bored-car-93231
01/05/2024, 6:57 PMimport pulumi_aws as aws
import pulumi_awsx as awsx
from pulumi import ResourceOptions, Output
import pulumi
# Create an AWS S3 Bucket
bucket = aws.s3.Bucket('demo-bucket',
versioning=aws.s3.BucketVersioningArgs(
enabled=True
),
opts=ResourceOptions(retain_on_delete=True)
)
# Building the JSON policy for public-read
public_read_policy = {
'Version': '2012-10-17',
'Statement': [
{
'Effect': 'Allow',
'Principal': '*',
'Action': 's3:GetObject',
'Resource': Output.concat('arn:aws:s3:::', bucket.id, '/*'),
}
],
}
bucket_policy = aws.s3.BucketPolicy('demo-bucket-policy', bucket=bucket.id, policy=public_read_policy)
# Configure the bucket to use an indefinite Object Lock retention policy
# By setting 'mode' to 'COMPLIANCE' and not specifying a 'days' or 'years' argument
# Configure Object Lock on the bucket
object_lock_config = aws.s3.BucketObjectLockConfigurationV2(
"demo-bucket-lock",
bucket=bucket.id,
# Enable Object Lock
object_lock_enabled='Enabled',
rule=aws.s3.BucketObjectLockConfigurationV2RuleArgs(
default_retention=aws.s3.BucketObjectLockConfigurationRuleDefaultRetentionArgs(
# Compliance mode to prevent object version deletions
mode="COMPLIANCE",
)
)
)
clever-sunset-76585
01/08/2024, 4:41 AMbucket.id
has? It's possible that the object lock configuration takes in the bucket name as the value for bucket
and if bucket.id
isn't the bucket name then that might explain the 400 BadRequest from AWS.bored-car-93231
01/09/2024, 4:34 PM