{ "description": "Bucket is the Schema for the Buckets API. Provides a S3 bucket resource.", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { "description": "BucketSpec defines the desired state of Bucket", "properties": { "deletionPolicy": { "default": "Delete", "description": "DeletionPolicy specifies what will happen to the underlying external\nwhen this managed resource is deleted - either \"Delete\" or \"Orphan\" the\nexternal resource.\nThis field is planned to be deprecated in favor of the ManagementPolicies\nfield in a future release. Currently, both could be set independently and\nnon-default values would be honored if the feature flag is enabled.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223", "enum": [ "Orphan", "Delete" ], "type": "string" }, "forProvider": { "properties": { "forceDestroy": { "description": "Boolean that indicates all objects (including any locked objects) should be deleted from the bucket when the bucket is destroyed so that the bucket can be destroyed without error. These objects are not recoverable. This only deletes objects when the bucket is destroyed, not when setting this parameter to true. If setting this field in the same operation that would require replacing the bucket or destroying the bucket, this flag will not work.", "type": "boolean" }, "objectLockEnabled": { "description": "Indicates whether this bucket has an Object Lock configuration enabled. Valid values are true or false. This argument is not supported in all regions or partitions.", "type": "boolean" }, "region": { "description": "Region where this resource will be managed. Defaults to the Region set in the provider configuration.\nRegion is the region you'd like your resource to be created in.", "type": "string" }, "tags": { "additionalProperties": { "type": "string" }, "description": "Key-value map of resource tags.", "type": "object", "x-kubernetes-map-type": "granular" } }, "required": [ "region" ], "type": "object", "additionalProperties": false }, "initProvider": { "description": "THIS IS A BETA FIELD. It will be honored\nunless the Management Policies feature flag is disabled.\nInitProvider holds the same fields as ForProvider, with the exception\nof Identifier and other resource reference fields. The fields that are\nin InitProvider are merged into ForProvider when the resource is created.\nThe same fields are also added to the terraform ignore_changes hook, to\navoid updating them after creation. This is useful for fields that are\nrequired on creation, but we do not desire to update them after creation,\nfor example because of an external controller is managing them, like an\nautoscaler.", "properties": { "forceDestroy": { "description": "Boolean that indicates all objects (including any locked objects) should be deleted from the bucket when the bucket is destroyed so that the bucket can be destroyed without error. These objects are not recoverable. This only deletes objects when the bucket is destroyed, not when setting this parameter to true. If setting this field in the same operation that would require replacing the bucket or destroying the bucket, this flag will not work.", "type": "boolean" }, "objectLockEnabled": { "description": "Indicates whether this bucket has an Object Lock configuration enabled. Valid values are true or false. This argument is not supported in all regions or partitions.", "type": "boolean" }, "tags": { "additionalProperties": { "type": "string" }, "description": "Key-value map of resource tags.", "type": "object", "x-kubernetes-map-type": "granular" } }, "type": "object", "additionalProperties": false }, "managementPolicies": { "default": [ "*" ], "description": "THIS IS A BETA FIELD. It is on by default but can be opted out\nthrough a Crossplane feature flag.\nManagementPolicies specify the array of actions Crossplane is allowed to\ntake on the managed and external resources.\nThis field is planned to replace the DeletionPolicy field in a future\nrelease. Currently, both could be set independently and non-default\nvalues would be honored if the feature flag is enabled. If both are\ncustom, the DeletionPolicy field will be ignored.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223\nand this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md", "items": { "description": "A ManagementAction represents an action that the Crossplane controllers\ncan take on an external resource.", "enum": [ "Observe", "Create", "Update", "Delete", "LateInitialize", "*" ], "type": "string" }, "type": "array" }, "providerConfigRef": { "default": { "name": "default" }, "description": "ProviderConfigReference specifies how the provider that will be used to\ncreate, observe, update, and delete this managed resource should be\nconfigured.", "properties": { "name": { "description": "Name of the referenced object.", "type": "string" }, "policy": { "description": "Policies for referencing.