Try SpotterCreate and manage S3 buckets
| "added in version" 0.1.0 of amazon.cloud"
Authors: Ansible Cloud Team (@ansible-collections)
Install with ansible-galaxy collection install amazon.cloud:==0.4.0
collections:
- name: amazon.cloud
version: 0.4.0Create and manage S3 buckets.
- name: Create S3 bucket
amazon.cloud.s3_bucket:
bucket_name: '{{ bucket_name }}'
state: present
register: output
- name: Describe S3 bucket
amazon.cloud.s3_bucket:
state: describe
bucket_name: '{{ output.result.identifier }}'
register: _result
- name: List S3 buckets
amazon.cloud.s3_bucket:
state: list
register: _result
- name: Update S3 bucket public access block configuration and tags (diff=true)
amazon.cloud.s3_bucket:
bucket_name: '{{ output.result.identifier }}'
state: present
public_access_block_configuration:
block_public_acls: false
block_public_policy: false
ignore_public_acls: false
restrict_public_buckets: false
tags:
mykey: myval
diff: true
register: _result
tags:
aliases:
- resource_tags
description:
- A dict of tags to apply to the resource.
- To remove all tags set I(tags={}) and I(purge_tags=true).
type: dict
wait:
default: false
description:
- Wait for operation to complete before returning.
type: bool
force:
default: false
description:
- Cancel IN_PROGRESS and PENDING resource requestes.
- Because you can only perform a single operation on a given resource at a time, there
might be cases where you need to cancel the current resource operation to make the
resource available so that another operation may be performed on it.
type: bool
state:
choices:
- present
- absent
- list
- describe
- get
default: present
description:
- Goal state for resource.
- I(state=present) creates the resource if it doesn't exist, or updates to the provided
state if the resource already exists.
- I(state=absent) ensures an existing instance is deleted.
- I(state=list) get all the existing resources.
- I(state=describe) or I(state=get) retrieves information on an existing resource.
type: str
region:
aliases:
- aws_region
- ec2_region
description:
- The AWS region to use.
- For global services such as IAM, Route53 and CloudFront, I(region) is ignored.
- The C(AWS_REGION) or C(EC2_REGION) environment variables may also be used.
- See the Amazon AWS documentation for more information U(http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region).
- The C(ec2_region) alias has been deprecated and will be removed in a release after
2024-12-01
- Support for the C(EC2_REGION) environment variable has been deprecated and will
be removed in a release after 2024-12-01.
type: str
profile:
aliases:
- aws_profile
description:
- A named AWS profile to use for authentication.
- See the AWS documentation for more information about named profiles U(https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html).
- The C(AWS_PROFILE) environment variable may also be used.
- The I(profile) option is mutually exclusive with the I(aws_access_key), I(aws_secret_key)
and I(security_token) options.
type: str
access_key:
aliases:
- aws_access_key_id
- aws_access_key
- ec2_access_key
description:
- AWS access key ID.
- See the AWS documentation for more information about access tokens U(https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys).
- The C(AWS_ACCESS_KEY_ID), C(AWS_ACCESS_KEY) or C(EC2_ACCESS_KEY) environment variables
may also be used in decreasing order of preference.
- The I(aws_access_key) and I(profile) options are mutually exclusive.
- The I(aws_access_key_id) alias was added in release 5.1.0 for consistency with the
AWS botocore SDK.
- The I(ec2_access_key) alias has been deprecated and will be removed in a release
after 2024-12-01.
- Support for the C(EC2_ACCESS_KEY) environment variable has been deprecated and will
be removed in a release after 2024-12-01.
type: str
aws_config:
description:
- A dictionary to modify the botocore configuration.
- Parameters can be found in the AWS documentation U(https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config).
type: dict
purge_tags:
default: true
description:
- Remove tags not listed in I(tags).
type: bool
secret_key:
aliases:
- aws_secret_access_key
- aws_secret_key
- ec2_secret_key
description:
- AWS secret access key.
- See the AWS documentation for more information about access tokens U(https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys).
- The C(AWS_SECRET_ACCESS_KEY), C(AWS_SECRET_KEY), or C(EC2_SECRET_KEY) environment
variables may also be used in decreasing order of preference.
- The I(secret_key) and I(profile) options are mutually exclusive.
