location_object_storages
Creates, updates, deletes or gets a location_object_storage resource or lists location_object_storages in a region
Overview
| Name | location_object_storages |
| Type | Resource |
| Description | Resource Type definition for AWS::DataSync::LocationObjectStorage. |
| Id | awscc.datasync.location_object_storages |
Fields
- get (all properties)
- list (identifiers only)
| Name | Datatype | Description |
|---|---|---|
access_key | string | Optional. The access key is used if credentials are required to access the self-managed object storage server. |
agent_arns | array | Specifies the Amazon Resource Names (ARNs) of the DataSync agents that can connect with your object storage system. If you are setting up an agentless cross-cloud transfer, you do not need to specify a value for this parameter. |
bucket_name | string | The name of the bucket on the self-managed object storage server. |
secret_key | string | Optional. The secret key is used if credentials are required to access the self-managed object storage server. |
server_certificate | string | X.509 PEM content containing a certificate authority or chain to trust. |
server_hostname | string | The name of the self-managed object storage server. This value is the IP address or Domain Name Service (DNS) name of the object storage server. |
server_port | integer | The port that your self-managed server accepts inbound network traffic on. |
server_protocol | string | The protocol that the object storage server uses to communicate. |
subdirectory | string | The subdirectory in the self-managed object storage server that is used to read data from. |
tags | array | An array of key-value pairs to apply to this resource. |
location_arn | string | The Amazon Resource Name (ARN) of the location that is created. |
location_uri | string | The URL of the object storage location that was described. |
cmk_secret_config | object | Specifies configuration information for a DataSync-managed secret, such as an authentication token or set of credentials that DataSync uses to access a specific transfer location, and a customer-managed AWS KMS key. |
custom_secret_config | object | Specifies configuration information for a customer-managed secret, such as an authentication token or set of credentials that DataSync uses to access a specific transfer location, and an IAM role that DataSync can assume and access the customer-managed secret. |
managed_secret_config | object | Specifies configuration information for a DataSync-managed secret, such as an authentication token or set of credentials that DataSync uses to access a specific transfer location. DataSync uses the default AWS-managed KMS key to encrypt this secret in AWS Secrets Manager. |
region | string | AWS region. |
| Name | Datatype | Description |
|---|---|---|
location_arn | string | The Amazon Resource Name (ARN) of the location that is created. |
region | string | AWS region. |
For more information, see AWS::DataSync::LocationObjectStorage.
Methods
| Name | Resource | Accessible by | Required Params |
|---|---|---|---|
create_resource | location_object_storages | INSERT | region |
delete_resource | location_object_storages | DELETE | Identifier, region |
update_resource | location_object_storages | UPDATE | Identifier, PatchDocument, region |
list_resources | location_object_storages_list_only | SELECT | region |
get_resource | location_object_storages | SELECT | Identifier, region |
SELECT examples
- get (all properties)
- list (identifiers only)
Gets all properties from an individual location_object_storage.
SELECT
region,
access_key,
agent_arns,
bucket_name,
secret_key,
server_certificate,
server_hostname,
server_port,
server_protocol,
subdirectory,
tags,
location_arn,
location_uri,
cmk_secret_config,
custom_secret_config,
managed_secret_config
FROM awscc.datasync.location_object_storages
WHERE
region = 'us-east-1' AND
Identifier = '{{ location_arn }}';
Lists all location_object_storages in a region.
