github.com/pulumi/pulumi-aws/sdk/v6@v6.32.0/go/aws/cloudfront/originAccessIdentity.go (about) 1 // Code generated by the Pulumi Terraform Bridge (tfgen) Tool DO NOT EDIT. 2 // *** WARNING: Do not edit by hand unless you're certain you know what you are doing! *** 3 4 package cloudfront 5 6 import ( 7 "context" 8 "reflect" 9 10 "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/internal" 11 "github.com/pulumi/pulumi/sdk/v3/go/pulumi" 12 ) 13 14 // Creates an Amazon CloudFront origin access identity. 15 // 16 // For information about CloudFront distributions, see the 17 // [Amazon CloudFront Developer Guide](http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Introduction.html). For more information on generating 18 // origin access identities, see 19 // [Using an Origin Access Identity to Restrict Access to Your Amazon S3 Content][2]. 20 // 21 // ## Example Usage 22 // 23 // The following example below creates a CloudFront origin access identity. 24 // 25 // <!--Start PulumiCodeChooser --> 26 // ```go 27 // package main 28 // 29 // import ( 30 // 31 // "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudfront" 32 // "github.com/pulumi/pulumi/sdk/v3/go/pulumi" 33 // 34 // ) 35 // 36 // func main() { 37 // pulumi.Run(func(ctx *pulumi.Context) error { 38 // _, err := cloudfront.NewOriginAccessIdentity(ctx, "example", &cloudfront.OriginAccessIdentityArgs{ 39 // Comment: pulumi.String("Some comment"), 40 // }) 41 // if err != nil { 42 // return err 43 // } 44 // return nil 45 // }) 46 // } 47 // 48 // ``` 49 // <!--End PulumiCodeChooser --> 50 // 51 // ## Using With CloudFront 52 // 53 // Normally, when referencing an origin access identity in CloudFront, you need to 54 // prefix the ID with the `origin-access-identity/cloudfront/` special path. 55 // The `cloudfrontAccessIdentityPath` allows this to be circumvented. 56 // The below snippet demonstrates use with the `s3OriginConfig` structure for the 57 // `cloudfront.Distribution` resource: 58 // 59 // <!--Start PulumiCodeChooser --> 60 // ```go 61 // package main 62 // 63 // import ( 64 // 65 // "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudfront" 66 // "github.com/pulumi/pulumi/sdk/v3/go/pulumi" 67 // 68 // ) 69 // 70 // func main() { 71 // pulumi.Run(func(ctx *pulumi.Context) error { 72 // _, err := cloudfront.NewDistribution(ctx, "example", &cloudfront.DistributionArgs{ 73 // Origins: cloudfront.DistributionOriginArray{ 74 // &cloudfront.DistributionOriginArgs{ 75 // S3OriginConfig: &cloudfront.DistributionOriginS3OriginConfigArgs{ 76 // OriginAccessIdentity: pulumi.Any(exampleAwsCloudfrontOriginAccessIdentity.CloudfrontAccessIdentityPath), 77 // }, 78 // }, 79 // }, 80 // }) 81 // if err != nil { 82 // return err 83 // } 84 // return nil 85 // }) 86 // } 87 // 88 // ``` 89 // <!--End PulumiCodeChooser --> 90 // 91 // ### Updating your bucket policy 92 // 93 // Note that the AWS API may translate the `s3CanonicalUserId` `CanonicalUser` 94 // principal into an `AWS` IAM ARN principal when supplied in an 95 // `s3.BucketV2` bucket policy, causing spurious diffs. If 96 // you see this behaviour, use the `iamArn` instead: 97 // 98 // <!