- The I(aws_secret_access_key) alias was added in release 5.1.0 for consistency with
the AWS botocore SDK.
- The I(ec2_secret_key) alias has been deprecated and will be removed in a release
after 2024-12-01.
- Support for the C(EC2_SECRET_KEY) environment variable has been deprecated and will
be removed in a release after 2024-12-01.
type: str
bucket_name:
description:
- A name for the bucket.
- If you dont specify a name, AWS CloudFormation generates a unique physical ID and
uses that ID for the bucket name.
type: str
endpoint_url:
aliases:
- ec2_url
- aws_endpoint_url
- s3_url
description:
- URL to connect to instead of the default AWS endpoints. While this can be used
to connection to other AWS-compatible services the amazon.aws and community.aws
collections are only tested against AWS.
- The C(AWS_URL) or C(EC2_URL) environment variables may also be used, in decreasing
order of preference.
- The I(ec2_url) and I(s3_url) aliases have been deprecated and will be removed in
a release after 2024-12-01.
- Support for the C(EC2_URL) environment variable has been deprecated and will be
removed in a release after 2024-12-01.
type: str
wait_timeout:
default: 320
description:
- How many seconds to wait for an operation to complete before timing out.
type: int
aws_ca_bundle:
description:
- The location of a CA Bundle to use when validating SSL certificates.
- The C(AWS_CA_BUNDLE) environment variable may also be used.
type: path
session_token:
aliases:
- aws_session_token
- security_token
- aws_security_token
- access_token
description:
- AWS STS session token for use with temporary credentials.
- See the AWS documentation for more information about access tokens U(https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys).
- The C(AWS_SESSION_TOKEN), C(AWS_SECURITY_TOKEN) or C(EC2_SECURITY_TOKEN) environment
variables may also be used in decreasing order of preference.
- The I(security_token) and I(profile) options are mutually exclusive.
- Aliases I(aws_session_token) and I(session_token) were added in release 3.2.0, with
the parameter being renamed from I(security_token) to I(session_token) in release
6.0.0.
- The I(security_token), I(aws_security_token), and I(access_token) aliases have been
deprecated and will be removed in a release after 2024-12-01.
- Support for the C(EC2_SECRET_KEY) and C(AWS_SECURITY_TOKEN) environment variables
has been deprecated and will be removed in a release after 2024-12-01.
type: str
access_control:
choices:
- AuthenticatedRead
- AwsExecRead
- BucketOwnerFullControl
- BucketOwnerRead
- LogDeliveryWrite
- Private
- PublicRead
- PublicReadWrite
description:
- A canned access control list (ACL) that grants predefined permissions to the bucket.
type: str
validate_certs:
default: true
description:
- When set to C(false), SSL certificates will not be validated for communication with
the AWS APIs.
- Setting I(validate_certs=false) is strongly discouraged, as an alternative, consider
setting I(aws_ca_bundle) instead.
type: bool
bucket_encryption:
description:
- Specifies default encryption for a bucket using server-side encryption with either
Amazon S3-managed keys (SSE-S3) or AWS KMS-managed keys (SSE-KMS).
suboptions:
server_side_encryption_configuration:
description:
- Specifies the default server-side encryption configuration.
elements: dict
suboptions:
bucket_key_enabled:
description:
- Specifies whether Amazon S3 should use an S3 Bucket Key with server-side
encryption using KMS (SSE-KMS) for new objects in the bucket.
- Existing objects are not affected.
- Setting the I(bucket_key_enabled) element to true causes Amazon S3 to use
an S3 Bucket Key.
- By default, S3 Bucket Key is not enabled.
type: bool
server_side_encryption_by_default:
description:
- Specifies the default server-side encryption to apply to new objects in
the bucket.
- If a PUT Object request doesnt specify any server-side encryption, this
default encryption will be applied.
suboptions:
kms_master_key_id:
description:
- KMSMasterKeyID can only be used when you set the value of I(sse_algorithm)
as aws:kms.
type: str
sse_algorithm:
choices:
- AES256
- aws:kms
description:
- Not Provived.
type: str
type: dict
type: list
type: dict
cors_configuration:
description:
- Rules that define cross-origin resource sharing of objects in this bucket.
suboptions:
cors_rules:
description:
- A set of origins and methods (cross-origin access that you want to allow).
