Docs
PackagesScaleway v1.14.0 published on Thursday, Jun 6, 2024 by pulumiverse
scaleway.ObjectBucketPolicy
Explore with Pulumi AI
Creates and manages Scaleway object storage bucket policy. For more information, see the documentation.
Example Usage
Example Usage with an IAM user
import * as pulumi from "@pulumi/pulumi";
import * as scaleway from "@pulumi/scaleway";
import * as scaleway from "@pulumiverse/scaleway";
const default = scaleway.getAccountProject({
name: "default",
});
const user = scaleway.getIamUser({
email: "user@scaleway.com",
});
const policyIamPolicy = new scaleway.IamPolicy("policyIamPolicy", {
userId: user.then(user => user.id),
rules: [{
projectIds: [_default.then(_default => _default.id)],
permissionSetNames: ["ObjectStorageFullAccess"],
}],
});
// Object storage configuration
const bucket = new scaleway.ObjectBucket("bucket", {});
const policyObjectBucketPolicy = new scaleway.ObjectBucketPolicy("policyObjectBucketPolicy", {
bucket: bucket.name,
policy: pulumi.jsonStringify({
Version: "2023-04-17",
Id: "MyBucketPolicy",
Statement: [{
Effect: "Allow",
Action: ["s3:*"],
Principal: {
SCW: user.then(user => `user_id:${user.id}`),
},
Resource: [
bucket.name,
pulumi.interpolate`${bucket.name}/*`,
],
}],
}),
});
import pulumi
import json
import pulumi_scaleway as scaleway
import pulumiverse_scaleway as scaleway
default = scaleway.get_account_project(name="default")
user = scaleway.get_iam_user(email="user@scaleway.com")
policy_iam_policy = scaleway.IamPolicy("policyIamPolicy",
user_id=user.id,
rules=[scaleway.IamPolicyRuleArgs(
project_ids=[default.id],
permission_set_names=["ObjectStorageFullAccess"],
)])
# Object storage configuration
bucket = scaleway.ObjectBucket("bucket")
policy_object_bucket_policy = scaleway.ObjectBucketPolicy("policyObjectBucketPolicy",
bucket=bucket.name,
policy=pulumi.Output.json_dumps({
"Version": "2023-04-17",
"Id": "MyBucketPolicy",
"Statement": [{
"Effect": "Allow",
"Action": ["s3:*"],
"Principal": {
"SCW": f"user_id:{user.id}",
},
"Resource": [
bucket.name,
bucket.name.apply(lambda name: f"{name}/*"),
],
}],
}))
package main
import (
"encoding/json"
"fmt"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumiverse/pulumi-scaleway/sdk/go/scaleway"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_default, err := scaleway.LookupAccountProject(ctx, &scaleway.LookupAccountProjectArgs{
Name: pulumi.StringRef("default"),
}, nil)
if err != nil {
return err
}
user, err := scaleway.LookupIamUser(ctx, &scaleway.LookupIamUserArgs{
Email: pulumi.StringRef("user@scaleway.com"),
}, nil)
if err != nil {
return err
}
_, err = scaleway.NewIamPolicy(ctx, "policyIamPolicy", &scaleway.IamPolicyArgs{
UserId: pulumi.String(user.Id),
Rules: scaleway.IamPolicyRuleArray{
&scaleway.IamPolicyRuleArgs{
ProjectIds: pulumi.StringArray{
pulumi.String(_default.Id),
},
PermissionSetNames: pulumi.StringArray{
pulumi.String("ObjectStorageFullAccess"),
},
},
},
})
if err != nil {
return err
}
// Object storage configuration
bucket, err := scaleway.NewObjectBucket(ctx, "bucket", nil)
if err != nil {
return err
}
_, err = scaleway.NewObjectBucketPolicy(ctx, "policyObjectBucketPolicy", &scaleway.ObjectBucketPolicyArgs{
Bucket: bucket.Name,
Policy: pulumi.All(bucket.Name, bucket.Name).ApplyT(func(_args []interface{}) (string, error) {
bucketName := _args[0].(string)
bucketName1 := _args[1].(string)
var _zero string
tmpJSON0, err := json.Marshal(map[string]interface{}{
"Version": "2023-04-17",
"Id": "MyBucketPolicy",
"Statement": []map[string]interface{}{
map[string]interface{}{
"Effect": "Allow",
"Action": []string{
"s3:*",
},
"Principal": map[string]interface{}{
"SCW": fmt.Sprintf("user_id:%v", user.Id),
},
"Resource": []string{
bucketName,
fmt.Sprintf("%v/*", bucketName1),
},
},
},
})
if err != nil {
return _zero, err
}
json0 := string(tmpJSON0)
return json0, nil
}).(pulumi.StringOutput),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Scaleway = Pulumi.Scaleway;
using Scaleway = Pulumiverse.Scaleway;
return await Deployment.RunAsync(() =>
{
var @default = Scaleway.GetAccountProject.Invoke(new()
{
Name = "default",
});
var user = Scaleway.GetIamUser.Invoke(new()
{
Email = "user@scaleway.com",
});
var policyIamPolicy = new Scaleway.IamPolicy("policyIamPolicy", new()
{
UserId = user.Apply(getIamUserResult => getIamUserResult.Id),
Rules = new[]
{
