aws_s3_bucket
account_id
Type: STRING
bucket_arn
Type: STRING
bucket_versioning
Type: STRUCT
Provider name: GetBucketVersioningOutput
mfa_delete
Type: STRING
Provider name: MFADelete
Description: Specifies whether MFA delete is enabled in the bucket versioning configuration. This element is only returned if the bucket has been configured with MFA delete. If the bucket has never been so configured, this element is not returned.
status
Type: STRING
Provider name: Status
Description: The versioning state of the bucket.
bucket_website
Type: STRUCT
Provider name: GetBucketWebsiteOutput
error_document
Type: STRUCT
Provider name: ErrorDocument
Description: The object key name of the website error document to use for 4XX class errors.
key
Type: STRING
Provider name: Key
Description: The object key name to use when a 4XX class error occurs. Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see XML related object key constraints.
index_document
Type: STRUCT
Provider name: IndexDocument
Description: The name of the index document for the website (for example index.html
).
suffix
Type: STRING
Provider name: Suffix
Description: A suffix that is appended to a request that is for a directory on the website endpoint (for example,if the suffix is index.html and you make a request to samplebucket/images/ the data that is returned will be for the object with the key name images/index.html) The suffix must not be empty and must not include a slash character. Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see XML related object key constraints.
redirect_all_requests_to
Type: STRUCT
Provider name: RedirectAllRequestsTo
Description: Specifies the redirect behavior of all requests to a website endpoint of an Amazon S3 bucket.
host_name
Type: STRING
Provider name: HostName
Description: Name of the host where requests are redirected.
protocol
Type: STRING
Provider name: Protocol
Description: Protocol to use when redirecting requests. The default is the protocol that is used in the original request.
routing_rules
Type: UNORDERED_LIST_STRUCT
Provider name: RoutingRules
Description: Rules that define when a redirect is applied and the redirect behavior.
condition
Type: STRUCT
Provider name: Condition
Description: A container for describing a condition that must be met for the specified redirect to apply. For example, 1. If request is for pages in the /docs
folder, redirect to the /documents
folder. 2. If request results in HTTP error 4xx, redirect request to another host where you might process the error.
http_error_code_returned_equals
Type: STRING
Provider name: HttpErrorCodeReturnedEquals
Description: The HTTP error code when the redirect is applied. In the event of an error, if the error code equals this value, then the specified redirect is applied. Required when parent element Condition
is specified and sibling KeyPrefixEquals
is not specified. If both are specified, then both must be true for the redirect to be applied.
key_prefix_equals
Type: STRING
Provider name: KeyPrefixEquals
Description: The object key name prefix when the redirect is applied. For example, to redirect requests for ExamplePage.html
, the key prefix will be ExamplePage.html
. To redirect request for all pages with the prefix docs/
, the key prefix will be /docs
, which identifies all objects in the docs/
folder. Required when the parent element Condition
is specified and sibling HttpErrorCodeReturnedEquals
is not specified. If both conditions are specified, both must be true for the redirect to be applied. Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see XML related object key constraints.
redirect
Type: STRUCT
Provider name: Redirect
Description: Container for redirect information. You can redirect requests to another host, to another page, or with another protocol. In the event of an error, you can specify a different error code to return.
host_name
Type: STRING
Provider name: HostName
Description: The host name to use in the redirect request.
http_redirect_code
Type: STRING
Provider name: HttpRedirectCode
Description: The HTTP redirect code to use on the response. Not required if one of the siblings is present.
protocol
Type: STRING
Provider name: Protocol
Description: Protocol to use when redirecting requests. The default is the protocol that is used in the original request.
replace_key_prefix_with
Type: STRING
Provider name: ReplaceKeyPrefixWith
Description: The object key prefix to use in the redirect request. For example, to redirect requests for all pages with prefix docs/
(objects in the docs/
folder) to documents/
, you can set a condition block with KeyPrefixEquals
set to docs/
and in the Redirect set ReplaceKeyPrefixWith
to /documents
. Not required if one of the siblings is present. Can be present only if ReplaceKeyWith
is not provided. Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see XML related object key constraints.
