@aws-cdk/aws-s3

  • Version 1.156.1
  • Published
  • 3.15 MB
  • 6 dependencies
  • Apache-2.0 license

Install

npm i @aws-cdk/aws-s3
yarn add @aws-cdk/aws-s3
pnpm add @aws-cdk/aws-s3

Overview

The CDK Construct Library for AWS::S3

Index

Classes

Interfaces

Enums

Namespaces

Classes

class BlockPublicAccess

class BlockPublicAccess {}

    constructor

    constructor(options: BlockPublicAccessOptions);

      property BLOCK_ACLS

      static readonly BLOCK_ACLS: BlockPublicAccess;

        property BLOCK_ALL

        static readonly BLOCK_ALL: BlockPublicAccess;

          property blockPublicAcls

          blockPublicAcls: boolean;

            property blockPublicPolicy

            blockPublicPolicy: boolean;

              property ignorePublicAcls

              ignorePublicAcls: boolean;

                property restrictPublicBuckets

                restrictPublicBuckets: boolean;

                  class Bucket

                  class Bucket extends BucketBase {}
                  • An S3 bucket with associated policy objects

                    This bucket does not yet have all features that exposed by the underlying BucketResource.

                  constructor

                  constructor(scope: Construct, id: string, props?: BucketProps);

                    property autoCreatePolicy

                    protected autoCreatePolicy: boolean;

                      property bucketArn

                      readonly bucketArn: string;

                        property bucketDomainName

                        readonly bucketDomainName: string;

                          property bucketDualStackDomainName

                          readonly bucketDualStackDomainName: string;

                            property bucketName

                            readonly bucketName: string;

                              property bucketRegionalDomainName

                              readonly bucketRegionalDomainName: string;

                                property bucketWebsiteDomainName

                                readonly bucketWebsiteDomainName: string;

                                  property bucketWebsiteUrl

                                  readonly bucketWebsiteUrl: string;

                                    property disallowPublicAccess

                                    protected disallowPublicAccess?: boolean;

                                      property encryptionKey

                                      readonly encryptionKey?: kms.IKey;

                                        property isWebsite

                                        readonly isWebsite?: boolean;

                                          property policy

                                          policy?: BucketPolicy;

                                            method addCorsRule

                                            addCorsRule: (rule: CorsRule) => void;
                                            • Adds a cross-origin access configuration for objects in an Amazon S3 bucket

                                              Parameter rule

                                              The CORS configuration rule to add

                                            method addInventory

                                            addInventory: (inventory: Inventory) => void;
                                            • Add an inventory configuration.

                                              Parameter inventory

                                              configuration to add

                                            method addLifecycleRule

                                            addLifecycleRule: (rule: LifecycleRule) => void;
                                            • Add a lifecycle rule to the bucket

                                              Parameter rule

                                              The rule to add

                                            method addMetric

                                            addMetric: (metric: BucketMetrics) => void;
                                            • Adds a metrics configuration for the CloudWatch request metrics from the bucket.

                                              Parameter metric

                                              The metric configuration to add

                                            method fromBucketArn

                                            static fromBucketArn: (
                                            scope: Construct,
                                            id: string,
                                            bucketArn: string
                                            ) => IBucket;

                                              method fromBucketAttributes

                                              static fromBucketAttributes: (
                                              scope: Construct,
                                              id: string,
                                              attrs: BucketAttributes
                                              ) => IBucket;
                                              • Creates a Bucket construct that represents an external bucket.

                                                Parameter scope

                                                The parent creating construct (usually this).

                                                Parameter id

                                                The construct's name.

                                                Parameter attrs

                                                A BucketAttributes object. Can be obtained from a call to bucket.export() or manually created.

                                              method fromBucketName

                                              static fromBucketName: (
                                              scope: Construct,
                                              id: string,
                                              bucketName: string
                                              ) => IBucket;

                                                method validateBucketName

                                                static validateBucketName: (physicalName: string) => void;
                                                • Thrown an exception if the given bucket name is not valid.

                                                  Parameter physicalName

                                                  name of the bucket.

                                                class BucketBase

                                                abstract class BucketBase extends Resource implements IBucket {}
                                                • Represents an S3 Bucket.

                                                  Buckets can be either defined within this stack:

                                                  new Bucket(this, 'MyBucket', { props });

                                                  Or imported from an existing bucket:

                                                  Bucket.import(this, 'MyImportedBucket', { bucketArn: ... });

                                                  You can also export a bucket and import it into another stack:

                                                  const ref = myBucket.export(); Bucket.import(this, 'MyImportedBucket', ref);

                                                constructor

                                                constructor(scope: Construct, id: string, props?: ResourceProps);

                                                  property autoCreatePolicy

                                                  protected abstract autoCreatePolicy: boolean;
                                                  • Indicates if a bucket resource policy should automatically created upon the first call to addToResourcePolicy.

                                                  property bucketArn

                                                  abstract readonly bucketArn: string;

                                                    property bucketDomainName

                                                    abstract readonly bucketDomainName: string;

                                                      property bucketDualStackDomainName

                                                      abstract readonly bucketDualStackDomainName: string;

                                                        property bucketName

                                                        abstract readonly bucketName: string;

                                                          property bucketRegionalDomainName

                                                          abstract readonly bucketRegionalDomainName: string;

                                                            property bucketWebsiteDomainName

                                                            abstract readonly bucketWebsiteDomainName: string;

                                                              property bucketWebsiteUrl

                                                              abstract readonly bucketWebsiteUrl: string;

                                                                property disallowPublicAccess

                                                                protected abstract disallowPublicAccess?: boolean;
                                                                • Whether to disallow public access

                                                                property encryptionKey

                                                                abstract readonly encryptionKey?: kms.IKey;
                                                                • Optional KMS encryption key associated with this bucket.

                                                                property isWebsite

                                                                abstract readonly isWebsite?: boolean;
                                                                • If this bucket has been configured for static website hosting.

                                                                property notificationsHandlerRole

                                                                protected notificationsHandlerRole?: iam.IRole;

                                                                  property policy

                                                                  abstract policy?: BucketPolicy;
                                                                  • The resource policy associated with this bucket.

                                                                    If autoCreatePolicy is true, a BucketPolicy will be created upon the first call to addToResourcePolicy(s).

                                                                  method addEventNotification

                                                                  addEventNotification: (
                                                                  event: EventType,
                                                                  dest: IBucketNotificationDestination,
                                                                  ...filters: NotificationKeyFilter[]
                                                                  ) => void;
                                                                  • Adds a bucket notification event destination.

                                                                    Parameter event

                                                                    The event to trigger the notification

                                                                    Parameter dest

                                                                    The notification destination (Lambda, SNS Topic or SQS Queue)

                                                                    Parameter filters

                                                                    S3 object key filter rules to determine which objects trigger this event. Each filter must include a prefix and/or suffix that will be matched against the s3 object key. Refer to the S3 Developer Guide for details about allowed filter rules.

                                                                    Example 1

                                                                    declare const myLambda: lambda.Function; const bucket = new s3.Bucket(this, 'MyBucket'); bucket.addEventNotification(s3.EventType.OBJECT_CREATED, new s3n.LambdaDestination(myLambda), {prefix: 'home/myusername/*'});

                                                                    See Also

                                                                    • https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html#notification-how-to-filtering

                                                                    • https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html

                                                                  method addObjectCreatedNotification

                                                                  addObjectCreatedNotification: (
                                                                  dest: IBucketNotificationDestination,
                                                                  ...filters: NotificationKeyFilter[]
                                                                  ) => void;
                                                                  • Subscribes a destination to receive notifications when an object is created in the bucket. This is identical to calling onEvent(EventType.OBJECT_CREATED).

                                                                    Parameter dest

                                                                    The notification destination (see onEvent)

                                                                    Parameter filters

                                                                    Filters (see onEvent)

                                                                  method addObjectRemovedNotification

                                                                  addObjectRemovedNotification: (
                                                                  dest: IBucketNotificationDestination,
                                                                  ...filters: NotificationKeyFilter[]
                                                                  ) => void;
                                                                  • Subscribes a destination to receive notifications when an object is removed from the bucket. This is identical to calling onEvent(EventType.OBJECT_REMOVED).

                                                                    Parameter dest

                                                                    The notification destination (see onEvent)

                                                                    Parameter filters

                                                                    Filters (see onEvent)

                                                                  method addToResourcePolicy

                                                                  addToResourcePolicy: (
                                                                  permission: iam.PolicyStatement
                                                                  ) => iam.AddToResourcePolicyResult;
                                                                  • Adds a statement to the resource policy for a principal (i.e. account/role/service) to perform actions on this bucket and/or its contents. Use bucketArn and arnForObjects(keys) to obtain ARNs for this bucket or objects.

                                                                    Note that the policy statement may or may not be added to the policy. For example, when an IBucket is created from an existing bucket, it's not possible to tell whether the bucket already has a policy attached, let alone to re-use that policy to add more statements to it. So it's safest to do nothing in these cases.

                                                                    Parameter permission

                                                                    the policy statement to be added to the bucket's policy.

                                                                    Returns

                                                                    metadata about the execution of this method. If the policy was not added, the value of statementAdded will be false. You should always check this value to make sure that the operation was actually carried out. Otherwise, synthesis and deploy will terminate silently, which may be confusing.

                                                                  method arnForObjects

                                                                  arnForObjects: (keyPattern: string) => string;
                                                                  • Returns an ARN that represents all objects within the bucket that match the key pattern specified. To represent all keys, specify ``"*"``.

                                                                    If you need to specify a keyPattern with multiple components, concatenate them into a single string, e.g.:

                                                                    arnForObjects(home/${team}/${user}/*)

                                                                  method enableEventBridgeNotification

                                                                  protected enableEventBridgeNotification: () => void;

                                                                    method grantDelete

                                                                    grantDelete: (identity: iam.IGrantable, objectsKeyPattern?: any) => iam.Grant;
                                                                    • Grants s3:DeleteObject* permission to an IAM principal for objects in this bucket.

                                                                      Parameter identity

                                                                      The principal

                                                                      Parameter objectsKeyPattern

                                                                      Restrict the permission to a certain key pattern (default '*')

                                                                    method grantPublicAccess

                                                                    grantPublicAccess: (
                                                                    keyPrefix?: string,
                                                                    ...allowedActions: string[]
                                                                    ) => iam.Grant;
                                                                    • Allows unrestricted access to objects from this bucket.

                                                                      IMPORTANT: This permission allows anyone to perform actions on S3 objects in this bucket, which is useful for when you configure your bucket as a website and want everyone to be able to read objects in the bucket without needing to authenticate.

                                                                      Without arguments, this method will grant read ("s3:GetObject") access to all objects ("*") in the bucket.

                                                                      The method returns the iam.Grant object, which can then be modified as needed. For example, you can add a condition that will restrict access only to an IPv4 range like this:

                                                                      const grant = bucket.grantPublicAccess(); grant.resourceStatement!.addCondition(‘IpAddress’, { “aws:SourceIp”: “54.240.143.0/24” });

                                                                      Note that if this IBucket refers to an existing bucket, possibly not managed by CloudFormation, this method will have no effect, since it's impossible to modify the policy of an existing bucket.

                                                                      Parameter keyPrefix

                                                                      the prefix of S3 object keys (e.g. home/*). Default is "*".

                                                                      Parameter allowedActions

                                                                      the set of S3 actions to allow. Default is "s3:GetObject".

                                                                    method grantPut

                                                                    grantPut: (identity: iam.IGrantable, objectsKeyPattern?: any) => iam.Grant;
                                                                    • Grants s3:PutObject* and s3:Abort* permissions for this bucket to an IAM principal.

                                                                      If encryption is used, permission to use the key to encrypt the contents of written files will also be granted to the same principal.

                                                                      Parameter identity

                                                                      The principal

                                                                      Parameter objectsKeyPattern

                                                                      Restrict the permission to a certain key pattern (default '*')

                                                                    method grantPutAcl

                                                                    grantPutAcl: (identity: iam.IGrantable, objectsKeyPattern?: string) => iam.Grant;

                                                                      method grantRead

                                                                      grantRead: (identity: iam.IGrantable, objectsKeyPattern?: any) => iam.Grant;
                                                                      • Grant read permissions for this bucket and it's contents to an IAM principal (Role/Group/User).

                                                                        If encryption is used, permission to use the key to decrypt the contents of the bucket will also be granted to the same principal.

                                                                        Parameter identity

                                                                        The principal

                                                                        Parameter objectsKeyPattern

                                                                        Restrict the permission to a certain key pattern (default '*')

                                                                      method grantReadWrite

                                                                      grantReadWrite: (identity: iam.IGrantable, objectsKeyPattern?: any) => iam.Grant;

                                                                        method grantWrite

                                                                        grantWrite: (identity: iam.IGrantable, objectsKeyPattern?: any) => iam.Grant;

                                                                          method onCloudTrailEvent

                                                                          onCloudTrailEvent: (
                                                                          id: string,
                                                                          options?: OnCloudTrailBucketEventOptions
                                                                          ) => events.Rule;
                                                                          • Define a CloudWatch event that triggers when something happens to this repository

                                                                            Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail.

                                                                            Parameter id

                                                                            The id of the rule

                                                                            Parameter options

                                                                            Options for adding the rule

                                                                          method onCloudTrailPutObject

                                                                          onCloudTrailPutObject: (
                                                                          id: string,
                                                                          options?: OnCloudTrailBucketEventOptions
                                                                          ) => events.Rule;
                                                                          • Defines an AWS CloudWatch event that triggers when an object is uploaded to the specified paths (keys) in this bucket using the PutObject API call.

                                                                            Note that some tools like aws s3 cp will automatically use either PutObject or the multipart upload API depending on the file size, so using onCloudTrailWriteObject may be preferable.

                                                                            Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail.

                                                                            Parameter id

                                                                            The id of the rule

                                                                            Parameter options

                                                                            Options for adding the rule

                                                                          method onCloudTrailWriteObject

                                                                          onCloudTrailWriteObject: (
                                                                          id: string,
                                                                          options?: OnCloudTrailBucketEventOptions
                                                                          ) => events.Rule;
                                                                          • Defines an AWS CloudWatch event that triggers when an object at the specified paths (keys) in this bucket are written to. This includes the events PutObject, CopyObject, and CompleteMultipartUpload.

                                                                            Note that some tools like aws s3 cp will automatically use either PutObject or the multipart upload API depending on the file size, so using this method may be preferable to onCloudTrailPutObject.

                                                                            Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail.

                                                                            Parameter id

                                                                            The id of the rule

                                                                            Parameter options

                                                                            Options for adding the rule

                                                                          method s3UrlForObject

                                                                          s3UrlForObject: (key?: string) => string;
                                                                          • The S3 URL of an S3 object. For example:

                                                                            - s3://onlybucket - s3://bucket/key

                                                                            Parameter key

                                                                            The S3 key of the object. If not specified, the S3 URL of the bucket is returned.

                                                                            Returns

                                                                            an ObjectS3Url token

                                                                          method transferAccelerationUrlForObject

                                                                          transferAccelerationUrlForObject: (
                                                                          key?: string,
                                                                          options?: TransferAccelerationUrlOptions
                                                                          ) => string;
                                                                          • The https Transfer Acceleration URL of an S3 object. Specify dualStack: true at the options for dual-stack endpoint (connect to the bucket over IPv6). For example:

                                                                            - https://bucket.s3-accelerate.amazonaws.com - https://bucket.s3-accelerate.amazonaws.com/key

                                                                            Parameter key

                                                                            The S3 key of the object. If not specified, the URL of the bucket is returned.

                                                                            Parameter options

                                                                            Options for generating URL.

                                                                            Returns

                                                                            an TransferAccelerationUrl token

                                                                          method urlForObject

                                                                          urlForObject: (key?: string) => string;
                                                                          • The https URL of an S3 object. Specify regional: false at the options for non-regional URLs. For example:

                                                                            - https://s3.us-west-1.amazonaws.com/onlybucket - https://s3.us-west-1.amazonaws.com/bucket/key - https://s3.cn-north-1.amazonaws.com.cn/china-bucket/mykey

                                                                            Parameter key

                                                                            The S3 key of the object. If not specified, the URL of the bucket is returned.

                                                                            Returns

                                                                            an ObjectS3Url token

                                                                          method validate

                                                                          protected validate: () => string[];

                                                                            method virtualHostedUrlForObject

                                                                            virtualHostedUrlForObject: (
                                                                            key?: string,
                                                                            options?: VirtualHostedStyleUrlOptions
                                                                            ) => string;
                                                                            • The virtual hosted-style URL of an S3 object. Specify regional: false at the options for non-regional URL. For example:

                                                                              - https://only-bucket.s3.us-west-1.amazonaws.com - https://bucket.s3.us-west-1.amazonaws.com/key - https://bucket.s3.amazonaws.com/key - https://china-bucket.s3.cn-north-1.amazonaws.com.cn/mykey

                                                                              Parameter key

                                                                              The S3 key of the object. If not specified, the URL of the bucket is returned.

                                                                              Parameter options

                                                                              Options for generating URL.

                                                                              Returns

                                                                              an ObjectS3Url token

                                                                            class BucketPolicy

                                                                            class BucketPolicy extends Resource {}
                                                                            • The bucket policy for an Amazon S3 bucket

                                                                              Policies define the operations that are allowed on this resource.

                                                                              You almost never need to define this construct directly.

                                                                              All AWS resources that support resource policies have a method called addToResourcePolicy(), which will automatically create a new resource policy if one doesn't exist yet, otherwise it will add to the existing policy.

                                                                              Prefer to use addToResourcePolicy() instead.

                                                                            constructor

                                                                            constructor(scope: Construct, id: string, props: BucketPolicyProps);

                                                                              property document

                                                                              readonly document: PolicyDocument;
                                                                              • A policy document containing permissions to add to the specified bucket. For more information, see Access Policy Language Overview in the Amazon Simple Storage Service Developer Guide.

                                                                              method applyRemovalPolicy

                                                                              applyRemovalPolicy: (removalPolicy: RemovalPolicy) => void;
                                                                              • Sets the removal policy for the BucketPolicy.

                                                                                Parameter removalPolicy

                                                                                the RemovalPolicy to set.

                                                                              class CfnAccessPoint

                                                                              class CfnAccessPoint extends cdk.CfnResource implements cdk.IInspectable {}
                                                                              • A CloudFormation AWS::S3::AccessPoint

                                                                                The AWS::S3::AccessPoint resource is an Amazon S3 resource type that you can use to access buckets.

                                                                                AWS::S3::AccessPoint external

                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html

                                                                              constructor

                                                                              constructor(scope: cdk.Construct, id: string, props: CfnAccessPointProps);
                                                                              • Create a new AWS::S3::AccessPoint.

                                                                                Parameter scope

                                                                                scope in which this resource is defined

                                                                                Parameter id

                                                                                scoped id of the resource

                                                                                Parameter props

                                                                                resource properties

                                                                              property attrAlias

                                                                              readonly attrAlias: string;
                                                                              • The alias for this access point. Alias

                                                                              property attrArn

                                                                              readonly attrArn: string;
                                                                              • This property contains the details of the ARN for the access point. Arn

                                                                              property attrName

                                                                              readonly attrName: string;
                                                                              • The name of this access point. Name

                                                                              property attrNetworkOrigin

                                                                              readonly attrNetworkOrigin: string;
                                                                              • Indicates whether this access point allows access from the internet. If VpcConfiguration is specified for this access point, then NetworkOrigin is VPC , and the access point doesn't allow access from the internet. Otherwise, NetworkOrigin is Internet , and the access point allows access from the internet, subject to the access point and bucket access policies.

                                                                                *Allowed values* : VPC | Internet NetworkOrigin

                                                                              property bucket

                                                                              bucket: string;
                                                                              • The name of the bucket associated with this access point.

                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html#cfn-s3-accesspoint-bucket

                                                                              property CFN_RESOURCE_TYPE_NAME

                                                                              static readonly CFN_RESOURCE_TYPE_NAME: string;
                                                                              • The CloudFormation resource type name for this resource class.

