@pulumi/aws 6.13.1 → 6.13.3

package/eks/podIdentityAssociation.js

@@ -0,0 +1,129 @@
+"use strict";
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PodIdentityAssociation = void 0;
+const pulumi = require("@pulumi/pulumi");
+const utilities = require("../utilities");
+/**
+ * Resource for managing an AWS EKS (Elastic Kubernetes) Pod Identity Association.
+ *
+ * Creates an EKS Pod Identity association between a service account in an Amazon EKS cluster and an IAM role with EKS Pod Identity. Use EKS Pod Identity to give temporary IAM credentials to pods and the credentials are rotated automatically.
+ *
+ * Amazon EKS Pod Identity associations provide the ability to manage credentials for your applications, similar to the way that EC2 instance profiles provide credentials to Amazon EC2 instances.
+ *
+ * If a pod uses a service account that has an association, Amazon EKS sets environment variables in the containers of the pod. The environment variables configure the Amazon Web Services SDKs, including the Command Line Interface, to use the EKS Pod Identity credentials.
+ *
+ * Pod Identity is a simpler method than IAM roles for service accounts, as this method doesn’t use OIDC identity providers. Additionally, you can configure a role for Pod Identity once, and reuse it across clusters.
+ *
+ * ## Example Usage
+ * ### Basic Usage
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as aws from "@pulumi/aws";
+ *
+ * const assumeRole = aws.iam.getPolicyDocument({
+ *     statements: [{
+ *         effect: "Allow",
+ *         principals: [{
+ *             type: "Service",
+ *             identifiers: ["pods.eks.amazonaws.com"],
+ *         }],
+ *         actions: [
+ *             "sts:AssumeRole",
+ *             "sts:TagSession",
+ *         ],
+ *     }],
+ * });
+ * const exampleRole = new aws.iam.Role("exampleRole", {assumeRolePolicy: assumeRole.then(assumeRole => assumeRole.json)});
+ * const exampleS3 = new aws.iam.RolePolicyAttachment("exampleS3", {
+ *     policyArn: "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess",
+ *     role: exampleRole.name,
+ * });
+ * const examplePodIdentityAssociation = new aws.eks.PodIdentityAssociation("examplePodIdentityAssociation", {
+ *     clusterName: aws_eks_cluster.example.name,
+ *     namespace: "example",
+ *     serviceAccount: "example-sa",
+ *     roleArn: exampleRole.arn,
+ * });
+ * ```
+ *
+ * ## Import
+ *
+ * Using `pulumi import`, import EKS (Elastic Kubernetes) Pod Identity Association using the `cluster_name` and `association_id` separated by a comma (`,`). For example:
+ *
+ * ```sh
+ *  $ pulumi import aws:eks/podIdentityAssociation:PodIdentityAssociation example example,a-12345678
+ * ```
+ */
+class PodIdentityAssociation extends pulumi.CustomResource {
+    /**
+     * Get an existing PodIdentityAssociation resource's state with the given name, ID, and optional extra
+     * properties used to qualify the lookup.
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param id The _unique_ provider ID of the resource to lookup.
+     * @param state Any extra arguments used during the lookup.
+     * @param opts Optional settings to control the behavior of the CustomResource.
+     */
+    static get(name, id, state, opts) {
+        return new PodIdentityAssociation(name, state, Object.assign(Object.assign({}, opts), { id: id }));
+    }
+    /**
+     * Returns true if the given object is an instance of PodIdentityAssociation.  This is designed to work even
+     * when multiple copies of the Pulumi SDK have been loaded into the same process.
