@pulumi/aws 7.0.0-alpha.1 → 7.0.0-alpha.2

package/types/input.d.ts

@@ -64767,6 +64767,58 @@ export declare namespace s3 {
          */
         id: pulumi.Input<string>;
     }
+    interface BucketAclV2AccessControlPolicy {
+        /**
+         * Set of `grant` configuration blocks. See below.
+         */
+        grants?: pulumi.Input<pulumi.Input<inputs.s3.BucketAclV2AccessControlPolicyGrant>[]>;
+        /**
+         * Configuration block for the bucket owner's display name and ID. See below.
+         */
+        owner: pulumi.Input<inputs.s3.BucketAclV2AccessControlPolicyOwner>;
+    }
+    interface BucketAclV2AccessControlPolicyGrant {
+        /**
+         * Configuration block for the person being granted permissions. See below.
+         */
+        grantee?: pulumi.Input<inputs.s3.BucketAclV2AccessControlPolicyGrantGrantee>;
+        /**
+         * Logging permissions assigned to the grantee for the bucket. Valid values: `FULL_CONTROL`, `WRITE`, `WRITE_ACP`, `READ`, `READ_ACP`. See [What permissions can I grant?](https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#permissions) for more details about what each permission means in the context of buckets.
+         */
+        permission: pulumi.Input<string>;
+    }
+    interface BucketAclV2AccessControlPolicyGrantGrantee {
+        /**
+         * Display name of the owner.
+         */
+        displayName?: pulumi.Input<string>;
+        /**
+         * Email address of the grantee. See [Regions and Endpoints](https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) for supported AWS regions where this argument can be specified.
+         */
+        emailAddress?: pulumi.Input<string>;
+        /**
+         * Canonical user ID of the grantee.
+         */
+        id?: pulumi.Input<string>;
+        /**
+         * Type of grantee. Valid values: `CanonicalUser`, `AmazonCustomerByEmail`, `Group`.
+         */
+        type: pulumi.Input<string>;
+        /**
+         * URI of the grantee group.
+         */
+        uri?: pulumi.Input<string>;
+    }
+    interface BucketAclV2AccessControlPolicyOwner {
+        /**
+         * Display name of the owner.
+         */
+        displayName?: pulumi.Input<string>;
+        /**
+         * ID of the owner.
+         */
+        id: pulumi.Input<string>;
+    }
     interface BucketCorsConfigurationCorsRule {
         /**
          * Set of Headers that are specified in the `Access-Control-Request-Headers` header.
@@ -64793,6 +64845,32 @@ export declare namespace s3 {
          */
         maxAgeSeconds?: pulumi.Input<number>;
     }
+    interface BucketCorsConfigurationV2CorsRule {
+        /**
+         * Set of Headers that are specified in the `Access-Control-Request-Headers` header.
+         */
+        allowedHeaders?: pulumi.Input<pulumi.Input<string>[]>;
+        /**
+         * Set of HTTP methods that you allow the origin to execute. Valid values are `GET`, `PUT`, `HEAD`, `POST`, and `DELETE`.
+         */
+        allowedMethods: pulumi.Input<pulumi.Input<string>[]>;
+        /**
+         * Set of origins you want customers to be able to access the bucket from.
+         */
+        allowedOrigins: pulumi.Input<pulumi.Input<string>[]>;
+        /**
+         * Set of headers in the response that you want customers to be able to access from their applications (for example, from a JavaScript `XMLHttpRequest` object).
+         */
+        exposeHeaders?: pulumi.Input<pulumi.Input<string>[]>;
+        /**
+         * Unique identifier for the rule. The value cannot be longer than 255 characters.
+         */
+        id?: pulumi.Input<string>;
+        /**
+         * Time in seconds that your browser is to cache the preflight response for the specified resource.
+         */
+        maxAgeSeconds?: pulumi.Input<number>;
+    }
     interface BucketCorsRule {
         /**
          * List of headers allowed.
@@ -65024,6 +65102,175 @@ export declare namespace s3 {
          */
         update?: pulumi.Input<string>;
     }
+    interface BucketLifecycleConfigurationV2Rule {
+        /**
+         * Configuration block that specifies the days since the initiation of an incomplete multipart upload that Amazon S3 will wait before permanently removing all parts of the upload. See below.
+         */
+        abortIncompleteMultipartUpload?: pulumi.Input<inputs.s3.BucketLifecycleConfigurationV2RuleAbortIncompleteMultipartUpload>;
+        /**
+         * Configuration block that specifies the expiration for the lifecycle of the object in the form of date, days and, whether the object has a delete marker. See below.
+         */
+        expiration?: pulumi.Input<inputs.s3.BucketLifecycleConfigurationV2RuleExpiration>;
+        /**
+         * Configuration block used to identify objects that a Lifecycle Rule applies to.
+         * See below.
+         * If not specified, the `rule` will default to using `prefix`.
+         * One of `filter` or `prefix` should be specified.
