This documentation is for the developer preview release of the AWS CDK. Do not use this version of the AWS CDK in production. Subsequent releases of the AWS CDK will likely include breaking changes.

@aws-cdk/aws-s3¶

AWS S3 Construct Library¶

Define an unencrypted S3 bucket.

new Bucket(this, 'MyFirstBucket');

Bucket constructs expose the following deploy-time attributes:

bucketArn - the ARN of the bucket (i.e. arn:aws:s3:::bucket_name)
bucketName - the name of the bucket (i.e. bucket_name)
bucketUrl - the URL of the bucket (i.e. https://s3.us-west-1.amazonaws.com/onlybucket)
arnForObjects(...pattern) - the ARN of an object or objects within the bucket (i.e. arn:aws:s3:::my_corporate_bucket/exampleobject.png or arn:aws:s3:::my_corporate_bucket/Development/*)
urlForObject(key) - the URL of an object within the bucket (i.e. https://s3.cn-north-1.amazonaws.com.cn/china-bucket/mykey)

Encryption¶

Define a KMS-encrypted bucket:

const bucket = new Bucket(this, 'MyUnencryptedBucket', {
    encryption: BucketEncryption.Kms
});

// you can access the encryption key:
assert(bucket.encryptionKey instanceof kms.EncryptionKey);

You can also supply your own key:

const myKmsKey = new kms.EncryptionKey(this, 'MyKey');

const bucket = new Bucket(this, 'MyEncryptedBucket', {
    encryption: BucketEncryption.Kms,
    encryptionKey: myKmsKey
});

assert(bucket.encryptionKey === myKmsKey);

Use BucketEncryption.ManagedKms to use the S3 master KMS key:

const bucket = new Bucket(this, 'Buck', {
    encryption: BucketEncryption.ManagedKms
});

assert(bucket.encryptionKey == null);

Permissions¶

A bucket policy will be automatically created for the bucket upon the first call to addToResourcePolicy(statement):

const bucket = new Bucket(this, 'MyBucket');
bucket.addToResourcePolicy(new iam.PolicyStatement()
  .addActions('s3:GetObject')
  .addResources(bucket.arnForObjects('file.txt'))
  .addAccountRootPrincipal());

Most of the time, you won’t have to manipulate the bucket policy directly. Instead, buckets have “grant” methods called to give prepackaged sets of permissions to other resources. For example:

const lambda = new lambda.Function(this, 'Lambda', { /* ... */ });

const bucket = new Bucket(this, 'MyBucket');
bucket.grantReadWrite(lambda.role);

Will give the Lambda’s execution role permissions to read and write from the bucket.

Importing existing buckets¶

To import an existing bucket into your CDK application, use the Bucket.import factory method. This method accepts a BucketImportProps which describes the properties of the already existing bucket:

const bucket = Bucket.import(this, {
    bucketArn: 'arn:aws:s3:::my-bucket'
});

// now you can just call methods on the bucket
bucket.grantReadWrite(user);

Bucket Notifications¶

The Amazon S3 notification feature enables you to receive notifications when certain events happen in your bucket as described under S3 Bucket Notifications of the S3 Developer Guide.

To subscribe for bucket notifications, use the bucket.onEvent method. The bucket.onObjectCreated and bucket.onObjectRemoved can also be used for these common use cases.

The following example will subscribe an SNS topic to be notified of all `s3:ObjectCreated:* events:

const myTopic = new sns.Topic(this, 'MyTopic');
bucket.onEvent(s3.EventType.ObjectCreated, myTopic);

This call will also ensure that the topic policy can accept notifications for this specific bucket.

The following destinations are currently supported:

sns.Topic
sqs.Queue
lambda.Function

It is also possible to specify S3 object key filters when subscribing. The following example will notify myQueue when objects prefixed with foo/ and have the .jpg suffix are removed from the bucket.

bucket.onEvent(s3.EventType.ObjectRemoved, myQueue, { prefix: 'foo/', suffix: '.jpg' });

Block Public Access¶

Use blockPublicAccess to specify block public access settings on the bucket.