+     */
+    static isInstance(obj) {
+        if (obj === undefined || obj === null) {
+            return false;
+        }
+        return obj['__pulumiType'] === PodIdentityAssociation.__pulumiType;
+    }
+    constructor(name, argsOrState, opts) {
+        let resourceInputs = {};
+        opts = opts || {};
+        if (opts.id) {
+            const state = argsOrState;
+            resourceInputs["associationArn"] = state ? state.associationArn : undefined;
+            resourceInputs["associationId"] = state ? state.associationId : undefined;
+            resourceInputs["clusterName"] = state ? state.clusterName : undefined;
+            resourceInputs["namespace"] = state ? state.namespace : undefined;
+            resourceInputs["roleArn"] = state ? state.roleArn : undefined;
+            resourceInputs["serviceAccount"] = state ? state.serviceAccount : undefined;
+            resourceInputs["tags"] = state ? state.tags : undefined;
+            resourceInputs["tagsAll"] = state ? state.tagsAll : undefined;
+        }
+        else {
+            const args = argsOrState;
+            if ((!args || args.clusterName === undefined) && !opts.urn) {
+                throw new Error("Missing required property 'clusterName'");
+            }
+            if ((!args || args.namespace === undefined) && !opts.urn) {
+                throw new Error("Missing required property 'namespace'");
+            }
+            if ((!args || args.roleArn === undefined) && !opts.urn) {
+                throw new Error("Missing required property 'roleArn'");
+            }
+            if ((!args || args.serviceAccount === undefined) && !opts.urn) {
+                throw new Error("Missing required property 'serviceAccount'");
+            }
+            resourceInputs["clusterName"] = args ? args.clusterName : undefined;
+            resourceInputs["namespace"] = args ? args.namespace : undefined;
+            resourceInputs["roleArn"] = args ? args.roleArn : undefined;
+            resourceInputs["serviceAccount"] = args ? args.serviceAccount : undefined;
+            resourceInputs["tags"] = args ? args.tags : undefined;
+            resourceInputs["associationArn"] = undefined /*out*/;
+            resourceInputs["associationId"] = undefined /*out*/;
+            resourceInputs["tagsAll"] = undefined /*out*/;
+        }
+        opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
+        const secretOpts = { additionalSecretOutputs: ["tagsAll"] };
+        opts = pulumi.mergeOptions(opts, secretOpts);
+        super(PodIdentityAssociation.__pulumiType, name, resourceInputs, opts);
+    }
+}
+exports.PodIdentityAssociation = PodIdentityAssociation;
+/** @internal */
+PodIdentityAssociation.__pulumiType = 'aws:eks/podIdentityAssociation:PodIdentityAssociation';
+//# sourceMappingURL=podIdentityAssociation.js.map

package/eks/podIdentityAssociation.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"podIdentityAssociation.js","sourceRoot":"","sources":["../../eks/podIdentityAssociation.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AACzC,0CAA0C;AAE1C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmDG;AACH,MAAa,sBAAuB,SAAQ,MAAM,CAAC,cAAc;IAC7D;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAAmC,EAAE,IAAmC;QACjI,OAAO,IAAI,sBAAsB,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IAC7E,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,sBAAsB,CAAC,YAAY,CAAC;IACvE,CAAC;IA+CD,YAAY,IAAY,EAAE,WAAsE,EAAE,IAAmC;QACjI,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAsD,CAAC;YACrE,cAAc,CAAC,gBAAgB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5E,cAAc,CAAC,eAAe,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1E,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,gBAAgB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5E,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;SACjE;aAAM;YACH,MAAM,IAAI,GAAG,WAAqD,CAAC;YACnE,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,WAAW,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACxD,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;aAC9D;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,SAAS,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACtD,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;aAC5D;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,OAAO,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACpD,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;aAC1D;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,cAAc,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBAC3D,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;aACjE;YACD,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1E,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,gBAAgB,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YACrD,cAAc,CAAC,eAAe,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YACpD,cAAc,CAAC,SAAS,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;SACjD;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,MAAM,UAAU,GAAG,EAAE,uBAAuB,EAAE,CAAC,SAAS,CAAC,EAAE,CAAC;QAC5D,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;QAC7C,KAAK,CAAC,sBAAsB,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IAC3E,CAAC;;AAjHL,wDAkHC;AApGG,gBAAgB;AACO,mCAAY,GAAG,uDAAuD,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@pulumi/aws",
-    "version": "v6.13.1",
+    "version": "v6.13.3",
     "description": "A Pulumi package for creating and managing Amazon Web Services (AWS) cloud resources.",
     "keywords": [
         "pulumi",

package/s3control/accessGrant.d.ts

@@ -0,0 +1,198 @@
+import * as pulumi from "@pulumi/pulumi";
+import * as inputs from "../types/input";
+import * as outputs from "../types/output";
+/**
+ * Provides a resource to manage an S3 Access Grant.