new Scaleway.Inputs.IamPolicyRuleArgs
{
ProjectIds = new[]
{
@default.Apply(@default => @default.Apply(getAccountProjectResult => getAccountProjectResult.Id)),
},
PermissionSetNames = new[]
{
"ObjectStorageFullAccess",
},
},
},
});
// Object storage configuration
var bucket = new Scaleway.ObjectBucket("bucket");
var policyObjectBucketPolicy = new Scaleway.ObjectBucketPolicy("policyObjectBucketPolicy", new()
{
Bucket = bucket.Name,
Policy = Output.JsonSerialize(Output.Create(new Dictionary<string, object?>
{
["Version"] = "2023-04-17",
["Id"] = "MyBucketPolicy",
["Statement"] = new[]
{
new Dictionary<string, object?>
{
["Effect"] = "Allow",
["Action"] = new[]
{
"s3:*",
},
["Principal"] = new Dictionary<string, object?>
{
["SCW"] = $"user_id:{user.Apply(getIamUserResult => getIamUserResult.Id)}",
},
["Resource"] = new[]
{
bucket.Name,
bucket.Name.Apply(name => $"{name}/*"),
},
},
},
})),
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.scaleway.ScalewayFunctions;
import com.pulumi.scaleway.inputs.GetAccountProjectArgs;
import com.pulumi.scaleway.inputs.GetIamUserArgs;
import com.pulumi.scaleway.IamPolicy;
import com.pulumi.scaleway.IamPolicyArgs;
import com.pulumi.scaleway.inputs.IamPolicyRuleArgs;
import com.pulumi.scaleway.ObjectBucket;
import com.pulumi.scaleway.ObjectBucketPolicy;
import com.pulumi.scaleway.ObjectBucketPolicyArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var default = ScalewayFunctions.getAccountProject(GetAccountProjectArgs.builder()
.name("default")
.build());
final var user = ScalewayFunctions.getIamUser(GetIamUserArgs.builder()
.email("user@scaleway.com")
.build());
var policyIamPolicy = new IamPolicy("policyIamPolicy", IamPolicyArgs.builder()
.userId(user.applyValue(getIamUserResult -> getIamUserResult.id()))
.rules(IamPolicyRuleArgs.builder()
.projectIds(default_.id())
.permissionSetNames("ObjectStorageFullAccess")
.build())
.build());
// Object storage configuration
var bucket = new ObjectBucket("bucket");
var policyObjectBucketPolicy = new ObjectBucketPolicy("policyObjectBucketPolicy", ObjectBucketPolicyArgs.builder()
.bucket(bucket.name())
.policy(Output.tuple(bucket.name(), bucket.name()).applyValue(values -> {
var bucketName = values.t1;
var bucketName1 = values.t2;
return serializeJson(
jsonObject(
jsonProperty("Version", "2023-04-17"),
jsonProperty("Id", "MyBucketPolicy"),
jsonProperty("Statement", jsonArray(jsonObject(
jsonProperty("Effect", "Allow"),
jsonProperty("Action", jsonArray("s3:*")),
jsonProperty("Principal", jsonObject(
jsonProperty("SCW", String.format("user_id:%s", user.applyValue(getIamUserResult -> getIamUserResult.id())))
)),
jsonProperty("Resource", jsonArray(
bucketName,
String.format("%s/*", bucketName1)
))
)))
));
}))
.build());
}
}
resources:
policyIamPolicy:
type: scaleway:IamPolicy
properties:
userId: ${user.id}
rules:
- projectIds:
- ${default.id}
permissionSetNames:
- ObjectStorageFullAccess
# Object storage configuration
bucket:
type: scaleway:ObjectBucket
policyObjectBucketPolicy:
type: scaleway:ObjectBucketPolicy
properties:
bucket: ${bucket.name}
policy:
fn::toJSON:
Version: 2023-04-17
Id: MyBucketPolicy
Statement:
- Effect: Allow
Action:
- s3:*
Principal:
SCW: user_id:${user.id}
Resource:
- ${bucket.name}
- ${bucket.name}/*
variables:
default:
fn::invoke:
Function: scaleway:getAccountProject
Arguments:
name: default
user:
fn::invoke:
Function: scaleway:getIamUser
Arguments:
email: user@scaleway.com
Example with an IAM application
Creating a bucket and delegating read access to an application
import * as pulumi from "@pulumi/pulumi";
import * as scaleway from "@pulumi/scaleway";
import * as scaleway from "@pulumiverse/scaleway";
const default = scaleway.getAccountProject({
name: "default",
});
// IAM configuration
const reading_app = new scaleway.IamApplication("reading-app", {});
const policyIamPolicy = new scaleway.IamPolicy("policyIamPolicy", {
applicationId: reading_app.id,
rules: [{
projectIds: [_default.then(_default => _default.id)],
permissionSetNames: ["ObjectStorageBucketsRead"],
}],
});
// Object storage configuration
const bucket = new scaleway.ObjectBucket("bucket", {});
const policyObjectBucketPolicy = new scaleway.ObjectBucketPolicy("policyObjectBucketPolicy", {
bucket: bucket.id,
policy: pulumi.jsonStringify({
Version: "2023-04-17",
Statement: [{
Sid: "Delegate read access",
Effect: "Allow",
Principal: {
