Skip to content

Resource: awsS3ObjectCopy

Provides a resource for copying an S3 object.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.s3ObjectCopy.S3ObjectCopy(this, "test", {
  bucket: "destination_bucket",
  grant: [
    {
      permissions: ["READ"],
      type: "Group",
      uri: "http://acs.amazonaws.com/groups/global/AllUsers",
    },
  ],
  key: "destination_key",
  source: "source_bucket/source_key",
});

Argument Reference

The following arguments are required:

  • bucket - (Required) Name of the bucket to put the file in.
  • key - (Required) Name of the object once it is in the bucket.
  • source - (Required) Specifies the source object for the copy operation. You specify the value in one of two formats. For objects not accessed through an access point, specify the name of the source bucket and the key of the source object, separated by a slash (/). For example, testbucket/test1Json. For objects accessed through access points, specify the ARN of the object as accessed through the access point, in the format arn:aws:s3:<region>:<accountId>:accesspoint/<accessPointName>/object/<key>. For example, arn:aws:s3:usWest2:9999912999:accesspoint/myAccessPoint/object/testbucket/test1Json.

The following arguments are optional:

  • acl - (Optional) Canned ACL to apply. Defaults to private. Valid values are private, publicRead, publicReadWrite, authenticatedRead, awsExecRead, bucketOwnerRead, and bucketOwnerFullControl. Conflicts with grant.
  • cacheControl - (Optional) Specifies caching behavior along the request/reply chain Read w3c cache_control for further details.
  • contentDisposition - (Optional) Specifies presentational information for the object. Read w3c content_disposition for further information.
  • contentEncoding - (Optional) Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field. Read w3c content encoding for further information.
  • contentLanguage - (Optional) Language the content is in e.g., en-US or en-GB.
  • contentType - (Optional) Standard MIME type describing the format of the object data, e.g., application/octetStream. All Valid MIME Types are valid for this input.
  • copyIfMatch - (Optional) Copies the object if its entity tag (ETag) matches the specified tag.
  • copyIfModifiedSince - (Optional) Copies the object if it has been modified since the specified time, in RFC3339 format.
  • copyIfNoneMatch - (Optional) Copies the object if its entity tag (ETag) is different than the specified ETag.
  • copyIfUnmodifiedSince - (Optional) Copies the object if it hasn't been modified since the specified time, in RFC3339 format.
  • customerAlgorithm - (Optional) Specifies the algorithm to use to when encrypting the object (for example, AES256).
  • customerKey - (Optional) Specifies the customer-provided encryption key for Amazon S3 to use in encrypting data. This value is used to store the object and then it is discarded; Amazon S3 does not store the encryption key. The key must be appropriate for use with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm header.
  • customerKeyMd5 - (Optional) Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure that the encryption key was transmitted without error.
  • expectedBucketOwner - (Optional) Account id of the expected destination bucket owner. If the destination bucket is owned by a different account, the request will fail with an HTTP 403 (Access Denied) error.
  • expectedSourceBucketOwner - (Optional) Account id of the expected source bucket owner. If the source bucket is owned by a different account, the request will fail with an HTTP 403 (Access Denied) error.
  • expires - (Optional) Date and time at which the object is no longer cacheable, in RFC3339 format.
  • forceDestroy - (Optional) Allow the object to be deleted by removing any legal hold on any object version. Default is false. This value should be set to true only if the bucket has S3 object lock enabled.
  • grant - (Optional) Configuration block for header grants. Documented below. Conflicts with acl.
  • kmsEncryptionContext - (Optional) Specifies the AWS KMS Encryption Context to use for object encryption. The value is a base64-encoded UTF-8 string holding JSON with the encryption context key-value pairs.
  • kmsKeyId - (Optional) Specifies the AWS KMS Key ARN to use for object encryption. This value is a fully qualified ARN of the KMS Key. If using awsKmsKey, use the exported arn attribute: kmsKeyId =AwsKmsKeyFooArn
  • metadata - (Optional) Map of keys/values to provision metadata (will be automatically prefixed by xAmzMeta, note that only lowercase label are currently supported by the AWS Go API).
  • metadataDirective - (Optional) Specifies whether the metadata is copied from the source object or replaced with metadata provided in the request. Valid values are copy and replace.
  • objectLockLegalHoldStatus - (Optional) The legal hold status that you want to apply to the specified object. Valid values are on and off.
  • objectLockMode - (Optional) Object lock retention mode that you want to apply to this object. Valid values are governance and compliance.
  • objectLockRetainUntilDate - (Optional) Date and time, in RFC3339 format, when this object's object lock will expire.
  • requestPayer - (Optional) Confirms that the requester knows that they will be charged for the request. Bucket owners need not specify this parameter in their requests. For information about downloading objects from requester pays buckets, see Downloading Objects in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) in the Amazon S3 Developer Guide. If included, the only valid value is requester.
  • serverSideEncryption - (Optional) Specifies server-side encryption of the object in S3. Valid values are aes256 and aws:kms.
  • sourceCustomerAlgorithm - (Optional) Specifies the algorithm to use when decrypting the source object (for example, AES256).
  • sourceCustomerKey - (Optional) Specifies the customer-provided encryption key for Amazon S3 to use to decrypt the source object. The encryption key provided in this header must be one that was used when the source object was created.
  • sourceCustomerKeyMd5 - (Optional) Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure that the encryption key was transmitted without error.
  • storageClass - (Optional) Specifies the desired storage class for the object. Defaults to standard.
  • taggingDirective - (Optional) Specifies whether the object tag-set are copied from the source object or replaced with tag-set provided in the request. Valid values are copy and replace.
  • tags - (Optional) Map of tags to assign to the object. If configured with a provider defaultTags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
  • websiteRedirect - (Optional) Specifies a target URL for website redirect.

grant

-> For more information on header grants, see the Amazon Simple Storage Service (S3) API Reference: PutObjectAcl.

This configuration block has the following required arguments:

  • permissions - (Required) List of permissions to grant to grantee. Valid values are read, READ_ACP, WRITE_ACP, FULL_CONTROL.
  • type - (Required) - Type of grantee. Valid values are canonicalUser, group, and amazonCustomerByEmail.

This configuration block has the following optional arguments (one of the three is required):

  • email - (Optional) Email address of the grantee. Used only when type is amazonCustomerByEmail.
  • id - (Optional) Canonical user ID of the grantee. Used only when type is canonicalUser.
  • uri - (Optional) URI of the grantee group. Used only when type is group.

-> Note: Terraform ignores all leading /s in the object's key and treats multiple /s in the rest of the object's key as a single /, so values of /indexHtml and indexHtml correspond to the same S3 object as do first//second///third// and first/second/third/.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • etag - ETag generated for the object (an MD5 sum of the object content). For plaintext objects or objects encrypted with an AWS-managed key, the hash is an MD5 digest of the object data. For objects encrypted with a KMS key or objects created by either the Multipart Upload or Part Copy operation, the hash is not an MD5 digest, regardless of the method of encryption. More information on possible values can be found on Common Response Headers.
  • expiration - If the object expiration is configured, this attribute will be set.
  • id - The key of the resource supplied above.
  • lastModified - Returns the date that the object was last modified, in RFC3339 format.
  • requestCharged - If present, indicates that the requester was successfully charged for the request.
  • sourceVersionId - Version of the copied object in the source bucket.
  • tagsAll - Map of tags assigned to the resource, including those inherited from the provider defaultTags configuration block.
  • versionId - Version ID of the newly created copy.