Enable all block public access settings:

const bucket = new Bucket(this, 'MyBlockedBucket', {
    blockPublicAccess: BlockPublicAccess.BlockAll
});

Block and ignore public ACLs:

const bucket = new Bucket(this, 'MyBlockedBucket', {
    blockPublicAccess: BlockPublicAccess.BlockAcls
});

Alternatively, specify the settings manually:

const bucket = new Bucket(this, 'MyBlockedBucket', {
    blockPublicAccess: new BlockPublicAccess({ blockPublicPolicy: true })
});

When blockPublicPolicy is set to true, grantPublicRead() throws an error.

Reference¶

View in Nuget

csproj:

<PackageReference Include="Amazon.CDK.AWS.S3" Version="0.28.0" />

dotnet:

dotnet add package Amazon.CDK.AWS.S3 --version 0.28.0

packages.config:

<package id="Amazon.CDK.AWS.S3" version="0.28.0" />

View in Maven Central

Apache Buildr:

'software.amazon.awscdk:s3:jar:0.28.0'

Apache Ivy:

<dependency groupId="software.amazon.awscdk" name="s3" rev="0.28.0"/>

Apache Maven:

<dependency>
  <groupId>software.amazon.awscdk</groupId>
  <artifactId>s3</artifactId>
  <version>0.28.0</version>
</dependency>

Gradle / Grails:

compile 'software.amazon.awscdk:s3:0.28.0'

Groovy Grape:

@Grapes(
@Grab(group='software.amazon.awscdk', module='s3', version='0.28.0')
)

View in NPM

npm:

$ npm i @aws-cdk/aws-s3@0.28.0

package.json:

{
  "@aws-cdk/aws-s3": "^0.28.0"
}

yarn:

$ yarn add @aws-cdk/aws-s3@0.28.0

View in NPM

npm:

$ npm i @aws-cdk/aws-s3@0.28.0

package.json:

{
  "@aws-cdk/aws-s3": "^0.28.0"
}

yarn:

$ yarn add @aws-cdk/aws-s3@0.28.0

BlockPublicAccess¶

class @aws-cdk/aws-s3.BlockPublicAccess(options)¶

Language-specific names:

using Amazon.CDK.AWS.S3;

import software.amazon.awscdk.services.s3.BlockPublicAccess;

const { BlockPublicAccess } = require('@aws-cdk/aws-s3');

import { BlockPublicAccess } from '@aws-cdk/aws-s3';

Parameters:	options (`BlockPublicAccessOptions`) –

BlockAcls¶

Type:	`BlockPublicAccess` (readonly) (static)

BlockAll¶

Type:	`BlockPublicAccess` (readonly) (static)

blockPublicAcls¶

Type:	boolean (optional)

blockPublicPolicy¶

Type:	boolean (optional)

ignorePublicAcls¶

Type:	boolean (optional)

restrictPublicBuckets¶

Type:	boolean (optional)

BlockPublicAccessOptions (interface)¶

class @aws-cdk/aws-s3.BlockPublicAccessOptions¶

Language-specific names:

using Amazon.CDK.AWS.S3;

import software.amazon.awscdk.services.s3.BlockPublicAccessOptions;

// BlockPublicAccessOptions is an interface

import { BlockPublicAccessOptions } from '@aws-cdk/aws-s3';

blockPublicAcls¶

Whether to block public ACLs

Type:	boolean (optional) (readonly)

blockPublicPolicy¶

Whether to block public policy

Type:	boolean (optional) (readonly)

ignorePublicAcls¶

Whether to ignore public ACLs

Type:	boolean (optional) (readonly)

restrictPublicBuckets¶

Whether to restrict public access

Type:	boolean (optional) (readonly)

Bucket¶

class @aws-cdk/aws-s3.Bucket(scope, id[, props])¶

Language-specific names:

using Amazon.CDK.AWS.S3;

import software.amazon.awscdk.services.s3.Bucket;

const { Bucket } = require('@aws-cdk/aws-s3');

import { Bucket } from '@aws-cdk/aws-s3';

An S3 bucket with associated policy objects

This bucket does not yet have all features that exposed by the underlying

BucketResource.