                                                                              property cfnProperties

                                                                              readonly cfnProperties: { [key: string]: any };

                                                                                property name

                                                                                name: string;
                                                                                • The name of this access point. If you don't specify a name, AWS CloudFormation generates a unique ID and uses that ID for the access point name.

                                                                                  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html#cfn-s3-accesspoint-name

                                                                                property policy

                                                                                policy: any;
                                                                                • The access point policy associated with this access point.

                                                                                  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html#cfn-s3-accesspoint-policy

                                                                                property policyStatus

                                                                                policyStatus: any;
                                                                                • The container element for a bucket's policy status.

                                                                                  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html#cfn-s3-accesspoint-policystatus

                                                                                property publicAccessBlockConfiguration

                                                                                publicAccessBlockConfiguration: any;
                                                                                • The PublicAccessBlock configuration that you want to apply to this Amazon S3 bucket. You can enable the configuration options in any combination. For more information about when Amazon S3 considers a bucket or object public, see [The Meaning of "Public"](https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status) in the *Amazon S3 User Guide* .

                                                                                  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html#cfn-s3-accesspoint-publicaccessblockconfiguration

                                                                                property vpcConfiguration

                                                                                vpcConfiguration: any;
                                                                                • The Virtual Private Cloud (VPC) configuration for this access point, if one exists.

                                                                                  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html#cfn-s3-accesspoint-vpcconfiguration

                                                                                method inspect

                                                                                inspect: (inspector: cdk.TreeInspector) => void;
                                                                                • Examines the CloudFormation resource and discloses attributes.

                                                                                  Parameter inspector

                                                                                  tree inspector to collect and process attributes

                                                                                method renderProperties

                                                                                protected renderProperties: (props: { [key: string]: any }) => {
                                                                                [key: string]: any;
                                                                                };

                                                                                  class CfnBucket

                                                                                  class CfnBucket extends cdk.CfnResource implements cdk.IInspectable {}
                                                                                  • A CloudFormation AWS::S3::Bucket

                                                                                    The AWS::S3::Bucket resource creates an Amazon S3 bucket in the same AWS Region where you create the AWS CloudFormation stack.

                                                                                    To control how AWS CloudFormation handles the bucket when the stack is deleted, you can set a deletion policy for your bucket. You can choose to *retain* the bucket or to *delete* the bucket. For more information, see [DeletionPolicy Attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html) .

                                                                                    > You can only delete empty buckets. Deletion fails for buckets that have contents.

                                                                                    AWS::S3::Bucket external

                                                                                    http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html

                                                                                  constructor

                                                                                  constructor(scope: cdk.Construct, id: string, props?: CfnBucketProps);
                                                                                  • Create a new AWS::S3::Bucket.

                                                                                    Parameter scope

                                                                                    scope in which this resource is defined

                                                                                    Parameter id

                                                                                    scoped id of the resource

                                                                                    Parameter props

                                                                                    resource properties

                                                                                  property accelerateConfiguration

                                                                                  accelerateConfiguration: any;
                                                                                  • Configures the transfer acceleration state for an Amazon S3 bucket. For more information, see [Amazon S3 Transfer Acceleration](https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html) in the *Amazon S3 User Guide* .

                                                                                    http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-accelerateconfiguration

                                                                                  property accessControl

                                                                                  accessControl: string;
                                                                                  • A canned access control list (ACL) that grants predefined permissions to the bucket. For more information about canned ACLs, see [Canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl) in the *Amazon S3 User Guide* .

                                                                                    Be aware that the syntax for this property differs from the information provided in the *Amazon S3 User Guide* . The AccessControl property is case-sensitive and must be one of the following values: Private, PublicRead, PublicReadWrite, AuthenticatedRead, LogDeliveryWrite, BucketOwnerRead, BucketOwnerFullControl, or AwsExecRead.

                                                                                    http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-accesscontrol

                                                                                  property analyticsConfigurations

                                                                                  analyticsConfigurations: any;
                                                                                  • Specifies the configuration and any analyses for the analytics filter of an Amazon S3 bucket.

                                                                                    http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-analyticsconfigurations

                                                                                  property attrArn

                                                                                  readonly attrArn: string;
                                                                                  • Returns the Amazon Resource Name (ARN) of the specified bucket.

                                                                                    Example: arn:aws:s3:::DOC-EXAMPLE-BUCKET Arn

                                                                                  property attrDomainName

                                                                                  readonly attrDomainName: string;
                                                                                  • Returns the IPv4 DNS name of the specified bucket.

                                                                                    Example: DOC-EXAMPLE-BUCKET.s3.amazonaws.com DomainName

                                                                                  property attrDualStackDomainName

                                                                                  readonly attrDualStackDomainName: string;
                                                                                  • Returns the IPv6 DNS name of the specified bucket.

                                                                                    Example: DOC-EXAMPLE-BUCKET.s3.dualstack.us-east-2.amazonaws.com

                                                                                    For more information about dual-stack endpoints, see [Using Amazon S3 Dual-Stack Endpoints](https://docs.aws.amazon.com/AmazonS3/latest/dev/dual-stack-endpoints.html) . DualStackDomainName

                                                                                  property attrRegionalDomainName

                                                                                  readonly attrRegionalDomainName: string;
                                                                                  • Returns the regional domain name of the specified bucket.

                                                                                    Example: DOC-EXAMPLE-BUCKET.s3.us-east-2.amazonaws.com RegionalDomainName

                                                                                  property attrWebsiteUrl

                                                                                  readonly attrWebsiteUrl: string;
                                                                                  • Returns the Amazon S3 website endpoint for the specified bucket.

                                                                                    Example (IPv4): http://DOC-EXAMPLE-BUCKET.s3-website.us-east-2.amazonaws.com

                                                                                    Example (IPv6): http://DOC-EXAMPLE-BUCKET.s3.dualstack.us-east-2.amazonaws.com WebsiteURL

                                                                                  property bucketEncryption

                                                                                  bucketEncryption: any;
                                                                                  • Specifies default encryption for a bucket using server-side encryption with Amazon S3-managed keys (SSE-S3) or AWS KMS-managed keys (SSE-KMS) bucket. For information about the Amazon S3 default encryption feature, see [Amazon S3 Default Encryption for S3 Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) in the *Amazon S3 User Guide* .

                                                                                    http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-bucketencryption

                                                                                  property bucketName

                                                                                  bucketName: string;
                                                                                  • A name for the bucket. If you don't specify a name, AWS CloudFormation generates a unique ID and uses that ID for the bucket name. The bucket name must contain only lowercase letters, numbers, periods (.), and dashes (-) and must follow [Amazon S3 bucket restrictions and limitations](https://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html) . For more information, see [Rules for naming Amazon S3 buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html#bucketnamingrules) in the *Amazon S3 User Guide* .

                                                                                    > If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you need to replace the resource, specify a new name.

                                                                                    http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-name

                                                                                  property CFN_RESOURCE_TYPE_NAME

                                                                                  static readonly CFN_RESOURCE_TYPE_NAME: string;
                                                                                  • The CloudFormation resource type name for this resource class.

                                                                                  property cfnProperties

                                                                                  readonly cfnProperties: { [key: string]: any };

                                                                                    property corsConfiguration

                                                                                    corsConfiguration: any;
                                                                                    • Describes the cross-origin access configuration for objects in an Amazon S3 bucket. For more information, see [Enabling Cross-Origin Resource Sharing](https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html) in the *Amazon S3 User Guide* .

                                                                                      http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-crossoriginconfig

                                                                                    property intelligentTieringConfigurations

                                                                                    intelligentTieringConfigurations: any;
                                                                                    • Defines how Amazon S3 handles Intelligent-Tiering storage.

                                                                                      http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-intelligenttieringconfigurations

                                                                                    property inventoryConfigurations

                                                                                    inventoryConfigurations: any;
                                                                                    • Specifies the inventory configuration for an Amazon S3 bucket. For more information, see [GET Bucket inventory](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETInventoryConfig.html) in the *Amazon S3 API Reference* .

                                                                                      http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-inventoryconfigurations

                                                                                    property lifecycleConfiguration

                                                                                    lifecycleConfiguration: any;
                                                                                    • Specifies the lifecycle configuration for objects in an Amazon S3 bucket. For more information, see [Object Lifecycle Management](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html) in the *Amazon S3 User Guide* .

                                                                                      http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-lifecycleconfig

                                                                                    property loggingConfiguration

                                                                                    loggingConfiguration: any;
                                                                                    • Settings that define where logs are stored.

                                                                                      http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-loggingconfig

                                                                                    property metricsConfigurations

                                                                                    metricsConfigurations: any;
                                                                                    • Specifies a metrics configuration for the CloudWatch request metrics (specified by the metrics configuration ID) from an Amazon S3 bucket. If you're updating an existing metrics configuration, note that this is a full replacement of the existing metrics configuration. If you don't include the elements you want to keep, they are erased. For more information, see [PutBucketMetricsConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTMetricConfiguration.html) .

                                                                                      http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-metricsconfigurations

                                                                                    property notificationConfiguration

                                                                                    notificationConfiguration: any;
                                                                                    • Configuration that defines how Amazon S3 handles bucket notifications.

                                                                                      http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-notification

                                                                                    property objectLockConfiguration

                                                                                    objectLockConfiguration: any;
                                                                                    • Places an Object Lock configuration on the specified bucket. The rule specified in the Object Lock configuration will be applied by default to every new object placed in the specified bucket. For more information, see [Locking Objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html) .

                                                                                      > - The DefaultRetention settings require both a mode and a period. > - The DefaultRetention period can be either Days or Years but you must select one. You cannot specify Days and Years at the same time. > - You can only enable Object Lock for new buckets. If you want to turn on Object Lock for an existing bucket, contact AWS Support.

                                                                                      http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-objectlockconfiguration

                                                                                    property objectLockEnabled

                                                                                    objectLockEnabled: any;
                                                                                    • Indicates whether this bucket has an Object Lock configuration enabled. Enable ObjectLockEnabled when you apply ObjectLockConfiguration to a bucket.

                                                                                      http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-objectlockenabled

                                                                                    property ownershipControls

                                                                                    ownershipControls: any;
                                                                                    • Configuration that defines how Amazon S3 handles Object Ownership rules.

                                                                                      http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-ownershipcontrols

                                                                                    property publicAccessBlockConfiguration

                                                                                    publicAccessBlockConfiguration: any;
                                                                                    • Configuration that defines how Amazon S3 handles public access.

                                                                                      http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-publicaccessblockconfiguration

                                                                                    property replicationConfiguration

                                                                                    replicationConfiguration: any;
                                                                                    • Configuration for replicating objects in an S3 bucket. To enable replication, you must also enable versioning by using the VersioningConfiguration property.

                                                                                      Amazon S3 can store replicated objects in a single destination bucket or multiple destination buckets. The destination bucket or buckets must already exist.

                                                                                      http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-replicationconfiguration

                                                                                    property tags

                                                                                    readonly tags: cdk.TagManager;
                                                                                    • An arbitrary set of tags (key-value pairs) for this S3 bucket.

                                                                                      http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-tags

                                                                                    property versioningConfiguration

                                                                                    versioningConfiguration: any;
                                                                                    • Enables multiple versions of all objects in this bucket. You might enable versioning to prevent objects from being deleted or overwritten by mistake or to archive objects so that you can retrieve previous versions of them.

                                                                                      http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-versioning

                                                                                    property websiteConfiguration

                                                                                    websiteConfiguration: any;
                                                                                    • Information used to configure the bucket as a static website. For more information, see [Hosting Websites on Amazon S3](https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html) .

                                                                                      http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-websiteconfiguration

                                                                                    method inspect

                                                                                    inspect: (inspector: cdk.TreeInspector) => void;
                                                                                    • Examines the CloudFormation resource and discloses attributes.

                                                                                      Parameter inspector

                                                                                      tree inspector to collect and process attributes

                                                                                    method renderProperties

                                                                                    protected renderProperties: (props: { [key: string]: any }) => {
                                                                                    [key: string]: any;
                                                                                    };

                                                                                      class CfnBucketPolicy

                                                                                      class CfnBucketPolicy extends cdk.CfnResource implements cdk.IInspectable {}
                                                                                      • A CloudFormation AWS::S3::BucketPolicy

                                                                                        Applies an Amazon S3 bucket policy to an Amazon S3 bucket. If you are using an identity other than the root user of the AWS account that owns the bucket, the calling identity must have the PutBucketPolicy permissions on the specified bucket and belong to the bucket owner's account in order to use this operation.

                                                                                        If you don't have PutBucketPolicy permissions, Amazon S3 returns a 403 Access Denied error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 405 Method Not Allowed error.

                                                                                        > As a security precaution, the root user of the AWS account that owns a bucket can always use this operation, even if the policy explicitly denies the root user the ability to perform this action.

                                                                                        For more information, see [Bucket policy examples](https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html) .

                                                                                        The following operations are related to PutBucketPolicy :

                                                                                        - [CreateBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) - [DeleteBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html)

                                                                                        AWS::S3::BucketPolicy external

                                                                                        http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-policy.html

                                                                                      constructor

                                                                                      constructor(scope: cdk.Construct, id: string, props: CfnBucketPolicyProps);
                                                                                      • Create a new AWS::S3::BucketPolicy.

                                                                                        Parameter scope

                                                                                        scope in which this resource is defined

                                                                                        Parameter id

                                                                                        scoped id of the resource

                                                                                        Parameter props

                                                                                        resource properties

                                                                                      property bucket

                                                                                      bucket: string;
                                                                                      • The name of the Amazon S3 bucket to which the policy applies.

                                                                                        http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-policy.html#aws-properties-s3-policy-bucket

                                                                                      property CFN_RESOURCE_TYPE_NAME

                                                                                      static readonly CFN_RESOURCE_TYPE_NAME: string;
                                                                                      • The CloudFormation resource type name for this resource class.

                                                                                      property cfnProperties

                                                                                      readonly cfnProperties: { [key: string]: any };

                                                                                        property policyDocument

                                                                                        policyDocument: any;
                                                                                        • A policy document containing permissions to add to the specified bucket. In IAM, you must provide policy documents in JSON format. However, in CloudFormation you can provide the policy in JSON or YAML format because CloudFormation converts YAML to JSON before submitting it to IAM. For more information, see the AWS::IAM::Policy [PolicyDocument](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html#cfn-iam-policy-policydocument) resource description in this guide and [Access Policy Language Overview](https://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html) in the *Amazon S3 User Guide* .

                                                                                          http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-policy.html#aws-properties-s3-policy-policydocument

                                                                                        method inspect

                                                                                        inspect: (inspector: cdk.TreeInspector) => void;
                                                                                        • Examines the CloudFormation resource and discloses attributes.

                                                                                          Parameter inspector

                                                                                          tree inspector to collect and process attributes

                                                                                        method renderProperties

                                                                                        protected renderProperties: (props: { [key: string]: any }) => {
                                                                                        [key: string]: any;
                                                                                        };

                                                                                          class CfnMultiRegionAccessPoint

                                                                                          class CfnMultiRegionAccessPoint
                                                                                          extends cdk.CfnResource
                                                                                          implements cdk.IInspectable {}
                                                                                          • A CloudFormation AWS::S3::MultiRegionAccessPoint

                                                                                            The AWS::S3::MultiRegionAccessPoint resource creates an Amazon S3 Multi-Region Access Point. To learn more about Multi-Region Access Points, see [Multi-Region Access Points in Amazon S3](https://docs.aws.amazon.com/AmazonS3/latest/userguide/MultiRegionAccessPoints.html) in the in the *Amazon S3 User Guide* .

                                                                                            AWS::S3::MultiRegionAccessPoint external

                                                                                            http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-multiregionaccesspoint.html

                                                                                          constructor

                                                                                          constructor(
                                                                                          scope: cdk.Construct,
                                                                                          id: string,
                                                                                          props: CfnMultiRegionAccessPointProps
                                                                                          );
                                                                                          • Create a new AWS::S3::MultiRegionAccessPoint.

                                                                                            Parameter scope

                                                                                            scope in which this resource is defined

                                                                                            Parameter id

                                                                                            scoped id of the resource

                                                                                            Parameter props

                                                                                            resource properties

                                                                                          property attrAlias

                                                                                          readonly attrAlias: string;
                                                                                          • The alias for the Multi-Region Access Point. For more information about the distinction between the name and the alias of an Multi-Region Access Point, see [Managing Multi-Region Access Points](https://docs.aws.amazon.com/AmazonS3/latest/userguide/CreatingMultiRegionAccessPoints.html#multi-region-access-point-naming) in the *Amazon S3 User Guide* . Alias

                                                                                          property attrCreatedAt

                                                                                          readonly attrCreatedAt: string;
                                                                                          • The timestamp of when the Multi-Region Access Point is created. CreatedAt

                                                                                          property CFN_RESOURCE_TYPE_NAME

                                                                                          static readonly CFN_RESOURCE_TYPE_NAME: string;
                                                                                          • The CloudFormation resource type name for this resource class.

                                                                                          property cfnProperties

                                                                                          readonly cfnProperties: { [key: string]: any };

                                                                                            property name

                                                                                            name: string;
                                                                                            • The name of the Multi-Region Access Point.

                                                                                              http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-multiregionaccesspoint.html#cfn-s3-multiregionaccesspoint-name

                                                                                            property publicAccessBlockConfiguration

                                                                                            publicAccessBlockConfiguration: any;
                                                                                            • The PublicAccessBlock configuration that you want to apply to this Multi-Region Access Point. You can enable the configuration options in any combination. For more information about when Amazon S3 considers an object public, see [The Meaning of "Public"](https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status) in the *Amazon S3 User Guide* .

                                                                                              http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-multiregionaccesspoint.html#cfn-s3-multiregionaccesspoint-publicaccessblockconfiguration

                                                                                            property regions

                                                                                            regions: any;
                                                                                            • A collection of the Regions and buckets associated with the Multi-Region Access Point.

                                                                                              http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-multiregionaccesspoint.html#cfn-s3-multiregionaccesspoint-regions

                                                                                            method inspect

                                                                                            inspect: (inspector: cdk.TreeInspector) => void;
                                                                                            • Examines the CloudFormation resource and discloses attributes.

                                                                                              Parameter inspector

                                                                                              tree inspector to collect and process attributes

                                                                                            method renderProperties

                                                                                            protected renderProperties: (props: { [key: string]: any }) => {
                                                                                            [key: string]: any;
                                                                                            };

                                                                                              class CfnMultiRegionAccessPointPolicy

                                                                                              class CfnMultiRegionAccessPointPolicy
                                                                                              extends cdk.CfnResource
                                                                                              implements cdk.IInspectable {}
                                                                                              • A CloudFormation AWS::S3::MultiRegionAccessPointPolicy

                                                                                                Applies an Amazon S3 access policy to an Amazon S3 Multi-Region Access Point.

                                                                                                It is not possible to delete an access policy for a Multi-Region Access Point from the CloudFormation template. When you attempt to delete the policy, CloudFormation updates the policy using DeletionPolicy:Retain and UpdateReplacePolicy:Retain . CloudFormation updates the policy to only allow access to the account that created the bucket.

                                                                                                AWS::S3::MultiRegionAccessPointPolicy external

                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-multiregionaccesspointpolicy.html

                                                                                              constructor

                                                                                              constructor(
                                                                                              scope: cdk.Construct,
                                                                                              id: string,
                                                                                              props: CfnMultiRegionAccessPointPolicyProps
                                                                                              );
                                                                                              • Create a new AWS::S3::MultiRegionAccessPointPolicy.

                                                                                                Parameter scope

                                                                                                scope in which this resource is defined

                                                                                                Parameter id

                                                                                                scoped id of the resource

                                                                                                Parameter props

                                                                                                resource properties

                                                                                              property CFN_RESOURCE_TYPE_NAME

                                                                                              static readonly CFN_RESOURCE_TYPE_NAME: string;
                                                                                              • The CloudFormation resource type name for this resource class.

