Skip to content

Resource: awsS3ControlObjectLambdaAccessPointPolicy

Provides a resource to manage an S3 Object Lambda Access Point resource policy.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsS3BucketExample = new aws.s3Bucket.S3Bucket(this, "example", {
  bucket: "example",
});
const awsS3AccessPointExample = new aws.s3AccessPoint.S3AccessPoint(
  this,
  "example_1",
  {
    bucket: awsS3BucketExample.id,
    name: "example",
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsS3AccessPointExample.overrideLogicalId("example");
const awsS3ControlObjectLambdaAccessPointExample =
  new aws.s3ControlObjectLambdaAccessPoint.S3ControlObjectLambdaAccessPoint(
    this,
    "example_2",
    {
      configuration: {
        supportingAccessPoint: awsS3AccessPointExample.arn,
        transformationConfiguration: [
          {
            actions: ["GetObject"],
            contentTransformation: {
              awsLambda: {
                functionArn: "${aws_lambda_function.example.arn}",
              },
            },
          },
        ],
      },
      name: "example",
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsS3ControlObjectLambdaAccessPointExample.overrideLogicalId("example");
const awsS3ControlObjectLambdaAccessPointPolicyExample =
  new aws.s3ControlObjectLambdaAccessPointPolicy.S3ControlObjectLambdaAccessPointPolicy(
    this,
    "example_3",
    {
      name: awsS3ControlObjectLambdaAccessPointExample.name,
      policy:
        '${jsonencode({\n    Version = "2008-10-17"\n    Statement = [{\n      Effect = "Allow"\n      Action = "s3-object-lambda:GetObject"\n      Principal = {\n        AWS = data.aws_caller_identity.current.account_id\n      }\n      Resource = aws_s3control_object_lambda_access_point.example.arn\n    }]\n  })}',
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsS3ControlObjectLambdaAccessPointPolicyExample.overrideLogicalId("example");

Argument Reference

The following arguments are supported:

  • accountId - (Optional) The AWS account ID for the account that owns the Object Lambda Access Point. Defaults to automatically determined account ID of the Terraform AWS provider.
  • name - (Required) The name of the Object Lambda Access Point.
  • policy - (Required) The Object Lambda Access Point resource policy document.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • hasPublicAccessPolicy - Indicates whether this access point currently has a policy that allows public access.
  • id - The AWS account ID and access point name separated by a colon (:).

Import

Object Lambda Access Point policies can be imported using the accountId and name, separated by a colon (:), e.g.

$ terraform import aws_s3control_object_lambda_access_point_policy.example 123456789012:example