CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl/npm-pulumi--aws

A Pulumi package for creating and managing Amazon Web Services (AWS) cloud resources with infrastructure-as-code.

Pending

Quality

Pending

Does it follow best practices?

Impact

Pending

No eval scenarios have been run

Overview
Eval results
Files

s3.mddocs/storage/

S3 - Amazon Simple Storage Service

Amazon S3 provides object storage with high durability, availability, and scalability.

Common Tasks

Create a private bucket with versioning

import * as aws from "@pulumi/aws";

const bucket = new aws.s3.BucketV2("my-bucket", {
    bucket: "my-unique-bucket-name",
    tags: { Environment: "production" },
});

new aws.s3.BucketVersioningV2("versioning", {
    bucket: bucket.id,
    versioningConfiguration: { status: "Enabled" },
});

Upload a file to S3

import * as aws from "@pulumi/aws";
import * as pulumi from "@pulumi/pulumi";

const obj = new aws.s3.BucketObjectv2("file", {
    bucket: bucket.id,
    key: "path/to/file.txt",
    source: new pulumi.asset.FileAsset("./local-file.txt"),
    contentType: "text/plain",
});

Block all public access

import * as aws from "@pulumi/aws";

new aws.s3.BucketPublicAccessBlock("private", {
    bucket: bucket.id,
    blockPublicAcls: true,
    blockPublicPolicy: true,
    ignorePublicAcls: true,
    restrictPublicBuckets: true,
});

Capabilities

BucketV2

Create and manage S3 buckets (V2 API).

class BucketV2 extends pulumi.CustomResource {
    constructor(name: string, args?: BucketV2Args, opts?: pulumi.CustomResourceOptions);

    readonly id: pulumi.Output<string>;
    readonly arn: pulumi.Output<string>;
    readonly bucket: pulumi.Output<string>;
}

interface BucketV2Args {
    bucket?: pulumi.Input<string>;
    forceDestroy?: pulumi.Input<boolean>;
    tags?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;
}

Example: Create a bucket with tags

const bucket = new aws.s3.BucketV2("my-bucket", {
    bucket: "my-unique-bucket-name",
    tags: {
        Environment: "production",
        Team: "platform"
    },
    forceDestroy: true, // Allow Pulumi to delete non-empty bucket
});

BucketObjectv2

Upload objects to S3 buckets.

class BucketObjectv2 extends pulumi.CustomResource {
    constructor(name: string, args: BucketObjectv2Args, opts?: pulumi.CustomResourceOptions);
}

interface BucketObjectv2Args {
    bucket: pulumi.Input<string>;
    key: pulumi.Input<string>;
    source?: pulumi.Input<pulumi.asset.Asset | pulumi.asset.Archive>;
    content?: pulumi.Input<string>;
    contentType?: pulumi.Input<string>;
    acl?: pulumi.Input<string>;
    tags?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;
}

Example: Upload different types of content

// Upload from file
const fileObj = new aws.s3.BucketObjectv2("file", {
    bucket: bucket.id,
    key: "data/report.pdf",
    source: new pulumi.asset.FileAsset("./report.pdf"),
    contentType: "application/pdf",
});

// Upload inline content
const htmlObj = new aws.s3.BucketObjectv2("index", {
    bucket: bucket.id,
    key: "index.html",
    content: "<html><body><h1>Hello World</h1></body></html>",
    contentType: "text/html",
});

// Upload directory as archive
const archiveObj = new aws.s3.BucketObjectv2("archive", {
    bucket: bucket.id,
    key: "assets.zip",
    source: new pulumi.asset.FileArchive("./assets"),
});

BucketPolicy

Manage bucket policies.

class BucketPolicy extends pulumi.CustomResource {
    constructor(name: string, args: BucketPolicyArgs, opts?: pulumi.CustomResourceOptions);
}

interface BucketPolicyArgs {
    bucket: pulumi.Input<string>;
    policy: pulumi.Input<string | PolicyDocument>;
}

