AWS v6.71.0, Mar 7 25

AWS v6.71.0 published on Friday, Mar 7, 2025 by Pulumi

aws.s3.BucketObject

Explore with Pulumi AI

AWS v6.71.0 published on Friday, Mar 7, 2025 by Pulumi

pulumi/pulumi-aws

Example Usage

Uploading a file to a bucket

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as std from "@pulumi/std";

const object = new aws.s3.BucketObject("object", {
    bucket: "your_bucket_name",
    key: "new_object_key",
    source: new pulumi.asset.FileAsset("path/to/file"),
    etag: std.filemd5({
        input: "path/to/file",
    }).then(invoke => invoke.result),
});

import pulumi
import pulumi_aws as aws
import pulumi_std as std

object = aws.s3.BucketObject("object",
    bucket="your_bucket_name",
    key="new_object_key",
    source=pulumi.FileAsset("path/to/file"),
    etag=std.filemd5(input="path/to/file").result)

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3"
	"github.com/pulumi/pulumi-std/sdk/go/std"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		invokeFilemd5, err := std.Filemd5(ctx, &std.Filemd5Args{
			Input: "path/to/file",
		}, nil)
		if err != nil {
			return err
		}
		_, err = s3.NewBucketObject(ctx, "object", &s3.BucketObjectArgs{
			Bucket: pulumi.Any("your_bucket_name"),
			Key:    pulumi.String("new_object_key"),
			Source: pulumi.NewFileAsset("path/to/file"),
			Etag:   pulumi.String(invokeFilemd5.Result),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
using Std = Pulumi.Std;

return await Deployment.RunAsync(() => 
{
    var @object = new Aws.S3.BucketObject("object", new()
    {
        Bucket = "your_bucket_name",
        Key = "new_object_key",
        Source = new FileAsset("path/to/file"),
        Etag = Std.Filemd5.Invoke(new()
        {
            Input = "path/to/file",
        }).Apply(invoke => invoke.Result),
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.BucketObject;
import com.pulumi.aws.s3.BucketObjectArgs;
import com.pulumi.asset.FileAsset;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var object = new BucketObject("object", BucketObjectArgs.builder()
            .bucket("your_bucket_name")
            .key("new_object_key")
            .source(new FileAsset("path/to/file"))
            .etag(StdFunctions.filemd5(Filemd5Args.builder()
                .input("path/to/file")
                .build()).result())
            .build());

    }
}

resources:
  object:
    type: aws:s3:BucketObject
    properties:
      bucket: your_bucket_name
      key: new_object_key
      source:
        fn::FileAsset: path/to/file
      etag:
        fn::invoke:
          function: std:filemd5
          arguments:
            input: path/to/file
          return: result

Encrypting with KMS Key

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const examplekms = new aws.kms.Key("examplekms", {
    description: "KMS key 1",
    deletionWindowInDays: 7,
});
const examplebucket = new aws.s3.BucketV2("examplebucket", {bucket: "examplebuckettftest"});
const example = new aws.s3.BucketAclV2("example", {
    bucket: examplebucket.id,
    acl: "private",
});
const exampleBucketObject = new aws.s3.BucketObject("example", {
    key: "someobject",
    bucket: examplebucket.id,
    source: new pulumi.asset.FileAsset("index.html"),
    kmsKeyId: examplekms.arn,
});

import pulumi
import pulumi_aws as aws

examplekms = aws.kms.Key("examplekms",
    description="KMS key 1",
    deletion_window_in_days=7)
examplebucket = aws.s3.BucketV2("examplebucket", bucket="examplebuckettftest")
example = aws.s3.BucketAclV2("example",
    bucket=examplebucket.id,
    acl="private")
example_bucket_object = aws.s3.BucketObject("example",
    key="someobject",
    bucket=examplebucket.id,
    source=pulumi.FileAsset("index.html"),
    kms_key_id=examplekms.arn)

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms"
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		examplekms, err := kms.NewKey(ctx, "examplekms", &kms.KeyArgs{
			Description:          pulumi.String("KMS key 1"),
			DeletionWindowInDays: pulumi.Int(7),
		})
		if err != nil {
			return err
		}
		examplebucket, err := s3.NewBucketV2(ctx, "examplebucket", &s3.BucketV2Args{
			Bucket: pulumi.String("examplebuckettftest"),
		})
		if err != nil {
			return err
		}
		_, err = s3.NewBucketAclV2(ctx, "example", &s3.BucketAclV2Args{
			Bucket: examplebucket.ID(),
			Acl:    pulumi.String("private"),
		})
		if err != nil {
			return err
		}
		_, err = s3.NewBucketObject(ctx, "example", &s3.BucketObjectArgs{
			Key:      pulumi.String("someobject"),
			Bucket:   examplebucket.ID(),
			Source:   pulumi.NewFileAsset("index.html"),
			KmsKeyId: examplekms.Arn,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var examplekms = new Aws.Kms.Key("examplekms", new()
    {
        Description = "KMS key 1",
        DeletionWindowInDays = 7,
    });

    var examplebucket = new Aws.S3.BucketV2("examplebucket", new()
    {
        Bucket = "examplebuckettftest",
    });

    var example = new Aws.S3.BucketAclV2("example", new()
    {
        Bucket = examplebucket.Id,
        Acl = "private",
    });

    var exampleBucketObject = new Aws.S3.BucketObject("example", new()
    {
        Key = "someobject",
        Bucket = examplebucket.Id,
        Source = new FileAsset("index.html"),
        KmsKeyId = examplekms.Arn,
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.kms.Key;
import com.pulumi.aws.kms.KeyArgs;
import com.pulumi.aws.s3.BucketV2;
import com.pulumi.aws.s3.BucketV2Args;
import com.pulumi.aws.s3.BucketAclV2;
import com.pulumi.aws.s3.BucketAclV2Args;
import com.pulumi.aws.s3.BucketObject;
import com.pulumi.aws.s3.BucketObjectArgs;
import com.pulumi.asset.FileAsset;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var examplekms = new Key("examplekms", KeyArgs.builder()
            .description("KMS key 1")
            .deletionWindowInDays(7)
            .build());

        var examplebucket = new BucketV2("examplebucket", BucketV2Args.builder()
            .bucket("examplebuckettftest")
            .build());

        var example = new BucketAclV2("example", BucketAclV2Args.builder()
            .bucket(examplebucket.id())
            .acl("private")
            .build());

        var exampleBucketObject = new BucketObject("exampleBucketObject", BucketObjectArgs.builder()
            .key("someobject")
            .bucket(examplebucket.id())
            .source(new FileAsset("index.html"))
            .kmsKeyId(examplekms.arn())
            .build());

    }
}

resources:
  examplekms:
    type: aws:kms:Key
    properties:
      description: KMS key 1
      deletionWindowInDays: 7
  examplebucket:
    type: aws:s3:BucketV2
    properties:
      bucket: examplebuckettftest
  example:
    type: aws:s3:BucketAclV2
    properties:
      bucket: ${examplebucket.id}
      acl: private
  exampleBucketObject:
    type: aws:s3:BucketObject
    name: example
    properties:
      key: someobject
      bucket: ${examplebucket.id}
      source:
        fn::FileAsset: index.html
      kmsKeyId: ${examplekms.arn}

