AwsS3Data
import type { AwsS3Data } from "https://googleapis.deno.dev/v1/storagetransfer:v1.ts";
An AwsS3Data resource can be a data source, but not a data sink. In an AwsS3Data resource, an object's name is the S3 object's key name.
§Properties
Input only. AWS access key used to sign the API requests to the AWS S3 bucket. Permissions on the bucket must be granted to the access ID of the AWS access key. For information on our data retention policy for user credentials, see User credentials.
Required. S3 Bucket name (see Creating a bucket).
Optional. The CloudFront distribution domain name pointing to this bucket,
to use when fetching. See Transfer from S3 via
CloudFront
for more information. Format: https://{id}.cloudfront.net
or any valid
custom domain. Must begin with https://
.
Optional. The Resource name of a secret in Secret Manager. AWS credentials
must be stored in Secret Manager in JSON format: { "access_key_id":
"ACCESS_KEY_ID", "secret_access_key": "SECRET_ACCESS_KEY" }
GoogleServiceAccount must be granted roles/secretmanager.secretAccessor
for the resource. See [Configure access to a source: Amazon S3]
(https://cloud.google.com/storage-transfer/docs/source-amazon-s3#secret_manager)
for more information. If credentials_secret
is specified, do not specify
role_arn or aws_access_key. Format:
projects/{project_number}/secrets/{secret_name}
Root path to transfer objects. Must be an empty string or full path name that ends with a '/'. This field is treated as an object prefix. As such, it should generally not begin with a '/'.
The Amazon Resource Name (ARN) of the role to support temporary
credentials via AssumeRoleWithWebIdentity
. For more information about
ARNs, see IAM
ARNs.
When a role ARN is provided, Transfer Service fetches temporary credentials
for the session using a AssumeRoleWithWebIdentity
call for the provided
role using the GoogleServiceAccount for this project.