Extends:	`BucketBase`
Parameters:	scope (`@aws-cdk/cdk.Construct`) – id (string) – props (`BucketProps` (optional)) –

static import(scope, id, props) → @aws-cdk/aws-s3.IBucket¶

Creates a Bucket construct that represents an external bucket.

Parameters:	scope (`@aws-cdk/cdk.Construct`) – id (string) – The construct’s name. props (`BucketImportProps`) – A BucketAttributes object. Can be obtained from a call to bucket.export() or manually created.
Return type:	`IBucket`

addLifecycleRule(rule)¶

Add a lifecycle rule to the bucket

Parameters:	rule (`LifecycleRule`) – The rule to add

export() → @aws-cdk/aws-s3.BucketImportProps¶

Implements @aws-cdk/aws-s3.BucketBase.export()

Exports this bucket from the stack.

Return type:	`BucketImportProps`

onEvent(event, dest, *filters)¶

Adds a bucket notification event destination.

Parameters:

event (EventType) – The event to trigger the notification
dest (@aws-cdk/aws-s3-notifications.IBucketNotificationDestination) – The notification destination (Lambda, SNS Topic or SQS Queue)
*filters (NotificationKeyFilter) – S3 object key filter rules to determine which objects trigger this event. Each filter must include a prefix and/or suffix that will be matched against the s3 object key. Refer to the S3 Developer Guide for details about allowed filter rules.

onObjectCreated(dest, *filters)¶

Subscribes a destination to receive notificatins when an object is

created in the bucket. This is identical to calling

onEvent(EventType.ObjectCreated).

Parameters:	dest (`@aws-cdk/aws-s3-notifications.IBucketNotificationDestination`) – The notification destination (see onEvent) *filters (`NotificationKeyFilter`) – Filters (see onEvent)

onObjectRemoved(dest, *filters)¶

Subscribes a destination to receive notificatins when an object is

removed from the bucket. This is identical to calling

onEvent(EventType.ObjectRemoved).

Parameters:	dest (`@aws-cdk/aws-s3-notifications.IBucketNotificationDestination`) – The notification destination (see onEvent) *filters (`NotificationKeyFilter`) – Filters (see onEvent)

bucketArn¶

Implements @aws-cdk/aws-s3.BucketBase.bucketArn()

The ARN of the bucket.

Type:	string (readonly)

bucketName¶

Implements @aws-cdk/aws-s3.BucketBase.bucketName()

The name of the bucket.

Type:	string (readonly)

bucketWebsiteUrl¶

Type:	string (readonly)

domainName¶

Implements @aws-cdk/aws-s3.BucketBase.domainName()

The domain of the bucket.

Type:	string (readonly)

dualstackDomainName¶

Type:	string (readonly)

encryptionKey¶

Implements @aws-cdk/aws-s3.BucketBase.encryptionKey()

Optional KMS encryption key associated with this bucket.

Type:	`@aws-cdk/aws-kms.IEncryptionKey` (optional) (readonly)

autoCreatePolicy¶

Implements @aws-cdk/aws-s3.BucketBase.autoCreatePolicy()

Indicates if a bucket resource policy should automatically created upon

the first call to addToResourcePolicy.

Protected property

Type:	boolean

disallowPublicAccess¶

Implements @aws-cdk/aws-s3.BucketBase.disallowPublicAccess()

Whether to disallow public access

Protected property

Type:	boolean (optional)

policy¶

Implements @aws-cdk/aws-s3.BucketBase.policy()

The resource policy assoicated with this bucket.

If autoCreatePolicy is true, a BucketPolicy will be created upon the

first call to addToResourcePolicy(s).