Server Side Encryption with S3 Default Master Key

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const examplebucket = new aws.s3.BucketV2("examplebucket", {bucket: "examplebuckettftest"});
const example = new aws.s3.BucketAclV2("example", {
    bucket: examplebucket.id,
    acl: "private",
});
const exampleBucketObject = new aws.s3.BucketObject("example", {
    key: "someobject",
    bucket: examplebucket.id,
    source: new pulumi.asset.FileAsset("index.html"),
    serverSideEncryption: "aws:kms",
});

import pulumi
import pulumi_aws as aws

examplebucket = aws.s3.BucketV2("examplebucket", bucket="examplebuckettftest")
example = aws.s3.BucketAclV2("example",
    bucket=examplebucket.id,
    acl="private")
example_bucket_object = aws.s3.BucketObject("example",
    key="someobject",
    bucket=examplebucket.id,
    source=pulumi.FileAsset("index.html"),
    server_side_encryption="aws:kms")

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		examplebucket, err := s3.NewBucketV2(ctx, "examplebucket", &s3.BucketV2Args{
			Bucket: pulumi.String("examplebuckettftest"),
		})
		if err != nil {
			return err
		}
		_, err = s3.NewBucketAclV2(ctx, "example", &s3.BucketAclV2Args{
			Bucket: examplebucket.ID(),
			Acl:    pulumi.String("private"),
		})
		if err != nil {
			return err
		}
		_, err = s3.NewBucketObject(ctx, "example", &s3.BucketObjectArgs{
			Key:                  pulumi.String("someobject"),
			Bucket:               examplebucket.ID(),
			Source:               pulumi.NewFileAsset("index.html"),
			ServerSideEncryption: pulumi.String("aws:kms"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var examplebucket = new Aws.S3.BucketV2("examplebucket", new()
    {
        Bucket = "examplebuckettftest",
    });

    var example = new Aws.S3.BucketAclV2("example", new()
    {
        Bucket = examplebucket.Id,
        Acl = "private",
    });

    var exampleBucketObject = new Aws.S3.BucketObject("example", new()
    {
        Key = "someobject",
        Bucket = examplebucket.Id,
        Source = new FileAsset("index.html"),
        ServerSideEncryption = "aws:kms",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.BucketV2;
import com.pulumi.aws.s3.BucketV2Args;
import com.pulumi.aws.s3.BucketAclV2;
import com.pulumi.aws.s3.BucketAclV2Args;
import com.pulumi.aws.s3.BucketObject;
import com.pulumi.aws.s3.BucketObjectArgs;
import com.pulumi.asset.FileAsset;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var examplebucket = new BucketV2("examplebucket", BucketV2Args.builder()
            .bucket("examplebuckettftest")
            .build());

        var example = new BucketAclV2("example", BucketAclV2Args.builder()
            .bucket(examplebucket.id())
            .acl("private")
            .build());

        var exampleBucketObject = new BucketObject("exampleBucketObject", BucketObjectArgs.builder()
            .key("someobject")
            .bucket(examplebucket.id())
            .source(new FileAsset("index.html"))
            .serverSideEncryption("aws:kms")
            .build());

    }
}

resources:
  examplebucket:
    type: aws:s3:BucketV2
    properties:
      bucket: examplebuckettftest
  example:
    type: aws:s3:BucketAclV2
    properties:
      bucket: ${examplebucket.id}
      acl: private
  exampleBucketObject:
    type: aws:s3:BucketObject
    name: example
    properties:
      key: someobject
      bucket: ${examplebucket.id}
      source:
        fn::FileAsset: index.html
      serverSideEncryption: aws:kms

Server Side Encryption with AWS-Managed Key

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const examplebucket = new aws.s3.BucketV2("examplebucket", {bucket: "examplebuckettftest"});
const example = new aws.s3.BucketAclV2("example", {
    bucket: examplebucket.id,
    acl: "private",
});
const exampleBucketObject = new aws.s3.BucketObject("example", {
    key: "someobject",
    bucket: examplebucket.id,
    source: new pulumi.asset.FileAsset("index.html"),
    serverSideEncryption: "AES256",
});

import pulumi
import pulumi_aws as aws

examplebucket = aws.s3.BucketV2("examplebucket", bucket="examplebuckettftest")
example = aws.s3.BucketAclV2("example",
    bucket=examplebucket.id,
    acl="private")
example_bucket_object = aws.s3.BucketObject("example",
    key="someobject",
    bucket=examplebucket.id,
    source=pulumi.FileAsset("index.html"),
    server_side_encryption="AES256")

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		examplebucket, err := s3.NewBucketV2(ctx, "examplebucket", &s3.BucketV2Args{
			Bucket: pulumi.String("examplebuckettftest"),
		})
		if err != nil {
			return err
		}
		_, err = s3.NewBucketAclV2(ctx, "example", &s3.BucketAclV2Args{
			Bucket: examplebucket.ID(),
			Acl:    pulumi.String("private"),
		})
		if err != nil {
			return err
		}
		_, err = s3.NewBucketObject(ctx, "example", &s3.BucketObjectArgs{
			Key:                  pulumi.String("someobject"),
			Bucket:               examplebucket.ID(),
			Source:               pulumi.NewFileAsset("index.html"),
			ServerSideEncryption: pulumi.String("AES256"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var examplebucket = new Aws.S3.BucketV2("examplebucket", new()
    {
        Bucket = "examplebuckettftest",
    });

    var example = new Aws.S3.BucketAclV2("example", new()
    {
        Bucket = examplebucket.Id,
        Acl = "private",
    });

    var exampleBucketObject = new Aws.S3.BucketObject("example", new()
    {
        Key = "someobject",
        Bucket = examplebucket.Id,
        Source = new FileAsset("index.html"),
        ServerSideEncryption = "AES256",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.BucketV2;
import com.pulumi.aws.s3.BucketV2Args;
import com.pulumi.aws.s3.BucketAclV2;
import com.pulumi.aws.s3.BucketAclV2Args;
import com.pulumi.aws.s3.BucketObject;
import com.pulumi.aws.s3.BucketObjectArgs;
import com.pulumi.asset.FileAsset;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var examplebucket = new BucketV2("examplebucket", BucketV2Args.builder()
            .bucket("examplebuckettftest")
            .build());

        var example = new BucketAclV2("example", BucketAclV2Args.builder()
            .bucket(examplebucket.id())
            .acl("private")
            .build());

        var exampleBucketObject = new BucketObject("exampleBucketObject", BucketObjectArgs.builder()
            .key("someobject")
            .bucket(examplebucket.id())
            .source(new FileAsset("index.html"))
            .serverSideEncryption("AES256")
            .build());

    }
}

resources:
  examplebucket:
    type: aws:s3:BucketV2
    properties:
      bucket: examplebuckettftest
  example:
    type: aws:s3:BucketAclV2
    properties:
      bucket: ${examplebucket.id}
      acl: private
  exampleBucketObject:
    type: aws:s3:BucketObject
    name: example
    properties:
      key: someobject
      bucket: ${examplebucket.id}
      source:
        fn::FileAsset: index.html
      serverSideEncryption: AES256