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "writeConnectionSecretToRef": { "description": "WriteConnectionSecretToReference specifies the namespace and name of a\nSecret to which any connection details for this managed resource should\nbe written. Connection details frequently include the endpoint, username,\nand password required to connect to the managed resource.", "properties": { "name": { "description": "Name of the secret.", "type": "string" }, "namespace": { "description": "Namespace of the secret.", "type": "string" } }, "required": [ "name", "namespace" ], "type": "object", "additionalProperties": false } }, "required": [ "forProvider" ], "type": "object", "additionalProperties": false }, "status": { "description": "BucketStatus defines the observed state of Bucket.", "properties": { "atProvider": { "properties": { "accelerationStatus": { "description": "Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended. Cannot be used in cn-north-1 or us-gov-west-1.\nUse the resource aws_s3_bucket_accelerate_configuration instead.", "type": "string" }, "acl": { "description": "The canned ACL to apply. Valid values are private, public-read, public-read-write, aws-exec-read, authenticated-read, and log-delivery-write. Defaults to private. Conflicts with grant. Use the resource aws_s3_bucket_acl instead.", "type": "string" }, "arn": { "description": "ARN of the bucket. Will be of format arn:aws:s3:::bucketname.", "type": "string" }, "bucketDomainName": { "description": "Bucket domain name. Will be of format bucketname.s3.amazonaws.com.", "type": "string" }, "bucketRegion": { "description": "AWS region this bucket resides in.", "type": "string" }, "bucketRegionalDomainName": { "description": "The bucket region-specific domain name. The bucket domain name including the region name. Please refer to the S3 endpoints reference for format. Note: AWS CloudFront allows specifying an S3 region-specific endpoint when creating an S3 origin. This will prevent redirect issues from CloudFront to the S3 Origin URL. For more information, see the Virtual Hosted-Style Requests for Other Regions section in the AWS S3 User Guide.", "type": "string" }, "corsRule": { "description": "Rule of Cross-Origin Resource Sharing. See CORS rule below for details. Use the resource aws_s3_bucket_cors_configuration instead.", "items": { "properties": { "allowedHeaders": { "description": "List of headers allowed.", "items": { "type": "string" }, "type": "array" }, "allowedMethods": { "description": "One or more HTTP methods that you allow the origin to execute. Can be GET, PUT, POST, DELETE or HEAD.", "items": { "type": "string" }, "type": "array" }, "allowedOrigins": { "description": "One or more origins you want customers to be able to access the bucket from.", "items": { "type": "string" }, "type": "array" }, "exposeHeaders": { "description": "One or more headers in the response that you want customers to be able to access from their applications (for example, from a JavaScript XMLHttpRequest object).", "items": { "type": "string" }, "type": "array" }, "maxAgeSeconds": { "description": "Specifies time in seconds that browser can cache the response for a preflight request.", "type": "number" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "forceDestroy": { "description": "Boolean that indicates all objects (including any locked objects) should be deleted from the bucket when the bucket is destroyed so that the bucket can be destroyed without error. These objects are not recoverable. This only deletes objects when the bucket is destroyed, not when setting this parameter to true. If setting this field in the same operation that would require replacing the bucket or destroying the bucket, this flag will not work.", "type": "boolean" }, "grant": { "description": "An ACL policy grant. See Grant below for details. Conflicts with acl. Use the resource aws_s3_bucket_acl instead.", "items": { "properties": { "id": { "description": "Canonical user id to grant for. Used only when type is CanonicalUser.", "type": "string" }, "permissions": { "description": "List of permissions to apply for grantee. Valid values are READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "set" }, "type": { "description": "Type of grantee to apply for. Valid values are CanonicalUser and Group. AmazonCustomerByEmail is not supported.", "type": "string" }, "uri": { "description": "Uri address to grant for. Used only when type is Group.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "hostedZoneId": { "description": "Route 53 Hosted Zone ID for this bucket's region.", "type": "string" }, "id": { "description": "Name of the bucket.", "type": "string" }, "lifecycleRule": { "description": "Configuration of object lifecycle management. See Lifecycle Rule below for details.