+         */
+        filter?: pulumi.Input<inputs.s3.BucketLifecycleConfigurationV2RuleFilter>;
+        /**
+         * Unique identifier for the rule. The value cannot be longer than 255 characters.
+         */
+        id: pulumi.Input<string>;
+        /**
+         * Configuration block that specifies when noncurrent object versions expire. See below.
+         */
+        noncurrentVersionExpiration?: pulumi.Input<inputs.s3.BucketLifecycleConfigurationV2RuleNoncurrentVersionExpiration>;
+        /**
+         * Set of configuration blocks that specify the transition rule for the lifecycle rule that describes when noncurrent objects transition to a specific storage class. See below.
+         */
+        noncurrentVersionTransitions?: pulumi.Input<pulumi.Input<inputs.s3.BucketLifecycleConfigurationV2RuleNoncurrentVersionTransition>[]>;
+        /**
+         * **DEPRECATED** Use `filter` instead.
+         * This has been deprecated by Amazon S3.
+         * Prefix identifying one or more objects to which the rule applies.
+         * Defaults to an empty string (`""`) if `filter` is not specified.
+         * One of `prefix` or `filter` should be specified.
+         *
+         * @deprecated Specify a prefix using 'filter' instead
+         */
+        prefix?: pulumi.Input<string>;
+        /**
+         * Whether the rule is currently being applied. Valid values: `Enabled` or `Disabled`.
+         */
+        status: pulumi.Input<string>;
+        /**
+         * Set of configuration blocks that specify when an Amazon S3 object transitions to a specified storage class. See below.
+         */
+        transitions?: pulumi.Input<pulumi.Input<inputs.s3.BucketLifecycleConfigurationV2RuleTransition>[]>;
+    }
+    interface BucketLifecycleConfigurationV2RuleAbortIncompleteMultipartUpload {
+        /**
+         * Number of days after which Amazon S3 aborts an incomplete multipart upload.
+         */
+        daysAfterInitiation?: pulumi.Input<number>;
+    }
+    interface BucketLifecycleConfigurationV2RuleExpiration {
+        /**
+         * Date the object is to be moved or deleted. The date value must be in [RFC3339 full-date format](https://datatracker.ietf.org/doc/html/rfc3339#section-5.6) e.g. `2023-08-22`.
+         */
+        date?: pulumi.Input<string>;
+        /**
+         * Lifetime, in days, of the objects that are subject to the rule. The value must be a non-zero positive integer.
+         */
+        days?: pulumi.Input<number>;
+        /**
+         * Indicates whether Amazon S3 will remove a delete marker with no noncurrent versions. If set to `true`, the delete marker will be expired; if set to `false` the policy takes no action.
+         */
+        expiredObjectDeleteMarker?: pulumi.Input<boolean>;
+    }
+    interface BucketLifecycleConfigurationV2RuleFilter {
+        /**
+         * Configuration block used to apply a logical `AND` to two or more predicates. See below. The Lifecycle Rule will apply to any object matching all the predicates configured inside the `and` block.
+         */
+        and?: pulumi.Input<inputs.s3.BucketLifecycleConfigurationV2RuleFilterAnd>;
+        /**
+         * Minimum object size (in bytes) to which the rule applies.
+         */
+        objectSizeGreaterThan?: pulumi.Input<number>;
+        /**
+         * Maximum object size (in bytes) to which the rule applies.
+         */
+        objectSizeLessThan?: pulumi.Input<number>;
+        /**
+         * Prefix identifying one or more objects to which the rule applies. Defaults to an empty string (`""`) if not specified.
+         */
+        prefix?: pulumi.Input<string>;
+        /**
+         * Configuration block for specifying a tag key and value. See below.
+         */
+        tag?: pulumi.Input<inputs.s3.BucketLifecycleConfigurationV2RuleFilterTag>;
+    }
+    interface BucketLifecycleConfigurationV2RuleFilterAnd {
+        /**
+         * Minimum object size to which the rule applies. Value must be at least `0` if specified. Defaults to 128000 (128 KB) for all `storageClass` values unless `transitionDefaultMinimumObjectSize` specifies otherwise.
+         */
+        objectSizeGreaterThan?: pulumi.Input<number>;
+        /**
+         * Maximum object size to which the rule applies. Value must be at least `1` if specified.
+         */
+        objectSizeLessThan?: pulumi.Input<number>;
+        /**
+         * Prefix identifying one or more objects to which the rule applies.
+         */
+        prefix?: pulumi.Input<string>;
+        /**
+         * Key-value map of resource tags.
+         * All of these tags must exist in the object's tag set in order for the rule to apply.
+         * If set, must contain at least one key-value pair.
+         */
+        tags?: pulumi.Input<{
+            [key: string]: pulumi.Input<string>;
+        }>;
+    }
+    interface BucketLifecycleConfigurationV2RuleFilterTag {
+        /**
+         * Name of the object key.
+         */
+        key: pulumi.Input<string>;
+        /**
+         * Value of the tag.
+         */
+        value: pulumi.Input<string>;
+    }
+    interface BucketLifecycleConfigurationV2RuleNoncurrentVersionExpiration {
+        /**
+         * Number of noncurrent versions Amazon S3 will retain. Must be a non-zero positive integer.