                                                                                              property cfnProperties

                                                                                              readonly cfnProperties: { [key: string]: any };

                                                                                                property mrapName

                                                                                                mrapName: string;
                                                                                                • The name of the Multi-Region Access Point.

                                                                                                  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-multiregionaccesspointpolicy.html#cfn-s3-multiregionaccesspointpolicy-mrapname

                                                                                                property policy

                                                                                                policy: any;
                                                                                                • The access policy associated with the Multi-Region Access Point.

                                                                                                  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-multiregionaccesspointpolicy.html#cfn-s3-multiregionaccesspointpolicy-policy

                                                                                                method inspect

                                                                                                inspect: (inspector: cdk.TreeInspector) => void;
                                                                                                • Examines the CloudFormation resource and discloses attributes.

                                                                                                  Parameter inspector

                                                                                                  tree inspector to collect and process attributes

                                                                                                method renderProperties

                                                                                                protected renderProperties: (props: { [key: string]: any }) => {
                                                                                                [key: string]: any;
                                                                                                };

                                                                                                  class CfnStorageLens

                                                                                                  class CfnStorageLens extends cdk.CfnResource implements cdk.IInspectable {}
                                                                                                  • A CloudFormation AWS::S3::StorageLens

                                                                                                    The AWS::S3::StorageLens resource creates an instance of an Amazon S3 Storage Lens configuration.

                                                                                                    AWS::S3::StorageLens external

                                                                                                    http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-storagelens.html

                                                                                                  constructor

                                                                                                  constructor(scope: cdk.Construct, id: string, props: CfnStorageLensProps);
                                                                                                  • Create a new AWS::S3::StorageLens.

                                                                                                    Parameter scope

                                                                                                    scope in which this resource is defined

                                                                                                    Parameter id

                                                                                                    scoped id of the resource

                                                                                                    Parameter props

                                                                                                    resource properties

                                                                                                  property attrStorageLensConfigurationStorageLensArn

                                                                                                  readonly attrStorageLensConfigurationStorageLensArn: string;
                                                                                                  • This property contains the details of the ARN of the S3 Storage Lens configuration. This property is read-only. StorageLensConfiguration.StorageLensArn

                                                                                                  property CFN_RESOURCE_TYPE_NAME

                                                                                                  static readonly CFN_RESOURCE_TYPE_NAME: string;
                                                                                                  • The CloudFormation resource type name for this resource class.

                                                                                                  property cfnProperties

                                                                                                  readonly cfnProperties: { [key: string]: any };

                                                                                                    property storageLensConfiguration

                                                                                                    storageLensConfiguration: any;
                                                                                                    • This resource contains the details Amazon S3 Storage Lens configuration.

                                                                                                      http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-storagelens.html#cfn-s3-storagelens-storagelensconfiguration

                                                                                                    property tags

                                                                                                    readonly tags: cdk.TagManager;
                                                                                                    • A set of tags (key–value pairs) to associate with the Storage Lens configuration.

                                                                                                      http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-storagelens.html#cfn-s3-storagelens-tags

                                                                                                    method inspect

                                                                                                    inspect: (inspector: cdk.TreeInspector) => void;
                                                                                                    • Examines the CloudFormation resource and discloses attributes.

                                                                                                      Parameter inspector

                                                                                                      tree inspector to collect and process attributes

                                                                                                    method renderProperties

                                                                                                    protected renderProperties: (props: { [key: string]: any }) => {
                                                                                                    [key: string]: any;
                                                                                                    };

                                                                                                      class ReplaceKey

                                                                                                      class ReplaceKey {}

                                                                                                        property prefixWithKey

                                                                                                        readonly prefixWithKey?: string;

                                                                                                          property withKey

                                                                                                          readonly withKey?: string;

                                                                                                            method prefixWith

                                                                                                            static prefixWith: (keyReplacement: string) => ReplaceKey;
                                                                                                            • The object key prefix to use in the redirect request

                                                                                                            method with

                                                                                                            static with: (keyReplacement: string) => ReplaceKey;
                                                                                                            • The specific object key to use in the redirect request

                                                                                                            class StorageClass

                                                                                                            class StorageClass {}
                                                                                                            • Storage class to move an object to

                                                                                                            constructor

                                                                                                            constructor(value: string);

                                                                                                              property DEEP_ARCHIVE

                                                                                                              static readonly DEEP_ARCHIVE: StorageClass;
                                                                                                              • Use for archiving data that rarely needs to be accessed. Data stored in the DEEP_ARCHIVE storage class has a minimum storage duration period of 180 days and a default retrieval time of 12 hours. If you delete an object before the 180-day minimum, you are charged for 180 days. For pricing information, see Amazon S3 Pricing.

                                                                                                              property GLACIER

                                                                                                              static readonly GLACIER: StorageClass;
                                                                                                              • Storage class for long-term archival that can take between minutes and hours to access.

                                                                                                                Use for archives where portions of the data might need to be retrieved in minutes. Data stored in the GLACIER storage class has a minimum storage duration period of 90 days and can be accessed in as little as 1-5 minutes using expedited retrieval. If you delete an object before the 90-day minimum, you are charged for 90 days.

                                                                                                              property GLACIER_INSTANT_RETRIEVAL

                                                                                                              static readonly GLACIER_INSTANT_RETRIEVAL: StorageClass;
                                                                                                              • Storage class for long-term archival that can be accessed in a few milliseconds.

                                                                                                                It is ideal for data that is accessed once or twice per quarter, and that requires immediate access. Data stored in the GLACIER_IR storage class has a minimum storage duration period of 90 days and can be accessed in as milliseconds. If you delete an object before the 90-day minimum, you are charged for 90 days.

                                                                                                              property INFREQUENT_ACCESS

                                                                                                              static readonly INFREQUENT_ACCESS: StorageClass;
                                                                                                              • Storage class for data that is accessed less frequently, but requires rapid access when needed.

                                                                                                                Has lower availability than Standard storage.

                                                                                                              property INTELLIGENT_TIERING

                                                                                                              static readonly INTELLIGENT_TIERING: StorageClass;
                                                                                                              • The INTELLIGENT_TIERING storage class is designed to optimize storage costs by automatically moving data to the most cost-effective storage access tier, without performance impact or operational overhead. INTELLIGENT_TIERING delivers automatic cost savings by moving data on a granular object level between two access tiers, a frequent access tier and a lower-cost infrequent access tier, when access patterns change. The INTELLIGENT_TIERING storage class is ideal if you want to optimize storage costs automatically for long-lived data when access patterns are unknown or unpredictable.

                                                                                                              property ONE_ZONE_INFREQUENT_ACCESS

                                                                                                              static readonly ONE_ZONE_INFREQUENT_ACCESS: StorageClass;
                                                                                                              • Infrequent Access that's only stored in one availability zone.

                                                                                                                Has lower availability than standard InfrequentAccess.

                                                                                                              property value

                                                                                                              readonly value: string;

                                                                                                                method toString

                                                                                                                toString: () => string;

                                                                                                                  Interfaces

                                                                                                                  interface BlockPublicAccessOptions

                                                                                                                  interface BlockPublicAccessOptions {}

                                                                                                                    property blockPublicAcls

                                                                                                                    readonly blockPublicAcls?: boolean;
                                                                                                                    • Whether to block public ACLs

                                                                                                                      See Also

                                                                                                                      • https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-options

                                                                                                                    property blockPublicPolicy

                                                                                                                    readonly blockPublicPolicy?: boolean;
                                                                                                                    • Whether to block public policy

                                                                                                                      See Also

                                                                                                                      • https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-options

                                                                                                                    property ignorePublicAcls

                                                                                                                    readonly ignorePublicAcls?: boolean;
                                                                                                                    • Whether to ignore public ACLs

                                                                                                                      See Also

                                                                                                                      • https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-options

                                                                                                                    property restrictPublicBuckets

                                                                                                                    readonly restrictPublicBuckets?: boolean;
                                                                                                                    • Whether to restrict public access

                                                                                                                      See Also

                                                                                                                      • https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-options

                                                                                                                    interface BucketAttributes

                                                                                                                    interface BucketAttributes {}
                                                                                                                    • A reference to a bucket outside this stack

                                                                                                                    property account

                                                                                                                    readonly account?: string;
                                                                                                                    • The account this existing bucket belongs to.

                                                                                                                      - it's assumed the bucket belongs to the same account as the scope it's being imported into

                                                                                                                    property bucketArn

                                                                                                                    readonly bucketArn?: string;
                                                                                                                    • The ARN of the bucket. At least one of bucketArn or bucketName must be defined in order to initialize a bucket ref.

                                                                                                                    property bucketDomainName

                                                                                                                    readonly bucketDomainName?: string;
                                                                                                                    • The domain name of the bucket.

                                                                                                                      Inferred from bucket name

                                                                                                                    property bucketDualStackDomainName

                                                                                                                    readonly bucketDualStackDomainName?: string;
                                                                                                                    • The IPv6 DNS name of the specified bucket.

                                                                                                                    property bucketName

                                                                                                                    readonly bucketName?: string;
                                                                                                                    • The name of the bucket. If the underlying value of ARN is a string, the name will be parsed from the ARN. Otherwise, the name is optional, but some features that require the bucket name such as auto-creating a bucket policy, won't work.

                                                                                                                    property bucketRegionalDomainName

                                                                                                                    readonly bucketRegionalDomainName?: string;
                                                                                                                    • The regional domain name of the specified bucket.

                                                                                                                    property bucketWebsiteNewUrlFormat

                                                                                                                    readonly bucketWebsiteNewUrlFormat?: boolean;
                                                                                                                    • The format of the website URL of the bucket. This should be true for regions launched since 2014.

                                                                                                                      false

                                                                                                                    property bucketWebsiteUrl

                                                                                                                    readonly bucketWebsiteUrl?: string;
                                                                                                                    • The website URL of the bucket (if static web hosting is enabled).

                                                                                                                      Inferred from bucket name

                                                                                                                    property encryptionKey

                                                                                                                    readonly encryptionKey?: kms.IKey;

                                                                                                                      property isWebsite

                                                                                                                      readonly isWebsite?: boolean;
                                                                                                                      • If this bucket has been configured for static website hosting.

                                                                                                                        false

                                                                                                                      property notificationsHandlerRole

                                                                                                                      readonly notificationsHandlerRole?: iam.IRole;
                                                                                                                      • The role to be used by the notifications handler

                                                                                                                        - a new role will be created.

                                                                                                                      property region

                                                                                                                      readonly region?: string;
                                                                                                                      • The region this existing bucket is in.

                                                                                                                        - it's assumed the bucket is in the same region as the scope it's being imported into

                                                                                                                      interface BucketMetrics

                                                                                                                      interface BucketMetrics {}
                                                                                                                      • Specifies a metrics configuration for the CloudWatch request metrics from an Amazon S3 bucket.

                                                                                                                      property id

                                                                                                                      readonly id: string;
                                                                                                                      • The ID used to identify the metrics configuration.

                                                                                                                      property prefix

                                                                                                                      readonly prefix?: string;
                                                                                                                      • The prefix that an object must have to be included in the metrics results.

                                                                                                                      property tagFilters

                                                                                                                      readonly tagFilters?: {
                                                                                                                      [tag: string]: any;
                                                                                                                      };
                                                                                                                      • Specifies a list of tag filters to use as a metrics configuration filter. The metrics configuration includes only objects that meet the filter's criteria.

                                                                                                                      interface BucketNotificationDestinationConfig

                                                                                                                      interface BucketNotificationDestinationConfig {}
                                                                                                                      • Represents the properties of a notification destination.

                                                                                                                      property arn

                                                                                                                      readonly arn: string;
                                                                                                                      • The ARN of the destination (i.e. Lambda, SNS, SQS).

                                                                                                                      property dependencies

                                                                                                                      readonly dependencies?: cdk.IDependable[];
                                                                                                                      • Any additional dependencies that should be resolved before the bucket notification can be configured (for example, the SNS Topic Policy resource).

                                                                                                                      property type

                                                                                                                      readonly type: BucketNotificationDestinationType;
                                                                                                                      • The notification type.

                                                                                                                      interface BucketPolicyProps

                                                                                                                      interface BucketPolicyProps {}

                                                                                                                        property bucket

                                                                                                                        readonly bucket: IBucket;
                                                                                                                        • The Amazon S3 bucket that the policy applies to.

                                                                                                                        property removalPolicy

                                                                                                                        readonly removalPolicy?: RemovalPolicy;
                                                                                                                        • Policy to apply when the policy is removed from this stack.

                                                                                                                          - RemovalPolicy.DESTROY.

                                                                                                                        interface BucketProps

                                                                                                                        interface BucketProps {}

                                                                                                                          property accessControl

                                                                                                                          readonly accessControl?: BucketAccessControl;
                                                                                                                          • Specifies a canned ACL that grants predefined permissions to the bucket.

                                                                                                                            BucketAccessControl.PRIVATE

                                                                                                                          property autoDeleteObjects

                                                                                                                          readonly autoDeleteObjects?: boolean;
                                                                                                                          • Whether all objects should be automatically deleted when the bucket is removed from the stack or when the stack is deleted.

                                                                                                                            Requires the removalPolicy to be set to RemovalPolicy.DESTROY.

                                                                                                                            **Warning** if you have deployed a bucket with autoDeleteObjects: true, switching this to false in a CDK version *before* 1.126.0 will lead to all objects in the bucket being deleted. Be sure to update your bucket resources by deploying with CDK version 1.126.0 or later **before** switching this value to false.

                                                                                                                            false

                                                                                                                          property blockPublicAccess

                                                                                                                          readonly blockPublicAccess?: BlockPublicAccess;
                                                                                                                          • The block public access configuration of this bucket.

                                                                                                                            See Also

                                                                                                                            • https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html

                                                                                                                              - CloudFormation defaults will apply. New buckets and objects don't allow public access, but users can modify bucket policies or object permissions to allow public access

                                                                                                                          property bucketKeyEnabled

                                                                                                                          readonly bucketKeyEnabled?: boolean;
                                                                                                                          • Specifies whether Amazon S3 should use an S3 Bucket Key with server-side encryption using KMS (SSE-KMS) for new objects in the bucket.

                                                                                                                            Only relevant, when Encryption is set to BucketEncryption.KMS

                                                                                                                            - false

                                                                                                                          property bucketName

                                                                                                                          readonly bucketName?: string;
                                                                                                                          • Physical name of this bucket.

                                                                                                                            - Assigned by CloudFormation (recommended).

                                                                                                                          property cors

                                                                                                                          readonly cors?: CorsRule[];
                                                                                                                          • The CORS configuration of this bucket.

                                                                                                                            See Also

                                                                                                                            • https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-cors.html

                                                                                                                              - No CORS configuration.

                                                                                                                          property encryption

                                                                                                                          readonly encryption?: BucketEncryption;
                                                                                                                          • The kind of server-side encryption to apply to this bucket.

                                                                                                                            If you choose KMS, you can specify a KMS key via encryptionKey. If encryption key is not specified, a key will automatically be created.

                                                                                                                            - Kms if encryptionKey is specified, or Unencrypted otherwise.

                                                                                                                          property encryptionKey

                                                                                                                          readonly encryptionKey?: kms.IKey;
                                                                                                                          • External KMS key to use for bucket encryption.

                                                                                                                            The 'encryption' property must be either not specified or set to "Kms". An error will be emitted if encryption is set to "Unencrypted" or "Managed".

                                                                                                                            - If encryption is set to "Kms" and this property is undefined, a new KMS key will be created and associated with this bucket.

                                                                                                                          property enforceSSL

                                                                                                                          readonly enforceSSL?: boolean;
                                                                                                                          • Enforces SSL for requests. S3.5 of the AWS Foundational Security Best Practices Regarding S3.

                                                                                                                            See Also

                                                                                                                            • https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-ssl-requests-only.html

                                                                                                                              false

                                                                                                                          property eventBridgeEnabled

                                                                                                                          readonly eventBridgeEnabled?: boolean;
                                                                                                                          • Whether this bucket should send notifications to Amazon EventBridge or not.

                                                                                                                            false

                                                                                                                          property intelligentTieringConfigurations

                                                                                                                          readonly intelligentTieringConfigurations?: IntelligentTieringConfiguration[];
                                                                                                                          • Inteligent Tiering Configurations

                                                                                                                            See Also

                                                                                                                            • https://docs.aws.amazon.com/AmazonS3/latest/userguide/intelligent-tiering.html

                                                                                                                              No Intelligent Tiiering Configurations.

                                                                                                                          property inventories

                                                                                                                          readonly inventories?: Inventory[];
                                                                                                                          • The inventory configuration of the bucket.

                                                                                                                            See Also

                                                                                                                            • https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-inventory.html

                                                                                                                              - No inventory configuration

                                                                                                                          property lifecycleRules

                                                                                                                          readonly lifecycleRules?: LifecycleRule[];
                                                                                                                          • Rules that define how Amazon S3 manages objects during their lifetime.

                                                                                                                            - No lifecycle rules.

                                                                                                                          property metrics

                                                                                                                          readonly metrics?: BucketMetrics[];
                                                                                                                          • The metrics configuration of this bucket.

                                                                                                                            See Also

                                                                                                                            • https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-metricsconfiguration.html

                                                                                                                              - No metrics configuration.

                                                                                                                          property notificationsHandlerRole

                                                                                                                          readonly notificationsHandlerRole?: iam.IRole;
                                                                                                                          • The role to be used by the notifications handler

                                                                                                                            - a new role will be created.

                                                                                                                          property objectOwnership

                                                                                                                          readonly objectOwnership?: ObjectOwnership;
                                                                                                                          • The objectOwnership of the bucket.

                                                                                                                            See Also

                                                                                                                            • https://docs.aws.amazon.com/AmazonS3/latest/dev/about-object-ownership.html

                                                                                                                              - No ObjectOwnership configuration, uploading account will own the object.

                                                                                                                          property publicReadAccess

                                                                                                                          readonly publicReadAccess?: boolean;
                                                                                                                          • Grants public read access to all objects in the bucket. Similar to calling bucket.grantPublicAccess()

                                                                                                                            false

                                                                                                                          property removalPolicy

                                                                                                                          readonly removalPolicy?: RemovalPolicy;
                                                                                                                          • Policy to apply when the bucket is removed from this stack.

                                                                                                                            - The bucket will be orphaned.

                                                                                                                          property serverAccessLogsBucket

                                                                                                                          readonly serverAccessLogsBucket?: IBucket;
                                                                                                                          • Destination bucket for the server access logs. - If "serverAccessLogsPrefix" undefined - access logs disabled, otherwise - log to current bucket.

                                                                                                                          property serverAccessLogsPrefix

                                                                                                                          readonly serverAccessLogsPrefix?: string;
                                                                                                                          • Optional log file prefix to use for the bucket's access logs. If defined without "serverAccessLogsBucket", enables access logs to current bucket with this prefix. - No log file prefix

                                                                                                                          property transferAcceleration

                                                                                                                          readonly transferAcceleration?: boolean;
                                                                                                                          • Whether this bucket should have transfer acceleration turned on or not.

                                                                                                                            false

                                                                                                                          property versioned

                                                                                                                          readonly versioned?: boolean;
                                                                                                                          • Whether this bucket should have versioning turned on or not.

                                                                                                                            false

                                                                                                                          property websiteErrorDocument

                                                                                                                          readonly websiteErrorDocument?: string;
                                                                                                                          • The name of the error document (e.g. "404.html") for the website. websiteIndexDocument must also be set if this is set.

                                                                                                                            - No error document.

                                                                                                                          property websiteIndexDocument

                                                                                                                          readonly websiteIndexDocument?: string;
                                                                                                                          • The name of the index document (e.g. "index.html") for the website. Enables static website hosting for this bucket.

                                                                                                                            - No index document.