Type:	`BucketPolicy` (optional)

addToResourcePolicy(permission)¶

Inherited from @aws-cdk/aws-s3.BucketBase

Adds a statement to the resource policy for a principal (i.e.

account/role/service) to perform actions on this bucket and/or it’s

contents. Use bucketArn and arnForObjects(keys) to obtain ARNs for

this bucket or objects.

Parameters:	permission (`@aws-cdk/aws-iam.PolicyStatement`) –

arnForObjects(*keyPattern) → string¶

Inherited from @aws-cdk/aws-s3.BucketBase

Returns an ARN that represents all objects within the bucket that match

the key pattern specified. To represent all keys, specify "*".

If you specify multiple components for keyPattern, they will be concatenated:

arnForObjects('home/', team, '/', user, '/*')

Parameters:	keyPattern (string*) –
Return type:	string

grantDelete(identity[, objectsKeyPattern]) → @aws-cdk/aws-iam.Grant¶

Inherited from @aws-cdk/aws-s3.BucketBase

Grants s3:DeleteObject* permission to an IAM pricipal for objects

in this bucket.

Parameters:	identity (`@aws-cdk/aws-iam.IGrantable`) – The principal objectsKeyPattern (any (optional)) – Restrict the permission to a certain key pattern (default ‘*’)
Return type:	`@aws-cdk/aws-iam.Grant`

grantPublicAccess(keyPrefix, *allowedActions) → @aws-cdk/aws-iam.Grant¶

Inherited from @aws-cdk/aws-s3.BucketBase

Allows unrestricted access to objects from this bucket.

IMPORTANT: This permission allows anyone to perform actions on S3 objects

in this bucket, which is useful for when you configure your bucket as a

website and want everyone to be able to read objects in the bucket without

needing to authenticate.

Without arguments, this method will grant read (“s3:GetObject”) access to

all objects (“*”) in the bucket.

The method returns the iam.PolicyStatement object, which can then be modified

as needed. For example, you can add a condition that will restrict access only

to an IPv4 range like this:

const statement = bucket.grantPublicAccess();

statement.addCondition(‘IpAddress’, { “aws:SourceIp”: “54.240.143.0/24” });

Parameters:	keyPrefix (string (optional)) – the prefix of S3 object keys (e.g. home/). Default is “”. allowedActions (string*) – the set of S3 actions to allow. Default is “s3:GetObject”.
Return type:	`@aws-cdk/aws-iam.Grant`

grantPut(identity[, objectsKeyPattern]) → @aws-cdk/aws-iam.Grant¶

Inherited from @aws-cdk/aws-s3.BucketBase

Grants s3:PutObject* and s3:Abort* permissions for this bucket to an IAM principal.

If encryption is used, permission to use the key to encrypt the contents

of written files will also be granted to the same principal.

Parameters:	identity (`@aws-cdk/aws-iam.IGrantable`) – The principal objectsKeyPattern (any (optional)) – Restrict the permission to a certain key pattern (default ‘*’)
Return type:	`@aws-cdk/aws-iam.Grant`

grantRead(identity[, objectsKeyPattern]) → @aws-cdk/aws-iam.Grant¶

Inherited from @aws-cdk/aws-s3.BucketBase

Grant read permissions for this bucket and it’s contents to an IAM

principal (Role/Group/User).

If encryption is used, permission to use the key to decrypt the contents

of the bucket will also be granted to the same principal.

Parameters:	identity (`@aws-cdk/aws-iam.IGrantable`) – The principal objectsKeyPattern (any (optional)) – Restrict the permission to a certain key pattern (default ‘*’)
Return type:	`@aws-cdk/aws-iam.Grant`

grantReadWrite(identity[, objectsKeyPattern]) → @aws-cdk/aws-iam.Grant¶

Inherited from @aws-cdk/aws-s3.BucketBase

Grants read/write permissions for this bucket and it’s contents to an IAM

principal (Role/Group/User).

If an encryption key is used, permission to use the key for

encrypt/decrypt will also be granted.

