public MyStack()
{
var bucket = new Aws.S3.Bucket("bucket", new Aws.S3.BucketArgs
{
});
var bucketPolicy = new Aws.S3.BucketPolicy("bucketPolicy", new Aws.S3.BucketPolicyArgs
{
Bucket = bucket.Id,
Policy = @"{
""Version"": ""2012-10-17"",
""Id"": ""MYBUCKETPOLICY"",
""Statement"": [
{
""Sid"": ""IPAllow"",
""Effect"": ""Deny"",
""Principal"": ""*"",
""Action"": ""s3:*"",
""Resource"": ""arn:aws:s3:::my_tf_test_bucket/*"",
""Condition"": {
""IpAddress"": {""aws:SourceIp"": ""8.8.8.8/32""}
}
}
]
}
",
});
}
public MyStack()
{
// Create a bucket and expose a website index document
var siteBucket = new Aws.S3.Bucket("siteBucket", new Aws.S3.BucketArgs
{
Website = new Aws.S3.Inputs.BucketWebsiteArgs
{
IndexDocument = "index.html",
},
});
var siteDir = "www";
// For each file in the directory, create an S3 object stored in `siteBucket`
var files = new List <Aws.S3.BucketObject>();
foreach (var range in Directory.GetFiles(siteDir).Select(Path.GetFileName).Select((v, k) => new { Key = k, Value = v }))
{
files.Add(new Aws.S3.BucketObject($"files-{range.Key}", new Aws.S3.BucketObjectArgs
{
Bucket = siteBucket.Id,
Key = range.Value,
Source = new FileAsset($"{siteDir}/{range.Value}"),
ContentType = range.Value,
}));
}
// set the MIME type of the file
// Set the access policy for the bucket so all objects are readable
var bucketPolicy = new Aws.S3.BucketPolicy("bucketPolicy", new Aws.S3.BucketPolicyArgs
{
Bucket = siteBucket.Id,
Policy = siteBucket.Id.Apply(id => JsonSerializer.Serialize(new Dictionary <string, object?>
{
{ "Version", "2012-10-17" },
{ "Statement", new[]
{
new Dictionary <string, object?>
{
{ "Effect", "Allow" },
{ "Principal", "*" },
{ "Action", new[]
{
"s3:GetObject",
} },
{ "Resource", new[]
{
$"arn:aws:s3:::{id}/*",
} },
},
} },
})),
});
this.BucketName = siteBucket.BucketName;
this.WebsiteUrl = siteBucket.WebsiteEndpoint;
}
public MyStack()
{
var hogeBucket = new Aws.S3.Bucket("hogeBucket", new Aws.S3.BucketArgs
{
Region = "us-east-1",
});
var hogeBucketPolicy = new Aws.S3.BucketPolicy("hogeBucketPolicy", new Aws.S3.BucketPolicyArgs
{
Bucket = hogeBucket.BucketName,
Policy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Sid"": ""SSMBucketPermissionsCheck"",
""Effect"": ""Allow"",
""Principal"": {
""Service"": ""ssm.amazonaws.com""
},
""Action"": ""s3:GetBucketAcl"",
""Resource"": ""arn:aws:s3:::tf-test-bucket-1234""
},
{
""Sid"": "" SSMBucketDelivery"",
""Effect"": ""Allow"",
""Principal"": {
""Service"": ""ssm.amazonaws.com""
},
""Action"": ""s3:PutObject"",
""Resource"": [""arn:aws:s3:::tf-test-bucket-1234/*""],
""Condition"": {
""StringEquals"": {
""s3:x-amz-acl"": ""bucket-owner-full-control""
}
}
}
]
}
",
});
var foo = new Aws.Ssm.ResourceDataSync("foo", new Aws.Ssm.ResourceDataSyncArgs
{
S3Destination = new Aws.Ssm.Inputs.ResourceDataSyncS3DestinationArgs
{
BucketName = hogeBucket.BucketName,
Region = hogeBucket.Region,
},
});
}
public MyStack()
{
var exampleBucket = new Aws.S3.Bucket("exampleBucket", new Aws.S3.BucketArgs
{
});
var acmpcaBucketAccess = Output.Tuple(exampleBucket.Arn, exampleBucket.Arn).Apply(values =>
{
var exampleBucketArn = values.Item1;
var exampleBucketArn1 = values.Item2;
return(Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs
{
Statements =
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs
{
Actions =
{
"s3:GetBucketAcl",
"s3:GetBucketLocation",
"s3:PutObject",
"s3:PutObjectAcl",
},
Principals =
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalArgs
{
Identifiers =
{
"acm-pca.amazonaws.com",
},
Type = "Service",
},
},
Resources =
{
exampleBucketArn,
$"{exampleBucketArn1}/*",
},
},
},
}));
});
var exampleBucketPolicy = new Aws.S3.BucketPolicy("exampleBucketPolicy", new Aws.S3.BucketPolicyArgs
{
Bucket = exampleBucket.Id,
Policy = acmpcaBucketAccess.Apply(acmpcaBucketAccess => acmpcaBucketAccess.Json),
});
var exampleCertificateAuthority = new Aws.Acmpca.CertificateAuthority("exampleCertificateAuthority", new Aws.Acmpca.CertificateAuthorityArgs
{
CertificateAuthorityConfiguration = new Aws.Acmpca.Inputs.CertificateAuthorityCertificateAuthorityConfigurationArgs
{
KeyAlgorithm = "RSA_4096",
SigningAlgorithm = "SHA512WITHRSA",
Subject = new Aws.Acmpca.Inputs.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs
{
CommonName = "example.com",
},
},
RevocationConfiguration = new Aws.Acmpca.Inputs.CertificateAuthorityRevocationConfigurationArgs
{
CrlConfiguration = new Aws.Acmpca.Inputs.CertificateAuthorityRevocationConfigurationCrlConfigurationArgs
{
CustomCname = "crl.example.com",
Enabled = true,
ExpirationInDays = 7,
S3BucketName = exampleBucket.Id,
},
},
}, new CustomResourceOptions
{
DependsOn =
{
"aws_s3_bucket_policy.example",
},
});
}
