import * as pulumi from "@pulumi/pulumi"; import { input as inputs, output as outputs } from "./types"; /** * Allows management of [Yandex.Cloud Storage Bucket](https://cloud.yandex.com/docs/storage/concepts/bucket). * * > **Note:** Your need to provide [static access key](https://cloud.yandex.com/docs/iam/concepts/authorization/access-key) (Access and Secret) to create storage client to work with Storage Service. To create them you need Service Account and proper permissions. * * ## Example Usage * ### Simple Private Bucket * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as yandex from "@pulumi/yandex"; * * const folderId = ""; * // Create SA * const sa = new yandex.IamServiceAccount("sa", {folderId: folderId}); * // Grant permissions * const sa_editor = new yandex.ResourcemanagerFolderIamMember("sa-editor", { * folderId: folderId, * role: "storage.editor", * member: pulumi.interpolate`serviceAccount:${sa.id}`, * }); * // Create Static Access Keys * const sa_static_key = new yandex.IamServiceAccountStaticAccessKey("sa-static-key", { * serviceAccountId: sa.id, * description: "static access key for object storage", * }); * // Use keys to create bucket * const test = new yandex.StorageBucket("test", { * accessKey: sa_static_key.accessKey, * secretKey: sa_static_key.secretKey, * bucket: "tf-test-bucket", * }); * ``` * ### Static Website Hosting * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as yandex from "@pulumi/yandex"; * * const test = new yandex.StorageBucket("test", { * acl: "public-read", * bucket: "storage-website-test.hashicorp.com", * website: { * errorDocument: "error.html", * indexDocument: "index.html", * routingRules: `[{ * "Condition": { * "KeyPrefixEquals": "docs/" * }, * "Redirect": { * "ReplaceKeyPrefixWith": "documents/" * } * }] * `, * }, * }); * ``` * ### Using ACL policy grants * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as yandex from "@pulumi/yandex"; * * const test = new yandex.StorageBucket("test", { * bucket: "mybucket", * grants: [ * { * id: "myuser", * permissions: ["FULL_CONTROL"], * type: "CanonicalUser", * }, * { * permissions: [ * "READ", * "WRITE", * ], * type: "Group", * uri: "http://acs.amazonaws.com/groups/global/AllUsers", * }, * ], * }); * ``` * ### Using CORS * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as yandex from "@pulumi/yandex"; * * const storageBucket = new yandex.StorageBucket("b", { * acl: "public-read", * bucket: "s3-website-test.hashicorp.com", * corsRules: [{ * allowedHeaders: ["*"], * allowedMethods: [ * "PUT", * "POST", * ], * allowedOrigins: ["https://s3-website-test.hashicorp.com"], * exposeHeaders: ["ETag"], * maxAgeSeconds: 3000, * }], * }); * ``` * ### Using versioning * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as yandex from "@pulumi/yandex"; * * const storageBucket = new yandex.StorageBucket("b", { * acl: "private", * bucket: "my-tf-test-bucket", * versioning: { * enabled: true, * }, * }); * ``` * ### Enable Logging * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as yandex from "@pulumi/yandex"; * * const logBucket = new yandex.StorageBucket("logBucket", {bucket: "my-tf-log-bucket"}); * const storageBucket = new yandex.StorageBucket("storageBucket", { * bucket: "my-tf-test-bucket", * acl: "private", * loggings: [{ * targetBucket: logBucket.id, * targetPrefix: "log/", * }], * }); * ``` * ### Using object lifecycle * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as yandex from "@pulumi/yandex"; * * const bucket = new yandex.StorageBucket("bucket", { * acl: "private", * bucket: "my-bucket", * lifecycleRules: [ * { * enabled: true, * expiration: { * days: 90, * }, * id: "log", * prefix: "log/", * transitions: [{ * days: 30, * storageClass: "COLD", * }], * }, * { * enabled: true, * expiration: { * date: "2020-12-21", * }, * id: "tmp", * prefix: "tmp/", * }, * ], * }); * const versioningBucket = new yandex.StorageBucket("versioning_bucket", { * acl: "private", * bucket: "my-versioning-bucket", * lifecycleRules: [{ * enabled: true, * noncurrentVersionExpiration: { * days: 90, * }, * noncurrentVersionTransitions: [{ * days: 30, * storageClass: "COLD", * }], * prefix: "config/", * }], * versioning: { * enabled: true, * }, * }); * ``` * ### Using SSE * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as yandex from "@pulumi/yandex"; * * const key_a = new yandex.KmsSymmetricKey("key-a", { * description: "description for key", * defaultAlgorithm: "AES_128", * rotationPeriod: "8760h", * }); * // equal to 1 year * const test = new yandex.StorageBucket("test", { * bucket: "mybucket", * serverSideEncryptionConfiguration: { * rule: { * applyServerSideEncryptionByDefault: { * kmsMasterKeyId: key_a.id, * sseAlgorithm: "aws:kms", * }, * }, * }, * }); * ``` * ### Bucket Policy * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as yandex from "@pulumi/yandex"; * * const storageBucket = new