Resource: awsS3ControlObjectLambdaAccessPointPolicy
Provides a resource to manage an S3 Object Lambda Access Point resource policy.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsS3BucketExample = new aws.s3Bucket.S3Bucket(this, "example", {
bucket: "example",
});
const awsS3AccessPointExample = new aws.s3AccessPoint.S3AccessPoint(
this,
"example_1",
{
bucket: awsS3BucketExample.id,
name: "example",
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsS3AccessPointExample.overrideLogicalId("example");
const awsS3ControlObjectLambdaAccessPointExample =
new aws.s3ControlObjectLambdaAccessPoint.S3ControlObjectLambdaAccessPoint(
this,
"example_2",
{
configuration: {
supportingAccessPoint: awsS3AccessPointExample.arn,
transformationConfiguration: [
{
actions: ["GetObject"],
contentTransformation: {
awsLambda: {
functionArn: "${aws_lambda_function.example.arn}",
},
},
},
],
},
name: "example",
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsS3ControlObjectLambdaAccessPointExample.overrideLogicalId("example");
const awsS3ControlObjectLambdaAccessPointPolicyExample =
new aws.s3ControlObjectLambdaAccessPointPolicy.S3ControlObjectLambdaAccessPointPolicy(
this,
"example_3",
{
name: awsS3ControlObjectLambdaAccessPointExample.name,
policy:
'${jsonencode({\n Version = "2008-10-17"\n Statement = [{\n Effect = "Allow"\n Action = "s3-object-lambda:GetObject"\n Principal = {\n AWS = data.aws_caller_identity.current.account_id\n }\n Resource = aws_s3control_object_lambda_access_point.example.arn\n }]\n })}',
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsS3ControlObjectLambdaAccessPointPolicyExample.overrideLogicalId("example");
Argument Reference
The following arguments are supported:
accountId
- (Optional) The AWS account ID for the account that owns the Object Lambda Access Point. Defaults to automatically determined account ID of the Terraform AWS provider.name
- (Required) The name of the Object Lambda Access Point.policy
- (Required) The Object Lambda Access Point resource policy document.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
hasPublicAccessPolicy
- Indicates whether this access point currently has a policy that allows public access.id
- The AWS account ID and access point name separated by a colon (:
).
Import
Object Lambda Access Point policies can be imported using the accountId
and name
, separated by a colon (:
), e.g.