An Bucket is a managed resource that represents an AWS S3 Bucket.
Type
CRD
Group
s3.aws.crossplane.io
Version
v1beta1
apiVersion: s3.aws.crossplane.io/v1beta1
kind: Bucket
BucketSpec represents the desired state of the Bucket.
BucketParameters are parameters for configuring the calls made to AWS Bucket API.
AccelerateConfiguration configures the transfer acceleration state for an Amazon S3 bucket. For more information, see Amazon S3 Transfer Acceleration (https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html) in the Amazon Simple Storage Service Developer Guide.
Describes the cross-origin access configuration for objects in an Amazon S3 bucket. For more information, see Enabling Cross-Origin Resource Sharing (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html) in the Amazon Simple Storage Service Developer Guide.
A set of origins and methods (cross-origin access that you want to allow). You can add up to 100 rules to the configuration.
Headers that are specified in the Access-Control-Request-Headers header. These headers are allowed in a preflight OPTIONS request. In response to any preflight OPTIONS request, Amazon S3 returns any requested headers that are allowed.
An HTTP method that you allow the origin to execute. Valid values are GET, PUT, HEAD, POST, and DELETE.
One or more origins you want customers to be able to access the bucket from.
One or more headers in the response that you want customers to be able to access from their applications (for example, from a JavaScript XMLHttpRequest object).
Creates a new lifecycle configuration for the bucket or replaces an existing lifecycle configuration. For information about lifecycle configuration, see Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html).
A lifecycle rule for individual objects in an Amazon S3 bucket.
Rules is a required field
Specifies the days since the initiation of an incomplete multipart upload that Amazon S3 will wait before permanently removing all parts of the upload. For more information, see Aborting Incomplete Multipart Uploads Using a Bucket Lifecycle Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config) in the Amazon Simple Storage Service Developer Guide.
Specifies the expiration for the lifecycle of the object in the form of date, days and, whether the object has a delete marker.
The Filter is used to identify objects that a Lifecycle Rule applies to. A Filter must have exactly one of Prefix, Tag, or And specified.
Specifies when noncurrent object versions expire. Upon expiration, Amazon S3 permanently deletes the noncurrent object versions. You set this lifecycle configuration action on a bucket that has versioning enabled (or suspended) to request that Amazon S3 delete noncurrent object versions at a specific period in the object's lifetime.
Specifies the transition rule for the lifecycle rule that describes when noncurrent objects transition to a specific storage class. If your bucket is versioning-enabled (or versioning is suspended), you can set this action to request that Amazon S3 transition noncurrent object versions to a specific storage class at a set period in the object's lifetime.
Specifies when an Amazon S3 object transitions to a specified storage class.
Specifies logging parameters for an Amazon S3 bucket. Set the logging parameters for a bucket and to specify permissions for who can view and modify the logging parameters. See the AWS API reference guide for Amazon Simple Storage Service's API operation PutBucketLogging for usage and error information. See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketLogging
TargetBucketRef references an S3Bucket to retrieve its name
Policies for referencing.
TargetBucketSelector selects a reference to an S3Bucket to retrieve its name
Policies for selection.
Container for granting information.
Container for the person being granted permissions.
Enables notifications of specified events for a bucket. For more information about event notifications, see Configuring Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html).
Describes the AWS Lambda functions to invoke and the events for which to invoke them.
The Amazon S3 bucket event for which to invoke the AWS Lambda function. For more information, see Supported Event Types (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) in the Amazon Simple Storage Service Developer Guide.
Events is a required field A full list of valid events can be found in the Amazon S3 Developer guide https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html#notification-how-to-event-types-and-destinations
Specifies object key name filtering rules. For information about key name filtering, see Configuring Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) in the Amazon Simple Storage Service Developer Guide.
A container for object key name prefix and suffix filtering rules.
The Amazon Simple Queue Service queues to publish messages to and the events for which to publish messages.
A collection of bucket events for which to send notifications
Events is a required field A full list of valid events can be found in the Amazon S3 Developer guide https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html#notification-how-to-event-types-and-destinations
Specifies object key name filtering rules. For information about key name filtering, see Configuring Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) in the Amazon Simple Storage Service Developer Guide.