SCW: pulumi.interpolate`application_id:${reading_app.id}`,
},
Action: [
"s3:ListBucket",
"s3:GetObject",
],
Resource: [
bucket.name,
pulumi.interpolate`${bucket.name}/*`,
],
}],
}),
});
import pulumi
import json
import pulumi_scaleway as scaleway
import pulumiverse_scaleway as scaleway
default = scaleway.get_account_project(name="default")
# IAM configuration
reading_app = scaleway.IamApplication("reading-app")
policy_iam_policy = scaleway.IamPolicy("policyIamPolicy",
application_id=reading_app.id,
rules=[scaleway.IamPolicyRuleArgs(
project_ids=[default.id],
permission_set_names=["ObjectStorageBucketsRead"],
)])
# Object storage configuration
bucket = scaleway.ObjectBucket("bucket")
policy_object_bucket_policy = scaleway.ObjectBucketPolicy("policyObjectBucketPolicy",
bucket=bucket.id,
policy=pulumi.Output.json_dumps({
"Version": "2023-04-17",
"Statement": [{
"Sid": "Delegate read access",
"Effect": "Allow",
"Principal": {
"SCW": reading_app.id.apply(lambda id: f"application_id:{id}"),
},
"Action": [
"s3:ListBucket",
"s3:GetObject",
],
"Resource": [
bucket.name,
bucket.name.apply(lambda name: f"{name}/*"),
],
}],
}))
package main
import (
"encoding/json"
"fmt"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumiverse/pulumi-scaleway/sdk/go/scaleway"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_default, err := scaleway.LookupAccountProject(ctx, &scaleway.LookupAccountProjectArgs{
Name: pulumi.StringRef("default"),
}, nil)
if err != nil {
return err
}
// IAM configuration
_, err = scaleway.NewIamApplication(ctx, "reading-app", nil)
if err != nil {
return err
}
_, err = scaleway.NewIamPolicy(ctx, "policyIamPolicy", &scaleway.IamPolicyArgs{
ApplicationId: reading_app.ID(),
Rules: scaleway.IamPolicyRuleArray{
&scaleway.IamPolicyRuleArgs{
ProjectIds: pulumi.StringArray{
pulumi.String(_default.Id),
},
PermissionSetNames: pulumi.StringArray{
pulumi.String("ObjectStorageBucketsRead"),
},
},
},
})
if err != nil {
return err
}
// Object storage configuration
bucket, err := scaleway.NewObjectBucket(ctx, "bucket", nil)
if err != nil {
return err
}
_, err = scaleway.NewObjectBucketPolicy(ctx, "policyObjectBucketPolicy", &scaleway.ObjectBucketPolicyArgs{
Bucket: bucket.ID(),
Policy: pulumi.All(reading_app.ID(), bucket.Name, bucket.Name).ApplyT(func(_args []interface{}) (string, error) {
id := _args[0].(string)
bucketName := _args[1].(string)
bucketName1 := _args[2].(string)
var _zero string
tmpJSON0, err := json.Marshal(map[string]interface{}{
"Version": "2023-04-17",
"Statement": []map[string]interface{}{
map[string]interface{}{
"Sid": "Delegate read access",
"Effect": "Allow",
"Principal": map[string]interface{}{
"SCW": fmt.Sprintf("application_id:%v", id),
},
"Action": []string{
"s3:ListBucket",
"s3:GetObject",
},
"Resource": []string{
bucketName,
fmt.Sprintf("%v/*", bucketName1),
},
},
},
})
if err != nil {
return _zero, err
}
json0 := string(tmpJSON0)
return json0, nil
}).(pulumi.StringOutput),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Scaleway = Pulumi.Scaleway;
using Scaleway = Pulumiverse.Scaleway;
return await Deployment.RunAsync(() =>
{
var @default = Scaleway.GetAccountProject.Invoke(new()
{
Name = "default",
});
// IAM configuration
var reading_app = new Scaleway.IamApplication("reading-app");
var policyIamPolicy = new Scaleway.IamPolicy("policyIamPolicy", new()
{
ApplicationId = reading_app.Id,
Rules = new[]
{
new Scaleway.Inputs.IamPolicyRuleArgs
{
ProjectIds = new[]
{
@default.Apply(@default => @default.Apply(getAccountProjectResult => getAccountProjectResult.Id)),
},
PermissionSetNames = new[]
{
"ObjectStorageBucketsRead",
},
},
},
});
// Object storage configuration
var bucket = new Scaleway.ObjectBucket("bucket");
var policyObjectBucketPolicy = new Scaleway.ObjectBucketPolicy("policyObjectBucketPolicy", new()
{
Bucket = bucket.Id,
Policy = Output.JsonSerialize(Output.Create(new Dictionary<string, object?>
{
["Version"] = "2023-04-17",
["Statement"] = new[]
{
new Dictionary<string, object?>
{
["Sid"] = "Delegate read access",
["Effect"] = "Allow",
["Principal"] = new Dictionary<string, object?>
{
["SCW"] = reading_app.Id.Apply(id => $"application_id:{id}"),
},
["Action"] = new[]
{
"s3:ListBucket",
"s3:GetObject",
},
["Resource"] = new[]
{
bucket.Name,
bucket.Name.Apply(name => $"{name}/*"),
},
},
},
})),
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.scaleway.ScalewayFunctions;