--Start PulumiCodeChooser --> 99 // ```go 100 // package main 101 // 102 // import ( 103 // 104 // "fmt" 105 // 106 // "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" 107 // "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3" 108 // "github.com/pulumi/pulumi/sdk/v3/go/pulumi" 109 // 110 // ) 111 // func main() { 112 // pulumi.Run(func(ctx *pulumi.Context) error { 113 // s3Policy, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{ 114 // Statements: []iam.GetPolicyDocumentStatement{ 115 // { 116 // Actions: []string{ 117 // "s3:GetObject", 118 // }, 119 // Resources: []string{ 120 // fmt.Sprintf("%v/*", exampleAwsS3Bucket.Arn), 121 // }, 122 // Principals: []iam.GetPolicyDocumentStatementPrincipal{ 123 // { 124 // Type: "AWS", 125 // Identifiers: interface{}{ 126 // exampleAwsCloudfrontOriginAccessIdentity.IamArn, 127 // }, 128 // }, 129 // }, 130 // }, 131 // }, 132 // }, nil); 133 // if err != nil { 134 // return err 135 // } 136 // _, err = s3.NewBucketPolicy(ctx, "example", &s3.BucketPolicyArgs{ 137 // Bucket: pulumi.Any(exampleAwsS3Bucket.Id), 138 // Policy: pulumi.String(s3Policy.Json), 139 // }) 140 // if err != nil { 141 // return err 142 // } 143 // return nil 144 // }) 145 // } 146 // ``` 147 // <!--End PulumiCodeChooser --> 148 // 149 // ## Import 150 // 151 // Using `pulumi import`, import Cloudfront Origin Access Identities using the `id`. For example: 152 // 153 // ```sh 154 // $ pulumi import aws:cloudfront/originAccessIdentity:OriginAccessIdentity origin_access E74FTE3AEXAMPLE 155 // ``` 156 // 157 // [2]: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html 158 // 159 // [1]: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Introduction.html 160 type OriginAccessIdentity struct { 161 pulumi.CustomResourceState 162 163 // Internal value used by CloudFront to allow future 164 // updates to the origin access identity. 165 CallerReference pulumi.StringOutput `pulumi:"callerReference"` 166 // A shortcut to the full path for the 167 // origin access identity to use in CloudFront, see below. 168 CloudfrontAccessIdentityPath pulumi.StringOutput `pulumi:"cloudfrontAccessIdentityPath"` 169 // An optional comment for the origin access identity. 170 Comment pulumi.StringPtrOutput `pulumi:"comment"` 171 // The current version of the origin access identity's information. 172 // For example: `E2QWRUHAPOMQZL`. 173 Etag pulumi.StringOutput `pulumi:"etag"` 174 // A pre-generated ARN for use in S3 bucket policies (see below). 175 // Example: `arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity 176 // E2QWRUHAPOMQZL`. 177 IamArn pulumi.StringOutput `pulumi:"iamArn"` 178 // The Amazon S3 canonical user ID for the origin 179 // access identity, which you use when giving the origin access identity read 180 // permission to an object in Amazon S3. 181 S3CanonicalUserId pulumi.StringOutput `pulumi:"s3CanonicalUserId"` 182 } 183 184 // NewOriginAccessIdentity registers a new resource with the given unique name, arguments, and options. 185 func NewOriginAccessIdentity(ctx *pulumi.Context, 186 name string, args *OriginAccessIdentityArgs, opts ...pulumi.ResourceOption) (*OriginAccessIdentity, error) { 187 if args == nil { 188 args = &OriginAccessIdentityArgs{} 189 } 190 191 opts = internal.PkgResourceDefaultOpts(opts) 192 var resource OriginAccessIdentity 193 err := ctx.RegisterResource("aws:cloudfront/originAccessIdentity:OriginAccessIdentity", name, args, &resource, opts...) 194 if err != nil { 195 return nil, err 196 } 197 return &resource, nil 198 } 199 200 // GetOriginAccessIdentity gets an existing OriginAccessIdentity resource's state with the given name, ID, and optional 201 // state properties that are used to uniquely qualify the lookup (nil if not required). 202 func GetOriginAccessIdentity(ctx *pulumi.Context, 203 name string, id pulumi.IDInput, state *OriginAccessIdentityState, opts ...pulumi.ResourceOption) (*OriginAccessIdentity, error) { 204 var resource OriginAccessIdentity 205 err := ctx.ReadResource("aws:cloudfront/originAccessIdentity:OriginAccessIdentity", name, id, state, &resource, opts...) 206 if err != nil { 207 return nil, err 208 } 209 return &resource, nil 210 } 211 212 // Input properties used for looking up and filtering OriginAccessIdentity resources. 