Skip to content

Resource: awsSsmResourceDataSync

Provides a SSM resource data sync.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsS3BucketHoge = new aws.s3Bucket.S3Bucket(this, "hoge", {
  bucket: "tf-test-bucket-1234",
});
new aws.ssmResourceDataSync.SsmResourceDataSync(this, "foo", {
  name: "foo",
  s3Destination: {
    bucketName: awsS3BucketHoge.bucket,
    region: awsS3BucketHoge.region,
  },
});
const dataAwsIamPolicyDocumentHoge =
  new aws.dataAwsIamPolicyDocument.DataAwsIamPolicyDocument(this, "hoge_2", {
    statement: [
      {
        actions: ["s3:GetBucketAcl"],
        effect: "Allow",
        principals: [
          {
            identifiers: ["ssm.amazonaws.com"],
            type: "Service",
          },
        ],
        resources: ["arn:aws:s3:::tf-test-bucket-1234"],
        sid: "SSMBucketPermissionsCheck",
      },
      {
        actions: ["s3:PutObject"],
        condition: [
          {
            test: "StringEquals",
            values: ["bucket-owner-full-control"],
            variable: "s3:x-amz-acl",
          },
        ],
        effect: "Allow",
        principals: [
          {
            identifiers: ["ssm.amazonaws.com"],
            type: "Service",
          },
        ],
        resources: ["arn:aws:s3:::tf-test-bucket-1234/*"],
        sid: "SSMBucketDelivery",
      },
    ],
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
dataAwsIamPolicyDocumentHoge.overrideLogicalId("hoge");
const awsS3BucketPolicyHoge = new aws.s3BucketPolicy.S3BucketPolicy(
  this,
  "hoge_3",
  {
    bucket: awsS3BucketHoge.id,
    policy: dataAwsIamPolicyDocumentHoge.json,
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsS3BucketPolicyHoge.overrideLogicalId("hoge");

Argument Reference

The following arguments are supported:

  • name - (Required) Name for the configuration.
  • s3Destination - (Required) Amazon S3 configuration details for the sync.

s3Destination

s3Destination supports the following:

  • bucketName - (Required) Name of S3 bucket where the aggregated data is stored.
  • region - (Required) Region with the bucket targeted by the Resource Data Sync.
  • kmsKeyArn - (Optional) ARN of an encryption key for a destination in Amazon S3.
  • prefix - (Optional) Prefix for the bucket.
  • syncFormat - (Optional) A supported sync format. Only JsonSerDe is currently supported. Defaults to JsonSerDe.

Attributes Reference

No additional attributes are exported.

Import

SSM resource data sync can be imported using the name, e.g.,

$ terraform import aws_ssm_resource_data_sync.example example-name