@aws-cdk/aws-s3
- Version 1.204.0
- Published
- 3.24 MB
- 6 dependencies
- Apache-2.0 license
Install
npm i @aws-cdk/aws-s3
yarn add @aws-cdk/aws-s3
pnpm add @aws-cdk/aws-s3
Overview
The CDK Construct Library for AWS::S3
Index
Classes
Bucket
- addCorsRule()
- addInventory()
- addLifecycleRule()
- addMetric()
- autoCreatePolicy
- bucketArn
- bucketDomainName
- bucketDualStackDomainName
- bucketName
- bucketRegionalDomainName
- bucketWebsiteDomainName
- bucketWebsiteUrl
- disallowPublicAccess
- encryptionKey
- fromBucketArn()
- fromBucketAttributes()
- fromBucketName()
- isWebsite
- policy
- validateBucketName()
BucketBase
- addEventNotification()
- addObjectCreatedNotification()
- addObjectRemovedNotification()
- addToResourcePolicy()
- arnForObjects()
- autoCreatePolicy
- bucketArn
- bucketDomainName
- bucketDualStackDomainName
- bucketName
- bucketRegionalDomainName
- bucketWebsiteDomainName
- bucketWebsiteUrl
- disallowPublicAccess
- enableEventBridgeNotification()
- encryptionKey
- grantDelete()
- grantPublicAccess()
- grantPut()
- grantPutAcl()
- grantRead()
- grantReadWrite()
- grantWrite()
- isWebsite
- notificationsHandlerRole
- onCloudTrailEvent()
- onCloudTrailPutObject()
- onCloudTrailWriteObject()
- policy
- s3UrlForObject()
- transferAccelerationUrlForObject()
- urlForObject()
- validate()
- virtualHostedUrlForObject()
CfnBucket
- accelerateConfiguration
- accessControl
- analyticsConfigurations
- attrArn
- attrDomainName
- attrDualStackDomainName
- attrRegionalDomainName
- attrWebsiteUrl
- bucketEncryption
- bucketName
- CFN_RESOURCE_TYPE_NAME
- cfnProperties
- corsConfiguration
- inspect()
- intelligentTieringConfigurations
- inventoryConfigurations
- lifecycleConfiguration
- loggingConfiguration
- metricsConfigurations
- notificationConfiguration
- objectLockConfiguration
- objectLockEnabled
- ownershipControls
- publicAccessBlockConfiguration
- renderProperties()
- replicationConfiguration
- tags
- versioningConfiguration
- websiteConfiguration
Interfaces
BucketProps
- accessControl
- autoDeleteObjects
- blockPublicAccess
- bucketKeyEnabled
- bucketName
- cors
- encryption
- encryptionKey
- enforceSSL
- eventBridgeEnabled
- intelligentTieringConfigurations
- inventories
- lifecycleRules
- metrics
- notificationsHandlerRole
- objectOwnership
- publicReadAccess
- removalPolicy
- serverAccessLogsBucket
- serverAccessLogsPrefix
- transferAcceleration
- versioned
- websiteErrorDocument
- websiteIndexDocument
- websiteRedirect
- websiteRoutingRules
CfnBucketProps
- accelerateConfiguration
- accessControl
- analyticsConfigurations
- bucketEncryption
- bucketName
- corsConfiguration
- intelligentTieringConfigurations
- inventoryConfigurations
- lifecycleConfiguration
- loggingConfiguration
- metricsConfigurations
- notificationConfiguration
- objectLockConfiguration
- objectLockEnabled
- ownershipControls
- publicAccessBlockConfiguration
- replicationConfiguration
- tags
- versioningConfiguration
- websiteConfiguration
IBucket
- addEventNotification()
- addObjectCreatedNotification()
- addObjectRemovedNotification()
- addToResourcePolicy()
- arnForObjects()
- bucketArn
- bucketDomainName
- bucketDualStackDomainName
- bucketName
- bucketRegionalDomainName
- bucketWebsiteDomainName
- bucketWebsiteUrl
- encryptionKey
- grantDelete()
- grantPublicAccess()
- grantPut()
- grantPutAcl()
- grantRead()
- grantReadWrite()
- grantWrite()
- isWebsite
- onCloudTrailEvent()
- onCloudTrailPutObject()
- onCloudTrailWriteObject()
- policy
- s3UrlForObject()
- transferAccelerationUrlForObject()
- urlForObject()
- virtualHostedUrlForObject()
Enums
EventType
- INTELLIGENT_TIERING
- LIFECYCLE_EXPIRATION
- LIFECYCLE_EXPIRATION_DELETE
- LIFECYCLE_EXPIRATION_DELETE_MARKER_CREATED
- LIFECYCLE_TRANSITION
- OBJECT_ACL_PUT
- OBJECT_CREATED
- OBJECT_CREATED_COMPLETE_MULTIPART_UPLOAD
- OBJECT_CREATED_COPY
- OBJECT_CREATED_POST
- OBJECT_CREATED_PUT
- OBJECT_REMOVED
- OBJECT_REMOVED_DELETE
- OBJECT_REMOVED_DELETE_MARKER_CREATED
- OBJECT_RESTORE_COMPLETED
- OBJECT_RESTORE_DELETE
- OBJECT_RESTORE_POST
- OBJECT_TAGGING
- OBJECT_TAGGING_DELETE
- OBJECT_TAGGING_PUT
- REDUCED_REDUNDANCY_LOST_OBJECT
- REPLICATION_OPERATION_FAILED_REPLICATION
- REPLICATION_OPERATION_MISSED_THRESHOLD
- REPLICATION_OPERATION_NOT_TRACKED
- REPLICATION_OPERATION_REPLICATED_AFTER_THRESHOLD
Namespaces
CfnBucket
- AbortIncompleteMultipartUploadProperty
- AccelerateConfigurationProperty
- AccessControlTranslationProperty
- AnalyticsConfigurationProperty
- BucketEncryptionProperty
- CorsConfigurationProperty
- CorsRuleProperty
- DataExportProperty
- DefaultRetentionProperty
- DeleteMarkerReplicationProperty
- DestinationProperty
- EncryptionConfigurationProperty
- EventBridgeConfigurationProperty
- FilterRuleProperty
- IntelligentTieringConfigurationProperty
- InventoryConfigurationProperty
- LambdaConfigurationProperty
- LifecycleConfigurationProperty
- LoggingConfigurationProperty
- MetricsConfigurationProperty
- MetricsProperty
- NoncurrentVersionExpirationProperty
- NoncurrentVersionTransitionProperty
- NotificationConfigurationProperty
- NotificationFilterProperty
- ObjectLockConfigurationProperty
- ObjectLockRuleProperty
- OwnershipControlsProperty
- OwnershipControlsRuleProperty
- PublicAccessBlockConfigurationProperty
- QueueConfigurationProperty
- RedirectAllRequestsToProperty
- RedirectRuleProperty
- ReplicaModificationsProperty
- ReplicationConfigurationProperty
- ReplicationDestinationProperty
- ReplicationRuleAndOperatorProperty
- ReplicationRuleFilterProperty
- ReplicationRuleProperty
- ReplicationTimeProperty
- ReplicationTimeValueProperty
- RoutingRuleConditionProperty
- RoutingRuleProperty
- RuleProperty
- S3KeyFilterProperty
- ServerSideEncryptionByDefaultProperty
- ServerSideEncryptionRuleProperty
- SourceSelectionCriteriaProperty
- SseKmsEncryptedObjectsProperty
- StorageClassAnalysisProperty
- TagFilterProperty
- TieringProperty
- TopicConfigurationProperty
- TransitionProperty
- VersioningConfigurationProperty
- WebsiteConfigurationProperty
CfnStorageLens
- AccountLevelProperty
- ActivityMetricsProperty
- AdvancedCostOptimizationMetricsProperty
- AdvancedDataProtectionMetricsProperty
- AwsOrgProperty
- BucketLevelProperty
- BucketsAndRegionsProperty
- CloudWatchMetricsProperty
- DataExportProperty
- DetailedStatusCodesMetricsProperty
- EncryptionProperty
- PrefixLevelProperty
- PrefixLevelStorageMetricsProperty
- S3BucketDestinationProperty
- SelectionCriteriaProperty
- SSEKMSProperty
- StorageLensConfigurationProperty
Classes
class BlockPublicAccess
class BlockPublicAccess {}
constructor
constructor(options: BlockPublicAccessOptions);
property BLOCK_ACLS
static readonly BLOCK_ACLS: BlockPublicAccess;
property BLOCK_ALL
static readonly BLOCK_ALL: BlockPublicAccess;
property blockPublicAcls
blockPublicAcls: boolean;
property blockPublicPolicy
blockPublicPolicy: boolean;
property ignorePublicAcls
ignorePublicAcls: boolean;
property restrictPublicBuckets
restrictPublicBuckets: boolean;
class Bucket
class Bucket extends BucketBase {}
An S3 bucket with associated policy objects
This bucket does not yet have all features that exposed by the underlying BucketResource.
constructor
constructor(scope: Construct, id: string, props?: BucketProps);
property autoCreatePolicy
protected autoCreatePolicy: boolean;
property bucketArn
readonly bucketArn: string;
property bucketDomainName
readonly bucketDomainName: string;
property bucketDualStackDomainName
readonly bucketDualStackDomainName: string;
property bucketName
readonly bucketName: string;
property bucketRegionalDomainName
readonly bucketRegionalDomainName: string;
property bucketWebsiteDomainName
readonly bucketWebsiteDomainName: string;
property bucketWebsiteUrl
readonly bucketWebsiteUrl: string;
property disallowPublicAccess
protected disallowPublicAccess?: boolean;
property encryptionKey
readonly encryptionKey?: kms.IKey;
property isWebsite
readonly isWebsite?: boolean;
property policy
policy?: BucketPolicy;
method addCorsRule
addCorsRule: (rule: CorsRule) => void;
Adds a cross-origin access configuration for objects in an Amazon S3 bucket
Parameter rule
The CORS configuration rule to add
method addInventory
addInventory: (inventory: Inventory) => void;
Add an inventory configuration.
Parameter inventory
configuration to add
method addLifecycleRule
addLifecycleRule: (rule: LifecycleRule) => void;
Add a lifecycle rule to the bucket
Parameter rule
The rule to add
method addMetric
addMetric: (metric: BucketMetrics) => void;
Adds a metrics configuration for the CloudWatch request metrics from the bucket.
Parameter metric
The metric configuration to add
method fromBucketArn
static fromBucketArn: ( scope: Construct, id: string, bucketArn: string) => IBucket;
method fromBucketAttributes
static fromBucketAttributes: ( scope: Construct, id: string, attrs: BucketAttributes) => IBucket;
Creates a Bucket construct that represents an external bucket.
Parameter scope
The parent creating construct (usually
this
).Parameter id
The construct's name.
Parameter attrs
A
BucketAttributes
object. Can be obtained from a call tobucket.export()
or manually created.
method fromBucketName
static fromBucketName: ( scope: Construct, id: string, bucketName: string) => IBucket;
method validateBucketName
static validateBucketName: (physicalName: string) => void;
Thrown an exception if the given bucket name is not valid.
Parameter physicalName
name of the bucket.
class BucketBase
abstract class BucketBase extends Resource implements IBucket {}
Represents an S3 Bucket.
Buckets can be either defined within this stack:
new Bucket(this, 'MyBucket', { props });
Or imported from an existing bucket:
Bucket.import(this, 'MyImportedBucket', { bucketArn: ... });
You can also export a bucket and import it into another stack:
const ref = myBucket.export(); Bucket.import(this, 'MyImportedBucket', ref);
constructor
constructor(scope: Construct, id: string, props?: ResourceProps);
property autoCreatePolicy
protected abstract autoCreatePolicy: boolean;
Indicates if a bucket resource policy should automatically created upon the first call to
addToResourcePolicy
.
property bucketArn
abstract readonly bucketArn: string;
property bucketDomainName
abstract readonly bucketDomainName: string;
property bucketDualStackDomainName
abstract readonly bucketDualStackDomainName: string;
property bucketName
abstract readonly bucketName: string;
property bucketRegionalDomainName
abstract readonly bucketRegionalDomainName: string;
property bucketWebsiteDomainName
abstract readonly bucketWebsiteDomainName: string;
property bucketWebsiteUrl
abstract readonly bucketWebsiteUrl: string;
property disallowPublicAccess
protected abstract disallowPublicAccess?: boolean;
Whether to disallow public access
property encryptionKey
abstract readonly encryptionKey?: kms.IKey;
Optional KMS encryption key associated with this bucket.
property isWebsite
abstract readonly isWebsite?: boolean;
If this bucket has been configured for static website hosting.
property notificationsHandlerRole
protected notificationsHandlerRole?: iam.IRole;
property policy
abstract policy?: BucketPolicy;
The resource policy associated with this bucket.
If
autoCreatePolicy
is true, aBucketPolicy
will be created upon the first call to addToResourcePolicy(s).
method addEventNotification
addEventNotification: ( event: EventType, dest: IBucketNotificationDestination, ...filters: NotificationKeyFilter[]) => void;
Adds a bucket notification event destination.
Parameter event
The event to trigger the notification
Parameter dest
The notification destination (Lambda, SNS Topic or SQS Queue)
Parameter filters
S3 object key filter rules to determine which objects trigger this event. Each filter must include a
prefix
and/orsuffix
that will be matched against the s3 object key. Refer to the S3 Developer Guide for details about allowed filter rules.Example 1
declare const myLambda: lambda.Function; const bucket = new s3.Bucket(this, 'MyBucket'); bucket.addEventNotification(s3.EventType.OBJECT_CREATED, new s3n.LambdaDestination(myLambda), {prefix: 'home/myusername/*'});
See Also
https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html#notification-how-to-filtering
https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html
method addObjectCreatedNotification
addObjectCreatedNotification: ( dest: IBucketNotificationDestination, ...filters: NotificationKeyFilter[]) => void;
Subscribes a destination to receive notifications when an object is created in the bucket. This is identical to calling
onEvent(EventType.OBJECT_CREATED)
.Parameter dest
The notification destination (see onEvent)
Parameter filters
Filters (see onEvent)
method addObjectRemovedNotification
addObjectRemovedNotification: ( dest: IBucketNotificationDestination, ...filters: NotificationKeyFilter[]) => void;
Subscribes a destination to receive notifications when an object is removed from the bucket. This is identical to calling
onEvent(EventType.OBJECT_REMOVED)
.Parameter dest
The notification destination (see onEvent)
Parameter filters
Filters (see onEvent)
method addToResourcePolicy
addToResourcePolicy: ( permission: iam.PolicyStatement) => iam.AddToResourcePolicyResult;
Adds a statement to the resource policy for a principal (i.e. account/role/service) to perform actions on this bucket and/or its contents. Use
bucketArn
andarnForObjects(keys)
to obtain ARNs for this bucket or objects.Note that the policy statement may or may not be added to the policy. For example, when an
IBucket
is created from an existing bucket, it's not possible to tell whether the bucket already has a policy attached, let alone to re-use that policy to add more statements to it. So it's safest to do nothing in these cases.Parameter permission
the policy statement to be added to the bucket's policy.
Returns
metadata about the execution of this method. If the policy was not added, the value of
statementAdded
will befalse
. You should always check this value to make sure that the operation was actually carried out. Otherwise, synthesis and deploy will terminate silently, which may be confusing.
method arnForObjects
arnForObjects: (keyPattern: string) => string;
Returns an ARN that represents all objects within the bucket that match the key pattern specified. To represent all keys, specify ``"*"``.