213 type originAccessIdentityState struct { 214 // Internal value used by CloudFront to allow future 215 // updates to the origin access identity. 216 CallerReference *string `pulumi:"callerReference"` 217 // A shortcut to the full path for the 218 // origin access identity to use in CloudFront, see below. 219 CloudfrontAccessIdentityPath *string `pulumi:"cloudfrontAccessIdentityPath"` 220 // An optional comment for the origin access identity. 221 Comment *string `pulumi:"comment"` 222 // The current version of the origin access identity's information. 223 // For example: `E2QWRUHAPOMQZL`. 224 Etag *string `pulumi:"etag"` 225 // A pre-generated ARN for use in S3 bucket policies (see below). 226 // Example: `arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity 227 // E2QWRUHAPOMQZL`. 228 IamArn *string `pulumi:"iamArn"` 229 // The Amazon S3 canonical user ID for the origin 230 // access identity, which you use when giving the origin access identity read 231 // permission to an object in Amazon S3. 232 S3CanonicalUserId *string `pulumi:"s3CanonicalUserId"` 233 } 234 235 type OriginAccessIdentityState struct { 236 // Internal value used by CloudFront to allow future 237 // updates to the origin access identity. 238 CallerReference pulumi.StringPtrInput 239 // A shortcut to the full path for the 240 // origin access identity to use in CloudFront, see below. 241 CloudfrontAccessIdentityPath pulumi.StringPtrInput 242 // An optional comment for the origin access identity. 243 Comment pulumi.StringPtrInput 244 // The current version of the origin access identity's information. 245 // For example: `E2QWRUHAPOMQZL`. 246 Etag pulumi.StringPtrInput 247 // A pre-generated ARN for use in S3 bucket policies (see below). 248 // Example: `arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity 249 // E2QWRUHAPOMQZL`. 250 IamArn pulumi.StringPtrInput 251 // The Amazon S3 canonical user ID for the origin 252 // access identity, which you use when giving the origin access identity read 253 // permission to an object in Amazon S3. 254 S3CanonicalUserId pulumi.StringPtrInput 255 } 256 257 func (OriginAccessIdentityState) ElementType() reflect.Type { 258 return reflect.TypeOf((*originAccessIdentityState)(nil)).Elem() 259 } 260 261 type originAccessIdentityArgs struct { 262 // An optional comment for the origin access identity. 263 Comment *string `pulumi:"comment"` 264 } 265 266 // The set of arguments for constructing a OriginAccessIdentity resource. 267 type OriginAccessIdentityArgs struct { 268 // An optional comment for the origin access identity. 269 Comment pulumi.StringPtrInput 270 } 271 272 func (OriginAccessIdentityArgs) ElementType() reflect.Type { 273 return reflect.TypeOf((*originAccessIdentityArgs)(nil)).Elem() 274 } 275 276 type OriginAccessIdentityInput interface { 277 pulumi.Input 278 279 ToOriginAccessIdentityOutput() OriginAccessIdentityOutput 280 ToOriginAccessIdentityOutputWithContext(ctx context.Context) OriginAccessIdentityOutput 281 } 282 283 func (*OriginAccessIdentity) ElementType() reflect.Type { 284 return reflect.TypeOf((**OriginAccessIdentity)(nil)).Elem() 285 } 286 287 func (i *OriginAccessIdentity) ToOriginAccessIdentityOutput() OriginAccessIdentityOutput { 288 return i.ToOriginAccessIdentityOutputWithContext(context.Background()) 289 } 290 291 func (i *OriginAccessIdentity) ToOriginAccessIdentityOutputWithContext(ctx context.Context) OriginAccessIdentityOutput { 292 return pulumi.ToOutputWithContext(ctx, i).