import com.pulumi.scaleway.inputs.GetAccountProjectArgs;
import com.pulumi.scaleway.IamApplication;
import com.pulumi.scaleway.IamPolicy;
import com.pulumi.scaleway.IamPolicyArgs;
import com.pulumi.scaleway.inputs.IamPolicyRuleArgs;
import com.pulumi.scaleway.ObjectBucket;
import com.pulumi.scaleway.ObjectBucketPolicy;
import com.pulumi.scaleway.ObjectBucketPolicyArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var default = ScalewayFunctions.getAccountProject(GetAccountProjectArgs.builder()
.name("default")
.build());
// IAM configuration
var reading_app = new IamApplication("reading-app");
var policyIamPolicy = new IamPolicy("policyIamPolicy", IamPolicyArgs.builder()
.applicationId(reading_app.id())
.rules(IamPolicyRuleArgs.builder()
.projectIds(default_.id())
.permissionSetNames("ObjectStorageBucketsRead")
.build())
.build());
// Object storage configuration
var bucket = new ObjectBucket("bucket");
var policyObjectBucketPolicy = new ObjectBucketPolicy("policyObjectBucketPolicy", ObjectBucketPolicyArgs.builder()
.bucket(bucket.id())
.policy(Output.tuple(reading_app.id(), bucket.name(), bucket.name()).applyValue(values -> {
var id = values.t1;
var bucketName = values.t2;
var bucketName1 = values.t3;
return serializeJson(
jsonObject(
jsonProperty("Version", "2023-04-17"),
jsonProperty("Statement", jsonArray(jsonObject(
jsonProperty("Sid", "Delegate read access"),
jsonProperty("Effect", "Allow"),
jsonProperty("Principal", jsonObject(
jsonProperty("SCW", String.format("application_id:%s", id))
)),
jsonProperty("Action", jsonArray(
"s3:ListBucket",
"s3:GetObject"
)),
jsonProperty("Resource", jsonArray(
bucketName,
String.format("%s/*", bucketName1)
))
)))
));
}))
.build());
}
}
resources:
# IAM configuration
reading-app:
type: scaleway:IamApplication
policyIamPolicy:
type: scaleway:IamPolicy
properties:
applicationId: ${["reading-app"].id}
rules:
- projectIds:
- ${default.id}
permissionSetNames:
- ObjectStorageBucketsRead
# Object storage configuration
bucket:
type: scaleway:ObjectBucket
policyObjectBucketPolicy:
type: scaleway:ObjectBucketPolicy
properties:
bucket: ${bucket.id}
policy:
fn::toJSON:
Version: 2023-04-17
Statement:
- Sid: Delegate read access
Effect: Allow
Principal:
SCW: application_id:${["reading-app"].id}
Action:
- s3:ListBucket
- s3:GetObject
Resource:
- ${bucket.name}
- ${bucket.name}/*
variables:
default:
fn::invoke:
Function: scaleway:getAccountProject
Arguments:
name: default
Reading the bucket with the application
import * as pulumi from "@pulumi/pulumi";
import * as scaleway from "@pulumi/scaleway";
import * as scaleway from "@pulumiverse/scaleway";
const reading-app = scaleway.getIamApplication({
name: "reading-app",
});
const reading_api_key = new scaleway.IamApiKey("reading-api-key", {applicationId: reading_app.then(reading_app => reading_app.id)});
const reading_profile = new scaleway.Provider("reading-profile", {
accessKey: reading_api_key.accessKey,
secretKey: reading_api_key.secretKey,
});
const bucket = scaleway.getObjectBucket({
name: "some-unique-name",
});
import pulumi
import pulumi_scaleway as scaleway
import pulumiverse_scaleway as scaleway
reading_app = scaleway.get_iam_application(name="reading-app")
reading_api_key = scaleway.IamApiKey("reading-api-key", application_id=reading_app.id)
reading_profile = scaleway.Provider("reading-profile",
access_key=reading_api_key.access_key,
secret_key=reading_api_key.secret_key)
bucket = scaleway.get_object_bucket(name="some-unique-name")
package main
import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumiverse/pulumi-scaleway/sdk/go/scaleway"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
reading_app, err := scaleway.LookupIamApplication(ctx, &scaleway.LookupIamApplicationArgs{
Name: pulumi.StringRef("reading-app"),
}, nil)
if err != nil {
return err
}
_, err = scaleway.NewIamApiKey(ctx, "reading-api-key", &scaleway.IamApiKeyArgs{
ApplicationId: pulumi.String(reading_app.Id),
})
if err != nil {
return err
}
_, err = scaleway.NewProvider(ctx, "reading-profile", &scaleway.ProviderArgs{
AccessKey: reading_api_key.AccessKey,
SecretKey: reading_api_key.SecretKey,
})
if err != nil {
return err
}
_, err = scaleway.LookupObjectBucket(ctx, &scaleway.LookupObjectBucketArgs{
Name: pulumi.StringRef("some-unique-name"),
}, nil)
