tessl/golang-github-com-pulumi-pulumi-aws-sdk-v7
A Pulumi provider SDK for creating and managing Amazon Web Services (AWS) cloud resources in Go, providing strongly-typed resource classes and data sources for all major AWS services.
s3.mddocs/reference/storage/
S3 Package
Import path: github.com/pulumi/pulumi-aws/sdk/v7/go/aws/s3
The s3 package provides resources and data sources for managing Amazon Simple Storage Service (S3), including general purpose buckets, directory buckets (S3 Express), objects, policies, access controls, and all bucket configuration sub-resources.
Resources
BucketV2 (Recommended General Purpose Bucket)
Note:
BucketV2is the current recommended resource. The legacyBucketresource is deprecated. Many inline configuration fields withinBucketV2are also deprecated in favor of dedicated sub-resources (e.g.,BucketVersioning,BucketAcl, etc.).
func NewBucketV2(ctx *pulumi.Context, name string, args *BucketV2Args, opts ...pulumi.ResourceOption) (*BucketV2, error)func GetBucketV2(ctx *pulumi.Context, name string, id pulumi.IDInput, state *BucketV2State, opts ...pulumi.ResourceOption) (*BucketV2, error)BucketV2Args fields:
| Field | Type | Description |
|---|---|---|
Bucket | pulumi.StringPtrInput | Name of the bucket. Must be lowercase, ≤63 characters. If omitted, a unique name is auto-assigned. Must not match the S3 Express format [name]--[azid]--x-s3. |
BucketPrefix | pulumi.StringPtrInput | Creates a unique name with this prefix. Conflicts with Bucket. Must be ≤37 characters. |
ForceDestroy | pulumi.BoolPtrInput | If true, all objects (including locked) are deleted when the bucket is destroyed. |
ObjectLockEnabled | pulumi.BoolPtrInput | Enables Object Lock on the bucket. |
Tags | pulumi.StringMapInput | Map of tags to assign to the bucket. |
Region | pulumi.StringPtrInput | AWS region where the bucket is managed. |
The following BucketV2Args fields are deprecated — use dedicated sub-resources instead:
| Deprecated Field | Replacement Resource |
|---|---|
AccelerationStatus | s3.BucketAccelerateConfiguration |
Acl | s3.BucketAcl |
CorsRules | s3.BucketCorsConfiguration |
Grants | s3.BucketAcl |
LifecycleRules | s3.BucketLifecycleConfiguration |
Loggings | s3.BucketLogging |
ObjectLockConfiguration | s3.BucketObjectLockConfiguration |
Policy | s3.BucketPolicy |
ReplicationConfigurations | s3.BucketReplicationConfig |
RequestPayer | s3.BucketRequestPaymentConfiguration |
ServerSideEncryptionConfigurations | s3.BucketServerSideEncryptionConfiguration |
Versionings | s3.BucketVersioning |
Websites | s3.BucketWebsiteConfiguration |
BucketV2 output attributes:
| Attribute | Type | Description |
|---|---|---|
Arn | pulumi.StringOutput | ARN: arn:aws:s3:::bucketname |
Bucket | pulumi.StringOutput | The actual bucket name (useful when auto-generated) |
BucketDomainName | pulumi.StringOutput | bucketname.s3.amazonaws.com |
BucketRegionalDomainName | pulumi.StringOutput | Region-specific domain name |
BucketRegion | pulumi.StringOutput | AWS region the bucket resides in |
HostedZoneId | pulumi.StringOutput | Route 53 Hosted Zone ID for the region |
Example: Private Bucket with Tags
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/s3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
bucket, err := s3.NewBucket(ctx, "myBucket", &s3.BucketArgs{
Bucket: pulumi.String("my-app-bucket"),
Tags: pulumi.StringMap{
"Environment": pulumi.String("production"),
"Team": pulumi.String("platform"),
},
})
if err != nil {
return err
}
ctx.Export("bucketName", bucket.ID())
ctx.Export("bucketArn", bucket.Arn)
return nil
})
}Import:
pulumi import aws:s3/bucketV2:BucketV2 example bucket-nameBucket (Legacy — Deprecated)
Deprecated: Use
s3.NewBucketwhich maps toBucketV2. TheBucketresource is deprecated in favor ofBucketV2.
func NewBucket(ctx *pulumi.Context, name string, args *BucketArgs, opts ...pulumi.ResourceOption) (*Bucket, error)func GetBucket(ctx *pulumi.Context, name string, id pulumi.IDInput, state *BucketState, opts ...pulumi.ResourceOption) (*Bucket, error)DirectoryBucket (S3 Express)
S3 Express directory buckets for high-performance, single-zone workloads. Bucket names must follow the format [bucketName]--[azid]--x-s3.
func NewDirectoryBucket(ctx *pulumi.Context, name string, args *DirectoryBucketArgs, opts ...pulumi.ResourceOption) (*DirectoryBucket, error)func GetDirectoryBucket(ctx *pulumi.Context, name string, id pulumi.IDInput, state *DirectoryBucketState, opts ...pulumi.ResourceOption) (*DirectoryBucket, error)DirectoryBucketArgs fields:
| Field | Type | Description |
|---|---|---|
Bucket | pulumi.StringInput | Required. Name in format [name]--[azid]--x-s3. |
Location | DirectoryBucketLocationPtrInput | Bucket location block with Name (AZ or Local Zone ID) and optional Type (AvailabilityZone or LocalZone). |
DataRedundancy | pulumi.StringPtrInput | SingleAvailabilityZone or SingleLocalZone. |
ForceDestroy | pulumi.BoolPtrInput | Delete all objects on destroy. |
Tags | pulumi.StringMapInput | Resource tags. |
DirectoryBucket output attributes:
| Attribute | Type | Description |
|---|---|---|
Arn | pulumi.StringOutput | Bucket ARN |
Bucket | pulumi.StringOutput | Bucket name |
Type | pulumi.StringOutput | Always Directory |
Example: S3 Express Directory Bucket
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/s3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := s3.NewDirectoryBucket(ctx, "expressDir", &s3.DirectoryBucketArgs{
Bucket: pulumi.String("my-express-bucket--usw2-az1--x-s3"),
Location: &s3.DirectoryBucketLocationArgs{
Name: pulumi.String("usw2-az1"),
},
})
if err != nil {
return err
}
return nil
})
}BucketObjectv2 (Recommended Object Resource)
Note:
BucketObjectv2is the recommended resource for S3 objects. It supersedesBucketObject.