(OriginAccessIdentityOutput) 293 } 294 295 // OriginAccessIdentityArrayInput is an input type that accepts OriginAccessIdentityArray and OriginAccessIdentityArrayOutput values. 296 // You can construct a concrete instance of `OriginAccessIdentityArrayInput` via: 297 // 298 // OriginAccessIdentityArray{ OriginAccessIdentityArgs{...} } 299 type OriginAccessIdentityArrayInput interface { 300 pulumi.Input 301 302 ToOriginAccessIdentityArrayOutput() OriginAccessIdentityArrayOutput 303 ToOriginAccessIdentityArrayOutputWithContext(context.Context) OriginAccessIdentityArrayOutput 304 } 305 306 type OriginAccessIdentityArray []OriginAccessIdentityInput 307 308 func (OriginAccessIdentityArray) ElementType() reflect.Type { 309 return reflect.TypeOf((*[]*OriginAccessIdentity)(nil)).Elem() 310 } 311 312 func (i OriginAccessIdentityArray) ToOriginAccessIdentityArrayOutput() OriginAccessIdentityArrayOutput { 313 return i.ToOriginAccessIdentityArrayOutputWithContext(context.Background()) 314 } 315 316 func (i OriginAccessIdentityArray) ToOriginAccessIdentityArrayOutputWithContext(ctx context.Context) OriginAccessIdentityArrayOutput { 317 return pulumi.ToOutputWithContext(ctx, i).(OriginAccessIdentityArrayOutput) 318 } 319 320 // OriginAccessIdentityMapInput is an input type that accepts OriginAccessIdentityMap and OriginAccessIdentityMapOutput values. 321 // You can construct a concrete instance of `OriginAccessIdentityMapInput` via: 322 // 323 // OriginAccessIdentityMap{ "key": OriginAccessIdentityArgs{...} } 324 type OriginAccessIdentityMapInput interface { 325 pulumi.Input 326 327 ToOriginAccessIdentityMapOutput() OriginAccessIdentityMapOutput 328 ToOriginAccessIdentityMapOutputWithContext(context.Context) OriginAccessIdentityMapOutput 329 } 330 331 type OriginAccessIdentityMap map[string]OriginAccessIdentityInput 332 333 func (OriginAccessIdentityMap) ElementType() reflect.Type { 334 return reflect.TypeOf((*map[string]*OriginAccessIdentity)(nil)).Elem() 335 } 336 337 func (i OriginAccessIdentityMap) ToOriginAccessIdentityMapOutput() OriginAccessIdentityMapOutput { 338 return i.ToOriginAccessIdentityMapOutputWithContext(context.Background()) 339 } 340 341 func (i OriginAccessIdentityMap) ToOriginAccessIdentityMapOutputWithContext(ctx context.Context) OriginAccessIdentityMapOutput { 342 return pulumi.ToOutputWithContext(ctx, i).(OriginAccessIdentityMapOutput) 343 } 344 345 type OriginAccessIdentityOutput struct{ *pulumi.OutputState } 346 347 func (OriginAccessIdentityOutput) ElementType() reflect.Type { 348 return reflect.TypeOf((**OriginAccessIdentity)(nil)).Elem() 349 } 350 351 func (o OriginAccessIdentityOutput) ToOriginAccessIdentityOutput() OriginAccessIdentityOutput { 352 return o 353 } 354 355 func (o OriginAccessIdentityOutput) ToOriginAccessIdentityOutputWithContext(ctx context.Context) OriginAccessIdentityOutput { 356 return o 357 } 358 359 // Internal value used by CloudFront to allow future 360 // updates to the origin access identity. 361 func (o OriginAccessIdentityOutput) CallerReference() pulumi.StringOutput { 362 return o.ApplyT(func(v *OriginAccessIdentity) pulumi.StringOutput { return v.CallerReference }).(pulumi.StringOutput) 363 } 364 365 // A shortcut to the full path for the 366 // origin access identity to use in CloudFront, see below. 367 func (o OriginAccessIdentityOutput) CloudfrontAccessIdentityPath() pulumi.StringOutput { 368 return o.ApplyT(func(v *OriginAccessIdentity) pulumi.StringOutput { return v.CloudfrontAccessIdentityPath }).