https://pulumi.com logo
Join Slack
Powered by
How can you block public access with the S3 native...
# aws
m
How can you block public access with the S3 native, this is for classic but doesn't work
Copy code
const bucket = new aws_native.s3.Bucket("<http://dev-assets.mydomain.com|dev-assets.mydomain.com>", {
	bucketName: "<http://dev-assets.mydomain.com|dev-assets.mydomain.com>",
	blockPublicAcls: true
});
r
m
Copy code
new aws.s3.BucketPublicAccessBlock(
  `${appName}-block-public-access`,
  {
    bucket: myBucket.id,
    blockPublicAcls: true,
    blockPublicPolicy: true,
    ignorePublicAcls: true,
    restrictPublicBuckets: true,
  },
  {
    parent: myBucket,
  },
);
m
yeah, seems like I can do it when defining the bucket as well
Copy code
const bucket = new aws_native.s3.Bucket("<http://dev-assets.mydomain.com|dev-assets.mydomain.com>", {
	bucketName: "<http://dev-assets.mydomain.com|dev-assets.mydomain.com>",
	publicAccessBlockConfiguration: { blockPublicAcls: true}
});
Is there an advantage to defining it separately?
Also, it appears on 
pulumi preview
that it's going to replace the bucket. Is there a way to avoid that?
hmm...actually when I try that code I get
Copy code
Property 'BucketPublicAccessBlock' does not exist on type 'typeof import("/Users/phil/.../developer.mydomain.com/devops/pulumi/node_modules/@pulumi/aws-native/s3/index")'.
And I don't see that in he API doc as a Resource https://www.pulumi.com/registry/packages/aws-native/api-docs/s3/
yeah, I run 
pulumi up
and it tries to delete the bucket and fails.
m
m
Regarding the issue where Pulumi (with 
aws-native
) is trying to replace the bucket, that's a bug, https://github.com/pulumi/pulumi-aws-native/issues/204
Open in Slack
PreviousNext
Powered by