Parameters:	identity (`@aws-cdk/aws-iam.IGrantable`) – The principal objectsKeyPattern (any (optional)) – Restrict the permission to a certain key pattern (default ‘*’)
Return type:	`@aws-cdk/aws-iam.Grant`

grantWrite(identity[, objectsKeyPattern]) → @aws-cdk/aws-iam.Grant¶

Inherited from @aws-cdk/aws-s3.BucketBase

Grant write permissions to this bucket to an IAM principal.

If encryption is used, permission to use the key to encrypt the contents

of written files will also be granted to the same principal.

Parameters:	identity (`@aws-cdk/aws-iam.IGrantable`) – The principal objectsKeyPattern (any (optional)) – Restrict the permission to a certain key pattern (default ‘*’)
Return type:	`@aws-cdk/aws-iam.Grant`

onPutObject(name[, target[, path]]) → @aws-cdk/aws-events.EventRule¶

Inherited from @aws-cdk/aws-s3.BucketBase

Defines a CloudWatch Event Rule that triggers upon putting an object into the Bucket.

Parameters:	name (string) – target (`@aws-cdk/aws-events.IEventRuleTarget` (optional)) – path (string (optional)) –
Return type:	`@aws-cdk/aws-events.EventRule`

urlForObject([key]) → string¶

Inherited from @aws-cdk/aws-s3.BucketBase

The https URL of an S3 object. For example:

Parameters:	key (string (optional)) – The S3 key of the object. If not specified, the URL of the bucket is returned.
Returns:	an ObjectS3Url token
Return type:	string

bucketUrl¶

Inherited from @aws-cdk/aws-s3.BucketBase

The https:// URL of this bucket.

Type:	string (readonly)

prepare()¶

Inherited from @aws-cdk/cdk.Construct

Perform final modifications before synthesis

This method can be implemented by derived constructs in order to perform

final changes before synthesis. prepare() will be called after child

constructs have been prepared.

This is an advanced framework feature. Only use this if you

understand the implications.

Protected method

toString() → string¶

Inherited from @aws-cdk/cdk.Construct

Returns a string representation of this construct.

Return type:	string

validate() → string[]¶

Inherited from @aws-cdk/cdk.Construct

Validate the current construct.

This method can be implemented by derived constructs in order to perform

validation logic. It is called on all constructs before synthesis.

Protected method

Returns:	An array of validation error messages, or an empty array if there the construct is valid.
Return type:	string[]

dependencyRoots¶

Inherited from @aws-cdk/cdk.Construct

The set of constructs that form the root of this dependable

All resources under all returned constructs are included in the ordering

dependency.

Type:	`@aws-cdk/cdk.IConstruct`[] (readonly)

node¶

Inherited from @aws-cdk/cdk.Construct

Construct node.

Type:	`@aws-cdk/cdk.ConstructNode` (readonly)

BucketBase¶

class @aws-cdk/aws-s3.BucketBase(scope, id)¶

Language-specific names:

using Amazon.CDK.AWS.S3;

import software.amazon.awscdk.services.s3.BucketBase;

const { BucketBase } = require('@aws-cdk/aws-s3');

import { BucketBase } from '@aws-cdk/aws-s3';

Represents an S3 Bucket.

Buckets can be either defined within this stack:

new Bucket(this, ‘MyBucket’, { props });

Or imported from an existing bucket:

Bucket.import(this, ‘MyImportedBucket’, { bucketArn: … });

You can also export a bucket and import it into another stack:

const ref = myBucket.export();

Bucket.import(this, ‘MyImportedBucket’, ref);

Extends:	`@aws-cdk/cdk.Construct`
Implements:	`IBucket`
Abstract:	Yes
Parameters:	scope (`@aws-cdk/cdk.Construct`) – The scope in which to define this construct id (string) – The scoped construct ID. Must be unique amongst siblings. If the ID includes a path separator (/), then it will be replaced by double dash –.

addToResourcePolicy(permission)¶

Implements @aws-cdk/aws-s3.IBucket.addToResourcePolicy()

Adds a statement to the resource policy for a principal (i.e.

account/role/service) to perform actions on this bucket and/or it’s

contents. Use bucketArn and arnForObjects(keys) to obtain ARNs for

this bucket or objects.