\nUse the resource aws_s3_bucket_lifecycle_configuration instead.", "items": { "properties": { "abortIncompleteMultipartUploadDays": { "description": "Specifies the number of days after initiating a multipart upload when the multipart upload must be completed.", "type": "number" }, "enabled": { "description": "Specifies lifecycle rule status.", "type": "boolean" }, "expiration": { "description": "Specifies a period in the object's expire. See Expiration below for details.", "properties": { "date": { "description": "Specifies the date after which you want the corresponding action to take effect.", "type": "string" }, "days": { "description": "Specifies the number of days after object creation when the specific rule action takes effect.", "type": "number" }, "expiredObjectDeleteMarker": { "description": "On a versioned bucket (versioning-enabled or versioning-suspended bucket), you can add this element in the lifecycle configuration to direct Amazon S3 to delete expired object delete markers. This cannot be specified with Days or Date in a Lifecycle Expiration Policy.", "type": "boolean" } }, "type": "object", "additionalProperties": false }, "id": { "description": "Unique identifier for the rule. Must be less than or equal to 255 characters in length.", "type": "string" }, "noncurrentVersionExpiration": { "description": "Specifies when noncurrent object versions expire. See Noncurrent Version Expiration below for details.", "properties": { "days": { "description": "Specifies the number of days after object creation when the specific rule action takes effect.", "type": "number" } }, "type": "object", "additionalProperties": false }, "noncurrentVersionTransition": { "description": "Specifies when noncurrent object versions transitions. See Noncurrent Version Transition below for details.", "items": { "properties": { "days": { "description": "Specifies the number of days after object creation when the specific rule action takes effect.", "type": "number" }, "storageClass": { "description": "Specifies the Amazon S3 storage class to which you want the object to transition.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "prefix": { "description": "Object key prefix identifying one or more objects to which the rule applies.", "type": "string" }, "tags": { "additionalProperties": { "type": "string" }, "description": "Specifies object tags key and value.", "type": "object", "x-kubernetes-map-type": "granular" }, "transition": { "description": "Specifies a period in the object's transitions. See Transition below for details.", "items": { "properties": { "date": { "description": "Specifies the date after which you want the corresponding action to take effect.", "type": "string" }, "days": { "description": "Specifies the number of days after object creation when the specific rule action takes effect.", "type": "number" }, "storageClass": { "description": "Specifies the Amazon S3 storage class to which you want the object to transition.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "logging": { "description": "Configuration of S3 bucket logging parameters. See Logging below for details.\nUse the resource aws_s3_bucket_logging instead.", "properties": { "targetBucket": { "description": "Name of the bucket that will receive the log objects.", "type": "string" }, "targetPrefix": { "description": "To specify a key prefix for log objects.", "type": "string" } }, "type": "object", "additionalProperties": false }, "objectLockConfiguration": { "description": "Configuration of S3 object locking. See Object Lock Configuration below for details.\nUse the object_lock_enabled parameter and the resource aws_s3_bucket_object_lock_configuration instead.", "properties": { "objectLockEnabled": { "description": "Indicates whether this bucket has an Object Lock configuration enabled. Valid value is Enabled. Use the top-level argument object_lock_enabled instead.", "type": "string" }, "rule": { "description": "Object Lock rule in place for this bucket (documented below).", "properties": { "defaultRetention": { "description": "Default retention period that you want to apply to new objects placed in this bucket (documented below).", "properties": { "days": { "description": "Number of days that you want to specify for the default retention period.", "type": "number" }, "mode": { "description": "Default Object Lock retention mode you want to apply to new objects placed in this bucket. Valid values are GOVERNANCE and COMPLIANCE.", "type": "string" }, "years": { "description": "Number of years that you want to specify for the default retention period.", "type": "number" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "objectLockEnabled": { "description": "Indicates whether this bucket has an Object Lock configuration enabled. Valid values are true or false. This argument is not supported in all regions or partitions.", "type": "boolean" }, "policy": { "description": "Valid bucket policy JSON document. In this case, please make sure you use the verbose/specific version of the policy.\nUse the resource aws_s3_bucket_policy instead.", "type": "string" }, "region": { "description": "Region where this resource will be managed. Defaults to the Region set in the provider configuration.\nRegion is the region you'd like your resource to be created in.", "type": "string" }, "replicationConfiguration": { "description": "Configuration of replication configuration. See Replication Configuration below for details.