bucket_policies
Creates, updates, deletes or gets a bucket_policy resource or lists bucket_policies in a region
Overview
| Name | bucket_policies |
| Type | Resource |
| Description | Resource Type definition for AWS::S3Express::BucketPolicy. |
| Id | aws.s3express.bucket_policies |
Fields
| Name | Datatype | Description |
|---|---|---|
bucket | string | The name of the S3 directory bucket to which the policy applies. |
policy_document | object | A policy document containing permissions to add to the specified bucket. In IAM, you must provide policy documents in JSON format. However, in CloudFormation you can provide the policy in JSON or YAML format because CloudFormation converts YAML to JSON before submitting it to IAM. |
region | string | AWS region. |
Methods
| Name | Accessible by | Required Params |
|---|---|---|
create_resource | INSERT | Bucket, PolicyDocument, region |
delete_resource | DELETE | data__Identifier, region |
update_resource | UPDATE | data__Identifier, data__PatchDocument, region |
list_resources | SELECT | region |
get_resource | SELECT | data__Identifier, region |
SELECT examples
Gets all bucket_policies in a region.
SELECT
region,
bucket,
policy_document
FROM aws.s3express.bucket_policies
WHERE region = 'us-east-1';
Gets all properties from an individual bucket_policy.
SELECT
region,
bucket,
policy_document
FROM aws.s3express.bucket_policies
WHERE region = 'us-east-1' AND data__Identifier = '<Bucket>';
INSERT example
Use the following StackQL query and manifest file to create a new bucket_policy resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO aws.s3express.bucket_policies (
Bucket,
PolicyDocument,
region
)
SELECT
'{{ Bucket }}',
'{{ PolicyDocument }}',
'{{ region }}';
/*+ create */
INSERT INTO aws.s3express.bucket_policies (
Bucket,
PolicyDocument,
region
)
SELECT
'{{ Bucket }}',
'{{ PolicyDocument }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: bucket_policy
props:
- name: Bucket
value: '{{ Bucket }}'
- name: PolicyDocument
value: {}
DELETE example
/*+ delete */
DELETE FROM aws.s3express.bucket_policies
WHERE data__Identifier = '<Bucket>'
AND region = 'us-east-1';
Permissions
To operate on the bucket_policies resource, the following permissions are required:
Create
s3express:GetBucketPolicy,
s3express:PutBucketPolicy
Read
s3express:GetBucketPolicy
Update
s3express:GetBucketPolicy,
s3express:PutBucketPolicy
Delete
s3express:GetBucketPolicy,
s3express:DeleteBucketPolicy
List
s3express:GetBucketPolicy,
s3express:ListAllMyDirectoryBuckets