A container for object key name prefix and suffix filtering rules.
QueueArnRef references an Queue to retrieve its ARN
Policies for referencing.
QueueArnSelector selects a reference to an Queue to retrieve its ARN
Policies for selection.
The topic to which notifications are sent and the events for which notifications are generated.
The Amazon S3 bucket event about which to send notifications. For more information, see Supported Event Types (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) in the Amazon Simple Storage Service Developer Guide.
Events is a required field A full list of valid events can be found in the Amazon S3 Developer guide https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html#notification-how-to-event-types-and-destinations
Specifies object key name filtering rules. For information about key name filtering, see Configuring Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) in the Amazon Simple Storage Service Developer Guide.
A container for object key name prefix and suffix filtering rules.
TopicArnRef references an SNS Topic to retrieve its Arn
Policies for referencing.
TopicArnSelector selects a reference to an SNS Topic to retrieve its Arn
Policies for selection.
Specifies payer parameters for an Amazon S3 bucket. For more information, see Request Pays buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/RequesterPaysBuckets.html) in the Amazon Simple Storage Service Developer Guide.
Policy is a well defined type which can be parsed into an JSON S3 Bucket Policy.
By default, to ensure compatibility with previous APIs, a bucket policy
is never deleted from a bucket if this field is set to null.
To change this behaviour, see policyUpdatePolicy
.
Statements is the list of statement this policy applies either jsonStatements or statements must be specified in the policy
Each element of the PolicyAction array describes the specific action or actions that will be allowed or denied with this PolicyStatement.
Condition specifies where conditions for policy are in effect. https://docs.aws.amazon.com/AmazonS3/latest/dev/amazon-s3-policy-keys.html
Conditions represents each of the key/value pairs for the operator key
ConditionListValue is the list value of the key from the parent condition
Each element of the NotPolicyAction array will allow the property to match all but the listed actions.
Used with the S3 policy to specify the users which are not included in this policy
This list contains the all of the AWS IAM users which are affected by the policy statement.
IAMRoleARNRef contains the reference to an IAMRole
Policies for referencing.
IAMRoleARNSelector queries for an IAM role to retrieve its userName
Policies for selection.
UserARNRef contains the reference to an User
Policies for referencing.
UserARNSelector queries for an User to retrieve its userName
Policies for selection.
Service define the services which can have access to this bucket
This will explicitly match all resource paths except the ones specified in this array
Used with the S3 policy to specify the principal that is allowed or denied access to a resource.
This list contains the all of the AWS IAM users which are affected by the policy statement.
IAMRoleARNRef contains the reference to an IAMRole
Policies for referencing.
IAMRoleARNSelector queries for an IAM role to retrieve its userName
Policies for selection.
UserARNRef contains the reference to an User
Policies for referencing.
UserARNSelector queries for an User to retrieve its userName
Policies for selection.
Service define the services which can have access to this bucket
The paths on which this resource will apply
PolicyUpdatePolicy specifies the update behaviour of policy
.
PublicAccessBlockConfiguration that you want to apply to this Amazon S3 bucket.
Creates a replication configuration or replaces an existing one. For more information, see Replication (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication.html) in the Amazon S3 Developer Guide.
RoleRef references an IAMRole to retrieve its Name
Policies for referencing.
RoleSelector selects a reference to an IAMRole to retrieve its Name
Policies for selection.
A container for one or more replication rules. A replication configuration must have at least one rule and can contain a maximum of 1,000 rules.
Rules is a required field
Specifies whether Amazon S3 replicates the delete markers. If you specify a Filter, you must specify this element. However, in the latest version of replication configuration (when Filter is specified), Amazon S3 doesn't replicate delete markers. Therefore, the DeleteMarkerReplication element can contain only Disabled. For an example configuration, see Basic Rule Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-config-min-rule-config).
If you don't specify the Filter element, Amazon S3 assumes that the replication configuration is the earlier version, V1. In the earlier version, Amazon S3 handled replication of delete markers differently. For more information, see Backward Compatibility (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-backward-compat-considerations).
