@pulumi/aws 6.13.0 → 6.13.2

package/iot/certificate.js

@@ -17,7 +17,7 @@ const utilities = require("../utilities");
  * import * as fs from "fs";
  *
  * const cert = new aws.iot.Certificate("cert", {
- *     csr: fs.readFileSync("/my/csr.pem"),
+ *     csr: fs.readFileSync("/my/csr.pem", "utf8"),
  *     active: true,
  * });
  * ```
@@ -37,7 +37,7 @@ const utilities = require("../utilities");
  * import * as fs from "fs";
  *
  * const cert = new aws.iot.Certificate("cert", {
- *     certificatePem: fs.readFileSync("/my/cert.pem"),
+ *     certificatePem: fs.readFileSync("/my/cert.pem", "utf8"),
  *     active: true,
  * });
  * ```

package/iot/policyAttachment.d.ts

@@ -20,7 +20,7 @@ import { Policy } from "./index";
  * });
  * const pubsubPolicy = new aws.iot.Policy("pubsubPolicy", {policy: pubsubPolicyDocument.then(pubsubPolicyDocument => pubsubPolicyDocument.json)});
  * const cert = new aws.iot.Certificate("cert", {
- *     csr: fs.readFileSync("csr.pem"),
+ *     csr: fs.readFileSync("csr.pem", "utf8"),
  *     active: true,
  * });
  * const att = new aws.iot.PolicyAttachment("att", {

package/iot/policyAttachment.js

@@ -24,7 +24,7 @@ const utilities = require("../utilities");
  * });
  * const pubsubPolicy = new aws.iot.Policy("pubsubPolicy", {policy: pubsubPolicyDocument.then(pubsubPolicyDocument => pubsubPolicyDocument.json)});
  * const cert = new aws.iot.Certificate("cert", {
- *     csr: fs.readFileSync("csr.pem"),
+ *     csr: fs.readFileSync("csr.pem", "utf8"),
  *     active: true,
  * });
  * const att = new aws.iot.PolicyAttachment("att", {

package/iot/thingPrincipalAttachment.d.ts

@@ -12,7 +12,7 @@ import { ARN } from "..";
  *
  * const example = new aws.iot.Thing("example", {});
  * const cert = new aws.iot.Certificate("cert", {
- *     csr: fs.readFileSync("csr.pem"),
+ *     csr: fs.readFileSync("csr.pem", "utf8"),
  *     active: true,
  * });
  * const att = new aws.iot.ThingPrincipalAttachment("att", {

package/iot/thingPrincipalAttachment.js

@@ -17,7 +17,7 @@ const utilities = require("../utilities");
  *
  * const example = new aws.iot.Thing("example", {});
  * const cert = new aws.iot.Certificate("cert", {
- *     csr: fs.readFileSync("csr.pem"),
+ *     csr: fs.readFileSync("csr.pem", "utf8"),
  *     active: true,
  * });
  * const att = new aws.iot.ThingPrincipalAttachment("att", {

package/ivs/playbackKeyPair.d.ts

@@ -10,7 +10,7 @@ import * as pulumi from "@pulumi/pulumi";
  * import * as aws from "@pulumi/aws";
  * import * as fs from "fs";
  *
- * const example = new aws.ivs.PlaybackKeyPair("example", {publicKey: fs.readFileSync("./public-key.pem")});
+ * const example = new aws.ivs.PlaybackKeyPair("example", {publicKey: fs.readFileSync("./public-key.pem", "utf8")});
  * ```
  *
  * ## Import

package/ivs/playbackKeyPair.js

@@ -16,7 +16,7 @@ const utilities = require("../utilities");
  * import * as aws from "@pulumi/aws";
  * import * as fs from "fs";
  *
- * const example = new aws.ivs.PlaybackKeyPair("example", {publicKey: fs.readFileSync("./public-key.pem")});
+ * const example = new aws.ivs.PlaybackKeyPair("example", {publicKey: fs.readFileSync("./public-key.pem", "utf8")});
  * ```
  *
  * ## Import

