Package com.pulumi.aws.s3

Class BucketAclV2

  • public class BucketAclV2
extends com.pulumi.resources.CustomResource
    Provides an S3 bucket ACL resource. > **Note:** destroy does not delete the S3 Bucket ACL but does remove the resource from state. > This resource cannot be used with S3 directory buckets. ## Example Usage ### With `private` ACL <!--Start PulumiCodeChooser --> 
     
 package generated_program;
 
 import com.pulumi.Context;
 import com.pulumi.Pulumi;
 import com.pulumi.core.Output;
 import com.pulumi.aws.s3.BucketV2;
 import com.pulumi.aws.s3.BucketV2Args;
 import com.pulumi.aws.s3.BucketOwnershipControls;
 import com.pulumi.aws.s3.BucketOwnershipControlsArgs;
 import com.pulumi.aws.s3.inputs.BucketOwnershipControlsRuleArgs;
 import com.pulumi.aws.s3.BucketAclV2;
 import com.pulumi.aws.s3.BucketAclV2Args;
 import com.pulumi.resources.CustomResourceOptions;
 import java.util.List;
 import java.util.ArrayList;
 import java.util.Map;
 import java.io.File;
 import java.nio.file.Files;
 import java.nio.file.Paths;
 
 public class App {
     public static void main(String[] args) {
         Pulumi.run(App::stack);
     }
 
     public static void stack(Context ctx) {
         var example = new BucketV2("example", BucketV2Args.builder()
             .bucket("my-tf-example-bucket")
             .build());
 
         var exampleBucketOwnershipControls = new BucketOwnershipControls("exampleBucketOwnershipControls", BucketOwnershipControlsArgs.builder()
             .bucket(example.id())
             .rule(BucketOwnershipControlsRuleArgs.builder()
                 .objectOwnership("BucketOwnerPreferred")
                 .build())
             .build());
 
         var exampleBucketAclV2 = new BucketAclV2("exampleBucketAclV2", BucketAclV2Args.builder()
             .bucket(example.id())
             .acl("private")
             .build(), CustomResourceOptions.builder()
                 .dependsOn(exampleBucketOwnershipControls)
                 .build());
 
     }
 }
    <!--End PulumiCodeChooser --> ### With `public-read` ACL > This example explicitly disables the default S3 bucket security settings. This should be done with caution, as all bucket objects become publicly exposed. <!--Start PulumiCodeChooser --> 
     
 package generated_program;
 
 import com.pulumi.Context;
 import com.pulumi.Pulumi;
 import com.pulumi.core.Output;
 import com.pulumi.aws.s3.BucketV2;
 import com.pulumi.aws.s3.BucketV2Args;
 import com.pulumi.aws.s3.BucketOwnershipControls;
 import com.pulumi.aws.s3.BucketOwnershipControlsArgs;
 import com.pulumi.aws.s3.inputs.BucketOwnershipControlsRuleArgs;
 import com.pulumi.aws.s3.BucketPublicAccessBlock;
 import com.pulumi.aws.s3.BucketPublicAccessBlockArgs;
 import com.pulumi.aws.s3.BucketAclV2;
 import com.pulumi.aws.s3.BucketAclV2Args;
 import com.pulumi.resources.CustomResourceOptions;
 import java.util.List;
 import java.util.ArrayList;
 import java.util.Map;
 import java.io.File;
 import java.nio.file.Files;
 import java.nio.file.Paths;
 
 public class App {
     public static void main(String[] args) {
         Pulumi.run(App::stack);
     }
 
     public static void stack(Context ctx) {
         var example = new BucketV2("example", BucketV2Args.builder()
             .bucket("my-tf-example-bucket")
             .build());
 
         var exampleBucketOwnershipControls = new BucketOwnershipControls("exampleBucketOwnershipControls", BucketOwnershipControlsArgs.builder()
             .bucket(example.id())
             .rule(BucketOwnershipControlsRuleArgs.builder()
                 .objectOwnership("BucketOwnerPreferred")
                 .build())
             .build());
 
         var exampleBucketPublicAccessBlock = new BucketPublicAccessBlock("exampleBucketPublicAccessBlock", BucketPublicAccessBlockArgs.builder()
             .bucket(example.id())
             .blockPublicAcls(false)
             .blockPublicPolicy(false)
             .ignorePublicAcls(false)
             .restrictPublicBuckets(false)
             .build());
 
         var exampleBucketAclV2 = new BucketAclV2("exampleBucketAclV2", BucketAclV2Args.builder()
             .bucket(example.id())
             .acl("public-read")
             .build(), CustomResourceOptions.builder()
                 .dependsOn(                
                     exampleBucketOwnershipControls,
                     exampleBucketPublicAccessBlock)
                 .build());
 