A container for information about the replication destination and its configurations including enabling the S3 Replication Time Control (S3 RTC).
Destination is a required field
Specify this only in a cross-account scenario (where source and destination bucket owners are not the same), and you want to change replica ownership to the AWS account that owns the destination bucket. If this is not specified in the replication configuration, the replicas are owned by same AWS account that owns the source object.
BucketRef references a Bucket to retrieve its Name
Policies for referencing.
BucketSelector selects a reference to a Bucket to retrieve its Name
Policies for selection.
A container that provides information about encryption. If SourceSelectionCriteria is specified, you must specify this element.
ReplicaKmsKeyIDRef references an KMSKey to retrieve its ID
Policies for referencing.
ReplicaKmsKeyIDSelector selects a reference to an KMSKey to retrieve its ID
Policies for selection.
A container specifying replication metrics-related settings enabling metrics and Amazon S3 events for S3 Replication Time Control (S3 RTC). Must be specified together with a ReplicationTime block.
A container specifying the time threshold for emitting the s3:Replication:OperationMissedThreshold event.
A container specifying S3 Replication Time Control (S3 RTC), including whether S3 RTC is enabled and the time when all objects and operations on objects must be replicated. Must be specified together with a Metrics block.
Optional configuration to replicate existing source bucket objects. For more information, see Replicating Existing Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-what-is-isnot-replicated.html#existing-object-replication) in the Amazon S3 Developer Guide.
A filter that identifies the subset of objects to which the replication rule applies. A Filter must specify exactly one Prefix, Tag, or an And child element.
A container for specifying rule filters. The filters determine the subset of objects to which the rule applies. This element is required only if you specify more than one filter. For example:
If you specify both a Prefix and a Tag filter, wrap these filters in an And tag.
If you specify a filter based on multiple tags, wrap the Tag elements in an And tag.
A container that describes additional filters for identifying the source objects that you want to replicate. You can choose to enable or disable the replication of these objects. Currently, Amazon S3 supports only the filter that you can specify for objects created with server-side encryption using a customer master key (CMK) stored in AWS Key Management Service (SSE-KMS).
A container for filter information for the selection of Amazon S3 objects encrypted with AWS KMS. If you include SourceSelectionCriteria in the replication configuration, this element is required.
Specifies default encryption for a bucket using server-side encryption with Amazon S3-managed keys (SSE-S3) or customer master keys stored in AWS KMS (SSE-KMS). For information about the Amazon S3 default encryption feature, see Amazon S3 Default Bucket Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) in the Amazon Simple Storage Service Developer Guide.
Container for information about a particular server-side encryption configuration rule.
Specifies the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied.
KMSMasterKeyIDRef references an KMSKey to retrieve its ID
Policies for referencing.
KMSMasterKeyIDSelector selects a reference to an KMSKey to retrieve its ID
Policies for selection.
Sets the tags for a bucket. Use tags to organize your AWS bill to reflect your own cost structure. For more information, see Billing and usage reporting for S3 buckets. (https://docs.aws.amazon.com/AmazonS3/latest/dev/BucketBilling.html) in the Amazon Simple Storage Service Developer Guide.
VersioningConfiguration describes the versioning state of an Amazon S3 bucket. See the AWS API reference guide for Amazon Simple Storage Service's API operation PutBucketVersioning for usage and error information. See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketVersioning
Specifies website configuration parameters for an Amazon S3 bucket. See the AWS API reference guide for Amazon Simple Storage Service's API operation PutBucketWebsite for usage and error information. See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketWebsite
The name of the error document for the website.
The name of the index document for the website.
Rules that define when a redirect is applied and the redirect behavior.
A container for describing a condition that must be met for the specified redirect to apply. For example, 1. If request is for pages in the /docs folder, redirect to the /documents folder. 2. If request results in HTTP error 4xx, redirect request to another host where you might process the error.
Container for redirect information. You can redirect requests to another host, to another page, or with another protocol. In the event of an error, you can specify a different error code to return.