+         */
+        newerNoncurrentVersions?: pulumi.Input<number>;
+        /**
+         * Number of days an object is noncurrent before Amazon S3 can perform the associated action. Must be a positive integer.
+         */
+        noncurrentDays: pulumi.Input<number>;
+    }
+    interface BucketLifecycleConfigurationV2RuleNoncurrentVersionTransition {
+        /**
+         * Number of noncurrent versions Amazon S3 will retain. Must be a non-zero positive integer.
+         */
+        newerNoncurrentVersions?: pulumi.Input<number>;
+        /**
+         * Number of days an object is noncurrent before Amazon S3 can perform the associated action.
+         */
+        noncurrentDays: pulumi.Input<number>;
+        /**
+         * Class of storage used to store the object. Valid Values: `GLACIER`, `STANDARD_IA`, `ONEZONE_IA`, `INTELLIGENT_TIERING`, `DEEP_ARCHIVE`, `GLACIER_IR`.
+         */
+        storageClass: pulumi.Input<string>;
+    }
+    interface BucketLifecycleConfigurationV2RuleTransition {
+        /**
+         * Date objects are transitioned to the specified storage class. The date value must be in [RFC3339 full-date format](https://datatracker.ietf.org/doc/html/rfc3339#section-5.6) e.g. `2023-08-22`.
+         */
+        date?: pulumi.Input<string>;
+        /**
+         * Number of days after creation when objects are transitioned to the specified storage class. The value must be a positive integer. If both `days` and `date` are not specified, defaults to `0`. Valid values depend on `storageClass`, see [Transition objects using Amazon S3 Lifecycle](https://docs.aws.amazon.com/AmazonS3/latest/userguide/lifecycle-transition-general-considerations.html) for more details.
+         */
+        days?: pulumi.Input<number>;
+        /**
+         * Class of storage used to store the object. Valid Values: `GLACIER`, `STANDARD_IA`, `ONEZONE_IA`, `INTELLIGENT_TIERING`, `DEEP_ARCHIVE`, `GLACIER_IR`.
+         */
+        storageClass: pulumi.Input<string>;
+    }
+    interface BucketLifecycleConfigurationV2Timeouts {
+        /**
+         * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
+         */
+        create?: pulumi.Input<string>;
+        /**
+         * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
+         */
+        update?: pulumi.Input<string>;
+    }
     interface BucketLifecycleRule {
         /**
          * Specifies the number of days after initiating a multipart upload when the multipart upload must be completed.
@@ -65165,41 +65412,88 @@ export declare namespace s3 {
     }
     interface BucketLoggingTargetObjectKeyFormatSimplePrefix {
     }
-    interface BucketMetricFilter {
-        /**
-         * S3 Access Point ARN for filtering (singular).
-         */
-        accessPoint?: pulumi.Input<string>;
+    interface BucketLoggingV2TargetGrant {
         /**
-         * Object prefix for filtering (singular).
+         * Configuration block for the person being granted permissions. See below.
          */
-        prefix?: pulumi.Input<string>;
+        grantee: pulumi.Input<inputs.s3.BucketLoggingV2TargetGrantGrantee>;
         /**
-         * Object tags for filtering (up to 10).
+         * Logging permissions assigned to the grantee for the bucket. Valid values: `FULL_CONTROL`, `READ`, `WRITE`.
          */
-        tags?: pulumi.Input<{
-            [key: string]: pulumi.Input<string>;
-        }>;
+        permission: pulumi.Input<string>;
     }
-    interface BucketNotificationLambdaFunction {
+    interface BucketLoggingV2TargetGrantGrantee {
+        displayName?: pulumi.Input<string>;
         /**
-         * [Event](http://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html#notification-how-to-event-types-and-destinations) for which to send notifications.
+         * Email address of the grantee. See [Regions and Endpoints](https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) for supported AWS regions where this argument can be specified.
          */
-        events: pulumi.Input<pulumi.Input<string>[]>;
+        emailAddress?: pulumi.Input<string>;
         /**
-         * Object key name prefix.
+         * Canonical user ID of the grantee.
          */
-        filterPrefix?: pulumi.Input<string>;
+        id?: pulumi.Input<string>;
         /**
-         * Object key name suffix.
+         * Type of grantee. Valid values: `CanonicalUser`, `AmazonCustomerByEmail`, `Group`.
          */
-        filterSuffix?: pulumi.Input<string>;
+        type: pulumi.Input<string>;
         /**
-         * Unique identifier for each of the notification configurations.
+         * URI of the grantee group.
          */
-        id?: pulumi.Input<string>;
+        uri?: pulumi.Input<string>;
+    }
+    interface BucketLoggingV2TargetObjectKeyFormat {
         /**
-         * Lambda function ARN.
+         * Partitioned S3 key for log objects. See below.