func NewBucketObjectv2(ctx *pulumi.Context, name string, args *BucketObjectv2Args, opts ...pulumi.ResourceOption) (*BucketObjectv2, error)func GetBucketObjectv2(ctx *pulumi.Context, name string, id pulumi.IDInput, state *BucketObjectv2State, opts ...pulumi.ResourceOption) (*BucketObjectv2, error)BucketObjectv2Args fields:
| Field | Type | Description |
|---|---|---|
Bucket | pulumi.StringInput | Required. Bucket name or S3 access point ARN. |
Key | pulumi.StringInput | Required. Object key (path) in the bucket. |
Source | pulumi.AssetOrArchiveInput | Path to file. Use pulumi.NewFileAsset("path/to/file"). |
Content | pulumi.StringPtrInput | Literal UTF-8 string content. |
ContentBase64 | pulumi.StringPtrInput | Base64-encoded binary content. |
ContentType | pulumi.StringPtrInput | MIME type (e.g., text/html, application/json). |
ContentDisposition | pulumi.StringPtrInput | HTTP Content-Disposition header. |
ContentEncoding | pulumi.StringPtrInput | HTTP Content-Encoding header. |
ContentLanguage | pulumi.StringPtrInput | Content language (e.g., en-US). |
CacheControl | pulumi.StringPtrInput | HTTP Cache-Control header. |
Acl | pulumi.StringPtrInput | Canned ACL: private, public-read, etc. |
ServerSideEncryption | pulumi.StringPtrInput | AES256, aws:kms, aws:kms:dsse, or aws:fsx. |
KmsKeyId | pulumi.StringPtrInput | KMS key ARN for SSE-KMS. |
BucketKeyEnabled | pulumi.BoolPtrInput | Use S3 Bucket Keys for SSE-KMS. |
StorageClass | pulumi.StringPtrInput | Storage class. Default: STANDARD. |
Metadata | pulumi.StringMapInput | Custom metadata (prefixed x-amz-meta-). |
Etag | pulumi.StringPtrInput | Triggers updates when value changes. Not compatible with KMS. |
SourceHash | pulumi.StringPtrInput | Alternative to Etag for KMS-encrypted objects. |
ChecksumAlgorithm | pulumi.StringPtrInput | Checksum algorithm: CRC32, CRC32C, CRC64NVME, SHA1, SHA256. |
ForceDestroy | pulumi.BoolPtrInput | Remove legal holds to allow deletion. |
ObjectLockLegalHoldStatus | pulumi.StringPtrInput | ON or OFF. |
ObjectLockMode | pulumi.StringPtrInput | GOVERNANCE or COMPLIANCE. |
ObjectLockRetainUntilDate | pulumi.StringPtrInput | RFC3339 date when object lock expires. |
WebsiteRedirect | pulumi.StringPtrInput | Target URL for website redirect. |
Tags | pulumi.StringMapInput | Tags (max 10 for S3 objects). |
OverrideProvider | BucketObjectv2OverrideProviderPtrInput | Override provider-level settings (e.g., suppress defaultTags). |
BucketObjectv2 output attributes:
| Attribute | Type | Description |
|---|---|---|
Arn | pulumi.StringOutput | Object ARN |
VersionId | pulumi.StringOutput | Version ID if versioning is enabled |
Etag | pulumi.StringOutput | ETag (MD5 for non-multipart, non-KMS objects) |
ChecksumCrc32 | pulumi.StringOutput | Base64-encoded CRC32 checksum |
ChecksumSha256 | pulumi.StringOutput | Base64-encoded SHA-256 checksum |
Example: Upload File with KMS Encryption
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/kms"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/s3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
key, err := kms.NewKey(ctx, "objectKey", &kms.KeyArgs{
Description: pulumi.String("S3 object encryption key"),
DeletionWindowInDays: pulumi.Int(10),
})
if err != nil {
return err
}
bucket, err := s3.NewBucket(ctx, "dataBucket", &s3.BucketArgs{
Bucket: pulumi.String("my-data-bucket"),
})
if err != nil {
return err
}
_, err = s3.NewBucketObjectv2(ctx, "configFile", &s3.BucketObjectv2Args{
Bucket: bucket.ID(),
Key: pulumi.String("config/app.json"),
Source: pulumi.NewFileAsset("config/app.json"),
ContentType: pulumi.String("application/json"),
KmsKeyId: key.Arn,
StorageClass: pulumi.String("STANDARD_IA"),
Tags: pulumi.StringMap{
"Environment": pulumi.String("production"),
},
})
if err != nil {
return err
}
return nil
})
}Example: Object in S3 Express Directory Bucket (suppressing defaultTags)
_, err = s3.NewBucketObjectv2(ctx, "expressObject", &s3.BucketObjectv2Args{
Key: pulumi.String("data/file.txt"),
Bucket: directoryBucket.ID(),
Source: pulumi.NewFileAsset("data/file.txt"),
OverrideProvider: &s3.BucketObjectv2OverrideProviderArgs{
DefaultTags: &s3.BucketObjectv2OverrideProviderDefaultTagsArgs{
Tags: pulumi.StringMap{},
},
},
})Import:
pulumi import aws:s3/bucketObjectv2:BucketObjectv2 example some-bucket-name/some/key.txt
# or using S3 URL:
pulumi import aws:s3/bucketObjectv2:BucketObjectv2 example s3://some-bucket-name/some/key.txtBucketObject (Legacy)
Note: Superseded by
BucketObjectv2. UseBucketObjectv2for new resources.
func NewBucketObject(ctx *pulumi.Context, name string, args *BucketObjectArgs, opts ...pulumi.ResourceOption) (*BucketObject, error)func GetBucketObject(ctx *pulumi.Context, name string, id pulumi.IDInput, state *BucketObjectState, opts ...pulumi.ResourceOption) (*BucketObject, error)BucketObject has the same fields as BucketObjectv2 but lacks ChecksumAlgorithm and OverrideProvider. ServerSideEncryption supports AES256 and aws:kms only (not aws:kms:dsse or aws:fsx).