package/kms/customKeyStore.d.ts

@@ -14,7 +14,7 @@ import * as pulumi from "@pulumi/pulumi";
  *     cloudHsmClusterId: _var.cloud_hsm_cluster_id,
  *     customKeyStoreName: "kms-custom-key-store-test",
  *     keyStorePassword: "noplaintextpasswords1",
- *     trustAnchorCertificate: fs.readFileSync("anchor-certificate.crt"),
+ *     trustAnchorCertificate: fs.readFileSync("anchor-certificate.crt", "utf8"),
  * });
  * ```
  *

package/kms/customKeyStore.js

@@ -20,7 +20,7 @@ const utilities = require("../utilities");
  *     cloudHsmClusterId: _var.cloud_hsm_cluster_id,
  *     customKeyStoreName: "kms-custom-key-store-test",
  *     keyStorePassword: "noplaintextpasswords1",
- *     trustAnchorCertificate: fs.readFileSync("anchor-certificate.crt"),
+ *     trustAnchorCertificate: fs.readFileSync("anchor-certificate.crt", "utf8"),
  * });
  * ```
  *

package/lightsail/keyPair.d.ts

@@ -31,7 +31,7 @@ import * as pulumi from "@pulumi/pulumi";
  * import * as aws from "@pulumi/aws";
  * import * as fs from "fs";
  *
- * const lgKeyPair = new aws.lightsail.KeyPair("lgKeyPair", {publicKey: fs.readFileSync("~/.ssh/id_rsa.pub")});
+ * const lgKeyPair = new aws.lightsail.KeyPair("lgKeyPair", {publicKey: fs.readFileSync("~/.ssh/id_rsa.pub", "utf8")});
  * ```
  *
  * ## Import

package/lightsail/keyPair.js

@@ -37,7 +37,7 @@ const utilities = require("../utilities");
  * import * as aws from "@pulumi/aws";
  * import * as fs from "fs";
  *
- * const lgKeyPair = new aws.lightsail.KeyPair("lgKeyPair", {publicKey: fs.readFileSync("~/.ssh/id_rsa.pub")});
+ * const lgKeyPair = new aws.lightsail.KeyPair("lgKeyPair", {publicKey: fs.readFileSync("~/.ssh/id_rsa.pub", "utf8")});
  * ```
  *
  * ## Import

package/networkfirewall/ruleGroup.d.ts

@@ -39,7 +39,7 @@ import * as outputs from "../types/output";
  * const example = new aws.networkfirewall.RuleGroup("example", {
  *     capacity: 100,
  *     type: "STATEFUL",
- *     rules: fs.readFileSync("example.rules"),
+ *     rules: fs.readFileSync("example.rules", "utf8"),
  *     tags: {
  *         Tag1: "Value1",
  *         Tag2: "Value2",
@@ -87,7 +87,7 @@ import * as outputs from "../types/output";
  *             }],
  *         },
  *         rulesSource: {
- *             rulesString: fs.readFileSync("suricata_rules_file"),
+ *             rulesString: fs.readFileSync("suricata_rules_file", "utf8"),
  *         },
  *     },
  *     tags: {

package/networkfirewall/ruleGroup.js

@@ -43,7 +43,7 @@ const utilities = require("../utilities");
  * const example = new aws.networkfirewall.RuleGroup("example", {
  *     capacity: 100,
  *     type: "STATEFUL",
- *     rules: fs.readFileSync("example.rules"),
+ *     rules: fs.readFileSync("example.rules", "utf8"),
  *     tags: {
  *         Tag1: "Value1",
  *         Tag2: "Value2",
@@ -91,7 +91,7 @@ const utilities = require("../utilities");
  *             }],
  *         },
  *         rulesSource: {
- *             rulesString: fs.readFileSync("suricata_rules_file"),
+ *             rulesString: fs.readFileSync("suricata_rules_file", "utf8"),
  *         },
  *     },
  *     tags: {

package/opensearch/domainSamlOptions.d.ts

@@ -30,7 +30,7 @@ import * as outputs from "../types/output";
  *         enabled: true,
  *         idp: {
  *             entityId: "https://example.com",
- *             metadataContent: fs.readFileSync("./saml-metadata.xml"),
+ *             metadataContent: fs.readFileSync("./saml-metadata.xml", "utf8"),
  *         },
  *     },
  * });

package/opensearch/domainSamlOptions.js

@@ -34,7 +34,7 @@ const utilities = require("../utilities");
  *         enabled: true,
  *         idp: {
  *             entityId: "https://example.com",
- *             metadataContent: fs.readFileSync("./saml-metadata.xml"),
+ *             metadataContent: fs.readFileSync("./saml-metadata.xml", "utf8"),
  *         },
  *     },
  * });