+         */
+        partitionedPrefix?: pulumi.Input<inputs.s3.BucketLoggingV2TargetObjectKeyFormatPartitionedPrefix>;
+        /**
+         * Use the simple format for S3 keys for log objects. To use, set `simplePrefix {}`.
+         */
+        simplePrefix?: pulumi.Input<inputs.s3.BucketLoggingV2TargetObjectKeyFormatSimplePrefix>;
+    }
+    interface BucketLoggingV2TargetObjectKeyFormatPartitionedPrefix {
+        /**
+         * Specifies the partition date source for the partitioned prefix. Valid values: `EventTime`, `DeliveryTime`.
+         */
+        partitionDateSource: pulumi.Input<string>;
+    }
+    interface BucketLoggingV2TargetObjectKeyFormatSimplePrefix {
+    }
+    interface BucketMetricFilter {
+        /**
+         * S3 Access Point ARN for filtering (singular).
+         */
+        accessPoint?: pulumi.Input<string>;
+        /**
+         * Object prefix for filtering (singular).
+         */
+        prefix?: pulumi.Input<string>;
+        /**
+         * Object tags for filtering (up to 10).
+         */
+        tags?: pulumi.Input<{
+            [key: string]: pulumi.Input<string>;
+        }>;
+    }
+    interface BucketNotificationLambdaFunction {
+        /**
+         * [Event](http://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html#notification-how-to-event-types-and-destinations) for which to send notifications.
+         */
+        events: pulumi.Input<pulumi.Input<string>[]>;
+        /**
+         * Object key name prefix.
+         */
+        filterPrefix?: pulumi.Input<string>;
+        /**
+         * Object key name suffix.
+         */
+        filterSuffix?: pulumi.Input<string>;
+        /**
+         * Unique identifier for each of the notification configurations.
+         */
+        id?: pulumi.Input<string>;
+        /**
+         * Lambda function ARN.
          */
         lambdaFunctionArn?: pulumi.Input<string>;
     }
@@ -65281,6 +65575,26 @@ export declare namespace s3 {
          */
         years?: pulumi.Input<number>;
     }
+    interface BucketObjectLockConfigurationV2Rule {
+        /**
+         * Configuration block for specifying the default Object Lock retention settings for new objects placed in the specified bucket. See below.
+         */
+        defaultRetention: pulumi.Input<inputs.s3.BucketObjectLockConfigurationV2RuleDefaultRetention>;
+    }
+    interface BucketObjectLockConfigurationV2RuleDefaultRetention {
+        /**
+         * Number of days that you want to specify for the default retention period.
+         */
+        days?: pulumi.Input<number>;
+        /**
+         * Default Object Lock retention mode you want to apply to new objects placed in the specified bucket. Valid values: `COMPLIANCE`, `GOVERNANCE`.
+         */
+        mode?: pulumi.Input<string>;
+        /**
+         * Number of years that you want to specify for the default retention period.
+         */
+        years?: pulumi.Input<number>;
+    }
     interface BucketObjectv2OverrideProvider {
         /**
          * Override the provider `defaultTags` configuration block.
@@ -65641,6 +65955,376 @@ export declare namespace s3 {
          */
         sseAlgorithm: pulumi.Input<string>;
     }
+    interface BucketServerSideEncryptionConfigurationV2Rule {
+        /**
+         * Single object for setting server-side encryption by default. See below.
+         */
+        applyServerSideEncryptionByDefault?: pulumi.Input<inputs.s3.BucketServerSideEncryptionConfigurationV2RuleApplyServerSideEncryptionByDefault>;
+        /**
+         * Whether or not to use [Amazon S3 Bucket Keys](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html) for SSE-KMS.
+         */
+        bucketKeyEnabled?: pulumi.Input<boolean>;
+    }
+    interface BucketServerSideEncryptionConfigurationV2RuleApplyServerSideEncryptionByDefault {
+        /**
+         * AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of `sseAlgorithm` as `aws:kms`. The default `aws/s3` AWS KMS master key is used if this element is absent while the `sseAlgorithm` is `aws:kms`.
+         */
+        kmsMasterKeyId?: pulumi.Input<string>;
+        /**
+         * Server-side encryption algorithm to use. Valid values are `AES256`, `aws:kms`, and `aws:kms:dsse`
+         */
+        sseAlgorithm: pulumi.Input<string>;
+    }
+    interface BucketV2CorsRule {
+        /**
+         * List of headers allowed.
+         */
+        allowedHeaders?: pulumi.Input<pulumi.Input<string>[]>;
+        /**
+         * One or more HTTP methods that you allow the origin to execute. Can be `GET`, `PUT`, `POST`, `DELETE` or `HEAD`.
+         */
+        allowedMethods: pulumi.Input<pulumi.Input<string>[]>;
+        /**
+         * One or more origins you want customers to be able to access the bucket from.
+         */
+        allowedOrigins: pulumi.Input<pulumi.Input<string>[]>;
+        /**
+         * One or more headers in the response that you want customers to be able to access from their applications (for example, from a JavaScript `XMLHttpRequest` object).