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Scaleway = Pulumi.Scaleway;
using Scaleway = Pulumiverse.Scaleway;
return await Deployment.RunAsync(() =>
{
var reading_app = Scaleway.GetIamApplication.Invoke(new()
{
Name = "reading-app",
});
var reading_api_key = new Scaleway.IamApiKey("reading-api-key", new()
{
ApplicationId = reading_app.Apply(reading_app => reading_app.Apply(getIamApplicationResult => getIamApplicationResult.Id)),
});
var reading_profile = new Scaleway.Provider("reading-profile", new()
{
AccessKey = reading_api_key.AccessKey,
SecretKey = reading_api_key.SecretKey,
});
var bucket = Scaleway.GetObjectBucket.Invoke(new()
{
Name = "some-unique-name",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.scaleway.ScalewayFunctions;
import com.pulumi.scaleway.inputs.GetIamApplicationArgs;
import com.pulumi.scaleway.IamApiKey;
import com.pulumi.scaleway.IamApiKeyArgs;
import com.pulumi.scaleway.Provider;
import com.pulumi.scaleway.ProviderArgs;
import com.pulumi.scaleway.inputs.GetObjectBucketArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var reading-app = ScalewayFunctions.getIamApplication(GetIamApplicationArgs.builder()
.name("reading-app")
.build());
var reading_api_key = new IamApiKey("reading-api-key", IamApiKeyArgs.builder()
.applicationId(reading_app.id())
.build());
var reading_profile = new Provider("reading-profile", ProviderArgs.builder()
.accessKey(reading_api_key.accessKey())
.secretKey(reading_api_key.secretKey())
.build());
final var bucket = ScalewayFunctions.getObjectBucket(GetObjectBucketArgs.builder()
.name("some-unique-name")
.build());
}
}
resources:
reading-api-key:
type: scaleway:IamApiKey
properties:
applicationId: ${["reading-app"].id}
reading-profile:
type: pulumi:providers:scaleway
properties:
accessKey: ${["reading-api-key"].accessKey}
secretKey: ${["reading-api-key"].secretKey}
variables:
reading-app:
fn::invoke:
Function: scaleway:getIamApplication
Arguments:
name: reading-app
bucket:
fn::invoke:
Function: scaleway:getObjectBucket
Arguments:
name: some-unique-name
Example with AWS provider
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as scaleway from "@pulumi/scaleway";
import * as scaleway from "@pulumiverse/scaleway";
const default = scaleway.getAccountProject({
name: "default",
});
// Object storage configuration
const bucket = new scaleway.ObjectBucket("bucket", {});
const policy = aws.iam.getPolicyDocumentOutput({
version: "2012-10-17",
statements: [{
sid: "Delegate access",
effect: "Allow",
principals: [{
type: "SCW",
identifiers: [_default.then(_default => `project_id:${_default.id}`)],
}],
actions: ["s3:ListBucket"],
resources: [
bucket.name,
pulumi.interpolate`${bucket.name}/*`,
],
}],
});
const main = new scaleway.ObjectBucketPolicy("main", {
bucket: bucket.id,
policy: policy.apply(policy => policy.json),
});
import pulumi
import pulumi_aws as aws
import pulumi_scaleway as scaleway
import pulumiverse_scaleway as scaleway
default = scaleway.get_account_project(name="default")
# Object storage configuration
bucket = scaleway.ObjectBucket("bucket")
policy = aws.iam.get_policy_document_output(version="2012-10-17",
statements=[aws.iam.GetPolicyDocumentStatementArgs(
sid="Delegate access",
effect="Allow",
principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(
type="SCW",
identifiers=[f"project_id:{default.id}"],
)],
actions=["s3:ListBucket"],
resources=[
bucket.name,
bucket.name.apply(lambda name: f"{name}/*"),
],
)])
main = scaleway.ObjectBucketPolicy("main",
bucket=bucket.id,
policy=policy.json)
package main
import (
"fmt"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumiverse/pulumi-scaleway/sdk/go/scaleway"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_default, err := scaleway.LookupAccountProject(ctx, &scaleway.LookupAccountProjectArgs{
Name: pulumi.StringRef("default"),
}, nil)
if err != nil {
return err
}
// Object storage configuration
bucket, err := scaleway.NewObjectBucket(ctx, "bucket", nil)
if err != nil {
return err
}
policy := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{
Version: pulumi.String("2012-10-17"),
Statements: iam.GetPolicyDocumentStatementArray{
&iam.GetPolicyDocumentStatementArgs{
Sid: pulumi.String("Delegate access"),
Effect: pulumi.String("Allow"),
Principals: iam.GetPolicyDocumentStatementPrincipalArray{
&iam.GetPolicyDocumentStatementPrincipalArgs{
Type: pulumi.String("SCW"),