                                                                                                                          property websiteRedirect

                                                                                                                          readonly websiteRedirect?: RedirectTarget;
                                                                                                                          • Specifies the redirect behavior of all requests to a website endpoint of a bucket.

                                                                                                                            If you specify this property, you can't specify "websiteIndexDocument", "websiteErrorDocument" nor , "websiteRoutingRules".

                                                                                                                            - No redirection.

                                                                                                                          property websiteRoutingRules

                                                                                                                          readonly websiteRoutingRules?: RoutingRule[];
                                                                                                                          • Rules that define when a redirect is applied and the redirect behavior

                                                                                                                            - No redirection rules.

                                                                                                                          interface CfnAccessPointProps

                                                                                                                          interface CfnAccessPointProps {}
                                                                                                                          • Properties for defining a CfnAccessPoint

                                                                                                                            external

                                                                                                                            http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html

                                                                                                                          property bucket

                                                                                                                          readonly bucket: string;
                                                                                                                          • The name of the bucket associated with this access point.

                                                                                                                            http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html#cfn-s3-accesspoint-bucket

                                                                                                                          property name

                                                                                                                          readonly name?: string;
                                                                                                                          • The name of this access point. If you don't specify a name, AWS CloudFormation generates a unique ID and uses that ID for the access point name.

                                                                                                                            http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html#cfn-s3-accesspoint-name

                                                                                                                          property policy

                                                                                                                          readonly policy?: any | cdk.IResolvable;
                                                                                                                          • The access point policy associated with this access point.

                                                                                                                            http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html#cfn-s3-accesspoint-policy

                                                                                                                          property policyStatus

                                                                                                                          readonly policyStatus?: any | cdk.IResolvable;
                                                                                                                          • The container element for a bucket's policy status.

                                                                                                                            http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html#cfn-s3-accesspoint-policystatus

                                                                                                                          property publicAccessBlockConfiguration

                                                                                                                          readonly publicAccessBlockConfiguration?:
                                                                                                                          | CfnAccessPoint.PublicAccessBlockConfigurationProperty
                                                                                                                          | cdk.IResolvable;
                                                                                                                          • The PublicAccessBlock configuration that you want to apply to this Amazon S3 bucket. You can enable the configuration options in any combination. For more information about when Amazon S3 considers a bucket or object public, see [The Meaning of "Public"](https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status) in the *Amazon S3 User Guide* .

                                                                                                                            http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html#cfn-s3-accesspoint-publicaccessblockconfiguration

                                                                                                                          property vpcConfiguration

                                                                                                                          readonly vpcConfiguration?:
                                                                                                                          | CfnAccessPoint.VpcConfigurationProperty
                                                                                                                          | cdk.IResolvable;
                                                                                                                          • The Virtual Private Cloud (VPC) configuration for this access point, if one exists.

                                                                                                                            http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html#cfn-s3-accesspoint-vpcconfiguration

                                                                                                                          interface CfnBucketPolicyProps

                                                                                                                          interface CfnBucketPolicyProps {}
                                                                                                                          • Properties for defining a CfnBucketPolicy

                                                                                                                            external

                                                                                                                            http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-policy.html

                                                                                                                          property bucket

                                                                                                                          readonly bucket: string;
                                                                                                                          • The name of the Amazon S3 bucket to which the policy applies.

                                                                                                                            http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-policy.html#aws-properties-s3-policy-bucket

                                                                                                                          property policyDocument

                                                                                                                          readonly policyDocument: any | cdk.IResolvable;
                                                                                                                          • A policy document containing permissions to add to the specified bucket. In IAM, you must provide policy documents in JSON format. However, in CloudFormation you can provide the policy in JSON or YAML format because CloudFormation converts YAML to JSON before submitting it to IAM. For more information, see the AWS::IAM::Policy [PolicyDocument](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html#cfn-iam-policy-policydocument) resource description in this guide and [Access Policy Language Overview](https://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html) in the *Amazon S3 User Guide* .

                                                                                                                            http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-policy.html#aws-properties-s3-policy-policydocument

                                                                                                                          interface CfnBucketProps

                                                                                                                          interface CfnBucketProps {}
                                                                                                                          • Properties for defining a CfnBucket

                                                                                                                            external

                                                                                                                            http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html

                                                                                                                          property accelerateConfiguration

                                                                                                                          readonly accelerateConfiguration?:
                                                                                                                          | CfnBucket.AccelerateConfigurationProperty
                                                                                                                          | cdk.IResolvable;
                                                                                                                          • Configures the transfer acceleration state for an Amazon S3 bucket. For more information, see [Amazon S3 Transfer Acceleration](https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html) in the *Amazon S3 User Guide* .

                                                                                                                            http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-accelerateconfiguration

                                                                                                                          property accessControl

                                                                                                                          readonly accessControl?: string;
                                                                                                                          • A canned access control list (ACL) that grants predefined permissions to the bucket. For more information about canned ACLs, see [Canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl) in the *Amazon S3 User Guide* .

                                                                                                                            Be aware that the syntax for this property differs from the information provided in the *Amazon S3 User Guide* . The AccessControl property is case-sensitive and must be one of the following values: Private, PublicRead, PublicReadWrite, AuthenticatedRead, LogDeliveryWrite, BucketOwnerRead, BucketOwnerFullControl, or AwsExecRead.

                                                                                                                            http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-accesscontrol

                                                                                                                          property analyticsConfigurations

                                                                                                                          readonly analyticsConfigurations?:
                                                                                                                          | Array<CfnBucket.AnalyticsConfigurationProperty | cdk.IResolvable>
                                                                                                                          | cdk.IResolvable;
                                                                                                                          • Specifies the configuration and any analyses for the analytics filter of an Amazon S3 bucket.

                                                                                                                            http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-analyticsconfigurations

                                                                                                                          property bucketEncryption

                                                                                                                          readonly bucketEncryption?: CfnBucket.BucketEncryptionProperty | cdk.IResolvable;
                                                                                                                          • Specifies default encryption for a bucket using server-side encryption with Amazon S3-managed keys (SSE-S3) or AWS KMS-managed keys (SSE-KMS) bucket. For information about the Amazon S3 default encryption feature, see [Amazon S3 Default Encryption for S3 Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) in the *Amazon S3 User Guide* .

                                                                                                                            http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-bucketencryption

                                                                                                                          property bucketName

                                                                                                                          readonly bucketName?: string;
                                                                                                                          • A name for the bucket. If you don't specify a name, AWS CloudFormation generates a unique ID and uses that ID for the bucket name. The bucket name must contain only lowercase letters, numbers, periods (.), and dashes (-) and must follow [Amazon S3 bucket restrictions and limitations](https://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html) . For more information, see [Rules for naming Amazon S3 buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html#bucketnamingrules) in the *Amazon S3 User Guide* .

                                                                                                                            > If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you need to replace the resource, specify a new name.

                                                                                                                            http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-name

                                                                                                                          property corsConfiguration

                                                                                                                          readonly corsConfiguration?:
                                                                                                                          | CfnBucket.CorsConfigurationProperty
                                                                                                                          | cdk.IResolvable;
                                                                                                                          • Describes the cross-origin access configuration for objects in an Amazon S3 bucket. For more information, see [Enabling Cross-Origin Resource Sharing](https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html) in the *Amazon S3 User Guide* .

                                                                                                                            http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-crossoriginconfig

                                                                                                                          property intelligentTieringConfigurations

                                                                                                                          readonly intelligentTieringConfigurations?:
                                                                                                                          | Array<CfnBucket.IntelligentTieringConfigurationProperty | cdk.IResolvable>
                                                                                                                          | cdk.IResolvable;
                                                                                                                          • Defines how Amazon S3 handles Intelligent-Tiering storage.

                                                                                                                            http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-intelligenttieringconfigurations

                                                                                                                          property inventoryConfigurations

                                                                                                                          readonly inventoryConfigurations?:
                                                                                                                          | Array<CfnBucket.InventoryConfigurationProperty | cdk.IResolvable>
                                                                                                                          | cdk.IResolvable;
                                                                                                                          • Specifies the inventory configuration for an Amazon S3 bucket. For more information, see [GET Bucket inventory](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETInventoryConfig.html) in the *Amazon S3 API Reference* .

                                                                                                                            http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-inventoryconfigurations

                                                                                                                          property lifecycleConfiguration

                                                                                                                          readonly lifecycleConfiguration?:
                                                                                                                          | CfnBucket.LifecycleConfigurationProperty
                                                                                                                          | cdk.IResolvable;
                                                                                                                          • Specifies the lifecycle configuration for objects in an Amazon S3 bucket. For more information, see [Object Lifecycle Management](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html) in the *Amazon S3 User Guide* .

                                                                                                                            http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-lifecycleconfig

                                                                                                                          property loggingConfiguration

                                                                                                                          readonly loggingConfiguration?:
                                                                                                                          | CfnBucket.LoggingConfigurationProperty
                                                                                                                          | cdk.IResolvable;
                                                                                                                          • Settings that define where logs are stored.

                                                                                                                            http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-loggingconfig

                                                                                                                          property metricsConfigurations

                                                                                                                          readonly metricsConfigurations?:
                                                                                                                          | Array<CfnBucket.MetricsConfigurationProperty | cdk.IResolvable>
                                                                                                                          | cdk.IResolvable;
                                                                                                                          • Specifies a metrics configuration for the CloudWatch request metrics (specified by the metrics configuration ID) from an Amazon S3 bucket. If you're updating an existing metrics configuration, note that this is a full replacement of the existing metrics configuration. If you don't include the elements you want to keep, they are erased. For more information, see [PutBucketMetricsConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTMetricConfiguration.html) .

                                                                                                                            http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-metricsconfigurations

                                                                                                                          property notificationConfiguration

                                                                                                                          readonly notificationConfiguration?:
                                                                                                                          | CfnBucket.NotificationConfigurationProperty
                                                                                                                          | cdk.IResolvable;
                                                                                                                          • Configuration that defines how Amazon S3 handles bucket notifications.

                                                                                                                            http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-notification

                                                                                                                          property objectLockConfiguration

                                                                                                                          readonly objectLockConfiguration?:
                                                                                                                          | CfnBucket.ObjectLockConfigurationProperty
                                                                                                                          | cdk.IResolvable;
                                                                                                                          • Places an Object Lock configuration on the specified bucket. The rule specified in the Object Lock configuration will be applied by default to every new object placed in the specified bucket. For more information, see [Locking Objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html) .

                                                                                                                            > - The DefaultRetention settings require both a mode and a period. > - The DefaultRetention period can be either Days or Years but you must select one. You cannot specify Days and Years at the same time. > - You can only enable Object Lock for new buckets. If you want to turn on Object Lock for an existing bucket, contact AWS Support.

                                                                                                                            http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-objectlockconfiguration

                                                                                                                          property objectLockEnabled

                                                                                                                          readonly objectLockEnabled?: boolean | cdk.IResolvable;
                                                                                                                          • Indicates whether this bucket has an Object Lock configuration enabled. Enable ObjectLockEnabled when you apply ObjectLockConfiguration to a bucket.

                                                                                                                            http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-objectlockenabled

                                                                                                                          property ownershipControls

                                                                                                                          readonly ownershipControls?:
                                                                                                                          | CfnBucket.OwnershipControlsProperty
                                                                                                                          | cdk.IResolvable;
                                                                                                                          • Configuration that defines how Amazon S3 handles Object Ownership rules.

                                                                                                                            http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-ownershipcontrols

                                                                                                                          property publicAccessBlockConfiguration

                                                                                                                          readonly publicAccessBlockConfiguration?:
                                                                                                                          | CfnBucket.PublicAccessBlockConfigurationProperty
                                                                                                                          | cdk.IResolvable;
                                                                                                                          • Configuration that defines how Amazon S3 handles public access.

                                                                                                                            http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-publicaccessblockconfiguration

                                                                                                                          property replicationConfiguration

                                                                                                                          readonly replicationConfiguration?:
                                                                                                                          | CfnBucket.ReplicationConfigurationProperty
                                                                                                                          | cdk.IResolvable;
                                                                                                                          • Configuration for replicating objects in an S3 bucket. To enable replication, you must also enable versioning by using the VersioningConfiguration property.

                                                                                                                            Amazon S3 can store replicated objects in a single destination bucket or multiple destination buckets. The destination bucket or buckets must already exist.

                                                                                                                            http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-replicationconfiguration

                                                                                                                          property tags

                                                                                                                          readonly tags?: cdk.CfnTag[];
                                                                                                                          • An arbitrary set of tags (key-value pairs) for this S3 bucket.

                                                                                                                            http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-tags

                                                                                                                          property versioningConfiguration

                                                                                                                          readonly versioningConfiguration?:
                                                                                                                          | CfnBucket.VersioningConfigurationProperty
                                                                                                                          | cdk.IResolvable;
                                                                                                                          • Enables multiple versions of all objects in this bucket. You might enable versioning to prevent objects from being deleted or overwritten by mistake or to archive objects so that you can retrieve previous versions of them.

                                                                                                                            http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-versioning

                                                                                                                          property websiteConfiguration

                                                                                                                          readonly websiteConfiguration?:
                                                                                                                          | CfnBucket.WebsiteConfigurationProperty
                                                                                                                          | cdk.IResolvable;
                                                                                                                          • Information used to configure the bucket as a static website. For more information, see [Hosting Websites on Amazon S3](https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html) .

                                                                                                                            http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-websiteconfiguration

                                                                                                                          interface CfnMultiRegionAccessPointPolicyProps

                                                                                                                          interface CfnMultiRegionAccessPointPolicyProps {}
                                                                                                                          • Properties for defining a CfnMultiRegionAccessPointPolicy

                                                                                                                            external

                                                                                                                            http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-multiregionaccesspointpolicy.html

                                                                                                                          property mrapName

                                                                                                                          readonly mrapName: string;
                                                                                                                          • The name of the Multi-Region Access Point.

                                                                                                                            http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-multiregionaccesspointpolicy.html#cfn-s3-multiregionaccesspointpolicy-mrapname

                                                                                                                          property policy

                                                                                                                          readonly policy: any | cdk.IResolvable;
                                                                                                                          • The access policy associated with the Multi-Region Access Point.

                                                                                                                            http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-multiregionaccesspointpolicy.html#cfn-s3-multiregionaccesspointpolicy-policy

                                                                                                                          interface CfnMultiRegionAccessPointProps

                                                                                                                          interface CfnMultiRegionAccessPointProps {}
                                                                                                                          • Properties for defining a CfnMultiRegionAccessPoint

                                                                                                                            external

                                                                                                                            http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-multiregionaccesspoint.html

                                                                                                                          property name

                                                                                                                          readonly name?: string;
                                                                                                                          • The name of the Multi-Region Access Point.

                                                                                                                            http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-multiregionaccesspoint.html#cfn-s3-multiregionaccesspoint-name

                                                                                                                          property publicAccessBlockConfiguration

                                                                                                                          readonly publicAccessBlockConfiguration?:
                                                                                                                          | CfnMultiRegionAccessPoint.PublicAccessBlockConfigurationProperty
                                                                                                                          | cdk.IResolvable;
                                                                                                                          • The PublicAccessBlock configuration that you want to apply to this Multi-Region Access Point. You can enable the configuration options in any combination. For more information about when Amazon S3 considers an object public, see [The Meaning of "Public"](https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status) in the *Amazon S3 User Guide* .

                                                                                                                            http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-multiregionaccesspoint.html#cfn-s3-multiregionaccesspoint-publicaccessblockconfiguration

                                                                                                                          property regions

                                                                                                                          readonly regions:
                                                                                                                          | Array<CfnMultiRegionAccessPoint.RegionProperty | cdk.IResolvable>
                                                                                                                          | cdk.IResolvable;
                                                                                                                          • A collection of the Regions and buckets associated with the Multi-Region Access Point.

                                                                                                                            http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-multiregionaccesspoint.html#cfn-s3-multiregionaccesspoint-regions

                                                                                                                          interface CfnStorageLensProps

                                                                                                                          interface CfnStorageLensProps {}
                                                                                                                          • Properties for defining a CfnStorageLens

                                                                                                                            external

                                                                                                                            http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-storagelens.html

                                                                                                                          property storageLensConfiguration

                                                                                                                          readonly storageLensConfiguration:
                                                                                                                          | CfnStorageLens.StorageLensConfigurationProperty
                                                                                                                          | cdk.IResolvable;
                                                                                                                          • This resource contains the details Amazon S3 Storage Lens configuration.

                                                                                                                            http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-storagelens.html#cfn-s3-storagelens-storagelensconfiguration

                                                                                                                          property tags

                                                                                                                          readonly tags?: cdk.CfnTag[];
                                                                                                                          • A set of tags (key–value pairs) to associate with the Storage Lens configuration.

                                                                                                                            http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-storagelens.html#cfn-s3-storagelens-tags

                                                                                                                          interface CorsRule

                                                                                                                          interface CorsRule {}
                                                                                                                          • Specifies a cross-origin access rule for an Amazon S3 bucket.

                                                                                                                          property allowedHeaders

                                                                                                                          readonly allowedHeaders?: string[];
                                                                                                                          • Headers that are specified in the Access-Control-Request-Headers header.

                                                                                                                            - No headers allowed.

                                                                                                                          property allowedMethods

                                                                                                                          readonly allowedMethods: HttpMethods[];
                                                                                                                          • An HTTP method that you allow the origin to execute.

                                                                                                                          property allowedOrigins

                                                                                                                          readonly allowedOrigins: string[];
                                                                                                                          • One or more origins you want customers to be able to access the bucket from.

                                                                                                                          property exposedHeaders

                                                                                                                          readonly exposedHeaders?: string[];
                                                                                                                          • One or more headers in the response that you want customers to be able to access from their applications.

                                                                                                                            - No headers exposed.

                                                                                                                          property id

                                                                                                                          readonly id?: string;
                                                                                                                          • A unique identifier for this rule.

                                                                                                                            - No id specified.

                                                                                                                          property maxAge

                                                                                                                          readonly maxAge?: number;
                                                                                                                          • The time in seconds that your browser is to cache the preflight response for the specified resource.

                                                                                                                            - No caching.

                                                                                                                          interface IBucket

                                                                                                                          interface IBucket extends IResource {}

                                                                                                                            property bucketArn

                                                                                                                            readonly bucketArn: string;
                                                                                                                            • The ARN of the bucket.

                                                                                                                            property bucketDomainName

                                                                                                                            readonly bucketDomainName: string;
                                                                                                                            • The IPv4 DNS name of the specified bucket.

                                                                                                                            property bucketDualStackDomainName

                                                                                                                            readonly bucketDualStackDomainName: string;
                                                                                                                            • The IPv6 DNS name of the specified bucket.

                                                                                                                            property bucketName

                                                                                                                            readonly bucketName: string;
                                                                                                                            • The name of the bucket.

                                                                                                                            property bucketRegionalDomainName

                                                                                                                            readonly bucketRegionalDomainName: string;
                                                                                                                            • The regional domain name of the specified bucket.

                                                                                                                            property bucketWebsiteDomainName

                                                                                                                            readonly bucketWebsiteDomainName: string;
                                                                                                                            • The Domain name of the static website.

                                                                                                                            property bucketWebsiteUrl

                                                                                                                            readonly bucketWebsiteUrl: string;
                                                                                                                            • The URL of the static website.

                                                                                                                            property encryptionKey

                                                                                                                            readonly encryptionKey?: kms.IKey;
                                                                                                                            • Optional KMS encryption key associated with this bucket.

                                                                                                                            property isWebsite

                                                                                                                            readonly isWebsite?: boolean;
                                                                                                                            • If this bucket has been configured for static website hosting.

                                                                                                                            property policy

                                                                                                                            policy?: BucketPolicy;
                                                                                                                            • The resource policy associated with this bucket.

                                                                                                                              If autoCreatePolicy is true, a BucketPolicy will be created upon the first call to addToResourcePolicy(s).