Example: Grant read access to specific IAM role

const policy = new aws.s3.BucketPolicy("bucket-policy", {
    bucket: bucket.id,
    policy: pulumi.all([bucket.arn, roleArn]).apply(([bucketArn, role]) => JSON.stringify({
        Version: "2012-10-17",
        Statement: [{
            Effect: "Allow",
            Principal: { AWS: role },
            Action: ["s3:GetObject", "s3:ListBucket"],
            Resource: [bucketArn, `${bucketArn}/*`]
        }]
    })),
});

BucketPublicAccessBlock

Configure public access settings.

class BucketPublicAccessBlock extends pulumi.CustomResource {
    constructor(name: string, args: BucketPublicAccessBlockArgs, opts?: pulumi.CustomResourceOptions);
}

interface BucketPublicAccessBlockArgs {
    bucket: pulumi.Input<string>;
    blockPublicAcls?: pulumi.Input<boolean>;
    blockPublicPolicy?: pulumi.Input<boolean>;
    ignorePublicAcls?: pulumi.Input<boolean>;
    restrictPublicBuckets?: pulumi.Input<boolean>;
}

Example: Secure bucket from public access

new aws.s3.BucketPublicAccessBlock("bucket-pab", {
    bucket: bucket.id,
    blockPublicAcls: true,
    blockPublicPolicy: true,
    ignorePublicAcls: true,
    restrictPublicBuckets: true,
});

BucketVersioningV2

Enable versioning for buckets.

class BucketVersioningV2 extends pulumi.CustomResource {
    constructor(name: string, args: BucketVersioningV2Args, opts?: pulumi.CustomResourceOptions);
}

interface BucketVersioningV2Args {
    bucket: pulumi.Input<string>;
    versioningConfiguration: pulumi.Input<BucketVersioningConfiguration>;
}

interface BucketVersioningConfiguration {
    status: pulumi.Input<"Enabled" | "Suspended">;
}

Example: Enable versioning for data protection

new aws.s3.BucketVersioningV2("bucket-versioning", {
    bucket: bucket.id,
    versioningConfiguration: {
        status: "Enabled",
    },
});

Usage Example

import * as aws from "@pulumi/aws";
import * as pulumi from "@pulumi/pulumi";

// Create bucket
const bucket = new aws.s3.BucketV2("my-bucket", {
    bucket: "my-unique-bucket-name",
    tags: { Environment: "production" },
});

// Enable versioning
new aws.s3.BucketVersioningV2("bucket-versioning", {
    bucket: bucket.id,
    versioningConfiguration: {
        status: "Enabled",
    },
});

// Block public access
new aws.s3.BucketPublicAccessBlock("bucket-pab", {
    bucket: bucket.id,
    blockPublicAcls: true,
    blockPublicPolicy: true,
    ignorePublicAcls: true,
    restrictPublicBuckets: true,
});

// Upload object
const obj = new aws.s3.BucketObjectv2("index", {
    bucket: bucket.id,
    key: "index.html",
    content: "<html><body><h1>Hello World</h1></body></html>",
    contentType: "text/html",
});

// Bucket policy
new aws.s3.BucketPolicy("bucket-policy", {
    bucket: bucket.id,
    policy: pulumi.interpolate`{
        "Version": "2012-10-17",
        "Statement": [{
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "${bucket.arn}/*"
        }]
    }`,
});

export const bucketName = bucket.id;
export const bucketArn = bucket.arn;

S3 module includes 42 resources for bucket configuration, objects, access control, and more. See All Services for complete list.

Related Services

  • CloudFront - Use S3 as origin for CDN distribution
  • Lambda - Process S3 events and object uploads
  • Glacier - Archive S3 objects for long-term storage
  • Backup - Automated S3 bucket backups
  • IAM - Manage S3 access with roles and policies

Install with Tessl CLI

npx tessl i tessl/npm-pulumi--aws@7.16.0

docs

storage

backup.md

ebs.md

efs.md

fsx.md

glacier.md

overview.md

s3.md

index.md

quickstart.md

README.md

tile.json