aws.s3-object resource¶
Description¶
Object manages a single object in a bucket: the bytes plus the metadata, encryption, storage class, ACL, and object-lock settings that PutObject records. Create and Update both PutObject; Read is a HeadObject; the bucket and key form the identity, so a change to either replaces the object while every other field updates in place by re-putting. The body comes from at most one of an inline string, a file path, or base64-encoded bytes; with none set the object is empty.
Source: internal/service/s3/object_rsrc.go:32
Example usage:
imports: {
aws: 'github.com/cloudboss/unobin-library-aws'
}
resources: {
example: aws.s3-object {
# Set input fields here.
}
}
Inputs¶
bucket
string
key
string
body-content
optional(string)
body-path
optional(string)
body-base64
optional(string)
acl
optional(string)
bucket-key-enabled
optional(boolean)
cache-control
optional(string)
checksum-algorithm
optional(string)
content-disposition
optional(string)
content-encoding
optional(string)
content-language
optional(string)
content-type
optional(string)
kms-key-id
optional(string)
metadata
map(string)
server-side-encryption
optional(string)
storage-class
optional(string)
website-redirect
optional(string)
object-lock-mode
optional(string)
object-lock-retain-until-date
optional(string)
object-lock-legal-hold-status
optional(string)
tags
map(string)
purge-on-destroy
optional(boolean)
PurgeOnDestroy controls how Delete removes the object. False, the default, issues a single DeleteObject, which on a versioned bucket leaves a delete marker. True purges every version and delete marker of this key. It is a delete-time setting only: it rides no put and is not reconciled.
Input Constraints¶
Field combinations
At most one of body-content, body-path, or body-base64.
Acl rules
acl must be a valid S3 canned ACL.
Rule logic
- When
input.acl != null- Require
input.acl == 'private'
|| input.acl == 'public-read'
|| input.acl == 'public-read-write'
|| input.acl == 'authenticated-read'
|| input.acl == 'aws-exec-read'
|| input.acl == 'bucket-owner-read'
|| input.acl == 'bucket-owner-full-control'
Checksum algorithm rules
checksum-algorithm must be a valid S3 checksum algorithm.
Rule logic
- When
input.checksum-algorithm != null- Require
input.checksum-algorithm == 'CRC32'
|| input.checksum-algorithm == 'CRC32C'
|| input.checksum-algorithm == 'SHA1'
|| input.checksum-algorithm == 'SHA256'
|| input.checksum-algorithm == 'CRC64NVME'
|| input.checksum-algorithm == 'SHA512'
|| input.checksum-algorithm == 'MD5'
|| input.checksum-algorithm == 'XXHASH64'
|| input.checksum-algorithm == 'XXHASH3'
|| input.checksum-algorithm == 'XXHASH128'
Server side encryption rules
server-side-encryption must be a valid S3 encryption value.
Rule logic
- When
input.server-side-encryption != null- Require
input.server-side-encryption == 'AES256'
|| input.server-side-encryption == 'aws:fsx'
|| input.server-side-encryption == 'aws:kms'
|| input.server-side-encryption == 'aws:kms:dsse'
Storage class rules
storage-class must be a valid S3 storage class.
Rule logic
- When
input.storage-class != null- Require
input.storage-class == 'STANDARD'
|| input.storage-class == 'REDUCED_REDUNDANCY'
|| input.storage-class == 'GLACIER'
|| input.storage-class == 'STANDARD_IA'
|| input.storage-class == 'ONEZONE_IA'
|| input.storage-class == 'INTELLIGENT_TIERING'
|| input.storage-class == 'DEEP_ARCHIVE'
|| input.storage-class == 'OUTPOSTS'
|| input.storage-class == 'GLACIER_IR'
|| input.storage-class == 'SNOW'
|| input.storage-class == 'EXPRESS_ONEZONE'
|| input.storage-class == 'FSX_OPENZFS'
|| input.storage-class == 'FSX_ONTAP'
Object lock mode rules
object-lock-mode must be GOVERNANCE or COMPLIANCE.
Rule logic
- When
input.object-lock-mode != null- Require
input.object-lock-mode == 'GOVERNANCE'
|| input.object-lock-mode == 'COMPLIANCE'
Object lock legal hold status rules
object-lock-legal-hold-status must be ON or OFF.
Rule logic
- When
input.object-lock-legal-hold-status != null- Require
input.object-lock-legal-hold-status == 'ON'
|| input.object-lock-legal-hold-status == 'OFF'
Outputs¶
arn
string
key
string
etag
string
version-id
string
content-type
string
storage-class
string
server-side-encryption
string
bucket-key-enabled
boolean
kms-key-id
string
checksum-crc32
string
checksum-crc32c
string
checksum-crc64nvme
string
checksum-sha1
string
checksum-sha256
string