bucket
View SourceS3 buckets in AWS are the standard way to store files within “buckets”. Stackattack creates S3 buckets with secure defaults including encryption and public access blocking.
import * as saws from "@stackattack/aws";
const ctx = saws.context();const storage = saws.bucket(ctx);
export const storageBucket = storage.bucket;After deploying a bucket, you can interact with it using:
AWS CLI:
# Upload a single fileaws s3 cp ./local-file.txt s3://your-bucket-name/remote-file.txt
# List bucket contentsaws s3 ls s3://your-bucket-name/AWS SDK:
import { S3Client, PutObjectCommand } from "@aws-sdk/client-s3";
const s3 = new S3Client({ region: "us-east-1" });
await s3.send(new PutObjectCommand({ Bucket: "your-bucket-name", Key: "path/to/file.json", Body: JSON.stringify({ message: "Hello World" }), ContentType: "application/json"}));Related Components
Section titled “Related Components”Buckets are a foundational component in AWS and integrate with several other components:
- static-site - Serves files stored in S3 publicly using Cloudfront as a CDN with support for framework-specific routing.
- s3-firehose - Sets up a Kinesis Firehose that can be used to buffer data and write it to S3 in chunks. This can be used to query it efficiently with tools that can read data directly from S3 such as Athena or Apache Spark.
S3 costs are all usage-based so you will not be charged if you create a bucket and never use it. S3 costs are broken down by:
-
Data Transfer - This is the component that often makes costs really blow up unless handled carefully. Sending data to S3 is always free. However, transferring data out of S3 to the internet incurs charges of ~$0.09/GB. If data is transferred from S3 to many clients, this can add up quickly. Consider these cost reduction strategies:
- Use S3 endpoints - The vpc component sets up VPC endpoints by default, so requests to S3 from your VPC will be made internally in AWS’s network and will not incur data transfer charges.
- Consider CloudFront - Use the staticSite component or create your own CloudFront distribution to serve files publicly. The first 1TB of data transfer out to the internet from CloudFront is free each month; see CloudFront pricing for details.
-
Data stored - The storage itself is relatively cheap, ~$0.023/GB/month. If you store 100GB of data in S3 and leave it there, you’ll be billed ~$2.30 each month. If you delete the data (including all versions, if versioning is enabled) from S3, you will not be charged for its storage anymore.
-
Requests - You’ll be charged for each API call made to your S3 buckets, but this is also relatively cheap: ~$0.0004/1000 read (GET, SELECT) and ~$0.0005/1000 write (POST, PUT, etc.) requests. You will not be charged unless the requests can successfully pass authorization checks.
Note: Prices vary by region. See S3 Pricing for current rates.
bucket
Section titled “bucket”Creates an S3 bucket with security best practices enabled by default, including encryption, public access blocking, and optional versioning.
function bucket(ctx: Context, args?: BucketArgs): BucketV2Parameters
Section titled “Parameters”ctx(Context) - The context for resource naming and taggingargs?(BucketArgs) - Optional configuration arguments for the bucket
Returns
Section titled “Returns”- (
BucketV2) - Creates an S3 bucket with security best practices enabled by default, including encryption, public access blocking, and optional versioning.
Functions
Section titled “Functions”bucketCors
Section titled “bucketCors”Configures CORS settings for an S3 bucket.
function bucketCors(ctx: Context, args: BucketCorsArgs): BucketCorsConfigurationV2Parameters
Section titled “Parameters”ctx(Context) - The context for resource naming and taggingargs(BucketCorsArgs) - Configuration arguments for bucket CORS
Returns
Section titled “Returns”- (
BucketCorsConfigurationV2) - Configures CORS settings for an S3 bucket.
bucketEncryption
Section titled “bucketEncryption”Configures server-side encryption for an S3 bucket using AES256.
function bucketEncryption(ctx: Context, args: BucketVersioningArgs): BucketServerSideEncryptionConfigurationV2Parameters
Section titled “Parameters”ctx(Context) - The context for resource naming and taggingargs(BucketVersioningArgs) - Configuration arguments for bucket encryption
Returns
Section titled “Returns”- (
BucketServerSideEncryptionConfigurationV2) - Configures server-side encryption for an S3 bucket using AES256.
bucketFiles
Section titled “bucketFiles”Uploads all files from a local directory to an S3 bucket with proper MIME types.
