This message was deleted.
# general
s
This message was deleted.
s
Fun fact, setting the plain json document on the resource worked:
Copy code
new aws.s3.BucketPolicy("pulumi-infrastructure-bucket-policy", {
        bucket: bucket.bucket,
        policy: 
            `
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Statement1",
            "Effect": "Deny",
            "Principal": "*",
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::infrastructure.pulumi.dev",
                "arn:aws:s3:::infrastructure.pulumi.dev"
            ],
            "Condition": {
                "Bool": {
                    "aws:SecureTransport": "false"
                }
            }
        }
    ]
}`,
    });
e
Importing with
pulumi import
? Did you get the type token and id the right way round (pulumi import <type> <name> <id/arn>)
s
Yes
Copied the command from the docs and replaced the parts with my values
e
Shouldn't the policy arn differ from the bucket arn?
s
I guess not, as the policy is part of the bucket permissions.
Actually the policy editor in the web console mentions the bucket arn
Uhhhhhhh, wait
pulumi import aws:s3/bucketPolicy:BucketPolicy allow_access_from_another_account my-tf-test-bucket
I guess I was kind of over eager and replaced my-tf-test-bucket with the arn
Let me check
e
I think for the import command you probably just need the name part of the arn
s
New error .. life hates me today 😆
error: no name for resource urn:pulumi:dev::bootstrap::aws:s3/bucket:bucket::pulumi-infrastructure-bucket
what puzzles me, pulumi-infrastructure-bucket isn’t the name I used for the import.
That is the name of the bucket in the state
e
That is odd, import shouldn't care about any other resource except the one your importing
What exactly does your import command look like?
s
Copy code
pulumi import aws:s3/bucketPolicy:BucketPolicy pulumi-infrastructure-bucket-policy infrastructure.pulumi.dev
The actual name of the bucket is longer, I have shortened it
e
that looks reasonable, this probably needs an issue raising at https://github.com/pulumi/pulumi-aws/issues
Might be somethings not quite lined up because bucket policies are kinda not really their own resources but just a property on the bucket itself
s
Sound reasonable