Identifiers: pulumi.StringArray{
pulumi.String(fmt.Sprintf("project_id:%v", _default.Id)),
},
},
},
Actions: pulumi.StringArray{
pulumi.String("s3:ListBucket"),
},
Resources: pulumi.StringArray{
bucket.Name,
bucket.Name.ApplyT(func(name string) (string, error) {
return fmt.Sprintf("%v/*", name), nil
}).(pulumi.StringOutput),
},
},
},
}, nil)
_, err = scaleway.NewObjectBucketPolicy(ctx, "main", &scaleway.ObjectBucketPolicyArgs{
Bucket: bucket.ID(),
Policy: policy.ApplyT(func(policy iam.GetPolicyDocumentResult) (*string, error) {
return &policy.Json, nil
}).(pulumi.StringPtrOutput),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
using Scaleway = Pulumi.Scaleway;
using Scaleway = Pulumiverse.Scaleway;
return await Deployment.RunAsync(() =>
{
var @default = Scaleway.GetAccountProject.Invoke(new()
{
Name = "default",
});
// Object storage configuration
var bucket = new Scaleway.ObjectBucket("bucket");
var policy = Aws.Iam.GetPolicyDocument.Invoke(new()
{
Version = "2012-10-17",
Statements = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Sid = "Delegate access",
Effect = "Allow",
Principals = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
{
Type = "SCW",
Identifiers = new[]
{
$"project_id:{@default.Apply(getAccountProjectResult => getAccountProjectResult.Id)}",
},
},
},
Actions = new[]
{
"s3:ListBucket",
},
Resources = new[]
{
bucket.Name,
$"{bucket.Name}/*",
},
},
},
});
var main = new Scaleway.ObjectBucketPolicy("main", new()
{
Bucket = bucket.Id,
Policy = policy.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.scaleway.ScalewayFunctions;
import com.pulumi.scaleway.inputs.GetAccountProjectArgs;
import com.pulumi.scaleway.ObjectBucket;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.scaleway.ObjectBucketPolicy;
import com.pulumi.scaleway.ObjectBucketPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var default = ScalewayFunctions.getAccountProject(GetAccountProjectArgs.builder()
.name("default")
.build());
// Object storage configuration
var bucket = new ObjectBucket("bucket");
final var policy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.version("2012-10-17")
.statements(GetPolicyDocumentStatementArgs.builder()
.sid("Delegate access")
.effect("Allow")
.principals(GetPolicyDocumentStatementPrincipalArgs.builder()
.type("SCW")
.identifiers(String.format("project_id:%s", default_.id()))
.build())
.actions("s3:ListBucket")
.resources(
bucket.name(),
bucket.name().applyValue(name -> String.format("%s/*", name)))
.build())
.build());
var main = new ObjectBucketPolicy("main", ObjectBucketPolicyArgs.builder()
.bucket(bucket.id())
.policy(policy.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult).applyValue(policy -> policy.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json())))
.build());
}
}
resources:
# Object storage configuration
bucket:
type: scaleway:ObjectBucket
main:
type: scaleway:ObjectBucketPolicy
properties:
bucket: ${bucket.id}
policy: ${policy.json}
variables:
default:
fn::invoke:
Function: scaleway:getAccountProject
Arguments:
name: default
policy:
fn::invoke:
Function: aws:iam:getPolicyDocument
Arguments:
version: 2012-10-17
statements:
- sid: Delegate access
effect: Allow
principals:
- type: SCW
identifiers:
- project_id:${default.id}
actions:
- s3:ListBucket
resources:
- ${bucket.name}
- ${bucket.name}/*
Example with deprecated version 2012-10-17
import * as pulumi from "@pulumi/pulumi";
import * as scaleway from "@pulumi/scaleway";
import * as scaleway from "@pulumiverse/scaleway";
const default = scaleway.getAccountProject({
name: "default",
});
// Object storage configuration
const bucket = new scaleway.ObjectBucket("bucket", {region: "fr-par"});
const policy = new scaleway.ObjectBucketPolicy("policy", {
bucket: bucket.name,
policy: pulumi.jsonStringify({
Version: "2012-10-17",
Statement: [{
Effect: "Allow",
Action: [
"s3:ListBucket",
"s3:GetObjectTagging",
],
Principal: {
SCW: _default.then(_default => `project_id:${_default.id}`),
},
Resource: [
bucket.name,
pulumi.interpolate`${bucket.name}/*`,
],
}],
}),
});
import pulumi
import json
import pulumi_scaleway as scaleway
import pulumiverse_scaleway as scaleway
default = scaleway.get_account_project(name="default")
# Object storage configuration
bucket = scaleway.ObjectBucket("bucket", region="fr-par")
policy = scaleway.ObjectBucketPolicy("policy",
bucket=bucket.name,