function bucketFiles(ctx: Context, args: BucketFilesArgs): Record<string, BucketObjectv2>Parameters
Section titled “Parameters”ctx(Context) - The context for resource naming and taggingargs(BucketFilesArgs) - Configuration arguments for the directory upload
Returns
Section titled “Returns”- (
Record<string, BucketObjectv2>) - Uploads all files from a local directory to an S3 bucket with proper MIME types.
bucketLifecycleRules
Section titled “bucketLifecycleRules”Configures lifecycle rules for an S3 bucket to automatically transition or expire objects.
function bucketLifecycleRules(ctx: Context, args: BucketLifecycleRulesArgs): BucketLifecycleConfigurationV2Parameters
Section titled “Parameters”ctx(Context) - The context for resource naming and taggingargs(BucketLifecycleRulesArgs) - Configuration arguments for bucket lifecycle rules
Returns
Section titled “Returns”- (
BucketLifecycleConfigurationV2) - Configures lifecycle rules for an S3 bucket to automatically transition or expire objects.
bucketObjectOwnership
Section titled “bucketObjectOwnership”Configures object ownership controls for an S3 bucket.
function bucketObjectOwnership(ctx: Context, args: BucketObjectOwnershipArgs): BucketOwnershipControlsParameters
Section titled “Parameters”ctx(Context) - The context for resource naming and taggingargs(BucketObjectOwnershipArgs) - Configuration arguments for bucket object ownership
Returns
Section titled “Returns”- (
BucketOwnershipControls) - Configures object ownership controls for an S3 bucket.
bucketPolicy
Section titled “bucketPolicy”Creates a bucket policy that grants access to specified services and AWS accounts.
function bucketPolicy(ctx: Context, args: BucketPolicyArgs): BucketPolicyParameters
Section titled “Parameters”ctx(Context) - The context for resource naming and taggingargs(BucketPolicyArgs) - Configuration arguments for the bucket policy
Returns
Section titled “Returns”- (
BucketPolicy) - Creates a bucket policy that grants access to specified services and AWS accounts.
bucketPublicAccessBlock
Section titled “bucketPublicAccessBlock”Blocks all public access to an S3 bucket for security.
function bucketPublicAccessBlock(ctx: Context, args: BucketVersioningArgs): BucketPublicAccessBlockParameters
Section titled “Parameters”ctx(Context) - The context for resource naming and taggingargs(BucketVersioningArgs) - Configuration arguments for the bucket
Returns
Section titled “Returns”- (
BucketPublicAccessBlock) - Blocks all public access to an S3 bucket for security.
bucketServiceAccessPolicy
Section titled “bucketServiceAccessPolicy”Creates an IAM policy that grants specified AWS services access to an S3 bucket.
function bucketServiceAccessPolicy(bucket: Input<BucketInput>, services: Input<string>[]): Output<GetPolicyDocumentResult>Parameters
Section titled “Parameters”bucket(Input<BucketInput>) - The S3 bucket to grant access toservices(Input<string>[]) - AWS services that should be granted access
Returns
Section titled “Returns”- (
Output<GetPolicyDocumentResult>) - Creates an IAM policy that grants specified AWS services access to an S3 bucket.
bucketVersioning
Section titled “bucketVersioning”Enables versioning on an S3 bucket.
function bucketVersioning(ctx: Context, args: BucketVersioningArgs): BucketVersioningV2Parameters
Section titled “Parameters”ctx(Context) - The context for resource naming and taggingargs(BucketVersioningArgs) - Configuration arguments for bucket versioning
Returns
Section titled “Returns”- (
BucketVersioningV2) - Enables versioning on an S3 bucket.
getBucketAttributes
Section titled “getBucketAttributes”Retrieves the full bucket attributes from various bucket input types.
function getBucketAttributes(input: Input<BucketInput>): Output<BucketV2 | Bucket | GetBucketResult>Parameters
Section titled “Parameters”input(Input<BucketInput>) - The bucket input (string, bucket resource, or bucket result)
Returns
Section titled “Returns”- (
Output<BucketV2 | Bucket | GetBucketResult>) - Retrieves the full bucket attributes from various bucket input types.
getBucketId
Section titled “getBucketId”Extracts the bucket ID from various bucket input types.
function getBucketId(input: Input<BucketInput>): Output<string>Parameters
Section titled “Parameters”input(Input<BucketInput>) - The bucket input (string, bucket resource, or bucket result)
Returns
Section titled “Returns”- (
Output<string>) - Extracts the bucket ID from various bucket input types.
Interfaces
Section titled “Interfaces”BucketArgs
Section titled “BucketArgs”Configuration arguments for creating an S3 bucket with optional features.