THIS IS A BETA FIELD. It is on by default but can be opted out through a Crossplane feature flag. ManagementPolicies specify the array of actions Crossplane is allowed to take on the managed and external resources. This field is planned to replace the DeletionPolicy field in a future release. Currently, both could be set independently and non-default values would be honored if the feature flag is enabled. If both are custom, the DeletionPolicy field will be ignored. See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured.
Policies for referencing.
PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.
WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. This field is planned to be replaced in a future release in favor of PublishConnectionDetailsTo. Currently, both could be set independently and connection details would be published to both without affecting each other.
BucketStatus represents the observed state of the Bucket.
BucketExternalStatus keeps the state for the external resource
Conditions of the resource.
test-bucket
apiVersion: s3.aws.crossplane.io/v1beta1
kind: Bucket
metadata:
annotations:
crossplane.io/external-name: crossplane-example-bucket
name: test-bucket
spec:
forProvider:
accelerateConfiguration:
status: Enabled
corsConfiguration:
corsRules:
- allowedHeaders:
- "*"
allowedMethods:
- GET
allowedOrigins:
- "*"
exposeHeaders:
- x-amz-server-side-encryption
lifecycleConfiguration:
rules:
- expiration:
days: 15
filter:
prefix: ola/
status: Enabled
locationConstraint: us-east-1
objectLockEnabledForBucket: false
objectOwnership: BucketOwnerEnforced
publicAccessBlockConfiguration:
blockPublicPolicy: true
replicationConfiguration:
roleRef:
name: somerole
rules:
- deleteMarkerReplication:
status: Disabled
destination:
bucketRef:
name: repl-dest
storageClass: STANDARD
filter:
prefix: ""
id: rule-1
priority: 0
status: Enabled
serverSideEncryptionConfiguration:
rules:
- applyServerSideEncryptionByDefault:
sseAlgorithm: AES256
tagging:
tagSet:
- key: key1
value: val1
- key: secondKey
value: val2
- key: key3
value: val3
versioningConfiguration:
status: Enabled
providerConfigRef:
name: example
test-bucket-with-policy
apiVersion: s3.aws.crossplane.io/v1beta1
kind: Bucket
metadata:
annotations:
crossplane.io/external-name: crossplane-example-bucket
name: test-bucket-with-policy
spec:
forProvider:
locationConstraint: us-east-1
objectOwnership: BucketOwnerEnforced
policy:
statements:
- action:
- s3:ListBucket
- s3:GetBucketLocation
- s3:ListBucketMultipartUploads
- s3:PutBucketCORS
condition:
- conditions:
- key: aws:Key1
stringValue: value1
- key: aws:Key2
stringValue: value2
operatorKey: StringEquals
- conditions:
- key: aws:SourceIp
stringValue: 192.0.2.0/24
operatorKey: IpAddress
- conditions:
- key: aws:SourceIp
stringValue: 192.0.2.188/32
operatorKey: NotIpAddress
effect: Allow
principal:
awsPrincipals:
- iamUserArnSelector:
matchLabels:
example: "true"
resource:
- arn:aws:s3:::crossplane-example-bucket
version: 2012-10-17
providerConfigRef:
name: example
repl-dest
apiVersion: s3.aws.crossplane.io/v1beta1
kind: Bucket
metadata:
annotations:
crossplane.io/external-name: crossplane-example-repl-dest
name: repl-dest
spec:
deletionPolicy: Delete
forProvider:
acl: private
locationConstraint: us-east-1
paymentConfiguration:
payer: BucketOwner
serverSideEncryptionConfiguration:
rules:
- applyServerSideEncryptionByDefault:
sseAlgorithm: AES256
versioningConfiguration:
status: Enabled
providerConfigRef:
name: example
sample-environment-bucket-123
apiVersion: s3.aws.crossplane.io/v1beta1
kind: Bucket
metadata:
name: sample-environment-bucket-123
spec:
deletionPolicy: Delete
forProvider:
locationConstraint: us-east-1
objectOwnership: BucketOwnerEnforced
paymentConfiguration:
payer: BucketOwner
versioningConfiguration:
status: Enabled
providerConfigRef:
name: example
© 2022 Upbound, Inc.
Discover the building blocksfor your internal cloud platform.