Resource: awsS3ControlAccessPointPolicy
Provides a resource to manage an S3 Access Point resource policy.
\~> NOTE on Access Points and Access Point Policies: Terraform provides both a standalone Access Point Policy resource and an Access Point resource with a resource policy defined in-line. You cannot use an Access Point with in-line resource policy in conjunction with an Access Point Policy resource. Doing so will cause a conflict of policies and will overwrite the access point's resource policy.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsS3BucketExample = new aws.s3Bucket.S3Bucket(this, "example", {
bucket: "example",
});
const awsS3AccessPointExample = new aws.s3AccessPoint.S3AccessPoint(
this,
"example_1",
{
bucket: awsS3BucketExample.id,
name: "example",
publicAccessBlockConfiguration: {
blockPublicAcls: true,
blockPublicPolicy: false,
ignorePublicAcls: true,
restrictPublicBuckets: false,
},
}
);
awsS3AccessPointExample.addOverride("lifecycle", [
{
ignore_changes: ["${policy}"],
},
]);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsS3AccessPointExample.overrideLogicalId("example");
const awsS3ControlAccessPointPolicyExample =
new aws.s3ControlAccessPointPolicy.S3ControlAccessPointPolicy(
this,
"example_2",
{
accessPointArn: awsS3AccessPointExample.arn,
policy:
'${jsonencode({\n Version = "2008-10-17"\n Statement = [{\n Effect = "Allow"\n Action = "s3:GetObjectTagging"\n Principal = {\n AWS = "*"\n }\n Resource = "${aws_s3_access_point.example.arn}/object/*"\n }]\n })}',
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsS3ControlAccessPointPolicyExample.overrideLogicalId("example");
Argument Reference
The following arguments are supported:
accessPointArn
- (Required) The ARN of the access point that you want to associate with the specified policy.policy
- (Required) The policy that you want to apply to the specified access point.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
hasPublicAccessPolicy
- Indicates whether this access point currently has a policy that allows public access.id
- The AWS account ID and access point name separated by a colon (:
).
Import
Access Point policies can be imported using the accessPointArn
, e.g.