AWS S3 (Object Storage)
S3 Buckets
Stelvio supports creating and managing S3 buckets using the Bucket component.
Create an S3 bucket and link it to an API Gateway handler:
@app.run
def run() -> None:
bucket = Bucket("todo-bucket")
api = Api("todo-api")
api.route("GET", "/write", handler="functions/write.get", links=[bucket])
api.route("GET", "/read", handler="functions/read.get", links=[bucket])
Using the linking mechanism, you can easily access the S3 bucket in your Lambda functions using the regular boto3 library:
import boto3
from stlv_resources import Resources
def get(event, context):
s3_client = boto3.client("s3")
bucket_name = Resources.todoBucket.bucket_name
s3_client.put_object(Bucket=bucket_name, Key="hello.txt", Body="Hello, World!")
return {"statusCode": 200, "body": "Hello, World!"}
Public Access
Internally, access to S3 buckets is handled by the pulumi_aws.s3.BucketPublicAccessBlock resource.
By default, all public access is blocked for S3 buckets created with the Bucket component.
You can change that behaviour by setting the access argument to 'public':
Internally, a BucketPublicAccessBlock is created with the following parameters:
block_public_acls=<Value>,
block_public_policy=<Value>,
ignore_public_acls=<Value>,
restrict_public_buckets=<Value>,
<Value> is set to either False for public access or True for private access.
| Parameter | Description |
|---|---|
block_public_acls |
Whether to block public ACLs. |
block_public_policy |
Whether to block public policies. |
ignore_public_acls |
Whether to ignore public ACLs. |
restrict_public_buckets |
Whether to restrict public buckets. |
Additionally, a policy for s3:GetObject is created to allow public read access to the objects in the bucket if access is set to 'public'.
See the Pulumi Documentation for more information.
Static Websites
Future releases of Stelvio will allow public access to S3 buckets, like static websites, using Cloudfront. This is still in development.