+         */
+        exposeHeaders?: pulumi.Input<pulumi.Input<string>[]>;
+        /**
+         * Specifies time in seconds that browser can cache the response for a preflight request.
+         */
+        maxAgeSeconds?: pulumi.Input<number>;
+    }
+    interface BucketV2Grant {
+        /**
+         * Canonical user id to grant for. Used only when `type` is `CanonicalUser`.
+         */
+        id?: pulumi.Input<string>;
+        /**
+         * List of permissions to apply for grantee. Valid values are `READ`, `WRITE`, `READ_ACP`, `WRITE_ACP`, `FULL_CONTROL`.
+         */
+        permissions: pulumi.Input<pulumi.Input<string>[]>;
+        /**
+         * Type of grantee to apply for. Valid values are `CanonicalUser` and `Group`. `AmazonCustomerByEmail` is not supported.
+         */
+        type: pulumi.Input<string>;
+        /**
+         * Uri address to grant for. Used only when `type` is `Group`.
+         */
+        uri?: pulumi.Input<string>;
+    }
+    interface BucketV2LifecycleRule {
+        /**
+         * Specifies the number of days after initiating a multipart upload when the multipart upload must be completed.
+         */
+        abortIncompleteMultipartUploadDays?: pulumi.Input<number>;
+        /**
+         * Specifies lifecycle rule status.
+         */
+        enabled: pulumi.Input<boolean>;
+        /**
+         * Specifies a period in the object's expire. See Expiration below for details.
+         */
+        expirations?: pulumi.Input<pulumi.Input<inputs.s3.BucketV2LifecycleRuleExpiration>[]>;
+        /**
+         * Unique identifier for the rule. Must be less than or equal to 255 characters in length.
+         */
+        id?: pulumi.Input<string>;
+        /**
+         * Specifies when noncurrent object versions expire. See Noncurrent Version Expiration below for details.
+         */
+        noncurrentVersionExpirations?: pulumi.Input<pulumi.Input<inputs.s3.BucketV2LifecycleRuleNoncurrentVersionExpiration>[]>;
+        /**
+         * Specifies when noncurrent object versions transitions. See Noncurrent Version Transition below for details.
+         */
+        noncurrentVersionTransitions?: pulumi.Input<pulumi.Input<inputs.s3.BucketV2LifecycleRuleNoncurrentVersionTransition>[]>;
+        /**
+         * Object key prefix identifying one or more objects to which the rule applies.
+         */
+        prefix?: pulumi.Input<string>;
+        /**
+         * Specifies object tags key and value.
+         */
+        tags?: pulumi.Input<{
+            [key: string]: pulumi.Input<string>;
+        }>;
+        /**
+         * Specifies a period in the object's transitions. See Transition below for details.
+         */
+        transitions?: pulumi.Input<pulumi.Input<inputs.s3.BucketV2LifecycleRuleTransition>[]>;
+    }
+    interface BucketV2LifecycleRuleExpiration {
+        /**
+         * Specifies the date after which you want the corresponding action to take effect.
+         */
+        date?: pulumi.Input<string>;
+        /**
+         * Specifies the number of days after object creation when the specific rule action takes effect.
+         */
+        days?: pulumi.Input<number>;
+        /**
+         * On a versioned bucket (versioning-enabled or versioning-suspended bucket), you can add this element in the lifecycle configuration to direct Amazon S3 to delete expired object delete markers. This cannot be specified with Days or Date in a Lifecycle Expiration Policy.
+         */
+        expiredObjectDeleteMarker?: pulumi.Input<boolean>;
+    }
+    interface BucketV2LifecycleRuleNoncurrentVersionExpiration {
+        /**
+         * Specifies the number of days noncurrent object versions expire.
+         */
+        days?: pulumi.Input<number>;
+    }
+    interface BucketV2LifecycleRuleNoncurrentVersionTransition {
+        /**
+         * Specifies the number of days noncurrent object versions transition.
+         */
+        days?: pulumi.Input<number>;
+        /**
+         * Specifies the Amazon S3 [storage class](https://docs.aws.amazon.com/AmazonS3/latest/API/API_Transition.html#AmazonS3-Type-Transition-StorageClass) to which you want the object to transition.
+         */
+        storageClass: pulumi.Input<string>;
+    }
+    interface BucketV2LifecycleRuleTransition {
+        /**
+         * Specifies the date after which you want the corresponding action to take effect.
+         */
+        date?: pulumi.Input<string>;
+        /**
+         * Specifies the number of days after object creation when the specific rule action takes effect.
+         */
+        days?: pulumi.Input<number>;
+        /**
+         * Specifies the Amazon S3 [storage class](https://docs.aws.amazon.com/AmazonS3/latest/API/API_Transition.html#AmazonS3-Type-Transition-StorageClass) to which you want the object to transition.
+         */
+        storageClass: pulumi.Input<string>;
+    }
+    interface BucketV2Logging {
+        /**
+         * Name of the bucket that will receive the log objects.
+         */
+        targetBucket: pulumi.Input<string>;
+        /**
+         * To specify a key prefix for log objects.