BucketPolicy
Attaches a resource-based policy to an S3 bucket. Works with both general purpose and directory buckets.
func NewBucketPolicy(ctx *pulumi.Context, name string, args *BucketPolicyArgs, opts ...pulumi.ResourceOption) (*BucketPolicy, error)func GetBucketPolicy(ctx *pulumi.Context, name string, id pulumi.IDInput, state *BucketPolicyState, opts ...pulumi.ResourceOption) (*BucketPolicy, error)BucketPolicyArgs fields:
| Field | Type | Description |
|---|---|---|
Bucket | pulumi.StringInput | Required. Bucket name or ID. |
Policy | pulumi.StringInput | Required. JSON policy document (max 20 KB). Use iam.GetPolicyDocument. |
Warning: Only define one
BucketPolicyper bucket. Multiple resources targeting the same bucket will silently overwrite each other sincePutBucketPolicyreplaces the entire policy.
Example: Cross-Account Access Policy
import (
"fmt"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/iam"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/s3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
bucket, err := s3.NewBucket(ctx, "shared", &s3.BucketArgs{
Bucket: pulumi.String("shared-data-bucket"),
})
if err != nil {
return err
}
policyDoc := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{
Statements: iam.GetPolicyDocumentStatementArray{
&iam.GetPolicyDocumentStatementArgs{
Principals: iam.GetPolicyDocumentStatementPrincipalArray{
&iam.GetPolicyDocumentStatementPrincipalArgs{
Type: pulumi.String("AWS"),
Identifiers: pulumi.StringArray{pulumi.String("123456789012")},
},
},
Actions: pulumi.StringArray{
pulumi.String("s3:GetObject"),
pulumi.String("s3:ListBucket"),
},
Resources: pulumi.StringArray{
bucket.Arn,
bucket.Arn.ApplyT(func(arn string) (string, error) {
return fmt.Sprintf("%v/*", arn), nil
}).(pulumi.StringOutput),
},
},
},
}, nil)
_, err = s3.NewBucketPolicy(ctx, "sharedPolicy", &s3.BucketPolicyArgs{
Bucket: bucket.ID(),
Policy: policyDoc.Json(),
})
return err
})
}Import:
pulumi import aws:s3/bucketPolicy:BucketPolicy example my-bucket-nameBucketPublicAccessBlock
Manages the public access block configuration for an individual S3 bucket.
func NewBucketPublicAccessBlock(ctx *pulumi.Context, name string, args *BucketPublicAccessBlockArgs, opts ...pulumi.ResourceOption) (*BucketPublicAccessBlock, error)func GetBucketPublicAccessBlock(ctx *pulumi.Context, name string, id pulumi.IDInput, state *BucketPublicAccessBlockState, opts ...pulumi.ResourceOption) (*BucketPublicAccessBlock, error)BucketPublicAccessBlockArgs fields:
| Field | Type | Description |
|---|---|---|
Bucket | pulumi.StringInput | Required. Bucket name or ID. |
BlockPublicAcls | pulumi.BoolPtrInput | Block public ACL creation. Default: false. |
BlockPublicPolicy | pulumi.BoolPtrInput | Block public bucket policies. Default: false. |
IgnorePublicAcls | pulumi.BoolPtrInput | Ignore existing public ACLs. Default: false. |
RestrictPublicBuckets | pulumi.BoolPtrInput | Restrict public access via public policies. Default: false. |
SkipDestroy | pulumi.BoolPtrInput | If true, removes from state without deleting. Default: false. |
Example: Fully Block Public Access
_, err = s3.NewBucketPublicAccessBlock(ctx, "block", &s3.BucketPublicAccessBlockArgs{
Bucket: bucket.ID(),
BlockPublicAcls: pulumi.Bool(true),
BlockPublicPolicy: pulumi.Bool(true),
IgnorePublicAcls: pulumi.Bool(true),
RestrictPublicBuckets: pulumi.Bool(true),
})Import:
pulumi import aws:s3/bucketPublicAccessBlock:BucketPublicAccessBlock example my-bucketAccountPublicAccessBlock
Manages the account-level S3 public access block configuration. There can only be one per AWS account.
func NewAccountPublicAccessBlock(ctx *pulumi.Context, name string, args *AccountPublicAccessBlockArgs, opts ...pulumi.ResourceOption) (*AccountPublicAccessBlock, error)func GetAccountPublicAccessBlock(ctx *pulumi.Context, name string, id pulumi.IDInput, state *AccountPublicAccessBlockState, opts ...pulumi.ResourceOption) (*AccountPublicAccessBlock, error)AccountPublicAccessBlockArgs fields:
| Field | Type | Description |
|---|---|---|
AccountId | pulumi.StringPtrInput | AWS account ID. Defaults to the provider account. |
BlockPublicAcls | pulumi.BoolPtrInput | Block public ACLs for all buckets in the account. |
BlockPublicPolicy | pulumi.BoolPtrInput | Block public bucket policies for all buckets. |
IgnorePublicAcls | pulumi.BoolPtrInput | Ignore public ACLs on all buckets. |
RestrictPublicBuckets | pulumi.BoolPtrInput | Restrict public bucket policies for all buckets. |
Note: Uses the
s3controlAPI endpoint, nots3. Uses3controlendpoint configuration if overriding.
Import:
pulumi import aws:s3/accountPublicAccessBlock:AccountPublicAccessBlock example 123456789012BucketVersioning
Manages versioning state for an S3 bucket. Cannot be used with directory buckets.
func NewBucketVersioning(ctx *pulumi.Context, name string, args *BucketVersioningArgs, opts ...pulumi.ResourceOption) (*BucketVersioning, error)func GetBucketVersioning(ctx *pulumi.Context, name string, id pulumi.IDInput, state *BucketVersioningState, opts ...pulumi.ResourceOption) (*BucketVersioning, error)BucketVersioningArgs fields:
| Field | Type | Description |
|---|---|---|
Bucket | pulumi.StringInput | Required. Bucket name or ID. |
VersioningConfiguration | BucketVersioningVersioningConfigurationInput | Required. Nested block with Status (Enabled or Suspended) and optional MfaDelete (Enabled or Disabled). |
ExpectedBucketOwner | pulumi.StringPtrInput | Account ID of expected bucket owner. |
Mfa | pulumi.StringPtrInput | MFA device serial and token for MFA Delete. |
Example: Enable Versioning
_, err = s3.NewBucketVersioning(ctx, "versioning", &s3.BucketVersioningArgs{
Bucket: bucket.ID(),
VersioningConfiguration: &s3.BucketVersioningVersioningConfigurationArgs{
Status: pulumi.String("Enabled"),
},
})BucketAcl
Manages the ACL for an S3 bucket. Cannot be used with directory buckets. Requires ObjectOwnership to be set to BucketOwnerPreferred or ObjectWriter.