package/opsworks/application.d.ts

@@ -32,8 +32,8 @@ import * as outputs from "../types/output";
  *     }],
  *     enableSsl: true,
  *     sslConfigurations: [{
- *         privateKey: fs.readFileSync("./foobar.key"),
- *         certificate: fs.readFileSync("./foobar.crt"),
+ *         privateKey: fs.readFileSync("./foobar.key", "utf8"),
+ *         certificate: fs.readFileSync("./foobar.crt", "utf8"),
  *     }],
  *     documentRoot: "public",
  *     autoBundleOnDeploy: "true",

package/opsworks/application.js

@@ -36,8 +36,8 @@ const utilities = require("../utilities");
  *     }],
  *     enableSsl: true,
  *     sslConfigurations: [{
- *         privateKey: fs.readFileSync("./foobar.key"),
- *         certificate: fs.readFileSync("./foobar.crt"),
+ *         privateKey: fs.readFileSync("./foobar.key", "utf8"),
+ *         certificate: fs.readFileSync("./foobar.crt", "utf8"),
  *     }],
  *     documentRoot: "public",
  *     autoBundleOnDeploy: "true",

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@pulumi/aws",
-    "version": "v6.13.0",
+    "version": "v6.13.2",
     "description": "A Pulumi package for creating and managing Amazon Web Services (AWS) cloud resources.",
     "keywords": [
         "pulumi",

package/pinpoint/apnsChannel.d.ts

@@ -13,8 +13,8 @@ import * as pulumi from "@pulumi/pulumi";
  * const app = new aws.pinpoint.App("app", {});
  * const apns = new aws.pinpoint.ApnsChannel("apns", {
  *     applicationId: app.applicationId,
- *     certificate: fs.readFileSync("./certificate.pem"),
- *     privateKey: fs.readFileSync("./private_key.key"),
+ *     certificate: fs.readFileSync("./certificate.pem", "utf8"),
+ *     privateKey: fs.readFileSync("./private_key.key", "utf8"),
  * });
  * ```
  *

package/pinpoint/apnsChannel.js

@@ -19,8 +19,8 @@ const utilities = require("../utilities");
  * const app = new aws.pinpoint.App("app", {});
  * const apns = new aws.pinpoint.ApnsChannel("apns", {
  *     applicationId: app.applicationId,
- *     certificate: fs.readFileSync("./certificate.pem"),
- *     privateKey: fs.readFileSync("./private_key.key"),
+ *     certificate: fs.readFileSync("./certificate.pem", "utf8"),
+ *     privateKey: fs.readFileSync("./private_key.key", "utf8"),
  * });
  * ```
  *

package/pinpoint/apnsSandboxChannel.d.ts

@@ -13,8 +13,8 @@ import * as pulumi from "@pulumi/pulumi";
  * const app = new aws.pinpoint.App("app", {});
  * const apnsSandbox = new aws.pinpoint.ApnsSandboxChannel("apnsSandbox", {
  *     applicationId: app.applicationId,
- *     certificate: fs.readFileSync("./certificate.pem"),
- *     privateKey: fs.readFileSync("./private_key.key"),
+ *     certificate: fs.readFileSync("./certificate.pem", "utf8"),
+ *     privateKey: fs.readFileSync("./private_key.key", "utf8"),
  * });
  * ```
  *

package/pinpoint/apnsSandboxChannel.js

@@ -19,8 +19,8 @@ const utilities = require("../utilities");
  * const app = new aws.pinpoint.App("app", {});
  * const apnsSandbox = new aws.pinpoint.ApnsSandboxChannel("apnsSandbox", {
  *     applicationId: app.applicationId,
- *     certificate: fs.readFileSync("./certificate.pem"),
- *     privateKey: fs.readFileSync("./private_key.key"),
+ *     certificate: fs.readFileSync("./certificate.pem", "utf8"),
+ *     privateKey: fs.readFileSync("./private_key.key", "utf8"),
  * });
  * ```
  *

