@pulumi/aws
Version:
A Pulumi package for creating and managing Amazon Web Services (AWS) cloud resources.
105 lines • 4.32 kB
JavaScript
;
// *** WARNING: this file was generated by pulumi-language-nodejs. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
Object.defineProperty(exports, "__esModule", { value: true });
exports.BucketPolicy = void 0;
const pulumi = require("@pulumi/pulumi");
const utilities = require("../utilities");
/**
* Attaches a policy to an S3 bucket resource.
*
* > Policies can be attached to both S3 general purpose buckets and S3 directory buckets.
*
* ## Example Usage
*
* ### Basic Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
*
* const example = new aws.s3.Bucket("example", {bucket: "my-tf-test-bucket"});
* const allowAccessFromAnotherAccount = aws.iam.getPolicyDocumentOutput({
* statements: [{
* principals: [{
* type: "AWS",
* identifiers: ["123456789012"],
* }],
* actions: [
* "s3:GetObject",
* "s3:ListBucket",
* ],
* resources: [
* example.arn,
* pulumi.interpolate`${example.arn}/*`,
* ],
* }],
* });
* const allowAccessFromAnotherAccountBucketPolicy = new aws.s3.BucketPolicy("allow_access_from_another_account", {
* bucket: example.id,
* policy: allowAccessFromAnotherAccount.apply(allowAccessFromAnotherAccount => allowAccessFromAnotherAccount.json),
* });
* ```
*
* > Only one `aws.s3.BucketPolicy` resource should be defined per S3 bucket. Defining multiple `aws.s3.BucketPolicy` resources with different Pulumi names but the same `bucket` value may result in unexpected policy overwrites. Each resource uses the `PutBucketPolicy` API, which replaces the entire existing policy without error or warning. Because Pulumi treats each resource independently, the policy applied last will silently override any previously applied policy.
*
* ## Import
*
* Using `pulumi import`, import S3 bucket policies using the bucket name. For example:
*
* ```sh
* $ pulumi import aws:s3/bucketPolicy:BucketPolicy allow_access_from_another_account my-tf-test-bucket
* ```
*/
class BucketPolicy extends pulumi.CustomResource {
/**
* Get an existing BucketPolicy resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name, id, state, opts) {
return new BucketPolicy(name, state, { ...opts, id: id });
}
/**
* Returns true if the given object is an instance of BucketPolicy. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj) {
if (obj === undefined || obj === null) {
return false;
}
return obj['__pulumiType'] === BucketPolicy.__pulumiType;
}
constructor(name, argsOrState, opts) {
let resourceInputs = {};
opts = opts || {};
if (opts.id) {
const state = argsOrState;
resourceInputs["bucket"] = state?.bucket;
resourceInputs["policy"] = state?.policy;
resourceInputs["region"] = state?.region;
}
else {
const args = argsOrState;
if (args?.bucket === undefined && !opts.urn) {
throw new Error("Missing required property 'bucket'");
}
if (args?.policy === undefined && !opts.urn) {
throw new Error("Missing required property 'policy'");
}
resourceInputs["bucket"] = args?.bucket;
resourceInputs["policy"] = args?.policy;
resourceInputs["region"] = args?.region;
}
opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
super(BucketPolicy.__pulumiType, name, resourceInputs, opts);
}
}
exports.BucketPolicy = BucketPolicy;
/** @internal */
BucketPolicy.__pulumiType = 'aws:s3/bucketPolicy:BucketPolicy';
//# sourceMappingURL=bucketPolicy.js.map