func NewBucketAcl(ctx *pulumi.Context, name string, args *BucketAclArgs, opts ...pulumi.ResourceOption) (*BucketAcl, error)func GetBucketAcl(ctx *pulumi.Context, name string, id pulumi.IDInput, state *BucketAclState, opts ...pulumi.ResourceOption) (*BucketAcl, error)BucketAclArgs fields:
| Field | Type | Description |
|---|---|---|
Bucket | pulumi.StringInput | Required. Bucket name or ID. |
Acl | pulumi.StringPtrInput | Canned ACL: private, public-read, public-read-write, aws-exec-read, authenticated-read, bucket-owner-read, bucket-owner-full-control, log-delivery-write. |
AccessControlPolicy | BucketAclAccessControlPolicyPtrInput | Explicit ACL policy with grants and owner. Conflicts with Acl. |
ExpectedBucketOwner | pulumi.StringPtrInput | Account ID of expected bucket owner. |
Example: Private ACL
ownershipControls, err := s3.NewBucketOwnershipControls(ctx, "controls", &s3.BucketOwnershipControlsArgs{
Bucket: bucket.ID(),
Rule: &s3.BucketOwnershipControlsRuleArgs{
ObjectOwnership: pulumi.String("BucketOwnerPreferred"),
},
})
_, err = s3.NewBucketAcl(ctx, "acl", &s3.BucketAclArgs{
Bucket: bucket.ID(),
Acl: pulumi.String("private"),
}, pulumi.DependsOn([]pulumi.Resource{ownershipControls}))BucketOwnershipControls
Manages S3 bucket ownership controls. Cannot be used with directory buckets.
func NewBucketOwnershipControls(ctx *pulumi.Context, name string, args *BucketOwnershipControlsArgs, opts ...pulumi.ResourceOption) (*BucketOwnershipControls, error)func GetBucketOwnershipControls(ctx *pulumi.Context, name string, id pulumi.IDInput, state *BucketOwnershipControlsState, opts ...pulumi.ResourceOption) (*BucketOwnershipControls, error)BucketOwnershipControlsArgs fields:
| Field | Type | Description |
|---|---|---|
Bucket | pulumi.StringInput | Required. Bucket name or ID. |
Rule | BucketOwnershipControlsRuleInput | Required. Block with ObjectOwnership: BucketOwnerPreferred, ObjectWriter, or BucketOwnerEnforced. |
BucketServerSideEncryptionConfiguration
Configures default server-side encryption for an S3 bucket.
func NewBucketServerSideEncryptionConfiguration(ctx *pulumi.Context, name string, args *BucketServerSideEncryptionConfigurationArgs, opts ...pulumi.ResourceOption) (*BucketServerSideEncryptionConfiguration, error)func GetBucketServerSideEncryptionConfiguration(ctx *pulumi.Context, name string, id pulumi.IDInput, state *BucketServerSideEncryptionConfigurationState, opts ...pulumi.ResourceOption) (*BucketServerSideEncryptionConfiguration, error)BucketServerSideEncryptionConfigurationArgs fields:
| Field | Type | Description |
|---|---|---|
Bucket | pulumi.StringInput | Required. Bucket ID. |
Rules | BucketServerSideEncryptionConfigurationRuleArrayInput | Required. Encryption rules array (max 1). Each rule contains ApplyServerSideEncryptionByDefault with SseAlgorithm (aws:kms or AES256) and optional KmsMasterKeyId. |
ExpectedBucketOwner | pulumi.StringPtrInput | Expected owner account ID. |
Example: KMS Encryption
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/kms"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/s3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
myKey, _ := kms.NewKey(ctx, "myKey", &kms.KeyArgs{
Description: pulumi.String("S3 bucket encryption key"),
DeletionWindowInDays: pulumi.Int(10),
})
_, err = s3.NewBucketServerSideEncryptionConfiguration(ctx, "encryption", &s3.BucketServerSideEncryptionConfigurationArgs{
Bucket: bucket.ID(),
Rules: s3.BucketServerSideEncryptionConfigurationRuleArray{
&s3.BucketServerSideEncryptionConfigurationRuleArgs{
ApplyServerSideEncryptionByDefault: &s3.BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefaultArgs{
KmsMasterKeyId: myKey.Arn,
SseAlgorithm: pulumi.String("aws:kms"),
},
},
},
})BucketLifecycleConfiguration
Manages lifecycle rules for an S3 bucket (e.g., transition to cheaper storage classes, expiration).
func NewBucketLifecycleConfiguration(ctx *pulumi.Context, name string, args *BucketLifecycleConfigurationArgs, opts ...pulumi.ResourceOption) (*BucketLifecycleConfiguration, error)func GetBucketLifecycleConfiguration(ctx *pulumi.Context, name string, id pulumi.IDInput, state *BucketLifecycleConfigurationState, opts ...pulumi.ResourceOption) (*BucketLifecycleConfiguration, error)BucketLifecycleConfigurationArgs fields:
| Field | Type | Description |
|---|---|---|
Bucket | pulumi.StringInput | Required. Bucket name or ID. |
Rules | BucketLifecycleConfigurationRuleArrayInput | Required. Lifecycle rules array. |
ExpectedBucketOwner | pulumi.StringPtrInput | Expected owner account ID. |
TransitionDefaultMinimumObjectSize | pulumi.StringPtrInput | Default: all_storage_classes_128K. Or variesByStorageClass. |
Each rule includes: Id, Status (Enabled/Disabled), optional Filter, Expiration, Transition, NoncurrentVersionExpiration, NoncurrentVersionTransition, and AbortIncompleteMultipartUpload.