+         */
+        targetPrefix?: pulumi.Input<string>;
+    }
+    interface BucketV2ObjectLockConfiguration {
+        /**
+         * Indicates whether this bucket has an Object Lock configuration enabled. Valid values are `true` or `false`. This argument is not supported in all regions or partitions.
+         *
+         * @deprecated object_lock_enabled is deprecated. Use the top-level parameter objectLockEnabled instead.
+         */
+        objectLockEnabled?: pulumi.Input<string>;
+        /**
+         * Object Lock rule in place for this bucket (documented below).
+         *
+         * @deprecated rule is deprecated. Use the aws.s3.BucketObjectLockConfiguration resource instead.
+         */
+        rules?: pulumi.Input<pulumi.Input<inputs.s3.BucketV2ObjectLockConfigurationRule>[]>;
+    }
+    interface BucketV2ObjectLockConfigurationRule {
+        /**
+         * Default retention period that you want to apply to new objects placed in this bucket (documented below).
+         */
+        defaultRetentions: pulumi.Input<pulumi.Input<inputs.s3.BucketV2ObjectLockConfigurationRuleDefaultRetention>[]>;
+    }
+    interface BucketV2ObjectLockConfigurationRuleDefaultRetention {
+        /**
+         * Number of days that you want to specify for the default retention period.
+         */
+        days?: pulumi.Input<number>;
+        /**
+         * Default Object Lock retention mode you want to apply to new objects placed in this bucket. Valid values are `GOVERNANCE` and `COMPLIANCE`.
+         */
+        mode: pulumi.Input<string>;
+        /**
+         * Number of years that you want to specify for the default retention period.
+         */
+        years?: pulumi.Input<number>;
+    }
+    interface BucketV2ReplicationConfiguration {
+        /**
+         * ARN of the IAM role for Amazon S3 to assume when replicating the objects.
+         */
+        role: pulumi.Input<string>;
+        /**
+         * Specifies the rules managing the replication (documented below).
+         */
+        rules: pulumi.Input<pulumi.Input<inputs.s3.BucketV2ReplicationConfigurationRule>[]>;
+    }
+    interface BucketV2ReplicationConfigurationRule {
+        /**
+         * Whether delete markers are replicated. The only valid value is `Enabled`. To disable, omit this argument. This argument is only valid with V2 replication configurations (i.e., when `filter` is used).
+         */
+        deleteMarkerReplicationStatus?: pulumi.Input<string>;
+        /**
+         * Specifies the destination for the rule (documented below).
+         */
+        destinations: pulumi.Input<pulumi.Input<inputs.s3.BucketV2ReplicationConfigurationRuleDestination>[]>;
+        /**
+         * Filter that identifies subset of objects to which the replication rule applies (documented below).
+         */
+        filters?: pulumi.Input<pulumi.Input<inputs.s3.BucketV2ReplicationConfigurationRuleFilter>[]>;
+        /**
+         * Unique identifier for the rule. Must be less than or equal to 255 characters in length.
+         */
+        id?: pulumi.Input<string>;
+        /**
+         * Object keyname prefix identifying one or more objects to which the rule applies. Must be less than or equal to 1024 characters in length.
+         */
+        prefix?: pulumi.Input<string>;
+        /**
+         * Priority associated with the rule. Priority should only be set if `filter` is configured. If not provided, defaults to `0`. Priority must be unique between multiple rules.
+         */
+        priority?: pulumi.Input<number>;
+        /**
+         * Specifies special object selection criteria (documented below).
+         */
+        sourceSelectionCriterias?: pulumi.Input<pulumi.Input<inputs.s3.BucketV2ReplicationConfigurationRuleSourceSelectionCriteria>[]>;
+        /**
+         * Status of the rule. Either `Enabled` or `Disabled`. The rule is ignored if status is not Enabled.
+         */
+        status: pulumi.Input<string>;
+    }
+    interface BucketV2ReplicationConfigurationRuleDestination {
+        /**
+         * Specifies the overrides to use for object owners on replication (documented below). Must be used in conjunction with `accountId` owner override configuration.
+         */
+        accessControlTranslations?: pulumi.Input<pulumi.Input<inputs.s3.BucketV2ReplicationConfigurationRuleDestinationAccessControlTranslation>[]>;
+        /**
+         * Account ID to use for overriding the object owner on replication. Must be used in conjunction with `accessControlTranslation` override configuration.
+         */
+        accountId?: pulumi.Input<string>;
+        /**
+         * ARN of the S3 bucket where you want Amazon S3 to store replicas of the object identified by the rule.
+         */
+        bucket: pulumi.Input<string>;
+        /**
+         * Enables replication metrics (required for S3 RTC) (documented below).
+         */
+        metrics?: pulumi.Input<pulumi.Input<inputs.s3.BucketV2ReplicationConfigurationRuleDestinationMetric>[]>;
+        /**
+         * Destination KMS encryption key ARN for SSE-KMS replication. Must be used in conjunction with
+         * `sseKmsEncryptedObjects` source selection criteria.