Parameters:	permission (`@aws-cdk/aws-iam.PolicyStatement`) –

arnForObjects(*keyPattern) → string¶

Implements @aws-cdk/aws-s3.IBucket.arnForObjects()

Returns an ARN that represents all objects within the bucket that match

the key pattern specified. To represent all keys, specify "*".

If you specify multiple components for keyPattern, they will be concatenated:

arnForObjects('home/', team, '/', user, '/*')

Parameters:	keyPattern (string*) –
Return type:	string

export() → @aws-cdk/aws-s3.BucketImportProps¶

Implements @aws-cdk/aws-s3.IBucket.export()

Exports this bucket from the stack.

Return type:	`BucketImportProps`
Abstract:	Yes

grantDelete(identity[, objectsKeyPattern]) → @aws-cdk/aws-iam.Grant¶

Implements @aws-cdk/aws-s3.IBucket.grantDelete()

Grants s3:DeleteObject* permission to an IAM pricipal for objects

in this bucket.

Parameters:	identity (`@aws-cdk/aws-iam.IGrantable`) – The principal objectsKeyPattern (any (optional)) – Restrict the permission to a certain key pattern (default ‘*’)
Return type:	`@aws-cdk/aws-iam.Grant`

grantPublicAccess(keyPrefix, *allowedActions) → @aws-cdk/aws-iam.Grant¶

Implements @aws-cdk/aws-s3.IBucket.grantPublicAccess()

Allows unrestricted access to objects from this bucket.

IMPORTANT: This permission allows anyone to perform actions on S3 objects

in this bucket, which is useful for when you configure your bucket as a

website and want everyone to be able to read objects in the bucket without

needing to authenticate.

Without arguments, this method will grant read (“s3:GetObject”) access to

all objects (“*”) in the bucket.

The method returns the iam.PolicyStatement object, which can then be modified

as needed. For example, you can add a condition that will restrict access only

to an IPv4 range like this:

const statement = bucket.grantPublicAccess();

statement.addCondition(‘IpAddress’, { “aws:SourceIp”: “54.240.143.0/24” });

Parameters:	keyPrefix (string (optional)) – the prefix of S3 object keys (e.g. home/). Default is “”. allowedActions (string*) – the set of S3 actions to allow. Default is “s3:GetObject”.
Return type:	`@aws-cdk/aws-iam.Grant`

grantPut(identity[, objectsKeyPattern]) → @aws-cdk/aws-iam.Grant¶

Implements @aws-cdk/aws-s3.IBucket.grantPut()

Grants s3:PutObject* and s3:Abort* permissions for this bucket to an IAM principal.

If encryption is used, permission to use the key to encrypt the contents

of written files will also be granted to the same principal.

Parameters:	identity (`@aws-cdk/aws-iam.IGrantable`) – The principal objectsKeyPattern (any (optional)) – Restrict the permission to a certain key pattern (default ‘*’)
Return type:	`@aws-cdk/aws-iam.Grant`

grantRead(identity[, objectsKeyPattern]) → @aws-cdk/aws-iam.Grant¶

Implements @aws-cdk/aws-s3.IBucket.grantRead()

Grant read permissions for this bucket and it’s contents to an IAM

principal (Role/Group/User).

If encryption is used, permission to use the key to decrypt the contents

of the bucket will also be granted to the same principal.

Parameters:	identity (`@aws-cdk/aws-iam.IGrantable`) – The principal objectsKeyPattern (any (optional)) – Restrict the permission to a certain key pattern (default ‘*’)
Return type:	`@aws-cdk/aws-iam.Grant`

grantReadWrite(identity[, objectsKeyPattern]) → @aws-cdk/aws-iam.Grant¶

Implements @aws-cdk/aws-s3.IBucket.grantReadWrite()

Grants read/write permissions for this bucket and it’s contents to an IAM

principal (Role/Group/User).