Example: Transition and Expiration
_, err = s3.NewBucketLifecycleConfiguration(ctx, "lifecycle", &s3.BucketLifecycleConfigurationArgs{
Bucket: bucket.ID(),
Rules: s3.BucketLifecycleConfigurationRuleArray{
&s3.BucketLifecycleConfigurationRuleArgs{
Id: pulumi.String("archive-old-logs"),
Status: pulumi.String("Enabled"),
Filter: &s3.BucketLifecycleConfigurationRuleFilterArgs{
Prefix: pulumi.String("logs/"),
},
Transitions: s3.BucketLifecycleConfigurationRuleTransitionArray{
&s3.BucketLifecycleConfigurationRuleTransitionArgs{
Days: pulumi.Int(30),
StorageClass: pulumi.String("STANDARD_IA"),
},
&s3.BucketLifecycleConfigurationRuleTransitionArgs{
Days: pulumi.Int(90),
StorageClass: pulumi.String("GLACIER"),
},
},
Expiration: &s3.BucketLifecycleConfigurationRuleExpirationArgs{
Days: pulumi.Int(365),
},
},
},
})Note: Only one
BucketLifecycleConfigurationper bucket is supported.
BucketCorsConfiguration
Manages Cross-Origin Resource Sharing (CORS) configuration. Cannot be used with directory buckets.
func NewBucketCorsConfiguration(ctx *pulumi.Context, name string, args *BucketCorsConfigurationArgs, opts ...pulumi.ResourceOption) (*BucketCorsConfiguration, error)func GetBucketCorsConfiguration(ctx *pulumi.Context, name string, id pulumi.IDInput, state *BucketCorsConfigurationState, opts ...pulumi.ResourceOption) (*BucketCorsConfiguration, error)BucketCorsConfigurationArgs fields:
| Field | Type | Description |
|---|---|---|
Bucket | pulumi.StringInput | Required. Bucket name or ID. |
CorsRules | BucketCorsConfigurationCorsRuleArrayInput | Required. CORS rules (max 100). Each rule has AllowedMethods, AllowedOrigins, optional AllowedHeaders, ExposeHeaders, MaxAgeSeconds, Id. |
ExpectedBucketOwner | pulumi.StringPtrInput | Expected owner account ID. |
Note: Only one
BucketCorsConfigurationper bucket is supported.
BucketLogging
Manages server access logging for an S3 bucket. Cannot be used with directory buckets.
func NewBucketLogging(ctx *pulumi.Context, name string, args *BucketLoggingArgs, opts ...pulumi.ResourceOption) (*BucketLogging, error)func GetBucketLogging(ctx *pulumi.Context, name string, id pulumi.IDInput, state *BucketLoggingState, opts ...pulumi.ResourceOption) (*BucketLogging, error)BucketLoggingArgs fields:
| Field | Type | Description |
|---|---|---|
Bucket | pulumi.StringInput | Required. Source bucket name or ID. |
TargetBucket | pulumi.StringInput | Required. Destination bucket for logs. |
TargetPrefix | pulumi.StringInput | Required. Log object key prefix. |
ExpectedBucketOwner | pulumi.StringPtrInput | Expected owner account ID. |
TargetGrants | BucketLoggingTargetGrantArrayInput | Grants for log delivery. |
TargetObjectKeyFormat | BucketLoggingTargetObjectKeyFormatPtrInput | Key format for log objects. |
BucketNotification
Manages event notifications for an S3 bucket. Cannot be used with directory buckets.
func NewBucketNotification(ctx *pulumi.Context, name string, args *BucketNotificationArgs, opts ...pulumi.ResourceOption) (*BucketNotification, error)func GetBucketNotification(ctx *pulumi.Context, name string, id pulumi.IDInput, state *BucketNotificationState, opts ...pulumi.ResourceOption) (*BucketNotification, error)BucketNotificationArgs fields:
| Field | Type | Description |
|---|---|---|
Bucket | pulumi.StringInput | Required. Bucket name or ID. |
Eventbridge | pulumi.BoolPtrInput | Enable EventBridge notifications. Default: false. |
LambdaFunctions | BucketNotificationLambdaFunctionArrayInput | Lambda function notifications. |
Queues | BucketNotificationQueueArrayInput | SQS queue notifications. |
Topics | BucketNotificationTopicArrayInput | SNS topic notifications. |
Note: Only one
BucketNotificationper bucket. This resource overwrites all existing notifications.
BucketObjectLockConfiguration
Manages Object Lock configuration for new and existing S3 buckets. Cannot be used with directory buckets.
func NewBucketObjectLockConfiguration(ctx *pulumi.Context, name string, args *BucketObjectLockConfigurationArgs, opts ...pulumi.ResourceOption) (*BucketObjectLockConfiguration, error)func GetBucketObjectLockConfiguration(ctx *pulumi.Context, name string, id pulumi.IDInput, state *BucketObjectLockConfigurationState, opts ...pulumi.ResourceOption) (*BucketObjectLockConfiguration, error)BucketObjectLockConfigurationArgs fields:
| Field | Type | Description |
|---|---|---|
Bucket | pulumi.StringInput | Required. Bucket name or ID. |
ObjectLockEnabled | pulumi.StringPtrInput | Enabled (default). |
Rule | BucketObjectLockConfigurationRulePtrInput | Default lock settings with DefaultRetention block containing Mode and Days/Years. |
ExpectedBucketOwner | pulumi.StringPtrInput | Expected owner account ID. |
Token | pulumi.StringPtrInput | Token for enabling Object Lock on existing buckets (deprecated). |
BucketReplicationConfig
Manages S3 bucket cross-region or same-region replication.
func NewBucketReplicationConfig(ctx *pulumi.Context, name string, args *BucketReplicationConfigArgs, opts ...pulumi.ResourceOption) (*BucketReplicationConfig, error)func GetBucketReplicationConfig(ctx *pulumi.Context, name string, id pulumi.IDInput, state *BucketReplicationConfigState, opts ...pulumi.ResourceOption) (*BucketReplicationConfig, error)BucketReplicationConfigArgs fields:
| Field | Type | Description |
|---|---|---|
Bucket | pulumi.StringInput | Required. Source bucket name or ID. |
Role | pulumi.StringInput | Required. IAM role ARN for replication. |
Rules | BucketReplicationConfigRuleArrayInput | Required. Replication rules array. Each rule has Id, Status, Destination, optional Filter, Priority. |
Token | pulumi.StringPtrInput | Token for Object Lock-enabled buckets. |
BucketWebsiteConfiguration
Configures static website hosting for an S3 bucket. Cannot be used with directory buckets.
