the owner of the bucket for which you want to create an access point. Defaults to automatically determined account ID of the AWS provider. */ accountId?: pulumi.Input<string>; /** * Name of an AWS Partition S3 General Purpose Bucket or the ARN of S3 on Outposts Bucket that you want to associate this access point with. */ bucket: pulumi.Input<string>; /** * AWS account ID associated with the S3 bucket associated with this access point. */ bucketAccountId?: pulumi.Input<string>; /** * Name you want to assign to this access point. See the [AWS documentation](https://docs.aws.amazon.com/AmazonS3/latest/userguide/creating-access-points.html?icmpid=docs_amazons3_console#access-points-names) for naming conditions. * * The following arguments are optional: */ name?: pulumi.Input<string>; /** * Valid JSON document that specifies the policy that you want to apply to this access point. Removing `policy` from your configuration or setting `policy` to null or an empty string (i.e., `policy = ""`) _will not_ delete the policy since it could have been set by `aws.s3control.AccessPointPolicy`. To remove the `policy`, set it to `"{}"` (an empty JSON document). */ policy?: pulumi.Input<string>; /** * Configuration block to manage the `PublicAccessBlock` configuration that you want to apply to this Amazon S3 bucket. You can enable the configuration options in any combination. Detailed below. */ publicAccessBlockConfiguration?: pulumi.Input<inputs.s3.AccessPointPublicAccessBlockConfiguration>; /** * Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration. */ region?: pulumi.Input<string>; /** * Map of tags to assign to the bucket. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. */ tags?: pulumi.Input<{ [key: string]: pulumi.Input<string>; }>; /** * Configuration block to restrict access to this access point to requests from the specified Virtual Private Cloud (VPC). Required for S3 on Outposts. Detailed below. */ vpcConfiguration?: pulumi.Input<inputs.s3.AccessPointVpcConfiguration>; }