+         */
+        replicaKmsKeyId?: pulumi.Input<string>;
+        /**
+         * Enables S3 Replication Time Control (S3 RTC) (documented below).
+         */
+        replicationTimes?: pulumi.Input<pulumi.Input<inputs.s3.BucketV2ReplicationConfigurationRuleDestinationReplicationTime>[]>;
+        /**
+         * The [storage class](https://docs.aws.amazon.com/AmazonS3/latest/API/API_Destination.html#AmazonS3-Type-Destination-StorageClass) used to store the object. By default, Amazon S3 uses the storage class of the source object to create the object replica.
+         */
+        storageClass?: pulumi.Input<string>;
+    }
+    interface BucketV2ReplicationConfigurationRuleDestinationAccessControlTranslation {
+        /**
+         * Specifies the replica ownership. For default and valid values, see [PUT bucket replication](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketReplication.html) in the Amazon S3 API Reference. The only valid value is `Destination`.
+         */
+        owner: pulumi.Input<string>;
+    }
+    interface BucketV2ReplicationConfigurationRuleDestinationMetric {
+        /**
+         * Threshold within which objects are to be replicated. The only valid value is `15`.
+         */
+        minutes?: pulumi.Input<number>;
+        /**
+         * Status of replication metrics. Either `Enabled` or `Disabled`.
+         */
+        status?: pulumi.Input<string>;
+    }
+    interface BucketV2ReplicationConfigurationRuleDestinationReplicationTime {
+        /**
+         * Threshold within which objects are to be replicated. The only valid value is `15`.
+         */
+        minutes?: pulumi.Input<number>;
+        /**
+         * Status of RTC. Either `Enabled` or `Disabled`.
+         */
+        status?: pulumi.Input<string>;
+    }
+    interface BucketV2ReplicationConfigurationRuleFilter {
+        /**
+         * Object keyname prefix that identifies subset of objects to which the rule applies. Must be less than or equal to 1024 characters in length.
+         */
+        prefix?: pulumi.Input<string>;
+        /**
+         * A map of tags that identifies subset of objects to which the rule applies.
+         * The rule applies only to objects having all the tags in its tagset.
+         */
+        tags?: pulumi.Input<{
+            [key: string]: pulumi.Input<string>;
+        }>;
+    }
+    interface BucketV2ReplicationConfigurationRuleSourceSelectionCriteria {
+        /**
+         * Match SSE-KMS encrypted objects (documented below). If specified, `replicaKmsKeyId`
+         * in `destination` must be specified as well.
+         */
+        sseKmsEncryptedObjects?: pulumi.Input<pulumi.Input<inputs.s3.BucketV2ReplicationConfigurationRuleSourceSelectionCriteriaSseKmsEncryptedObject>[]>;
+    }
+    interface BucketV2ReplicationConfigurationRuleSourceSelectionCriteriaSseKmsEncryptedObject {
+        /**
+         * Boolean which indicates if this criteria is enabled.
+         */
+        enabled: pulumi.Input<boolean>;
+    }
+    interface BucketV2ServerSideEncryptionConfiguration {
+        /**
+         * Single object for server-side encryption by default configuration. (documented below)
+         */
+        rules: pulumi.Input<pulumi.Input<inputs.s3.BucketV2ServerSideEncryptionConfigurationRule>[]>;
+    }
+    interface BucketV2ServerSideEncryptionConfigurationRule {
+        /**
+         * Single object for setting server-side encryption by default. (documented below)
+         */
+        applyServerSideEncryptionByDefaults: pulumi.Input<pulumi.Input<inputs.s3.BucketV2ServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefault>[]>;
+        /**
+         * Whether or not to use [Amazon S3 Bucket Keys](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html) for SSE-KMS.
+         */
+        bucketKeyEnabled?: pulumi.Input<boolean>;
+    }
+    interface BucketV2ServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefault {
+        /**
+         * AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of `sseAlgorithm` as `aws:kms`. The default `aws/s3` AWS KMS master key is used if this element is absent while the `sseAlgorithm` is `aws:kms`.
+         */
+        kmsMasterKeyId?: pulumi.Input<string>;
+        /**
+         * Server-side encryption algorithm to use. Valid values are `AES256` and `aws:kms`
+         */
+        sseAlgorithm: pulumi.Input<string>;
+    }
+    interface BucketV2Versioning {
+        /**
+         * Enable versioning. Once you version-enable a bucket, it can never return to an unversioned state. You can, however, suspend versioning on that bucket.
+         */
+        enabled?: pulumi.Input<boolean>;
+        /**
+         * Enable MFA delete for either `Change the versioning state of your bucket` or `Permanently delete an object version`. Default is `false`. This cannot be used to toggle this setting but is available to allow managed buckets to reflect the state in AWS
+         */
+        mfaDelete?: pulumi.Input<boolean>;
+    }
+    interface BucketV2Website {
+        /**
+         * Absolute path to the document to return in case of a 4XX error.
+         */
+        errorDocument?: pulumi.Input<string>;
+        /**
+         * Amazon S3 returns this index document when requests are made to the root domain or any of the subfolders.
