Skip to content

Resource: awsS3ControlMultiRegionAccessPoint

Provides a resource to manage an S3 Multi-Region Access Point associated with specified buckets.

Example Usage

Multiple AWS Buckets in Different Regions

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsPrimaryRegion = new aws.provider.AwsProvider(this, "aws", {
  alias: "primary_region",
  region: "us-east-1",
});
const awsSecondaryRegion = new aws.provider.AwsProvider(this, "aws_1", {
  alias: "secondary_region",
  region: "us-west-2",
});
const awsS3BucketBarBucket = new aws.s3Bucket.S3Bucket(this, "bar_bucket", {
  bucket: "example-bucket-bar",
  provider: `\${${awsSecondaryRegion.fqn}}`,
});
const awsS3BucketFooBucket = new aws.s3Bucket.S3Bucket(this, "foo_bucket", {
  bucket: "example-bucket-foo",
  provider: `\${${awsPrimaryRegion.fqn}}`,
});
new aws.s3ControlMultiRegionAccessPoint.S3ControlMultiRegionAccessPoint(
  this,
  "example",
  {
    details: {
      name: "example",
      region: [
        {
          bucket: awsS3BucketFooBucket.id,
        },
        {
          bucket: awsS3BucketBarBucket.id,
        },
      ],
    },
  }
);

Argument Reference

The following arguments are supported:

  • accountId - (Optional) The AWS account ID for the owner of the buckets for which you want to create a Multi-Region Access Point. Defaults to automatically determined account ID of the Terraform AWS provider.
  • details - (Required) A configuration block containing details about the Multi-Region Access Point. See Details Configuration Block below for more details

Timeouts

Configuration options:

  • create - (Default 60M)
  • delete - (Default 15M)

Details Configuration

The details block supports the following:

  • name - (Required) The name of the Multi-Region Access Point.
  • publicAccessBlock - (Optional) Configuration block to manage the publicAccessBlock configuration that you want to apply to this Multi-Region Access Point. You can enable the configuration options in any combination. See Public Access Block Configuration below for more details.
  • region - (Required) The Region configuration block to specify the bucket associated with the Multi-Region Access Point. See Region Configuration below for more details.

For more information, see the documentation on Multi-Region Access Points.

Public Access Block Configuration

The publicAccessBlock block supports the following:

  • blockPublicAcls - (Optional) Whether Amazon S3 should block public ACLs for buckets in this account. Defaults to true. Enabling this setting does not affect existing policies or ACLs. When set to true causes the following behavior:
  • PUT Bucket acl and PUT Object acl calls fail if the specified ACL is public.
  • PUT Object calls fail if the request includes a public ACL.
  • PUT Bucket calls fail if the request includes a public ACL.
  • blockPublicPolicy - (Optional) Whether Amazon S3 should block public bucket policies for buckets in this account. Defaults to true. Enabling this setting does not affect existing bucket policies. When set to true causes Amazon S3 to:
  • Reject calls to PUT Bucket policy if the specified bucket policy allows public access.
  • ignorePublicAcls - (Optional) Whether Amazon S3 should ignore public ACLs for buckets in this account. Defaults to true. Enabling this setting does not affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set. When set to true causes Amazon S3 to:
  • Ignore all public ACLs on buckets in this account and any objects that they contain.
  • restrictPublicBuckets - (Optional) Whether Amazon S3 should restrict public bucket policies for buckets in this account. Defaults to true. Enabling this setting does not affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked. When set to true:
  • Only the bucket owner and AWS Services can access buckets with public policies.

Region Configuration

The region block supports the following:

  • bucket - (Required) The name of the associated bucket for the Region.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • alias - The alias for the Multi-Region Access Point.
  • arn - Amazon Resource Name (ARN) of the Multi-Region Access Point.
  • domainName - The DNS domain name of the S3 Multi-Region Access Point in the format alias.accesspoint.s3-global.amazonaws.com. For more information, see the documentation on Multi-Region Access Point Requests.
  • id - The AWS account ID and access point name separated by a colon (:).
  • status - The current status of the Multi-Region Access Point. One of: ready, INCONSISTENT_ACROSS_REGIONS, creating, PARTIALLY_CREATED, PARTIALLY_DELETED, deleting.

Import

Multi-Region Access Points can be imported using the accountId and name of the Multi-Region Access Point separated by a colon (:), e.g.

$ terraform import aws_s3control_multi_region_access_point.example 123456789012:example