SELECT
region,
location_arn
FROM awscc.datasync.location_object_storages_list_only
WHERE
region = 'us-east-1';
INSERT example
Use the following StackQL query and manifest file to create a new location_object_storage resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO awscc.datasync.location_object_storages (
AccessKey,
AgentArns,
BucketName,
SecretKey,
ServerCertificate,
ServerHostname,
ServerPort,
ServerProtocol,
Subdirectory,
Tags,
CmkSecretConfig,
CustomSecretConfig,
region
)
SELECT
'{{ access_key }}',
'{{ agent_arns }}',
'{{ bucket_name }}',
'{{ secret_key }}',
'{{ server_certificate }}',
'{{ server_hostname }}',
'{{ server_port }}',
'{{ server_protocol }}',
'{{ subdirectory }}',
'{{ tags }}',
'{{ cmk_secret_config }}',
'{{ custom_secret_config }}',
'{{ region }}';
/*+ create */
INSERT INTO awscc.datasync.location_object_storages (
AccessKey,
AgentArns,
BucketName,
SecretKey,
ServerCertificate,
ServerHostname,
ServerPort,
ServerProtocol,
Subdirectory,
Tags,
CmkSecretConfig,
CustomSecretConfig,
region
)
SELECT
'{{ access_key }}',
'{{ agent_arns }}',
'{{ bucket_name }}',
'{{ secret_key }}',
'{{ server_certificate }}',
'{{ server_hostname }}',
'{{ server_port }}',
'{{ server_protocol }}',
'{{ subdirectory }}',
'{{ tags }}',
'{{ cmk_secret_config }}',
'{{ custom_secret_config }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: location_object_storage
props:
- name: access_key
value: '{{ access_key }}'
- name: agent_arns
value:
- '{{ agent_arns[0] }}'
- name: bucket_name
value: '{{ bucket_name }}'
- name: secret_key
value: '{{ secret_key }}'
- name: server_certificate
value: '{{ server_certificate }}'
- name: server_hostname
value: '{{ server_hostname }}'
- name: server_port
value: '{{ server_port }}'
- name: server_protocol
value: '{{ server_protocol }}'
- name: subdirectory
value: '{{ subdirectory }}'
- name: tags
value:
- key: '{{ key }}'
value: '{{ value }}'
- name: cmk_secret_config
value:
secret_arn: '{{ secret_arn }}'
kms_key_arn: '{{ kms_key_arn }}'
- name: custom_secret_config
value:
secret_arn: '{{ secret_arn }}'
secret_access_role_arn: '{{ secret_access_role_arn }}'
UPDATE example
Use the following StackQL query and manifest file to update a location_object_storage resource, using stack-deploy.
/*+ update */
UPDATE awscc.datasync.location_object_storages
SET PatchDocument = string('{{ {
"AccessKey": access_key,
"AgentArns": agent_arns,
"SecretKey": secret_key,
"ServerCertificate": server_certificate,
"ServerHostname": server_hostname,
"ServerPort": server_port,
"ServerProtocol": server_protocol,
"Subdirectory": subdirectory,
"Tags": tags,
"CustomSecretConfig": custom_secret_config
} | generate_patch_document }}')
WHERE
region = '{{ region }}' AND
Identifier = '{{ location_arn }}';
DELETE example
/*+ delete */
DELETE FROM awscc.datasync.location_object_storages
WHERE
Identifier = '{{ location_arn }}' AND
region = 'us-east-1';
Permissions
To operate on the location_object_storages resource, the following permissions are required:
- Create
- Read
- Update
- Delete
- List
datasync:CreateLocationObjectStorage,
datasync:DescribeLocationObjectStorage,
datasync:ListTagsForResource,
datasync:TagResource,
secretsmanager:CreateSecret,
secretsmanager:PutSecretValue,
secretsmanager:DeleteSecret,
iam:CreateServiceLinkedRole,
iam:PassRole,
kms:Encrypt,
kms:Decrypt,
kms:GenerateDataKey
datasync:DescribeLocationObjectStorage,
datasync:ListTagsForResource
datasync:DescribeLocationObjectStorage,
datasync:ListTagsForResource,
datasync:TagResource,
datasync:UntagResource,
datasync:UpdateLocationObjectStorage,
secretsmanager:UpdateSecret,
secretsmanager:DeleteSecret,
secretsmanager:PutSecretValue,
secretsmanager:CreateSecret,
iam:CreateServiceLinkedRole,
iam:PassRole,
kms:Encrypt,
kms:Decrypt,
kms:GenerateDataKey
datasync:DeleteLocation,
secretsmanager:DeleteSecret
datasync:ListLocations