Resource: awsS3BucketPolicy
Attaches a policy to an S3 bucket resource.
Example Usage
Basic Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsS3BucketExample = new aws.s3Bucket.S3Bucket(this, "example", {
bucket: "my-tf-test-bucket",
});
const dataAwsIamPolicyDocumentAllowAccessFromAnotherAccount =
new aws.dataAwsIamPolicyDocument.DataAwsIamPolicyDocument(
this,
"allow_access_from_another_account",
{
statement: [
{
actions: ["s3:GetObject", "s3:ListBucket"],
principals: [
{
identifiers: ["123456789012"],
type: "AWS",
},
],
resources: [
awsS3BucketExample.arn,
`\${${awsS3BucketExample.arn}}/*`,
],
},
],
}
);
const awsS3BucketPolicyAllowAccessFromAnotherAccount =
new aws.s3BucketPolicy.S3BucketPolicy(
this,
"allow_access_from_another_account_2",
{
bucket: awsS3BucketExample.id,
policy: dataAwsIamPolicyDocumentAllowAccessFromAnotherAccount.json,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsS3BucketPolicyAllowAccessFromAnotherAccount.overrideLogicalId(
"allow_access_from_another_account"
);
Argument Reference
The following arguments are supported:
bucket
- (Required) Name of the bucket to which to apply the policy.policy
- (Required) Text of the policy. Although this is a bucket policy rather than an IAM policy, theawsIamPolicyDocument
data source may be used, so long as it specifies a principal. For more information about building AWS IAM policy documents with Terraform, see the AWS IAM Policy Document Guide. Note: Bucket policies are limited to 20 KB in size.
Attributes Reference
No additional attributes are exported.
Import
S3 bucket policies can be imported using the bucket name, e.g.,