policy=pulumi.Output.json_dumps({
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObjectTagging",
],
"Principal": {
"SCW": f"project_id:{default.id}",
},
"Resource": [
bucket.name,
bucket.name.apply(lambda name: f"{name}/*"),
],
}],
}))
package main
import (
"encoding/json"
"fmt"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumiverse/pulumi-scaleway/sdk/go/scaleway"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_default, err := scaleway.LookupAccountProject(ctx, &scaleway.LookupAccountProjectArgs{
Name: pulumi.StringRef("default"),
}, nil)
if err != nil {
return err
}
// Object storage configuration
bucket, err := scaleway.NewObjectBucket(ctx, "bucket", &scaleway.ObjectBucketArgs{
Region: pulumi.String("fr-par"),
})
if err != nil {
return err
}
_, err = scaleway.NewObjectBucketPolicy(ctx, "policy", &scaleway.ObjectBucketPolicyArgs{
Bucket: bucket.Name,
Policy: pulumi.All(bucket.Name, bucket.Name).ApplyT(func(_args []interface{}) (string, error) {
bucketName := _args[0].(string)
bucketName1 := _args[1].(string)
var _zero string
tmpJSON0, err := json.Marshal(map[string]interface{}{
"Version": "2012-10-17",
"Statement": []map[string]interface{}{
map[string]interface{}{
"Effect": "Allow",
"Action": []string{
"s3:ListBucket",
"s3:GetObjectTagging",
},
"Principal": map[string]interface{}{
"SCW": fmt.Sprintf("project_id:%v", _default.Id),
},
"Resource": []string{
bucketName,
fmt.Sprintf("%v/*", bucketName1),
},
},
},
})
if err != nil {
return _zero, err
}
json0 := string(tmpJSON0)
return json0, nil
}).(pulumi.StringOutput),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Scaleway = Pulumi.Scaleway;
using Scaleway = Pulumiverse.Scaleway;
return await Deployment.RunAsync(() =>
{
var @default = Scaleway.GetAccountProject.Invoke(new()
{
Name = "default",
});
// Object storage configuration
var bucket = new Scaleway.ObjectBucket("bucket", new()
{
Region = "fr-par",
});
var policy = new Scaleway.ObjectBucketPolicy("policy", new()
{
Bucket = bucket.Name,
Policy = Output.JsonSerialize(Output.Create(new Dictionary<string, object?>
{
["Version"] = "2012-10-17",
["Statement"] = new[]
{
new Dictionary<string, object?>
{
["Effect"] = "Allow",
["Action"] = new[]
{
"s3:ListBucket",
"s3:GetObjectTagging",
},
["Principal"] = new Dictionary<string, object?>
{
["SCW"] = @default.Apply(@default => $"project_id:{@default.Apply(getAccountProjectResult => getAccountProjectResult.Id)}"),
},
["Resource"] = new[]
{
bucket.Name,
bucket.Name.Apply(name => $"{name}/*"),
},
},
},
})),
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.scaleway.ScalewayFunctions;
import com.pulumi.scaleway.inputs.GetAccountProjectArgs;
import com.pulumi.scaleway.ObjectBucket;
import com.pulumi.scaleway.ObjectBucketArgs;
import com.pulumi.scaleway.ObjectBucketPolicy;
import com.pulumi.scaleway.ObjectBucketPolicyArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var default = ScalewayFunctions.getAccountProject(GetAccountProjectArgs.builder()
.name("default")
.build());
// Object storage configuration
var bucket = new ObjectBucket("bucket", ObjectBucketArgs.builder()
.region("fr-par")
.build());
var policy = new ObjectBucketPolicy("policy", ObjectBucketPolicyArgs.builder()
.bucket(bucket.name())
.policy(Output.tuple(bucket.name(), bucket.name()).applyValue(values -> {
var bucketName = values.t1;
var bucketName1 = values.t2;
return serializeJson(
jsonObject(
jsonProperty("Version", "2012-10-17"),
jsonProperty("Statement", jsonArray(jsonObject(
jsonProperty("Effect", "Allow"),
jsonProperty("Action", jsonArray(
"s3:ListBucket",
"s3:GetObjectTagging"
)),
jsonProperty("Principal", jsonObject(
jsonProperty("SCW", String.format("project_id:%s", default_.id()))
)),
jsonProperty("Resource", jsonArray(
bucketName,
String.format("%s/*", bucketName1)
))
)))
));
}))
.build());
}
}
resources:
# Object storage configuration
bucket:
type: scaleway:ObjectBucket
properties:
region: fr-par
policy:
type: scaleway:ObjectBucketPolicy
properties:
bucket: ${bucket.name}
policy:
fn::toJSON:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- s3:ListBucket
- s3:GetObjectTagging
Principal:
SCW: project_id:${default.id}
Resource:
- ${bucket.name}
- ${bucket.name}/*
variables:
default:
fn::invoke:
Function: scaleway:getAccountProject
Arguments:
name: default
NB: To configure the AWS provider with Scaleway credentials, please visit this tutorial.