package/pinpoint/apnsVoipChannel.d.ts

@@ -13,8 +13,8 @@ import * as pulumi from "@pulumi/pulumi";
  * const app = new aws.pinpoint.App("app", {});
  * const apnsVoip = new aws.pinpoint.ApnsVoipChannel("apnsVoip", {
  *     applicationId: app.applicationId,
- *     certificate: fs.readFileSync("./certificate.pem"),
- *     privateKey: fs.readFileSync("./private_key.key"),
+ *     certificate: fs.readFileSync("./certificate.pem", "utf8"),
+ *     privateKey: fs.readFileSync("./private_key.key", "utf8"),
  * });
  * ```
  *

package/pinpoint/apnsVoipChannel.js

@@ -19,8 +19,8 @@ const utilities = require("../utilities");
  * const app = new aws.pinpoint.App("app", {});
  * const apnsVoip = new aws.pinpoint.ApnsVoipChannel("apnsVoip", {
  *     applicationId: app.applicationId,
- *     certificate: fs.readFileSync("./certificate.pem"),
- *     privateKey: fs.readFileSync("./private_key.key"),
+ *     certificate: fs.readFileSync("./certificate.pem", "utf8"),
+ *     privateKey: fs.readFileSync("./private_key.key", "utf8"),
  * });
  * ```
  *

package/pinpoint/apnsVoipSandboxChannel.d.ts

@@ -13,8 +13,8 @@ import * as pulumi from "@pulumi/pulumi";
  * const app = new aws.pinpoint.App("app", {});
  * const apnsVoipSandbox = new aws.pinpoint.ApnsVoipSandboxChannel("apnsVoipSandbox", {
  *     applicationId: app.applicationId,
- *     certificate: fs.readFileSync("./certificate.pem"),
- *     privateKey: fs.readFileSync("./private_key.key"),
+ *     certificate: fs.readFileSync("./certificate.pem", "utf8"),
+ *     privateKey: fs.readFileSync("./private_key.key", "utf8"),
  * });
  * ```
  *

package/pinpoint/apnsVoipSandboxChannel.js

@@ -19,8 +19,8 @@ const utilities = require("../utilities");
  * const app = new aws.pinpoint.App("app", {});
  * const apnsVoipSandbox = new aws.pinpoint.ApnsVoipSandboxChannel("apnsVoipSandbox", {
  *     applicationId: app.applicationId,
- *     certificate: fs.readFileSync("./certificate.pem"),
- *     privateKey: fs.readFileSync("./private_key.key"),
+ *     certificate: fs.readFileSync("./certificate.pem", "utf8"),
+ *     privateKey: fs.readFileSync("./private_key.key", "utf8"),
  * });
  * ```
  *

package/s3/bucket.d.ts

@@ -32,7 +32,7 @@ import { PolicyDocument } from "../iam";
  *
  * const bucket = new aws.s3.Bucket("bucket", {
  *     acl: "public-read",
- *     policy: fs.readFileSync("policy.json"),
+ *     policy: fs.readFileSync("policy.json", "utf8"),
  *     website: {
  *         indexDocument: "index.html",
  *         errorDocument: "error.html",

package/s3/bucket.js

@@ -34,7 +34,7 @@ const utilities = require("../utilities");
  *
  * const bucket = new aws.s3.Bucket("bucket", {
  *     acl: "public-read",
- *     policy: fs.readFileSync("policy.json"),
+ *     policy: fs.readFileSync("policy.json", "utf8"),
  *     website: {
  *         indexDocument: "index.html",
  *         errorDocument: "error.html",