     }
 }
    <!--End PulumiCodeChooser --> ### With Grants <!--Start PulumiCodeChooser --> 
     
 package generated_program;
 
 import com.pulumi.Context;
 import com.pulumi.Pulumi;
 import com.pulumi.core.Output;
 import com.pulumi.aws.s3.S3Functions;
 import com.pulumi.aws.s3.BucketV2;
 import com.pulumi.aws.s3.BucketV2Args;
 import com.pulumi.aws.s3.BucketOwnershipControls;
 import com.pulumi.aws.s3.BucketOwnershipControlsArgs;
 import com.pulumi.aws.s3.inputs.BucketOwnershipControlsRuleArgs;
 import com.pulumi.aws.s3.BucketAclV2;
 import com.pulumi.aws.s3.BucketAclV2Args;
 import com.pulumi.aws.s3.inputs.BucketAclV2AccessControlPolicyArgs;
 import com.pulumi.aws.s3.inputs.BucketAclV2AccessControlPolicyOwnerArgs;
 import com.pulumi.resources.CustomResourceOptions;
 import java.util.List;
 import java.util.ArrayList;
 import java.util.Map;
 import java.io.File;
 import java.nio.file.Files;
 import java.nio.file.Paths;
 
 public class App {
     public static void main(String[] args) {
         Pulumi.run(App::stack);
     }
 
     public static void stack(Context ctx) {
         final var current = S3Functions.getCanonicalUserId();
 
         var example = new BucketV2("example", BucketV2Args.builder()
             .bucket("my-tf-example-bucket")
             .build());
 
         var exampleBucketOwnershipControls = new BucketOwnershipControls("exampleBucketOwnershipControls", BucketOwnershipControlsArgs.builder()
             .bucket(example.id())
             .rule(BucketOwnershipControlsRuleArgs.builder()
                 .objectOwnership("BucketOwnerPreferred")
                 .build())
             .build());
 
         var exampleBucketAclV2 = new BucketAclV2("exampleBucketAclV2", BucketAclV2Args.builder()
             .bucket(example.id())
             .accessControlPolicy(BucketAclV2AccessControlPolicyArgs.builder()
                 .grants(                
                     BucketAclV2AccessControlPolicyGrantArgs.builder()
                         .grantee(BucketAclV2AccessControlPolicyGrantGranteeArgs.builder()
                             .id(current.applyValue(getCanonicalUserIdResult -> getCanonicalUserIdResult.id()))
                             .type("CanonicalUser")
                             .build())
                         .permission("READ")
                         .build(),
                     BucketAclV2AccessControlPolicyGrantArgs.builder()
                         .grantee(BucketAclV2AccessControlPolicyGrantGranteeArgs.builder()
                             .type("Group")
                             .uri("http://acs.amazonaws.com/groups/s3/LogDelivery")
                             .build())
                         .permission("READ_ACP")
                         .build())
                 .owner(BucketAclV2AccessControlPolicyOwnerArgs.builder()
                     .id(current.applyValue(getCanonicalUserIdResult -> getCanonicalUserIdResult.id()))
                     .build())
                 .build())
             .build(), CustomResourceOptions.builder()
                 .dependsOn(exampleBucketOwnershipControls)
                 .build());
 
     }
 }
    <!--End PulumiCodeChooser --> ## Import If the owner (account ID) of the source bucket is the _same_ account used to configure the AWS Provider, and the source bucket is __configured__ with a [canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#canned-acl) (i.e. predefined grant), import using the `bucket` and `acl` separated by a comma (`,`): If the owner (account ID) of the source bucket _differs_ from the account used to configure the AWS Provider, and the source bucket is __not configured__ with a [canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#canned-acl) (i.e. predefined grant), imported using the `bucket` and `expected_bucket_owner` separated by a comma (`,`): If the owner (account ID) of the source bucket _differs_ from the account used to configure the AWS Provider, and the source bucket is __configured__ with a [canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#canned-acl) (i.e. predefined grant), imported using the `bucket`, `expected_bucket_owner`, and `acl` separated by commas (`,`): __Using `pulumi import` to import__ using `bucket`, `expected_bucket_owner`, and/or `acl`, depending on your situation. For example: If the owner (account ID) of the source bucket is the _same_ account used to configure the AWS Provider, and the source bucket is __not configured__ with a [canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#canned-acl) (i.e. predefined grant), import using the `bucket`: ```sh $ pulumi import aws:s3/bucketAclV2:BucketAclV2 example bucket-name ``` If the owner (account ID) of the source bucket is the _same_ account used to configure the AWS Provider, and the source bucket is __configured__ with a [canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#canned-acl) (i.e. predefined grant), import using the `bucket` and `acl` separated by a comma (`,`): ```sh $ pulumi import aws:s3/bucketAclV2:BucketAclV2 example bucket-name,private ``` If the owner (account ID) of the source bucket _differs_ from the account used to configure the AWS Provider, and the source bucket is __not configured__ with a [canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#canned-acl) (i.e. predefined grant), imported using the `bucket` and `expected_bucket_owner` separated by a comma (`,`): ```sh $ pulumi import aws:s3/bucketAclV2:BucketAclV2 example bucket-name,123456789012 ``` If the owner (account ID) of the source bucket _differs_ from the account used to configure the AWS Provider, and the source bucket is __configured__ with a [canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#canned-acl) (i.e. predefined grant), imported using the `bucket`, `expected_bucket_owner`, and `acl` separated by commas (`,`): ```sh $ pulumi import aws:s3/bucketAclV2:BucketAclV2 example bucket-name,123456789012,private ```