Properties
Section titled “Properties”allowCors?(boolean) - Whether to allow CORS requestsbucket?(Input<string>) - Specify the name of your bucket. In general when using Pulumi, it’s preferred to specify name prefixes (bucketPrefix, or allow pulumi to generate the prefix for you) so that resources can be recreated before deleting them in the case where they need to replaced.bucketPrefix?(Input<string>) - Specify a prefix to use for the bucket name. If neither this norbucketare specified, a prefix will be auto-generated based on the resource nameencrypted?(boolean) - Whether to enable server-side encryption (defaults to true)forceDestroy?(Input<boolean>) - When deleting the bucket, delete all objects in the bucket first. This is dangerous and can cause unintentional data loss (particularly if used in conjunction withnoProtect), but may be desirable for ephemeral bucketslifecycleRules?(BucketLifecycleRule[]) - Lifecycle rules to automatically manage object expirationnoPrefix?(boolean) - Whether to skip adding a prefix to the resource namenoProtect?(boolean) - Whether to disable deletion protection. Since buckets are stateful and deleting them can cause data loss, they are protected by default.objectOwnership?(Input<string>) - The object ownership setting for the bucketpaths?(string[]) - Provide an array of path(s) to upload to the bucketpolicy?(Omit<BucketPolicyArgs, "bucket" | "noPrefix">) - Policy configuration for granting access to services and accountspublic?(boolean) - Whether the bucket should allow public accessversioned?(boolean) - Whether to enable versioning on the bucket
BucketCorsArgs
Section titled “BucketCorsArgs”Arguments for configuring CORS on an S3 bucket.
Properties
Section titled “Properties”bucket(Input<BucketInput>) - The S3 bucket to configure CORS forcorsRules?(Input<Input<BucketCorsConfigurationV2CorsRule>[]>) - Custom CORS rules (defaults to permissive rules if not specified)noPrefix?(boolean) - Whether to skip adding a prefix to the resource name
BucketFilesArgs
Section titled “BucketFilesArgs”Configuration arguments for uploading a directory to an S3 bucket.
Properties
Section titled “Properties”bucket(BucketInput) - The target S3 bucket for the directory uploadkeyPrefix?(Input<string>) - Optional prefix to prepend to all S3 object keysnoPrefix?(boolean) - Whether to skip adding ‘bucket-directory’ prefix to resource namespaths(string[]) - Local filesystem path to the directory to upload
BucketLifecycleRule
Section titled “BucketLifecycleRule”Configuration for a single S3 bucket lifecycle rule.
Properties
Section titled “Properties”days(number) - Number of days after which objects expireid?(string) - Optional identifier for the lifecycle ruleprefix?(boolean) - Whether to include prefix in the rule ID
BucketLifecycleRulesArgs
Section titled “BucketLifecycleRulesArgs”Arguments for configuring lifecycle rules on an S3 bucket.
Properties
Section titled “Properties”bucket(Input<BucketInput>) - The S3 bucket to configure lifecycle rules fornoPrefix?(boolean) - Whether to skip adding a prefix to the resource namerules(BucketLifecycleRule[]) - Array of lifecycle rules to apply
BucketObjectOwnershipArgs
Section titled “BucketObjectOwnershipArgs”Properties
Section titled “Properties”bucket(Input<BucketInput>) - The S3 bucket to create an ownership resource fornoPrefix?(boolean) - Whether to skip adding a prefix to the resource nameobjectOwnership(Input<string>) - Object ownership setting
BucketPolicyArgs
Section titled “BucketPolicyArgs”Arguments for creating a bucket policy that grants access to services and accounts.
Properties
Section titled “Properties”accounts?(Input<string>[]) - AWS account IDs that should be granted access to the bucketbucket(Input<BucketInput>) - The S3 bucket to create a policy fornoPrefix?(boolean) - Whether to skip adding a prefix to the resource nameservices?(Input<string>[]) - AWS services that should be granted access to the bucket
BucketVersioningArgs
Section titled “BucketVersioningArgs”Arguments for configuring S3 bucket versioning.
Properties
Section titled “Properties”bucket(Input<BucketInput>) - The S3 bucket to configure versioning fornoPrefix?(boolean) - Whether to skip adding a prefix to the resource name
BucketInput
Section titled “BucketInput”Union type representing different ways to reference an S3 bucket.
type BucketInput = string | aws.s3.BucketV2 | aws.s3.Bucket | aws.s3.GetBucketResult