package/s3control/accessGrant.d.ts

@@ -0,0 +1,198 @@
+import * as pulumi from "@pulumi/pulumi";
+import * as inputs from "../types/input";
+import * as outputs from "../types/output";
+/**
+ * Provides a resource to manage an S3 Access Grant.
+ * Each access grant has its own ID and gives an IAM user or role or a directory user, or group (the grantee) access to a registered location. You determine the level of access, such as `READ` or `READWRITE`.
+ * Before you can create a grant, you must have an S3 Access Grants instance in the same Region as the S3 data.
+ *
+ * ## Example Usage
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as aws from "@pulumi/aws";
+ *
+ * const exampleAccessGrantsInstance = new aws.s3control.AccessGrantsInstance("exampleAccessGrantsInstance", {});
+ * const exampleAccessGrantsLocation = new aws.s3control.AccessGrantsLocation("exampleAccessGrantsLocation", {
+ *     iamRoleArn: aws_iam_role.example.arn,
+ *     locationScope: `s3://${aws_s3_bucket.example.bucket}/prefixA*`,
+ * }, {
+ *     dependsOn: [exampleAccessGrantsInstance],
+ * });
+ * const exampleAccessGrant = new aws.s3control.AccessGrant("exampleAccessGrant", {
+ *     accessGrantsLocationId: exampleAccessGrantsLocation.accessGrantsLocationId,
+ *     permission: "READ",
+ *     accessGrantsLocationConfiguration: {
+ *         s3SubPrefix: "prefixB*",
+ *     },
+ *     grantee: {
+ *         granteeType: "IAM",
+ *         granteeIdentifier: aws_iam_user.example.arn,
+ *     },
+ * });
+ * ```
+ *
+ * ## Import
+ *
+ * Using `pulumi import`, import S3 Access Grants using the `account_id` and `access_grant_id`, separated by a comma (`,`). For example:
+ *
+ * ```sh
+ *  $ pulumi import aws:s3control/accessGrant:AccessGrant example 123456789012,04549c5e-2f3c-4a07-824d-2cafe720aa22
+ * ```
+ */
+export declare class AccessGrant extends pulumi.CustomResource {
+    /**
+     * Get an existing AccessGrant resource's state with the given name, ID, and optional extra
+     * properties used to qualify the lookup.
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param id The _unique_ provider ID of the resource to lookup.
+     * @param state Any extra arguments used during the lookup.
+     * @param opts Optional settings to control the behavior of the CustomResource.
+     */
+    static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AccessGrantState, opts?: pulumi.CustomResourceOptions): AccessGrant;
+    /**
+     * Returns true if the given object is an instance of AccessGrant.  This is designed to work even
+     * when multiple copies of the Pulumi SDK have been loaded into the same process.
+     */
+    static isInstance(obj: any): obj is AccessGrant;
+    /**
+     * Amazon Resource Name (ARN) of the S3 Access Grant.
+     */
+    readonly accessGrantArn: pulumi.Output<string>;
+    /**
+     * Unique ID of the S3 Access Grant.
+     */
+    readonly accessGrantId: pulumi.Output<string>;
+    /**
+     * See Location Configuration below for more details.
+     */
+    readonly accessGrantsLocationConfiguration: pulumi.Output<outputs.s3control.AccessGrantAccessGrantsLocationConfiguration | undefined>;
+    /**
+     * The ID of the S3 Access Grants location to with the access grant is giving access.
+     */
+    readonly accessGrantsLocationId: pulumi.Output<string>;
+    readonly accountId: pulumi.Output<string>;
+    /**
+     * The access grant's scope.
+     */
+    readonly grantScope: pulumi.Output<string>;
+    /**
+     * See Grantee below for more details.
+     */
+    readonly grantee: pulumi.Output<outputs.s3control.AccessGrantGrantee | undefined>;
+    /**
+     * The access grant's level of access. Valid values: `READ`, `WRITE`, `READWRITE`.
+     */
+    readonly permission: pulumi.Output<string>;
+    /**
+     * If you are creating an access grant that grants access to only one object, set this to `Object`. Valid values: `Object`.