yandex.StorageBucket("b", { * bucket: "my-policy-bucket", * policy: `{ * "Version": "2012-10-17", * "Statement": [ * { * "Effect": "Allow", * "Principal": "*", * "Action": "s3:*", * "Resource": [ * "arn:aws:s3:::my-policy-bucket/*", * "arn:aws:s3:::my-policy-bucket" * ] * }, * { * "Effect": "Deny", * "Principal": "*", * "Action": "s3:PutObject", * "Resource": [ * "arn:aws:s3:::my-policy-bucket/*", * "arn:aws:s3:::my-policy-bucket" * ] * } * ] * } * `, * }); * ``` * ### All settings example * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as yandex from "@pulumi/yandex"; * * const logBucket = new yandex.StorageBucket("logBucket", { * bucket: "my-tf-log-bucket", * lifecycleRules: [{ * id: "cleanupoldlogs", * enabled: true, * expiration: { * days: 365, * }, * }], * }); * const key_a = new yandex.KmsSymmetricKey("key-a", { * description: "description for key", * defaultAlgorithm: "AES_128", * rotationPeriod: "8760h", * }); * // equal to 1 year * const allSettings = new yandex.StorageBucket("allSettings", { * bucket: "example-tf-settings-bucket", * website: { * indexDocument: "index.html", * errorDocument: "error.html", * }, * lifecycleRules: [ * { * id: "test", * enabled: true, * prefix: "prefix/", * expiration: { * days: 30, * }, * }, * { * id: "log", * enabled: true, * prefix: "log/", * transitions: [{ * days: 30, * storageClass: "COLD", * }], * expiration: { * days: 90, * }, * }, * { * id: "everything180", * prefix: "", * enabled: true, * expiration: { * days: 180, * }, * }, * { * id: "cleanupoldversions", * prefix: "config/", * enabled: true, * noncurrentVersionTransitions: [{ * days: 30, * storageClass: "COLD", * }], * noncurrentVersionExpiration: { * days: 90, * }, * }, * { * id: "abortmultiparts", * prefix: "", * enabled: true, * abortIncompleteMultipartUploadDays: 7, * }, * ], * corsRules: [{ * allowedHeaders: ["*"], * allowedMethods: [ * "GET", * "PUT", * ], * allowedOrigins: ["https://storage-cloud.example.com"], * exposeHeaders: ["ETag"], * maxAgeSeconds: 3000, * }], * versioning: { * enabled: true, * }, * serverSideEncryptionConfiguration: { * rule: { * applyServerSideEncryptionByDefault: { * kmsMasterKeyId: key_a.id, * sseAlgorithm: "aws:kms", * }, * }, * }, * loggings: [{ * targetBucket: logBucket.id, * targetPrefix: "tf-logs/", * }], * }); * ``` * * ## Import * * Storage bucket can be imported using the `bucket`, e.g. * * ```sh * $ pulumi import yandex:index/storageBucket:StorageBucket bucket bucket-name * ``` * * `false` in state. If you've set it to `true` in config, run `terraform apply` to update the value set in state. If you delete this resource before updating the value, objects in the bucket will not be destroyed. */ export declare class StorageBucket extends pulumi.CustomResource { /** * Get an existing StorageBucket resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: StorageBucketState, opts?: pulumi.CustomResourceOptions): StorageBucket; /** * Returns true if the given object is an instance of StorageBucket. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is StorageBucket; /** * The access key to use when applying changes. If omitted, `storageAccessKey` specified in provider config is used. */ readonly accessKey: pulumi.Output; /** * The [predefined ACL](https://cloud.yandex.com/docs/storage/concepts/acl#predefined_acls) to apply. Defaults to `private`. Conflicts with `grant`. */ readonly acl: pulumi.Output; readonly bucket: pulumi.Output; /** * The bucket domain name. */ readonly bucketDomainName: pulumi.Output; /** * Creates a unique bucket name beginning with the specified prefix. Conflicts with `bucket`. */ readonly bucketPrefix: pulumi.Output; /** * A rule of [Cross-Origin Resource Sharing](https://cloud.yandex.com/docs/storage/cors/) (documented below). */ readonly corsRules: pulumi.Output; /** * A boolean that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are *not* recoverable. */ readonly forceDestroy: pulumi.Output; /** * An [ACL policy grant](https://cloud.yandex.com/docs/storage/concepts/acl#permissions-types). Conflicts with `acl`. */ readonly grants: pulumi.Output; /** * A configuration of [object lifecycle management](https://cloud.yandex.com/docs/storage/concepts/lifecycles) (documented below). */ readonly lifecycleRules: pulumi.Output; /** * A settings of [bucket logging](https://cloud.yandex.com/docs/storage/concepts/server-logs) (documented below). */ readonly loggings: pulumi.Output; readonly policy: pulumi.Output; /** * The secret key to use when applying changes. If omitted, `storageSecretKey` specified in provider config is used. */ readonly secretKey: pulumi.Output; /** * A configuration of server-side encryption for the bucket (documented below) */ readonly serverSideEncryptionConfiguration: pulumi.Output; /** * A state of [versioning](https://cloud.yandex.com/docs/storage/concepts/versioning) (documented below) */ readonly versioning: