aws.s3.bucket_policy
**Autogenerated function**
Deletes the policy of specified s3 bucket.
Args:
name(Text): The name of the bucket policy.
bucket(Text): The name of the S3 bucket
resource_id(Text, optional): S3 Bucket policy ID. Idem automatically considers this resource being absent if this field is not specified.
expected_bucket_owner(Text, optional): The account ID of the expected bucket owner. If the bucket is owned by a
different account, the request will fail with an HTTP 403 (Access Denied) error.
Returns:
Dict[str, Any]
Request Syntax:
[bucket_name]-policy:
aws.s3.bucket_policy.absent:
- bucket: string
- expected_bucket_owner: string
Examples:
.. code-block:: sls
my-s3-bucket-bb7bb32e9533-policy:
aws.s3.bucket_policy.absent:
- bucket: my-s3-bucket-bb7bb32e9533
- expected_bucket_owner: 1239234249
Obtain S3 bucket policy for each bucket under the given context for any user.
Returns:
Dict[str, Any]
Examples:
.. code-block:: bash
$ idem describe aws.s3.bucket_policy
**Autogenerated function**
Applies an Amazon S3 bucket policy to an Amazon S3 bucket. If you are using an identity other than the root user of
the Amazon Web Services account that owns the bucket, the calling identity must have the PutBucketPolicy permissions
on the specified bucket and belong to the bucket owner's account in order to use this operation. If you don't have
PutBucketPolicy permissions, Amazon S3 returns a 403 Access Denied error. If you have the correct permissions, but
you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 405 Method Not Allowed error.
Args:
name(Text): The name of the bucket policy.
bucket(Text): The name of the S3 bucket
resource_id(Text, optional): S3 Bucket policy ID
policy(Text): The bucket policy as a JSON document.
confirm_remove_self_bucket_access(boolean, optional): Set this parameter to true to confirm that you want to remove
your permissions to change this bucket policy in the future.
expected_bucket_owner(Text, optional): The account ID of the expected bucket owner. If the bucket is owned
by a different account, the request will fail with an HTTP 403 (Access Denied) error.
Request Syntax:
[bucket_name]-policy:
aws.s3.bucket_policy.present:
- bucket: string
- policy: string
- confirm_remove_self_bucket_access: boolean
- expected_bucket_owner: string
Returns:
Dict[str, Any]
Examples:
.. code-block:: sls
my-s3-bucket-bb7bb32e9533-policy:
aws.s3.bucket_policy.present:
- bucket: my-s3-bucket-bb7bb32e9533
- policy: '{"Version":"2012-10-17","Statement":[{"Sid":"PublicReadGetObject","Effect":"Allow","Principal":{"AWS":"arn:aws:iam::418235808912:root"},"Action":"s3:GetObject","Resource":"arn:aws:s3:::thebugbucket3/*"}]}'
- confirm_remove_self_bucket_access: False
- expected_bucket_owner: 1239234249
Full plugin documentation is available on the Idem documentation site - aws.s3.bucket_policy .