github.com/crossplane/upjet@v1.3.0/pkg/registry/testdata/aws/r/s3_bucket_acl.html.markdown (about) 1 <!-- 2 SPDX-FileCopyrightText: 2023 The Crossplane Authors <https://crossplane.io> 3 4 SPDX-License-Identifier: Apache-2.0 5 --> 6 7 --- 8 9 subcategory: "S3 (Simple Storage)" 10 layout: "aws" 11 page_title: "AWS: aws_s3_bucket_acl" 12 description: |- 13 Provides an S3 bucket ACL resource. 14 --- 15 16 # Resource: aws_s3_bucket_acl 17 18 Provides an S3 bucket ACL resource. 19 20 ~> **Note:** `terraform destroy` does not delete the S3 Bucket ACL but does remove the resource from Terraform state. 21 22 ## Example Usage 23 24 ### With ACL 25 26 ```terraform 27 resource "aws_s3_bucket" "example" { 28 bucket = "my-tf-example-bucket" 29 } 30 31 resource "aws_s3_bucket_acl" "example_bucket_acl" { 32 bucket = aws_s3_bucket.example.id 33 acl = "private" 34 } 35 ``` 36 37 ### With Grants 38 39 ```terraform 40 data "aws_canonical_user_id" "current" {} 41 42 resource "aws_s3_bucket" "example" { 43 bucket = "my-tf-example-bucket" 44 } 45 46 resource "aws_s3_bucket_acl" "example" { 47 bucket = aws_s3_bucket.example.id 48 access_control_policy { 49 grant { 50 grantee { 51 id = data.aws_canonical_user_id.current.id 52 type = "CanonicalUser" 53 } 54 permission = "READ" 55 } 56 57 grant { 58 grantee { 59 type = "Group" 60 uri = "http://acs.amazonaws.com/groups/s3/LogDelivery" 61 } 62 permission = "READ_ACP" 63 } 64 65 owner { 66 id = data.aws_canonical_user_id.current.id 67 } 68 } 69 } 70 ``` 71 72 ## Argument Reference 73 74 The following arguments are supported: 75 76 * `acl` - (Optional, Conflicts with `access_control_policy`) The canned ACL to apply to the bucket. 77 * `access_control_policy` - (Optional, Conflicts with `acl`) A configuration block that sets the ACL permissions for an object per grantee [documented below](#access_control_policy). 78 * `bucket` - (Required, Forces new resource) The name of the bucket. 79 * `expected_bucket_owner` - (Optional, Forces new resource) The account ID of the expected bucket owner. 80 81 ### access_control_policy 82 83 The `access_control_policy` configuration block supports the following arguments: 84 85 * `grant` - (Required) Set of `grant` configuration blocks [documented below](#grant). 86 * `owner` - (Required) Configuration block of the bucket owner's display name and ID [documented below](#owner). 87 88 ### grant 89 90 The `grant` configuration block supports the following arguments: 91 92 * `grantee` - (Required) Configuration block for the person being granted permissions [documented below](#grantee). 93 * `permission` - (Required) Logging permissions assigned to the grantee for the bucket. 94 95 ### owner 96 97 The `owner` configuration block supports the following arguments: 98 99 * `id` - (Required) The ID of the owner. 100 * `display_name` - (Optional) The display name of the owner. 101 102 ### grantee 103 104 The `grantee` configuration block supports the following arguments: 105 106 * `email_address` - (Optional) Email address of the grantee. See [Regions and Endpoints](https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) for supported AWS regions where this argument can be specified. 107 * `id` - (Optional) The canonical user ID of the grantee. 108 * `type` - (Required) Type of grantee. Valid values: `CanonicalUser`, `AmazonCustomerByEmail`, `Group`. 109 * `uri` - (Optional) URI of the grantee group. 110 111 ## Attributes Reference 112 113 In addition to all arguments above, the following attributes are exported: 114 115 * `id` - The `bucket`, `expected_bucket_owner` (if configured), and `acl` (if configured) separated by commas (`,`). 116 117 ## Import 118 119 S3 bucket ACL can be imported in one of four ways. 120 121 If the owner (account ID) of the source bucket is the _same_ account used to configure the Terraform AWS Provider, and the source bucket is **not configured** with a 122 [canned ACL][1] (i.e. predefined grant), the S3 bucket ACL resource should be imported using the `bucket` e.g., 123 124 ``` 125 terraform import aws_s3_bucket_acl.example bucket-name 126 ``` 127 128 If the owner (account ID) of the source bucket is the _same_ account used to configure the Terraform AWS Provider, and the source bucket is **configured** with a 129 [canned ACL][1] (i.e. predefined grant), the S3 bucket ACL resource should be imported using the `bucket` and `acl` separated by a comma (`,`), e.g. 130 131 ``` 132 terraform import aws_s3_bucket_acl.example bucket-name,private 133 ``` 134 135 If the owner (account ID) of the source bucket _differs_ from the account used to configure the Terraform AWS Provider, and the source bucket is **not configured** with a 136 [canned ACL][1] (i.e. predefined grant), the S3 bucket ACL resource should be imported using the `bucket` and `expected_bucket_owner` separated by a comma (`,`) e.g., 137 138 ``` 139 terraform import aws_s3_bucket_acl.example bucket-name,123456789012 140 ``` 141 142 If the owner (account ID) of the source bucket _differs_ from the account used to configure the Terraform AWS Provider, and the source bucket is **configured** with a 143 [canned ACL][1] (i.e. predefined grant), the S3 bucket ACL resource should be imported using the `bucket`, `expected_bucket_owner`, and `acl` separated by commas (`,`), e.g., 144 145 ``` 146 terraform import aws_s3_bucket_acl.example bucket-name,123456789012,private 147 ``` 148 149 [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#canned-acl