Resource: awsS3BucketVersioning
Provides a resource for controlling versioning on an S3 bucket. Deleting this resource will either suspend versioning on the associated S3 bucket or simply remove the resource from Terraform state if the associated S3 bucket is unversioned.
For more information, see How S3 versioning works.
\~> NOTE: If you are enabling versioning on the bucket for the first time, AWS recommends that you wait for 15 minutes after enabling versioning before issuing write operations (PUT or DELETE) on objects in the bucket.
Example Usage
With Versioning Enabled
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsS3BucketExample = new aws.s3Bucket.S3Bucket(this, "example", {
bucket: "example-bucket",
});
const awsS3BucketAclExample = new aws.s3BucketAcl.S3BucketAcl(
this,
"example_1",
{
acl: "private",
bucket: awsS3BucketExample.id,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsS3BucketAclExample.overrideLogicalId("example");
new aws.s3BucketVersioning.S3BucketVersioningA(this, "versioning_example", {
bucket: awsS3BucketExample.id,
versioningConfiguration: {
status: "Enabled",
},
});
With Versioning Disabled
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsS3BucketExample = new aws.s3Bucket.S3Bucket(this, "example", {
bucket: "example-bucket",
});
const awsS3BucketAclExample = new aws.s3BucketAcl.S3BucketAcl(
this,
"example_1",
{
acl: "private",
bucket: awsS3BucketExample.id,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsS3BucketAclExample.overrideLogicalId("example");
new aws.s3BucketVersioning.S3BucketVersioningA(this, "versioning_example", {
bucket: awsS3BucketExample.id,
versioningConfiguration: {
status: "Disabled",
},
});
Object Dependency On Versioning
When you create an object whose versionId
you need and an awsS3BucketVersioning
resource in the same configuration, you are more likely to have success by ensuring the s3Object
depends either implicitly (see below) or explicitly (i.e., using dependsOn = [awsS3BucketVersioningExample]
) on the awsS3BucketVersioning
resource.
\~> NOTE: For critical and/or production S3 objects, do not create a bucket, enable versioning, and create an object in the bucket within the same configuration. Doing so will not allow the AWS-recommended 15 minutes between enabling versioning and writing to the bucket.
This example shows the awsS3ObjectExample
depending implicitly on the versioning resource through the reference to awsS3BucketVersioningExampleBucket
to define bucket
:
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsS3BucketExample = new aws.s3Bucket.S3Bucket(this, "example", {
bucket: "yotto",
});
const awsS3BucketVersioningExample =
new aws.s3BucketVersioning.S3BucketVersioningA(this, "example_1", {
bucket: awsS3BucketExample.id,
versioningConfiguration: {
status: "Enabled",
},
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsS3BucketVersioningExample.overrideLogicalId("example");
const awsS3ObjectExample = new aws.s3Object.S3Object(this, "example_2", {
bucket: awsS3BucketVersioningExample.id,
key: "droeloe",
source: "example.txt",
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsS3ObjectExample.overrideLogicalId("example");
Argument Reference
The following arguments are supported:
bucket
- (Required, Forces new resource) Name of the S3 bucket.versioningConfiguration
- (Required) Configuration block for the versioning parameters. See below.expectedBucketOwner
- (Optional, Forces new resource) Account ID of the expected bucket owner.mfa
- (Optional, Required ifversioningConfiguration
mfaDelete
is enabled) Concatenation of the authentication device's serial number, a space, and the value that is displayed on your authentication device.
versioningConfiguration
\~> Note: While the versioningConfigurationStatus
parameter supports disabled
, this value is only intended for creating or importing resources that correspond to unversioned S3 buckets. Updating the value from enabled
or suspended
to disabled
will result in errors as the AWS S3 API does not support returning buckets to an unversioned state.
The versioningConfiguration
configuration block supports the following arguments:
status
- (Required) Versioning state of the bucket. Valid values:enabled
,suspended
, ordisabled
.disabled
should only be used when creating or importing resources that correspond to unversioned S3 buckets.mfaDelete
- (Optional) Specifies whether MFA delete is enabled in the bucket versioning configuration. Valid values:enabled
ordisabled
.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
id
- Thebucket
orbucket
andexpectedBucketOwner
separated by a comma (,
) if the latter is provided.
Import
S3 bucket versioning can be imported in one of two ways.
If the owner (account ID) of the source bucket is the same account used to configure the Terraform AWS Provider, the S3 bucket versioning resource should be imported using the bucket
e.g.,
If the owner (account ID) of the source bucket differs from the account used to configure the Terraform AWS Provider, the S3 bucket versioning resource should be imported using the bucket
and expectedBucketOwner
separated by a comma (,
) e.g.,