If an encryption key is used, permission to use the key for

encrypt/decrypt will also be granted.

Parameters:	identity (`@aws-cdk/aws-iam.IGrantable`) – The principal objectsKeyPattern (any (optional)) – Restrict the permission to a certain key pattern (default ‘*’)
Return type:	`@aws-cdk/aws-iam.Grant`

grantWrite(identity[, objectsKeyPattern]) → @aws-cdk/aws-iam.Grant¶

Implements @aws-cdk/aws-s3.IBucket.grantWrite()

Grant write permissions to this bucket to an IAM principal.

If encryption is used, permission to use the key to encrypt the contents

of written files will also be granted to the same principal.

Parameters:	identity (`@aws-cdk/aws-iam.IGrantable`) – The principal objectsKeyPattern (any (optional)) – Restrict the permission to a certain key pattern (default ‘*’)
Return type:	`@aws-cdk/aws-iam.Grant`

onPutObject(name[, target[, path]]) → @aws-cdk/aws-events.EventRule¶

Implements @aws-cdk/aws-s3.IBucket.onPutObject()

Defines a CloudWatch Event Rule that triggers upon putting an object into the Bucket.

Parameters:	name (string) – target (`@aws-cdk/aws-events.IEventRuleTarget` (optional)) – path (string (optional)) –
Return type:	`@aws-cdk/aws-events.EventRule`

urlForObject([key]) → string¶

Implements @aws-cdk/aws-s3.IBucket.urlForObject()

The https URL of an S3 object. For example:

Parameters:	key (string (optional)) – The S3 key of the object. If not specified, the URL of the bucket is returned.
Returns:	an ObjectS3Url token
Return type:	string

bucketArn¶

Implements @aws-cdk/aws-s3.IBucket.bucketArn()

The ARN of the bucket.

Type:	string (readonly) (abstract)

bucketName¶

Implements @aws-cdk/aws-s3.IBucket.bucketName()

The name of the bucket.

Type:	string (readonly) (abstract)

bucketUrl¶

Implements @aws-cdk/aws-s3.IBucket.bucketUrl()

The https:// URL of this bucket.

Type:	string (readonly)

domainName¶

Implements @aws-cdk/aws-s3.IBucket.domainName()

The domain of the bucket.

Type:	string (readonly) (abstract)

encryptionKey¶

Implements @aws-cdk/aws-s3.IBucket.encryptionKey()

Optional KMS encryption key associated with this bucket.

Type:	`@aws-cdk/aws-kms.IEncryptionKey` (optional) (readonly) (abstract)

autoCreatePolicy¶

Indicates if a bucket resource policy should automatically created upon

the first call to addToResourcePolicy.

Protected property

Type:	boolean (abstract)

disallowPublicAccess¶

Whether to disallow public access

Protected property

Type:	boolean (optional) (abstract)

policy¶

Implements @aws-cdk/aws-s3.IBucket.policy()

The resource policy assoicated with this bucket.

If autoCreatePolicy is true, a BucketPolicy will be created upon the

first call to addToResourcePolicy(s).

Type:	`BucketPolicy` (optional) (abstract)

prepare()¶

Inherited from @aws-cdk/cdk.Construct

Perform final modifications before synthesis

This method can be implemented by derived constructs in order to perform

final changes before synthesis. prepare() will be called after child

constructs have been prepared.

This is an advanced framework feature. Only use this if you

understand the implications.

Protected method

toString() → string¶

Inherited from @aws-cdk/cdk.Construct

Returns a string representation of this construct.

Return type:	string

validate() → string[]¶

Inherited from @aws-cdk/cdk.Construct

Validate the current construct.

This method can be implemented by derived constructs in order to perform

validation logic. It is called on all constructs before synthesis.