                                                                                                                            method addEventNotification

                                                                                                                            addEventNotification: (
                                                                                                                            event: EventType,
                                                                                                                            dest: IBucketNotificationDestination,
                                                                                                                            ...filters: NotificationKeyFilter[]
                                                                                                                            ) => void;
                                                                                                                            • Adds a bucket notification event destination.

                                                                                                                              Parameter event

                                                                                                                              The event to trigger the notification

                                                                                                                              Parameter dest

                                                                                                                              The notification destination (Lambda, SNS Topic or SQS Queue)

                                                                                                                              Parameter filters

                                                                                                                              S3 object key filter rules to determine which objects trigger this event. Each filter must include a prefix and/or suffix that will be matched against the s3 object key. Refer to the S3 Developer Guide for details about allowed filter rules.

                                                                                                                              Example 1

                                                                                                                              declare const myLambda: lambda.Function; const bucket = new s3.Bucket(this, 'MyBucket'); bucket.addEventNotification(s3.EventType.OBJECT_CREATED, new s3n.LambdaDestination(myLambda), {prefix: 'home/myusername/*'})

                                                                                                                              See Also

                                                                                                                              • https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html#notification-how-to-filtering

                                                                                                                              • https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html

                                                                                                                            method addObjectCreatedNotification

                                                                                                                            addObjectCreatedNotification: (
                                                                                                                            dest: IBucketNotificationDestination,
                                                                                                                            ...filters: NotificationKeyFilter[]
                                                                                                                            ) => void;
                                                                                                                            • Subscribes a destination to receive notifications when an object is created in the bucket. This is identical to calling onEvent(s3.EventType.OBJECT_CREATED).

                                                                                                                              Parameter dest

                                                                                                                              The notification destination (see onEvent)

                                                                                                                              Parameter filters

                                                                                                                              Filters (see onEvent)

                                                                                                                            method addObjectRemovedNotification

                                                                                                                            addObjectRemovedNotification: (
                                                                                                                            dest: IBucketNotificationDestination,
                                                                                                                            ...filters: NotificationKeyFilter[]
                                                                                                                            ) => void;
                                                                                                                            • Subscribes a destination to receive notifications when an object is removed from the bucket. This is identical to calling onEvent(EventType.OBJECT_REMOVED).

                                                                                                                              Parameter dest

                                                                                                                              The notification destination (see onEvent)

                                                                                                                              Parameter filters

                                                                                                                              Filters (see onEvent)

                                                                                                                            method addToResourcePolicy

                                                                                                                            addToResourcePolicy: (
                                                                                                                            permission: iam.PolicyStatement
                                                                                                                            ) => iam.AddToResourcePolicyResult;
                                                                                                                            • Adds a statement to the resource policy for a principal (i.e. account/role/service) to perform actions on this bucket and/or its contents. Use bucketArn and arnForObjects(keys) to obtain ARNs for this bucket or objects.

                                                                                                                              Note that the policy statement may or may not be added to the policy. For example, when an IBucket is created from an existing bucket, it's not possible to tell whether the bucket already has a policy attached, let alone to re-use that policy to add more statements to it. So it's safest to do nothing in these cases.

                                                                                                                              Parameter permission

                                                                                                                              the policy statement to be added to the bucket's policy.

                                                                                                                              Returns

                                                                                                                              metadata about the execution of this method. If the policy was not added, the value of statementAdded will be false. You should always check this value to make sure that the operation was actually carried out. Otherwise, synthesis and deploy will terminate silently, which may be confusing.

                                                                                                                            method arnForObjects

                                                                                                                            arnForObjects: (keyPattern: string) => string;
                                                                                                                            • Returns an ARN that represents all objects within the bucket that match the key pattern specified. To represent all keys, specify ``"*"``.

                                                                                                                            method grantDelete

                                                                                                                            grantDelete: (identity: iam.IGrantable, objectsKeyPattern?: any) => iam.Grant;
                                                                                                                            • Grants s3:DeleteObject* permission to an IAM principal for objects in this bucket.

                                                                                                                              Parameter identity

                                                                                                                              The principal

                                                                                                                              Parameter objectsKeyPattern

                                                                                                                              Restrict the permission to a certain key pattern (default '*')

                                                                                                                            method grantPublicAccess

                                                                                                                            grantPublicAccess: (
                                                                                                                            keyPrefix?: string,
                                                                                                                            ...allowedActions: string[]
                                                                                                                            ) => iam.Grant;
                                                                                                                            • Allows unrestricted access to objects from this bucket.

                                                                                                                              IMPORTANT: This permission allows anyone to perform actions on S3 objects in this bucket, which is useful for when you configure your bucket as a website and want everyone to be able to read objects in the bucket without needing to authenticate.

                                                                                                                              Without arguments, this method will grant read ("s3:GetObject") access to all objects ("*") in the bucket.

                                                                                                                              The method returns the iam.Grant object, which can then be modified as needed. For example, you can add a condition that will restrict access only to an IPv4 range like this:

                                                                                                                              const grant = bucket.grantPublicAccess(); grant.resourceStatement!.addCondition(‘IpAddress’, { “aws:SourceIp”: “54.240.143.0/24” });

                                                                                                                              Parameter keyPrefix

                                                                                                                              the prefix of S3 object keys (e.g. home/*). Default is "*".

                                                                                                                              Parameter allowedActions

                                                                                                                              the set of S3 actions to allow. Default is "s3:GetObject".

                                                                                                                              Returns

                                                                                                                              The iam.PolicyStatement object, which can be used to apply e.g. conditions.

                                                                                                                            method grantPut

                                                                                                                            grantPut: (identity: iam.IGrantable, objectsKeyPattern?: any) => iam.Grant;
                                                                                                                            • Grants s3:PutObject* and s3:Abort* permissions for this bucket to an IAM principal.

                                                                                                                              If encryption is used, permission to use the key to encrypt the contents of written files will also be granted to the same principal.

                                                                                                                              Parameter identity

                                                                                                                              The principal

                                                                                                                              Parameter objectsKeyPattern

                                                                                                                              Restrict the permission to a certain key pattern (default '*')

                                                                                                                            method grantPutAcl

                                                                                                                            grantPutAcl: (identity: iam.IGrantable, objectsKeyPattern?: string) => iam.Grant;
                                                                                                                            • Grant the given IAM identity permissions to modify the ACLs of objects in the given Bucket.

                                                                                                                              If your application has the '@aws-cdk/aws-s3:grantWriteWithoutAcl' feature flag set, calling grantWrite or grantReadWrite no longer grants permissions to modify the ACLs of the objects; in this case, if you need to modify object ACLs, call this method explicitly.

                                                                                                                              Parameter identity

                                                                                                                              The principal

                                                                                                                              Parameter objectsKeyPattern

                                                                                                                              Restrict the permission to a certain key pattern (default '*')

                                                                                                                            method grantRead

                                                                                                                            grantRead: (identity: iam.IGrantable, objectsKeyPattern?: any) => iam.Grant;
                                                                                                                            • Grant read permissions for this bucket and it's contents to an IAM principal (Role/Group/User).

                                                                                                                              If encryption is used, permission to use the key to decrypt the contents of the bucket will also be granted to the same principal.

                                                                                                                              Parameter identity

                                                                                                                              The principal

                                                                                                                              Parameter objectsKeyPattern

                                                                                                                              Restrict the permission to a certain key pattern (default '*')

                                                                                                                            method grantReadWrite

                                                                                                                            grantReadWrite: (identity: iam.IGrantable, objectsKeyPattern?: any) => iam.Grant;
                                                                                                                            • Grants read/write permissions for this bucket and it's contents to an IAM principal (Role/Group/User).

                                                                                                                              If an encryption key is used, permission to use the key for encrypt/decrypt will also be granted.

                                                                                                                              Before CDK version 1.85.0, this method granted the s3:PutObject* permission that included s3:PutObjectAcl, which could be used to grant read/write object access to IAM principals in other accounts. If you want to get rid of that behavior, update your CDK version to 1.85.0 or later, and make sure the @aws-cdk/aws-s3:grantWriteWithoutAcl feature flag is set to true in the context key of your cdk.json file. If you've already updated, but still need the principal to have permissions to modify the ACLs, use the grantPutAcl method.

                                                                                                                              Parameter identity

                                                                                                                              The principal

                                                                                                                              Parameter objectsKeyPattern

                                                                                                                              Restrict the permission to a certain key pattern (default '*')

                                                                                                                            method grantWrite

                                                                                                                            grantWrite: (identity: iam.IGrantable, objectsKeyPattern?: any) => iam.Grant;
                                                                                                                            • Grant write permissions to this bucket to an IAM principal.

                                                                                                                              If encryption is used, permission to use the key to encrypt the contents of written files will also be granted to the same principal.

                                                                                                                              Before CDK version 1.85.0, this method granted the s3:PutObject* permission that included s3:PutObjectAcl, which could be used to grant read/write object access to IAM principals in other accounts. If you want to get rid of that behavior, update your CDK version to 1.85.0 or later, and make sure the @aws-cdk/aws-s3:grantWriteWithoutAcl feature flag is set to true in the context key of your cdk.json file. If you've already updated, but still need the principal to have permissions to modify the ACLs, use the grantPutAcl method.

                                                                                                                              Parameter identity

                                                                                                                              The principal

                                                                                                                              Parameter objectsKeyPattern

                                                                                                                              Restrict the permission to a certain key pattern (default '*')

                                                                                                                            method onCloudTrailEvent

                                                                                                                            onCloudTrailEvent: (
                                                                                                                            id: string,
                                                                                                                            options?: OnCloudTrailBucketEventOptions
                                                                                                                            ) => events.Rule;
                                                                                                                            • Defines a CloudWatch event that triggers when something happens to this bucket

                                                                                                                              Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail.

                                                                                                                              Parameter id

                                                                                                                              The id of the rule

                                                                                                                              Parameter options

                                                                                                                              Options for adding the rule

                                                                                                                            method onCloudTrailPutObject

                                                                                                                            onCloudTrailPutObject: (
                                                                                                                            id: string,
                                                                                                                            options?: OnCloudTrailBucketEventOptions
                                                                                                                            ) => events.Rule;
                                                                                                                            • Defines an AWS CloudWatch event that triggers when an object is uploaded to the specified paths (keys) in this bucket using the PutObject API call.

                                                                                                                              Note that some tools like aws s3 cp will automatically use either PutObject or the multipart upload API depending on the file size, so using onCloudTrailWriteObject may be preferable.

                                                                                                                              Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail.

                                                                                                                              Parameter id

                                                                                                                              The id of the rule

                                                                                                                              Parameter options

                                                                                                                              Options for adding the rule

                                                                                                                            method onCloudTrailWriteObject

                                                                                                                            onCloudTrailWriteObject: (
                                                                                                                            id: string,
                                                                                                                            options?: OnCloudTrailBucketEventOptions
                                                                                                                            ) => events.Rule;
                                                                                                                            • Defines an AWS CloudWatch event that triggers when an object at the specified paths (keys) in this bucket are written to. This includes the events PutObject, CopyObject, and CompleteMultipartUpload.

                                                                                                                              Note that some tools like aws s3 cp will automatically use either PutObject or the multipart upload API depending on the file size, so using this method may be preferable to onCloudTrailPutObject.

                                                                                                                              Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail.

                                                                                                                              Parameter id

                                                                                                                              The id of the rule

                                                                                                                              Parameter options

                                                                                                                              Options for adding the rule

                                                                                                                            method s3UrlForObject

                                                                                                                            s3UrlForObject: (key?: string) => string;
                                                                                                                            • The S3 URL of an S3 object. For example: - s3://onlybucket - s3://bucket/key

                                                                                                                              Parameter key

                                                                                                                              The S3 key of the object. If not specified, the S3 URL of the bucket is returned.

                                                                                                                              Returns

                                                                                                                              an ObjectS3Url token

                                                                                                                            method transferAccelerationUrlForObject

                                                                                                                            transferAccelerationUrlForObject: (
                                                                                                                            key?: string,
                                                                                                                            options?: TransferAccelerationUrlOptions
                                                                                                                            ) => string;
                                                                                                                            • The https Transfer Acceleration URL of an S3 object. Specify dualStack: true at the options for dual-stack endpoint (connect to the bucket over IPv6). For example:

                                                                                                                              - https://bucket.s3-accelerate.amazonaws.com - https://bucket.s3-accelerate.amazonaws.com/key

                                                                                                                              Parameter key

                                                                                                                              The S3 key of the object. If not specified, the URL of the bucket is returned.

                                                                                                                              Parameter options

                                                                                                                              Options for generating URL.

                                                                                                                              Returns

                                                                                                                              an TransferAccelerationUrl token

                                                                                                                            method urlForObject

                                                                                                                            urlForObject: (key?: string) => string;
                                                                                                                            • The https URL of an S3 object. For example:

                                                                                                                              - https://s3.us-west-1.amazonaws.com/onlybucket - https://s3.us-west-1.amazonaws.com/bucket/key - https://s3.cn-north-1.amazonaws.com.cn/china-bucket/mykey

                                                                                                                              Parameter key

                                                                                                                              The S3 key of the object. If not specified, the URL of the bucket is returned.

                                                                                                                              Returns

                                                                                                                              an ObjectS3Url token

                                                                                                                            method virtualHostedUrlForObject

                                                                                                                            virtualHostedUrlForObject: (
                                                                                                                            key?: string,
                                                                                                                            options?: VirtualHostedStyleUrlOptions
                                                                                                                            ) => string;
                                                                                                                            • The virtual hosted-style URL of an S3 object. Specify regional: false at the options for non-regional URL. For example:

                                                                                                                              - https://only-bucket.s3.us-west-1.amazonaws.com - https://bucket.s3.us-west-1.amazonaws.com/key - https://bucket.s3.amazonaws.com/key - https://china-bucket.s3.cn-north-1.amazonaws.com.cn/mykey

                                                                                                                              Parameter key

                                                                                                                              The S3 key of the object. If not specified, the URL of the bucket is returned.

                                                                                                                              Parameter options

                                                                                                                              Options for generating URL.

                                                                                                                              Returns

                                                                                                                              an ObjectS3Url token

                                                                                                                            interface IBucketNotificationDestination

                                                                                                                            interface IBucketNotificationDestination {}
                                                                                                                            • Implemented by constructs that can be used as bucket notification destinations.

                                                                                                                            method bind

                                                                                                                            bind: (scope: Construct, bucket: IBucket) => BucketNotificationDestinationConfig;
                                                                                                                            • Registers this resource to receive notifications for the specified bucket. This method will only be called once for each destination/bucket pair and the result will be cached, so there is no need to implement idempotency in each destination.

                                                                                                                              Parameter bucket

                                                                                                                              The bucket object to bind to

                                                                                                                            interface IntelligentTieringConfiguration

                                                                                                                            interface IntelligentTieringConfiguration {}
                                                                                                                            • The intelligent tiering configuration.

                                                                                                                            property archiveAccessTierTime

                                                                                                                            readonly archiveAccessTierTime?: Duration;
                                                                                                                            • When enabled, Intelligent-Tiering will automatically move objects that haven’t been accessed for a minimum of 90 days to the Archive Access tier.

                                                                                                                              Objects will not move to Glacier

                                                                                                                            property deepArchiveAccessTierTime

                                                                                                                            readonly deepArchiveAccessTierTime?: Duration;
                                                                                                                            • When enabled, Intelligent-Tiering will automatically move objects that haven’t been accessed for a minimum of 180 days to the Deep Archive Access tier.

                                                                                                                              Objects will not move to Glacier Deep Access

                                                                                                                            property name

                                                                                                                            readonly name: string;
                                                                                                                            • Configuration name

                                                                                                                            property prefix

                                                                                                                            readonly prefix?: string;
                                                                                                                            • Add a filter to limit the scope of this configuration to a single prefix.

                                                                                                                              this configuration will apply to **all** objects in the bucket.

                                                                                                                            property tags

                                                                                                                            readonly tags?: Tag[];
                                                                                                                            • You can limit the scope of this rule to the key value pairs added below.

                                                                                                                              No filtering will be performed on tags

                                                                                                                            interface Inventory

                                                                                                                            interface Inventory {}
                                                                                                                            • Specifies the inventory configuration of an S3 Bucket.

                                                                                                                              See Also

                                                                                                                              • https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-inventory.html

                                                                                                                            property destination

                                                                                                                            readonly destination: InventoryDestination;
                                                                                                                            • The destination of the inventory.

                                                                                                                            property enabled

                                                                                                                            readonly enabled?: boolean;
                                                                                                                            • Whether the inventory is enabled or disabled.

                                                                                                                              true

                                                                                                                            property format

                                                                                                                            readonly format?: InventoryFormat;
                                                                                                                            • The format of the inventory.

                                                                                                                              InventoryFormat.CSV

                                                                                                                            property frequency

                                                                                                                            readonly frequency?: InventoryFrequency;
                                                                                                                            • Frequency at which the inventory should be generated.

                                                                                                                              InventoryFrequency.WEEKLY

                                                                                                                            property includeObjectVersions

                                                                                                                            readonly includeObjectVersions?: InventoryObjectVersion;
                                                                                                                            • If the inventory should contain all the object versions or only the current one.

                                                                                                                              InventoryObjectVersion.ALL

                                                                                                                            property inventoryId

                                                                                                                            readonly inventoryId?: string;
                                                                                                                            • The inventory configuration ID.

                                                                                                                              - generated ID.

                                                                                                                            property objectsPrefix

                                                                                                                            readonly objectsPrefix?: string;
                                                                                                                            • The inventory will only include objects that meet the prefix filter criteria.

                                                                                                                              - No objects prefix

                                                                                                                            property optionalFields

                                                                                                                            readonly optionalFields?: string[];
                                                                                                                            • A list of optional fields to be included in the inventory result.

                                                                                                                              - No optional fields.

                                                                                                                            interface InventoryDestination

                                                                                                                            interface InventoryDestination {}
                                                                                                                            • The destination of the inventory.

                                                                                                                            property bucket

                                                                                                                            readonly bucket: IBucket;
                                                                                                                            • Bucket where all inventories will be saved in.

                                                                                                                            property bucketOwner

                                                                                                                            readonly bucketOwner?: string;
                                                                                                                            • The account ID that owns the destination S3 bucket. If no account ID is provided, the owner is not validated before exporting data. It's recommended to set an account ID to prevent problems if the destination bucket ownership changes.

                                                                                                                              - No account ID.

                                                                                                                            property prefix

                                                                                                                            readonly prefix?: string;
                                                                                                                            • The prefix to be used when saving the inventory.

                                                                                                                              - No prefix.

                                                                                                                            interface LifecycleRule

                                                                                                                            interface LifecycleRule {}
                                                                                                                            • Declaration of a Life cycle rule

                                                                                                                            property abortIncompleteMultipartUploadAfter

                                                                                                                            readonly abortIncompleteMultipartUploadAfter?: Duration;
                                                                                                                            • Specifies a lifecycle rule that aborts incomplete multipart uploads to an Amazon S3 bucket.

                                                                                                                              The AbortIncompleteMultipartUpload property type creates a lifecycle rule that aborts incomplete multipart uploads to an Amazon S3 bucket. When Amazon S3 aborts a multipart upload, it deletes all parts associated with the multipart upload.

                                                                                                                              Incomplete uploads are never aborted

                                                                                                                            property enabled

                                                                                                                            readonly enabled?: boolean;
                                                                                                                            • Whether this rule is enabled.

                                                                                                                              true

                                                                                                                            property expiration

                                                                                                                            readonly expiration?: Duration;
                                                                                                                            • Indicates the number of days after creation when objects are deleted from Amazon S3 and Amazon Glacier.

                                                                                                                              If you specify an expiration and transition time, you must use the same time unit for both properties (either in days or by date). The expiration time must also be later than the transition time.

                                                                                                                              No expiration timeout

                                                                                                                            property expirationDate

                                                                                                                            readonly expirationDate?: Date;
                                                                                                                            • Indicates when objects are deleted from Amazon S3 and Amazon Glacier.