S3 Object Lock

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const examplebucket = new aws.s3.BucketV2("examplebucket", {
    bucket: "examplebuckettftest",
    objectLockEnabled: true,
});
const example = new aws.s3.BucketAclV2("example", {
    bucket: examplebucket.id,
    acl: "private",
});
const exampleBucketVersioningV2 = new aws.s3.BucketVersioningV2("example", {
    bucket: examplebucket.id,
    versioningConfiguration: {
        status: "Enabled",
    },
});
const exampleBucketObject = new aws.s3.BucketObject("example", {
    key: "someobject",
    bucket: examplebucket.id,
    source: new pulumi.asset.FileAsset("important.txt"),
    objectLockLegalHoldStatus: "ON",
    objectLockMode: "GOVERNANCE",
    objectLockRetainUntilDate: "2021-12-31T23:59:60Z",
    forceDestroy: true,
}, {
    dependsOn: [exampleBucketVersioningV2],
});

import pulumi
import pulumi_aws as aws

examplebucket = aws.s3.BucketV2("examplebucket",
    bucket="examplebuckettftest",
    object_lock_enabled=True)
example = aws.s3.BucketAclV2("example",
    bucket=examplebucket.id,
    acl="private")
example_bucket_versioning_v2 = aws.s3.BucketVersioningV2("example",
    bucket=examplebucket.id,
    versioning_configuration={
        "status": "Enabled",
    })
example_bucket_object = aws.s3.BucketObject("example",
    key="someobject",
    bucket=examplebucket.id,
    source=pulumi.FileAsset("important.txt"),
    object_lock_legal_hold_status="ON",
    object_lock_mode="GOVERNANCE",
    object_lock_retain_until_date="2021-12-31T23:59:60Z",
    force_destroy=True,
    opts = pulumi.ResourceOptions(depends_on=[example_bucket_versioning_v2]))

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		examplebucket, err := s3.NewBucketV2(ctx, "examplebucket", &s3.BucketV2Args{
			Bucket:            pulumi.String("examplebuckettftest"),
			ObjectLockEnabled: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		_, err = s3.NewBucketAclV2(ctx, "example", &s3.BucketAclV2Args{
			Bucket: examplebucket.ID(),
			Acl:    pulumi.String("private"),
		})
		if err != nil {
			return err
		}
		exampleBucketVersioningV2, err := s3.NewBucketVersioningV2(ctx, "example", &s3.BucketVersioningV2Args{
			Bucket: examplebucket.ID(),
			VersioningConfiguration: &s3.BucketVersioningV2VersioningConfigurationArgs{
				Status: pulumi.String("Enabled"),
			},
		})
		if err != nil {
			return err
		}
		_, err = s3.NewBucketObject(ctx, "example", &s3.BucketObjectArgs{
			Key:                       pulumi.String("someobject"),
			Bucket:                    examplebucket.ID(),
			Source:                    pulumi.NewFileAsset("important.txt"),
			ObjectLockLegalHoldStatus: pulumi.String("ON"),
			ObjectLockMode:            pulumi.String("GOVERNANCE"),
			ObjectLockRetainUntilDate: pulumi.String("2021-12-31T23:59:60Z"),
			ForceDestroy:              pulumi.Bool(true),
		}, pulumi.DependsOn([]pulumi.Resource{
			exampleBucketVersioningV2,
		}))
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var examplebucket = new Aws.S3.BucketV2("examplebucket", new()
    {
        Bucket = "examplebuckettftest",
        ObjectLockEnabled = true,
    });

    var example = new Aws.S3.BucketAclV2("example", new()
    {
        Bucket = examplebucket.Id,
        Acl = "private",
    });

    var exampleBucketVersioningV2 = new Aws.S3.BucketVersioningV2("example", new()
    {
        Bucket = examplebucket.Id,
        VersioningConfiguration = new Aws.S3.Inputs.BucketVersioningV2VersioningConfigurationArgs
        {
            Status = "Enabled",
        },
    });

    var exampleBucketObject = new Aws.S3.BucketObject("example", new()
    {
        Key = "someobject",
        Bucket = examplebucket.Id,
        Source = new FileAsset("important.txt"),
        ObjectLockLegalHoldStatus = "ON",
        ObjectLockMode = "GOVERNANCE",
        ObjectLockRetainUntilDate = "2021-12-31T23:59:60Z",
        ForceDestroy = true,
    }, new CustomResourceOptions
    {
        DependsOn =
        {
            exampleBucketVersioningV2,
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.BucketV2;
import com.pulumi.aws.s3.BucketV2Args;
import com.pulumi.aws.s3.BucketAclV2;
import com.pulumi.aws.s3.BucketAclV2Args;
import com.pulumi.aws.s3.BucketVersioningV2;
import com.pulumi.aws.s3.BucketVersioningV2Args;
import com.pulumi.aws.s3.inputs.BucketVersioningV2VersioningConfigurationArgs;
import com.pulumi.aws.s3.BucketObject;
import com.pulumi.aws.s3.BucketObjectArgs;
import com.pulumi.resources.CustomResourceOptions;
import com.pulumi.asset.FileAsset;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var examplebucket = new BucketV2("examplebucket", BucketV2Args.builder()
            .bucket("examplebuckettftest")
            .objectLockEnabled(true)
            .build());

        var example = new BucketAclV2("example", BucketAclV2Args.builder()
            .bucket(examplebucket.id())
            .acl("private")
            .build());

        var exampleBucketVersioningV2 = new BucketVersioningV2("exampleBucketVersioningV2", BucketVersioningV2Args.builder()
            .bucket(examplebucket.id())
            .versioningConfiguration(BucketVersioningV2VersioningConfigurationArgs.builder()
                .status("Enabled")
                .build())
            .build());

        var exampleBucketObject = new BucketObject("exampleBucketObject", BucketObjectArgs.builder()
            .key("someobject")
            .bucket(examplebucket.id())
            .source(new FileAsset("important.txt"))
            .objectLockLegalHoldStatus("ON")
            .objectLockMode("GOVERNANCE")
            .objectLockRetainUntilDate("2021-12-31T23:59:60Z")
            .forceDestroy(true)
            .build(), CustomResourceOptions.builder()
                .dependsOn(exampleBucketVersioningV2)
                .build());

    }
}

resources:
  examplebucket:
    type: aws:s3:BucketV2
    properties:
      bucket: examplebuckettftest
      objectLockEnabled: true
  example:
    type: aws:s3:BucketAclV2
    properties:
      bucket: ${examplebucket.id}
      acl: private
  exampleBucketVersioningV2:
    type: aws:s3:BucketVersioningV2
    name: example
    properties:
      bucket: ${examplebucket.id}
      versioningConfiguration:
        status: Enabled
  exampleBucketObject:
    type: aws:s3:BucketObject
    name: example
    properties:
      key: someobject
      bucket: ${examplebucket.id}
      source:
        fn::FileAsset: important.txt
      objectLockLegalHoldStatus: ON
      objectLockMode: GOVERNANCE
      objectLockRetainUntilDate: 2021-12-31T23:59:60Z
      forceDestroy: true
    options:
      dependsOn:
        - ${exampleBucketVersioningV2}

Create BucketObject Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new BucketObject(name: string, args: BucketObjectArgs, opts?: CustomResourceOptions);

@overload
def BucketObject(resource_name: str,
                 args: BucketObjectArgs,
                 opts: Optional[ResourceOptions] = None)

