@pulumi/aws

import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * Provides an S3 bucket (server access) logging resource. For more information, see [Logging requests using server access logging](https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerLogs.html) * in the AWS S3 User Guide. * * > **Note:** Amazon S3 supports server access logging, AWS CloudTrail, or a combination of both. Refer to the [Logging options for Amazon S3](https://docs.aws.amazon.com/AmazonS3/latest/userguide/logging-with-S3.html) * to decide which method meets your requirements. * * > This resource cannot be used with S3 directory buckets. * * ## Example Usage * * ### Grant permission by using bucket policy * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const current = aws.getCallerIdentity({}); * const logging = new aws.s3.Bucket("logging", {bucket: "access-logging-bucket"}); * const loggingBucketPolicy = pulumi.all([logging.arn, current]).apply(([arn, current]) => aws.iam.getPolicyDocumentOutput({ * statements: [{ * principals: [{ * identifiers: ["logging.s3.amazonaws.com"], * type: "Service", * }], * actions: ["s3:PutObject"], * resources: [`${arn}/*`], * conditions: [{ * test: "StringEquals", * variable: "aws:SourceAccount", * values: [current.accountId], * }], * }], * })); * const loggingBucketPolicy2 = new aws.s3.BucketPolicy("logging", { * bucket: logging.bucket, * policy: loggingBucketPolicy.apply(loggingBucketPolicy => loggingBucketPolicy.json), * }); * const example = new aws.s3.Bucket("example", {bucket: "example-bucket"}); * const exampleBucketLogging = new aws.s3.BucketLogging("example", { * bucket: example.bucket, * targetBucket: logging.bucket, * targetPrefix: "log/", * targetObjectKeyFormat: { * partitionedPrefix: { * partitionDateSource: "EventTime", * }, * }, * }); * ``` * * ### Grant permission by using bucket ACL * * The [AWS Documentation](https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-server-access-logging.html) does not recommend using the ACL. * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const example = new aws.s3.Bucket("example", {bucket: "my-tf-example-bucket"}); * const exampleBucketAcl = new aws.s3.BucketAcl("example", { * bucket: example.id, * acl: "private", * }); * const logBucket = new aws.s3.Bucket("log_bucket", {bucket: "my-tf-log-bucket"}); * const logBucketAcl = new aws.s3.BucketAcl("log_bucket_acl", { * bucket: logBucket.id, * acl: "log-delivery-write", * }); * const exampleBucketLogging = new aws.s3.BucketLogging("example", { * bucket: example.id, * targetBucket: logBucket.id, * targetPrefix: "log/", * }); * ``` * * ## Import * * If the owner (account ID) of the source bucket differs from the account used to configure the AWS Provider, import using the `bucket` and `expected_bucket_owner` separated by a comma (`,`): * * __Using `pulumi import` to import__ S3 bucket logging using the `bucket` or using the `bucket` and `expected_bucket_owner` separated by a comma (`,`). For example: * * If the owner (account ID) of the source bucket is the same account used to configure the AWS Provider, import using the `bucket`: * * ```sh * $ pulumi import aws:s3/bucketLogging:BucketLogging example bucket-name * ``` * If the owner (account ID) of the source bucket differs from the account used to configure the AWS Provider, import using the `bucket` and `expected_bucket_owner` separated by a comma (`,`): * * ```sh * $ pulumi import aws:s3/bucketLogging:BucketLogging example bucket-name,123456789012 * ``` */ export declare class BucketLogging extends pulumi.CustomResource { /** * Get an existing BucketLogging resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, state?: BucketLoggingState, opts?: pulumi.CustomResourceOptions): BucketLogging; /** * Returns true if the given object is an instance of BucketLogging. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is BucketLogging; /** * Name of the bucket. */ readonly bucket: pulumi.Output<string>; /** * Account ID of the expected bucket owner. */ readonly expectedBucketOwner: pulumi.Output<string | undefined>; /** * Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration. */ readonly region: pulumi.Output<string>; /** * Name of the bucket where you want Amazon S3 to store server access logs. */ readonly targetBucket: pulumi.Output<string>; /** * Set of configuration blocks with information for granting permissions. See below. */ readonly targetGrants: pulumi.Output<outputs.s3.BucketLoggingTargetGrant[] | undefined>; /** * Amazon S3 key format for log objects. See below. */ readonly targetObjectKeyFormat: pulumi.Output<outputs.s3.BucketLoggingTargetObjectKeyFormat | undefined>; /** * Prefix for all log object keys. */ readonly targetPrefix: pulumi.Output<string>; /** * Create a BucketLogging resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: BucketLoggingArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering BucketLogging resources. */ export interface BucketLoggingState { /** * Name of the bucket. */ bucket?: pulumi.Input<string>; /** * Account ID of the expected bucket owner. */ expectedBucketOwner?: pulumi.Input<string>; /** * Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration. */ region?: pulumi.Input<string>; /** * Name of the bucket where you want Amazon S3 to store server access logs. */ targetBucket?: pulumi.Input<string>; /** * Set of configuration blocks with information for granting permissions. See below. */ targetGrants?: pulumi.Input<pulumi.Input<inputs.s3.BucketLoggingTargetGrant>[]>; /** * Amazon S3 key format for log objects. See below. */ targetObjectKeyFormat?: pulumi.Input<inputs.s3.BucketLoggingTargetObjectKeyFormat>; /** * Prefix for all log object keys. */ targetPrefix?: pulumi.Input<string>; } /** * The set of arguments for constructing a BucketLogging resource. */ export interface BucketLoggingArgs { /** * Name of the bucket. */ bucket: pulumi.Input<string>; /** * Account ID of the expected bucket owner. */ expectedBucketOwner?: pulumi.Input<string>; /** * Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration. */ region?: pulumi.Input<string>; /** * Name of the bucket where you want Amazon S3 to store server access logs. */ targetBucket: pulumi.Input<string>; /** * Set of configuration blocks with information for granting permissions. See below. */ targetGrants?: pulumi.Input<pulumi.Input<inputs.s3.BucketLoggingTargetGrant>[]>; /** * Amazon S3 key format for log objects. See below. */ targetObjectKeyFormat?: pulumi.Input<inputs.s3.BucketLoggingTargetObjectKeyFormat>; /** * Prefix for all log object keys. */ targetPrefix: pulumi.Input<string>; }