- You can add up to 100 rules to the configuration.
elements: dict
suboptions:
allowed_headers:
description:
- Headers that are specified in the Access-Control-Request-Headers header.
elements: str
type: list
allowed_methods:
choices:
- DELETE
- GET
- HEAD
- POST
- PUT
description:
- An HTTP method that you allow the origin to execute.
elements: str
type: list
allowed_origins:
description:
- One or more origins you want customers to be able to access the bucket from.
elements: str
type: list
exposed_headers:
description:
- One or more headers in the response that you want customers to be able to
access from their applications (for example, from a JavaScript XMLHttpRequest
object).
elements: str
type: list
id:
description:
- A unique identifier for this rule.
type: str
max_age:
description:
- The time in seconds that your browser is to cache the preflight response
for the specified resource.
type: int
type: list
type: dict
ownership_controls:
description:
- Specifies the container element for object ownership rules.
suboptions:
rules:
description:
- Not Provived.
elements: dict
suboptions:
object_ownership:
choices:
- BucketOwnerEnforced
- BucketOwnerPreferred
- ObjectWriter
description:
- Specifies an object ownership rule.
type: str
type: list
type: dict
object_lock_enabled:
description:
- Indicates whether this bucket has an Object Lock configuration enabled.
type: bool
logging_configuration:
description:
- Settings that define where logs are stored.
suboptions:
destination_bucket_name:
description:
- The name of an Amazon S3 bucket where Amazon S3 store server access log files.
- You can store log files in any bucket that you own.
- By default, logs are stored in the bucket where the I(logging_configuration)
property is defined.
type: str
log_file_prefix:
description:
- Not Provived.
type: str
type: dict
website_configuration:
description:
- Specifies website configuration parameters for an Amazon S3 bucket.
suboptions:
error_document:
description:
- The name of the error document for the website.
type: str
index_document:
description:
- The name of the index document for the website.
type: str
redirect_all_requests_to:
description:
- Specifies the redirect behavior of all requests to a website endpoint of an
Amazon S3 bucket.
suboptions:
host_name:
description:
- Name of the host where requests are redirected.
type: str
protocol:
choices:
- http
- https
description:
- Protocol to use when redirecting requests.
- The default is the protocol that is used in the original request.
type: str
type: dict
routing_rules:
description:
- Specifies the redirect behavior and when a redirect is applied.
elements: dict
suboptions:
redirect_rule:
description:
- Container for redirect information.
- You can redirect requests to another host, to another page, or with another
protocol.
- In the event of an error, you can specify a different error code to return.Specifies
how requests are redirected.
- In the event of an error, you can specify a different error code to return.
suboptions:
host_name:
description:
- The host name to use in the redirect request.
type: str
http_redirect_code:
description:
- The HTTP redirect code to use on the response.
- Not required if one of the siblings is present.
type: str
protocol:
choices:
- http
- https
description:
- Protocol to use when redirecting requests.
- The default is the protocol that is used in the original request.
type: str
replace_key_prefix_with:
description:
- The object key prefix to use in the redirect request.
type: str
replace_key_with:
description:
- The specific object key to use in the redirect request.d.
type: str
type: dict
routing_rule_condition:
description:
- A container for describing a condition that must be met for the specified
redirect to apply.You must specify at least one of I(http_error_code_returned_equals)
and I(key_prefix_equals).
suboptions:
http_error_code_returned_equals:
description:
- The HTTP error code when the redirect is applied.
type: str
key_prefix_equals:
description:
- The object key name prefix when the redirect is applied.
type: str
type: dict
type: list
type: dict
metrics_configurations:
description:
- Settings that define a metrics configuration for the CloudWatch request metrics
from the bucket.
elements: dict
suboptions:
access_point_arn:
description:
- Not Provived.
type: str
id:
description:
- Not Provived.
type: str
prefix:
description:
- Not Provived.
type: str
tag_filters:
description:
- Tags to use to identify a subset of objects for an Amazon S3 bucket.
elements: dict
suboptions:
key:
description:
- Not Provived.
type: str
value:
description:
- Not Provived.
type: str
type: list
type: list
lifecycle_configuration:
description:
- Rules that define how Amazon S3 manages objects during their lifetime.
