Resource: awsS3BucketAcl
Provides an S3 bucket ACL resource.
\~> Note: terraformDestroy
does not delete the S3 Bucket ACL but does remove the resource from Terraform state.
Example Usage
With ACL
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsS3BucketExample = new aws.s3Bucket.S3Bucket(this, "example", {
bucket: "my-tf-example-bucket",
});
new aws.s3BucketAcl.S3BucketAcl(this, "example_bucket_acl", {
acl: "private",
bucket: awsS3BucketExample.id,
});
With Grants
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsS3BucketExample = new aws.s3Bucket.S3Bucket(this, "example", {
bucket: "my-tf-example-bucket",
});
const dataAwsCanonicalUserIdCurrent =
new aws.dataAwsCanonicalUserId.DataAwsCanonicalUserId(this, "current", {});
const awsS3BucketAclExample = new aws.s3BucketAcl.S3BucketAcl(
this,
"example_2",
{
accessControlPolicy: {
grant: [
{
grantee: {
id: dataAwsCanonicalUserIdCurrent.id,
type: "CanonicalUser",
},
permission: "READ",
},
{
grantee: {
type: "Group",
uri: "http://acs.amazonaws.com/groups/s3/LogDelivery",
},
permission: "READ_ACP",
},
],
owner: {
id: dataAwsCanonicalUserIdCurrent.id,
},
},
bucket: awsS3BucketExample.id,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsS3BucketAclExample.overrideLogicalId("example");
Argument Reference
The following arguments are supported:
acl
- (Optional, Conflicts withaccessControlPolicy
) Canned ACL to apply to the bucket.accessControlPolicy
- (Optional, Conflicts withacl
) Configuration block that sets the ACL permissions for an object per grantee. See below.bucket
- (Required, Forces new resource) Name of the bucket.expectedBucketOwner
- (Optional, Forces new resource) Account ID of the expected bucket owner.
accessControlPolicy
The accessControlPolicy
configuration block supports the following arguments:
grant
- (Required) Set ofgrant
configuration blocks. See below.owner
- (Required) Configuration block of the bucket owner's display name and ID. See below.
grant
The grant
configuration block supports the following arguments:
grantee
- (Required) Configuration block for the person being granted permissions. See below.permission
- (Required) Logging permissions assigned to the grantee for the bucket.
owner
The owner
configuration block supports the following arguments:
id
- (Required) ID of the owner.displayName
- (Optional) Display name of the owner.
grantee
The grantee
configuration block supports the following arguments:
emailAddress
- (Optional) Email address of the grantee. See Regions and Endpoints for supported AWS regions where this argument can be specified.id
- (Optional) Canonical user ID of the grantee.type
- (Required) Type of grantee. Valid values:canonicalUser
,amazonCustomerByEmail
,group
.uri
- (Optional) URI of the grantee group.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
id
- Thebucket
,expectedBucketOwner
(if configured), andacl
(if configured) separated by commas (,
).
Import
S3 bucket ACL can be imported in one of four ways.
If the owner (account ID) of the source bucket is the same account used to configure the Terraform AWS Provider, and the source bucket is not configured with a canned ACL (i.e. predefined grant), the S3 bucket ACL resource should be imported using the bucket
e.g.,
If the owner (account ID) of the source bucket is the same account used to configure the Terraform AWS Provider, and the source bucket is configured with a canned ACL (i.e. predefined grant), the S3 bucket ACL resource should be imported using the bucket
and acl
separated by a comma (,
), e.g.
If the owner (account ID) of the source bucket differs from the account used to configure the Terraform AWS Provider, and the source bucket is not configured with a canned ACL (i.e. predefined grant), the S3 bucket ACL resource should be imported using the bucket
and expectedBucketOwner
separated by a comma (,
) e.g.,
If the owner (account ID) of the source bucket differs from the account used to configure the Terraform AWS Provider, and the source bucket is configured with a canned ACL (i.e. predefined grant), the S3 bucket ACL resource should be imported using the bucket
, expectedBucketOwner
, and acl
separated by commas (,
), e.g.,