func NewBucketWebsiteConfiguration(ctx *pulumi.Context, name string, args *BucketWebsiteConfigurationArgs, opts ...pulumi.ResourceOption) (*BucketWebsiteConfiguration, error)func GetBucketWebsiteConfiguration(ctx *pulumi.Context, name string, id pulumi.IDInput, state *BucketWebsiteConfigurationState, opts ...pulumi.ResourceOption) (*BucketWebsiteConfiguration, error)BucketWebsiteConfigurationArgs fields:
| Field | Type | Description |
|---|---|---|
Bucket | pulumi.StringInput | Required. Bucket name or ID. |
IndexDocument | BucketWebsiteConfigurationIndexDocumentPtrInput | Index document with Suffix field. |
ErrorDocument | BucketWebsiteConfigurationErrorDocumentPtrInput | Error document with Key field. |
RedirectAllRequestsTo | BucketWebsiteConfigurationRedirectAllRequestsToPtrInput | Redirect all requests. Conflicts with other settings. |
RoutingRules | BucketWebsiteConfigurationRoutingRuleArrayInput | Routing rules array. |
RoutingRuleDetails | pulumi.StringPtrInput | JSON routing rules string (alternative to RoutingRules for empty string values). |
ExpectedBucketOwner | pulumi.StringPtrInput | Expected owner account ID. |
BucketWebsiteConfiguration output attributes:
| Attribute | Type | Description |
|---|---|---|
WebsiteEndpoint | pulumi.StringOutput | Website endpoint URL |
WebsiteDomain | pulumi.StringOutput | Website domain (for Route 53 aliases) |
BucketMetric
Configures CloudWatch request metrics for an S3 bucket. Cannot be used with directory buckets.
func NewBucketMetric(ctx *pulumi.Context, name string, args *BucketMetricArgs, opts ...pulumi.ResourceOption) (*BucketMetric, error)func GetBucketMetric(ctx *pulumi.Context, name string, id pulumi.IDInput, state *BucketMetricState, opts ...pulumi.ResourceOption) (*BucketMetric, error)BucketMetricArgs fields:
| Field | Type | Description |
|---|---|---|
Bucket | pulumi.StringInput | Required. Bucket name or ID. |
Name | pulumi.StringInput | Required. Metrics configuration identifier (max 64 characters). |
Filter | BucketMetricFilterPtrInput | Object filter by Prefix and/or Tags. |
AccessPoint
Manages an S3 Access Point for controlled access to a bucket. Works with general purpose and directory buckets.
func NewAccessPoint(ctx *pulumi.Context, name string, args *AccessPointArgs, opts ...pulumi.ResourceOption) (*AccessPoint, error)func GetAccessPoint(ctx *pulumi.Context, name string, id pulumi.IDInput, state *AccessPointState, opts ...pulumi.ResourceOption) (*AccessPoint, error)AccessPointArgs fields:
| Field | Type | Description |
|---|---|---|
Bucket | pulumi.StringInput | Required. Bucket name or S3 on Outposts bucket ARN. |
Name | pulumi.StringInput | Required. Access point name. |
AccountId | pulumi.StringPtrInput | AWS account ID. Defaults to provider account. |
BucketAccountId | pulumi.StringPtrInput | Account ID of the bucket owner (for cross-account). |
Policy | pulumi.StringPtrInput | JSON access point policy. Set to "{}" to remove. |
PublicAccessBlockConfiguration | AccessPointPublicAccessBlockConfigurationPtrInput | Public access block settings. |
VpcConfiguration | AccessPointVpcConfigurationPtrInput | VPC restriction. Required for S3 on Outposts. |
Tags | pulumi.StringMapInput | Resource tags. |
AccessPoint output attributes:
| Attribute | Type | Description |
|---|---|---|
Arn | pulumi.StringOutput | Access point ARN |
Alias | pulumi.StringOutput | Access point alias |
DomainName | pulumi.StringOutput | DNS domain name |
Endpoints | pulumi.StringMapOutput | VPC endpoints |
NetworkOrigin | pulumi.StringOutput | VPC or Internet |
Note: Uses
s3controlAPI endpoint. Configures3controlprovider endpoint if needed, nots3.
AnalyticsConfiguration
Manages S3 bucket analytics configuration.
func NewAnalyticsConfiguration(ctx *pulumi.Context, name string, args *AnalyticsConfigurationArgs, opts ...pulumi.ResourceOption) (*AnalyticsConfiguration, error)BucketIntelligentTieringConfiguration
Manages S3 Intelligent-Tiering configuration.
func NewBucketIntelligentTieringConfiguration(ctx *pulumi.Context, name string, args *BucketIntelligentTieringConfigurationArgs, opts ...pulumi.ResourceOption) (*BucketIntelligentTieringConfiguration, error)Inventory
Manages S3 inventory configuration for a bucket.
func NewInventory(ctx *pulumi.Context, name string, args *InventoryArgs, opts ...pulumi.ResourceOption) (*Inventory, error)ObjectCopy
Copies an object within or between S3 buckets.
func NewObjectCopy(ctx *pulumi.Context, name string, args *ObjectCopyArgs, opts ...pulumi.ResourceOption) (*ObjectCopy, error)BucketAccelerateConfiguration
Manages S3 Transfer Acceleration for a bucket. Cannot be used in cn-north-1 or us-gov-west-1.
func NewBucketAccelerateConfiguration(ctx *pulumi.Context, name string, args *BucketAccelerateConfigurationArgs, opts ...pulumi.ResourceOption) (*BucketAccelerateConfiguration, error)BucketRequestPaymentConfiguration
Configures Requester Pays for an S3 bucket.
func NewBucketRequestPaymentConfiguration(ctx *pulumi.Context, name string, args *BucketRequestPaymentConfigurationArgs, opts ...pulumi.ResourceOption) (*BucketRequestPaymentConfiguration, error)BucketMetadataConfiguration
Manages S3 bucket metadata configuration.
func NewBucketMetadataConfiguration(ctx *pulumi.Context, name string, args *BucketMetadataConfigurationArgs, opts ...pulumi.ResourceOption) (*BucketMetadataConfiguration, error)BucketAbac
Manages Attribute-Based Access Control (ABAC) for an S3 bucket.
func NewBucketAbac(ctx *pulumi.Context, name string, args *BucketAbacArgs, opts ...pulumi.ResourceOption) (*BucketAbac, error)VectorsVectorBucket
Manages an S3 Vectors vector bucket.
