bored-car-93231
01/03/2024, 8:05 PMimport pulumi
import pulumi_aws as aws
import pulumi_awsx as awsx
# Create an AWS S3 Bucket
bucket = aws.s3.Bucket('demo-bucket')
# Building the JSON policy for public-read
public_read_policy = {
'Version': '2012-10-17',
'Statement': [
{
'Effect': 'Allow',
'Principal': '*',
'Action': 's3:GetObject',
'Resource': pulumi.Output.concat('arn:aws:s3:::', bucket.id, '/*'),
}
],
}
# Attach the public read policy to the bucket
bucket_policy = aws.s3.BucketPolicy('demo-bucket-policy',
bucket=bucket.id,
policy=public_read_policy)
# Configure the bucket to use an indefinite Object Lock retention policy
# By setting 'mode' to 'COMPLIANCE' and not specifying a 'days' or 'years' argument
# Configure Object Lock on the bucket
object_lock_config = aws.s3.BucketObjectLockConfigurationV2(
"demo-bucket-lock",
bucket=bucket.id,
# Enable Object Lock
object_lock_enabled='Enabled',
rule=aws.s3.BucketObjectLockConfigurationV2RuleArgs(
default_retention=aws.s3.BucketObjectLockConfigurationRuleDefaultRetentionArgs(
# Compliance mode to prevent object version deletions
mode="COMPLIANCE",
)
)
)
miniature-musician-31262
01/03/2024, 8:16 PMminiature-musician-31262
01/03/2024, 8:17 PMdemo-bucket
in your code.)miniature-musician-31262
01/03/2024, 8:17 PMbored-car-93231
01/03/2024, 8:27 PMbored-car-93231
01/03/2024, 8:27 PMminiature-musician-31262
01/03/2024, 8:31 PMminiature-musician-31262
01/03/2024, 8:33 PMminiature-musician-31262
01/03/2024, 8:33 PMretain_on_delete
optionbored-car-93231
01/03/2024, 11:07 PMretain_on_delete
miniature-musician-31262
01/03/2024, 11:11 PM