aws_s3_bucket

account_id

Type: STRING

bucket_arn

Type: STRING

bucket_versioning

Type: STRUCT
Provider name: GetBucketVersioningOutput

  • mfa_delete
    Type: STRING
    Provider name: MFADelete
    Description: Specifies whether MFA delete is enabled in the bucket versioning configuration. This element is only returned if the bucket has been configured with MFA delete. If the bucket has never been so configured, this element is not returned.
  • status
    Type: STRING
    Provider name: Status
    Description: The versioning state of the bucket.

bucket_website

Type: STRUCT
Provider name: GetBucketWebsiteOutput

  • error_document
    Type: STRUCT
    Provider name: ErrorDocument
    Description: The object key name of the website error document to use for 4XX class errors.
    • key
      Type: STRING
      Provider name: Key
      Description: The object key name to use when a 4XX class error occurs. Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see XML related object key constraints.
  • index_document
    Type: STRUCT
    Provider name: IndexDocument
    Description: The name of the index document for the website (for example index.html).
    • suffix
      Type: STRING
      Provider name: Suffix
      Description: A suffix that is appended to a request that is for a directory on the website endpoint (for example,if the suffix is index.html and you make a request to samplebucket/images/ the data that is returned will be for the object with the key name images/index.html) The suffix must not be empty and must not include a slash character. Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see XML related object key constraints.
  • redirect_all_requests_to
    Type: STRUCT
    Provider name: RedirectAllRequestsTo
    Description: Specifies the redirect behavior of all requests to a website endpoint of an Amazon S3 bucket.
    • host_name
      Type: STRING
      Provider name: HostName
      Description: Name of the host where requests are redirected.
    • protocol
      Type: STRING
      Provider name: Protocol
      Description: Protocol to use when redirecting requests. The default is the protocol that is used in the original request.
  • routing_rules
    Type: UNORDERED_LIST_STRUCT
    Provider name: RoutingRules
    Description: Rules that define when a redirect is applied and the redirect behavior.
    • condition
      Type: STRUCT
      Provider name: Condition
      Description: A container for describing a condition that must be met for the specified redirect to apply. For example, 1. If request is for pages in the /docs folder, redirect to the /documents folder. 2. If request results in HTTP error 4xx, redirect request to another host where you might process the error.
      • http_error_code_returned_equals
        Type: STRING
        Provider name: HttpErrorCodeReturnedEquals
        Description: The HTTP error code when the redirect is applied. In the event of an error, if the error code equals this value, then the specified redirect is applied. Required when parent element Condition is specified and sibling KeyPrefixEquals is not specified. If both are specified, then both must be true for the redirect to be applied.
      • key_prefix_equals
        Type: STRING
        Provider name: KeyPrefixEquals
        Description: The object key name prefix when the redirect is applied. For example, to redirect requests for ExamplePage.html, the key prefix will be ExamplePage.html. To redirect request for all pages with the prefix docs/, the key prefix will be /docs, which identifies all objects in the docs/ folder. Required when the parent element Condition is specified and sibling HttpErrorCodeReturnedEquals is not specified. If both conditions are specified, both must be true for the redirect to be applied. Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see XML related object key constraints.
    • redirect
      Type: STRUCT
      Provider name: Redirect
      Description: Container for redirect information. You can redirect requests to another host, to another page, or with another protocol. In the event of an error, you can specify a different error code to return.
      • host_name
        Type: STRING
        Provider name: HostName
        Description: The host name to use in the redirect request.
      • http_redirect_code
        Type: STRING
        Provider name: HttpRedirectCode
        Description: The HTTP redirect code to use on the response. Not required if one of the siblings is present.
      • protocol
        Type: STRING
        Provider name: Protocol
        Description: Protocol to use when redirecting requests. The default is the protocol that is used in the original request.
      • replace_key_prefix_with
        Type: STRING
        Provider name: ReplaceKeyPrefixWith
        Description: The object key prefix to use in the redirect request. For example, to redirect requests for all pages with prefix docs/ (objects in the docs/ folder) to documents/, you can set a condition block with KeyPrefixEquals set to docs/ and in the Redirect set ReplaceKeyPrefixWith to /documents. Not required if one of the siblings is present. Can be present only if ReplaceKeyWith is not provided. Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see XML related object key constraints.
      • replace_key_with
        Type: STRING
        Provider name: ReplaceKeyWith
        Description: The specific object key to use in the redirect request. For example, redirect request to error.html. Not required if one of the siblings is present. Can be present only if ReplaceKeyPrefixWith is not provided. Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see XML related object key constraints.