If you need to specify a keyPattern with multiple components, concatenate them into a single string, e.g.:
arnForObjects(
home/${team}/${user}/*
)
method enableEventBridgeNotification
protected enableEventBridgeNotification: () => void;
method grantDelete
grantDelete: (identity: iam.IGrantable, objectsKeyPattern?: any) => iam.Grant;
Grants s3:DeleteObject* permission to an IAM principal for objects in this bucket.
Parameter identity
The principal
Parameter objectsKeyPattern
Restrict the permission to a certain key pattern (default '*')
method grantPublicAccess
grantPublicAccess: ( keyPrefix?: string, ...allowedActions: string[]) => iam.Grant;
Allows unrestricted access to objects from this bucket.
IMPORTANT: This permission allows anyone to perform actions on S3 objects in this bucket, which is useful for when you configure your bucket as a website and want everyone to be able to read objects in the bucket without needing to authenticate.
Without arguments, this method will grant read ("s3:GetObject") access to all objects ("*") in the bucket.
The method returns the
iam.Grant
object, which can then be modified as needed. For example, you can add a condition that will restrict access only to an IPv4 range like this:const grant = bucket.grantPublicAccess(); grant.resourceStatement!.addCondition(‘IpAddress’, { “aws:SourceIp”: “54.240.143.0/24” });
Note that if this
IBucket
refers to an existing bucket, possibly not managed by CloudFormation, this method will have no effect, since it's impossible to modify the policy of an existing bucket.Parameter keyPrefix
the prefix of S3 object keys (e.g.
home/*
). Default is "*".Parameter allowedActions
the set of S3 actions to allow. Default is "s3:GetObject".
method grantPut
grantPut: (identity: iam.IGrantable, objectsKeyPattern?: any) => iam.Grant;
Grants s3:PutObject* and s3:Abort* permissions for this bucket to an IAM principal.
If encryption is used, permission to use the key to encrypt the contents of written files will also be granted to the same principal.
Parameter identity
The principal
Parameter objectsKeyPattern
Restrict the permission to a certain key pattern (default '*')
method grantPutAcl
grantPutAcl: (identity: iam.IGrantable, objectsKeyPattern?: string) => iam.Grant;
method grantRead
grantRead: (identity: iam.IGrantable, objectsKeyPattern?: any) => iam.Grant;
Grant read permissions for this bucket and it's contents to an IAM principal (Role/Group/User).
If encryption is used, permission to use the key to decrypt the contents of the bucket will also be granted to the same principal.
Parameter identity
The principal
Parameter objectsKeyPattern
Restrict the permission to a certain key pattern (default '*')
method grantReadWrite
grantReadWrite: (identity: iam.IGrantable, objectsKeyPattern?: any) => iam.Grant;
method grantWrite
grantWrite: (identity: iam.IGrantable, objectsKeyPattern?: any) => iam.Grant;
method onCloudTrailEvent
onCloudTrailEvent: ( id: string, options?: OnCloudTrailBucketEventOptions) => events.Rule;
Define a CloudWatch event that triggers when something happens to this repository
Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail.
Parameter id
The id of the rule
Parameter options
Options for adding the rule
method onCloudTrailPutObject
onCloudTrailPutObject: ( id: string, options?: OnCloudTrailBucketEventOptions) => events.Rule;
Defines an AWS CloudWatch event that triggers when an object is uploaded to the specified paths (keys) in this bucket using the PutObject API call.
Note that some tools like
aws s3 cp
will automatically use either PutObject or the multipart upload API depending on the file size, so usingonCloudTrailWriteObject
may be preferable.Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail.
Parameter id
The id of the rule
Parameter options
Options for adding the rule
method onCloudTrailWriteObject
onCloudTrailWriteObject: ( id: string, options?: OnCloudTrailBucketEventOptions) => events.Rule;
Defines an AWS CloudWatch event that triggers when an object at the specified paths (keys) in this bucket are written to. This includes the events PutObject, CopyObject, and CompleteMultipartUpload.
Note that some tools like
aws s3 cp
will automatically use either PutObject or the multipart upload API depending on the file size, so using this method may be preferable toonCloudTrailPutObject
.Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail.
Parameter id
The id of the rule
Parameter options
Options for adding the rule
method s3UrlForObject
s3UrlForObject: (key?: string) => string;
The S3 URL of an S3 object. For example:
-
s3://onlybucket
-s3://bucket/key
Parameter key
The S3 key of the object. If not specified, the S3 URL of the bucket is returned.
Returns
an ObjectS3Url token
method transferAccelerationUrlForObject
transferAccelerationUrlForObject: ( key?: string, options?: TransferAccelerationUrlOptions) => string;
The https Transfer Acceleration URL of an S3 object. Specify
dualStack: true
at the options for dual-stack endpoint (connect to the bucket over IPv6). For example:-
https://bucket.s3-accelerate.amazonaws.com
-https://bucket.s3-accelerate.amazonaws.com/key
Parameter key
The S3 key of the object. If not specified, the URL of the bucket is returned.
Parameter options
Options for generating URL.
Returns
an TransferAccelerationUrl token
method urlForObject
urlForObject: (key?: string) => string;
The https URL of an S3 object. Specify
regional: false
at the options for non-regional URLs. For example:-
https://s3.us-west-1.amazonaws.com/onlybucket
-https://s3.us-west-1.amazonaws.com/bucket/key
-https://s3.cn-north-1.amazonaws.com.cn/china-bucket/mykey
Parameter key
The S3 key of the object. If not specified, the URL of the bucket is returned.
Returns
an ObjectS3Url token
method validate
protected validate: () => string[];
method virtualHostedUrlForObject
virtualHostedUrlForObject: ( key?: string, options?: VirtualHostedStyleUrlOptions) => string;
The virtual hosted-style URL of an S3 object. Specify
regional: false
at the options for non-regional URL. For example:-
https://only-bucket.s3.us-west-1.amazonaws.com
-https://bucket.s3.us-west-1.amazonaws.com/key
-https://bucket.s3.amazonaws.com/key
-https://china-bucket.s3.cn-north-1.amazonaws.com.cn/mykey
Parameter key
The S3 key of the object. If not specified, the URL of the bucket is returned.
Parameter options
Options for generating URL.
Returns
an ObjectS3Url token
class BucketPolicy
class BucketPolicy extends Resource {}
The bucket policy for an Amazon S3 bucket
Policies define the operations that are allowed on this resource.
You almost never need to define this construct directly.
All AWS resources that support resource policies have a method called
addToResourcePolicy()
, which will automatically create a new resource policy if one doesn't exist yet, otherwise it will add to the existing policy.Prefer to use
addToResourcePolicy()
instead.
constructor
constructor(scope: Construct, id: string, props: BucketPolicyProps);
property document
readonly document: PolicyDocument;
A policy document containing permissions to add to the specified bucket. For more information, see Access Policy Language Overview in the Amazon Simple Storage Service Developer Guide.
method applyRemovalPolicy
applyRemovalPolicy: (removalPolicy: RemovalPolicy) => void;
Sets the removal policy for the BucketPolicy.
Parameter removalPolicy
the RemovalPolicy to set.
class CfnAccessPoint
class CfnAccessPoint extends cdk.CfnResource implements cdk.IInspectable {}
A CloudFormation
AWS::S3::AccessPoint
The AWS::S3::AccessPoint resource is an Amazon S3 resource type that you can use to access buckets.
AWS::S3::AccessPoint external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html
constructor
constructor(scope: cdk.Construct, id: string, props: CfnAccessPointProps);
Create a new
AWS::S3::AccessPoint
.Parameter scope
scope in which this resource is defined
Parameter id
scoped id of the resource
Parameter props
resource properties
property attrAlias
readonly attrAlias: string;
The alias for this access point. Alias
property attrArn
readonly attrArn: string;
This property contains the details of the ARN for the access point. Arn
property attrName
readonly attrName: string;
The name of this access point. Name
property attrNetworkOrigin
readonly attrNetworkOrigin: string;
Indicates whether this access point allows access from the internet. If
VpcConfiguration
is specified for this access point, thenNetworkOrigin
isVPC
, and the access point doesn't allow access from the internet. Otherwise,NetworkOrigin
isInternet
, and the access point allows access from the internet, subject to the access point and bucket access policies.*Allowed values* :
VPC
|Internet
NetworkOrigin
property bucket
bucket: string;
The name of the bucket associated with this access point.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html#cfn-s3-accesspoint-bucket
property bucketAccountId
bucketAccountId: string;
The AWS account ID associated with the S3 bucket associated with this access point.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html#cfn-s3-accesspoint-bucketaccountid
property CFN_RESOURCE_TYPE_NAME
static readonly CFN_RESOURCE_TYPE_NAME: string;
The CloudFormation resource type name for this resource class.
property cfnProperties
readonly cfnProperties: { [key: string]: any };
property name
name: string;
The name of this access point. If you don't specify a name, AWS CloudFormation generates a unique ID and uses that ID for the access point name.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html#cfn-s3-accesspoint-name
property policy
policy: any;
The access point policy associated with this access point.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html#cfn-s3-accesspoint-policy
property publicAccessBlockConfiguration
publicAccessBlockConfiguration: any;
The PublicAccessBlock configuration that you want to apply to this Amazon S3 bucket. You can enable the configuration options in any combination. For more information about when Amazon S3 considers a bucket or object public, see [The Meaning of "Public"](https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status) in the *Amazon S3 User Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html#cfn-s3-accesspoint-publicaccessblockconfiguration
property vpcConfiguration
vpcConfiguration: any;
The Virtual Private Cloud (VPC) configuration for this access point, if one exists.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html#cfn-s3-accesspoint-vpcconfiguration
method inspect
inspect: (inspector: cdk.TreeInspector) => void;
Examines the CloudFormation resource and discloses attributes.
Parameter inspector
tree inspector to collect and process attributes
method renderProperties
protected renderProperties: (props: { [key: string]: any }) => { [key: string]: any;};
class CfnBucket
class CfnBucket extends cdk.CfnResource implements cdk.IInspectable {}
A CloudFormation
AWS::S3::Bucket
The
AWS::S3::Bucket
resource creates an Amazon S3 bucket in the same AWS Region where you create the AWS CloudFormation stack.To control how AWS CloudFormation handles the bucket when the stack is deleted, you can set a deletion policy for your bucket. You can choose to *retain* the bucket or to *delete* the bucket. For more information, see [DeletionPolicy Attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html) .
> You can only delete empty buckets. Deletion fails for buckets that have contents.
AWS::S3::Bucket external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html
constructor
constructor(scope: cdk.Construct, id: string, props?: CfnBucketProps);
Create a new
AWS::S3::Bucket
.Parameter scope
scope in which this resource is defined
Parameter id
scoped id of the resource
Parameter props
resource properties
property accelerateConfiguration
accelerateConfiguration: any;
Configures the transfer acceleration state for an Amazon S3 bucket. For more information, see [Amazon S3 Transfer Acceleration](https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html) in the *Amazon S3 User Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-accelerateconfiguration
property accessControl
accessControl: string;
A canned access control list (ACL) that grants predefined permissions to the bucket. For more information about canned ACLs, see [Canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl) in the *Amazon S3 User Guide* .
Be aware that the syntax for this property differs from the information provided in the *Amazon S3 User Guide* . The AccessControl property is case-sensitive and must be one of the following values: Private, PublicRead, PublicReadWrite, AuthenticatedRead, LogDeliveryWrite, BucketOwnerRead, BucketOwnerFullControl, or AwsExecRead.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-accesscontrol
property analyticsConfigurations
analyticsConfigurations: any;
Specifies the configuration and any analyses for the analytics filter of an Amazon S3 bucket.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-analyticsconfigurations
property attrArn
readonly attrArn: string;
Returns the Amazon Resource Name (ARN) of the specified bucket.
Example:
arn:aws:s3:::DOC-EXAMPLE-BUCKET
Arn
property attrDomainName
readonly attrDomainName: string;
Returns the IPv4 DNS name of the specified bucket.
Example:
DOC-EXAMPLE-BUCKET.s3.amazonaws.com
DomainName
property attrDualStackDomainName
readonly attrDualStackDomainName: string;
Returns the IPv6 DNS name of the specified bucket.
Example:
DOC-EXAMPLE-BUCKET.s3.dualstack.us-east-2.amazonaws.com
For more information about dual-stack endpoints, see [Using Amazon S3 Dual-Stack Endpoints](https://docs.aws.amazon.com/AmazonS3/latest/dev/dual-stack-endpoints.html) . DualStackDomainName
property attrRegionalDomainName
readonly attrRegionalDomainName: string;
Returns the regional domain name of the specified bucket.
Example:
DOC-EXAMPLE-BUCKET.s3.us-east-2.amazonaws.com
RegionalDomainName
property attrWebsiteUrl
readonly attrWebsiteUrl: string;
Returns the Amazon S3 website endpoint for the specified bucket.
Example (IPv4):
http://DOC-EXAMPLE-BUCKET.s3-website.us-east-2.amazonaws.com
Example (IPv6):
http://DOC-EXAMPLE-BUCKET.s3.dualstack.us-east-2.amazonaws.com
WebsiteURL
property bucketEncryption
bucketEncryption: any;
Specifies default encryption for a bucket using server-side encryption with Amazon S3-managed keys (SSE-S3) or AWS KMS-managed keys (SSE-KMS) bucket. For information about the Amazon S3 default encryption feature, see [Amazon S3 Default Encryption for S3 Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) in the *Amazon S3 User Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-bucketencryption
property bucketName
bucketName: string;
A name for the bucket. If you don't specify a name, AWS CloudFormation generates a unique ID and uses that ID for the bucket name. The bucket name must contain only lowercase letters, numbers, periods (.), and dashes (-) and must follow [Amazon S3 bucket restrictions and limitations](https://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html) . For more information, see [Rules for naming Amazon S3 buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html#bucketnamingrules) in the *Amazon S3 User Guide* .
> If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you need to replace the resource, specify a new name.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-name
property CFN_RESOURCE_TYPE_NAME
static readonly CFN_RESOURCE_TYPE_NAME: string;
The CloudFormation resource type name for this resource class.
property cfnProperties
readonly cfnProperties: { [key: string]: any };
property corsConfiguration
corsConfiguration: any;
Describes the cross-origin access configuration for objects in an Amazon S3 bucket. For more information, see [Enabling Cross-Origin Resource Sharing](https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html) in the *Amazon S3 User Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-crossoriginconfig
property intelligentTieringConfigurations
intelligentTieringConfigurations: any;
Defines how Amazon S3 handles Intelligent-Tiering storage.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-intelligenttieringconfigurations
property inventoryConfigurations
inventoryConfigurations: any;
Specifies the inventory configuration for an Amazon S3 bucket. For more information, see [GET Bucket inventory](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETInventoryConfig.html) in the *Amazon S3 API Reference* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-inventoryconfigurations
property lifecycleConfiguration
lifecycleConfiguration: any;
Specifies the lifecycle configuration for objects in an Amazon S3 bucket. For more information, see [Object Lifecycle Management](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html) in the *Amazon S3 User Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-lifecycleconfig
property loggingConfiguration
loggingConfiguration: any;
Settings that define where logs are stored.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-loggingconfig
property metricsConfigurations
metricsConfigurations: any;
Specifies a metrics configuration for the CloudWatch request metrics (specified by the metrics configuration ID) from an Amazon S3 bucket. If you're updating an existing metrics configuration, note that this is a full replacement of the existing metrics configuration. If you don't include the elements you want to keep, they are erased. For more information, see [PutBucketMetricsConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTMetricConfiguration.html) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-metricsconfigurations
property notificationConfiguration
notificationConfiguration: any;
Configuration that defines how Amazon S3 handles bucket notifications.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-notification
property objectLockConfiguration
objectLockConfiguration: any;
Places an Object Lock configuration on the specified bucket. The rule specified in the Object Lock configuration will be applied by default to every new object placed in the specified bucket. For more information, see [Locking Objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html) .