suboptions:
rules:
description:
- 'You must specify at least one of the following properties: I(abort_incomplete_multipart_upload),
I(expiration_date), I(expiration_in_days), I(noncurrent_version_expiration_in_days),
I(noncurrent_version_transition), I(noncurrent_version_transitions), I(transition),
or I(transitions).'
elements: dict
suboptions:
abort_incomplete_multipart_upload:
description:
- Specifies the days since the initiation of an incomplete multipart upload
that Amazon S3 will wait before permanently removing all parts of the upload.
suboptions:
days_after_initiation:
description:
- Specifies the number of days after which Amazon S3 aborts an incomplete
multipart upload.
type: int
type: dict
expiration_date:
description:
- The date value in ISO 8601 format.
- The timezone is always UTC. (YYYY-MM-DDThh:mm:ssZ).
type: str
expiration_in_days:
description:
- Not Provived.
type: int
expired_object_delete_marker:
description:
- Not Provived.
type: bool
id:
description:
- Not Provived.
type: str
noncurrent_version_expiration:
description:
- Container for the expiration rule that describes when noncurrent objects
are expired.
- If your bucket is versioning-enabled (or versioning is suspended), you can
set this action to request that Amazon S3 expire noncurrent object versions
at a specific period in the objects lifetime.
suboptions:
newer_noncurrent_versions:
description:
- Specified the number of newer noncurrent and current versions that must
exists before performing the associated action.
type: int
noncurrent_days:
description:
- Specified the number of days an object is noncurrent before Amazon S3
can perform the associated action.
type: int
type: dict
noncurrent_version_expiration_in_days:
description:
- Not Provived.
type: int
noncurrent_version_transition:
description:
- Container for the transition rule that describes when noncurrent objects
transition to the C(STANDARD_IA), C(ONEZONE_IA), C(INTELLIGENT_TIERING),
C(GLACIER_IR), C(GLACIER), or C(DEEP_ARCHIVE) storage class.
- If your bucket is versioning-enabled (or versioning is suspended), you can
set this action to request that Amazon S3 transition noncurrent object versions
to the C(STANDARD_IA), C(ONEZONE_IA), C(INTELLIGENT_TIERING), C(GLACIER_IR),
C(GLACIER), or C(DEEP_ARCHIVE) storage class at a specific period in the
objects lifetime.
suboptions:
newer_noncurrent_versions:
description:
- Specified the number of newer noncurrent and current versions that must
exists before performing the associated action.
type: int
storage_class:
choices:
- DEEP_ARCHIVE
- GLACIER
- GLACIER_IR
- Glacier
- INTELLIGENT_TIERING
- ONEZONE_IA
- STANDARD_IA
description:
- The class of storage used to store the object.
type: str
transition_in_days:
description:
- Specifies the number of days an object is noncurrent before Amazon S3
can perform the associated action.
type: int
type: dict
noncurrent_version_transitions:
description:
- Container for the transition rule that describes when noncurrent objects
transition to the C(STANDARD_IA), C(ONEZONE_IA), C(INTELLIGENT_TIERING),
C(GLACIER_IR), C(GLACIER), or C(DEEP_ARCHIVE) storage class.
- If your bucket is versioning-enabled (or versioning is suspended), you can
set this action to request that Amazon S3 transition noncurrent object versions
to the C(STANDARD_IA), C(ONEZONE_IA), C(INTELLIGENT_TIERING), C(GLACIER_IR),
C(GLACIER), or C(DEEP_ARCHIVE) storage class at a specific period in the
objects lifetime.
elements: dict
suboptions:
newer_noncurrent_versions:
description:
- Specified the number of newer noncurrent and current versions that must
exists before performing the associated action.
type: int
storage_class:
choices:
- DEEP_ARCHIVE
- GLACIER
- GLACIER_IR
- Glacier
- INTELLIGENT_TIERING
- ONEZONE_IA
- STANDARD_IA
description:
- The class of storage used to store the object.
type: str
transition_in_days:
description:
- Specifies the number of days an object is noncurrent before Amazon S3
can perform the associated action.
type: int
type: list
object_size_greater_than:
description:
- Not Provived.
type: str
object_size_less_than:
description:
- Not Provived.
type: str
prefix:
description:
- Not Provived.
type: str
status:
choices:
- Disabled
- Enabled
description:
- Not Provived.