Create ObjectBucketPolicy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ObjectBucketPolicy(name: string, args: ObjectBucketPolicyArgs, opts?: CustomResourceOptions);@overload
def ObjectBucketPolicy(resource_name: str,
args: ObjectBucketPolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ObjectBucketPolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
bucket: Optional[str] = None,
policy: Optional[str] = None,
project_id: Optional[str] = None,
region: Optional[str] = None)func NewObjectBucketPolicy(ctx *Context, name string, args ObjectBucketPolicyArgs, opts ...ResourceOption) (*ObjectBucketPolicy, error)public ObjectBucketPolicy(string name, ObjectBucketPolicyArgs args, CustomResourceOptions? opts = null)
public ObjectBucketPolicy(String name, ObjectBucketPolicyArgs args)
public ObjectBucketPolicy(String name, ObjectBucketPolicyArgs args, CustomResourceOptions options)
type: scaleway:ObjectBucketPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ObjectBucketPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ObjectBucketPolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ObjectBucketPolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ObjectBucketPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ObjectBucketPolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var objectBucketPolicyResource = new Scaleway.ObjectBucketPolicy("objectBucketPolicyResource", new()
{
Bucket = "string",
Policy = "string",
ProjectId = "string",
Region = "string",
});
example, err := scaleway.NewObjectBucketPolicy(ctx, "objectBucketPolicyResource", &scaleway.ObjectBucketPolicyArgs{
Bucket: pulumi.String("string"),
Policy: pulumi.String("string"),
ProjectId: pulumi.String("string"),
Region: pulumi.String("string"),
})
var objectBucketPolicyResource = new ObjectBucketPolicy("objectBucketPolicyResource", ObjectBucketPolicyArgs.builder()
.bucket("string")
.policy("string")
.projectId("string")
.region("string")
.build());
object_bucket_policy_resource = scaleway.ObjectBucketPolicy("objectBucketPolicyResource",
bucket="string",
policy="string",
project_id="string",
region="string")
const objectBucketPolicyResource = new scaleway.ObjectBucketPolicy("objectBucketPolicyResource", {
bucket: "string",
policy: "string",
projectId: "string",
region: "string",
});
type: scaleway:ObjectBucketPolicy
properties:
bucket: string
policy: string
projectId: string
region: string
ObjectBucketPolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The ObjectBucketPolicy resource accepts the following input properties:
- bucket str
- The bucket's name or regional ID.
- policy str
- The text of the policy.
- project_
id str - The project_id you want to attach the resource to
- region str
- The Scaleway region this bucket resides in.
Outputs
All input properties are implicitly available as output properties. Additionally, the ObjectBucketPolicy resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing ObjectBucketPolicy Resource
Get an existing ObjectBucketPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ObjectBucketPolicyState, opts?: CustomResourceOptions): ObjectBucketPolicy@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
bucket: Optional[str] = None,
policy: Optional[str] = None,
project_id: Optional[str] = None,
region: Optional[str] = None) -> ObjectBucketPolicyfunc GetObjectBucketPolicy(ctx *Context, name string, id IDInput, state *ObjectBucketPolicyState, opts ...ResourceOption) (*ObjectBucketPolicy, error)public static ObjectBucketPolicy Get(string name, Input<string> id, ObjectBucketPolicyState? state, CustomResourceOptions? opts = null)public static ObjectBucketPolicy get(String name, Output<String> id, ObjectBucketPolicyState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- bucket str
- The bucket's name or regional ID.
- policy str
- The text of the policy.
- project_
id str - The project_id you want to attach the resource to
- region str
- The Scaleway region this bucket resides in.
Import
Bucket policies can be imported using the {region}/{bucketName} identifier, e.g.
bash
$ pulumi import scaleway:index/objectBucketPolicy:ObjectBucketPolicy some_bucket fr-par/some-bucket
~> Important: The project_id attribute has a particular behavior with s3 products because the s3 API is scoped by project.
If you are using a project different from the default one, you have to specify the project ID at the end of the import command.
bash
$ pulumi import scaleway:index/objectBucketPolicy:ObjectBucketPolicy some_bucket fr-par/some-bucket@xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- scaleway pulumiverse/pulumi-scaleway
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
scalewayTerraform Provider.