> - The
DefaultRetention
settings require both a mode and a period. > - TheDefaultRetention
period can be eitherDays
orYears
but you must select one. You cannot specifyDays
andYears
at the same time. > - You can only enable Object Lock for new buckets. If you want to turn on Object Lock for an existing bucket, contact AWS Support.http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-objectlockconfiguration
property objectLockEnabled
objectLockEnabled: any;
Indicates whether this bucket has an Object Lock configuration enabled. Enable
ObjectLockEnabled
when you applyObjectLockConfiguration
to a bucket.http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-objectlockenabled
property ownershipControls
ownershipControls: any;
Configuration that defines how Amazon S3 handles Object Ownership rules.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-ownershipcontrols
property publicAccessBlockConfiguration
publicAccessBlockConfiguration: any;
Configuration that defines how Amazon S3 handles public access.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-publicaccessblockconfiguration
property replicationConfiguration
replicationConfiguration: any;
Configuration for replicating objects in an S3 bucket. To enable replication, you must also enable versioning by using the
VersioningConfiguration
property.Amazon S3 can store replicated objects in a single destination bucket or multiple destination buckets. The destination bucket or buckets must already exist.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-replicationconfiguration
property tags
readonly tags: cdk.TagManager;
An arbitrary set of tags (key-value pairs) for this S3 bucket.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-tags
property versioningConfiguration
versioningConfiguration: any;
Enables multiple versions of all objects in this bucket. You might enable versioning to prevent objects from being deleted or overwritten by mistake or to archive objects so that you can retrieve previous versions of them.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-versioning
property websiteConfiguration
websiteConfiguration: any;
Information used to configure the bucket as a static website. For more information, see [Hosting Websites on Amazon S3](https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-websiteconfiguration
method inspect
inspect: (inspector: cdk.TreeInspector) => void;
Examines the CloudFormation resource and discloses attributes.
Parameter inspector
tree inspector to collect and process attributes
method renderProperties
protected renderProperties: (props: { [key: string]: any }) => { [key: string]: any;};
class CfnBucketPolicy
class CfnBucketPolicy extends cdk.CfnResource implements cdk.IInspectable {}
A CloudFormation
AWS::S3::BucketPolicy
Applies an Amazon S3 bucket policy to an Amazon S3 bucket. If you are using an identity other than the root user of the AWS account that owns the bucket, the calling identity must have the
PutBucketPolicy
permissions on the specified bucket and belong to the bucket owner's account in order to use this operation.If you don't have
PutBucketPolicy
permissions, Amazon S3 returns a403 Access Denied
error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a405 Method Not Allowed
error.> As a security precaution, the root user of the AWS account that owns a bucket can always use this operation, even if the policy explicitly denies the root user the ability to perform this action.
For more information, see [Bucket policy examples](https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html) .
The following operations are related to
PutBucketPolicy
:- [CreateBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) - [DeleteBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html)
AWS::S3::BucketPolicy external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-policy.html
constructor
constructor(scope: cdk.Construct, id: string, props: CfnBucketPolicyProps);
Create a new
AWS::S3::BucketPolicy
.Parameter scope
scope in which this resource is defined
Parameter id
scoped id of the resource
Parameter props
resource properties
property bucket
bucket: string;
The name of the Amazon S3 bucket to which the policy applies.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-policy.html#aws-properties-s3-policy-bucket
property CFN_RESOURCE_TYPE_NAME
static readonly CFN_RESOURCE_TYPE_NAME: string;
The CloudFormation resource type name for this resource class.
property cfnProperties
readonly cfnProperties: { [key: string]: any };
property policyDocument
policyDocument: any;
A policy document containing permissions to add to the specified bucket. In IAM, you must provide policy documents in JSON format. However, in CloudFormation you can provide the policy in JSON or YAML format because CloudFormation converts YAML to JSON before submitting it to IAM. For more information, see the AWS::IAM::Policy [PolicyDocument](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html#cfn-iam-policy-policydocument) resource description in this guide and [Access Policy Language Overview](https://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html) in the *Amazon S3 User Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-policy.html#aws-properties-s3-policy-policydocument
method inspect
inspect: (inspector: cdk.TreeInspector) => void;
Examines the CloudFormation resource and discloses attributes.
Parameter inspector
tree inspector to collect and process attributes
method renderProperties
protected renderProperties: (props: { [key: string]: any }) => { [key: string]: any;};
class CfnMultiRegionAccessPoint
class CfnMultiRegionAccessPoint extends cdk.CfnResource implements cdk.IInspectable {}
A CloudFormation
AWS::S3::MultiRegionAccessPoint
The
AWS::S3::MultiRegionAccessPoint
resource creates an Amazon S3 Multi-Region Access Point. To learn more about Multi-Region Access Points, see [Multi-Region Access Points in Amazon S3](https://docs.aws.amazon.com/AmazonS3/latest/userguide/MultiRegionAccessPoints.html) in the in the *Amazon S3 User Guide* .AWS::S3::MultiRegionAccessPoint external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-multiregionaccesspoint.html
constructor
constructor( scope: cdk.Construct, id: string, props: CfnMultiRegionAccessPointProps);
Create a new
AWS::S3::MultiRegionAccessPoint
.Parameter scope
scope in which this resource is defined
Parameter id
scoped id of the resource
Parameter props
resource properties
property attrAlias
readonly attrAlias: string;
The alias for the Multi-Region Access Point. For more information about the distinction between the name and the alias of an Multi-Region Access Point, see [Managing Multi-Region Access Points](https://docs.aws.amazon.com/AmazonS3/latest/userguide/CreatingMultiRegionAccessPoints.html#multi-region-access-point-naming) in the *Amazon S3 User Guide* . Alias
property attrCreatedAt
readonly attrCreatedAt: string;
The timestamp of when the Multi-Region Access Point is created. CreatedAt
property CFN_RESOURCE_TYPE_NAME
static readonly CFN_RESOURCE_TYPE_NAME: string;
The CloudFormation resource type name for this resource class.
property cfnProperties
readonly cfnProperties: { [key: string]: any };
property name
name: string;
The name of the Multi-Region Access Point.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-multiregionaccesspoint.html#cfn-s3-multiregionaccesspoint-name
property publicAccessBlockConfiguration
publicAccessBlockConfiguration: any;
The PublicAccessBlock configuration that you want to apply to this Multi-Region Access Point. You can enable the configuration options in any combination. For more information about when Amazon S3 considers an object public, see [The Meaning of "Public"](https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status) in the *Amazon S3 User Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-multiregionaccesspoint.html#cfn-s3-multiregionaccesspoint-publicaccessblockconfiguration
property regions
regions: any;
A collection of the Regions and buckets associated with the Multi-Region Access Point.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-multiregionaccesspoint.html#cfn-s3-multiregionaccesspoint-regions
method inspect
inspect: (inspector: cdk.TreeInspector) => void;
Examines the CloudFormation resource and discloses attributes.
Parameter inspector
tree inspector to collect and process attributes
method renderProperties
protected renderProperties: (props: { [key: string]: any }) => { [key: string]: any;};
class CfnMultiRegionAccessPointPolicy
class CfnMultiRegionAccessPointPolicy extends cdk.CfnResource implements cdk.IInspectable {}
A CloudFormation
AWS::S3::MultiRegionAccessPointPolicy
Applies an Amazon S3 access policy to an Amazon S3 Multi-Region Access Point.
It is not possible to delete an access policy for a Multi-Region Access Point from the CloudFormation template. When you attempt to delete the policy, CloudFormation updates the policy using
DeletionPolicy:Retain
andUpdateReplacePolicy:Retain
. CloudFormation updates the policy to only allow access to the account that created the bucket.AWS::S3::MultiRegionAccessPointPolicy external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-multiregionaccesspointpolicy.html
constructor
constructor( scope: cdk.Construct, id: string, props: CfnMultiRegionAccessPointPolicyProps);
Create a new
AWS::S3::MultiRegionAccessPointPolicy
.Parameter scope
scope in which this resource is defined
Parameter id
scoped id of the resource
Parameter props
resource properties
property attrPolicyStatusIsPublic
readonly attrPolicyStatusIsPublic: string;
PolicyStatus.IsPublic
property CFN_RESOURCE_TYPE_NAME
static readonly CFN_RESOURCE_TYPE_NAME: string;
The CloudFormation resource type name for this resource class.
property cfnProperties
readonly cfnProperties: { [key: string]: any };
property mrapName
mrapName: string;
The name of the Multi-Region Access Point.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-multiregionaccesspointpolicy.html#cfn-s3-multiregionaccesspointpolicy-mrapname
property policy
policy: any;
The access policy associated with the Multi-Region Access Point.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-multiregionaccesspointpolicy.html#cfn-s3-multiregionaccesspointpolicy-policy
method inspect
inspect: (inspector: cdk.TreeInspector) => void;
Examines the CloudFormation resource and discloses attributes.
Parameter inspector
tree inspector to collect and process attributes
method renderProperties
protected renderProperties: (props: { [key: string]: any }) => { [key: string]: any;};
class CfnStorageLens
class CfnStorageLens extends cdk.CfnResource implements cdk.IInspectable {}
A CloudFormation
AWS::S3::StorageLens
The AWS::S3::StorageLens resource creates an Amazon S3 Storage Lens configuration.
AWS::S3::StorageLens external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-storagelens.html
constructor
constructor(scope: cdk.Construct, id: string, props: CfnStorageLensProps);
Create a new
AWS::S3::StorageLens
.Parameter scope
scope in which this resource is defined
Parameter id
scoped id of the resource
Parameter props
resource properties
property attrStorageLensConfigurationStorageLensArn
readonly attrStorageLensConfigurationStorageLensArn: string;
This property contains the details of the ARN of the S3 Storage Lens configuration. This property is read-only. StorageLensConfiguration.StorageLensArn
property CFN_RESOURCE_TYPE_NAME
static readonly CFN_RESOURCE_TYPE_NAME: string;
The CloudFormation resource type name for this resource class.
property cfnProperties
readonly cfnProperties: { [key: string]: any };
property storageLensConfiguration
storageLensConfiguration: any;
This resource contains the details Amazon S3 Storage Lens configuration.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-storagelens.html#cfn-s3-storagelens-storagelensconfiguration
property tags
readonly tags: cdk.TagManager;
A set of tags (key–value pairs) to associate with the Storage Lens configuration.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-storagelens.html#cfn-s3-storagelens-tags
method inspect
inspect: (inspector: cdk.TreeInspector) => void;
Examines the CloudFormation resource and discloses attributes.
Parameter inspector
tree inspector to collect and process attributes
method renderProperties
protected renderProperties: (props: { [key: string]: any }) => { [key: string]: any;};
class ReplaceKey
class ReplaceKey {}
property prefixWithKey
readonly prefixWithKey?: string;
property withKey
readonly withKey?: string;
method prefixWith
static prefixWith: (keyReplacement: string) => ReplaceKey;
The object key prefix to use in the redirect request
method with
static with: (keyReplacement: string) => ReplaceKey;
The specific object key to use in the redirect request
class StorageClass
class StorageClass {}
Storage class to move an object to
constructor
constructor(value: string);
property DEEP_ARCHIVE
static readonly DEEP_ARCHIVE: StorageClass;
Use for archiving data that rarely needs to be accessed. Data stored in the DEEP_ARCHIVE storage class has a minimum storage duration period of 180 days and a default retrieval time of 12 hours. If you delete an object before the 180-day minimum, you are charged for 180 days. For pricing information, see Amazon S3 Pricing.
property GLACIER
static readonly GLACIER: StorageClass;
Storage class for long-term archival that can take between minutes and hours to access.
Use for archives where portions of the data might need to be retrieved in minutes. Data stored in the GLACIER storage class has a minimum storage duration period of 90 days and can be accessed in as little as 1-5 minutes using expedited retrieval. If you delete an object before the 90-day minimum, you are charged for 90 days.
property GLACIER_INSTANT_RETRIEVAL
static readonly GLACIER_INSTANT_RETRIEVAL: StorageClass;
Storage class for long-term archival that can be accessed in a few milliseconds.
It is ideal for data that is accessed once or twice per quarter, and that requires immediate access. Data stored in the GLACIER_IR storage class has a minimum storage duration period of 90 days and can be accessed in as milliseconds. If you delete an object before the 90-day minimum, you are charged for 90 days.
property INFREQUENT_ACCESS
static readonly INFREQUENT_ACCESS: StorageClass;
Storage class for data that is accessed less frequently, but requires rapid access when needed.
Has lower availability than Standard storage.
property INTELLIGENT_TIERING
static readonly INTELLIGENT_TIERING: StorageClass;
The INTELLIGENT_TIERING storage class is designed to optimize storage costs by automatically moving data to the most cost-effective storage access tier, without performance impact or operational overhead. INTELLIGENT_TIERING delivers automatic cost savings by moving data on a granular object level between two access tiers, a frequent access tier and a lower-cost infrequent access tier, when access patterns change. The INTELLIGENT_TIERING storage class is ideal if you want to optimize storage costs automatically for long-lived data when access patterns are unknown or unpredictable.
property ONE_ZONE_INFREQUENT_ACCESS
static readonly ONE_ZONE_INFREQUENT_ACCESS: StorageClass;
Infrequent Access that's only stored in one availability zone.
Has lower availability than standard InfrequentAccess.
property value
readonly value: string;
method toString
toString: () => string;
Interfaces
interface BlockPublicAccessOptions
interface BlockPublicAccessOptions {}
property blockPublicAcls
readonly blockPublicAcls?: boolean;
Whether to block public ACLs
See Also
https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-options
property blockPublicPolicy
readonly blockPublicPolicy?: boolean;
Whether to block public policy
See Also
https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-options
property ignorePublicAcls
readonly ignorePublicAcls?: boolean;
Whether to ignore public ACLs
See Also
https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-options
property restrictPublicBuckets
readonly restrictPublicBuckets?: boolean;
Whether to restrict public access
See Also
https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-options
interface BucketAttributes
interface BucketAttributes {}
A reference to a bucket outside this stack
property account
readonly account?: string;
The account this existing bucket belongs to.
- it's assumed the bucket belongs to the same account as the scope it's being imported into
property bucketArn
readonly bucketArn?: string;
The ARN of the bucket. At least one of bucketArn or bucketName must be defined in order to initialize a bucket ref.
property bucketDomainName
readonly bucketDomainName?: string;
The domain name of the bucket.
Inferred from bucket name
property bucketDualStackDomainName
readonly bucketDualStackDomainName?: string;
The IPv6 DNS name of the specified bucket.
property bucketName
readonly bucketName?: string;
The name of the bucket. If the underlying value of ARN is a string, the name will be parsed from the ARN. Otherwise, the name is optional, but some features that require the bucket name such as auto-creating a bucket policy, won't work.
property bucketRegionalDomainName
readonly bucketRegionalDomainName?: string;
The regional domain name of the specified bucket.
property bucketWebsiteNewUrlFormat
readonly bucketWebsiteNewUrlFormat?: boolean;
The format of the website URL of the bucket. This should be true for regions launched since 2014.
false
property bucketWebsiteUrl
readonly bucketWebsiteUrl?: string;
The website URL of the bucket (if static web hosting is enabled).
Inferred from bucket name
property encryptionKey
readonly encryptionKey?: kms.IKey;
property isWebsite
readonly isWebsite?: boolean;
If this bucket has been configured for static website hosting.
false
property notificationsHandlerRole
readonly notificationsHandlerRole?: iam.IRole;
The role to be used by the notifications handler
- a new role will be created.
property region
readonly region?: string;
The region this existing bucket is in.