replace_key_with
Type: STRING
Provider name: ReplaceKeyWith
Description: The specific object key to use in the redirect request. For example, redirect request to error.html
. Not required if one of the siblings is present. Can be present only if ReplaceKeyPrefixWith
is not provided. Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see XML related object key constraints.
creation_date
Type: TIMESTAMP
Provider name: CreationDate
Description: Date the bucket was created. This date can change when making changes to your bucket, such as editing its bucket policy.
grants
Type: UNORDERED_LIST_STRUCT
Provider name: Grants
Description: A list of grants.
grantee
Type: STRUCT
Provider name: Grantee
Description: The person being granted permissions.
display_name
Type: STRING
Provider name: DisplayName
Description: Screen name of the grantee.
email_address
Type: STRING
Provider name: EmailAddress
Description: Email address of the grantee. Using email addresses to specify a grantee is only supported in the following Amazon Web Services Regions:- US East (N. Virginia)
- US West (N. California)
- US West (Oregon)
- Asia Pacific (Singapore)
- Asia Pacific (Sydney)
- Asia Pacific (Tokyo)
- Europe (Ireland)
- South America (São Paulo)
For a list of all the Amazon S3 supported Regions and endpoints, see Regions and Endpoints in the Amazon Web Services General Reference.
id
Type: STRING
Provider name: ID
Description: The canonical user ID of the grantee.
type
Type: STRING
Provider name: Type
Description: Type of grantee
uri
Type: STRING
Provider name: URI
Description: URI of the grantee group.
permission
Type: STRING
Provider name: Permission
Description: Specifies the permission given to the grantee.
logging_enabled
Type: STRUCT
Provider name: LoggingEnabled
target_bucket
Type: STRING
Provider name: TargetBucket
Description: Specifies the bucket where you want Amazon S3 to store server access logs. You can have your logs delivered to any bucket that you own, including the same bucket that is being logged. You can also configure multiple buckets to deliver their logs to the same target bucket. In this case, you should choose a different TargetPrefix
for each source bucket so that the delivered log files can be distinguished by key.
target_grants
Type: UNORDERED_LIST_STRUCT
Provider name: TargetGrants
Description: Container for granting information. Buckets that use the bucket owner enforced setting for Object Ownership don’t support target grants. For more information, see Permissions for server access log delivery in the Amazon S3 User Guide.
grantee
Type: STRUCT
Provider name: Grantee
Description: Container for the person being granted permissions.
display_name
Type: STRING
Provider name: DisplayName
Description: Screen name of the grantee.
email_address
Type: STRING
Provider name: EmailAddress
Description: Email address of the grantee. Using email addresses to specify a grantee is only supported in the following Amazon Web Services Regions:- US East (N. Virginia)
- US West (N. California)
- US West (Oregon)
- Asia Pacific (Singapore)
- Asia Pacific (Sydney)
- Asia Pacific (Tokyo)
- Europe (Ireland)
- South America (São Paulo)
For a list of all the Amazon S3 supported Regions and endpoints, see Regions and Endpoints in the Amazon Web Services General Reference.
id
Type: STRING
Provider name: ID
Description: The canonical user ID of the grantee.
type
Type: STRING
Provider name: Type
Description: Type of grantee
uri
Type: STRING
Provider name: URI
Description: URI of the grantee group.
permission
Type: STRING
Provider name: Permission
Description: Logging permissions assigned to the grantee for the bucket.
target_prefix
Type: STRING
Provider name: TargetPrefix
Description: A prefix for all log object keys. If you store log files from multiple Amazon S3 buckets in a single bucket, you can use a prefix to distinguish which log files came from which bucket.
name
Type: STRING
Provider name: Name
Description: The name of the bucket.
owner
Type: STRUCT
Provider name: Owner
Description: Container for the bucket owner’s display name and ID.