\nUse the resource aws_s3_bucket_replication_configuration instead.", "properties": { "role": { "description": "ARN of the IAM role for Amazon S3 to assume when replicating the objects.", "type": "string" }, "rules": { "description": "Specifies the rules managing the replication (documented below).", "items": { "properties": { "deleteMarkerReplicationStatus": { "description": "Whether delete markers are replicated. The only valid value is Enabled. To disable, omit this argument. This argument is only valid with V2 replication configurations (i.e., when filter is used).", "type": "string" }, "destination": { "description": "Specifies the destination for the rule (documented below).", "properties": { "accessControlTranslation": { "description": "Specifies the overrides to use for object owners on replication (documented below). Must be used in conjunction with account_id owner override configuration.", "properties": { "owner": { "description": "Specifies the replica ownership. For default and valid values, see PUT bucket replication in the Amazon S3 API Reference. The only valid value is Destination.", "type": "string" } }, "type": "object", "additionalProperties": false }, "accountId": { "description": "Account ID to use for overriding the object owner on replication. Must be used in conjunction with access_control_translation override configuration.", "type": "string" }, "bucket": { "description": "ARN of the S3 bucket where you want Amazon S3 to store replicas of the object identified by the rule.", "type": "string" }, "metrics": { "description": "Enables replication metrics (documented below).", "properties": { "minutes": { "description": "Threshold within which objects are to be replicated. The only valid value is 15.", "type": "number" }, "status": { "description": "Status of RTC. Either Enabled or Disabled.", "type": "string" } }, "type": "object", "additionalProperties": false }, "replicaKmsKeyId": { "description": "Destination KMS encryption key ARN for SSE-KMS replication. Must be used in conjunction with\nsse_kms_encrypted_objects source selection criteria.", "type": "string" }, "replicationTime": { "description": "Enables S3 Replication Time Control (S3 RTC) (documented below).", "properties": { "minutes": { "description": "Threshold within which objects are to be replicated. The only valid value is 15.", "type": "number" }, "status": { "description": "Status of RTC. Either Enabled or Disabled.", "type": "string" } }, "type": "object", "additionalProperties": false }, "storageClass": { "description": "Specifies the Amazon S3 storage class to which you want the object to transition.", "type": "string" } }, "type": "object", "additionalProperties": false }, "filter": { "description": "Filter that identifies subset of objects to which the replication rule applies (documented below).", "properties": { "prefix": { "description": "Object keyname prefix that identifies subset of objects to which the rule applies. Must be less than or equal to 1024 characters in length.", "type": "string" }, "tags": { "additionalProperties": { "type": "string" }, "description": "A map of tags that identifies subset of objects to which the rule applies.\nThe rule applies only to objects having all the tags in its tagset.", "type": "object", "x-kubernetes-map-type": "granular" } }, "type": "object", "additionalProperties": false }, "id": { "description": "Unique identifier for the rule. Must be less than or equal to 255 characters in length.", "type": "string" }, "prefix": { "description": "Object keyname prefix identifying one or more objects to which the rule applies. Must be less than or equal to 1024 characters in length.", "type": "string" }, "priority": { "description": "Priority associated with the rule. Priority should only be set if filter is configured. If not provided, defaults to 0. Priority must be unique between multiple rules.", "type": "number" }, "sourceSelectionCriteria": { "description": "Specifies special object selection criteria (documented below).", "properties": { "sseKmsEncryptedObjects": { "description": "Match SSE-KMS encrypted objects (documented below). If specified, replica_kms_key_id\nin destination must be specified as well.", "properties": { "enabled": { "description": "Enable versioning. Once you version-enable a bucket, it can never return to an unversioned state. You can, however, suspend versioning on that bucket.", "type": "boolean" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "status": { "description": "Status of the rule. Either Enabled or Disabled. The rule is ignored if status is not Enabled.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" } }, "type": "object", "additionalProperties": false }, "requestPayer": { "description": "Specifies who should bear the cost of Amazon S3 data transfer.\nCan be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur the costs of any data transfer.\nSee Requester Pays Buckets developer guide for more information.\nUse the resource aws_s3_bucket_request_payment_configuration instead.", "type": "string" }, "serverSideEncryptionConfiguration": { "description": "Configuration of server-side encryption configuration. See Server Side Encryption Configuration below for details.