+ * Each access grant has its own ID and gives an IAM user or role or a directory user, or group (the grantee) access to a registered location. You determine the level of access, such as `READ` or `READWRITE`.
+ * Before you can create a grant, you must have an S3 Access Grants instance in the same Region as the S3 data.
+ *
+ * ## Example Usage
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as aws from "@pulumi/aws";
+ *
+ * const exampleAccessGrantsInstance = new aws.s3control.AccessGrantsInstance("exampleAccessGrantsInstance", {});
+ * const exampleAccessGrantsLocation = new aws.s3control.AccessGrantsLocation("exampleAccessGrantsLocation", {
+ *     iamRoleArn: aws_iam_role.example.arn,
+ *     locationScope: `s3://${aws_s3_bucket.example.bucket}/prefixA*`,
+ * }, {
+ *     dependsOn: [exampleAccessGrantsInstance],
+ * });
+ * const exampleAccessGrant = new aws.s3control.AccessGrant("exampleAccessGrant", {
+ *     accessGrantsLocationId: exampleAccessGrantsLocation.accessGrantsLocationId,
+ *     permission: "READ",
+ *     accessGrantsLocationConfiguration: {
+ *         s3SubPrefix: "prefixB*",
+ *     },
+ *     grantee: {
+ *         granteeType: "IAM",
+ *         granteeIdentifier: aws_iam_user.example.arn,
+ *     },
+ * });
+ * ```
+ *
+ * ## Import
+ *
+ * Using `pulumi import`, import S3 Access Grants using the `account_id` and `access_grant_id`, separated by a comma (`,`). For example:
+ *
+ * ```sh
+ *  $ pulumi import aws:s3control/accessGrant:AccessGrant example 123456789012,04549c5e-2f3c-4a07-824d-2cafe720aa22
+ * ```
+ */
+export declare class AccessGrant extends pulumi.CustomResource {
+    /**
+     * Get an existing AccessGrant resource's state with the given name, ID, and optional extra
+     * properties used to qualify the lookup.
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param id The _unique_ provider ID of the resource to lookup.
+     * @param state Any extra arguments used during the lookup.
+     * @param opts Optional settings to control the behavior of the CustomResource.
+     */
+    static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AccessGrantState, opts?: pulumi.CustomResourceOptions): AccessGrant;
+    /**
+     * Returns true if the given object is an instance of AccessGrant.  This is designed to work even
+     * when multiple copies of the Pulumi SDK have been loaded into the same process.
+     */
+    static isInstance(obj: any): obj is AccessGrant;
+    /**
+     * Amazon Resource Name (ARN) of the S3 Access Grant.
+     */
+    readonly accessGrantArn: pulumi.Output<string>;
+    /**
+     * Unique ID of the S3 Access Grant.
+     */
+    readonly accessGrantId: pulumi.Output<string>;
+    /**
+     * See Location Configuration below for more details.
+     */
+    readonly accessGrantsLocationConfiguration: pulumi.Output<outputs.s3control.AccessGrantAccessGrantsLocationConfiguration | undefined>;
+    /**
+     * The ID of the S3 Access Grants location to with the access grant is giving access.
+     */
+    readonly accessGrantsLocationId: pulumi.Output<string>;
+    readonly accountId: pulumi.Output<string>;
+    /**
+     * The access grant's scope.
+     */
+    readonly grantScope: pulumi.Output<string>;
+    /**
+     * See Grantee below for more details.
+     */
+    readonly grantee: pulumi.Output<outputs.s3control.AccessGrantGrantee | undefined>;
+    /**
+     * The access grant's level of access. Valid values: `READ`, `WRITE`, `READWRITE`.
+     */
+    readonly permission: pulumi.Output<string>;
+    /**
+     * If you are creating an access grant that grants access to only one object, set this to `Object`. Valid values: `Object`.
+     */
+    readonly s3PrefixType: pulumi.Output<string | undefined>;
+    /**
+     * Key-value map of resource tags. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
+     */
+    readonly tags: pulumi.Output<{
+        [key: string]: string;
+    } | undefined>;
+    /**
+     * A map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block.