                                                                                                                              The date value must be in ISO 8601 format. The time is always midnight UTC.

                                                                                                                              If you specify an expiration and transition time, you must use the same time unit for both properties (either in days or by date). The expiration time must also be later than the transition time.

                                                                                                                              No expiration date

                                                                                                                            property expiredObjectDeleteMarker

                                                                                                                            readonly expiredObjectDeleteMarker?: boolean;
                                                                                                                            • Indicates whether Amazon S3 will remove a delete marker with no noncurrent versions. If set to true, the delete marker will be expired.

                                                                                                                              false

                                                                                                                            property id

                                                                                                                            readonly id?: string;
                                                                                                                            • A unique identifier for this rule. The value cannot be more than 255 characters.

                                                                                                                            property noncurrentVersionExpiration

                                                                                                                            readonly noncurrentVersionExpiration?: Duration;
                                                                                                                            • Time between when a new version of the object is uploaded to the bucket and when old versions of the object expire.

                                                                                                                              For buckets with versioning enabled (or suspended), specifies the time, in days, between when a new version of the object is uploaded to the bucket and when old versions of the object expire. When object versions expire, Amazon S3 permanently deletes them. If you specify a transition and expiration time, the expiration time must be later than the transition time.

                                                                                                                              No noncurrent version expiration

                                                                                                                            property noncurrentVersionTransitions

                                                                                                                            readonly noncurrentVersionTransitions?: NoncurrentVersionTransition[];
                                                                                                                            • One or more transition rules that specify when non-current objects transition to a specified storage class.

                                                                                                                              Only for for buckets with versioning enabled (or suspended).

                                                                                                                              If you specify a transition and expiration time, the expiration time must be later than the transition time.

                                                                                                                            property prefix

                                                                                                                            readonly prefix?: string;
                                                                                                                            • Object key prefix that identifies one or more objects to which this rule applies.

                                                                                                                              Rule applies to all objects

                                                                                                                            property tagFilters

                                                                                                                            readonly tagFilters?: {
                                                                                                                            [tag: string]: any;
                                                                                                                            };
                                                                                                                            • The TagFilter property type specifies tags to use to identify a subset of objects for an Amazon S3 bucket.

                                                                                                                              Rule applies to all objects

                                                                                                                            property transitions

                                                                                                                            readonly transitions?: Transition[];
                                                                                                                            • One or more transition rules that specify when an object transitions to a specified storage class.

                                                                                                                              If you specify an expiration and transition time, you must use the same time unit for both properties (either in days or by date). The expiration time must also be later than the transition time.

                                                                                                                              No transition rules

                                                                                                                            interface Location

                                                                                                                            interface Location {}
                                                                                                                            • An interface that represents the location of a specific object in an S3 Bucket.

                                                                                                                            property bucketName

                                                                                                                            readonly bucketName: string;
                                                                                                                            • The name of the S3 Bucket the object is in.

                                                                                                                            property objectKey

                                                                                                                            readonly objectKey: string;
                                                                                                                            • The path inside the Bucket where the object is located at.

                                                                                                                            property objectVersion

                                                                                                                            readonly objectVersion?: string;
                                                                                                                            • The S3 object version.

                                                                                                                            interface NoncurrentVersionTransition

                                                                                                                            interface NoncurrentVersionTransition {}
                                                                                                                            • Describes when noncurrent versions transition to a specified storage class.

                                                                                                                            property noncurrentVersionsToRetain

                                                                                                                            readonly noncurrentVersionsToRetain?: number;
                                                                                                                            • Indicates the number of noncurrent version objects to be retained. Can be up to 100 noncurrent versions retained.

                                                                                                                              No noncurrent version retained.

                                                                                                                            property storageClass

                                                                                                                            readonly storageClass: StorageClass;
                                                                                                                            • The storage class to which you want the object to transition.

                                                                                                                            property transitionAfter

                                                                                                                            readonly transitionAfter: Duration;
                                                                                                                            • Indicates the number of days after creation when objects are transitioned to the specified storage class.

                                                                                                                              No transition count.

                                                                                                                            interface NotificationKeyFilter

                                                                                                                            interface NotificationKeyFilter {}

                                                                                                                              property prefix

                                                                                                                              readonly prefix?: string;
                                                                                                                              • S3 keys must have the specified prefix.

                                                                                                                              property suffix

                                                                                                                              readonly suffix?: string;
                                                                                                                              • S3 keys must have the specified suffix.

                                                                                                                              interface OnCloudTrailBucketEventOptions

                                                                                                                              interface OnCloudTrailBucketEventOptions extends events.OnEventOptions {}
                                                                                                                              • Options for the onCloudTrailPutObject method

                                                                                                                              property paths

                                                                                                                              readonly paths?: string[];
                                                                                                                              • Only watch changes to these object paths

                                                                                                                                - Watch changes to all objects

                                                                                                                              interface RedirectTarget

                                                                                                                              interface RedirectTarget {}
                                                                                                                              • Specifies a redirect behavior of all requests to a website endpoint of a bucket.

                                                                                                                              property hostName

                                                                                                                              readonly hostName: string;
                                                                                                                              • Name of the host where requests are redirected

                                                                                                                              property protocol

                                                                                                                              readonly protocol?: RedirectProtocol;
                                                                                                                              • Protocol to use when redirecting requests

                                                                                                                                - The protocol used in the original request.

                                                                                                                              interface RoutingRule

                                                                                                                              interface RoutingRule {}
                                                                                                                              • Rule that define when a redirect is applied and the redirect behavior.

                                                                                                                                See Also

                                                                                                                                • https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html

                                                                                                                              property condition

                                                                                                                              readonly condition?: RoutingRuleCondition;
                                                                                                                              • Specifies a condition that must be met for the specified redirect to apply.

                                                                                                                                - No condition

                                                                                                                              property hostName

                                                                                                                              readonly hostName?: string;
                                                                                                                              • The host name to use in the redirect request

                                                                                                                                - The host name used in the original request.

                                                                                                                              property httpRedirectCode

                                                                                                                              readonly httpRedirectCode?: string;
                                                                                                                              • The HTTP redirect code to use on the response

                                                                                                                                "301" - Moved Permanently

                                                                                                                              property protocol

                                                                                                                              readonly protocol?: RedirectProtocol;
                                                                                                                              • Protocol to use when redirecting requests

                                                                                                                                - The protocol used in the original request.

                                                                                                                              property replaceKey

                                                                                                                              readonly replaceKey?: ReplaceKey;
                                                                                                                              • Specifies the object key prefix to use in the redirect request

                                                                                                                                - The key will not be replaced

                                                                                                                              interface RoutingRuleCondition

                                                                                                                              interface RoutingRuleCondition {}

                                                                                                                                property httpErrorCodeReturnedEquals

                                                                                                                                readonly httpErrorCodeReturnedEquals?: string;
                                                                                                                                • The HTTP error code when the redirect is applied

                                                                                                                                  In the event of an error, if the error code equals this value, then the specified redirect is applied.

                                                                                                                                  If both condition properties are specified, both must be true for the redirect to be applied.

                                                                                                                                  - The HTTP error code will not be verified

                                                                                                                                property keyPrefixEquals

                                                                                                                                readonly keyPrefixEquals?: string;
                                                                                                                                • The object key name prefix when the redirect is applied

                                                                                                                                  If both condition properties are specified, both must be true for the redirect to be applied.

                                                                                                                                  - The object key name will not be verified

                                                                                                                                interface Tag

                                                                                                                                interface Tag {}
                                                                                                                                • Tag

                                                                                                                                property key

                                                                                                                                readonly key: string;
                                                                                                                                • key to e tagged

                                                                                                                                property value

                                                                                                                                readonly value: string;
                                                                                                                                • additional value

                                                                                                                                interface TransferAccelerationUrlOptions

                                                                                                                                interface TransferAccelerationUrlOptions {}
                                                                                                                                • Options for creating a Transfer Acceleration URL.

                                                                                                                                property dualStack

                                                                                                                                readonly dualStack?: boolean;
                                                                                                                                • Dual-stack support to connect to the bucket over IPv6.

                                                                                                                                  - false

                                                                                                                                interface Transition

                                                                                                                                interface Transition {}
                                                                                                                                • Describes when an object transitions to a specified storage class.

                                                                                                                                property storageClass

                                                                                                                                readonly storageClass: StorageClass;
                                                                                                                                • The storage class to which you want the object to transition.

                                                                                                                                property transitionAfter

                                                                                                                                readonly transitionAfter?: Duration;
                                                                                                                                • Indicates the number of days after creation when objects are transitioned to the specified storage class.

                                                                                                                                  No transition count.

                                                                                                                                property transitionDate

                                                                                                                                readonly transitionDate?: Date;
                                                                                                                                • Indicates when objects are transitioned to the specified storage class.

                                                                                                                                  The date value must be in ISO 8601 format. The time is always midnight UTC.

                                                                                                                                  No transition date.

                                                                                                                                interface VirtualHostedStyleUrlOptions

                                                                                                                                interface VirtualHostedStyleUrlOptions {}
                                                                                                                                • Options for creating Virtual-Hosted style URL.

                                                                                                                                property regional

                                                                                                                                readonly regional?: boolean;
                                                                                                                                • Specifies the URL includes the region.

                                                                                                                                  - true

                                                                                                                                Enums

                                                                                                                                enum BucketAccessControl

                                                                                                                                enum BucketAccessControl {
                                                                                                                                PRIVATE = 'Private',
                                                                                                                                PUBLIC_READ = 'PublicRead',
                                                                                                                                PUBLIC_READ_WRITE = 'PublicReadWrite',
                                                                                                                                AUTHENTICATED_READ = 'AuthenticatedRead',
                                                                                                                                LOG_DELIVERY_WRITE = 'LogDeliveryWrite',
                                                                                                                                BUCKET_OWNER_READ = 'BucketOwnerRead',
                                                                                                                                BUCKET_OWNER_FULL_CONTROL = 'BucketOwnerFullControl',
                                                                                                                                AWS_EXEC_READ = 'AwsExecRead',
                                                                                                                                }
                                                                                                                                • Default bucket access control types.

                                                                                                                                  See Also

                                                                                                                                  • https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html

                                                                                                                                member AUTHENTICATED_READ

                                                                                                                                AUTHENTICATED_READ = 'AuthenticatedRead'
                                                                                                                                • Owner gets FULL_CONTROL. The AuthenticatedUsers group gets READ access.

                                                                                                                                member AWS_EXEC_READ

                                                                                                                                AWS_EXEC_READ = 'AwsExecRead'
                                                                                                                                • Owner gets FULL_CONTROL. Amazon EC2 gets READ access to GET an Amazon Machine Image (AMI) bundle from Amazon S3.

                                                                                                                                member BUCKET_OWNER_FULL_CONTROL

                                                                                                                                BUCKET_OWNER_FULL_CONTROL = 'BucketOwnerFullControl'
                                                                                                                                • Both the object owner and the bucket owner get FULL_CONTROL over the object. If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.

                                                                                                                                member BUCKET_OWNER_READ

                                                                                                                                BUCKET_OWNER_READ = 'BucketOwnerRead'
                                                                                                                                • Object owner gets FULL_CONTROL. Bucket owner gets READ access. If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.

                                                                                                                                member LOG_DELIVERY_WRITE

                                                                                                                                LOG_DELIVERY_WRITE = 'LogDeliveryWrite'
                                                                                                                                • The LogDelivery group gets WRITE and READ_ACP permissions on the bucket.

                                                                                                                                  See Also

                                                                                                                                  • https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerLogs.html

                                                                                                                                member PRIVATE

                                                                                                                                PRIVATE = 'Private'
                                                                                                                                • Owner gets FULL_CONTROL. No one else has access rights.

                                                                                                                                member PUBLIC_READ

                                                                                                                                PUBLIC_READ = 'PublicRead'
                                                                                                                                • Owner gets FULL_CONTROL. The AllUsers group gets READ access.

                                                                                                                                member PUBLIC_READ_WRITE

                                                                                                                                PUBLIC_READ_WRITE = 'PublicReadWrite'
                                                                                                                                • Owner gets FULL_CONTROL. The AllUsers group gets READ and WRITE access. Granting this on a bucket is generally not recommended.

                                                                                                                                enum BucketEncryption

                                                                                                                                enum BucketEncryption {
                                                                                                                                UNENCRYPTED = 'NONE',
                                                                                                                                KMS_MANAGED = 'MANAGED',
                                                                                                                                S3_MANAGED = 'S3MANAGED',
                                                                                                                                KMS = 'KMS',
                                                                                                                                }
                                                                                                                                • What kind of server-side encryption to apply to this bucket

                                                                                                                                member KMS

                                                                                                                                KMS = 'KMS'
                                                                                                                                • Server-side encryption with a KMS key managed by the user. If encryptionKey is specified, this key will be used, otherwise, one will be defined.

                                                                                                                                member KMS_MANAGED

                                                                                                                                KMS_MANAGED = 'MANAGED'
                                                                                                                                • Server-side KMS encryption with a master key managed by KMS.

                                                                                                                                member S3_MANAGED

                                                                                                                                S3_MANAGED = 'S3MANAGED'
                                                                                                                                • Server-side encryption with a master key managed by S3.

                                                                                                                                member UNENCRYPTED

                                                                                                                                UNENCRYPTED = 'NONE'
                                                                                                                                • Objects in the bucket are not encrypted.

                                                                                                                                enum BucketNotificationDestinationType

                                                                                                                                enum BucketNotificationDestinationType {
                                                                                                                                LAMBDA = 0,
                                                                                                                                QUEUE = 1,
                                                                                                                                TOPIC = 2,
                                                                                                                                }
                                                                                                                                • Supported types of notification destinations.

                                                                                                                                member LAMBDA

                                                                                                                                LAMBDA = 0

                                                                                                                                  member QUEUE

                                                                                                                                  QUEUE = 1

                                                                                                                                    member TOPIC

                                                                                                                                    TOPIC = 2

                                                                                                                                      enum EventType

                                                                                                                                      enum EventType {
                                                                                                                                      OBJECT_CREATED = 's3:ObjectCreated:*',
                                                                                                                                      OBJECT_CREATED_PUT = 's3:ObjectCreated:Put',
                                                                                                                                      OBJECT_CREATED_POST = 's3:ObjectCreated:Post',
                                                                                                                                      OBJECT_CREATED_COPY = 's3:ObjectCreated:Copy',
                                                                                                                                      OBJECT_CREATED_COMPLETE_MULTIPART_UPLOAD = 's3:ObjectCreated:CompleteMultipartUpload',
                                                                                                                                      OBJECT_REMOVED = 's3:ObjectRemoved:*',
                                                                                                                                      OBJECT_REMOVED_DELETE = 's3:ObjectRemoved:Delete',
                                                                                                                                      OBJECT_REMOVED_DELETE_MARKER_CREATED = 's3:ObjectRemoved:DeleteMarkerCreated',
                                                                                                                                      OBJECT_RESTORE_POST = 's3:ObjectRestore:Post',
                                                                                                                                      OBJECT_RESTORE_COMPLETED = 's3:ObjectRestore:Completed',
                                                                                                                                      OBJECT_RESTORE_DELETE = 's3:ObjectRestore:Delete',
                                                                                                                                      REDUCED_REDUNDANCY_LOST_OBJECT = 's3:ReducedRedundancyLostObject',
                                                                                                                                      REPLICATION_OPERATION_FAILED_REPLICATION = 's3:Replication:OperationFailedReplication',
                                                                                                                                      REPLICATION_OPERATION_MISSED_THRESHOLD = 's3:Replication:OperationMissedThreshold',
                                                                                                                                      REPLICATION_OPERATION_REPLICATED_AFTER_THRESHOLD = 's3:Replication:OperationReplicatedAfterThreshold',
                                                                                                                                      REPLICATION_OPERATION_NOT_TRACKED = 's3:Replication:OperationNotTracked',
                                                                                                                                      LIFECYCLE_EXPIRATION = 's3:LifecycleExpiration:*',
                                                                                                                                      LIFECYCLE_EXPIRATION_DELETE = 's3:LifecycleExpiration:Delete',
                                                                                                                                      LIFECYCLE_EXPIRATION_DELETE_MARKER_CREATED = 's3:LifecycleExpiration:DeleteMarkerCreated',
                                                                                                                                      LIFECYCLE_TRANSITION = 's3:LifecycleTransition',
                                                                                                                                      INTELLIGENT_TIERING = 's3:IntelligentTiering',
                                                                                                                                      OBJECT_TAGGING = 's3:ObjectTagging:*',
                                                                                                                                      OBJECT_TAGGING_PUT = 's3:ObjectTagging:Put',
                                                                                                                                      OBJECT_TAGGING_DELETE = 's3:ObjectTagging:Delete',
                                                                                                                                      OBJECT_ACL_PUT = 's3:ObjectAcl:Put',
                                                                                                                                      }
                                                                                                                                      • Notification event types. https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-event-types-and-destinations.html#supported-notification-event-types

                                                                                                                                      member INTELLIGENT_TIERING

                                                                                                                                      INTELLIGENT_TIERING = 's3:IntelligentTiering'
                                                                                                                                      • You receive this notification event when an object within the S3 Intelligent-Tiering storage class moved to the Archive Access tier or Deep Archive Access tier.

                                                                                                                                      member LIFECYCLE_EXPIRATION

                                                                                                                                      LIFECYCLE_EXPIRATION = 's3:LifecycleExpiration:*'
                                                                                                                                      • By using the LifecycleExpiration event types, you can receive a notification when Amazon S3 deletes an object based on your S3 Lifecycle configuration.

                                                                                                                                      member LIFECYCLE_EXPIRATION_DELETE

                                                                                                                                      LIFECYCLE_EXPIRATION_DELETE = 's3:LifecycleExpiration:Delete'
                                                                                                                                      • The s3:LifecycleExpiration:Delete event type notifies you when an object in an unversioned bucket is deleted. It also notifies you when an object version is permanently deleted by an S3 Lifecycle configuration.

                                                                                                                                      member LIFECYCLE_EXPIRATION_DELETE_MARKER_CREATED

                                                                                                                                      LIFECYCLE_EXPIRATION_DELETE_MARKER_CREATED = 's3:LifecycleExpiration:DeleteMarkerCreated'
                                                                                                                                      • The s3:LifecycleExpiration:DeleteMarkerCreated event type notifies you when S3 Lifecycle creates a delete marker when a current version of an object in versioned bucket is deleted.

                                                                                                                                      member LIFECYCLE_TRANSITION

                                                                                                                                      LIFECYCLE_TRANSITION = 's3:LifecycleTransition'
                                                                                                                                      • You receive this notification event when an object is transitioned to another Amazon S3 storage class by an S3 Lifecycle configuration.

                                                                                                                                      member OBJECT_ACL_PUT

                                                                                                                                      OBJECT_ACL_PUT = 's3:ObjectAcl:Put'
                                                                                                                                      • You receive this notification event when an ACL is PUT on an object or when an existing ACL is changed. An event is not generated when a request results in no change to an object’s ACL.

                                                                                                                                      member OBJECT_CREATED

                                                                                                                                      OBJECT_CREATED = 's3:ObjectCreated:*'
                                                                                                                                      • Amazon S3 APIs such as PUT, POST, and COPY can create an object. Using these event types, you can enable notification when an object is created using a specific API, or you can use the s3:ObjectCreated:* event type to request notification regardless of the API that was used to create an object.

                                                                                                                                      member OBJECT_CREATED_COMPLETE_MULTIPART_UPLOAD

                                                                                                                                      OBJECT_CREATED_COMPLETE_MULTIPART_UPLOAD = 's3:ObjectCreated:CompleteMultipartUpload'
                                                                                                                                      • Amazon S3 APIs such as PUT, POST, and COPY can create an object. Using these event types, you can enable notification when an object is created using a specific API, or you can use the s3:ObjectCreated:* event type to request notification regardless of the API that was used to create an object.