@overload
def BucketObject(resource_name: str,
                 opts: Optional[ResourceOptions] = None,
                 bucket: Optional[str] = None,
                 key: Optional[str] = None,
                 website_redirect: Optional[str] = None,
                 force_destroy: Optional[bool] = None,
                 content: Optional[str] = None,
                 content_base64: Optional[str] = None,
                 content_disposition: Optional[str] = None,
                 content_encoding: Optional[str] = None,
                 content_language: Optional[str] = None,
                 content_type: Optional[str] = None,
                 kms_key_id: Optional[str] = None,
                 cache_control: Optional[str] = None,
                 bucket_key_enabled: Optional[bool] = None,
                 etag: Optional[str] = None,
                 metadata: Optional[Mapping[str, str]] = None,
                 object_lock_legal_hold_status: Optional[str] = None,
                 object_lock_mode: Optional[str] = None,
                 object_lock_retain_until_date: Optional[str] = None,
                 server_side_encryption: Optional[str] = None,
                 source: Optional[Union[pulumi.Asset, pulumi.Archive]] = None,
                 source_hash: Optional[str] = None,
                 storage_class: Optional[str] = None,
                 tags: Optional[Mapping[str, str]] = None,
                 acl: Optional[str] = None)

func NewBucketObject(ctx *Context, name string, args BucketObjectArgs, opts ...ResourceOption) (*BucketObject, error)

public BucketObject(string name, BucketObjectArgs args, CustomResourceOptions? opts = null)

public BucketObject(String name, BucketObjectArgs args)
public BucketObject(String name, BucketObjectArgs args, CustomResourceOptions options)

type: aws:s3:BucketObject
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args BucketObjectArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args BucketObjectArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args BucketObjectArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args BucketObjectArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args BucketObjectArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var bucketObjectResource = new Aws.S3.BucketObject("bucketObjectResource", new()
{
    Bucket = "string",
    Key = "string",
    WebsiteRedirect = "string",
    ForceDestroy = false,
    Content = "string",
    ContentBase64 = "string",
    ContentDisposition = "string",
    ContentEncoding = "string",
    ContentLanguage = "string",
    ContentType = "string",
    KmsKeyId = "string",
    CacheControl = "string",
    BucketKeyEnabled = false,
    Etag = "string",
    Metadata = 
    {
        { "string", "string" },
    },
    ObjectLockLegalHoldStatus = "string",
    ObjectLockMode = "string",
    ObjectLockRetainUntilDate = "string",
    ServerSideEncryption = "string",
    Source = new StringAsset("content"),
    SourceHash = "string",
    StorageClass = "string",
    Tags = 
    {
        { "string", "string" },
    },
    Acl = "string",
});

example, err := s3.NewBucketObject(ctx, "bucketObjectResource", &s3.BucketObjectArgs{
	Bucket:             pulumi.Any("string"),
	Key:                pulumi.String("string"),
	WebsiteRedirect:    pulumi.String("string"),
	ForceDestroy:       pulumi.Bool(false),
	Content:            pulumi.String("string"),
	ContentBase64:      pulumi.String("string"),
	ContentDisposition: pulumi.String("string"),
	ContentEncoding:    pulumi.String("string"),
	ContentLanguage:    pulumi.String("string"),
	ContentType:        pulumi.String("string"),
	KmsKeyId:           pulumi.String("string"),
	CacheControl:       pulumi.String("string"),
	BucketKeyEnabled:   pulumi.Bool(false),
	Etag:               pulumi.String("string"),
	Metadata: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	ObjectLockLegalHoldStatus: pulumi.String("string"),
	ObjectLockMode:            pulumi.String("string"),
	ObjectLockRetainUntilDate: pulumi.String("string"),
	ServerSideEncryption:      pulumi.String("string"),
	Source:                    pulumi.NewStringAsset("content"),
	SourceHash:                pulumi.String("string"),
	StorageClass:              pulumi.String("string"),
	Tags: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	Acl: pulumi.String("string"),
})

var bucketObjectResource = new BucketObject("bucketObjectResource", BucketObjectArgs.builder()
    .bucket("string")
    .key("string")
    .websiteRedirect("string")
    .forceDestroy(false)
    .content("string")
    .contentBase64("string")
    .contentDisposition("string")
    .contentEncoding("string")
    .contentLanguage("string")
    .contentType("string")
    .kmsKeyId("string")
    .cacheControl("string")
    .bucketKeyEnabled(false)
    .etag("string")
    .metadata(Map.of("string", "string"))
    .objectLockLegalHoldStatus("string")
    .objectLockMode("string")
    .objectLockRetainUntilDate("string")
    .serverSideEncryption("string")
    .source(new StringAsset("content"))
    .sourceHash("string")
    .storageClass("string")
    .tags(Map.of("string", "string"))
    .acl("string")
    .build());

bucket_object_resource = aws.s3.BucketObject("bucketObjectResource",
    bucket="string",
    key="string",
    website_redirect="string",
    force_destroy=False,
    content="string",
    content_base64="string",
    content_disposition="string",
    content_encoding="string",
    content_language="string",
    content_type="string",
    kms_key_id="string",
    cache_control="string",
    bucket_key_enabled=False,
    etag="string",
    metadata={
        "string": "string",
    },
    object_lock_legal_hold_status="string",
    object_lock_mode="string",
    object_lock_retain_until_date="string",
    server_side_encryption="string",
    source=pulumi.StringAsset("content"),
    source_hash="string",
    storage_class="string",
    tags={
        "string": "string",
    },
    acl="string")

const bucketObjectResource = new aws.s3.BucketObject("bucketObjectResource", {
    bucket: "string",
    key: "string",
    websiteRedirect: "string",
    forceDestroy: false,
    content: "string",
    contentBase64: "string",
    contentDisposition: "string",
    contentEncoding: "string",
    contentLanguage: "string",
    contentType: "string",
    kmsKeyId: "string",
    cacheControl: "string",
    bucketKeyEnabled: false,
    etag: "string",
    metadata: {
        string: "string",
    },
    objectLockLegalHoldStatus: "string",
    objectLockMode: "string",
    objectLockRetainUntilDate: "string",
    serverSideEncryption: "string",
    source: new pulumi.asset.StringAsset("content"),
    sourceHash: "string",
    storageClass: "string",
    tags: {
        string: "string",
    },
    acl: "string",
});

type: aws:s3:BucketObject
properties:
    acl: string
    bucket: string
    bucketKeyEnabled: false
    cacheControl: string
    content: string
    contentBase64: string
    contentDisposition: string
    contentEncoding: string
    contentLanguage: string
    contentType: string
    etag: string
    forceDestroy: false
    key: string
    kmsKeyId: string
    metadata:
        string: string
    objectLockLegalHoldStatus: string
    objectLockMode: string
    objectLockRetainUntilDate: string
    serverSideEncryption: string
    source:
        fn::StringAsset: content
    sourceHash: string
    storageClass: string
    tags:
        string: string
    websiteRedirect: string

BucketObject Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The BucketObject resource accepts the following input properties:

Bucket string | string

Name of the bucket to put the file in. Alternatively, an S3 access point ARN can be specified.

Acl string

Canned ACL to apply. Valid values are private, public-read, public-read-write, aws-exec-read, authenticated-read, bucket-owner-read, and bucket-owner-full-control. Defaults to private.

BucketKeyEnabled bool

Whether or not to use Amazon S3 Bucket Keys for SSE-KMS.

CacheControl string

Caching behavior along the request/reply chain Read w3c cache_control for further details.

Content string

Literal string value to use as the object content, which will be uploaded as UTF-8-encoded text.

ContentBase64 string

Base64-encoded data that will be decoded and uploaded as raw bytes for the object content. This allows safely uploading non-UTF8 binary data, but is recommended only for small content such as the result of the gzipbase64 function with small text strings. For larger objects, use source to stream the content from a disk file.

ContentDisposition string

Presentational information for the object. Read w3c content_disposition for further information.

ContentEncoding string

Content encodings that have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field. Read w3c content encoding for further information.

ContentLanguage string

Language the content is in e.g., en-US or en-GB.

ContentType string

Standard MIME type describing the format of the object data, e.g., application/octet-stream. All Valid MIME Types are valid for this input.

Etag string

Triggers updates when the value changes. This attribute is not compatible with KMS encryption, kms_key_id or server_side_encryption = "aws:kms" (see source_hash instead).

ForceDestroy bool

Whether to allow the object to be deleted by removing any legal hold on any object version. Default is false. This value should be set to true only if the bucket has S3 object lock enabled.

