Resource: awsS3ControlMultiRegionAccessPoint
Provides a resource to manage an S3 Multi-Region Access Point associated with specified buckets.
Example Usage
Multiple AWS Buckets in Different Regions
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsPrimaryRegion = new aws.provider.AwsProvider(this, "aws", {
alias: "primary_region",
region: "us-east-1",
});
const awsSecondaryRegion = new aws.provider.AwsProvider(this, "aws_1", {
alias: "secondary_region",
region: "us-west-2",
});
const awsS3BucketBarBucket = new aws.s3Bucket.S3Bucket(this, "bar_bucket", {
bucket: "example-bucket-bar",
provider: `\${${awsSecondaryRegion.fqn}}`,
});
const awsS3BucketFooBucket = new aws.s3Bucket.S3Bucket(this, "foo_bucket", {
bucket: "example-bucket-foo",
provider: `\${${awsPrimaryRegion.fqn}}`,
});
new aws.s3ControlMultiRegionAccessPoint.S3ControlMultiRegionAccessPoint(
this,
"example",
{
details: {
name: "example",
region: [
{
bucket: awsS3BucketFooBucket.id,
},
{
bucket: awsS3BucketBarBucket.id,
},
],
},
}
);
Argument Reference
The following arguments are supported:
accountId
- (Optional) The AWS account ID for the owner of the buckets for which you want to create a Multi-Region Access Point. Defaults to automatically determined account ID of the Terraform AWS provider.details
- (Required) A configuration block containing details about the Multi-Region Access Point. See Details Configuration Block below for more details
Timeouts
create
- (Default60M
)delete
- (Default15M
)
Details Configuration
The details
block supports the following:
name
- (Required) The name of the Multi-Region Access Point.publicAccessBlock
- (Optional) Configuration block to manage thepublicAccessBlock
configuration that you want to apply to this Multi-Region Access Point. You can enable the configuration options in any combination. See Public Access Block Configuration below for more details.region
- (Required) The Region configuration block to specify the bucket associated with the Multi-Region Access Point. See Region Configuration below for more details.
For more information, see the documentation on Multi-Region Access Points.
Public Access Block Configuration
The publicAccessBlock
block supports the following:
blockPublicAcls
- (Optional) Whether Amazon S3 should block public ACLs for buckets in this account. Defaults totrue
. Enabling this setting does not affect existing policies or ACLs. When set totrue
causes the following behavior:- PUT Bucket acl and PUT Object acl calls fail if the specified ACL is public.
- PUT Object calls fail if the request includes a public ACL.
- PUT Bucket calls fail if the request includes a public ACL.
blockPublicPolicy
- (Optional) Whether Amazon S3 should block public bucket policies for buckets in this account. Defaults totrue
. Enabling this setting does not affect existing bucket policies. When set totrue
causes Amazon S3 to:- Reject calls to PUT Bucket policy if the specified bucket policy allows public access.
ignorePublicAcls
- (Optional) Whether Amazon S3 should ignore public ACLs for buckets in this account. Defaults totrue
. Enabling this setting does not affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set. When set totrue
causes Amazon S3 to:- Ignore all public ACLs on buckets in this account and any objects that they contain.
restrictPublicBuckets
- (Optional) Whether Amazon S3 should restrict public bucket policies for buckets in this account. Defaults totrue
. Enabling this setting does not affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked. When set totrue
:- Only the bucket owner and AWS Services can access buckets with public policies.
Region Configuration
The region
block supports the following:
bucket
- (Required) The name of the associated bucket for the Region.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
alias
- The alias for the Multi-Region Access Point.arn
- Amazon Resource Name (ARN) of the Multi-Region Access Point.domainName
- The DNS domain name of the S3 Multi-Region Access Point in the formatalias
.accesspoint.s3-global.amazonaws.com. For more information, see the documentation on Multi-Region Access Point Requests.id
- The AWS account ID and access point name separated by a colon (:
).status
- The current status of the Multi-Region Access Point. One of:ready
,INCONSISTENT_ACROSS_REGIONS
,creating
,PARTIALLY_CREATED
,PARTIALLY_DELETED
,deleting
.
Import
Multi-Region Access Points can be imported using the accountId
and name
of the Multi-Region Access Point separated by a colon (:
), e.g.