pulumi.Output; /** * A [website object](https://cloud.yandex.com/docs/storage/concepts/hosting) (documented below). */ readonly website: pulumi.Output; /** * The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. */ readonly websiteDomain: pulumi.Output; /** * The website endpoint, if the bucket is configured with a website. If not, this will be an empty string. */ readonly websiteEndpoint: pulumi.Output; /** * Create a StorageBucket resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args?: StorageBucketArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering StorageBucket resources. */ export interface StorageBucketState { /** * The access key to use when applying changes. If omitted, `storageAccessKey` specified in provider config is used. */ accessKey?: pulumi.Input; /** * The [predefined ACL](https://cloud.yandex.com/docs/storage/concepts/acl#predefined_acls) to apply. Defaults to `private`. Conflicts with `grant`. */ acl?: pulumi.Input; bucket?: pulumi.Input; /** * The bucket domain name. */ bucketDomainName?: pulumi.Input; /** * Creates a unique bucket name beginning with the specified prefix. Conflicts with `bucket`. */ bucketPrefix?: pulumi.Input; /** * A rule of [Cross-Origin Resource Sharing](https://cloud.yandex.com/docs/storage/cors/) (documented below). */ corsRules?: pulumi.Input[]>; /** * A boolean that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are *not* recoverable. */ forceDestroy?: pulumi.Input; /** * An [ACL policy grant](https://cloud.yandex.com/docs/storage/concepts/acl#permissions-types). Conflicts with `acl`. */ grants?: pulumi.Input[]>; /** * A configuration of [object lifecycle management](https://cloud.yandex.com/docs/storage/concepts/lifecycles) (documented below). */ lifecycleRules?: pulumi.Input[]>; /** * A settings of [bucket logging](https://cloud.yandex.com/docs/storage/concepts/server-logs) (documented below). */ loggings?: pulumi.Input[]>; policy?: pulumi.Input; /** * The secret key to use when applying changes. If omitted, `storageSecretKey` specified in provider config is used. */ secretKey?: pulumi.Input; /** * A configuration of server-side encryption for the bucket (documented below) */ serverSideEncryptionConfiguration?: pulumi.Input; /** * A state of [versioning](https://cloud.yandex.com/docs/storage/concepts/versioning) (documented below) */ versioning?: pulumi.Input; /** * A [website object](https://cloud.yandex.com/docs/storage/concepts/hosting) (documented below). */ website?: pulumi.Input; /** * The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. */ websiteDomain?: pulumi.Input; /** * The website endpoint, if the bucket is configured with a website. If not, this will be an empty string. */ websiteEndpoint?: pulumi.Input; } /** * The set of arguments for constructing a StorageBucket resource. */ export interface StorageBucketArgs { /** * The access key to use when applying changes. If omitted, `storageAccessKey` specified in provider config is used. */ accessKey?: pulumi.Input; /** * The [predefined ACL](https://cloud.yandex.com/docs/storage/concepts/acl#predefined_acls) to apply. Defaults to `private`. Conflicts with `grant`. */ acl?: pulumi.Input; bucket?: pulumi.Input; /** * Creates a unique bucket name beginning with the specified prefix. Conflicts with `bucket`. */ bucketPrefix?: pulumi.Input; /** * A rule of [Cross-Origin Resource Sharing](https://cloud.yandex.com/docs/storage/cors/) (documented below). */ corsRules?: pulumi.Input[]>; /** * A boolean that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are *not* recoverable. */ forceDestroy?: pulumi.Input; /** * An [ACL policy grant](https://cloud.yandex.com/docs/storage/concepts/acl#permissions-types). Conflicts with `acl`. */ grants?: pulumi.Input[]>; /** * A configuration of [object lifecycle management](https://cloud.yandex.com/docs/storage/concepts/lifecycles) (documented below). */ lifecycleRules?: pulumi.Input[]>; /** * A settings of [bucket logging](https://cloud.yandex.com/docs/storage/concepts/server-logs) (documented below). */ loggings?: pulumi.Input[]>; policy?: pulumi.Input; /** * The secret key to use when applying changes. If omitted, `storageSecretKey` specified in provider config is used. */ secretKey?: pulumi.Input; /** * A configuration of server-side encryption for the bucket (documented below) */ serverSideEncryptionConfiguration?: pulumi.Input; /** * A state of [versioning](https://cloud.yandex.com/docs/storage/concepts/versioning) (documented below) */ versioning?: pulumi.Input; /** * A [website object](https://cloud.yandex.com/docs/storage/concepts/hosting) (documented below). */ website?: pulumi.Input; /** * The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. */ websiteDomain?: pulumi.Input; /** * The website endpoint, if the bucket is configured with a website. If not, this will be an empty string. */ websiteEndpoint?: pulumi.Input; }