+     *
+     * @deprecated Please use `tags` instead.
+     */
+    readonly tagsAll: pulumi.Output<{
+        [key: string]: string;
+    }>;
+    /**
+     * Create a AccessGrant resource with the given unique name, arguments, and options.
+     *
+     * @param name The _unique_ name of the resource.
+     * @param args The arguments to use to populate this resource's properties.
+     * @param opts A bag of options that control this resource's behavior.
+     */
+    constructor(name: string, args: AccessGrantArgs, opts?: pulumi.CustomResourceOptions);
+}
+/**
+ * Input properties used for looking up and filtering AccessGrant resources.
+ */
+export interface AccessGrantState {
+    /**
+     * Amazon Resource Name (ARN) of the S3 Access Grant.
+     */
+    accessGrantArn?: pulumi.Input<string>;
+    /**
+     * Unique ID of the S3 Access Grant.
+     */
+    accessGrantId?: pulumi.Input<string>;
+    /**
+     * See Location Configuration below for more details.
+     */
+    accessGrantsLocationConfiguration?: pulumi.Input<inputs.s3control.AccessGrantAccessGrantsLocationConfiguration>;
+    /**
+     * The ID of the S3 Access Grants location to with the access grant is giving access.
+     */
+    accessGrantsLocationId?: pulumi.Input<string>;
+    accountId?: pulumi.Input<string>;
+    /**
+     * The access grant's scope.
+     */
+    grantScope?: pulumi.Input<string>;
+    /**
+     * See Grantee below for more details.
+     */
+    grantee?: pulumi.Input<inputs.s3control.AccessGrantGrantee>;
+    /**
+     * The access grant's level of access. Valid values: `READ`, `WRITE`, `READWRITE`.
+     */
+    permission?: pulumi.Input<string>;
+    /**
+     * If you are creating an access grant that grants access to only one object, set this to `Object`. Valid values: `Object`.
+     */
+    s3PrefixType?: pulumi.Input<string>;
+    /**
+     * Key-value map of resource tags. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
+     */
+    tags?: pulumi.Input<{
+        [key: string]: pulumi.Input<string>;
+    }>;
+    /**
+     * A map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block.
+     *
+     * @deprecated Please use `tags` instead.
+     */
+    tagsAll?: pulumi.Input<{
+        [key: string]: pulumi.Input<string>;
+    }>;
+}
+/**
+ * The set of arguments for constructing a AccessGrant resource.
+ */
+export interface AccessGrantArgs {
+    /**
+     * See Location Configuration below for more details.
+     */
+    accessGrantsLocationConfiguration?: pulumi.Input<inputs.s3control.AccessGrantAccessGrantsLocationConfiguration>;
+    /**
+     * The ID of the S3 Access Grants location to with the access grant is giving access.
+     */
+    accessGrantsLocationId: pulumi.Input<string>;
+    accountId?: pulumi.Input<string>;
+    /**
+     * See Grantee below for more details.
+     */
+    grantee?: pulumi.Input<inputs.s3control.AccessGrantGrantee>;
+    /**
+     * The access grant's level of access. Valid values: `READ`, `WRITE`, `READWRITE`.
+     */
+    permission: pulumi.Input<string>;
+    /**
+     * If you are creating an access grant that grants access to only one object, set this to `Object`. Valid values: `Object`.
+     */
+    s3PrefixType?: pulumi.Input<string>;
+    /**
+     * Key-value map of resource tags. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
+     */
+    tags?: pulumi.Input<{
+        [key: string]: pulumi.Input<string>;
+    }>;
+}

package/s3control/accessGrant.js

@@ -0,0 +1,116 @@
+"use strict";
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AccessGrant = void 0;
+const pulumi = require("@pulumi/pulumi");
+const utilities = require("../utilities");
+/**
+ * Provides a resource to manage an S3 Access Grant.
+ * Each access grant has its own ID and gives an IAM user or role or a directory user, or group (the grantee) access to a registered location. You determine the level of access, such as `READ` or `READWRITE`.
+ * Before you can create a grant, you must have an S3 Access Grants instance in the same Region as the S3 data.