                                                                                                                                      member OBJECT_CREATED_COPY

                                                                                                                                      OBJECT_CREATED_COPY = 's3:ObjectCreated:Copy'
                                                                                                                                      • Amazon S3 APIs such as PUT, POST, and COPY can create an object. Using these event types, you can enable notification when an object is created using a specific API, or you can use the s3:ObjectCreated:* event type to request notification regardless of the API that was used to create an object.

                                                                                                                                      member OBJECT_CREATED_POST

                                                                                                                                      OBJECT_CREATED_POST = 's3:ObjectCreated:Post'
                                                                                                                                      • Amazon S3 APIs such as PUT, POST, and COPY can create an object. Using these event types, you can enable notification when an object is created using a specific API, or you can use the s3:ObjectCreated:* event type to request notification regardless of the API that was used to create an object.

                                                                                                                                      member OBJECT_CREATED_PUT

                                                                                                                                      OBJECT_CREATED_PUT = 's3:ObjectCreated:Put'
                                                                                                                                      • Amazon S3 APIs such as PUT, POST, and COPY can create an object. Using these event types, you can enable notification when an object is created using a specific API, or you can use the s3:ObjectCreated:* event type to request notification regardless of the API that was used to create an object.

                                                                                                                                      member OBJECT_REMOVED

                                                                                                                                      OBJECT_REMOVED = 's3:ObjectRemoved:*'
                                                                                                                                      • By using the ObjectRemoved event types, you can enable notification when an object or a batch of objects is removed from a bucket.

                                                                                                                                        You can request notification when an object is deleted or a versioned object is permanently deleted by using the s3:ObjectRemoved:Delete event type. Or you can request notification when a delete marker is created for a versioned object by using s3:ObjectRemoved:DeleteMarkerCreated. For information about deleting versioned objects, see Deleting Object Versions. You can also use a wildcard s3:ObjectRemoved:* to request notification anytime an object is deleted.

                                                                                                                                        You will not receive event notifications from automatic deletes from lifecycle policies or from failed operations.

                                                                                                                                      member OBJECT_REMOVED_DELETE

                                                                                                                                      OBJECT_REMOVED_DELETE = 's3:ObjectRemoved:Delete'
                                                                                                                                      • By using the ObjectRemoved event types, you can enable notification when an object or a batch of objects is removed from a bucket.

                                                                                                                                        You can request notification when an object is deleted or a versioned object is permanently deleted by using the s3:ObjectRemoved:Delete event type. Or you can request notification when a delete marker is created for a versioned object by using s3:ObjectRemoved:DeleteMarkerCreated. For information about deleting versioned objects, see Deleting Object Versions. You can also use a wildcard s3:ObjectRemoved:* to request notification anytime an object is deleted.

                                                                                                                                        You will not receive event notifications from automatic deletes from lifecycle policies or from failed operations.

                                                                                                                                      member OBJECT_REMOVED_DELETE_MARKER_CREATED

                                                                                                                                      OBJECT_REMOVED_DELETE_MARKER_CREATED = 's3:ObjectRemoved:DeleteMarkerCreated'
                                                                                                                                      • By using the ObjectRemoved event types, you can enable notification when an object or a batch of objects is removed from a bucket.

                                                                                                                                        You can request notification when an object is deleted or a versioned object is permanently deleted by using the s3:ObjectRemoved:Delete event type. Or you can request notification when a delete marker is created for a versioned object by using s3:ObjectRemoved:DeleteMarkerCreated. For information about deleting versioned objects, see Deleting Object Versions. You can also use a wildcard s3:ObjectRemoved:* to request notification anytime an object is deleted.

                                                                                                                                        You will not receive event notifications from automatic deletes from lifecycle policies or from failed operations.

                                                                                                                                      member OBJECT_RESTORE_COMPLETED

                                                                                                                                      OBJECT_RESTORE_COMPLETED = 's3:ObjectRestore:Completed'
                                                                                                                                      • Using restore object event types you can receive notifications for initiation and completion when restoring objects from the S3 Glacier storage class.

                                                                                                                                        You use s3:ObjectRestore:Completed to request notification of restoration completion.

                                                                                                                                      member OBJECT_RESTORE_DELETE

                                                                                                                                      OBJECT_RESTORE_DELETE = 's3:ObjectRestore:Delete'
                                                                                                                                      • Using restore object event types you can receive notifications for initiation and completion when restoring objects from the S3 Glacier storage class.

                                                                                                                                        You use s3:ObjectRestore:Delete to request notification of restoration completion.

                                                                                                                                      member OBJECT_RESTORE_POST

                                                                                                                                      OBJECT_RESTORE_POST = 's3:ObjectRestore:Post'
                                                                                                                                      • Using restore object event types you can receive notifications for initiation and completion when restoring objects from the S3 Glacier storage class.

                                                                                                                                        You use s3:ObjectRestore:Post to request notification of object restoration initiation.

                                                                                                                                      member OBJECT_TAGGING

                                                                                                                                      OBJECT_TAGGING = 's3:ObjectTagging:*'
                                                                                                                                      • By using the ObjectTagging event types, you can enable notification when an object tag is added or deleted from an object.

                                                                                                                                      member OBJECT_TAGGING_DELETE

                                                                                                                                      OBJECT_TAGGING_DELETE = 's3:ObjectTagging:Delete'
                                                                                                                                      • The s3:ObjectTagging:Delete event type notifies you when a tag is removed from an object.

                                                                                                                                      member OBJECT_TAGGING_PUT

                                                                                                                                      OBJECT_TAGGING_PUT = 's3:ObjectTagging:Put'
                                                                                                                                      • The s3:ObjectTagging:Put event type notifies you when a tag is PUT on an object or an existing tag is updated.

                                                                                                                                      member REDUCED_REDUNDANCY_LOST_OBJECT

                                                                                                                                      REDUCED_REDUNDANCY_LOST_OBJECT = 's3:ReducedRedundancyLostObject'
                                                                                                                                      • You can use this event type to request Amazon S3 to send a notification message when Amazon S3 detects that an object of the RRS storage class is lost.

                                                                                                                                      member REPLICATION_OPERATION_FAILED_REPLICATION

                                                                                                                                      REPLICATION_OPERATION_FAILED_REPLICATION = 's3:Replication:OperationFailedReplication'
                                                                                                                                      • You receive this notification event when an object that was eligible for replication using Amazon S3 Replication Time Control failed to replicate.

                                                                                                                                      member REPLICATION_OPERATION_MISSED_THRESHOLD

                                                                                                                                      REPLICATION_OPERATION_MISSED_THRESHOLD = 's3:Replication:OperationMissedThreshold'
                                                                                                                                      • You receive this notification event when an object that was eligible for replication using Amazon S3 Replication Time Control exceeded the 15-minute threshold for replication.

                                                                                                                                      member REPLICATION_OPERATION_NOT_TRACKED

                                                                                                                                      REPLICATION_OPERATION_NOT_TRACKED = 's3:Replication:OperationNotTracked'
                                                                                                                                      • You receive this notification event for an object that was eligible for replication using Amazon S3 Replication Time Control but is no longer tracked by replication metrics.

                                                                                                                                      member REPLICATION_OPERATION_REPLICATED_AFTER_THRESHOLD

                                                                                                                                      REPLICATION_OPERATION_REPLICATED_AFTER_THRESHOLD = 's3:Replication:OperationReplicatedAfterThreshold'
                                                                                                                                      • You receive this notification event for an object that was eligible for replication using the Amazon S3 Replication Time Control feature replicated after the 15-minute threshold.

                                                                                                                                      enum HttpMethods

                                                                                                                                      enum HttpMethods {
                                                                                                                                      GET = 'GET',
                                                                                                                                      PUT = 'PUT',
                                                                                                                                      HEAD = 'HEAD',
                                                                                                                                      POST = 'POST',
                                                                                                                                      DELETE = 'DELETE',
                                                                                                                                      }
                                                                                                                                      • All http request methods

                                                                                                                                      member DELETE

                                                                                                                                      DELETE = 'DELETE'
                                                                                                                                      • The DELETE method deletes the specified resource.

                                                                                                                                      member GET

                                                                                                                                      GET = 'GET'
                                                                                                                                      • The GET method requests a representation of the specified resource.

                                                                                                                                      member HEAD

                                                                                                                                      HEAD = 'HEAD'
                                                                                                                                      • The HEAD method asks for a response identical to that of a GET request, but without the response body.

                                                                                                                                      member POST

                                                                                                                                      POST = 'POST'
                                                                                                                                      • The POST method is used to submit an entity to the specified resource, often causing a change in state or side effects on the server.

                                                                                                                                      member PUT

                                                                                                                                      PUT = 'PUT'
                                                                                                                                      • The PUT method replaces all current representations of the target resource with the request payload.

                                                                                                                                      enum InventoryFormat

                                                                                                                                      enum InventoryFormat {
                                                                                                                                      CSV = 'CSV',
                                                                                                                                      PARQUET = 'Parquet',
                                                                                                                                      ORC = 'ORC',
                                                                                                                                      }
                                                                                                                                      • All supported inventory list formats.

                                                                                                                                      member CSV

                                                                                                                                      CSV = 'CSV'
                                                                                                                                      • Generate the inventory list as CSV.

                                                                                                                                      member ORC

                                                                                                                                      ORC = 'ORC'
                                                                                                                                      • Generate the inventory list as ORC.

                                                                                                                                      member PARQUET

                                                                                                                                      PARQUET = 'Parquet'
                                                                                                                                      • Generate the inventory list as Parquet.

                                                                                                                                      enum InventoryFrequency

                                                                                                                                      enum InventoryFrequency {
                                                                                                                                      DAILY = 'Daily',
                                                                                                                                      WEEKLY = 'Weekly',
                                                                                                                                      }
                                                                                                                                      • All supported inventory frequencies.

                                                                                                                                      member DAILY

                                                                                                                                      DAILY = 'Daily'
                                                                                                                                      • A report is generated every day.

                                                                                                                                      member WEEKLY

                                                                                                                                      WEEKLY = 'Weekly'
                                                                                                                                      • A report is generated every Sunday (UTC timezone) after the initial report.

                                                                                                                                      enum InventoryObjectVersion

                                                                                                                                      enum InventoryObjectVersion {
                                                                                                                                      ALL = 'All',
                                                                                                                                      CURRENT = 'Current',
                                                                                                                                      }
                                                                                                                                      • Inventory version support.

                                                                                                                                      member ALL

                                                                                                                                      ALL = 'All'
                                                                                                                                      • Includes all versions of each object in the report.

                                                                                                                                      member CURRENT

                                                                                                                                      CURRENT = 'Current'
                                                                                                                                      • Includes only the current version of each object in the report.

                                                                                                                                      enum ObjectOwnership

                                                                                                                                      enum ObjectOwnership {
                                                                                                                                      BUCKET_OWNER_ENFORCED = 'BucketOwnerEnforced',
                                                                                                                                      BUCKET_OWNER_PREFERRED = 'BucketOwnerPreferred',
                                                                                                                                      OBJECT_WRITER = 'ObjectWriter',
                                                                                                                                      }
                                                                                                                                      • The ObjectOwnership of the bucket.

                                                                                                                                        See Also

                                                                                                                                        • https://docs.aws.amazon.com/AmazonS3/latest/dev/about-object-ownership.html

                                                                                                                                      member BUCKET_OWNER_ENFORCED

                                                                                                                                      BUCKET_OWNER_ENFORCED = 'BucketOwnerEnforced'
                                                                                                                                      • ACLs are disabled, and the bucket owner automatically owns and has full control over every object in the bucket. ACLs no longer affect permissions to data in the S3 bucket. The bucket uses policies to define access control.

                                                                                                                                      member BUCKET_OWNER_PREFERRED

                                                                                                                                      BUCKET_OWNER_PREFERRED = 'BucketOwnerPreferred'
                                                                                                                                      • Objects uploaded to the bucket change ownership to the bucket owner .

                                                                                                                                      member OBJECT_WRITER

                                                                                                                                      OBJECT_WRITER = 'ObjectWriter'
                                                                                                                                      • The uploading account will own the object.

                                                                                                                                      enum RedirectProtocol

                                                                                                                                      enum RedirectProtocol {
                                                                                                                                      HTTP = 'http',
                                                                                                                                      HTTPS = 'https',
                                                                                                                                      }
                                                                                                                                      • All http request methods

                                                                                                                                      member HTTP

                                                                                                                                      HTTP = 'http'

                                                                                                                                        member HTTPS

                                                                                                                                        HTTPS = 'https'

                                                                                                                                          Namespaces

                                                                                                                                          namespace CfnAccessPoint

                                                                                                                                          namespace CfnAccessPoint {}

                                                                                                                                            interface PublicAccessBlockConfigurationProperty

                                                                                                                                            interface PublicAccessBlockConfigurationProperty {}
                                                                                                                                            • The PublicAccessBlock configuration that you want to apply to this Amazon S3 bucket. You can enable the configuration options in any combination. For more information about when Amazon S3 considers a bucket or object public, see [The Meaning of "Public"](https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status) in the *Amazon S3 User Guide* .

                                                                                                                                              external

                                                                                                                                              http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-accesspoint-publicaccessblockconfiguration.html

                                                                                                                                            property blockPublicAcls

                                                                                                                                            readonly blockPublicAcls?: boolean | cdk.IResolvable;
                                                                                                                                            • Specifies whether Amazon S3 should block public access control lists (ACLs) for this bucket and objects in this bucket. Setting this element to TRUE causes the following behavior:

                                                                                                                                              - PUT Bucket ACL and PUT Object ACL calls fail if the specified ACL is public. - PUT Object calls fail if the request includes a public ACL. - PUT Bucket calls fail if the request includes a public ACL.

                                                                                                                                              Enabling this setting doesn't affect existing policies or ACLs.

                                                                                                                                              http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-accesspoint-publicaccessblockconfiguration.html#cfn-s3-accesspoint-publicaccessblockconfiguration-blockpublicacls

                                                                                                                                            property blockPublicPolicy

                                                                                                                                            readonly blockPublicPolicy?: boolean | cdk.IResolvable;
                                                                                                                                            • Specifies whether Amazon S3 should block public bucket policies for this bucket. Setting this element to TRUE causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access.

                                                                                                                                              Enabling this setting doesn't affect existing bucket policies.

                                                                                                                                              http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-accesspoint-publicaccessblockconfiguration.html#cfn-s3-accesspoint-publicaccessblockconfiguration-blockpublicpolicy

                                                                                                                                            property ignorePublicAcls

                                                                                                                                            readonly ignorePublicAcls?: boolean | cdk.IResolvable;
                                                                                                                                            • Specifies whether Amazon S3 should ignore public ACLs for this bucket and objects in this bucket. Setting this element to TRUE causes Amazon S3 to ignore all public ACLs on this bucket and objects in this bucket.

                                                                                                                                              Enabling this setting doesn't affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set.

                                                                                                                                              http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-accesspoint-publicaccessblockconfiguration.html#cfn-s3-accesspoint-publicaccessblockconfiguration-ignorepublicacls

                                                                                                                                            property restrictPublicBuckets

                                                                                                                                            readonly restrictPublicBuckets?: boolean | cdk.IResolvable;
                                                                                                                                            • Specifies whether Amazon S3 should restrict public bucket policies for this bucket. Setting this element to TRUE restricts access to this bucket to only AWS service principals and authorized users within this account if the bucket has a public policy.

                                                                                                                                              Enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked.

                                                                                                                                              http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-accesspoint-publicaccessblockconfiguration.html#cfn-s3-accesspoint-publicaccessblockconfiguration-restrictpublicbuckets

                                                                                                                                            interface VpcConfigurationProperty

                                                                                                                                            interface VpcConfigurationProperty {}
                                                                                                                                            • The Virtual Private Cloud (VPC) configuration for this access point.

                                                                                                                                              external

                                                                                                                                              http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-accesspoint-vpcconfiguration.html

                                                                                                                                            property vpcId

                                                                                                                                            readonly vpcId?: string;
                                                                                                                                            • If this field is specified, the access point will only allow connections from the specified VPC ID.

                                                                                                                                              http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-accesspoint-vpcconfiguration.html#cfn-s3-accesspoint-vpcconfiguration-vpcid

                                                                                                                                            namespace CfnBucket

                                                                                                                                            namespace CfnBucket {}

                                                                                                                                              interface AbortIncompleteMultipartUploadProperty

                                                                                                                                              interface AbortIncompleteMultipartUploadProperty {}
                                                                                                                                              • Specifies the days since the initiation of an incomplete multipart upload that Amazon S3 will wait before permanently removing all parts of the upload. For more information, see [Stopping Incomplete Multipart Uploads Using a Bucket Lifecycle Policy](https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config) in the *Amazon S3 User Guide* .

                                                                                                                                                external

                                                                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-abortincompletemultipartupload.html

                                                                                                                                              property daysAfterInitiation

                                                                                                                                              readonly daysAfterInitiation: number;
                                                                                                                                              • Specifies the number of days after which Amazon S3 stops an incomplete multipart upload.

                                                                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-abortincompletemultipartupload.html#cfn-s3-bucket-abortincompletemultipartupload-daysafterinitiation

                                                                                                                                              interface AccelerateConfigurationProperty

                                                                                                                                              interface AccelerateConfigurationProperty {}
                                                                                                                                              • Configures the transfer acceleration state for an Amazon S3 bucket. For more information, see [Amazon S3 Transfer Acceleration](https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html) in the *Amazon S3 User Guide* .

                                                                                                                                                external

                                                                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-accelerateconfiguration.html

                                                                                                                                              property accelerationStatus

                                                                                                                                              readonly accelerationStatus: string;
                                                                                                                                              • Specifies the transfer acceleration status of the bucket.

                                                                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-accelerateconfiguration.html#cfn-s3-bucket-accelerateconfiguration-accelerationstatus

                                                                                                                                              interface AccessControlTranslationProperty

                                                                                                                                              interface AccessControlTranslationProperty {}
                                                                                                                                              • Specify this only in a cross-account scenario (where source and destination bucket owners are not the same), and you want to change replica ownership to the AWS account that owns the destination bucket. If this is not specified in the replication configuration, the replicas are owned by same AWS account that owns the source object.

                                                                                                                                                external

                                                                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-accesscontroltranslation.html

                                                                                                                                              property owner

                                                                                                                                              readonly owner: string;
                                                                                                                                              • Specifies the replica ownership. For default and valid values, see [PUT bucket replication](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTreplication.html) in the *Amazon S3 API Reference* .

                                                                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-accesscontroltranslation.html#cfn-s3-bucket-accesscontroltranslation-owner

                                                                                                                                              interface AnalyticsConfigurationProperty

                                                                                                                                              interface AnalyticsConfigurationProperty {}
                                                                                                                                              • Specifies the configuration and any analyses for the analytics filter of an Amazon S3 bucket.

                                                                                                                                                external

                                                                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-analyticsconfiguration.html

                                                                                                                                              property id

                                                                                                                                              readonly id: string;
                                                                                                                                              • The ID that identifies the analytics configuration.

                                                                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-analyticsconfiguration.html#cfn-s3-bucket-analyticsconfiguration-id

                                                                                                                                              property prefix

                                                                                                                                              readonly prefix?: string;
                                                                                                                                              • The prefix that an object must have to be included in the analytics results.

                                                                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-analyticsconfiguration.html#cfn-s3-bucket-analyticsconfiguration-prefix

                                                                                                                                              property storageClassAnalysis

                                                                                                                                              readonly storageClassAnalysis:
                                                                                                                                              | CfnBucket.StorageClassAnalysisProperty
                                                                                                                                              | cdk.IResolvable;
                                                                                                                                              • Contains data related to access patterns to be collected and made available to analyze the tradeoffs between different storage classes.

                                                                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-analyticsconfiguration.html#cfn-s3-bucket-analyticsconfiguration-storageclassanalysis

                                                                                                                                              property tagFilters

                                                                                                                                              readonly tagFilters?:
                                                                                                                                              | Array<CfnBucket.TagFilterProperty | cdk.IResolvable>
                                                                                                                                              | cdk.IResolvable;
                                                                                                                                              • The tags to use when evaluating an analytics filter.