- it's assumed the bucket is in the same region as the scope it's being imported into
interface BucketMetrics
interface BucketMetrics {}
Specifies a metrics configuration for the CloudWatch request metrics from an Amazon S3 bucket.
property id
readonly id: string;
The ID used to identify the metrics configuration.
property prefix
readonly prefix?: string;
The prefix that an object must have to be included in the metrics results.
property tagFilters
readonly tagFilters?: { [tag: string]: any;};
Specifies a list of tag filters to use as a metrics configuration filter. The metrics configuration includes only objects that meet the filter's criteria.
interface BucketNotificationDestinationConfig
interface BucketNotificationDestinationConfig {}
Represents the properties of a notification destination.
property arn
readonly arn: string;
The ARN of the destination (i.e. Lambda, SNS, SQS).
property dependencies
readonly dependencies?: cdk.IDependable[];
Any additional dependencies that should be resolved before the bucket notification can be configured (for example, the SNS Topic Policy resource).
property type
readonly type: BucketNotificationDestinationType;
The notification type.
interface BucketPolicyProps
interface BucketPolicyProps {}
property bucket
readonly bucket: IBucket;
The Amazon S3 bucket that the policy applies to.
property removalPolicy
readonly removalPolicy?: RemovalPolicy;
Policy to apply when the policy is removed from this stack.
- RemovalPolicy.DESTROY.
interface BucketProps
interface BucketProps {}
property accessControl
readonly accessControl?: BucketAccessControl;
Specifies a canned ACL that grants predefined permissions to the bucket.
BucketAccessControl.PRIVATE
property autoDeleteObjects
readonly autoDeleteObjects?: boolean;
Whether all objects should be automatically deleted when the bucket is removed from the stack or when the stack is deleted.
Requires the
removalPolicy
to be set toRemovalPolicy.DESTROY
.**Warning** if you have deployed a bucket with
autoDeleteObjects: true
, switching this tofalse
in a CDK version *before*1.126.0
will lead to all objects in the bucket being deleted. Be sure to update your bucket resources by deploying with CDK version1.126.0
or later **before** switching this value tofalse
.false
property blockPublicAccess
readonly blockPublicAccess?: BlockPublicAccess;
The block public access configuration of this bucket.
See Also
https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html
- CloudFormation defaults will apply. New buckets and objects don't allow public access, but users can modify bucket policies or object permissions to allow public access
property bucketKeyEnabled
readonly bucketKeyEnabled?: boolean;
Specifies whether Amazon S3 should use an S3 Bucket Key with server-side encryption using KMS (SSE-KMS) for new objects in the bucket.
Only relevant, when Encryption is set to BucketEncryption.KMS
- false
property bucketName
readonly bucketName?: string;
Physical name of this bucket.
- Assigned by CloudFormation (recommended).
property cors
readonly cors?: CorsRule[];
The CORS configuration of this bucket.
See Also
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-cors.html
- No CORS configuration.
property encryption
readonly encryption?: BucketEncryption;
The kind of server-side encryption to apply to this bucket.
If you choose KMS, you can specify a KMS key via
encryptionKey
. If encryption key is not specified, a key will automatically be created.-
Kms
ifencryptionKey
is specified, orUnencrypted
otherwise.
property encryptionKey
readonly encryptionKey?: kms.IKey;
External KMS key to use for bucket encryption.
The 'encryption' property must be either not specified or set to "Kms". An error will be emitted if encryption is set to "Unencrypted" or "Managed".
- If encryption is set to "Kms" and this property is undefined, a new KMS key will be created and associated with this bucket.
property enforceSSL
readonly enforceSSL?: boolean;
Enforces SSL for requests. S3.5 of the AWS Foundational Security Best Practices Regarding S3.
See Also
https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-ssl-requests-only.html
false
property eventBridgeEnabled
readonly eventBridgeEnabled?: boolean;
Whether this bucket should send notifications to Amazon EventBridge or not.
false
property intelligentTieringConfigurations
readonly intelligentTieringConfigurations?: IntelligentTieringConfiguration[];
Inteligent Tiering Configurations
See Also
https://docs.aws.amazon.com/AmazonS3/latest/userguide/intelligent-tiering.html
No Intelligent Tiiering Configurations.
property inventories
readonly inventories?: Inventory[];
The inventory configuration of the bucket.
See Also
https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-inventory.html
- No inventory configuration
property lifecycleRules
readonly lifecycleRules?: LifecycleRule[];
Rules that define how Amazon S3 manages objects during their lifetime.
- No lifecycle rules.
property metrics
readonly metrics?: BucketMetrics[];
The metrics configuration of this bucket.
See Also
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-metricsconfiguration.html
- No metrics configuration.
property notificationsHandlerRole
readonly notificationsHandlerRole?: iam.IRole;
The role to be used by the notifications handler
- a new role will be created.
property objectOwnership
readonly objectOwnership?: ObjectOwnership;
The objectOwnership of the bucket.
See Also
https://docs.aws.amazon.com/AmazonS3/latest/dev/about-object-ownership.html
- No ObjectOwnership configuration, uploading account will own the object.
property publicReadAccess
readonly publicReadAccess?: boolean;
Grants public read access to all objects in the bucket. Similar to calling
bucket.grantPublicAccess()
false
property removalPolicy
readonly removalPolicy?: RemovalPolicy;
Policy to apply when the bucket is removed from this stack.
- The bucket will be orphaned.
property serverAccessLogsBucket
readonly serverAccessLogsBucket?: IBucket;
Destination bucket for the server access logs. - If "serverAccessLogsPrefix" undefined - access logs disabled, otherwise - log to current bucket.
property serverAccessLogsPrefix
readonly serverAccessLogsPrefix?: string;
Optional log file prefix to use for the bucket's access logs. If defined without "serverAccessLogsBucket", enables access logs to current bucket with this prefix. - No log file prefix
property transferAcceleration
readonly transferAcceleration?: boolean;
Whether this bucket should have transfer acceleration turned on or not.
false
property versioned
readonly versioned?: boolean;
Whether this bucket should have versioning turned on or not.
false
property websiteErrorDocument
readonly websiteErrorDocument?: string;
The name of the error document (e.g. "404.html") for the website.
websiteIndexDocument
must also be set if this is set.- No error document.
property websiteIndexDocument
readonly websiteIndexDocument?: string;
The name of the index document (e.g. "index.html") for the website. Enables static website hosting for this bucket.
- No index document.
property websiteRedirect
readonly websiteRedirect?: RedirectTarget;
Specifies the redirect behavior of all requests to a website endpoint of a bucket.
If you specify this property, you can't specify "websiteIndexDocument", "websiteErrorDocument" nor , "websiteRoutingRules".
- No redirection.
property websiteRoutingRules
readonly websiteRoutingRules?: RoutingRule[];
Rules that define when a redirect is applied and the redirect behavior
- No redirection rules.
interface CfnAccessPointProps
interface CfnAccessPointProps {}
Properties for defining a
CfnAccessPoint
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html
property bucket
readonly bucket: string;
The name of the bucket associated with this access point.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html#cfn-s3-accesspoint-bucket
property bucketAccountId
readonly bucketAccountId?: string;
The AWS account ID associated with the S3 bucket associated with this access point.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html#cfn-s3-accesspoint-bucketaccountid
property name
readonly name?: string;
The name of this access point. If you don't specify a name, AWS CloudFormation generates a unique ID and uses that ID for the access point name.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html#cfn-s3-accesspoint-name
property policy
readonly policy?: any | cdk.IResolvable;
The access point policy associated with this access point.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html#cfn-s3-accesspoint-policy
property publicAccessBlockConfiguration
readonly publicAccessBlockConfiguration?: | CfnAccessPoint.PublicAccessBlockConfigurationProperty | cdk.IResolvable;
The PublicAccessBlock configuration that you want to apply to this Amazon S3 bucket. You can enable the configuration options in any combination. For more information about when Amazon S3 considers a bucket or object public, see [The Meaning of "Public"](https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status) in the *Amazon S3 User Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html#cfn-s3-accesspoint-publicaccessblockconfiguration
property vpcConfiguration
readonly vpcConfiguration?: | CfnAccessPoint.VpcConfigurationProperty | cdk.IResolvable;
The Virtual Private Cloud (VPC) configuration for this access point, if one exists.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html#cfn-s3-accesspoint-vpcconfiguration
interface CfnBucketPolicyProps
interface CfnBucketPolicyProps {}
Properties for defining a
CfnBucketPolicy
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-policy.html
property bucket
readonly bucket: string;
The name of the Amazon S3 bucket to which the policy applies.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-policy.html#aws-properties-s3-policy-bucket
property policyDocument
readonly policyDocument: any | cdk.IResolvable;
A policy document containing permissions to add to the specified bucket. In IAM, you must provide policy documents in JSON format. However, in CloudFormation you can provide the policy in JSON or YAML format because CloudFormation converts YAML to JSON before submitting it to IAM. For more information, see the AWS::IAM::Policy [PolicyDocument](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html#cfn-iam-policy-policydocument) resource description in this guide and [Access Policy Language Overview](https://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html) in the *Amazon S3 User Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-policy.html#aws-properties-s3-policy-policydocument
interface CfnBucketProps
interface CfnBucketProps {}
Properties for defining a
CfnBucket
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html
property accelerateConfiguration
readonly accelerateConfiguration?: | CfnBucket.AccelerateConfigurationProperty | cdk.IResolvable;
Configures the transfer acceleration state for an Amazon S3 bucket. For more information, see [Amazon S3 Transfer Acceleration](https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html) in the *Amazon S3 User Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-accelerateconfiguration
property accessControl
readonly accessControl?: string;
A canned access control list (ACL) that grants predefined permissions to the bucket. For more information about canned ACLs, see [Canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl) in the *Amazon S3 User Guide* .
Be aware that the syntax for this property differs from the information provided in the *Amazon S3 User Guide* . The AccessControl property is case-sensitive and must be one of the following values: Private, PublicRead, PublicReadWrite, AuthenticatedRead, LogDeliveryWrite, BucketOwnerRead, BucketOwnerFullControl, or AwsExecRead.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-accesscontrol
property analyticsConfigurations
readonly analyticsConfigurations?: | Array<CfnBucket.AnalyticsConfigurationProperty | cdk.IResolvable> | cdk.IResolvable;
Specifies the configuration and any analyses for the analytics filter of an Amazon S3 bucket.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-analyticsconfigurations
property bucketEncryption
readonly bucketEncryption?: CfnBucket.BucketEncryptionProperty | cdk.IResolvable;
Specifies default encryption for a bucket using server-side encryption with Amazon S3-managed keys (SSE-S3) or AWS KMS-managed keys (SSE-KMS) bucket. For information about the Amazon S3 default encryption feature, see [Amazon S3 Default Encryption for S3 Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) in the *Amazon S3 User Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-bucketencryption
property bucketName
readonly bucketName?: string;
A name for the bucket. If you don't specify a name, AWS CloudFormation generates a unique ID and uses that ID for the bucket name. The bucket name must contain only lowercase letters, numbers, periods (.), and dashes (-) and must follow [Amazon S3 bucket restrictions and limitations](https://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html) . For more information, see [Rules for naming Amazon S3 buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html#bucketnamingrules) in the *Amazon S3 User Guide* .
> If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you need to replace the resource, specify a new name.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-name
property corsConfiguration
readonly corsConfiguration?: | CfnBucket.CorsConfigurationProperty | cdk.IResolvable;
Describes the cross-origin access configuration for objects in an Amazon S3 bucket. For more information, see [Enabling Cross-Origin Resource Sharing](https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html) in the *Amazon S3 User Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-crossoriginconfig
property intelligentTieringConfigurations
readonly intelligentTieringConfigurations?: | Array<CfnBucket.IntelligentTieringConfigurationProperty | cdk.IResolvable> | cdk.IResolvable;
Defines how Amazon S3 handles Intelligent-Tiering storage.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-intelligenttieringconfigurations
property inventoryConfigurations
readonly inventoryConfigurations?: | Array<CfnBucket.InventoryConfigurationProperty | cdk.IResolvable> | cdk.IResolvable;
Specifies the inventory configuration for an Amazon S3 bucket. For more information, see [GET Bucket inventory](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETInventoryConfig.html) in the *Amazon S3 API Reference* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-inventoryconfigurations
property lifecycleConfiguration
readonly lifecycleConfiguration?: | CfnBucket.LifecycleConfigurationProperty | cdk.IResolvable;
Specifies the lifecycle configuration for objects in an Amazon S3 bucket. For more information, see [Object Lifecycle Management](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html) in the *Amazon S3 User Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-lifecycleconfig
property loggingConfiguration
readonly loggingConfiguration?: | CfnBucket.LoggingConfigurationProperty | cdk.IResolvable;
Settings that define where logs are stored.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-loggingconfig
property metricsConfigurations
readonly metricsConfigurations?: | Array<CfnBucket.MetricsConfigurationProperty | cdk.IResolvable> | cdk.IResolvable;
Specifies a metrics configuration for the CloudWatch request metrics (specified by the metrics configuration ID) from an Amazon S3 bucket. If you're updating an existing metrics configuration, note that this is a full replacement of the existing metrics configuration. If you don't include the elements you want to keep, they are erased. For more information, see [PutBucketMetricsConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTMetricConfiguration.html) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-metricsconfigurations
property notificationConfiguration
readonly notificationConfiguration?: | CfnBucket.NotificationConfigurationProperty | cdk.IResolvable;
Configuration that defines how Amazon S3 handles bucket notifications.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-notification
property objectLockConfiguration
readonly objectLockConfiguration?: | CfnBucket.ObjectLockConfigurationProperty | cdk.IResolvable;
Places an Object Lock configuration on the specified bucket. The rule specified in the Object Lock configuration will be applied by default to every new object placed in the specified bucket. For more information, see [Locking Objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html) .