+ *
+ * ## Example Usage
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as aws from "@pulumi/aws";
+ *
+ * const exampleAccessGrantsInstance = new aws.s3control.AccessGrantsInstance("exampleAccessGrantsInstance", {});
+ * const exampleAccessGrantsLocation = new aws.s3control.AccessGrantsLocation("exampleAccessGrantsLocation", {
+ *     iamRoleArn: aws_iam_role.example.arn,
+ *     locationScope: `s3://${aws_s3_bucket.example.bucket}/prefixA*`,
+ * }, {
+ *     dependsOn: [exampleAccessGrantsInstance],
+ * });
+ * const exampleAccessGrant = new aws.s3control.AccessGrant("exampleAccessGrant", {
+ *     accessGrantsLocationId: exampleAccessGrantsLocation.accessGrantsLocationId,
+ *     permission: "READ",
+ *     accessGrantsLocationConfiguration: {
+ *         s3SubPrefix: "prefixB*",
+ *     },
+ *     grantee: {
+ *         granteeType: "IAM",
+ *         granteeIdentifier: aws_iam_user.example.arn,
+ *     },
+ * });
+ * ```
+ *
+ * ## Import
+ *
+ * Using `pulumi import`, import S3 Access Grants using the `account_id` and `access_grant_id`, separated by a comma (`,`). For example:
+ *
+ * ```sh
+ *  $ pulumi import aws:s3control/accessGrant:AccessGrant example 123456789012,04549c5e-2f3c-4a07-824d-2cafe720aa22
+ * ```
+ */
+class AccessGrant extends pulumi.CustomResource {
+    /**
+     * Get an existing AccessGrant resource's state with the given name, ID, and optional extra
+     * properties used to qualify the lookup.
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param id The _unique_ provider ID of the resource to lookup.
+     * @param state Any extra arguments used during the lookup.
+     * @param opts Optional settings to control the behavior of the CustomResource.
+     */
+    static get(name, id, state, opts) {
+        return new AccessGrant(name, state, Object.assign(Object.assign({}, opts), { id: id }));
+    }
+    /**
+     * Returns true if the given object is an instance of AccessGrant.  This is designed to work even
+     * when multiple copies of the Pulumi SDK have been loaded into the same process.
+     */
+    static isInstance(obj) {
+        if (obj === undefined || obj === null) {
+            return false;
+        }
+        return obj['__pulumiType'] === AccessGrant.__pulumiType;
+    }
+    constructor(name, argsOrState, opts) {
+        let resourceInputs = {};
+        opts = opts || {};
+        if (opts.id) {
+            const state = argsOrState;
+            resourceInputs["accessGrantArn"] = state ? state.accessGrantArn : undefined;
+            resourceInputs["accessGrantId"] = state ? state.accessGrantId : undefined;
+            resourceInputs["accessGrantsLocationConfiguration"] = state ? state.accessGrantsLocationConfiguration : undefined;
+            resourceInputs["accessGrantsLocationId"] = state ? state.accessGrantsLocationId : undefined;
+            resourceInputs["accountId"] = state ? state.accountId : undefined;
+            resourceInputs["grantScope"] = state ? state.grantScope : undefined;
+            resourceInputs["grantee"] = state ? state.grantee : undefined;
+            resourceInputs["permission"] = state ? state.permission : undefined;
+            resourceInputs["s3PrefixType"] = state ? state.s3PrefixType : undefined;
+            resourceInputs["tags"] = state ? state.tags : undefined;
+            resourceInputs["tagsAll"] = state ? state.tagsAll : undefined;
+        }
+        else {
+            const args = argsOrState;
+            if ((!args || args.accessGrantsLocationId === undefined) && !opts.urn) {
+                throw new Error("Missing required property 'accessGrantsLocationId'");
+            }
+            if ((!args || args.permission === undefined) && !opts.urn) {
+                throw new Error("Missing required property 'permission'");
+            }
+            resourceInputs["accessGrantsLocationConfiguration"] = args ? args.accessGrantsLocationConfiguration : undefined;
+            resourceInputs["accessGrantsLocationId"] = args ? args.accessGrantsLocationId : undefined;
+            resourceInputs["accountId"] = args ? args.accountId : undefined;
+            resourceInputs["grantee"] = args ? args.grantee : undefined;
+            resourceInputs["permission"] = args ? args.permission : undefined;
+            resourceInputs["s3PrefixType"] = args ? args.s3PrefixType : undefined;
+            resourceInputs["tags"] = args ? args.tags : undefined;
+            resourceInputs["accessGrantArn"] = undefined /*out*/;