type: str
tag_filters:
description:
- Tags to use to identify a subset of objects for an Amazon S3 bucket.
elements: dict
suboptions:
key:
description:
- Not Provived.
type: str
value:
description:
- Not Provived.
type: str
type: list
transition:
description:
- You must specify at least one of I(transition_date) and I(transition_in_days).
suboptions:
storage_class:
choices:
- DEEP_ARCHIVE
- GLACIER
- GLACIER_IR
- Glacier
- INTELLIGENT_TIERING
- ONEZONE_IA
- STANDARD_IA
description:
- Not Provived.
type: str
transition_date:
description:
- The date value in ISO 8601 format.
- The timezone is always UTC. (YYYY-MM-DDThh:mm:ssZ).
type: str
transition_in_days:
description:
- Not Provived.
type: int
type: dict
transitions:
description:
- You must specify at least one of I(transition_date) and I(transition_in_days).
elements: dict
suboptions:
storage_class:
choices:
- DEEP_ARCHIVE
- GLACIER
- GLACIER_IR
- Glacier
- INTELLIGENT_TIERING
- ONEZONE_IA
- STANDARD_IA
description:
- Not Provived.
type: str
transition_date:
description:
- The date value in ISO 8601 format.
- The timezone is always UTC. (YYYY-MM-DDThh:mm:ssZ).
type: str
transition_in_days:
description:
- Not Provived.
type: int
type: list
type: list
type: dict
accelerate_configuration:
description:
- Configuration for the transfer acceleration state.
suboptions:
acceleration_status:
choices:
- Enabled
- Suspended
description:
- Configures the transfer acceleration state for an Amazon S3 bucket.
type: str
type: dict
analytics_configurations:
description:
- Specifies the configuration and any analyses for the analytics filter of an Amazon
S3 bucket.
elements: dict
suboptions:
id:
description:
- The ID that identifies the analytics configuration.
type: str
prefix:
description:
- The prefix that an object must have to be included in the analytics results.
type: str
storage_class_analysis:
description:
- Specifies data related to access patterns to be collected and made available
to analyze the tradeoffs between different storage classes for an Amazon S3
bucket.
suboptions:
data_export:
description:
- Specifies how data related to the storage class analysis for an Amazon S3
bucket should be exported.
suboptions:
destination:
description:
- Specifies information about where to publish analysis or configuration
results for an Amazon S3 bucket and S3 Replication Time Control (S3
RTC).
suboptions:
bucket_account_id:
description:
- The account ID that owns the destination S3 bucket.
type: str
bucket_arn:
description:
- The Amazon Resource Name (ARN) of the bucket to which data is exported.
type: str
format:
choices:
- CSV
- ORC
- Parquet
description:
- Specifies the file format used when exporting data to Amazon S3.
type: str
prefix:
description:
- The prefix to use when exporting data.
- The prefix is prepended to all results.
type: str
type: dict
output_schema_version:
default: V_1
description:
- The version of the output schema to use when exporting data.
type: str
type: dict
type: dict
tag_filters:
description:
- Tags to use to identify a subset of objects for an Amazon S3 bucket.
elements: dict
suboptions:
key:
description:
- Not Provived.
type: str
value:
description:
- Not Provived.
type: str
type: list
type: list
inventory_configurations:
description:
- The inventory configuration for an Amazon S3 bucket.
elements: dict
suboptions:
destination:
description:
- Specifies information about where to publish analysis or configuration results
for an Amazon S3 bucket and S3 Replication Time Control (S3 RTC).
suboptions:
bucket_account_id:
description:
- The account ID that owns the destination S3 bucket.
type: str
bucket_arn:
description:
- The Amazon Resource Name (ARN) of the bucket to which data is exported.
type: str
format:
choices:
- CSV
- ORC
- Parquet
description:
- Specifies the file format used when exporting data to Amazon S3.
type: str
prefix:
description:
- The prefix to use when exporting data.
