Skip to content

Data Source: awsS3Object

The S3 object data source allows access to the metadata and optionally (see below) content of an object stored inside S3 bucket.

\~> Note: The content of an object (body field) is available only for objects which have a human-readable contentType (text/* and application/json). This is to prevent printing unsafe characters and potentially downloading large amount of data which would be thrown away in favour of metadata.

Example Usage

The following example retrieves a text object (which must have a contentType value starting with text/) and uses it as the userData for an EC2 instance:

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const dataAwsS3ObjectBootstrapScript = new aws.dataAwsS3Object.DataAwsS3Object(
  this,
  "bootstrap_script",
  {
    bucket: "ourcorp-deploy-config",
    key: "ec2-bootstrap-script.sh",
  }
);
new aws.instance.Instance(this, "example", {
  ami: "ami-2757f631",
  instanceType: "t2.micro",
  userData: dataAwsS3ObjectBootstrapScript.body,
});

The following, more-complex example retrieves only the metadata for a zip file stored in S3, which is then used to pass the most recent versionId to AWS Lambda for use as a function implementation. More information about Lambda functions is available in the documentation for awsLambdaFunction.

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const dataAwsS3ObjectLambda = new aws.dataAwsS3Object.DataAwsS3Object(
  this,
  "lambda",
  {
    bucket: "ourcorp-lambda-functions",
    key: "hello-world.zip",
  }
);
new aws.lambdaFunction.LambdaFunction(this, "test_lambda", {
  functionName: "lambda_function_name",
  handler: "exports.test",
  role: "${aws_iam_role.iam_for_lambda.arn}",
  s3Bucket: dataAwsS3ObjectLambda.id,
  s3Key: dataAwsS3ObjectLambda.key,
  s3ObjectVersion: dataAwsS3ObjectLambda.versionId,
});

Argument Reference

The following arguments are supported:

  • bucket - (Required) Name of the bucket to read the object from. Alternatively, an S3 access point ARN can be specified
  • key - (Required) Full path to the object inside the bucket
  • versionId - (Optional) Specific version ID of the object returned (defaults to latest version)

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • body - Object data (see limitations above to understand cases in which this field is actually available)
  • bucketKeyEnabled - (Optional) Whether or not to use Amazon S3 Bucket Keys for SSE-KMS.
  • cacheControl - Caching behavior along the request/reply chain.
  • contentDisposition - Presentational information for the object.
  • contentEncoding - What content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field.
  • contentLanguage - Language the content is in.
  • contentLength - Size of the body in bytes.
  • contentType - Standard MIME type describing the format of the object data.
  • etag - ETag generated for the object (an MD5 sum of the object content in case it's not encrypted)
  • expiration - If the object expiration is configured (see object lifecycle management), the field includes this header. It includes the expiry-date and rule-id key value pairs providing object expiration information. The value of the rule-id is URL encoded.
  • expires - Date and time at which the object is no longer cacheable.
  • lastModified - Last modified date of the object in RFC1123 format (e.g., mon,02Jan200615:04:05Mst)
  • metadata - Map of metadata stored with the object in S3
  • objectLockLegalHoldStatus - Indicates whether this object has an active legal hold. This field is only returned if you have permission to view an object's legal hold status.
  • objectLockMode - Object lock retention mode currently in place for this object.
  • objectLockRetainUntilDate - The date and time when this object's object lock will expire.
  • serverSideEncryption - If the object is stored using server-side encryption (KMS or Amazon S3-managed encryption key), this field includes the chosen encryption and algorithm used.
  • sseKmsKeyId - If present, specifies the ID of the Key Management Service (KMS) master encryption key that was used for the object.
  • storageClass - Storage class information of the object. Available for all objects except for standard storage class objects.
  • versionId - Latest version ID of the object returned.
  • websiteRedirectLocation - If the bucket is configured as a website, redirects requests for this object to another object in the same bucket or to an external URL. Amazon S3 stores the value of this header in the object metadata.
  • tags - Map of tags assigned to the object.

-> Note: Terraform ignores all leading /s in the object's key and treats multiple /s in the rest of the object's key as a single /, so values of /indexHtml and indexHtml correspond to the same S3 object as do first//second///third// and first/second/third/.