+            resourceInputs["accessGrantId"] = undefined /*out*/;
+            resourceInputs["grantScope"] = undefined /*out*/;
+            resourceInputs["tagsAll"] = undefined /*out*/;
+        }
+        opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
+        const secretOpts = { additionalSecretOutputs: ["tagsAll"] };
+        opts = pulumi.mergeOptions(opts, secretOpts);
+        super(AccessGrant.__pulumiType, name, resourceInputs, opts);
+    }
+}
+exports.AccessGrant = AccessGrant;
+/** @internal */
+AccessGrant.__pulumiType = 'aws:s3control/accessGrant:AccessGrant';
+//# sourceMappingURL=accessGrant.js.map

package/s3control/accessGrant.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"accessGrant.js","sourceRoot":"","sources":["../../s3control/accessGrant.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AAIzC,0CAA0C;AAE1C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAsCG;AACH,MAAa,WAAY,SAAQ,MAAM,CAAC,cAAc;IAClD;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAAwB,EAAE,IAAmC;QACtH,OAAO,IAAI,WAAW,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IAClE,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,WAAW,CAAC,YAAY,CAAC;IAC5D,CAAC;IAsDD,YAAY,IAAY,EAAE,WAAgD,EAAE,IAAmC;QAC3G,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAA2C,CAAC;YAC1D,cAAc,CAAC,gBAAgB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5E,cAAc,CAAC,eAAe,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1E,cAAc,CAAC,mCAAmC,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,iCAAiC,CAAC,CAAC,CAAC,SAAS,CAAC;YAClH,cAAc,CAAC,wBAAwB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5F,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,YAAY,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,YAAY,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,cAAc,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC;YACxE,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;SACjE;aAAM;YACH,MAAM,IAAI,GAAG,WAA0C,CAAC;YACxD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,sBAAsB,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACnE,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;aACzE;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,UAAU,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACvD,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;aAC7D;YACD,cAAc,CAAC,mCAAmC,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC,CAAC,SAAS,CAAC;YAChH,cAAc,CAAC,wBAAwB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1F,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,YAAY,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,cAAc,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,gBAAgB,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YACrD,cAAc,CAAC,eAAe,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YACpD,cAAc,CAAC,YAAY,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YACjD,cAAc,CAAC,SAAS,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;SACjD;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,MAAM,UAAU,GAAG,EAAE,uBAAuB,EAAE,CAAC,SAAS,CAAC,EAAE,CAAC;QAC5D,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;QAC7C,KAAK,CAAC,WAAW,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IAChE,CAAC;;AAxHL,kCAyHC;AA3GG,gBAAgB;AACO,wBAAY,GAAG,uCAAuC,CAAC"}

package/s3control/accessGrantsInstance.d.ts

@@ -0,0 +1,139 @@
+import * as pulumi from "@pulumi/pulumi";
+/**
+ * Provides a resource to manage an S3 Access Grants instance, which serves as a logical grouping for access grants.
+ * You can have one S3 Access Grants instance per Region in your account.
+ *
+ * ## Example Usage
+ * ### Basic Usage
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as aws from "@pulumi/aws";
+ *
+ * const example = new aws.s3control.AccessGrantsInstance("example", {});
+ * ```
+ * ### AWS IAM Identity Center
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as aws from "@pulumi/aws";
+ *
+ * const example = new aws.s3control.AccessGrantsInstance("example", {identityCenterArn: "arn:aws:sso:::instance/ssoins-890759e9c7bfdc1d"});
+ * ```
+ *
+ * ## Import
+ *
+ * Using `pulumi import`, import S3 Access Grants instances using the `account_id`. For example:
+ *
+ * ```sh
+ *  $ pulumi import aws:s3control/accessGrantsInstance:AccessGrantsInstance example 123456789012
+ * ```
+ */
+export declare class AccessGrantsInstance extends pulumi.CustomResource {
+    /**
+     * Get an existing AccessGrantsInstance resource's state with the given name, ID, and optional extra
+     * properties used to qualify the lookup.