display_name
Type: STRING
Provider name: DisplayName
Description: Container for the display name of the owner.
id
Type: STRING
Provider name: ID
Description: Container for the ID of the owner.
policy_status
Type: STRUCT
Provider name: PolicyStatus
is_public
Type: BOOLEAN
Provider name: IsPublic
Description: The policy status for this bucket. TRUE
indicates that this bucket is public. FALSE
indicates that the bucket is not public.
public_access_block_configuration
Type: STRUCT
Provider name: PublicAccessBlockConfiguration
block_public_acls
Type: BOOLEAN
Provider name: BlockPublicAcls
Description: Specifies whether Amazon S3 should block public access control lists (ACLs) for this bucket and objects in this bucket. Setting this element to TRUE
causes the following behavior:- PUT Bucket ACL and PUT Object ACL calls fail if the specified ACL is public.
- PUT Object calls fail if the request includes a public ACL.
- PUT Bucket calls fail if the request includes a public ACL.
Enabling this setting doesn’t affect existing policies or ACLs.
block_public_policy
Type: BOOLEAN
Provider name: BlockPublicPolicy
Description: Specifies whether Amazon S3 should block public bucket policies for this bucket. Setting this element to TRUE
causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access. Enabling this setting doesn’t affect existing bucket policies.
ignore_public_acls
Type: BOOLEAN
Provider name: IgnorePublicAcls
Description: Specifies whether Amazon S3 should ignore public ACLs for this bucket and objects in this bucket. Setting this element to TRUE
causes Amazon S3 to ignore all public ACLs on this bucket and objects in this bucket. Enabling this setting doesn’t affect the persistence of any existing ACLs and doesn’t prevent new public ACLs from being set.
restrict_public_buckets
Type: BOOLEAN
Provider name: RestrictPublicBuckets
Description: Specifies whether Amazon S3 should restrict public bucket policies for this bucket. Setting this element to TRUE
restricts access to this bucket to only Amazon Web Service principals and authorized users within this account if the bucket has a public policy. Enabling this setting doesn’t affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked.
server_side_encryption_configuration
Type: STRUCT
Provider name: ServerSideEncryptionConfiguration
rules
Type: UNORDERED_LIST_STRUCT
Provider name: Rules
Description: Container for information about a particular server-side encryption configuration rule.
apply_server_side_encryption_by_default
Type: STRUCT
Provider name: ApplyServerSideEncryptionByDefault
Description: Specifies the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn’t specify any server-side encryption, this default encryption will be applied.
kms_master_key_id
Type: STRING
Provider name: KMSMasterKeyID
Description: Amazon Web Services Key Management Service (KMS) customer Amazon Web Services KMS key ID to use for the default encryption. This parameter is allowed if and only if SSEAlgorithm
is set to aws:kms
. You can specify the key ID or the Amazon Resource Name (ARN) of the KMS key. However, if you are using encryption with cross-account or Amazon Web Services service operations you must use a fully qualified KMS key ARN. For more information, see Using encryption for cross-account operations. For example:- Key ID:
1234abcd-12ab-34cd-56ef-1234567890ab
- Key ARN:
arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
Amazon S3 only supports symmetric KMS keys and not asymmetric KMS keys. For more information, see Using symmetric and asymmetric keys in the Amazon Web Services Key Management Service Developer Guide.
sse_algorithm
Type: STRING
Provider name: SSEAlgorithm
Description: Server-side encryption algorithm to use for the default encryption.
bucket_key_enabled
Type: BOOLEAN
Provider name: BucketKeyEnabled
Description: Specifies whether Amazon S3 should use an S3 Bucket Key with server-side encryption using KMS (SSE-KMS) for new objects in the bucket. Existing objects are not affected. Setting the BucketKeyEnabled
element to true
causes Amazon S3 to use an S3 Bucket Key. By default, S3 Bucket Key is not enabled. For more information, see Amazon S3 Bucket Keys in the Amazon S3 User Guide.
Type: UNORDERED_LIST_STRING