creation_date

Type: TIMESTAMP
Provider name: CreationDate
Description: Date the bucket was created. This date can change when making changes to your bucket, such as editing its bucket policy.

grants

Type: UNORDERED_LIST_STRUCT
Provider name: Grants
Description: A list of grants.

  • grantee
    Type: STRUCT
    Provider name: Grantee
    Description: The person being granted permissions.
    • display_name
      Type: STRING
      Provider name: DisplayName
      Description: Screen name of the grantee.
    • email_address
      Type: STRING
      Provider name: EmailAddress
      Description: Email address of the grantee. Using email addresses to specify a grantee is only supported in the following Amazon Web Services Regions:
      • US East (N. Virginia)
      • US West (N. California)
      • US West (Oregon)
      • Asia Pacific (Singapore)
      • Asia Pacific (Sydney)
      • Asia Pacific (Tokyo)
      • Europe (Ireland)
      • South America (São Paulo)
      For a list of all the Amazon S3 supported Regions and endpoints, see Regions and Endpoints in the Amazon Web Services General Reference.

    • id
      Type: STRING
      Provider name: ID
      Description: The canonical user ID of the grantee.
    • type
      Type: STRING
      Provider name: Type
      Description: Type of grantee
    • uri
      Type: STRING
      Provider name: URI
      Description: URI of the grantee group.
  • permission
    Type: STRING
    Provider name: Permission
    Description: Specifies the permission given to the grantee.

logging_enabled

Type: STRUCT
Provider name: LoggingEnabled

  • target_bucket
    Type: STRING
    Provider name: TargetBucket
    Description: Specifies the bucket where you want Amazon S3 to store server access logs. You can have your logs delivered to any bucket that you own, including the same bucket that is being logged. You can also configure multiple buckets to deliver their logs to the same target bucket. In this case, you should choose a different TargetPrefix for each source bucket so that the delivered log files can be distinguished by key.
  • target_grants
    Type: UNORDERED_LIST_STRUCT
    Provider name: TargetGrants
    Description: Container for granting information. Buckets that use the bucket owner enforced setting for Object Ownership don’t support target grants. For more information, see Permissions for server access log delivery in the Amazon S3 User Guide.
    • grantee
      Type: STRUCT
      Provider name: Grantee
      Description: Container for the person being granted permissions.
      • display_name
        Type: STRING
        Provider name: DisplayName
        Description: Screen name of the grantee.
      • email_address
        Type: STRING
        Provider name: EmailAddress
        Description: Email address of the grantee. Using email addresses to specify a grantee is only supported in the following Amazon Web Services Regions:
        • US East (N. Virginia)
        • US West (N. California)
        • US West (Oregon)
        • Asia Pacific (Singapore)
        • Asia Pacific (Sydney)
        • Asia Pacific (Tokyo)
        • Europe (Ireland)
        • South America (São Paulo)
        For a list of all the Amazon S3 supported Regions and endpoints, see Regions and Endpoints in the Amazon Web Services General Reference.

      • id
        Type: STRING
        Provider name: ID
        Description: The canonical user ID of the grantee.
      • type
        Type: STRING
        Provider name: Type
        Description: Type of grantee
      • uri
        Type: STRING
        Provider name: URI
        Description: URI of the grantee group.
    • permission
      Type: STRING
      Provider name: Permission
      Description: Logging permissions assigned to the grantee for the bucket.
  • target_prefix
    Type: STRING
    Provider name: TargetPrefix
    Description: A prefix for all log object keys. If you store log files from multiple Amazon S3 buckets in a single bucket, you can use a prefix to distinguish which log files came from which bucket.

name

Type: STRING
Provider name: Name
Description: The name of the bucket.

owner

Type: STRUCT
Provider name: Owner
Description: Container for the bucket owner’s display name and ID.