func NewVectorsVectorBucket(ctx *pulumi.Context, name string, args *VectorsVectorBucketArgs, opts ...pulumi.ResourceOption) (*VectorsVectorBucket, error)VectorsIndex
Manages an index within an S3 Vectors vector bucket.
func NewVectorsIndex(ctx *pulumi.Context, name string, args *VectorsIndexArgs, opts ...pulumi.ResourceOption) (*VectorsIndex, error)VectorsVectorBucketPolicy
Manages the policy for an S3 Vectors vector bucket.
func NewVectorsVectorBucketPolicy(ctx *pulumi.Context, name string, args *VectorsVectorBucketPolicyArgs, opts ...pulumi.ResourceOption) (*VectorsVectorBucketPolicy, error)Data Sources
GetObject
Retrieves metadata and optionally the content of an S3 object.
func GetObject(ctx *pulumi.Context, args *GetObjectArgs, opts ...pulumi.InvokeOption) (*GetObjectResult, error)GetObjectArgs fields:
| Field | Type | Description |
|---|---|---|
Bucket | string | Required. Bucket name or S3 access point ARN. |
Key | string | Required. Full path to the object. |
VersionId | *string | Specific version ID. Defaults to latest. |
Range | *string | HTTP range for partial content retrieval. |
ChecksumMode | *string | Set to ENABLED to retrieve checksums. |
Tags | map[string]string | Tags filter. |
Region | *string | AWS region. |
Note: The
bodyfield is only populated for human-readableContent-Typevalues (e.g.,text/*,application/json).
Example: Get Startup Script
script, err := s3.GetObject(ctx, &s3.GetObjectArgs{
Bucket: "my-config-bucket",
Key: "scripts/startup.sh",
}, nil)
if err != nil {
return err
}
ctx.Export("scriptBody", pulumi.String(script.Body))GetObjects
Lists objects in an S3 bucket matching given criteria. Replaces the deprecated GetBucketObjects.
func GetObjects(ctx *pulumi.Context, args *GetObjectsArgs, opts ...pulumi.InvokeOption) (*GetObjectsResult, error)func GetObjectsOutput(ctx *pulumi.Context, args *GetObjectsOutputArgs, opts ...pulumi.InvokeOption) GetObjectsResultOutputGetBucketObjects (Deprecated)
Deprecated: Use
GetObjectsinstead.
func GetBucketObjects(ctx *pulumi.Context, args *GetBucketObjectsArgs, opts ...pulumi.InvokeOption) (*GetBucketObjectsResult, error)GetCanonicalUserId
Returns the S3 canonical user ID for the current AWS account. Requires s3:ListAllMyBuckets permission.
func GetCanonicalUserId(ctx *pulumi.Context, opts ...pulumi.InvokeOption) (*GetCanonicalUserIdResult, error)func GetCanonicalUserIdOutput(ctx *pulumi.Context, opts ...pulumi.InvokeOption) GetCanonicalUserIdResultOutputGetCanonicalUserIdResult fields:
| Field | Type | Description |
|---|---|---|
Id | string | The canonical user ID |
Example:
current, err := s3.GetCanonicalUserId(ctx, map[string]interface{}{}, nil)
if err != nil {
return err
}
ctx.Export("canonicalUserId", pulumi.String(current.Id))GetBucket
Retrieves metadata about an existing S3 bucket.
func GetBucket(ctx *pulumi.Context, args *GetBucketArgs, opts ...pulumi.InvokeOption) (*GetBucketResult, error)GetBucketV2
func GetBucketV2(ctx *pulumi.Context, args *GetBucketV2Args, opts ...pulumi.InvokeOption) (*GetBucketV2Result, error)GetAccountPublicAccessBlock
func GetAccountPublicAccessBlock(ctx *pulumi.Context, args *GetAccountPublicAccessBlockArgs, opts ...pulumi.InvokeOption) (*GetAccountPublicAccessBlockResult, error)GetAccessPoint
func GetAccessPoint(ctx *pulumi.Context, args *GetAccessPointArgs, opts ...pulumi.InvokeOption) (*GetAccessPointResult, error)GetBucketPolicy
func GetBucketPolicy(ctx *pulumi.Context, args *GetBucketPolicyArgs, opts ...pulumi.InvokeOption) (*GetBucketPolicyResult, error)GetBucketPublicAccessBlock
func GetBucketPublicAccessBlock(ctx *pulumi.Context, args *GetBucketPublicAccessBlockArgs, opts ...pulumi.InvokeOption) (*GetBucketPublicAccessBlockResult, error)GetDirectoryBucket
func GetDirectoryBucket(ctx *pulumi.Context, args *GetDirectoryBucketArgs, opts ...pulumi.InvokeOption) (*GetDirectoryBucketResult, error)GetDirectoryBuckets
Lists all S3 Express directory buckets.