+     */
+    readonly s3PrefixType: pulumi.Output<string | undefined>;
+    /**
+     * Key-value map of resource tags. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
+     */
+    readonly tags: pulumi.Output<{
+        [key: string]: string;
+    } | undefined>;
+    /**
+     * A map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block.
+     *
+     * @deprecated Please use `tags` instead.
+     */
+    readonly tagsAll: pulumi.Output<{
+        [key: string]: string;
+    }>;
+    /**
+     * Create a AccessGrant resource with the given unique name, arguments, and options.
+     *
+     * @param name The _unique_ name of the resource.
+     * @param args The arguments to use to populate this resource's properties.
+     * @param opts A bag of options that control this resource's behavior.
+     */
+    constructor(name: string, args: AccessGrantArgs, opts?: pulumi.CustomResourceOptions);
+}
+/**
+ * Input properties used for looking up and filtering AccessGrant resources.
+ */
+export interface AccessGrantState {
+    /**
+     * Amazon Resource Name (ARN) of the S3 Access Grant.
+     */
+    accessGrantArn?: pulumi.Input<string>;
+    /**
+     * Unique ID of the S3 Access Grant.
+     */
+    accessGrantId?: pulumi.Input<string>;
+    /**
+     * See Location Configuration below for more details.
+     */
+    accessGrantsLocationConfiguration?: pulumi.Input<inputs.s3control.AccessGrantAccessGrantsLocationConfiguration>;
+    /**
+     * The ID of the S3 Access Grants location to with the access grant is giving access.
+     */
+    accessGrantsLocationId?: pulumi.Input<string>;
+    accountId?: pulumi.Input<string>;
+    /**
+     * The access grant's scope.
+     */
+    grantScope?: pulumi.Input<string>;
+    /**
+     * See Grantee below for more details.
+     */
+    grantee?: pulumi.Input<inputs.s3control.AccessGrantGrantee>;
+    /**
+     * The access grant's level of access. Valid values: `READ`, `WRITE`, `READWRITE`.
+     */
+    permission?: pulumi.Input<string>;
+    /**
+     * If you are creating an access grant that grants access to only one object, set this to `Object`. Valid values: `Object`.
+     */
+    s3PrefixType?: pulumi.Input<string>;
+    /**
+     * Key-value map of resource tags. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
+     */
+    tags?: pulumi.Input<{
+        [key: string]: pulumi.Input<string>;
+    }>;
+    /**
+     * A map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block.
+     *
+     * @deprecated Please use `tags` instead.
+     */
+    tagsAll?: pulumi.Input<{
+        [key: string]: pulumi.Input<string>;
+    }>;
+}
+/**
+ * The set of arguments for constructing a AccessGrant resource.
+ */
+export interface AccessGrantArgs {
+    /**
+     * See Location Configuration below for more details.
+     */
+    accessGrantsLocationConfiguration?: pulumi.Input<inputs.s3control.AccessGrantAccessGrantsLocationConfiguration>;
+    /**
+     * The ID of the S3 Access Grants location to with the access grant is giving access.
+     */
+    accessGrantsLocationId: pulumi.Input<string>;
+    accountId?: pulumi.Input<string>;
+    /**
+     * See Grantee below for more details.
+     */
+    grantee?: pulumi.Input<inputs.s3control.AccessGrantGrantee>;
+    /**
+     * The access grant's level of access. Valid values: `READ`, `WRITE`, `READWRITE`.
+     */
+    permission: pulumi.Input<string>;
+    /**
+     * If you are creating an access grant that grants access to only one object, set this to `Object`. Valid values: `Object`.
+     */
+    s3PrefixType?: pulumi.Input<string>;
+    /**
+     * Key-value map of resource tags. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
+     */
+    tags?: pulumi.Input<{
+        [key: string]: pulumi.Input<string>;
+    }>;
+}