- The prefix is prepended to all results.
type: str
type: dict
enabled:
description:
- Specifies whether the inventory is enabled or disabled.
type: bool
id:
description:
- The ID used to identify the inventory configuration.
type: str
included_object_versions:
choices:
- All
- Current
description:
- Object versions to include in the inventory list.
type: str
optional_fields:
choices:
- BucketKeyStatus
- ETag
- EncryptionStatus
- IntelligentTieringAccessTier
- IsMultipartUploaded
- LastModifiedDate
- ObjectLockLegalHoldStatus
- ObjectLockMode
- ObjectLockRetainUntilDate
- ReplicationStatus
- Size
- StorageClass
description:
- Contains the optional fields that are included in the inventory results.
elements: str
type: list
prefix:
description:
- The prefix that is prepended to all inventory results.
type: str
schedule_frequency:
choices:
- Daily
- Weekly
description:
- Specifies the schedule for generating inventory results.
type: str
type: list
versioning_configuration:
description:
- Describes the versioning state of an Amazon S3 bucket.
suboptions:
status:
choices:
- Enabled
- Suspended
default: Suspended
description:
- The versioning state of the bucket.
type: str
type: dict
object_lock_configuration:
description:
- Places an Object Lock configuration on the specified bucket.
suboptions:
object_lock_enabled:
default: Enabled
description:
- Not Provived.
type: str
rule:
description:
- The Object Lock rule in place for the specified object.
suboptions:
default_retention:
description:
- The default retention period that you want to apply to new objects placed
in the specified bucket.
suboptions:
days:
description:
- Not Provived.
type: int
mode:
choices:
- COMPLIANCE
- GOVERNANCE
description:
- Not Provived.
type: str
years:
description:
- Not Provived.
type: int
type: dict
type: dict
type: dict
replication_configuration:
description:
- Configuration for replicating objects in an S3 bucket.A container for replication
rules.
- You can add up to 1,000 rules.
- The maximum size of a replication configuration is 2 MB.
suboptions:
role:
description:
- The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM)
role that Amazon S3 assumes when replicating objects.
type: str
rules:
description:
- Specifies which Amazon S3 objects to replicate and where to store the replicas.
elements: dict
suboptions:
delete_marker_replication:
description:
- Not Provived.
suboptions:
status:
choices:
- Disabled
- Enabled
description:
- Not Provived.
type: str
type: dict
destination:
description:
- Specifies which Amazon S3 bucket to store replicated objects in and their
storage class.
suboptions:
access_control_translation:
description:
- Specify this only in a cross-account scenario (where source and destination
bucket owners are not the same), and you want to change replica ownership
to the AWS account that owns the destination bucket.
- If this is not specified in the replication configuration, the replicas
are owned by same AWS account that owns the source object.
suboptions:
owner:
default: Destination
description:
- Not Provived.
type: str
type: dict
account:
description:
- Not Provived.
type: str
bucket:
description:
- Not Provived.
type: str
encryption_configuration:
description:
- Specifies encryption-related information for an Amazon S3 bucket that
is a destination for replicated objects.
suboptions:
replica_kms_key_id:
description:
- Specifies the ID (Key ARN or Alias ARN) of the customer managed
customer master key (CMK) stored in AWS Key Management Service (KMS)
for the destination bucket.
type: str
type: dict
metrics:
description:
- Not Provived.
suboptions:
event_threshold:
description:
- Not Provived.
suboptions:
minutes:
description:
- Not Provived.
type: int
type: dict
status:
choices:
- Disabled
- Enabled
description:
- Not Provived.
type: str
type: dict
replication_time:
description:
- Not Provived.
suboptions:
status:
choices:
- Disabled
- Enabled
description:
- Not Provived.
type: str
time:
description:
- Not Provived.
suboptions:
minutes:
description:
- Not Provived.
type: int
type: dict
type: dict
storage_class:
choices:
- DEEP_ARCHIVE
- GLACIER
- GLACIER_IR
- INTELLIGENT_TIERING
- ONEZONE_IA
- REDUCED_REDUNDANCY
- STANDARD
- STANDARD_IA
description:
- The storage class to use when replicating objects, such as S3 Standard
or reduced redundancy.
type: str
type: dict
filter:
description:
- Not Provived.
suboptions:
and:
description:
- Not Provived.
suboptions:
prefix:
description:
- Not Provived.
type: str
tag_filters:
description:
- Tags to use to identify a subset of objects for an Amazon S3 bucket.
elements: dict
suboptions:
key:
description:
- Not Provived.
type: str
value:
description:
- Not Provived.