(pulumi.StringOutput) 369 } 370 371 // An optional comment for the origin access identity. 372 func (o OriginAccessIdentityOutput) Comment() pulumi.StringPtrOutput { 373 return o.ApplyT(func(v *OriginAccessIdentity) pulumi.StringPtrOutput { return v.Comment }).(pulumi.StringPtrOutput) 374 } 375 376 // The current version of the origin access identity's information. 377 // For example: `E2QWRUHAPOMQZL`. 378 func (o OriginAccessIdentityOutput) Etag() pulumi.StringOutput { 379 return o.ApplyT(func(v *OriginAccessIdentity) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) 380 } 381 382 // A pre-generated ARN for use in S3 bucket policies (see below). 383 // Example: `arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity 384 // E2QWRUHAPOMQZL`. 385 func (o OriginAccessIdentityOutput) IamArn() pulumi.StringOutput { 386 return o.ApplyT(func(v *OriginAccessIdentity) pulumi.StringOutput { return v.IamArn }).(pulumi.StringOutput) 387 } 388 389 // The Amazon S3 canonical user ID for the origin 390 // access identity, which you use when giving the origin access identity read 391 // permission to an object in Amazon S3. 392 func (o OriginAccessIdentityOutput) S3CanonicalUserId() pulumi.StringOutput { 393 return o.ApplyT(func(v *OriginAccessIdentity) pulumi.StringOutput { return v.S3CanonicalUserId }).(pulumi.StringOutput) 394 } 395 396 type OriginAccessIdentityArrayOutput struct{ *pulumi.OutputState } 397 398 func (OriginAccessIdentityArrayOutput) ElementType() reflect.Type { 399 return reflect.TypeOf((*[]*OriginAccessIdentity)(nil)).Elem() 400 } 401 402 func (o OriginAccessIdentityArrayOutput) ToOriginAccessIdentityArrayOutput() OriginAccessIdentityArrayOutput { 403 return o 404 } 405 406 func (o OriginAccessIdentityArrayOutput) ToOriginAccessIdentityArrayOutputWithContext(ctx context.Context) OriginAccessIdentityArrayOutput { 407 return o 408 } 409 410 func (o OriginAccessIdentityArrayOutput) Index(i pulumi.IntInput) OriginAccessIdentityOutput { 411 return pulumi.All(o, i).ApplyT(func(vs []interface{}) *OriginAccessIdentity { 412 return vs[0].([]*OriginAccessIdentity)[vs[1].(int)] 413 }).(OriginAccessIdentityOutput) 414 } 415 416 type OriginAccessIdentityMapOutput struct{ *pulumi.OutputState } 417 418 func (OriginAccessIdentityMapOutput) ElementType() reflect.Type { 419 return reflect.TypeOf((*map[string]*OriginAccessIdentity)(nil)).Elem() 420 } 421 422 func (o OriginAccessIdentityMapOutput) ToOriginAccessIdentityMapOutput() OriginAccessIdentityMapOutput { 423 return o 424 } 425 426 func (o OriginAccessIdentityMapOutput) ToOriginAccessIdentityMapOutputWithContext(ctx context.Context) OriginAccessIdentityMapOutput { 427 return o 428 } 429 430 func (o OriginAccessIdentityMapOutput) MapIndex(k pulumi.StringInput) OriginAccessIdentityOutput { 431 return pulumi.All(o, k).ApplyT(func(vs []interface{}) *OriginAccessIdentity { 432 return vs[0].(map[string]*OriginAccessIdentity)[vs[1].(string)] 433 }).(OriginAccessIdentityOutput) 434 } 435 436 func init() { 437 pulumi.RegisterInputType(reflect.TypeOf((*OriginAccessIdentityInput)(nil)).Elem(), &OriginAccessIdentity{}) 438 pulumi.RegisterInputType(reflect.TypeOf((*OriginAccessIdentityArrayInput)(nil)).Elem(), OriginAccessIdentityArray{}) 439 pulumi.RegisterInputType(reflect.TypeOf((*OriginAccessIdentityMapInput)(nil)).Elem(), OriginAccessIdentityMap{}) 440 pulumi.RegisterOutputType(OriginAccessIdentityOutput{}) 441 pulumi.RegisterOutputType(OriginAccessIdentityArrayOutput{}) 442 pulumi.RegisterOutputType(OriginAccessIdentityMapOutput{}) 443 }