    • Nested Class Summary

      • Nested classes/interfaces inherited from class com.pulumi.resources.CustomResource

        com.pulumi.resources.CustomResource.CustomResourceInternal

      • Nested classes/interfaces inherited from class com.pulumi.resources.Resource

        com.pulumi.resources.Resource.LazyField<T extends java.lang.Object>, com.pulumi.resources.Resource.LazyFields, com.pulumi.resources.Resource.ResourceInternal

    • Field Summary

      • Fields inherited from class com.pulumi.resources.Resource

        childResources, remote

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      com.pulumi.core.Output<BucketAclV2AccessControlPolicy> accessControlPolicy()  
      com.pulumi.core.Output<java.util.Optional<java.lang.String>> acl()  
      com.pulumi.core.Output<java.lang.String> bucket()  
      com.pulumi.core.Output<java.util.Optional<java.lang.String>> expectedBucketOwner()  
      static BucketAclV2 get​(java.lang.String name, com.pulumi.core.Output<java.lang.String> id, BucketAclV2State state, com.pulumi.resources.CustomResourceOptions options)
      Get an existing Host resource's state with the given name, ID, and optional extra properties used to qualify the lookup.

      • Methods inherited from class com.pulumi.resources.CustomResource

        getId, id, idFuture

      • Methods inherited from class com.pulumi.resources.Resource

        getChildResources, getResourceName, getResourceType, getUrn, pulumiChildResources, pulumiResourceName, pulumiResourceType, urn

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • BucketAclV2

        public BucketAclV2​(java.lang.String name)
        Parameters:
        name - The _unique_ name of the resulting resource.

      • BucketAclV2

        public BucketAclV2​(java.lang.String name,
                   BucketAclV2Args args)
        Parameters:
        name - The _unique_ name of the resulting resource.
        args - The arguments to use to populate this resource's properties.

      • BucketAclV2

        public BucketAclV2​(java.lang.String name,
                   BucketAclV2Args args,
                   @Nullable
                   com.pulumi.resources.CustomResourceOptions options)
        Parameters:
        name - The _unique_ name of the resulting resource.
        args - The arguments to use to populate this resource's properties.
        options - A bag of options that control this resource's behavior.

    • Method Detail

      • accessControlPolicy

        public com.pulumi.core.Output<BucketAclV2AccessControlPolicy> accessControlPolicy()
        Returns:
        Configuration block that sets the ACL permissions for an object per grantee. See below.

      • acl

        public com.pulumi.core.Output<java.util.Optional<java.lang.String>> acl()
        Returns:
        Canned ACL to apply to the bucket.

      • bucket

        public com.pulumi.core.Output<java.lang.String> bucket()
        Returns:
        Bucket to which to apply the ACL.

      • expectedBucketOwner

        public com.pulumi.core.Output<java.util.Optional<java.lang.String>> expectedBucketOwner()
        Returns:
        Account ID of the expected bucket owner.

      • get

        public static BucketAclV2 get​(java.lang.String name,
                              com.pulumi.core.Output<java.lang.String> id,
                              @Nullable
                              BucketAclV2State state,
                              @Nullable
                              com.pulumi.resources.CustomResourceOptions options)
        Get an existing Host resource's state with the given name, ID, and optional extra properties used to qualify the lookup.
        Parameters:
        name - The _unique_ name of the resulting resource.
        id - The _unique_ provider ID of the resource to lookup.
        state -
        options - Optional settings to control the behavior of the CustomResource.