Key string

Name of the object once it is in the bucket.

The following arguments are optional:

KmsKeyId string

ARN of the KMS Key to use for object encryption. If the S3 Bucket has server-side encryption enabled, that value will automatically be used. If referencing the aws.kms.Key resource, use the arn attribute. If referencing the aws.kms.Alias data source or resource, use the target_key_arn attribute. The provider will only perform drift detection if a configuration value is provided.

Metadata Dictionary<string, string>

Map of keys/values to provision metadata (will be automatically prefixed by x-amz-meta-, note that only lowercase label are currently supported by the AWS Go API).

ObjectLockLegalHoldStatus string

Legal hold status that you want to apply to the specified object. Valid values are ON and OFF.

ObjectLockMode string

Object lock retention mode that you want to apply to this object. Valid values are GOVERNANCE and COMPLIANCE.

ObjectLockRetainUntilDate string

Date and time, in RFC3339 format, when this object's object lock will expire.

ServerSideEncryption string

Server-side encryption of the object in S3. Valid values are "AES256" and "aws:kms".

Source AssetOrArchive

Path to a file that will be read and uploaded as raw bytes for the object content.

SourceHash string

Triggers updates like etag but useful to address etag encryption limitations.

StorageClass string

Storage Class for the object. Defaults to "STANDARD".

Tags Dictionary<string, string>

Map of tags to assign to the object. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

WebsiteRedirect string

Target URL for website redirect.

If no content is provided through source, content or content_base64, then the object will be empty.

Bucket string | string

Name of the bucket to put the file in. Alternatively, an S3 access point ARN can be specified.

Acl string

BucketKeyEnabled bool

Whether or not to use Amazon S3 Bucket Keys for SSE-KMS.

CacheControl string

Caching behavior along the request/reply chain Read w3c cache_control for further details.

Content string

Literal string value to use as the object content, which will be uploaded as UTF-8-encoded text.

ContentBase64 string

ContentDisposition string

Presentational information for the object. Read w3c content_disposition for further information.

ContentEncoding string

ContentLanguage string

Language the content is in e.g., en-US or en-GB.

ContentType string

Standard MIME type describing the format of the object data, e.g., application/octet-stream. All Valid MIME Types are valid for this input.

Etag string

Triggers updates when the value changes. This attribute is not compatible with KMS encryption, kms_key_id or server_side_encryption = "aws:kms" (see source_hash instead).

ForceDestroy bool

Whether to allow the object to be deleted by removing any legal hold on any object version. Default is false. This value should be set to true only if the bucket has S3 object lock enabled.

Key string

Name of the object once it is in the bucket.

The following arguments are optional:

KmsKeyId string

Metadata map[string]string

Map of keys/values to provision metadata (will be automatically prefixed by x-amz-meta-, note that only lowercase label are currently supported by the AWS Go API).

ObjectLockLegalHoldStatus string

Legal hold status that you want to apply to the specified object. Valid values are ON and OFF.

ObjectLockMode string

Object lock retention mode that you want to apply to this object. Valid values are GOVERNANCE and COMPLIANCE.

ObjectLockRetainUntilDate string

Date and time, in RFC3339 format, when this object's object lock will expire.

ServerSideEncryption string

Server-side encryption of the object in S3. Valid values are "AES256" and "aws:kms".

Source pulumi.AssetOrArchive

Path to a file that will be read and uploaded as raw bytes for the object content.

SourceHash string

Triggers updates like etag but useful to address etag encryption limitations.

StorageClass string

Storage Class for the object. Defaults to "STANDARD".

Tags map[string]string

Map of tags to assign to the object. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

WebsiteRedirect string

Target URL for website redirect.

If no content is provided through source, content or content_base64, then the object will be empty.

bucket String | String

Name of the bucket to put the file in. Alternatively, an S3 access point ARN can be specified.

acl String

bucketKeyEnabled Boolean

Whether or not to use Amazon S3 Bucket Keys for SSE-KMS.

cacheControl String

Caching behavior along the request/reply chain Read w3c cache_control for further details.

content String

Literal string value to use as the object content, which will be uploaded as UTF-8-encoded text.

contentBase64 String

contentDisposition String

Presentational information for the object. Read w3c content_disposition for further information.

contentEncoding String

contentLanguage String

Language the content is in e.g., en-US or en-GB.

contentType String

Standard MIME type describing the format of the object data, e.g., application/octet-stream. All Valid MIME Types are valid for this input.

etag String

Triggers updates when the value changes. This attribute is not compatible with KMS encryption, kms_key_id or server_side_encryption = "aws:kms" (see source_hash instead).

forceDestroy Boolean

Whether to allow the object to be deleted by removing any legal hold on any object version. Default is false. This value should be set to true only if the bucket has S3 object lock enabled.

key String

Name of the object once it is in the bucket.

The following arguments are optional:

kmsKeyId String

metadata Map<String,String>

Map of keys/values to provision metadata (will be automatically prefixed by x-amz-meta-, note that only lowercase label are currently supported by the AWS Go API).

objectLockLegalHoldStatus String

Legal hold status that you want to apply to the specified object. Valid values are ON and OFF.

objectLockMode String

Object lock retention mode that you want to apply to this object. Valid values are GOVERNANCE and COMPLIANCE.

objectLockRetainUntilDate String

Date and time, in RFC3339 format, when this object's object lock will expire.

serverSideEncryption String

Server-side encryption of the object in S3. Valid values are "AES256" and "aws:kms".

source AssetOrArchive

Path to a file that will be read and uploaded as raw bytes for the object content.

sourceHash String

Triggers updates like etag but useful to address etag encryption limitations.

storageClass String

Storage Class for the object. Defaults to "STANDARD".

tags Map<String,String>

Map of tags to assign to the object. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

websiteRedirect String

Target URL for website redirect.

If no content is provided through source, content or content_base64, then the object will be empty.

bucket string | Bucket

Name of the bucket to put the file in. Alternatively, an S3 access point ARN can be specified.

acl string

bucketKeyEnabled boolean

Whether or not to use Amazon S3 Bucket Keys for SSE-KMS.

cacheControl string

Caching behavior along the request/reply chain Read w3c cache_control for further details.

content string

Literal string value to use as the object content, which will be uploaded as UTF-8-encoded text.

contentBase64 string

contentDisposition string

Presentational information for the object. Read w3c content_disposition for further information.

contentEncoding string

contentLanguage string

Language the content is in e.g., en-US or en-GB.

contentType string

Standard MIME type describing the format of the object data, e.g., application/octet-stream. All Valid MIME Types are valid for this input.

etag string

Triggers updates when the value changes. This attribute is not compatible with KMS encryption, kms_key_id or server_side_encryption = "aws:kms" (see source_hash instead).

forceDestroy boolean

Whether to allow the object to be deleted by removing any legal hold on any object version. Default is false. This value should be set to true only if the bucket has S3 object lock enabled.

key string

Name of the object once it is in the bucket.

The following arguments are optional:

kmsKeyId string

metadata {[key: string]: string}

Map of keys/values to provision metadata (will be automatically prefixed by x-amz-meta-, note that only lowercase label are currently supported by the AWS Go API).

objectLockLegalHoldStatus string

Legal hold status that you want to apply to the specified object. Valid values are ON and OFF.

objectLockMode string

Object lock retention mode that you want to apply to this object. Valid values are GOVERNANCE and COMPLIANCE.

objectLockRetainUntilDate string

Date and time, in RFC3339 format, when this object's object lock will expire.

serverSideEncryption string

Server-side encryption of the object in S3. Valid values are "AES256" and "aws:kms".

source pulumi.asset.Asset | pulumi.asset.Archive

Path to a file that will be read and uploaded as raw bytes for the object content.

sourceHash string

Triggers updates like etag but useful to address etag encryption limitations.

storageClass string

Storage Class for the object. Defaults to "STANDARD".

tags {[key: string]: string}

Map of tags to assign to the object. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

websiteRedirect string

Target URL for website redirect.