package/s3control/accessGrant.js

@@ -0,0 +1,116 @@
+"use strict";
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AccessGrant = void 0;
+const pulumi = require("@pulumi/pulumi");
+const utilities = require("../utilities");
+/**
+ * Provides a resource to manage an S3 Access Grant.
+ * Each access grant has its own ID and gives an IAM user or role or a directory user, or group (the grantee) access to a registered location. You determine the level of access, such as `READ` or `READWRITE`.
+ * Before you can create a grant, you must have an S3 Access Grants instance in the same Region as the S3 data.
+ *
+ * ## Example Usage
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as aws from "@pulumi/aws";
+ *
+ * const exampleAccessGrantsInstance = new aws.s3control.AccessGrantsInstance("exampleAccessGrantsInstance", {});
+ * const exampleAccessGrantsLocation = new aws.s3control.AccessGrantsLocation("exampleAccessGrantsLocation", {
+ *     iamRoleArn: aws_iam_role.example.arn,
+ *     locationScope: `s3://${aws_s3_bucket.example.bucket}/prefixA*`,
+ * }, {
+ *     dependsOn: [exampleAccessGrantsInstance],
+ * });
+ * const exampleAccessGrant = new aws.s3control.AccessGrant("exampleAccessGrant", {
+ *     accessGrantsLocationId: exampleAccessGrantsLocation.accessGrantsLocationId,
+ *     permission: "READ",
+ *     accessGrantsLocationConfiguration: {
+ *         s3SubPrefix: "prefixB*",
+ *     },
+ *     grantee: {
+ *         granteeType: "IAM",
+ *         granteeIdentifier: aws_iam_user.example.arn,
+ *     },
+ * });
+ * ```
+ *
+ * ## Import
+ *
+ * Using `pulumi import`, import S3 Access Grants using the `account_id` and `access_grant_id`, separated by a comma (`,`). For example:
+ *
+ * ```sh
+ *  $ pulumi import aws:s3control/accessGrant:AccessGrant example 123456789012,04549c5e-2f3c-4a07-824d-2cafe720aa22
+ * ```
+ */
+class AccessGrant extends pulumi.CustomResource {
+    /**
+     * Get an existing AccessGrant resource's state with the given name, ID, and optional extra
+     * properties used to qualify the lookup.
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param id The _unique_ provider ID of the resource to lookup.
+     * @param state Any extra arguments used during the lookup.
+     * @param opts Optional settings to control the behavior of the CustomResource.
+     */
+    static get(name, id, state, opts) {
+        return new AccessGrant(name, state, Object.assign(Object.assign({}, opts), { id: id }));
+    }
+    /**
+     * Returns true if the given object is an instance of AccessGrant.  This is designed to work even
+     * when multiple copies of the Pulumi SDK have been loaded into the same process.
+     */
+    static isInstance(obj) {
+        if (obj === undefined || obj === null) {
+            return false;
+        }
+        return obj['__pulumiType'] === AccessGrant.__pulumiType;
+    }
+    constructor(name, argsOrState, opts) {
+        let resourceInputs = {};
+        opts = opts || {};
+        if (opts.id) {
+            const state = argsOrState;
+            resourceInputs["accessGrantArn"] = state ? state.accessGrantArn : undefined;
+            resourceInputs["accessGrantId"] = state ? state.accessGrantId : undefined;
+            resourceInputs["accessGrantsLocationConfiguration"] = state ? state.accessGrantsLocationConfiguration : undefined;
+            resourceInputs["accessGrantsLocationId"] = state ? state.accessGrantsLocationId : undefined;
+            resourceInputs["accountId"] = state ? state.accountId : undefined;
+            resourceInputs["grantScope"] = state ? state.grantScope : undefined;
+            resourceInputs["grantee"] = state ? state.grantee : undefined;
+            resourceInputs["permission"] = state ? state.permission : undefined;
+            resourceInputs["s3PrefixType"] = state ? state.s3PrefixType : undefined;
+            resourceInputs["tags"] = state ? state.tags : undefined;
+            resourceInputs["tagsAll"] = state ? state.tagsAll : undefined;
+        }
+        else {
+            const args = argsOrState;
+            if ((!args || args.accessGrantsLocationId === undefined) && !opts.urn) {
+                throw new Error("Missing required property 'accessGrantsLocationId'");
+            }
+            if ((!args || args.permission === undefined) && !opts.urn) {
+                throw new Error("Missing required property 'permission'");
+            }
+            resourceInputs["accessGrantsLocationConfiguration"] = args ? args.accessGrantsLocationConfiguration : undefined;
+            resourceInputs["accessGrantsLocationId"] = args ? args.accessGrantsLocationId : undefined;
+            resourceInputs["accountId"] = args ? args.accountId : undefined;
+            resourceInputs["grantee"] = args ? args.grantee : undefined;
+            resourceInputs["permission"] = args ? args.permission : undefined;
+            resourceInputs["s3PrefixType"] = args ? args.s3PrefixType : undefined;
+            resourceInputs["tags"] = args ? args.tags : undefined;
+            resourceInputs["accessGrantArn"] = undefined /*out*/;
+            resourceInputs["accessGrantId"] = undefined /*out*/;
+            resourceInputs["grantScope"] = undefined /*out*/;
+            resourceInputs["tagsAll"] = undefined /*out*/;
+        }
+        opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
+        const secretOpts = { additionalSecretOutputs: ["tagsAll"] };
+        opts = pulumi.mergeOptions(opts, secretOpts);
+        super(AccessGrant.__pulumiType, name, resourceInputs, opts);
+    }
+}
+exports.AccessGrant = AccessGrant;
+/** @internal */
+AccessGrant.__pulumiType = 'aws:s3control/accessGrant:AccessGrant';
+//# sourceMappingURL=accessGrant.js.map