func GetDirectoryBuckets(ctx *pulumi.Context, args *GetDirectoryBucketsArgs, opts ...pulumi.InvokeOption) (*GetDirectoryBucketsResult, error)func GetDirectoryBucketsOutput(ctx *pulumi.Context, args *GetDirectoryBucketsOutputArgs, opts ...pulumi.InvokeOption) GetDirectoryBucketsResultOutputGetBucketObjectv2
func GetBucketObjectv2(ctx *pulumi.Context, args *GetBucketObjectv2Args, opts ...pulumi.InvokeOption) (*GetBucketObjectv2Result, error)Other Data Sources
func GetAnalyticsConfiguration(ctx *pulumi.Context, args *GetAnalyticsConfigurationArgs, opts ...pulumi.InvokeOption) (*GetAnalyticsConfigurationResult, error)
func GetBucketAcl(ctx *pulumi.Context, args *GetBucketAclArgs, opts ...pulumi.InvokeOption) (*GetBucketAclResult, error)
func GetBucketCorsConfiguration(ctx *pulumi.Context, args *GetBucketCorsConfigurationArgs, opts ...pulumi.InvokeOption) (*GetBucketCorsConfigurationResult, error)
func GetBucketLifecycleConfiguration(ctx *pulumi.Context, args *GetBucketLifecycleConfigurationArgs, opts ...pulumi.InvokeOption) (*GetBucketLifecycleConfigurationResult, error)
func GetBucketLogging(ctx *pulumi.Context, args *GetBucketLoggingArgs, opts ...pulumi.InvokeOption) (*GetBucketLoggingResult, error)
func GetBucketNotification(ctx *pulumi.Context, args *GetBucketNotificationArgs, opts ...pulumi.InvokeOption) (*GetBucketNotificationResult, error)
func GetBucketObjectLockConfiguration(ctx *pulumi.Context, args *GetBucketObjectLockConfigurationArgs, opts ...pulumi.InvokeOption) (*GetBucketObjectLockConfigurationResult, error)
func GetBucketOwnershipControls(ctx *pulumi.Context, args *GetBucketOwnershipControlsArgs, opts ...pulumi.InvokeOption) (*GetBucketOwnershipControlsResult, error)
func GetBucketReplicationConfig(ctx *pulumi.Context, args *GetBucketReplicationConfigArgs, opts ...pulumi.InvokeOption) (*GetBucketReplicationConfigResult, error)
func GetBucketServerSideEncryptionConfiguration(ctx *pulumi.Context, args *GetBucketServerSideEncryptionConfigurationArgs, opts ...pulumi.InvokeOption) (*GetBucketServerSideEncryptionConfigurationResult, error)
func GetBucketVersioning(ctx *pulumi.Context, args *GetBucketVersioningArgs, opts ...pulumi.InvokeOption) (*GetBucketVersioningResult, error)
func GetBucketWebsiteConfiguration(ctx *pulumi.Context, args *GetBucketWebsiteConfigurationArgs, opts ...pulumi.InvokeOption) (*GetBucketWebsiteConfigurationResult, error)
func GetInventory(ctx *pulumi.Context, args *GetInventoryArgs, opts ...pulumi.InvokeOption) (*GetInventoryResult, error)
func GetBucketAbac(ctx *pulumi.Context, args *GetBucketAbacArgs, opts ...pulumi.InvokeOption) (*GetBucketAbacResult, error)
func GetBucketMetadataConfiguration(ctx *pulumi.Context, args *GetBucketMetadataConfigurationArgs, opts ...pulumi.InvokeOption) (*GetBucketMetadataConfigurationResult, error)
func GetBucketIntelligentTieringConfiguration(ctx *pulumi.Context, args *GetBucketIntelligentTieringConfigurationArgs, opts ...pulumi.InvokeOption) (*GetBucketIntelligentTieringConfigurationResult, error)
func GetVectorsVectorBucket(ctx *pulumi.Context, args *GetVectorsVectorBucketArgs, opts ...pulumi.InvokeOption) (*GetVectorsVectorBucketResult, error)
func GetVectorsVectorBucketPolicy(ctx *pulumi.Context, args *GetVectorsVectorBucketPolicyArgs, opts ...pulumi.InvokeOption) (*GetVectorsVectorBucketPolicyResult, error)Complete Usage Example
This example creates a fully configured, secure S3 bucket with versioning, encryption, lifecycle rules, and public access block:
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/kms"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/s3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// KMS key for bucket encryption
kmsKey, err := kms.NewKey(ctx, "bucketKey", &kms.KeyArgs{
Description: pulumi.String("S3 bucket encryption key"),
DeletionWindowInDays: pulumi.Int(10),
})
if err != nil {
return err
}
// Create the bucket
bucket, err := s3.NewBucket(ctx, "appBucket", &s3.BucketArgs{
Bucket: pulumi.String("my-app-data"),
Tags: pulumi.StringMap{
"Environment": pulumi.String("production"),
},
})
if err != nil {
return err
}
// Block all public access
_, err = s3.NewBucketPublicAccessBlock(ctx, "publicAccessBlock", &s3.BucketPublicAccessBlockArgs{
Bucket: bucket.ID(),
BlockPublicAcls: pulumi.Bool(true),
BlockPublicPolicy: pulumi.Bool(true),
IgnorePublicAcls: pulumi.Bool(true),
RestrictPublicBuckets: pulumi.Bool(true),
})
if err != nil {
return err
}
// Enable versioning
_, err = s3.NewBucketVersioning(ctx, "versioning", &s3.BucketVersioningArgs{
Bucket: bucket.ID(),
VersioningConfiguration: &s3.BucketVersioningVersioningConfigurationArgs{
Status: pulumi.String("Enabled"),
},
})
if err != nil {
return err
}
// Enable KMS encryption
_, err = s3.NewBucketServerSideEncryptionConfiguration(ctx, "encryption", &s3.BucketServerSideEncryptionConfigurationArgs{
Bucket: bucket.ID(),
Rules: s3.BucketServerSideEncryptionConfigurationRuleArray{
&s3.BucketServerSideEncryptionConfigurationRuleArgs{
ApplyServerSideEncryptionByDefault: &s3.BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefaultArgs{
KmsMasterKeyId: kmsKey.Arn,
SseAlgorithm: pulumi.String("aws:kms"),
},
BucketKeyEnabled: pulumi.Bool(true),
},
},
})
if err != nil {
return err
}
// Lifecycle: transition old objects to Glacier, expire after 2 years
_, err = s3.NewBucketLifecycleConfiguration(ctx, "lifecycle", &s3.BucketLifecycleConfigurationArgs{
Bucket: bucket.ID(),
Rules: s3.BucketLifecycleConfigurationRuleArray{
&s3.BucketLifecycleConfigurationRuleArgs{
Id: pulumi.String("data-archival"),
Status: pulumi.String("Enabled"),
Transitions: s3.BucketLifecycleConfigurationRuleTransitionArray{
&s3.BucketLifecycleConfigurationRuleTransitionArgs{
Days: pulumi.Int(90),
StorageClass: pulumi.String("GLACIER"),
},
},
Expiration: &s3.BucketLifecycleConfigurationRuleExpirationArgs{
Days: pulumi.Int(730),
},
NoncurrentVersionExpiration: &s3.BucketLifecycleConfigurationRuleNoncurrentVersionExpirationArgs{
NoncurrentDays: pulumi.Int(30),
},
},
},
})
if err != nil {
return err
}
ctx.Export("bucketId", bucket.ID())
ctx.Export("bucketArn", bucket.Arn)
return nil
})
}Install with Tessl CLI
npx tessl i tessl/golang-github-com-pulumi-pulumi-aws-sdk-v7@7.16.1docs