> - The
DefaultRetention
settings require both a mode and a period. > - TheDefaultRetention
period can be eitherDays
orYears
but you must select one. You cannot specifyDays
andYears
at the same time. > - You can only enable Object Lock for new buckets. If you want to turn on Object Lock for an existing bucket, contact AWS Support.http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-objectlockconfiguration
property objectLockEnabled
readonly objectLockEnabled?: boolean | cdk.IResolvable;
Indicates whether this bucket has an Object Lock configuration enabled. Enable
ObjectLockEnabled
when you applyObjectLockConfiguration
to a bucket.http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-objectlockenabled
property ownershipControls
readonly ownershipControls?: | CfnBucket.OwnershipControlsProperty | cdk.IResolvable;
Configuration that defines how Amazon S3 handles Object Ownership rules.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-ownershipcontrols
property publicAccessBlockConfiguration
readonly publicAccessBlockConfiguration?: | CfnBucket.PublicAccessBlockConfigurationProperty | cdk.IResolvable;
Configuration that defines how Amazon S3 handles public access.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-publicaccessblockconfiguration
property replicationConfiguration
readonly replicationConfiguration?: | CfnBucket.ReplicationConfigurationProperty | cdk.IResolvable;
Configuration for replicating objects in an S3 bucket. To enable replication, you must also enable versioning by using the
VersioningConfiguration
property.Amazon S3 can store replicated objects in a single destination bucket or multiple destination buckets. The destination bucket or buckets must already exist.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-replicationconfiguration
property tags
readonly tags?: cdk.CfnTag[];
An arbitrary set of tags (key-value pairs) for this S3 bucket.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-tags
property versioningConfiguration
readonly versioningConfiguration?: | CfnBucket.VersioningConfigurationProperty | cdk.IResolvable;
Enables multiple versions of all objects in this bucket. You might enable versioning to prevent objects from being deleted or overwritten by mistake or to archive objects so that you can retrieve previous versions of them.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-versioning
property websiteConfiguration
readonly websiteConfiguration?: | CfnBucket.WebsiteConfigurationProperty | cdk.IResolvable;
Information used to configure the bucket as a static website. For more information, see [Hosting Websites on Amazon S3](https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-websiteconfiguration
interface CfnMultiRegionAccessPointPolicyProps
interface CfnMultiRegionAccessPointPolicyProps {}
Properties for defining a
CfnMultiRegionAccessPointPolicy
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-multiregionaccesspointpolicy.html
property mrapName
readonly mrapName: string;
The name of the Multi-Region Access Point.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-multiregionaccesspointpolicy.html#cfn-s3-multiregionaccesspointpolicy-mrapname
property policy
readonly policy: any | cdk.IResolvable;
The access policy associated with the Multi-Region Access Point.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-multiregionaccesspointpolicy.html#cfn-s3-multiregionaccesspointpolicy-policy
interface CfnMultiRegionAccessPointProps
interface CfnMultiRegionAccessPointProps {}
Properties for defining a
CfnMultiRegionAccessPoint
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-multiregionaccesspoint.html
property name
readonly name?: string;
The name of the Multi-Region Access Point.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-multiregionaccesspoint.html#cfn-s3-multiregionaccesspoint-name
property publicAccessBlockConfiguration
readonly publicAccessBlockConfiguration?: | CfnMultiRegionAccessPoint.PublicAccessBlockConfigurationProperty | cdk.IResolvable;
The PublicAccessBlock configuration that you want to apply to this Multi-Region Access Point. You can enable the configuration options in any combination. For more information about when Amazon S3 considers an object public, see [The Meaning of "Public"](https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status) in the *Amazon S3 User Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-multiregionaccesspoint.html#cfn-s3-multiregionaccesspoint-publicaccessblockconfiguration
property regions
readonly regions: | Array<CfnMultiRegionAccessPoint.RegionProperty | cdk.IResolvable> | cdk.IResolvable;
A collection of the Regions and buckets associated with the Multi-Region Access Point.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-multiregionaccesspoint.html#cfn-s3-multiregionaccesspoint-regions
interface CfnStorageLensProps
interface CfnStorageLensProps {}
Properties for defining a
CfnStorageLens
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-storagelens.html
property storageLensConfiguration
readonly storageLensConfiguration: | CfnStorageLens.StorageLensConfigurationProperty | cdk.IResolvable;
This resource contains the details Amazon S3 Storage Lens configuration.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-storagelens.html#cfn-s3-storagelens-storagelensconfiguration
property tags
readonly tags?: cdk.CfnTag[];
A set of tags (key–value pairs) to associate with the Storage Lens configuration.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-storagelens.html#cfn-s3-storagelens-tags
interface CorsRule
interface CorsRule {}
Specifies a cross-origin access rule for an Amazon S3 bucket.
property allowedHeaders
readonly allowedHeaders?: string[];
Headers that are specified in the Access-Control-Request-Headers header.
- No headers allowed.
property allowedMethods
readonly allowedMethods: HttpMethods[];
An HTTP method that you allow the origin to execute.
property allowedOrigins
readonly allowedOrigins: string[];
One or more origins you want customers to be able to access the bucket from.
property exposedHeaders
readonly exposedHeaders?: string[];
One or more headers in the response that you want customers to be able to access from their applications.
- No headers exposed.
property id
readonly id?: string;
A unique identifier for this rule.
- No id specified.
property maxAge
readonly maxAge?: number;
The time in seconds that your browser is to cache the preflight response for the specified resource.
- No caching.
interface IBucket
interface IBucket extends IResource {}
property bucketArn
readonly bucketArn: string;
The ARN of the bucket.
property bucketDomainName
readonly bucketDomainName: string;
The IPv4 DNS name of the specified bucket.
property bucketDualStackDomainName
readonly bucketDualStackDomainName: string;
The IPv6 DNS name of the specified bucket.
property bucketName
readonly bucketName: string;
The name of the bucket.
property bucketRegionalDomainName
readonly bucketRegionalDomainName: string;
The regional domain name of the specified bucket.
property bucketWebsiteDomainName
readonly bucketWebsiteDomainName: string;
The Domain name of the static website.
property bucketWebsiteUrl
readonly bucketWebsiteUrl: string;
The URL of the static website.
property encryptionKey
readonly encryptionKey?: kms.IKey;
Optional KMS encryption key associated with this bucket.
property isWebsite
readonly isWebsite?: boolean;
If this bucket has been configured for static website hosting.
property policy
policy?: BucketPolicy;
The resource policy associated with this bucket.
If
autoCreatePolicy
is true, aBucketPolicy
will be created upon the first call to addToResourcePolicy(s).
method addEventNotification
addEventNotification: ( event: EventType, dest: IBucketNotificationDestination, ...filters: NotificationKeyFilter[]) => void;
Adds a bucket notification event destination.
Parameter event
The event to trigger the notification
Parameter dest
The notification destination (Lambda, SNS Topic or SQS Queue)
Parameter filters
S3 object key filter rules to determine which objects trigger this event. Each filter must include a
prefix
and/orsuffix
that will be matched against the s3 object key. Refer to the S3 Developer Guide for details about allowed filter rules.Example 1
declare const myLambda: lambda.Function; const bucket = new s3.Bucket(this, 'MyBucket'); bucket.addEventNotification(s3.EventType.OBJECT_CREATED, new s3n.LambdaDestination(myLambda), {prefix: 'home/myusername/*'})
See Also
https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html#notification-how-to-filtering
https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html
method addObjectCreatedNotification
addObjectCreatedNotification: ( dest: IBucketNotificationDestination, ...filters: NotificationKeyFilter[]) => void;
Subscribes a destination to receive notifications when an object is created in the bucket. This is identical to calling
onEvent(s3.EventType.OBJECT_CREATED)
.Parameter dest
The notification destination (see onEvent)
Parameter filters
Filters (see onEvent)
method addObjectRemovedNotification
addObjectRemovedNotification: ( dest: IBucketNotificationDestination, ...filters: NotificationKeyFilter[]) => void;
Subscribes a destination to receive notifications when an object is removed from the bucket. This is identical to calling
onEvent(EventType.OBJECT_REMOVED)
.Parameter dest
The notification destination (see onEvent)
Parameter filters
Filters (see onEvent)
method addToResourcePolicy
addToResourcePolicy: ( permission: iam.PolicyStatement) => iam.AddToResourcePolicyResult;
Adds a statement to the resource policy for a principal (i.e. account/role/service) to perform actions on this bucket and/or its contents. Use
bucketArn
andarnForObjects(keys)
to obtain ARNs for this bucket or objects.Note that the policy statement may or may not be added to the policy. For example, when an
IBucket
is created from an existing bucket, it's not possible to tell whether the bucket already has a policy attached, let alone to re-use that policy to add more statements to it. So it's safest to do nothing in these cases.Parameter permission
the policy statement to be added to the bucket's policy.
Returns
metadata about the execution of this method. If the policy was not added, the value of
statementAdded
will befalse
. You should always check this value to make sure that the operation was actually carried out. Otherwise, synthesis and deploy will terminate silently, which may be confusing.
method arnForObjects
arnForObjects: (keyPattern: string) => string;
Returns an ARN that represents all objects within the bucket that match the key pattern specified. To represent all keys, specify ``"*"``.
method grantDelete
grantDelete: (identity: iam.IGrantable, objectsKeyPattern?: any) => iam.Grant;
Grants s3:DeleteObject* permission to an IAM principal for objects in this bucket.
Parameter identity
The principal
Parameter objectsKeyPattern
Restrict the permission to a certain key pattern (default '*')
method grantPublicAccess
grantPublicAccess: ( keyPrefix?: string, ...allowedActions: string[]) => iam.Grant;
Allows unrestricted access to objects from this bucket.
IMPORTANT: This permission allows anyone to perform actions on S3 objects in this bucket, which is useful for when you configure your bucket as a website and want everyone to be able to read objects in the bucket without needing to authenticate.
Without arguments, this method will grant read ("s3:GetObject") access to all objects ("*") in the bucket.
The method returns the
iam.Grant
object, which can then be modified as needed. For example, you can add a condition that will restrict access only to an IPv4 range like this:const grant = bucket.grantPublicAccess(); grant.resourceStatement!.addCondition(‘IpAddress’, { “aws:SourceIp”: “54.240.143.0/24” });
Parameter keyPrefix
the prefix of S3 object keys (e.g.
home/*
). Default is "*".Parameter allowedActions
the set of S3 actions to allow. Default is "s3:GetObject".
Returns
The
iam.PolicyStatement
object, which can be used to apply e.g. conditions.
method grantPut
grantPut: (identity: iam.IGrantable, objectsKeyPattern?: any) => iam.Grant;
Grants s3:PutObject* and s3:Abort* permissions for this bucket to an IAM principal.
If encryption is used, permission to use the key to encrypt the contents of written files will also be granted to the same principal.
Parameter identity
The principal
Parameter objectsKeyPattern
Restrict the permission to a certain key pattern (default '*')
method grantPutAcl
grantPutAcl: (identity: iam.IGrantable, objectsKeyPattern?: string) => iam.Grant;
Grant the given IAM identity permissions to modify the ACLs of objects in the given Bucket.
If your application has the '@aws-cdk/aws-s3:grantWriteWithoutAcl' feature flag set, calling grantWrite or grantReadWrite no longer grants permissions to modify the ACLs of the objects; in this case, if you need to modify object ACLs, call this method explicitly.
Parameter identity
The principal
Parameter objectsKeyPattern
Restrict the permission to a certain key pattern (default '*')
method grantRead
grantRead: (identity: iam.IGrantable, objectsKeyPattern?: any) => iam.Grant;
Grant read permissions for this bucket and it's contents to an IAM principal (Role/Group/User).
If encryption is used, permission to use the key to decrypt the contents of the bucket will also be granted to the same principal.
Parameter identity
The principal
Parameter objectsKeyPattern
Restrict the permission to a certain key pattern (default '*')
method grantReadWrite
grantReadWrite: (identity: iam.IGrantable, objectsKeyPattern?: any) => iam.Grant;
Grants read/write permissions for this bucket and it's contents to an IAM principal (Role/Group/User).
If an encryption key is used, permission to use the key for encrypt/decrypt will also be granted.
Before CDK version 1.85.0, this method granted the
s3:PutObject*
permission that includeds3:PutObjectAcl
, which could be used to grant read/write object access to IAM principals in other accounts. If you want to get rid of that behavior, update your CDK version to 1.85.0 or later, and make sure the@aws-cdk/aws-s3:grantWriteWithoutAcl
feature flag is set totrue
in thecontext
key of your cdk.json file. If you've already updated, but still need the principal to have permissions to modify the ACLs, use the grantPutAcl method.Parameter identity
The principal
Parameter objectsKeyPattern
Restrict the permission to a certain key pattern (default '*')
method grantWrite
grantWrite: (identity: iam.IGrantable, objectsKeyPattern?: any) => iam.Grant;
Grant write permissions to this bucket to an IAM principal.
If encryption is used, permission to use the key to encrypt the contents of written files will also be granted to the same principal.
Before CDK version 1.85.0, this method granted the
s3:PutObject*
permission that includeds3:PutObjectAcl
, which could be used to grant read/write object access to IAM principals in other accounts. If you want to get rid of that behavior, update your CDK version to 1.85.0 or later, and make sure the@aws-cdk/aws-s3:grantWriteWithoutAcl
feature flag is set totrue
in thecontext
key of your cdk.json file. If you've already updated, but still need the principal to have permissions to modify the ACLs, use the grantPutAcl method.Parameter identity
The principal
Parameter objectsKeyPattern
Restrict the permission to a certain key pattern (default '*')
method onCloudTrailEvent
onCloudTrailEvent: ( id: string, options?: OnCloudTrailBucketEventOptions) => events.Rule;
Defines a CloudWatch event that triggers when something happens to this bucket
Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail.
Parameter id
The id of the rule
Parameter options
Options for adding the rule
method onCloudTrailPutObject
onCloudTrailPutObject: ( id: string, options?: OnCloudTrailBucketEventOptions) => events.Rule;
Defines an AWS CloudWatch event that triggers when an object is uploaded to the specified paths (keys) in this bucket using the PutObject API call.
Note that some tools like
aws s3 cp
will automatically use either PutObject or the multipart upload API depending on the file size, so usingonCloudTrailWriteObject
may be preferable.Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail.
Parameter id
The id of the rule
Parameter options
Options for adding the rule
method onCloudTrailWriteObject
onCloudTrailWriteObject: ( id: string, options?: OnCloudTrailBucketEventOptions) => events.Rule;
Defines an AWS CloudWatch event that triggers when an object at the specified paths (keys) in this bucket are written to. This includes the events PutObject, CopyObject, and CompleteMultipartUpload.
Note that some tools like
aws s3 cp
will automatically use either PutObject or the multipart upload API depending on the file size, so using this method may be preferable toonCloudTrailPutObject
.Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail.
Parameter id
The id of the rule
Parameter options
Options for adding the rule
method s3UrlForObject
s3UrlForObject: (key?: string) => string;
The S3 URL of an S3 object. For example: -
s3://onlybucket
-s3://bucket/key
Parameter key
The S3 key of the object. If not specified, the S3 URL of the bucket is returned.
Returns
an ObjectS3Url token
method transferAccelerationUrlForObject
transferAccelerationUrlForObject: ( key?: string, options?: TransferAccelerationUrlOptions) => string;
The https Transfer Acceleration URL of an S3 object. Specify
dualStack: true
at the options for dual-stack endpoint (connect to the bucket over IPv6). For example:-
https://bucket.s3-accelerate.amazonaws.com
-https://bucket.s3-accelerate.amazonaws.com/key
Parameter key
The S3 key of the object. If not specified, the URL of the bucket is returned.
Parameter options
Options for generating URL.
Returns
an TransferAccelerationUrl token
method urlForObject
urlForObject: (key?: string) => string;
The https URL of an S3 object. For example:
-
https://s3.us-west-1.amazonaws.com/onlybucket
-https://s3.us-west-1.amazonaws.com/bucket/key
-https://s3.cn-north-1.amazonaws.com.cn/china-bucket/mykey
Parameter key
The S3 key of the object. If not specified, the URL of the bucket is returned.
Returns
an ObjectS3Url token
method virtualHostedUrlForObject
virtualHostedUrlForObject: ( key?: string, options?: VirtualHostedStyleUrlOptions) => string;
The virtual hosted-style URL of an S3 object. Specify
regional: false
at the options for non-regional URL. For example:-
https://only-bucket.s3.us-west-1.amazonaws.com
-https://bucket.s3.us-west-1.amazonaws.com/key
-https://bucket.s3.amazonaws.com/key
-https://china-bucket.s3.cn-north-1.amazonaws.com.cn/mykey
Parameter key
The S3 key of the object. If not specified, the URL of the bucket is returned.
Parameter options
Options for generating URL.
Returns
an ObjectS3Url token
interface IBucketNotificationDestination
interface IBucketNotificationDestination {}
Implemented by constructs that can be used as bucket notification destinations.
method bind
bind: (scope: Construct, bucket: IBucket) => BucketNotificationDestinationConfig;
Registers this resource to receive notifications for the specified bucket. This method will only be called once for each destination/bucket pair and the result will be cached, so there is no need to implement idempotency in each destination.
Parameter bucket
The bucket object to bind to
interface IntelligentTieringConfiguration
interface IntelligentTieringConfiguration {}
The intelligent tiering configuration.
property archiveAccessTierTime
readonly archiveAccessTierTime?: Duration;
When enabled, Intelligent-Tiering will automatically move objects that haven’t been accessed for a minimum of 90 days to the Archive Access tier.
Objects will not move to Glacier
property deepArchiveAccessTierTime
readonly deepArchiveAccessTierTime?: Duration;
When enabled, Intelligent-Tiering will automatically move objects that haven’t been accessed for a minimum of 180 days to the Deep Archive Access tier.