                                                                                                                                                The analytics only includes objects that meet the filter's criteria. If no filter is specified, all of the contents of the bucket are included in the analysis.

                                                                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-analyticsconfiguration.html#cfn-s3-bucket-analyticsconfiguration-tagfilters

                                                                                                                                              interface BucketEncryptionProperty

                                                                                                                                              interface BucketEncryptionProperty {}
                                                                                                                                              • Specifies default encryption for a bucket using server-side encryption with Amazon S3-managed keys (SSE-S3) or AWS KMS-managed keys (SSE-KMS) bucket. For information about the Amazon S3 default encryption feature, see [Amazon S3 Default Encryption for S3 Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) in the *Amazon S3 User Guide* .

                                                                                                                                                external

                                                                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-bucketencryption.html

                                                                                                                                              property serverSideEncryptionConfiguration

                                                                                                                                              readonly serverSideEncryptionConfiguration:
                                                                                                                                              | Array<CfnBucket.ServerSideEncryptionRuleProperty | cdk.IResolvable>
                                                                                                                                              | cdk.IResolvable;
                                                                                                                                              • Specifies the default server-side-encryption configuration.

                                                                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-bucketencryption.html#cfn-s3-bucket-bucketencryption-serversideencryptionconfiguration

                                                                                                                                              interface CorsConfigurationProperty

                                                                                                                                              interface CorsConfigurationProperty {}
                                                                                                                                              • Describes the cross-origin access configuration for objects in an Amazon S3 bucket. For more information, see [Enabling Cross-Origin Resource Sharing](https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html) in the *Amazon S3 User Guide* .

                                                                                                                                                external

                                                                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-cors.html

                                                                                                                                              property corsRules

                                                                                                                                              readonly corsRules:
                                                                                                                                              | Array<CfnBucket.CorsRuleProperty | cdk.IResolvable>
                                                                                                                                              | cdk.IResolvable;
                                                                                                                                              • A set of origins and methods (cross-origin access that you want to allow). You can add up to 100 rules to the configuration.

                                                                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-cors.html#cfn-s3-bucket-cors-corsrule

                                                                                                                                              interface CorsRuleProperty

                                                                                                                                              interface CorsRuleProperty {}
                                                                                                                                              • Specifies a cross-origin access rule for an Amazon S3 bucket.

                                                                                                                                                external

                                                                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-cors-corsrule.html

                                                                                                                                              property allowedHeaders

                                                                                                                                              readonly allowedHeaders?: string[];
                                                                                                                                              • Headers that are specified in the Access-Control-Request-Headers header. These headers are allowed in a preflight OPTIONS request. In response to any preflight OPTIONS request, Amazon S3 returns any requested headers that are allowed.

                                                                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-cors-corsrule.html#cfn-s3-bucket-cors-corsrule-allowedheaders

                                                                                                                                              property allowedMethods

                                                                                                                                              readonly allowedMethods: string[];
                                                                                                                                              • An HTTP method that you allow the origin to run.

                                                                                                                                                *Allowed values* : GET | PUT | HEAD | POST | DELETE

                                                                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-cors-corsrule.html#cfn-s3-bucket-cors-corsrule-allowedmethods

                                                                                                                                              property allowedOrigins

                                                                                                                                              readonly allowedOrigins: string[];
                                                                                                                                              • One or more origins you want customers to be able to access the bucket from.

                                                                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-cors-corsrule.html#cfn-s3-bucket-cors-corsrule-allowedorigins

                                                                                                                                              property exposedHeaders

                                                                                                                                              readonly exposedHeaders?: string[];
                                                                                                                                              • One or more headers in the response that you want customers to be able to access from their applications (for example, from a JavaScript XMLHttpRequest object).

                                                                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-cors-corsrule.html#cfn-s3-bucket-cors-corsrule-exposedheaders

                                                                                                                                              property id

                                                                                                                                              readonly id?: string;
                                                                                                                                              • A unique identifier for this rule. The value must be no more than 255 characters.

                                                                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-cors-corsrule.html#cfn-s3-bucket-cors-corsrule-id

                                                                                                                                              property maxAge

                                                                                                                                              readonly maxAge?: number;
                                                                                                                                              • The time in seconds that your browser is to cache the preflight response for the specified resource.

                                                                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-cors-corsrule.html#cfn-s3-bucket-cors-corsrule-maxage

                                                                                                                                              interface DataExportProperty

                                                                                                                                              interface DataExportProperty {}
                                                                                                                                              • Specifies how data related to the storage class analysis for an Amazon S3 bucket should be exported.

                                                                                                                                                external

                                                                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-dataexport.html

                                                                                                                                              property destination

                                                                                                                                              readonly destination: CfnBucket.DestinationProperty | cdk.IResolvable;
                                                                                                                                              • The place to store the data for an analysis.

                                                                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-dataexport.html#cfn-s3-bucket-dataexport-destination

                                                                                                                                              property outputSchemaVersion

                                                                                                                                              readonly outputSchemaVersion: string;
                                                                                                                                              • The version of the output schema to use when exporting data. Must be V_1 .

                                                                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-dataexport.html#cfn-s3-bucket-dataexport-outputschemaversion

                                                                                                                                              interface DefaultRetentionProperty

                                                                                                                                              interface DefaultRetentionProperty {}
                                                                                                                                              • The container element for specifying the default Object Lock retention settings for new objects placed in the specified bucket.

                                                                                                                                                > - The DefaultRetention settings require both a mode and a period. > - The DefaultRetention period can be either Days or Years but you must select one. You cannot specify Days and Years at the same time.

                                                                                                                                                external

                                                                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-defaultretention.html

                                                                                                                                              property days

                                                                                                                                              readonly days?: number;
                                                                                                                                              • The number of days that you want to specify for the default retention period. If Object Lock is turned on, you must specify Mode and specify either Days or Years .

                                                                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-defaultretention.html#cfn-s3-bucket-defaultretention-days

                                                                                                                                              property mode

                                                                                                                                              readonly mode?: string;
                                                                                                                                              • The default Object Lock retention mode you want to apply to new objects placed in the specified bucket. If Object Lock is turned on, you must specify Mode and specify either Days or Years .

                                                                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-defaultretention.html#cfn-s3-bucket-defaultretention-mode

                                                                                                                                              property years

                                                                                                                                              readonly years?: number;
                                                                                                                                              • The number of years that you want to specify for the default retention period. If Object Lock is turned on, you must specify Mode and specify either Days or Years .

                                                                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-defaultretention.html#cfn-s3-bucket-defaultretention-years

                                                                                                                                              interface DeleteMarkerReplicationProperty

                                                                                                                                              interface DeleteMarkerReplicationProperty {}
                                                                                                                                              • Specifies whether Amazon S3 replicates delete markers. If you specify a Filter in your replication configuration, you must also include a DeleteMarkerReplication element. If your Filter includes a Tag element, the DeleteMarkerReplication Status must be set to Disabled, because Amazon S3 does not support replicating delete markers for tag-based rules. For an example configuration, see [Basic Rule Configuration](https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-config-min-rule-config) .

                                                                                                                                                For more information about delete marker replication, see [Basic Rule Configuration](https://docs.aws.amazon.com/AmazonS3/latest/dev/delete-marker-replication.html) .

                                                                                                                                                > If you are using an earlier version of the replication configuration, Amazon S3 handles replication of delete markers differently. For more information, see [Backward Compatibility](https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-backward-compat-considerations) .

                                                                                                                                                external

                                                                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-deletemarkerreplication.html

                                                                                                                                              property status

                                                                                                                                              readonly status?: string;
                                                                                                                                              • Indicates whether to replicate delete markers. Disabled by default.

                                                                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-deletemarkerreplication.html#cfn-s3-bucket-deletemarkerreplication-status

                                                                                                                                              interface DestinationProperty

                                                                                                                                              interface DestinationProperty {}
                                                                                                                                              • Specifies information about where to publish analysis or configuration results for an Amazon S3 bucket.

                                                                                                                                                external

                                                                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-destination.html

                                                                                                                                              property bucketAccountId

                                                                                                                                              readonly bucketAccountId?: string;
                                                                                                                                              • The account ID that owns the destination S3 bucket. If no account ID is provided, the owner is not validated before exporting data.

                                                                                                                                                > Although this value is optional, we strongly recommend that you set it to help prevent problems if the destination bucket ownership changes.

                                                                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-destination.html#cfn-s3-bucket-destination-bucketaccountid

                                                                                                                                              property bucketArn

                                                                                                                                              readonly bucketArn: string;
                                                                                                                                              • The Amazon Resource Name (ARN) of the bucket to which data is exported.

                                                                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-destination.html#cfn-s3-bucket-destination-bucketarn

                                                                                                                                              property format

                                                                                                                                              readonly format: string;
                                                                                                                                              • Specifies the file format used when exporting data to Amazon S3.

                                                                                                                                                *Allowed values* : CSV | ORC | Parquet

                                                                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-destination.html#cfn-s3-bucket-destination-format

                                                                                                                                              property prefix

                                                                                                                                              readonly prefix?: string;
                                                                                                                                              • The prefix to use when exporting data. The prefix is prepended to all results.

                                                                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-destination.html#cfn-s3-bucket-destination-prefix

                                                                                                                                              interface EncryptionConfigurationProperty

                                                                                                                                              interface EncryptionConfigurationProperty {}
                                                                                                                                              • Specifies encryption-related information for an Amazon S3 bucket that is a destination for replicated objects.

                                                                                                                                                external

                                                                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-encryptionconfiguration.html

                                                                                                                                              property replicaKmsKeyId

                                                                                                                                              readonly replicaKmsKeyId: string;
                                                                                                                                              • Specifies the ID (Key ARN or Alias ARN) of the customer managed AWS KMS key stored in AWS Key Management Service (KMS) for the destination bucket. Amazon S3 uses this key to encrypt replica objects. Amazon S3 only supports symmetric, customer managed KMS keys. For more information, see [Using symmetric and asymmetric keys](https://docs.aws.amazon.com//kms/latest/developerguide/symmetric-asymmetric.html) in the *AWS Key Management Service Developer Guide* .

                                                                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-encryptionconfiguration.html#cfn-s3-bucket-encryptionconfiguration-replicakmskeyid

                                                                                                                                              interface EventBridgeConfigurationProperty

                                                                                                                                              interface EventBridgeConfigurationProperty {}
                                                                                                                                              • Amazon S3 can send events to Amazon EventBridge whenever certain events happen in your bucket, see [Using EventBridge](https://docs.aws.amazon.com/AmazonS3/latest/userguide/EventBridge.html) in the *Amazon S3 User Guide* .

                                                                                                                                                Unlike other destinations, delivery of events to EventBridge can be either enabled or disabled for a bucket. If enabled, all events will be sent to EventBridge and you can use EventBridge rules to route events to additional targets. For more information, see [What Is Amazon EventBridge](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-what-is.html) in the *Amazon EventBridge User Guide*

                                                                                                                                                external

                                                                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-notificationconfig-eventbridgeconfig.html

                                                                                                                                              property eventBridgeEnabled

                                                                                                                                              readonly eventBridgeEnabled?: boolean | cdk.IResolvable;
                                                                                                                                              • Enables delivery of events to Amazon EventBridge.

                                                                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-notificationconfig-eventbridgeconfig.html#cfn-s3-bucket-eventbridgeconfiguration-eventbridgeenabled

                                                                                                                                              interface FilterRuleProperty

                                                                                                                                              interface FilterRuleProperty {}
                                                                                                                                              • Specifies the Amazon S3 object key name to filter on and whether to filter on the suffix or prefix of the key name.

                                                                                                                                                external

                                                                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-notificationconfiguration-config-filter-s3key-rules.html

                                                                                                                                              property name

                                                                                                                                              readonly name: string;
                                                                                                                                              • The object key name prefix or suffix identifying one or more objects to which the filtering rule applies. The maximum length is 1,024 characters. Overlapping prefixes and suffixes are not supported. For more information, see [Configuring Event Notifications](https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) in the *Amazon S3 User Guide* .

                                                                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-notificationconfiguration-config-filter-s3key-rules.html#cfn-s3-bucket-notificationconfiguraiton-config-filter-s3key-rules-name

                                                                                                                                              property value

                                                                                                                                              readonly value: string;
                                                                                                                                              • The value that the filter searches for in object key names.

                                                                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-notificationconfiguration-config-filter-s3key-rules.html#cfn-s3-bucket-notificationconfiguraiton-config-filter-s3key-rules-value

                                                                                                                                              interface IntelligentTieringConfigurationProperty

                                                                                                                                              interface IntelligentTieringConfigurationProperty {}
                                                                                                                                              • Specifies the S3 Intelligent-Tiering configuration for an Amazon S3 bucket.

                                                                                                                                                For information about the S3 Intelligent-Tiering storage class, see [Storage class for automatically optimizing frequently and infrequently accessed objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access) .

                                                                                                                                                external

                                                                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-intelligenttieringconfiguration.html

                                                                                                                                              property id

                                                                                                                                              readonly id: string;
                                                                                                                                              • The ID used to identify the S3 Intelligent-Tiering configuration.

                                                                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-intelligenttieringconfiguration.html#cfn-s3-bucket-intelligenttieringconfiguration-id

                                                                                                                                              property prefix

                                                                                                                                              readonly prefix?: string;
                                                                                                                                              • An object key name prefix that identifies the subset of objects to which the rule applies.

                                                                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-intelligenttieringconfiguration.html#cfn-s3-bucket-intelligenttieringconfiguration-prefix

                                                                                                                                              property status

                                                                                                                                              readonly status: string;
                                                                                                                                              • Specifies the status of the configuration.

                                                                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-intelligenttieringconfiguration.html#cfn-s3-bucket-intelligenttieringconfiguration-status

                                                                                                                                              property tagFilters

                                                                                                                                              readonly tagFilters?:
                                                                                                                                              | Array<CfnBucket.TagFilterProperty | cdk.IResolvable>
                                                                                                                                              | cdk.IResolvable;
                                                                                                                                              • A container for a key-value pair.

                                                                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-intelligenttieringconfiguration.html#cfn-s3-bucket-intelligenttieringconfiguration-tagfilters

                                                                                                                                              property tierings

                                                                                                                                              readonly tierings:
                                                                                                                                              | Array<CfnBucket.TieringProperty | cdk.IResolvable>
                                                                                                                                              | cdk.IResolvable;
                                                                                                                                              • Specifies a list of S3 Intelligent-Tiering storage class tiers in the configuration. At least one tier must be defined in the list. At most, you can specify two tiers in the list, one for each available AccessTier: ARCHIVE_ACCESS and DEEP_ARCHIVE_ACCESS .

                                                                                                                                                > You only need Intelligent Tiering Configuration enabled on a bucket if you want to automatically move objects stored in the Intelligent-Tiering storage class to Archive Access or Deep Archive Access tiers.

                                                                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-intelligenttieringconfiguration.html#cfn-s3-bucket-intelligenttieringconfiguration-tierings

                                                                                                                                              interface InventoryConfigurationProperty

                                                                                                                                              interface InventoryConfigurationProperty {}
                                                                                                                                              • Specifies the inventory configuration for an Amazon S3 bucket. For more information, see [GET Bucket inventory](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETInventoryConfig.html) in the *Amazon S3 API Reference* .

                                                                                                                                                external

                                                                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-inventoryconfiguration.html

                                                                                                                                              property destination

                                                                                                                                              readonly destination: CfnBucket.DestinationProperty | cdk.IResolvable;
                                                                                                                                              • Contains information about where to publish the inventory results.

                                                                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-inventoryconfiguration.html#cfn-s3-bucket-inventoryconfiguration-destination

                                                                                                                                              property enabled

                                                                                                                                              readonly enabled: boolean | cdk.IResolvable;
                                                                                                                                              • Specifies whether the inventory is enabled or disabled. If set to True , an inventory list is generated. If set to False , no inventory list is generated.

                                                                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-inventoryconfiguration.html#cfn-s3-bucket-inventoryconfiguration-enabled

                                                                                                                                              property id

                                                                                                                                              readonly id: string;
                                                                                                                                              • The ID used to identify the inventory configuration.

                                                                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-inventoryconfiguration.html#cfn-s3-bucket-inventoryconfiguration-id

                                                                                                                                              property includedObjectVersions

                                                                                                                                              readonly includedObjectVersions: string;
                                                                                                                                              • Object versions to include in the inventory list. If set to All , the list includes all the object versions, which adds the version-related fields VersionId , IsLatest , and DeleteMarker to the list. If set to Current , the list does not contain these version-related fields.

                                                                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-inventoryconfiguration.html#cfn-s3-bucket-inventoryconfiguration-includedobjectversions

                                                                                                                                              property optionalFields

                                                                                                                                              readonly optionalFields?: string[];
                                                                                                                                              • Contains the optional fields that are included in the inventory results.

                                                                                                                                                *Valid values* : Size | LastModifiedDate | StorageClass | ETag | IsMultipartUploaded | ReplicationStatus | EncryptionStatus | ObjectLockRetainUntilDate | ObjectLockMode | ObjectLockLegalHoldStatus | IntelligentTieringAccessTier | BucketKeyStatus

                                                                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-inventoryconfiguration.html#cfn-s3-bucket-inventoryconfiguration-optionalfields

                                                                                                                                              property prefix

                                                                                                                                              readonly prefix?: string;
                                                                                                                                              • Specifies the inventory filter prefix.

                                                                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-inventoryconfiguration.html#cfn-s3-bucket-inventoryconfiguration-prefix

                                                                                                                                              property scheduleFrequency

                                                                                                                                              readonly scheduleFrequency: string;
                                                                                                                                              • Specifies the schedule for generating inventory results.

                                                                                                                                                *Allowed values* : Daily | Weekly

                                                                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-inventoryconfiguration.html#cfn-s3-bucket-inventoryconfiguration-schedulefrequency

                                                                                                                                              interface LambdaConfigurationProperty

                                                                                                                                              interface LambdaConfigurationProperty {}
                                                                                                                                              • Describes the AWS Lambda functions to invoke and the events for which to invoke them.

                                                                                                                                                external

                                                                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-notificationconfig-lambdaconfig.html

                                                                                                                                              property event

                                                                                                                                              readonly event: string;
                                                                                                                                              • The Amazon S3 bucket event for which to invoke the AWS Lambda function. For more information, see [Supported Event Types](https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) in the *Amazon S3 User Guide* .

                                                                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-notificationconfig-lambdaconfig.html#cfn-s3-bucket-notificationconfig-lambdaconfig-event

                                                                                                                                              property filter

                                                                                                                                              readonly filter?: CfnBucket.NotificationFilterProperty | cdk.IResolvable;
                                                                                                                                              • The filtering rules that determine which objects invoke the AWS Lambda function. For example, you can create a filter so that only image files with a .jpg extension invoke the function when they are added to the Amazon S3 bucket.

                                                                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-notificationconfig-lambdaconfig.html#cfn-s3-bucket-notificationconfig-lambdaconfig-filter

                                                                                                                                              property function

                                                                                                                                              readonly function: string;
                                                                                                                                              • The Amazon Resource Name (ARN) of the AWS Lambda function that Amazon S3 invokes when the specified event type occurs.

                                                                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-notificationconfig-lambdaconfig.html#cfn-s3-bucket-notificationconfig-lambdaconfig-function

                                                                                                                                              interface LifecycleConfigurationProperty

                                                                                                                                              interface LifecycleConfigurationProperty {}
                                                                                                                                              • Specifies the lifecycle configuration for objects in an Amazon S3 bucket. For more information, see [Object Lifecycle Management](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html) in the *Amazon S3 User Guide* .

                                                                                                                                                external

                                                                                                                                                http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-lifecycleconfig.html

                                                                                                                                              property rules

                                                                                                                                              readonly rules:
                                                                                                                                              | Array<CfnBucket.RuleProperty