If no content is provided through source, content or content_base64, then the object will be empty.

bucket str | str

Name of the bucket to put the file in. Alternatively, an S3 access point ARN can be specified.

acl str

bucket_key_enabled bool

Whether or not to use Amazon S3 Bucket Keys for SSE-KMS.

cache_control str

Caching behavior along the request/reply chain Read w3c cache_control for further details.

content str

Literal string value to use as the object content, which will be uploaded as UTF-8-encoded text.

content_base64 str

content_disposition str

Presentational information for the object. Read w3c content_disposition for further information.

content_encoding str

content_language str

Language the content is in e.g., en-US or en-GB.

content_type str

Standard MIME type describing the format of the object data, e.g., application/octet-stream. All Valid MIME Types are valid for this input.

etag str

Triggers updates when the value changes. This attribute is not compatible with KMS encryption, kms_key_id or server_side_encryption = "aws:kms" (see source_hash instead).

force_destroy bool

Whether to allow the object to be deleted by removing any legal hold on any object version. Default is false. This value should be set to true only if the bucket has S3 object lock enabled.

key str

Name of the object once it is in the bucket.

The following arguments are optional:

kms_key_id str

metadata Mapping[str, str]

Map of keys/values to provision metadata (will be automatically prefixed by x-amz-meta-, note that only lowercase label are currently supported by the AWS Go API).

object_lock_legal_hold_status str

Legal hold status that you want to apply to the specified object. Valid values are ON and OFF.

object_lock_mode str

Object lock retention mode that you want to apply to this object. Valid values are GOVERNANCE and COMPLIANCE.

object_lock_retain_until_date str

Date and time, in RFC3339 format, when this object's object lock will expire.

server_side_encryption str

Server-side encryption of the object in S3. Valid values are "AES256" and "aws:kms".

source Union[pulumi.Asset, pulumi.Archive]

Path to a file that will be read and uploaded as raw bytes for the object content.

source_hash str

Triggers updates like etag but useful to address etag encryption limitations.

storage_class str

Storage Class for the object. Defaults to "STANDARD".

tags Mapping[str, str]

Map of tags to assign to the object. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

website_redirect str

Target URL for website redirect.

If no content is provided through source, content or content_base64, then the object will be empty.

bucket String |

Name of the bucket to put the file in. Alternatively, an S3 access point ARN can be specified.

acl String

bucketKeyEnabled Boolean

Whether or not to use Amazon S3 Bucket Keys for SSE-KMS.

cacheControl String

Caching behavior along the request/reply chain Read w3c cache_control for further details.

content String

Literal string value to use as the object content, which will be uploaded as UTF-8-encoded text.

contentBase64 String

contentDisposition String

Presentational information for the object. Read w3c content_disposition for further information.

contentEncoding String

contentLanguage String

Language the content is in e.g., en-US or en-GB.

contentType String

Standard MIME type describing the format of the object data, e.g., application/octet-stream. All Valid MIME Types are valid for this input.

etag String

Triggers updates when the value changes. This attribute is not compatible with KMS encryption, kms_key_id or server_side_encryption = "aws:kms" (see source_hash instead).

forceDestroy Boolean

Whether to allow the object to be deleted by removing any legal hold on any object version. Default is false. This value should be set to true only if the bucket has S3 object lock enabled.

key String

Name of the object once it is in the bucket.

The following arguments are optional:

kmsKeyId String

metadata Map<String>

Map of keys/values to provision metadata (will be automatically prefixed by x-amz-meta-, note that only lowercase label are currently supported by the AWS Go API).

objectLockLegalHoldStatus String

Legal hold status that you want to apply to the specified object. Valid values are ON and OFF.

objectLockMode String

Object lock retention mode that you want to apply to this object. Valid values are GOVERNANCE and COMPLIANCE.

objectLockRetainUntilDate String

Date and time, in RFC3339 format, when this object's object lock will expire.

serverSideEncryption String

Server-side encryption of the object in S3. Valid values are "AES256" and "aws:kms".

source Asset

Path to a file that will be read and uploaded as raw bytes for the object content.

sourceHash String

Triggers updates like etag but useful to address etag encryption limitations.

storageClass String

Storage Class for the object. Defaults to "STANDARD".

tags Map<String>

Map of tags to assign to the object. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

websiteRedirect String

Target URL for website redirect.

If no content is provided through source, content or content_base64, then the object will be empty.

Outputs

All input properties are implicitly available as output properties. Additionally, the BucketObject resource produces the following output properties:

Arn string: ARN of the object.
Id string: The provider-assigned unique ID for this managed resource.
TagsAll Dictionary<string, string>: Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
VersionId string: Unique version ID value for the object, if bucket versioning is enabled.

Arn string: ARN of the object.
Id string: The provider-assigned unique ID for this managed resource.
TagsAll map[string]string: Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
VersionId string: Unique version ID value for the object, if bucket versioning is enabled.

arn String: ARN of the object.
id String: The provider-assigned unique ID for this managed resource.
tagsAll Map<String,String>: Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
versionId String: Unique version ID value for the object, if bucket versioning is enabled.

arn string: ARN of the object.
id string: The provider-assigned unique ID for this managed resource.
tagsAll {[key: string]: string}: Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
versionId string: Unique version ID value for the object, if bucket versioning is enabled.

arn str: ARN of the object.
id str: The provider-assigned unique ID for this managed resource.
tags_all Mapping[str, str]: Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
version_id str: Unique version ID value for the object, if bucket versioning is enabled.

arn String: ARN of the object.
id String: The provider-assigned unique ID for this managed resource.
tagsAll Map<String>: Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
versionId String: Unique version ID value for the object, if bucket versioning is enabled.

Look up Existing BucketObject Resource

Get an existing BucketObject resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: BucketObjectState, opts?: CustomResourceOptions): BucketObject

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        acl: Optional[str] = None,
        arn: Optional[str] = None,
        bucket: Optional[str] = None,
        bucket_key_enabled: Optional[bool] = None,
        cache_control: Optional[str] = None,
        content: Optional[str] = None,
        content_base64: Optional[str] = None,
        content_disposition: Optional[str] = None,
        content_encoding: Optional[str] = None,
        content_language: Optional[str] = None,
        content_type: Optional[str] = None,
        etag: Optional[str] = None,
        force_destroy: Optional[bool] = None,
        key: Optional[str] = None,
        kms_key_id: Optional[str] = None,
        metadata: Optional[Mapping[str, str]] = None,
        object_lock_legal_hold_status: Optional[str] = None,
        object_lock_mode: Optional[str] = None,
        object_lock_retain_until_date: Optional[str] = None,
        server_side_encryption: Optional[str] = None,
        source: Optional[Union[pulumi.Asset, pulumi.Archive]] = None,
        source_hash: Optional[str] = None,
        storage_class: Optional[str] = None,
        tags: Optional[Mapping[str, str]] = None,
        tags_all: Optional[Mapping[str, str]] = None,
        version_id: Optional[str] = None,
        website_redirect: Optional[str] = None) -> BucketObject

func GetBucketObject(ctx *Context, name string, id IDInput, state *BucketObjectState, opts ...ResourceOption) (*BucketObject, error)

public static BucketObject Get(string name, Input<string> id, BucketObjectState? state, CustomResourceOptions? opts = null)

public static BucketObject get(String name, Output<String> id, BucketObjectState state, CustomResourceOptions options)

resources:  _:    type: aws:s3:BucketObject    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Acl string

Arn string

ARN of the object.