Objects will not move to Glacier Deep Access
property name
readonly name: string;
Configuration name
property prefix
readonly prefix?: string;
Add a filter to limit the scope of this configuration to a single prefix.
this configuration will apply to **all** objects in the bucket.
property tags
readonly tags?: Tag[];
You can limit the scope of this rule to the key value pairs added below.
No filtering will be performed on tags
interface Inventory
interface Inventory {}
Specifies the inventory configuration of an S3 Bucket.
See Also
https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-inventory.html
property destination
readonly destination: InventoryDestination;
The destination of the inventory.
property enabled
readonly enabled?: boolean;
Whether the inventory is enabled or disabled.
true
property format
readonly format?: InventoryFormat;
The format of the inventory.
InventoryFormat.CSV
property frequency
readonly frequency?: InventoryFrequency;
Frequency at which the inventory should be generated.
InventoryFrequency.WEEKLY
property includeObjectVersions
readonly includeObjectVersions?: InventoryObjectVersion;
If the inventory should contain all the object versions or only the current one.
InventoryObjectVersion.ALL
property inventoryId
readonly inventoryId?: string;
The inventory configuration ID.
- generated ID.
property objectsPrefix
readonly objectsPrefix?: string;
The inventory will only include objects that meet the prefix filter criteria.
- No objects prefix
property optionalFields
readonly optionalFields?: string[];
A list of optional fields to be included in the inventory result.
- No optional fields.
interface InventoryDestination
interface InventoryDestination {}
The destination of the inventory.
property bucket
readonly bucket: IBucket;
Bucket where all inventories will be saved in.
property bucketOwner
readonly bucketOwner?: string;
The account ID that owns the destination S3 bucket. If no account ID is provided, the owner is not validated before exporting data. It's recommended to set an account ID to prevent problems if the destination bucket ownership changes.
- No account ID.
property prefix
readonly prefix?: string;
The prefix to be used when saving the inventory.
- No prefix.
interface LifecycleRule
interface LifecycleRule {}
Declaration of a Life cycle rule
property abortIncompleteMultipartUploadAfter
readonly abortIncompleteMultipartUploadAfter?: Duration;
Specifies a lifecycle rule that aborts incomplete multipart uploads to an Amazon S3 bucket.
The AbortIncompleteMultipartUpload property type creates a lifecycle rule that aborts incomplete multipart uploads to an Amazon S3 bucket. When Amazon S3 aborts a multipart upload, it deletes all parts associated with the multipart upload.
- Incomplete uploads are never aborted
property enabled
readonly enabled?: boolean;
Whether this rule is enabled.
true
property expiration
readonly expiration?: Duration;
Indicates the number of days after creation when objects are deleted from Amazon S3 and Amazon Glacier.
If you specify an expiration and transition time, you must use the same time unit for both properties (either in days or by date). The expiration time must also be later than the transition time.
- No expiration timeout
property expirationDate
readonly expirationDate?: Date;
Indicates when objects are deleted from Amazon S3 and Amazon Glacier.
The date value must be in ISO 8601 format. The time is always midnight UTC.
If you specify an expiration and transition time, you must use the same time unit for both properties (either in days or by date). The expiration time must also be later than the transition time.
- No expiration date
property expiredObjectDeleteMarker
readonly expiredObjectDeleteMarker?: boolean;
Indicates whether Amazon S3 will remove a delete marker with no noncurrent versions. If set to true, the delete marker will be expired.
false
property id
readonly id?: string;
A unique identifier for this rule. The value cannot be more than 255 characters.
property noncurrentVersionExpiration
readonly noncurrentVersionExpiration?: Duration;
Time between when a new version of the object is uploaded to the bucket and when old versions of the object expire.
For buckets with versioning enabled (or suspended), specifies the time, in days, between when a new version of the object is uploaded to the bucket and when old versions of the object expire. When object versions expire, Amazon S3 permanently deletes them. If you specify a transition and expiration time, the expiration time must be later than the transition time.
- No noncurrent version expiration
property noncurrentVersionsToRetain
readonly noncurrentVersionsToRetain?: number;
Indicates a maximum number of noncurrent versions to retain.
If there are this many more noncurrent versions, Amazon S3 permanently deletes them.
- No noncurrent versions to retain
property noncurrentVersionTransitions
readonly noncurrentVersionTransitions?: NoncurrentVersionTransition[];
One or more transition rules that specify when non-current objects transition to a specified storage class.
Only for for buckets with versioning enabled (or suspended).
If you specify a transition and expiration time, the expiration time must be later than the transition time.
property objectSizeGreaterThan
readonly objectSizeGreaterThan?: number;
Specifies the minimum object size in bytes for this rule to apply to.
- No rule
property objectSizeLessThan
readonly objectSizeLessThan?: number;
Specifies the maximum object size in bytes for this rule to apply to.
- No rule
property prefix
readonly prefix?: string;
Object key prefix that identifies one or more objects to which this rule applies.
- Rule applies to all objects
property tagFilters
readonly tagFilters?: { [tag: string]: any;};
The TagFilter property type specifies tags to use to identify a subset of objects for an Amazon S3 bucket.
- Rule applies to all objects
property transitions
readonly transitions?: Transition[];
One or more transition rules that specify when an object transitions to a specified storage class.
If you specify an expiration and transition time, you must use the same time unit for both properties (either in days or by date). The expiration time must also be later than the transition time.
- No transition rules
interface Location
interface Location {}
An interface that represents the location of a specific object in an S3 Bucket.
property bucketName
readonly bucketName: string;
The name of the S3 Bucket the object is in.
property objectKey
readonly objectKey: string;
The path inside the Bucket where the object is located at.
property objectVersion
readonly objectVersion?: string;
The S3 object version.
interface NoncurrentVersionTransition
interface NoncurrentVersionTransition {}
Describes when noncurrent versions transition to a specified storage class.
property noncurrentVersionsToRetain
readonly noncurrentVersionsToRetain?: number;
Indicates the number of noncurrent version objects to be retained. Can be up to 100 noncurrent versions retained.
- No noncurrent version retained.
property storageClass
readonly storageClass: StorageClass;
The storage class to which you want the object to transition.
property transitionAfter
readonly transitionAfter: Duration;
Indicates the number of days after creation when objects are transitioned to the specified storage class.
- No transition count.
interface NotificationKeyFilter
interface NotificationKeyFilter {}
interface OnCloudTrailBucketEventOptions
interface OnCloudTrailBucketEventOptions extends events.OnEventOptions {}
Options for the onCloudTrailPutObject method
property paths
readonly paths?: string[];
Only watch changes to these object paths
- Watch changes to all objects
interface RedirectTarget
interface RedirectTarget {}
Specifies a redirect behavior of all requests to a website endpoint of a bucket.
interface RoutingRule
interface RoutingRule {}
Rule that define when a redirect is applied and the redirect behavior.
See Also
https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html
property condition
readonly condition?: RoutingRuleCondition;
Specifies a condition that must be met for the specified redirect to apply.
- No condition
property hostName
readonly hostName?: string;
The host name to use in the redirect request
- The host name used in the original request.
property httpRedirectCode
readonly httpRedirectCode?: string;
The HTTP redirect code to use on the response
"301" - Moved Permanently
property protocol
readonly protocol?: RedirectProtocol;
Protocol to use when redirecting requests
- The protocol used in the original request.
property replaceKey
readonly replaceKey?: ReplaceKey;
Specifies the object key prefix to use in the redirect request
- The key will not be replaced
interface RoutingRuleCondition
interface RoutingRuleCondition {}
property httpErrorCodeReturnedEquals
readonly httpErrorCodeReturnedEquals?: string;
The HTTP error code when the redirect is applied
In the event of an error, if the error code equals this value, then the specified redirect is applied.
If both condition properties are specified, both must be true for the redirect to be applied.
- The HTTP error code will not be verified
property keyPrefixEquals
readonly keyPrefixEquals?: string;
The object key name prefix when the redirect is applied
If both condition properties are specified, both must be true for the redirect to be applied.
- The object key name will not be verified
interface Tag
interface Tag {}
Tag
interface TransferAccelerationUrlOptions
interface TransferAccelerationUrlOptions {}
Options for creating a Transfer Acceleration URL.
property dualStack
readonly dualStack?: boolean;
Dual-stack support to connect to the bucket over IPv6.
- false
interface Transition
interface Transition {}
Describes when an object transitions to a specified storage class.
property storageClass
readonly storageClass: StorageClass;
The storage class to which you want the object to transition.
property transitionAfter
readonly transitionAfter?: Duration;
Indicates the number of days after creation when objects are transitioned to the specified storage class.
- No transition count.
property transitionDate
readonly transitionDate?: Date;
Indicates when objects are transitioned to the specified storage class.
The date value must be in ISO 8601 format. The time is always midnight UTC.
- No transition date.
interface VirtualHostedStyleUrlOptions
interface VirtualHostedStyleUrlOptions {}
Options for creating Virtual-Hosted style URL.
property regional
readonly regional?: boolean;
Specifies the URL includes the region.
- true
Enums
enum BucketAccessControl
enum BucketAccessControl { PRIVATE = 'Private', PUBLIC_READ = 'PublicRead', PUBLIC_READ_WRITE = 'PublicReadWrite', AUTHENTICATED_READ = 'AuthenticatedRead', LOG_DELIVERY_WRITE = 'LogDeliveryWrite', BUCKET_OWNER_READ = 'BucketOwnerRead', BUCKET_OWNER_FULL_CONTROL = 'BucketOwnerFullControl', AWS_EXEC_READ = 'AwsExecRead',}
Default bucket access control types.
See Also
https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html
member AUTHENTICATED_READ
AUTHENTICATED_READ = 'AuthenticatedRead'
Owner gets FULL_CONTROL. The AuthenticatedUsers group gets READ access.
member AWS_EXEC_READ
AWS_EXEC_READ = 'AwsExecRead'
Owner gets FULL_CONTROL. Amazon EC2 gets READ access to GET an Amazon Machine Image (AMI) bundle from Amazon S3.
member BUCKET_OWNER_FULL_CONTROL
BUCKET_OWNER_FULL_CONTROL = 'BucketOwnerFullControl'
Both the object owner and the bucket owner get FULL_CONTROL over the object. If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.
member BUCKET_OWNER_READ
BUCKET_OWNER_READ = 'BucketOwnerRead'
Object owner gets FULL_CONTROL. Bucket owner gets READ access. If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.
member LOG_DELIVERY_WRITE
LOG_DELIVERY_WRITE = 'LogDeliveryWrite'
The LogDelivery group gets WRITE and READ_ACP permissions on the bucket.
See Also
https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerLogs.html
member PRIVATE
PRIVATE = 'Private'
Owner gets FULL_CONTROL. No one else has access rights.
member PUBLIC_READ
PUBLIC_READ = 'PublicRead'
Owner gets FULL_CONTROL. The AllUsers group gets READ access.
member PUBLIC_READ_WRITE
PUBLIC_READ_WRITE = 'PublicReadWrite'
Owner gets FULL_CONTROL. The AllUsers group gets READ and WRITE access. Granting this on a bucket is generally not recommended.
enum BucketEncryption
enum BucketEncryption { UNENCRYPTED = 'NONE', KMS_MANAGED = 'MANAGED', S3_MANAGED = 'S3MANAGED', KMS = 'KMS',}
What kind of server-side encryption to apply to this bucket
member KMS
KMS = 'KMS'
Server-side encryption with a KMS key managed by the user. If
encryptionKey
is specified, this key will be used, otherwise, one will be defined.
member KMS_MANAGED
KMS_MANAGED = 'MANAGED'
Server-side KMS encryption with a master key managed by KMS.
member S3_MANAGED
S3_MANAGED = 'S3MANAGED'
Server-side encryption with a master key managed by S3.
member UNENCRYPTED
UNENCRYPTED = 'NONE'
Objects in the bucket are not encrypted.
enum BucketNotificationDestinationType
enum BucketNotificationDestinationType { LAMBDA = 0, QUEUE = 1, TOPIC = 2,}
Supported types of notification destinations.
enum EventType
enum EventType { OBJECT_CREATED = 's3:ObjectCreated:*', OBJECT_CREATED_PUT = 's3:ObjectCreated:Put', OBJECT_CREATED_POST = 's3:ObjectCreated:Post', OBJECT_CREATED_COPY = 's3:ObjectCreated:Copy', OBJECT_CREATED_COMPLETE_MULTIPART_UPLOAD = 's3:ObjectCreated:CompleteMultipartUpload', OBJECT_REMOVED = 's3:ObjectRemoved:*', OBJECT_REMOVED_DELETE = 's3:ObjectRemoved:Delete', OBJECT_REMOVED_DELETE_MARKER_CREATED = 's3:ObjectRemoved:DeleteMarkerCreated', OBJECT_RESTORE_POST = 's3:ObjectRestore:Post', OBJECT_RESTORE_COMPLETED = 's3:ObjectRestore:Completed', OBJECT_RESTORE_DELETE = 's3:ObjectRestore:Delete', REDUCED_REDUNDANCY_LOST_OBJECT = 's3:ReducedRedundancyLostObject', REPLICATION_OPERATION_FAILED_REPLICATION = 's3:Replication:OperationFailedReplication', REPLICATION_OPERATION_MISSED_THRESHOLD = 's3:Replication:OperationMissedThreshold', REPLICATION_OPERATION_REPLICATED_AFTER_THRESHOLD = 's3:Replication:OperationReplicatedAfterThreshold', REPLICATION_OPERATION_NOT_TRACKED = 's3:Replication:OperationNotTracked', LIFECYCLE_EXPIRATION = 's3:LifecycleExpiration:*', LIFECYCLE_EXPIRATION_DELETE = 's3:LifecycleExpiration:Delete', LIFECYCLE_EXPIRATION_DELETE_MARKER_CREATED = 's3:LifecycleExpiration:DeleteMarkerCreated', LIFECYCLE_TRANSITION = 's3:LifecycleTransition', INTELLIGENT_TIERING = 's3:IntelligentTiering', OBJECT_TAGGING = 's3:ObjectTagging:*', OBJECT_TAGGING_PUT = 's3:ObjectTagging:Put', OBJECT_TAGGING_DELETE = 's3:ObjectTagging:Delete', OBJECT_ACL_PUT = 's3:ObjectAcl:Put',}
Notification event types. https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-event-types-and-destinations.html#supported-notification-event-types
member INTELLIGENT_TIERING
INTELLIGENT_TIERING = 's3:IntelligentTiering'
You receive this notification event when an object within the S3 Intelligent-Tiering storage class moved to the Archive Access tier or Deep Archive Access tier.
member LIFECYCLE_EXPIRATION
LIFECYCLE_EXPIRATION = 's3:LifecycleExpiration:*'
By using the LifecycleExpiration event types, you can receive a notification when Amazon S3 deletes an object based on your S3 Lifecycle configuration.
member LIFECYCLE_EXPIRATION_DELETE
LIFECYCLE_EXPIRATION_DELETE = 's3:LifecycleExpiration:Delete'
The s3:LifecycleExpiration:Delete event type notifies you when an object in an unversioned bucket is deleted. It also notifies you when an object version is permanently deleted by an S3 Lifecycle configuration.
member LIFECYCLE_EXPIRATION_DELETE_MARKER_CREATED
LIFECYCLE_EXPIRATION_DELETE_MARKER_CREATED = 's3:LifecycleExpiration:DeleteMarkerCreated'
The s3:LifecycleExpiration:DeleteMarkerCreated event type notifies you when S3 Lifecycle creates a delete marker when a current version of an object in versioned bucket is deleted.
member LIFECYCLE_TRANSITION
LIFECYCLE_TRANSITION = 's3:LifecycleTransition'
You receive this notification event when an object is transitioned to another Amazon S3 storage class by an S3 Lifecycle configuration.
member OBJECT_ACL_PUT
OBJECT_ACL_PUT = 's3:ObjectAcl:Put'
You receive this notification event when an ACL is PUT on an object or when an existing ACL is changed. An event is not generated when a request results in no change to an object’s ACL.
member OBJECT_CREATED
OBJECT_CREATED = 's3:ObjectCreated:*'
Amazon S3 APIs such as PUT, POST, and COPY can create an object. Using these event types, you can enable notification when an object is created using a specific API, or you can use the s3:ObjectCreated:* event type to request notification regardless of the API that was used to create an object.
member OBJECT_CREATED_COMPLETE_MULTIPART_UPLOAD
OBJECT_CREATED_COMPLETE_MULTIPART_UPLOAD = 's3:ObjectCreated:CompleteMultipartUpload'
Amazon S3 APIs such as PUT, POST, and COPY can create an object. Using these event types, you can enable notification when an object is created using a specific API, or you can use the s3:ObjectCreated:* event type to request notification regardless of the API that was used to create an object.
member OBJECT_CREATED_COPY
OBJECT_CREATED_COPY = 's3:ObjectCreated:Copy'
Amazon S3 APIs such as PUT, POST, and COPY can create an object. Using these event types, you can enable notification when an object is created using a specific API, or you can use the s3:ObjectCreated:* event type to request notification regardless of the API that was used to create an object.
member OBJECT_CREATED_POST
OBJECT_CREATED_POST = 's3:ObjectCreated:Post'
Amazon S3 APIs such as PUT, POST, and COPY can create an object. Using these event types, you can enable notification when an object is created using a specific API, or you can use the s3:ObjectCreated:* event type to request notification regardless of the API that was used to create an object.
member OBJECT_CREATED_PUT
OBJECT_CREATED_PUT = 's3:ObjectCreated:Put'
Amazon S3 APIs such as PUT, POST, and COPY can create an object. Using these event types, you can enable notification when an object is created using a specific API, or you can use the s3:ObjectCreated:* event type to request notification regardless of the API that was used to create an object.
member OBJECT_REMOVED
OBJECT_REMOVED = 's3:ObjectRemoved:*'
By using the ObjectRemoved event types, you can enable notification when an object or a batch of objects is removed from a bucket.