type: str
type: list
type: dict
prefix:
description:
- Not Provived.
type: str
tag_filter:
description:
- Tags to use to identify a subset of objects for an Amazon S3 bucket.
suboptions:
key:
description:
- Not Provived.
type: str
value:
description:
- Not Provived.
type: str
type: dict
type: dict
id:
description:
- A unique identifier for the rule.
type: str
prefix:
description:
- An object key name prefix that identifies the object or objects to which
the rule applies.
type: str
priority:
description:
- Not Provived.
type: int
source_selection_criteria:
description:
- A container that describes additional filters for identifying the source
objects that you want to replicate.
suboptions:
replica_modifications:
description:
- A filter that you can specify for selection for modifications on replicas.
suboptions:
status:
choices:
- Disabled
- Enabled
description:
- Specifies whether Amazon S3 replicates modifications on replicas.
type: str
type: dict
sse_kms_encrypted_objects:
description:
- A container for filter information for the selection of Amazon S3 objects
encrypted with AWS KMS.A container for filter information for the selection
of S3 objects encrypted with AWS KMS.
suboptions:
status:
choices:
- Disabled
- Enabled
description:
- Specifies whether Amazon S3 replicates objects created with server-side
encryption using a customer master key (CMK) stored in AWS Key Management
Service.
type: str
type: dict
type: dict
status:
choices:
- Disabled
- Enabled
description:
- Specifies whether the rule is enabled.
type: str
type: list
type: dict
notification_configuration:
description:
- Configuration that defines how Amazon S3 handles bucket notifications.Describes
the notification configuration for an Amazon S3 bucket.
suboptions:
event_bridge_configuration:
description:
- Describes the Amazon EventBridge notification configuration for an Amazon S3
bucket.
suboptions:
event_bridge_enabled:
default: 'true'
description:
- Specifies whether to send notifications to Amazon EventBridge when events
occur in an Amazon S3 bucket.
type: bool
type: dict
lambda_configurations:
description:
- Describes the AWS Lambda functions to invoke and the events for which to invoke
them.
elements: dict
suboptions:
event:
description:
- The Amazon S3 bucket event for which to invoke the AWS Lambda function.
type: str
filter:
description:
- The filtering rules that determine which objects invoke the AWS Lambda function.Specifies
object key name filtering rules.
suboptions:
s3_key:
description:
- A container for object key name prefix and suffix filtering rules.
suboptions:
rules:
description:
- Specifies the Amazon S3 object key name to filter on and whether
to filter on the suffix or prefix of the key name.
elements: dict
suboptions:
name:
description:
- Not Provived.
type: str
value:
description:
- Not Provived.
type: str
type: list
type: dict
type: dict
function:
description:
- The Amazon Resource Name (ARN) of the AWS Lambda function that Amazon S3
invokes when the specified event type occurs.
type: str
type: list
queue_configurations:
description:
- The Amazon Simple Queue Service queues to publish messages to and the events
for which to publish messages.
elements: dict
suboptions:
event:
description:
- The Amazon S3 bucket event about which you want to publish messages to Amazon
SQS.
type: str
filter:
description:
- The filtering rules that determine which objects trigger notifications.
suboptions:
s3_key:
description:
- A container for object key name prefix and suffix filtering rules.
suboptions:
rules:
description:
- Specifies the Amazon S3 object key name to filter on and whether
to filter on the suffix or prefix of the key name.
elements: dict
suboptions:
name:
description:
- Not Provived.
type: str
value:
description:
- Not Provived.
type: str
type: list
type: dict
type: dict
queue:
description:
- The Amazon Resource Name (ARN) of the Amazon SQS queue to which Amazon S3
publishes a message when it detects events of the specified type.
type: str
type: list
topic_configurations:
description:
- The topic to which notifications are sent and the events for which notifications
are generated.
elements: dict
suboptions:
event:
description:
- The Amazon S3 bucket event about which to send notifications.
type: str
filter:
description:
- The filtering rules that determine for which objects to send notifications.
suboptions:
s3_key:
description:
- A container for object key name prefix and suffix filtering rules.
suboptions:
rules:
description:
- Specifies the Amazon S3 object key name to filter on and whether
to filter on the suffix or prefix of the key name.
elements: dict
suboptions:
name:
description:
- Not Provived.
type: str
value:
description:
- Not Provived.
type: str
type: list
type: dict
type: dict
topic:
description:
- The Amazon Resource Name (ARN) of the Amazon SNS topic to which Amazon S3
publishes a message when it detects events of the specified type.
type: str
type: list
type: dict
debug_botocore_endpoint_logs:
default: false
description:
- Use a C(botocore.endpoint) logger to parse the unique (rather than total) C("resource:action")
API calls made during a task, outputing the set to the resource_actions key in the
task results. Use the C(aws_resource_action) callback to output to total list made
during a playbook.