  • display_name
    Type: STRING
    Provider name: DisplayName
    Description: Container for the display name of the owner.
  • id
    Type: STRING
    Provider name: ID
    Description: Container for the ID of the owner.

policy_status

Type: STRUCT
Provider name: PolicyStatus

  • is_public
    Type: BOOLEAN
    Provider name: IsPublic
    Description: The policy status for this bucket. TRUE indicates that this bucket is public. FALSE indicates that the bucket is not public.

public_access_block_configuration

Type: STRUCT
Provider name: PublicAccessBlockConfiguration

  • block_public_acls
    Type: BOOLEAN
    Provider name: BlockPublicAcls
    Description: Specifies whether Amazon S3 should block public access control lists (ACLs) for this bucket and objects in this bucket. Setting this element to TRUE causes the following behavior:
    • PUT Bucket ACL and PUT Object ACL calls fail if the specified ACL is public.
    • PUT Object calls fail if the request includes a public ACL.
    • PUT Bucket calls fail if the request includes a public ACL.
    Enabling this setting doesn’t affect existing policies or ACLs.
  • block_public_policy
    Type: BOOLEAN
    Provider name: BlockPublicPolicy
    Description: Specifies whether Amazon S3 should block public bucket policies for this bucket. Setting this element to TRUE causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access. Enabling this setting doesn’t affect existing bucket policies.
  • ignore_public_acls
    Type: BOOLEAN
    Provider name: IgnorePublicAcls
    Description: Specifies whether Amazon S3 should ignore public ACLs for this bucket and objects in this bucket. Setting this element to TRUE causes Amazon S3 to ignore all public ACLs on this bucket and objects in this bucket. Enabling this setting doesn’t affect the persistence of any existing ACLs and doesn’t prevent new public ACLs from being set.
  • restrict_public_buckets
    Type: BOOLEAN
    Provider name: RestrictPublicBuckets
    Description: Specifies whether Amazon S3 should restrict public bucket policies for this bucket. Setting this element to TRUE restricts access to this bucket to only Amazon Web Service principals and authorized users within this account if the bucket has a public policy. Enabling this setting doesn’t affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked.

server_side_encryption_configuration

Type: STRUCT
Provider name: ServerSideEncryptionConfiguration

  • rules
    Type: UNORDERED_LIST_STRUCT
    Provider name: Rules
    Description: Container for information about a particular server-side encryption configuration rule.
    • apply_server_side_encryption_by_default
      Type: STRUCT
      Provider name: ApplyServerSideEncryptionByDefault
      Description: Specifies the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn’t specify any server-side encryption, this default encryption will be applied.
      • kms_master_key_id
        Type: STRING
        Provider name: KMSMasterKeyID
        Description: Amazon Web Services Key Management Service (KMS) customer Amazon Web Services KMS key ID to use for the default encryption. This parameter is allowed if and only if SSEAlgorithm is set to aws:kms. You can specify the key ID or the Amazon Resource Name (ARN) of the KMS key. However, if you are using encryption with cross-account or Amazon Web Services service operations you must use a fully qualified KMS key ARN. For more information, see Using encryption for cross-account operations. For example:
        • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
        • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
        Amazon S3 only supports symmetric KMS keys and not asymmetric KMS keys. For more information, see Using symmetric and asymmetric keys in the Amazon Web Services Key Management Service Developer Guide.
      • sse_algorithm
        Type: STRING
        Provider name: SSEAlgorithm
        Description: Server-side encryption algorithm to use for the default encryption.
    • bucket_key_enabled
      Type: BOOLEAN
      Provider name: BucketKeyEnabled
      Description: Specifies whether Amazon S3 should use an S3 Bucket Key with server-side encryption using KMS (SSE-KMS) for new objects in the bucket. Existing objects are not affected. Setting the BucketKeyEnabled element to true causes Amazon S3 to use an S3 Bucket Key. By default, S3 Bucket Key is not enabled. For more information, see Amazon S3 Bucket Keys in the Amazon S3 User Guide.

tags

Type: UNORDERED_LIST_STRING