UNPKG

@pulumi/aws

Version:

A Pulumi package for creating and managing Amazon Web Services (AWS) cloud resources.

pulumi.io

pulumi/pulumi-aws

120 lines (119 loc) 5.73 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; /** * Attaches a policy to an S3 bucket resource. * * > Policies can be attached to both S3 general purpose buckets and S3 directory buckets. * * ## Example Usage * * ### Basic Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const example = new aws.s3.Bucket("example", {bucket: "my-tf-test-bucket"}); * const allowAccessFromAnotherAccount = aws.iam.getPolicyDocumentOutput({ * statements: [{ * principals: [{ * type: "AWS", * identifiers: ["123456789012"], * }], * actions: [ * "s3:GetObject", * "s3:ListBucket", * ], * resources: [ * example.arn, * pulumi.interpolate`${example.arn}/*`, * ], * }], * }); * const allowAccessFromAnotherAccountBucketPolicy = new aws.s3.BucketPolicy("allow_access_from_another_account", { * bucket: example.id, * policy: allowAccessFromAnotherAccount.apply(allowAccessFromAnotherAccount => allowAccessFromAnotherAccount.json), * }); * ``` * * > Only one `aws.s3.BucketPolicy` resource should be defined per S3 bucket. Defining multiple `aws.s3.BucketPolicy` resources with different Pulumi names but the same `bucket` value may result in unexpected policy overwrites. Each resource uses the `PutBucketPolicy` API, which replaces the entire existing policy without error or warning. Because Pulumi treats each resource independently, the policy applied last will silently override any previously applied policy. * * ## Import * * Using `pulumi import`, import S3 bucket policies using the bucket name. For example: * * ```sh * $ pulumi import aws:s3/bucketPolicy:BucketPolicy allow_access_from_another_account my-tf-test-bucket * ``` */ export declare class BucketPolicy extends pulumi.CustomResource { /** * Get an existing BucketPolicy resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, state?: BucketPolicyState, opts?: pulumi.CustomResourceOptions): BucketPolicy; /** * Returns true if the given object is an instance of BucketPolicy. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is BucketPolicy; /** * Name of the bucket to which to apply the policy. */ readonly bucket: pulumi.Output<string>; /** * Text of the policy. Although this is a bucket policy rather than an IAM policy, the `aws.iam.getPolicyDocument` data source may be used, so long as it specifies a principal. For more information about building AWS IAM policy documents, see the AWS IAM Policy Document Guide. Note: Bucket policies are limited to 20 KB in size. */ readonly policy: pulumi.Output<string>; /** * Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration. */ readonly region: pulumi.Output<string>; /** * Create a BucketPolicy resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: BucketPolicyArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering BucketPolicy resources. */ export interface BucketPolicyState { /** * Name of the bucket to which to apply the policy. */ bucket?: pulumi.Input<string>; /** * Text of the policy. Although this is a bucket policy rather than an IAM policy, the `aws.iam.getPolicyDocument` data source may be used, so long as it specifies a principal. For more information about building AWS IAM policy documents, see the AWS IAM Policy Document Guide. Note: Bucket policies are limited to 20 KB in size. */ policy?: pulumi.Input<string | inputs.s3.PolicyDocument>; /** * Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration. */ region?: pulumi.Input<string>; } /** * The set of arguments for constructing a BucketPolicy resource. */ export interface BucketPolicyArgs { /** * Name of the bucket to which to apply the policy. */ bucket: pulumi.Input<string>; /** * Text of the policy. Although this is a bucket policy rather than an IAM policy, the `aws.iam.getPolicyDocument` data source may be used, so long as it specifies a principal. For more information about building AWS IAM policy documents, see the AWS IAM Policy Document Guide. Note: Bucket policies are limited to 20 KB in size. */ policy: pulumi.Input<string | inputs.s3.PolicyDocument>; /** * Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration. */ region?: pulumi.Input<string>; }