- The C(ANSIBLE_DEBUG_BOTOCORE_LOGS) environment variable may also be used.
type: bool
public_access_block_configuration:
description:
- Configuration that defines how Amazon S3 handles public access.
suboptions:
block_public_acls:
description:
- Specifies whether Amazon S3 should block public access control lists (ACLs)
for this bucket and objects in this bucket.
- Setting this element to C(True) causes the following behavior:.
- '- PUT Bucket acl and PUT Object acl calls fail if the specified ACL is public.'
- '- PUT Object calls fail if the request includes a public ACL.'
- Enabling this setting doesnt affect existing policies or ACLs.
type: bool
block_public_policy:
description:
- Specifies whether Amazon S3 should block public bucket policies for this bucket.
- Setting this element to C(True) causes Amazon S3 to reject calls to PUT Bucket
policy if the specified bucket policy allows public access.
- Enabling this setting doesnt affect existing bucket policies.
type: bool
ignore_public_acls:
description:
- Specifies whether Amazon S3 should ignore public ACLs for this bucket and objects
in this bucket.
- Setting this element to C(True) causes Amazon S3 to ignore all public ACLs on
this bucket and objects in this bucket.
- Enabling this setting doesnt affect the persistence of any existing ACLs and
doesnt prevent new public ACLs from being set.
type: bool
restrict_public_buckets:
description:
- Specifies whether Amazon S3 should restrict public bucket policies for this
bucket.
- Setting this element to C(True) restricts access to this bucket to only AWS
services and authorized users within this account if the bucket has a public
policy.
- Enabling this setting doesnt affect previously stored bucket policies, except
that public and cross-account access within any public bucket policy, including
non-public delegation to specific accounts, is blocked.
type: bool
type: dict
intelligent_tiering_configurations:
description:
- Specifies the S3 Intelligent-Tiering configuration for an Amazon S3 bucket.
elements: dict
suboptions:
id:
description:
- The ID used to identify the S3 Intelligent-Tiering configuration.
type: str
prefix:
description:
- An object key name prefix that identifies the subset of objects to which the
rule applies.
type: str
status:
choices:
- Disabled
- Enabled
description:
- Specifies the status of the configuration.
type: str
tag_filters:
description:
- Tags to use to identify a subset of objects for an Amazon S3 bucket.
elements: dict
suboptions:
key:
description:
- Not Provived.
type: str
value:
description:
- Not Provived.
type: str
type: list
tierings:
description:
- Specifies a list of S3 Intelligent-Tiering storage class tiers in the configuration.
- At least one tier must be defined in the list.
- 'At most, you can specify two tiers in the list, one for each available I(access_tier):
C(ARCHIVE_ACCESS) and C(DEEP_ARCHIVE_ACCESS).'
elements: dict
suboptions:
access_tier:
choices:
- ARCHIVE_ACCESS
- DEEP_ARCHIVE_ACCESS
description:
- S3 Intelligent-Tiering access tier.
- See Storage class for automatically optimizing frequently and infrequently
accessed objects for a list of access tiers in the S3 Intelligent-Tiering
storage class.
type: str
days:
description:
- The number of consecutive days of no access after which an object will be
eligible to be transitioned to the corresponding tier.
- The minimum number of days specified for Archive Access tier must be at
least 90 days and Deep Archive Access tier must be at least 180 days.
- The maximum can be up to 2 years (730 days).
type: int
type: list
type: list
result:
contains:
identifier:
description: The unique identifier of the resource.
type: str
properties:
description: The resource properties.
type: dict
description:
- When I(state=list), it is a list containing dictionaries of resource information.
- Otherwise, it is a dictionary of resource information.
- When I(state=absent), it is an empty dictionary.
returned: always
type: complex