Bucket string | string

Name of the bucket to put the file in. Alternatively, an S3 access point ARN can be specified.

BucketKeyEnabled bool

Whether or not to use Amazon S3 Bucket Keys for SSE-KMS.

CacheControl string

Caching behavior along the request/reply chain Read w3c cache_control for further details.

Content string

Literal string value to use as the object content, which will be uploaded as UTF-8-encoded text.

ContentBase64 string

ContentDisposition string

Presentational information for the object. Read w3c content_disposition for further information.

ContentEncoding string

ContentLanguage string

Language the content is in e.g., en-US or en-GB.

ContentType string

Standard MIME type describing the format of the object data, e.g., application/octet-stream. All Valid MIME Types are valid for this input.

Etag string

Triggers updates when the value changes. This attribute is not compatible with KMS encryption, kms_key_id or server_side_encryption = "aws:kms" (see source_hash instead).

ForceDestroy bool

Whether to allow the object to be deleted by removing any legal hold on any object version. Default is false. This value should be set to true only if the bucket has S3 object lock enabled.

Key string

Name of the object once it is in the bucket.

The following arguments are optional:

KmsKeyId string

Metadata Dictionary<string, string>

Map of keys/values to provision metadata (will be automatically prefixed by x-amz-meta-, note that only lowercase label are currently supported by the AWS Go API).

ObjectLockLegalHoldStatus string

Legal hold status that you want to apply to the specified object. Valid values are ON and OFF.

ObjectLockMode string

Object lock retention mode that you want to apply to this object. Valid values are GOVERNANCE and COMPLIANCE.

ObjectLockRetainUntilDate string

Date and time, in RFC3339 format, when this object's object lock will expire.

ServerSideEncryption string

Server-side encryption of the object in S3. Valid values are "AES256" and "aws:kms".

Source AssetOrArchive

Path to a file that will be read and uploaded as raw bytes for the object content.

SourceHash string

Triggers updates like etag but useful to address etag encryption limitations.

StorageClass string

Storage Class for the object. Defaults to "STANDARD".

Tags Dictionary<string, string>

Map of tags to assign to the object. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

TagsAll Dictionary<string, string>

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

VersionId string

Unique version ID value for the object, if bucket versioning is enabled.

WebsiteRedirect string

Target URL for website redirect.

If no content is provided through source, content or content_base64, then the object will be empty.

Acl string

Arn string

ARN of the object.

Bucket string | string

Name of the bucket to put the file in. Alternatively, an S3 access point ARN can be specified.

BucketKeyEnabled bool

Whether or not to use Amazon S3 Bucket Keys for SSE-KMS.

CacheControl string

Caching behavior along the request/reply chain Read w3c cache_control for further details.

Content string

Literal string value to use as the object content, which will be uploaded as UTF-8-encoded text.

ContentBase64 string

ContentDisposition string

Presentational information for the object. Read w3c content_disposition for further information.

ContentEncoding string

ContentLanguage string

Language the content is in e.g., en-US or en-GB.

ContentType string

Standard MIME type describing the format of the object data, e.g., application/octet-stream. All Valid MIME Types are valid for this input.

Etag string

Triggers updates when the value changes. This attribute is not compatible with KMS encryption, kms_key_id or server_side_encryption = "aws:kms" (see source_hash instead).

ForceDestroy bool

Whether to allow the object to be deleted by removing any legal hold on any object version. Default is false. This value should be set to true only if the bucket has S3 object lock enabled.

Key string

Name of the object once it is in the bucket.

The following arguments are optional:

KmsKeyId string

Metadata map[string]string

Map of keys/values to provision metadata (will be automatically prefixed by x-amz-meta-, note that only lowercase label are currently supported by the AWS Go API).

ObjectLockLegalHoldStatus string

Legal hold status that you want to apply to the specified object. Valid values are ON and OFF.

ObjectLockMode string

Object lock retention mode that you want to apply to this object. Valid values are GOVERNANCE and COMPLIANCE.

ObjectLockRetainUntilDate string

Date and time, in RFC3339 format, when this object's object lock will expire.

ServerSideEncryption string

Server-side encryption of the object in S3. Valid values are "AES256" and "aws:kms".

Source pulumi.AssetOrArchive

Path to a file that will be read and uploaded as raw bytes for the object content.

SourceHash string

Triggers updates like etag but useful to address etag encryption limitations.

StorageClass string

Storage Class for the object. Defaults to "STANDARD".

Tags map[string]string

Map of tags to assign to the object. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

TagsAll map[string]string

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

VersionId string

Unique version ID value for the object, if bucket versioning is enabled.

WebsiteRedirect string

Target URL for website redirect.

If no content is provided through source, content or content_base64, then the object will be empty.

acl String

arn String

ARN of the object.

bucket String | String

Name of the bucket to put the file in. Alternatively, an S3 access point ARN can be specified.

bucketKeyEnabled Boolean

Whether or not to use Amazon S3 Bucket Keys for SSE-KMS.

cacheControl String

Caching behavior along the request/reply chain Read w3c cache_control for further details.

content String

Literal string value to use as the object content, which will be uploaded as UTF-8-encoded text.

contentBase64 String

contentDisposition String

Presentational information for the object. Read w3c content_disposition for further information.

contentEncoding String

contentLanguage String

Language the content is in e.g., en-US or en-GB.

contentType String

Standard MIME type describing the format of the object data, e.g., application/octet-stream. All Valid MIME Types are valid for this input.

etag String

Triggers updates when the value changes. This attribute is not compatible with KMS encryption, kms_key_id or server_side_encryption = "aws:kms" (see source_hash instead).

forceDestroy Boolean

Whether to allow the object to be deleted by removing any legal hold on any object version. Default is false. This value should be set to true only if the bucket has S3 object lock enabled.

key String

Name of the object once it is in the bucket.

The following arguments are optional:

kmsKeyId String

metadata Map<String,String>

Map of keys/values to provision metadata (will be automatically prefixed by x-amz-meta-, note that only lowercase label are currently supported by the AWS Go API).

objectLockLegalHoldStatus String

Legal hold status that you want to apply to the specified object. Valid values are ON and OFF.

objectLockMode String

Object lock retention mode that you want to apply to this object. Valid values are GOVERNANCE and COMPLIANCE.

objectLockRetainUntilDate String

Date and time, in RFC3339 format, when this object's object lock will expire.

serverSideEncryption String

Server-side encryption of the object in S3. Valid values are "AES256" and "aws:kms".

source AssetOrArchive

Path to a file that will be read and uploaded as raw bytes for the object content.

sourceHash String

Triggers updates like etag but useful to address etag encryption limitations.

storageClass String

Storage Class for the object. Defaults to "STANDARD".

tags Map<String,String>

Map of tags to assign to the object. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll Map<String,String>

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

versionId String

Unique version ID value for the object, if bucket versioning is enabled.

websiteRedirect String

Target URL for website redirect.