You can request notification when an object is deleted or a versioned object is permanently deleted by using the s3:ObjectRemoved:Delete event type. Or you can request notification when a delete marker is created for a versioned object by using s3:ObjectRemoved:DeleteMarkerCreated. For information about deleting versioned objects, see Deleting Object Versions. You can also use a wildcard s3:ObjectRemoved:* to request notification anytime an object is deleted.
You will not receive event notifications from automatic deletes from lifecycle policies or from failed operations.
member OBJECT_REMOVED_DELETE
OBJECT_REMOVED_DELETE = 's3:ObjectRemoved:Delete'
By using the ObjectRemoved event types, you can enable notification when an object or a batch of objects is removed from a bucket.
You can request notification when an object is deleted or a versioned object is permanently deleted by using the s3:ObjectRemoved:Delete event type. Or you can request notification when a delete marker is created for a versioned object by using s3:ObjectRemoved:DeleteMarkerCreated. For information about deleting versioned objects, see Deleting Object Versions. You can also use a wildcard s3:ObjectRemoved:* to request notification anytime an object is deleted.
You will not receive event notifications from automatic deletes from lifecycle policies or from failed operations.
member OBJECT_REMOVED_DELETE_MARKER_CREATED
OBJECT_REMOVED_DELETE_MARKER_CREATED = 's3:ObjectRemoved:DeleteMarkerCreated'
By using the ObjectRemoved event types, you can enable notification when an object or a batch of objects is removed from a bucket.
You can request notification when an object is deleted or a versioned object is permanently deleted by using the s3:ObjectRemoved:Delete event type. Or you can request notification when a delete marker is created for a versioned object by using s3:ObjectRemoved:DeleteMarkerCreated. For information about deleting versioned objects, see Deleting Object Versions. You can also use a wildcard s3:ObjectRemoved:* to request notification anytime an object is deleted.
You will not receive event notifications from automatic deletes from lifecycle policies or from failed operations.
member OBJECT_RESTORE_COMPLETED
OBJECT_RESTORE_COMPLETED = 's3:ObjectRestore:Completed'
Using restore object event types you can receive notifications for initiation and completion when restoring objects from the S3 Glacier storage class.
You use s3:ObjectRestore:Completed to request notification of restoration completion.
member OBJECT_RESTORE_DELETE
OBJECT_RESTORE_DELETE = 's3:ObjectRestore:Delete'
Using restore object event types you can receive notifications for initiation and completion when restoring objects from the S3 Glacier storage class.
You use s3:ObjectRestore:Delete to request notification of restoration completion.
member OBJECT_RESTORE_POST
OBJECT_RESTORE_POST = 's3:ObjectRestore:Post'
Using restore object event types you can receive notifications for initiation and completion when restoring objects from the S3 Glacier storage class.
You use s3:ObjectRestore:Post to request notification of object restoration initiation.
member OBJECT_TAGGING
OBJECT_TAGGING = 's3:ObjectTagging:*'
By using the ObjectTagging event types, you can enable notification when an object tag is added or deleted from an object.
member OBJECT_TAGGING_DELETE
OBJECT_TAGGING_DELETE = 's3:ObjectTagging:Delete'
The s3:ObjectTagging:Delete event type notifies you when a tag is removed from an object.
member OBJECT_TAGGING_PUT
OBJECT_TAGGING_PUT = 's3:ObjectTagging:Put'
The s3:ObjectTagging:Put event type notifies you when a tag is PUT on an object or an existing tag is updated.
member REDUCED_REDUNDANCY_LOST_OBJECT
REDUCED_REDUNDANCY_LOST_OBJECT = 's3:ReducedRedundancyLostObject'
You can use this event type to request Amazon S3 to send a notification message when Amazon S3 detects that an object of the RRS storage class is lost.
member REPLICATION_OPERATION_FAILED_REPLICATION
REPLICATION_OPERATION_FAILED_REPLICATION = 's3:Replication:OperationFailedReplication'
You receive this notification event when an object that was eligible for replication using Amazon S3 Replication Time Control failed to replicate.
member REPLICATION_OPERATION_MISSED_THRESHOLD
REPLICATION_OPERATION_MISSED_THRESHOLD = 's3:Replication:OperationMissedThreshold'
You receive this notification event when an object that was eligible for replication using Amazon S3 Replication Time Control exceeded the 15-minute threshold for replication.
member REPLICATION_OPERATION_NOT_TRACKED
REPLICATION_OPERATION_NOT_TRACKED = 's3:Replication:OperationNotTracked'
You receive this notification event for an object that was eligible for replication using Amazon S3 Replication Time Control but is no longer tracked by replication metrics.
member REPLICATION_OPERATION_REPLICATED_AFTER_THRESHOLD
REPLICATION_OPERATION_REPLICATED_AFTER_THRESHOLD = 's3:Replication:OperationReplicatedAfterThreshold'
You receive this notification event for an object that was eligible for replication using the Amazon S3 Replication Time Control feature replicated after the 15-minute threshold.
enum HttpMethods
enum HttpMethods { GET = 'GET', PUT = 'PUT', HEAD = 'HEAD', POST = 'POST', DELETE = 'DELETE',}
All http request methods
member DELETE
DELETE = 'DELETE'
The DELETE method deletes the specified resource.
member GET
GET = 'GET'
The GET method requests a representation of the specified resource.
member HEAD
HEAD = 'HEAD'
The HEAD method asks for a response identical to that of a GET request, but without the response body.
member POST
POST = 'POST'
The POST method is used to submit an entity to the specified resource, often causing a change in state or side effects on the server.
member PUT
PUT = 'PUT'
The PUT method replaces all current representations of the target resource with the request payload.
enum InventoryFormat
enum InventoryFormat { CSV = 'CSV', PARQUET = 'Parquet', ORC = 'ORC',}
All supported inventory list formats.
enum InventoryFrequency
enum InventoryFrequency { DAILY = 'Daily', WEEKLY = 'Weekly',}
All supported inventory frequencies.
enum InventoryObjectVersion
enum InventoryObjectVersion { ALL = 'All', CURRENT = 'Current',}
Inventory version support.
enum ObjectOwnership
enum ObjectOwnership { BUCKET_OWNER_ENFORCED = 'BucketOwnerEnforced', BUCKET_OWNER_PREFERRED = 'BucketOwnerPreferred', OBJECT_WRITER = 'ObjectWriter',}
The ObjectOwnership of the bucket.
See Also
https://docs.aws.amazon.com/AmazonS3/latest/dev/about-object-ownership.html
member BUCKET_OWNER_ENFORCED
BUCKET_OWNER_ENFORCED = 'BucketOwnerEnforced'
ACLs are disabled, and the bucket owner automatically owns and has full control over every object in the bucket. ACLs no longer affect permissions to data in the S3 bucket. The bucket uses policies to define access control.
member BUCKET_OWNER_PREFERRED
BUCKET_OWNER_PREFERRED = 'BucketOwnerPreferred'
Objects uploaded to the bucket change ownership to the bucket owner .
member OBJECT_WRITER
OBJECT_WRITER = 'ObjectWriter'
The uploading account will own the object.
enum RedirectProtocol
enum RedirectProtocol { HTTP = 'http', HTTPS = 'https',}
All http request methods
Namespaces
namespace CfnAccessPoint
namespace CfnAccessPoint {}
interface PublicAccessBlockConfigurationProperty
interface PublicAccessBlockConfigurationProperty {}
The PublicAccessBlock configuration that you want to apply to this Amazon S3 bucket. You can enable the configuration options in any combination. For more information about when Amazon S3 considers a bucket or object public, see [The Meaning of "Public"](https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status) in the *Amazon S3 User Guide* .
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-accesspoint-publicaccessblockconfiguration.html
property blockPublicAcls
readonly blockPublicAcls?: boolean | cdk.IResolvable;
Specifies whether Amazon S3 should block public access control lists (ACLs) for this bucket and objects in this bucket. Setting this element to
TRUE
causes the following behavior:- PUT Bucket ACL and PUT Object ACL calls fail if the specified ACL is public. - PUT Object calls fail if the request includes a public ACL. - PUT Bucket calls fail if the request includes a public ACL.
Enabling this setting doesn't affect existing policies or ACLs.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-accesspoint-publicaccessblockconfiguration.html#cfn-s3-accesspoint-publicaccessblockconfiguration-blockpublicacls
property blockPublicPolicy
readonly blockPublicPolicy?: boolean | cdk.IResolvable;
Specifies whether Amazon S3 should block public bucket policies for this bucket. Setting this element to
TRUE
causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access.Enabling this setting doesn't affect existing bucket policies.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-accesspoint-publicaccessblockconfiguration.html#cfn-s3-accesspoint-publicaccessblockconfiguration-blockpublicpolicy
property ignorePublicAcls
readonly ignorePublicAcls?: boolean | cdk.IResolvable;
Specifies whether Amazon S3 should ignore public ACLs for this bucket and objects in this bucket. Setting this element to
TRUE
causes Amazon S3 to ignore all public ACLs on this bucket and objects in this bucket.Enabling this setting doesn't affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-accesspoint-publicaccessblockconfiguration.html#cfn-s3-accesspoint-publicaccessblockconfiguration-ignorepublicacls
property restrictPublicBuckets
readonly restrictPublicBuckets?: boolean | cdk.IResolvable;
Specifies whether Amazon S3 should restrict public bucket policies for this bucket. Setting this element to
TRUE
restricts access to this bucket to only AWS service principals and authorized users within this account if the bucket has a public policy.Enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-accesspoint-publicaccessblockconfiguration.html#cfn-s3-accesspoint-publicaccessblockconfiguration-restrictpublicbuckets
interface VpcConfigurationProperty
interface VpcConfigurationProperty {}
The Virtual Private Cloud (VPC) configuration for this access point.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-accesspoint-vpcconfiguration.html
property vpcId
readonly vpcId?: string;
If this field is specified, the access point will only allow connections from the specified VPC ID.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-accesspoint-vpcconfiguration.html#cfn-s3-accesspoint-vpcconfiguration-vpcid
namespace CfnBucket
namespace CfnBucket {}
interface AbortIncompleteMultipartUploadProperty
interface AbortIncompleteMultipartUploadProperty {}
Specifies the days since the initiation of an incomplete multipart upload that Amazon S3 will wait before permanently removing all parts of the upload. For more information, see [Stopping Incomplete Multipart Uploads Using a Bucket Lifecycle Policy](https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config) in the *Amazon S3 User Guide* .
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-abortincompletemultipartupload.html
property daysAfterInitiation
readonly daysAfterInitiation: number;
Specifies the number of days after which Amazon S3 stops an incomplete multipart upload.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-abortincompletemultipartupload.html#cfn-s3-bucket-abortincompletemultipartupload-daysafterinitiation
interface AccelerateConfigurationProperty
interface AccelerateConfigurationProperty {}
Configures the transfer acceleration state for an Amazon S3 bucket. For more information, see [Amazon S3 Transfer Acceleration](https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html) in the *Amazon S3 User Guide* .
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-accelerateconfiguration.html
property accelerationStatus
readonly accelerationStatus: string;
Specifies the transfer acceleration status of the bucket.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-accelerateconfiguration.html#cfn-s3-bucket-accelerateconfiguration-accelerationstatus
interface AccessControlTranslationProperty
interface AccessControlTranslationProperty {}
Specify this only in a cross-account scenario (where source and destination bucket owners are not the same), and you want to change replica ownership to the AWS account that owns the destination bucket. If this is not specified in the replication configuration, the replicas are owned by same AWS account that owns the source object.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-accesscontroltranslation.html
property owner
readonly owner: string;
Specifies the replica ownership. For default and valid values, see [PUT bucket replication](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTreplication.html) in the *Amazon S3 API Reference* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-accesscontroltranslation.html#cfn-s3-bucket-accesscontroltranslation-owner
interface AnalyticsConfigurationProperty
interface AnalyticsConfigurationProperty {}
Specifies the configuration and any analyses for the analytics filter of an Amazon S3 bucket.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-analyticsconfiguration.html
property id
readonly id: string;
The ID that identifies the analytics configuration.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-analyticsconfiguration.html#cfn-s3-bucket-analyticsconfiguration-id
property prefix
readonly prefix?: string;
The prefix that an object must have to be included in the analytics results.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-analyticsconfiguration.html#cfn-s3-bucket-analyticsconfiguration-prefix
property storageClassAnalysis
readonly storageClassAnalysis: | CfnBucket.StorageClassAnalysisProperty | cdk.IResolvable;
Contains data related to access patterns to be collected and made available to analyze the tradeoffs between different storage classes.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-analyticsconfiguration.html#cfn-s3-bucket-analyticsconfiguration-storageclassanalysis
property tagFilters
readonly tagFilters?: | Array<CfnBucket.TagFilterProperty | cdk.IResolvable> | cdk.IResolvable;
The tags to use when evaluating an analytics filter.
The analytics only includes objects that meet the filter's criteria. If no filter is specified, all of the contents of the bucket are included in the analysis.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-analyticsconfiguration.html#cfn-s3-bucket-analyticsconfiguration-tagfilters
interface BucketEncryptionProperty
interface BucketEncryptionProperty {}
Specifies default encryption for a bucket using server-side encryption with Amazon S3-managed keys (SSE-S3) or AWS KMS-managed keys (SSE-KMS) bucket. For information about the Amazon S3 default encryption feature, see [Amazon S3 Default Encryption for S3 Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) in the *Amazon S3 User Guide* .