\nUse the resource aws_s3_bucket_server_side_encryption_configuration instead.", "properties": { "rule": { "description": "Single object for server-side encryption by default configuration. (documented below)", "properties": { "applyServerSideEncryptionByDefault": { "description": "Single object for setting server-side encryption by default. (documented below)", "properties": { "kmsMasterKeyId": { "description": "AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of sse_algorithm as aws:kms. The default aws/s3 AWS KMS master key is used if this element is absent while the sse_algorithm is aws:kms.", "type": "string" }, "sseAlgorithm": { "description": "Server-side encryption algorithm to use. Valid values are AES256 and aws:kms", "type": "string" } }, "type": "object", "additionalProperties": false }, "bucketKeyEnabled": { "description": "Whether or not to use Amazon S3 Bucket Keys for SSE-KMS.", "type": "boolean" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "tags": { "additionalProperties": { "type": "string" }, "description": "Key-value map of resource tags.", "type": "object", "x-kubernetes-map-type": "granular" }, "tagsAll": { "additionalProperties": { "type": "string" }, "description": "Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.", "type": "object", "x-kubernetes-map-type": "granular" }, "versioning": { "description": "Configuration of the S3 bucket versioning state. See Versioning below for details. Use the resource aws_s3_bucket_versioning instead.", "properties": { "enabled": { "description": "Enable versioning. Once you version-enable a bucket, it can never return to an unversioned state. You can, however, suspend versioning on that bucket.", "type": "boolean" }, "mfaDelete": { "description": "Enable MFA delete for either Change the versioning state of your bucket or Permanently delete an object version. Default is false. This cannot be used to toggle this setting but is available to allow managed buckets to reflect the state in AWS", "type": "boolean" } }, "type": "object", "additionalProperties": false }, "website": { "description": "Configuration of the S3 bucket website. See Website below for details.\nUse the resource aws_s3_bucket_website_configuration instead.", "properties": { "errorDocument": { "description": "Absolute path to the document to return in case of a 4XX error.", "type": "string" }, "indexDocument": { "description": "Amazon S3 returns this index document when requests are made to the root domain or any of the subfolders.", "type": "string" }, "redirectAllRequestsTo": { "description": "Hostname to redirect all website requests for this bucket to. Hostname can optionally be prefixed with a protocol (http:// or https://) to use when redirecting requests. The default is the protocol that is used in the original request.", "type": "string" }, "routingRules": { "description": "JSON array containing routing rules\ndescribing redirect behavior and when redirects are applied.", "type": "string" } }, "type": "object", "additionalProperties": false }, "websiteDomain": { "description": "(Deprecated) Domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records. Use the resource aws_s3_bucket_website_configuration instead.", "type": "string" }, "websiteEndpoint": { "description": "(Deprecated) Website endpoint, if the bucket is configured with a website. If not, this will be an empty string. Use the resource aws_s3_bucket_website_configuration instead.", "type": "string" } }, "type": "object", "additionalProperties": false }, "conditions": { "description": "Conditions of the resource.", "items": { "description": "A Condition that may apply to a resource.", "properties": { "lastTransitionTime": { "description": "LastTransitionTime is the last time this condition transitioned from one\nstatus to another.", "format": "date-time", "type": "string" }, "message": { "description": "A Message containing details about this condition's last transition from\none status to another, if any.", "type": "string" }, "observedGeneration": { "description": "ObservedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", "format": "int64", "type": "integer" }, "reason": { "description": "A Reason for this condition's last transition from one status to another.", "type": "string" }, "status": { "description": "Status of this condition; is it currently True, False, or Unknown?", "type": "string" }, "type": { "description": "Type of this condition. At most one of each condition type may apply to\na resource at any point in time.", "type": "string" } }, "required": [ "lastTransitionTime", "reason", "status", "type" ], "type": "object", "additionalProperties": false }, "type": "array", "x-kubernetes-list-map-keys": [ "type" ], "x-kubernetes-list-type": "map" }, "observedGeneration": { "description": "ObservedGeneration is the latest metadata.generation\nwhich resulted in either a ready state, or stalled due to error\nit can not recover from without human intervention.", "format": "int64", "type": "integer" } }, "type": "object", "additionalProperties": false } }, "required": [ "spec" ], "type": "object" }