If no content is provided through source, content or content_base64, then the object will be empty.

acl string

arn string

ARN of the object.

bucket string | Bucket

Name of the bucket to put the file in. Alternatively, an S3 access point ARN can be specified.

bucketKeyEnabled boolean

Whether or not to use Amazon S3 Bucket Keys for SSE-KMS.

cacheControl string

Caching behavior along the request/reply chain Read w3c cache_control for further details.

content string

Literal string value to use as the object content, which will be uploaded as UTF-8-encoded text.

contentBase64 string

contentDisposition string

Presentational information for the object. Read w3c content_disposition for further information.

contentEncoding string

contentLanguage string

Language the content is in e.g., en-US or en-GB.

contentType string

Standard MIME type describing the format of the object data, e.g., application/octet-stream. All Valid MIME Types are valid for this input.

etag string

Triggers updates when the value changes. This attribute is not compatible with KMS encryption, kms_key_id or server_side_encryption = "aws:kms" (see source_hash instead).

forceDestroy boolean

Whether to allow the object to be deleted by removing any legal hold on any object version. Default is false. This value should be set to true only if the bucket has S3 object lock enabled.

key string

Name of the object once it is in the bucket.

The following arguments are optional:

kmsKeyId string

metadata {[key: string]: string}

Map of keys/values to provision metadata (will be automatically prefixed by x-amz-meta-, note that only lowercase label are currently supported by the AWS Go API).

objectLockLegalHoldStatus string

Legal hold status that you want to apply to the specified object. Valid values are ON and OFF.

objectLockMode string

Object lock retention mode that you want to apply to this object. Valid values are GOVERNANCE and COMPLIANCE.

objectLockRetainUntilDate string

Date and time, in RFC3339 format, when this object's object lock will expire.

serverSideEncryption string

Server-side encryption of the object in S3. Valid values are "AES256" and "aws:kms".

source pulumi.asset.Asset | pulumi.asset.Archive

Path to a file that will be read and uploaded as raw bytes for the object content.

sourceHash string

Triggers updates like etag but useful to address etag encryption limitations.

storageClass string

Storage Class for the object. Defaults to "STANDARD".

tags {[key: string]: string}

Map of tags to assign to the object. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll {[key: string]: string}

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

versionId string

Unique version ID value for the object, if bucket versioning is enabled.

websiteRedirect string

Target URL for website redirect.

If no content is provided through source, content or content_base64, then the object will be empty.

acl str

arn str

ARN of the object.

bucket str | str

Name of the bucket to put the file in. Alternatively, an S3 access point ARN can be specified.

bucket_key_enabled bool

Whether or not to use Amazon S3 Bucket Keys for SSE-KMS.

cache_control str

Caching behavior along the request/reply chain Read w3c cache_control for further details.

content str

Literal string value to use as the object content, which will be uploaded as UTF-8-encoded text.

content_base64 str

content_disposition str

Presentational information for the object. Read w3c content_disposition for further information.

content_encoding str

content_language str

Language the content is in e.g., en-US or en-GB.

content_type str

Standard MIME type describing the format of the object data, e.g., application/octet-stream. All Valid MIME Types are valid for this input.

etag str

Triggers updates when the value changes. This attribute is not compatible with KMS encryption, kms_key_id or server_side_encryption = "aws:kms" (see source_hash instead).

force_destroy bool

Whether to allow the object to be deleted by removing any legal hold on any object version. Default is false. This value should be set to true only if the bucket has S3 object lock enabled.

key str

Name of the object once it is in the bucket.

The following arguments are optional:

kms_key_id str

metadata Mapping[str, str]

Map of keys/values to provision metadata (will be automatically prefixed by x-amz-meta-, note that only lowercase label are currently supported by the AWS Go API).

object_lock_legal_hold_status str

Legal hold status that you want to apply to the specified object. Valid values are ON and OFF.

object_lock_mode str

Object lock retention mode that you want to apply to this object. Valid values are GOVERNANCE and COMPLIANCE.

object_lock_retain_until_date str

Date and time, in RFC3339 format, when this object's object lock will expire.

server_side_encryption str

Server-side encryption of the object in S3. Valid values are "AES256" and "aws:kms".

source Union[pulumi.Asset, pulumi.Archive]

Path to a file that will be read and uploaded as raw bytes for the object content.

source_hash str

Triggers updates like etag but useful to address etag encryption limitations.

storage_class str

Storage Class for the object. Defaults to "STANDARD".

tags Mapping[str, str]

Map of tags to assign to the object. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tags_all Mapping[str, str]

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

version_id str

Unique version ID value for the object, if bucket versioning is enabled.

website_redirect str

Target URL for website redirect.

If no content is provided through source, content or content_base64, then the object will be empty.

acl String

arn String

ARN of the object.

bucket String |

Name of the bucket to put the file in. Alternatively, an S3 access point ARN can be specified.

bucketKeyEnabled Boolean

Whether or not to use Amazon S3 Bucket Keys for SSE-KMS.

cacheControl String

Caching behavior along the request/reply chain Read w3c cache_control for further details.

content String

Literal string value to use as the object content, which will be uploaded as UTF-8-encoded text.

contentBase64 String

contentDisposition String

Presentational information for the object. Read w3c content_disposition for further information.

contentEncoding String

contentLanguage String

Language the content is in e.g., en-US or en-GB.

contentType String

Standard MIME type describing the format of the object data, e.g., application/octet-stream. All Valid MIME Types are valid for this input.

etag String

Triggers updates when the value changes. This attribute is not compatible with KMS encryption, kms_key_id or server_side_encryption = "aws:kms" (see source_hash instead).

forceDestroy Boolean

Whether to allow the object to be deleted by removing any legal hold on any object version. Default is false. This value should be set to true only if the bucket has S3 object lock enabled.

key String

Name of the object once it is in the bucket.

The following arguments are optional:

kmsKeyId String

metadata Map<String>

Map of keys/values to provision metadata (will be automatically prefixed by x-amz-meta-, note that only lowercase label are currently supported by the AWS Go API).

objectLockLegalHoldStatus String

Legal hold status that you want to apply to the specified object. Valid values are ON and OFF.

objectLockMode String

Object lock retention mode that you want to apply to this object. Valid values are GOVERNANCE and COMPLIANCE.

objectLockRetainUntilDate String

Date and time, in RFC3339 format, when this object's object lock will expire.

serverSideEncryption String

Server-side encryption of the object in S3. Valid values are "AES256" and "aws:kms".

source Asset

Path to a file that will be read and uploaded as raw bytes for the object content.

sourceHash String

Triggers updates like etag but useful to address etag encryption limitations.

storageClass String

Storage Class for the object. Defaults to "STANDARD".

tags Map<String>

Map of tags to assign to the object. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll Map<String>

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

versionId String

Unique version ID value for the object, if bucket versioning is enabled.

websiteRedirect String

Target URL for website redirect.

If no content is provided through source, content or content_base64, then the object will be empty.

Import

Import using S3 URL syntax:

Using pulumi import to import objects using the id or S3 URL. For example:

Import using the id, which is the bucket name and the key together:

$ pulumi import aws:s3/bucketObject:BucketObject example some-bucket-name/some/key.txt

Import using S3 URL syntax:

$ pulumi import aws:s3/bucketObject:BucketObject example s3://some-bucket-name/some/key.txt

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: AWS Classic pulumi/pulumi-aws
License: Apache-2.0
Notes: This Pulumi package is based on the aws Terraform Provider.

AWS v6.71.0 published on Friday, Mar 7, 2025 by Pulumi

pulumi/pulumi-aws

aws.s3.BucketObject

On this page

On this page

Example Usage

Uploading a file to a bucket

Encrypting with KMS Key

Server Side Encryption with S3 Default Master Key

Server Side Encryption with AWS-Managed Key

S3 Object Lock

Create BucketObject Resource

Constructor syntax

Parameters

Constructor example

BucketObject Resource Properties

Inputs

Outputs

Look up Existing BucketObject Resource

Import

Package Details

On this page

On this page