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-bucketencryption.html
property serverSideEncryptionConfiguration
readonly serverSideEncryptionConfiguration: | Array<CfnBucket.ServerSideEncryptionRuleProperty | cdk.IResolvable> | cdk.IResolvable;
Specifies the default server-side-encryption configuration.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-bucketencryption.html#cfn-s3-bucket-bucketencryption-serversideencryptionconfiguration
interface CorsConfigurationProperty
interface CorsConfigurationProperty {}
Describes the cross-origin access configuration for objects in an Amazon S3 bucket. For more information, see [Enabling Cross-Origin Resource Sharing](https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html) in the *Amazon S3 User Guide* .
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-cors.html
property corsRules
readonly corsRules: | Array<CfnBucket.CorsRuleProperty | cdk.IResolvable> | cdk.IResolvable;
A set of origins and methods (cross-origin access that you want to allow). You can add up to 100 rules to the configuration.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-cors.html#cfn-s3-bucket-cors-corsrule
interface CorsRuleProperty
interface CorsRuleProperty {}
Specifies a cross-origin access rule for an Amazon S3 bucket.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-cors-corsrule.html
property allowedHeaders
readonly allowedHeaders?: string[];
Headers that are specified in the
Access-Control-Request-Headers
header. These headers are allowed in a preflight OPTIONS request. In response to any preflight OPTIONS request, Amazon S3 returns any requested headers that are allowed.http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-cors-corsrule.html#cfn-s3-bucket-cors-corsrule-allowedheaders
property allowedMethods
readonly allowedMethods: string[];
An HTTP method that you allow the origin to run.
*Allowed values* :
GET
|PUT
|HEAD
|POST
|DELETE
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-cors-corsrule.html#cfn-s3-bucket-cors-corsrule-allowedmethods
property allowedOrigins
readonly allowedOrigins: string[];
One or more origins you want customers to be able to access the bucket from.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-cors-corsrule.html#cfn-s3-bucket-cors-corsrule-allowedorigins
property exposedHeaders
readonly exposedHeaders?: string[];
One or more headers in the response that you want customers to be able to access from their applications (for example, from a JavaScript
XMLHttpRequest
object).http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-cors-corsrule.html#cfn-s3-bucket-cors-corsrule-exposedheaders
property id
readonly id?: string;
A unique identifier for this rule. The value must be no more than 255 characters.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-cors-corsrule.html#cfn-s3-bucket-cors-corsrule-id
property maxAge
readonly maxAge?: number;
The time in seconds that your browser is to cache the preflight response for the specified resource.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-cors-corsrule.html#cfn-s3-bucket-cors-corsrule-maxage
interface DataExportProperty
interface DataExportProperty {}
Specifies how data related to the storage class analysis for an Amazon S3 bucket should be exported.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-dataexport.html
property destination
readonly destination: CfnBucket.DestinationProperty | cdk.IResolvable;
The place to store the data for an analysis.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-dataexport.html#cfn-s3-bucket-dataexport-destination
property outputSchemaVersion
readonly outputSchemaVersion: string;
The version of the output schema to use when exporting data. Must be
V_1
.http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-dataexport.html#cfn-s3-bucket-dataexport-outputschemaversion
interface DefaultRetentionProperty
interface DefaultRetentionProperty {}
The container element for specifying the default Object Lock retention settings for new objects placed in the specified bucket.
> - The
DefaultRetention
settings require both a mode and a period. > - TheDefaultRetention
period can be eitherDays
orYears
but you must select one. You cannot specifyDays
andYears
at the same time.external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-defaultretention.html
property days
readonly days?: number;
The number of days that you want to specify for the default retention period. If Object Lock is turned on, you must specify
Mode
and specify eitherDays
orYears
.http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-defaultretention.html#cfn-s3-bucket-defaultretention-days
property mode
readonly mode?: string;
The default Object Lock retention mode you want to apply to new objects placed in the specified bucket. If Object Lock is turned on, you must specify
Mode
and specify eitherDays
orYears
.http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-defaultretention.html#cfn-s3-bucket-defaultretention-mode
property years
readonly years?: number;
The number of years that you want to specify for the default retention period. If Object Lock is turned on, you must specify
Mode
and specify eitherDays
orYears
.http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-defaultretention.html#cfn-s3-bucket-defaultretention-years
interface DeleteMarkerReplicationProperty
interface DeleteMarkerReplicationProperty {}
Specifies whether Amazon S3 replicates delete markers. If you specify a
Filter
in your replication configuration, you must also include aDeleteMarkerReplication
element. If yourFilter
includes aTag
element, theDeleteMarkerReplication
Status
must be set to Disabled, because Amazon S3 does not support replicating delete markers for tag-based rules. For an example configuration, see [Basic Rule Configuration](https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-config-min-rule-config) .For more information about delete marker replication, see [Basic Rule Configuration](https://docs.aws.amazon.com/AmazonS3/latest/dev/delete-marker-replication.html) .
> If you are using an earlier version of the replication configuration, Amazon S3 handles replication of delete markers differently. For more information, see [Backward Compatibility](https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-backward-compat-considerations) .
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-deletemarkerreplication.html
property status
readonly status?: string;
Indicates whether to replicate delete markers. Disabled by default.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-deletemarkerreplication.html#cfn-s3-bucket-deletemarkerreplication-status
interface DestinationProperty
interface DestinationProperty {}
Specifies information about where to publish analysis or configuration results for an Amazon S3 bucket.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-destination.html
property bucketAccountId
readonly bucketAccountId?: string;
The account ID that owns the destination S3 bucket. If no account ID is provided, the owner is not validated before exporting data.
> Although this value is optional, we strongly recommend that you set it to help prevent problems if the destination bucket ownership changes.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-destination.html#cfn-s3-bucket-destination-bucketaccountid
property bucketArn
readonly bucketArn: string;
The Amazon Resource Name (ARN) of the bucket to which data is exported.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-destination.html#cfn-s3-bucket-destination-bucketarn
property format
readonly format: string;
Specifies the file format used when exporting data to Amazon S3.
*Allowed values* :
CSV
|ORC
|Parquet
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-destination.html#cfn-s3-bucket-destination-format
property prefix
readonly prefix?: string;
The prefix to use when exporting data. The prefix is prepended to all results.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-destination.html#cfn-s3-bucket-destination-prefix
interface EncryptionConfigurationProperty
interface EncryptionConfigurationProperty {}
Specifies encryption-related information for an Amazon S3 bucket that is a destination for replicated objects.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-encryptionconfiguration.html
property replicaKmsKeyId
readonly replicaKmsKeyId: string;
Specifies the ID (Key ARN or Alias ARN) of the customer managed AWS KMS key stored in AWS Key Management Service (KMS) for the destination bucket. Amazon S3 uses this key to encrypt replica objects. Amazon S3 only supports symmetric encryption KMS keys. For more information, see [Asymmetric keys in AWS KMS](https://docs.aws.amazon.com//kms/latest/developerguide/symmetric-asymmetric.html) in the *AWS Key Management Service Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-encryptionconfiguration.html#cfn-s3-bucket-encryptionconfiguration-replicakmskeyid
interface EventBridgeConfigurationProperty
interface EventBridgeConfigurationProperty {}
Amazon S3 can send events to Amazon EventBridge whenever certain events happen in your bucket, see [Using EventBridge](https://docs.aws.amazon.com/AmazonS3/latest/userguide/EventBridge.html) in the *Amazon S3 User Guide* .
Unlike other destinations, delivery of events to EventBridge can be either enabled or disabled for a bucket. If enabled, all events will be sent to EventBridge and you can use EventBridge rules to route events to additional targets. For more information, see [What Is Amazon EventBridge](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-what-is.html) in the *Amazon EventBridge User Guide*
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-notificationconfig-eventbridgeconfig.html
property eventBridgeEnabled
readonly eventBridgeEnabled?: boolean | cdk.IResolvable;
Enables delivery of events to Amazon EventBridge.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-notificationconfig-eventbridgeconfig.html#cfn-s3-bucket-eventbridgeconfiguration-eventbridgeenabled
interface FilterRuleProperty
interface FilterRuleProperty {}
Specifies the Amazon S3 object key name to filter on and whether to filter on the suffix or prefix of the key name.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-notificationconfiguration-config-filter-s3key-rules.html
property name
readonly name: string;
The object key name prefix or suffix identifying one or more objects to which the filtering rule applies. The maximum length is 1,024 characters. Overlapping prefixes and suffixes are not supported. For more information, see [Configuring Event Notifications](https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) in the *Amazon S3 User Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-notificationconfiguration-config-filter-s3key-rules.html#cfn-s3-bucket-notificationconfiguraiton-config-filter-s3key-rules-name
property value
readonly value: string;
The value that the filter searches for in object key names.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-notificationconfiguration-config-filter-s3key-rules.html#cfn-s3-bucket-notificationconfiguraiton-config-filter-s3key-rules-value
interface IntelligentTieringConfigurationProperty
interface IntelligentTieringConfigurationProperty {}
Specifies the S3 Intelligent-Tiering configuration for an Amazon S3 bucket.
For information about the S3 Intelligent-Tiering storage class, see [Storage class for automatically optimizing frequently and infrequently accessed objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access) .
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-intelligenttieringconfiguration.html
property id
readonly id: string;
The ID used to identify the S3 Intelligent-Tiering configuration.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-intelligenttieringconfiguration.html#cfn-s3-bucket-intelligenttieringconfiguration-id
property prefix
readonly prefix?: string;
An object key name prefix that identifies the subset of objects to which the rule applies.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-intelligenttieringconfiguration.html#cfn-s3-bucket-intelligenttieringconfiguration-prefix
property status
readonly status: string;
Specifies the status of the configuration.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-intelligenttieringconfiguration.html#cfn-s3-bucket-intelligenttieringconfiguration-status
property tagFilters
readonly tagFilters?: | Array<CfnBucket.TagFilterProperty | cdk.IResolvable> | cdk.IResolvable;
A container for a key-value pair.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-intelligenttieringconfiguration.html#cfn-s3-bucket-intelligenttieringconfiguration-tagfilters
property tierings
readonly tierings: | Array<CfnBucket.TieringProperty | cdk.IResolvable> | cdk.IResolvable;
Specifies a list of S3 Intelligent-Tiering storage class tiers in the configuration. At least one tier must be defined in the list. At most, you can specify two tiers in the list, one for each available AccessTier:
ARCHIVE_ACCESS
andDEEP_ARCHIVE_ACCESS
.> You only need Intelligent Tiering Configuration enabled on a bucket if you want to automatically move objects stored in the Intelligent-Tiering storage class to Archive Access or Deep Archive Access tiers.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-intelligenttieringconfiguration.html#cfn-s3-bucket-intelligenttieringconfiguration-tierings
interface InventoryConfigurationProperty
interface InventoryConfigurationProperty {}
Specifies the inventory configuration for an Amazon S3 bucket. For more information, see [GET Bucket inventory](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETInventoryConfig.html) in the *Amazon S3 API Reference* .
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-inventoryconfiguration.html
property destination
readonly destination: CfnBucket.DestinationProperty | cdk.IResolvable;
Contains information about where to publish the inventory results.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-inventoryconfiguration.html#cfn-s3-bucket-inventoryconfiguration-destination
property enabled
readonly enabled: boolean | cdk.IResolvable;
Specifies whether the inventory is enabled or disabled. If set to
True
, an inventory list is generated. If set toFalse
, no inventory list is generated.http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-inventoryconfiguration.html#cfn-s3-bucket-inventoryconfiguration-enabled
property id
readonly id: string;
The ID used to identify the inventory configuration.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-inventoryconfiguration.html#cfn-s3-bucket-inventoryconfiguration-id
property includedObjectVersions
readonly includedObjectVersions: string;
Object versions to include in the inventory list. If set to
All
, the list includes all the object versions, which adds the version-related fieldsVersionId
,IsLatest
, andDeleteMarker
to the list. If set toCurrent
, the list does not contain these version-related fields.http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-inventoryconfiguration.html#cfn-s3-bucket-inventoryconfiguration-includedobjectversions
property optionalFields
readonly optionalFields?: string[];
Contains the optional fields that are included in the inventory results.
*Valid values* :
Size | LastModifiedDate | StorageClass | ETag | IsMultipartUploaded | ReplicationStatus | EncryptionStatus | ObjectLockRetainUntilDate | ObjectLockMode | ObjectLockLegalHoldStatus | IntelligentTieringAccessTier | BucketKeyStatus
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-inventoryconfiguration.html#cfn-s3-bucket-inventoryconfiguration-optionalfields
property prefix
readonly prefix?: string;
Specifies the inventory filter prefix.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-inventoryconfiguration.html#cfn-s3-bucket-inventoryconfiguration-prefix
property scheduleFrequency
readonly scheduleFrequency: string;
Specifies the schedule for generating inventory results.
*Allowed values* :
Daily
|Weekly
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-inventoryconfiguration.html#cfn-s3-bucket-inventoryconfiguration-schedulefrequency
interface LambdaConfigurationProperty
interface LambdaConfigurationProperty {}
Describes the AWS Lambda functions to invoke and the events for which to invoke them.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-notificationconfig-lambdaconfig.html
property event
readonly event: string;
The Amazon S3 bucket event for which to invoke the AWS Lambda function. For more information, see [Supported Event Types](https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) in the *Amazon S3 User Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-notificationconfig-lambdaconfig.html#cfn-s3-bucket-notificationconfig-lambdaconfig-event
property filter
readonly filter?: CfnBucket.NotificationFilterProperty | cdk.IResolvable;
The filtering rules that determine which objects invoke the AWS Lambda function. For example, you can create a filter so that only image files with a
.jpg
extension invoke the function when they are added to the Amazon S3 bucket.http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-notificationconfig-lambdaconfig.html#cfn-s3-bucket-notificationconfig-lambdaconfig-filter
property function
readonly function: string;
The Amazon Resource Name (ARN) of the AWS Lambda function that Amazon S3 invokes when the specified event type occurs.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-notificationconfig-lambdaconfig.html#cfn-s3-bucket-notificationconfig-lambdaconfig-function
interface LifecycleConfigurationProperty
interface LifecycleConfigurationProperty {}
Specifies the lifecycle configuration for objects in an Amazon S3 bucket. For more information, see [Object Lifecycle Management](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html) in the *Amazon S3 User Guide* .
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-lifecycleconfig.html
property rules
readonly rules: | Array<CfnBucket.RuleProperty | cdk.IResolvable> | cdk.IResolvable;
A lifecycle rule for individual objects in an Amazon S3 bucket.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-lifecycleconfig.html#cfn-s3-bucket-lifecycleconfig-rules
interface LoggingConfigurationProperty
interface LoggingConfigurationProperty {}
Describes where logs are stored and the prefix that Amazon S3 assigns to all log object keys for a bucket. For examples and more information, see [PUT Bucket logging](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTlogging.html) in the *Amazon S3 API Reference* .
> To successfully complete the
AWS::S3::Bucket LoggingConfiguration
request, you must haves3:PutObject
ands3:PutObjectAcl
in your IAM permissions.external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-loggingconfig.html
property destinationBucketName
readonly destinationBucketName?: string;
The name of the bucket where Amazon S3 should store server access log files. You can store log files in any bucket that you own. By default, logs are stored in the bucket where the
LoggingConfiguration
property is defined.http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-loggingconfig.html#cfn-s3-bucket-loggingconfig-destinationbucketname
property logFilePrefix
readonly logFilePrefix?: string;
A prefix for all log object keys. If you store log files from multiple Amazon S3 buckets in a single bucket, you can use a prefix to distinguish which log files came from which bucket.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-loggingconfig.html#cfn-s3-bucket-loggingconfig-logfileprefix