public MyStack() { var bucket = new Aws.S3.Bucket("bucket", new Aws.S3.BucketArgs { }); var bucketPolicy = new Aws.S3.BucketPolicy("bucketPolicy", new Aws.S3.BucketPolicyArgs { Bucket = bucket.Id, Policy = @"{ ""Version"": ""2012-10-17"", ""Id"": ""MYBUCKETPOLICY"", ""Statement"": [ { ""Sid"": ""IPAllow"", ""Effect"": ""Deny"", ""Principal"": ""*"", ""Action"": ""s3:*"", ""Resource"": ""arn:aws:s3:::my_tf_test_bucket/*"", ""Condition"": { ""IpAddress"": {""aws:SourceIp"": ""8.8.8.8/32""} } } ] } ", }); }
public MyStack() { // Create a bucket and expose a website index document var siteBucket = new Aws.S3.Bucket("siteBucket", new Aws.S3.BucketArgs { Website = new Aws.S3.Inputs.BucketWebsiteArgs { IndexDocument = "index.html", }, }); var siteDir = "www"; // For each file in the directory, create an S3 object stored in `siteBucket` var files = new List <Aws.S3.BucketObject>(); foreach (var range in Directory.GetFiles(siteDir).Select(Path.GetFileName).Select((v, k) => new { Key = k, Value = v })) { files.Add(new Aws.S3.BucketObject($"files-{range.Key}", new Aws.S3.BucketObjectArgs { Bucket = siteBucket.Id, Key = range.Value, Source = new FileAsset($"{siteDir}/{range.Value}"), ContentType = range.Value, })); } // set the MIME type of the file // Set the access policy for the bucket so all objects are readable var bucketPolicy = new Aws.S3.BucketPolicy("bucketPolicy", new Aws.S3.BucketPolicyArgs { Bucket = siteBucket.Id, Policy = siteBucket.Id.Apply(id => JsonSerializer.Serialize(new Dictionary <string, object?> { { "Version", "2012-10-17" }, { "Statement", new[] { new Dictionary <string, object?> { { "Effect", "Allow" }, { "Principal", "*" }, { "Action", new[] { "s3:GetObject", } }, { "Resource", new[] { $"arn:aws:s3:::{id}/*", } }, }, } }, })), }); this.BucketName = siteBucket.BucketName; this.WebsiteUrl = siteBucket.WebsiteEndpoint; }
public MyStack() { var hogeBucket = new Aws.S3.Bucket("hogeBucket", new Aws.S3.BucketArgs { Region = "us-east-1", }); var hogeBucketPolicy = new Aws.S3.BucketPolicy("hogeBucketPolicy", new Aws.S3.BucketPolicyArgs { Bucket = hogeBucket.BucketName, Policy = @"{ ""Version"": ""2012-10-17"", ""Statement"": [ { ""Sid"": ""SSMBucketPermissionsCheck"", ""Effect"": ""Allow"", ""Principal"": { ""Service"": ""ssm.amazonaws.com"" }, ""Action"": ""s3:GetBucketAcl"", ""Resource"": ""arn:aws:s3:::tf-test-bucket-1234"" }, { ""Sid"": "" SSMBucketDelivery"", ""Effect"": ""Allow"", ""Principal"": { ""Service"": ""ssm.amazonaws.com"" }, ""Action"": ""s3:PutObject"", ""Resource"": [""arn:aws:s3:::tf-test-bucket-1234/*""], ""Condition"": { ""StringEquals"": { ""s3:x-amz-acl"": ""bucket-owner-full-control"" } } } ] } ", }); var foo = new Aws.Ssm.ResourceDataSync("foo", new Aws.Ssm.ResourceDataSyncArgs { S3Destination = new Aws.Ssm.Inputs.ResourceDataSyncS3DestinationArgs { BucketName = hogeBucket.BucketName, Region = hogeBucket.Region, }, }); }
public MyStack() { var exampleBucket = new Aws.S3.Bucket("exampleBucket", new Aws.S3.BucketArgs { }); var acmpcaBucketAccess = Output.Tuple(exampleBucket.Arn, exampleBucket.Arn).Apply(values => { var exampleBucketArn = values.Item1; var exampleBucketArn1 = values.Item2; return(Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs { Statements = { new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs { Actions = { "s3:GetBucketAcl", "s3:GetBucketLocation", "s3:PutObject", "s3:PutObjectAcl", }, Principals = { new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalArgs { Identifiers = { "acm-pca.amazonaws.com", }, Type = "Service", }, }, Resources = { exampleBucketArn, $"{exampleBucketArn1}/*", }, }, }, })); }); var exampleBucketPolicy = new Aws.S3.BucketPolicy("exampleBucketPolicy", new Aws.S3.BucketPolicyArgs { Bucket = exampleBucket.Id, Policy = acmpcaBucketAccess.Apply(acmpcaBucketAccess => acmpcaBucketAccess.Json), }); var exampleCertificateAuthority = new Aws.Acmpca.CertificateAuthority("exampleCertificateAuthority", new Aws.Acmpca.CertificateAuthorityArgs { CertificateAuthorityConfiguration = new Aws.Acmpca.Inputs.CertificateAuthorityCertificateAuthorityConfigurationArgs { KeyAlgorithm = "RSA_4096", SigningAlgorithm = "SHA512WITHRSA", Subject = new Aws.Acmpca.Inputs.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs { CommonName = "example.com", }, }, RevocationConfiguration = new Aws.Acmpca.Inputs.CertificateAuthorityRevocationConfigurationArgs { CrlConfiguration = new Aws.Acmpca.Inputs.CertificateAuthorityRevocationConfigurationCrlConfigurationArgs { CustomCname = "crl.example.com", Enabled = true, ExpirationInDays = 7, S3BucketName = exampleBucket.Id, }, }, }, new CustomResourceOptions { DependsOn = { "aws_s3_bucket_policy.example", }, }); }