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param id The _unique_ provider ID of the resource to lookup.
+     * @param state Any extra arguments used during the lookup.
+     * @param opts Optional settings to control the behavior of the CustomResource.
+     */
+    static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AccessGrantsInstanceState, opts?: pulumi.CustomResourceOptions): AccessGrantsInstance;
+    /**
+     * Returns true if the given object is an instance of AccessGrantsInstance.  This is designed to work even
+     * when multiple copies of the Pulumi SDK have been loaded into the same process.
+     */
+    static isInstance(obj: any): obj is AccessGrantsInstance;
+    /**
+     * Amazon Resource Name (ARN) of the S3 Access Grants instance.
+     */
+    readonly accessGrantsInstanceArn: pulumi.Output<string>;
+    /**
+     * Unique ID of the S3 Access Grants instance.
+     */
+    readonly accessGrantsInstanceId: pulumi.Output<string>;
+    readonly accountId: pulumi.Output<string>;
+    /**
+     * The ARN of the AWS IAM Identity Center instance application; a subresource of the original Identity Center instance.
+     */
+    readonly identityCenterApplicationArn: pulumi.Output<string>;
+    /**
+     * The ARN of the AWS IAM Identity Center instance associated with the S3 Access Grants instance.
+     */
+    readonly identityCenterArn: pulumi.Output<string | undefined>;
+    /**
+     * Key-value map of resource tags. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
+     */
+    readonly tags: pulumi.Output<{
+        [key: string]: string;
+    } | undefined>;
+    /**
+     * A map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block.
+     *
+     * @deprecated Please use `tags` instead.
+     */
+    readonly tagsAll: pulumi.Output<{
+        [key: string]: string;
+    }>;
+    /**
+     * Create a AccessGrantsInstance resource with the given unique name, arguments, and options.
+     *
+     * @param name The _unique_ name of the resource.
+     * @param args The arguments to use to populate this resource's properties.
+     * @param opts A bag of options that control this resource's behavior.
+     */
+    constructor(name: string, args?: AccessGrantsInstanceArgs, opts?: pulumi.CustomResourceOptions);
+}
+/**
+ * Input properties used for looking up and filtering AccessGrantsInstance resources.
+ */
+export interface AccessGrantsInstanceState {
+    /**
+     * Amazon Resource Name (ARN) of the S3 Access Grants instance.
+     */
+    accessGrantsInstanceArn?: pulumi.Input<string>;
+    /**
+     * Unique ID of the S3 Access Grants instance.
+     */
+    accessGrantsInstanceId?: pulumi.Input<string>;
+    accountId?: pulumi.Input<string>;
+    /**
+     * The ARN of the AWS IAM Identity Center instance application; a subresource of the original Identity Center instance.
+     */
+    identityCenterApplicationArn?: pulumi.Input<string>;
+    /**
+     * The ARN of the AWS IAM Identity Center instance associated with the S3 Access Grants instance.
+     */
+    identityCenterArn?: pulumi.Input<string>;
+    /**
+     * Key-value map of resource tags. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
+     */
+    tags?: pulumi.Input<{
+        [key: string]: pulumi.Input<string>;
+    }>;
+    /**
+     * A map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block.
+     *
+     * @deprecated Please use `tags` instead.
+     */
+    tagsAll?: pulumi.Input<{
+        [key: string]: pulumi.Input<string>;
+    }>;
+}
+/**
+ * The set of arguments for constructing a AccessGrantsInstance resource.
+ */
+export interface AccessGrantsInstanceArgs {
+    accountId?: pulumi.Input<string>;
+    /**
+     * The ARN of the AWS IAM Identity Center instance associated with the S3 Access Grants instance.
+     */
+    identityCenterArn?: pulumi.Input<string>;
+    /**
+     * Key-value map of resource tags. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
+     */
+    tags?: pulumi.Input<{
+        [key: string]: pulumi.Input<string>;
+    }>;
+}