Skip to content

aws.s3-object resource

Description

Object manages a single object in a bucket: the bytes plus the metadata, encryption, storage class, ACL, and object-lock settings that PutObject records. Create and Update both PutObject; Read is a HeadObject; the bucket and key form the identity, so a change to either replaces the object while every other field updates in place by re-putting. The body comes from at most one of an inline string, a file path, or base64-encoded bytes; with none set the object is empty.

Source: internal/service/s3/object_rsrc.go:32

Example usage:

imports: {
  aws: 'github.com/cloudboss/unobin-library-aws'
}

resources: {
  example: aws.s3-object {
    # Set input fields here.
  }
}

Inputs

bucket

string

required

key

string

required

body-content

optional(string)

body-path

optional(string)

body-base64

optional(string)

acl

optional(string)

bucket-key-enabled

optional(boolean)

cache-control

optional(string)

checksum-algorithm

optional(string)

content-disposition

optional(string)

content-encoding

optional(string)

content-language

optional(string)

content-type

optional(string)

kms-key-id

optional(string)

metadata

map(string)

server-side-encryption

optional(string)

storage-class

optional(string)

website-redirect

optional(string)

object-lock-mode

optional(string)

object-lock-retain-until-date

optional(string)

object-lock-legal-hold-status

optional(string)

tags

map(string)

purge-on-destroy

optional(boolean)

PurgeOnDestroy controls how Delete removes the object. False, the default, issues a single DeleteObject, which on a versioned bucket leaves a delete marker. True purges every version and delete marker of this key. It is a delete-time setting only: it rides no put and is not reconciled.

Input Constraints

Field combinations

At most one of body-content, body-path, or body-base64.

Acl rules

acl must be a valid S3 canned ACL.

Rule logic
When
input.acl != null
Require
input.acl == 'private'
|| input.acl == 'public-read'
|| input.acl == 'public-read-write'
|| input.acl == 'authenticated-read'
|| input.acl == 'aws-exec-read'
|| input.acl == 'bucket-owner-read'
|| input.acl == 'bucket-owner-full-control'

Checksum algorithm rules

checksum-algorithm must be a valid S3 checksum algorithm.

Rule logic
When
input.checksum-algorithm != null
Require
input.checksum-algorithm == 'CRC32'
|| input.checksum-algorithm == 'CRC32C'
|| input.checksum-algorithm == 'SHA1'
|| input.checksum-algorithm == 'SHA256'
|| input.checksum-algorithm == 'CRC64NVME'
|| input.checksum-algorithm == 'SHA512'
|| input.checksum-algorithm == 'MD5'
|| input.checksum-algorithm == 'XXHASH64'
|| input.checksum-algorithm == 'XXHASH3'
|| input.checksum-algorithm == 'XXHASH128'

Server side encryption rules

server-side-encryption must be a valid S3 encryption value.

Rule logic
When
input.server-side-encryption != null
Require
input.server-side-encryption == 'AES256'
|| input.server-side-encryption == 'aws:fsx'
|| input.server-side-encryption == 'aws:kms'
|| input.server-side-encryption == 'aws:kms:dsse'

Storage class rules

storage-class must be a valid S3 storage class.

Rule logic
When
input.storage-class != null
Require
input.storage-class == 'STANDARD'
|| input.storage-class == 'REDUCED_REDUNDANCY'
|| input.storage-class == 'GLACIER'
|| input.storage-class == 'STANDARD_IA'
|| input.storage-class == 'ONEZONE_IA'
|| input.storage-class == 'INTELLIGENT_TIERING'
|| input.storage-class == 'DEEP_ARCHIVE'
|| input.storage-class == 'OUTPOSTS'
|| input.storage-class == 'GLACIER_IR'
|| input.storage-class == 'SNOW'
|| input.storage-class == 'EXPRESS_ONEZONE'
|| input.storage-class == 'FSX_OPENZFS'
|| input.storage-class == 'FSX_ONTAP'

Object lock mode rules

object-lock-mode must be GOVERNANCE or COMPLIANCE.

Rule logic
When
input.object-lock-mode != null
Require
input.object-lock-mode == 'GOVERNANCE'
|| input.object-lock-mode == 'COMPLIANCE'

Object lock legal hold status rules

object-lock-legal-hold-status must be ON or OFF.

Rule logic
When
input.object-lock-legal-hold-status != null
Require
input.object-lock-legal-hold-status == 'ON'
|| input.object-lock-legal-hold-status == 'OFF'

Outputs

arn

string

key

string

etag

string

version-id

string

content-type

string

storage-class

string

server-side-encryption

string

bucket-key-enabled

boolean

kms-key-id

string

checksum-crc32

string

checksum-crc32c

string

checksum-crc64nvme

string

checksum-sha1

string

checksum-sha256

string