+         */
+        indexDocument?: pulumi.Input<string>;
+        /**
+         * Hostname to redirect all website requests for this bucket to. Hostname can optionally be prefixed with a protocol (`http://` or `https://`) to use when redirecting requests. The default is the protocol that is used in the original request.
+         */
+        redirectAllRequestsTo?: pulumi.Input<string>;
+        /**
+         * JSON array containing [routing rules](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-websiteconfiguration-routingrules.html)
+         * describing redirect behavior and when redirects are applied.
+         */
+        routingRules?: pulumi.Input<string>;
+    }
     interface BucketVersioning {
         /**
          * Enable versioning. Once you version-enable a bucket, it can never return to an unversioned state. You can, however, suspend versioning on that bucket.
@@ -65651,6 +66335,16 @@ export declare namespace s3 {
          */
         mfaDelete?: pulumi.Input<boolean>;
     }
+    interface BucketVersioningV2VersioningConfiguration {
+        /**
+         * Specifies whether MFA delete is enabled in the bucket versioning configuration. Valid values: `Enabled` or `Disabled`.
+         */
+        mfaDelete?: pulumi.Input<string>;
+        /**
+         * Versioning state of the bucket. Valid values: `Enabled`, `Suspended`, or `Disabled`. `Disabled` should only be used when creating or importing resources that correspond to unversioned S3 buckets.
+         */
+        status: pulumi.Input<string>;
+    }
     interface BucketVersioningVersioningConfiguration {
         /**
          * Specifies whether MFA delete is enabled in the bucket versioning configuration. Valid values: `Enabled` or `Disabled`.
@@ -65746,6 +66440,72 @@ export declare namespace s3 {
          */
         replaceKeyWith?: pulumi.Input<string>;
     }
+    interface BucketWebsiteConfigurationV2ErrorDocument {
+        /**
+         * Object key name to use when a 4XX class error occurs.
+         */
+        key: pulumi.Input<string>;
+    }
+    interface BucketWebsiteConfigurationV2IndexDocument {
+        /**
+         * Suffix that is appended to a request that is for a directory on the website endpoint.
+         * For example, if the suffix is `index.html` and you make a request to `samplebucket/images/`, the data that is returned will be for the object with the key name `images/index.html`.
+         * The suffix must not be empty and must not include a slash character.
+         */
+        suffix: pulumi.Input<string>;
+    }
+    interface BucketWebsiteConfigurationV2RedirectAllRequestsTo {
+        /**
+         * Name of the host where requests are redirected.
+         */
+        hostName: pulumi.Input<string>;
+        /**
+         * Protocol to use when redirecting requests. The default is the protocol that is used in the original request. Valid values: `http`, `https`.
+         */
+        protocol?: pulumi.Input<string>;
+    }
+    interface BucketWebsiteConfigurationV2RoutingRule {
+        /**
+         * Configuration block for describing a condition that must be met for the specified redirect to apply. See below.
+         */
+        condition?: pulumi.Input<inputs.s3.BucketWebsiteConfigurationV2RoutingRuleCondition>;
+        /**
+         * Configuration block for redirect information. See below.
+         */
+        redirect: pulumi.Input<inputs.s3.BucketWebsiteConfigurationV2RoutingRuleRedirect>;
+    }
+    interface BucketWebsiteConfigurationV2RoutingRuleCondition {
+        /**
+         * HTTP error code when the redirect is applied. If specified with `keyPrefixEquals`, then both must be true for the redirect to be applied.
+         */
+        httpErrorCodeReturnedEquals?: pulumi.Input<string>;
+        /**
+         * Object key name prefix when the redirect is applied. If specified with `httpErrorCodeReturnedEquals`, then both must be true for the redirect to be applied.
+         */
+        keyPrefixEquals?: pulumi.Input<string>;
+    }
+    interface BucketWebsiteConfigurationV2RoutingRuleRedirect {
+        /**
+         * Host name to use in the redirect request.
+         */
+        hostName?: pulumi.Input<string>;
+        /**
+         * HTTP redirect code to use on the response.
+         */
+        httpRedirectCode?: pulumi.Input<string>;
+        /**
+         * Protocol to use when redirecting requests. The default is the protocol that is used in the original request. Valid values: `http`, `https`.
+         */
+        protocol?: pulumi.Input<string>;
+        /**
+         * Object key prefix to use in the redirect request. For example, to redirect requests for all pages with prefix `docs/` (objects in the `docs/` folder) to `documents/`, you can set a `condition` block with `keyPrefixEquals` set to `docs/` and in the `redirect` set `replaceKeyPrefixWith` to `/documents`.
+         */
+        replaceKeyPrefixWith?: pulumi.Input<string>;
+        /**
+         * Specific object key to use in the redirect request. For example, redirect request to `error.html`.
+         */
+        replaceKeyWith?: pulumi.Input<string>;
+    }
     interface DirectoryBucketLocation {
         /**
          * [Availability Zone ID](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#az-ids) or Local Zone ID.