Protected method

Returns:	An array of validation error messages, or an empty array if there the construct is valid.
Return type:	string[]

dependencyRoots¶

Inherited from @aws-cdk/cdk.Construct

The set of constructs that form the root of this dependable

All resources under all returned constructs are included in the ordering

dependency.

Type:	`@aws-cdk/cdk.IConstruct`[] (readonly)

node¶

Inherited from @aws-cdk/cdk.Construct

Construct node.

Type:	`@aws-cdk/cdk.ConstructNode` (readonly)

BucketEncryption (enum)¶

class @aws-cdk/aws-s3.BucketEncryption¶

Language-specific names:

using Amazon.CDK.AWS.S3;

import software.amazon.awscdk.services.s3.BucketEncryption;

const { BucketEncryption } = require('@aws-cdk/aws-s3');

import { BucketEncryption } from '@aws-cdk/aws-s3';

What kind of server-side encryption to apply to this bucket

Unencrypted¶

Objects in the bucket are not encrypted.

KmsManaged¶

Server-side KMS encryption with a master key managed by KMS.

S3Managed¶

Server-side encryption with a master key managed by S3.

Kms¶

Server-side encryption with a KMS key managed by the user.

If encryptionKey is specified, this key will be used, otherwise, one will be defined.

BucketImportProps (interface)¶

class @aws-cdk/aws-s3.BucketImportProps¶

Language-specific names:

using Amazon.CDK.AWS.S3;

import software.amazon.awscdk.services.s3.BucketImportProps;

// BucketImportProps is an interface

import { BucketImportProps } from '@aws-cdk/aws-s3';

A reference to a bucket. The easiest way to instantiate is to call

bucket.export(). Then, the consumer can use Bucket.import(this, ref) and

get a Bucket.

bucketArn¶

The ARN of the bucket. At least one of bucketArn or bucketName must be

defined in order to initialize a bucket ref.

Type:	string (optional) (readonly)

bucketDomainName¶

The domain name of the bucket.

Type:	string (optional) (readonly)
Default:	Inferred from bucket name

bucketName¶

The name of the bucket. If the underlying value of ARN is a string, the

name will be parsed from the ARN. Otherwise, the name is optional, but

some features that require the bucket name such as auto-creating a bucket

policy, won’t work.

Type:	string (optional) (readonly)

bucketWebsiteNewUrlFormat¶

The format of the website URL of the bucket. This should be true for

regions launched since 2014.

Type:	boolean (optional) (readonly)
Default:	false

bucketWebsiteUrl¶

The website URL of the bucket (if static web hosting is enabled).

Type:	string (optional) (readonly)
Default:	Inferred from bucket name

BucketPolicy¶

class @aws-cdk/aws-s3.BucketPolicy(scope, id, props)¶

Language-specific names:

using Amazon.CDK.AWS.S3;

import software.amazon.awscdk.services.s3.BucketPolicy;

const { BucketPolicy } = require('@aws-cdk/aws-s3');

import { BucketPolicy } from '@aws-cdk/aws-s3';

Applies an Amazon S3 bucket policy to an Amazon S3 bucket.

Extends:	`@aws-cdk/cdk.Construct`
Parameters:	scope (`@aws-cdk/cdk.Construct`) – id (string) – props (`BucketPolicyProps`) –

document¶

A policy document containing permissions to add to the specified bucket.

For more information, see Access Policy Language Overview in the Amazon

Simple Storage Service Developer Guide.

Type:	`@aws-cdk/aws-iam.PolicyDocument` (readonly)

prepare()¶

Inherited from @aws-cdk/cdk.Construct

Perform final modifications before synthesis

This method can be implemented by derived constructs in order to perform

final changes before synthesis. prepare() will be called after child

constructs have been prepared.

This is an advanced framework feature. Only use this if you

understand the implications.

Protected method

toString() → string¶

Inherited from @aws-cdk/cdk.Construct

Returns a string representation of this construct.

Return type:	string

validate() → string[]¶

Inherited from @aws-cdk/cdk.Construct

Validate the current construct.

This method can be implemented by derived constructs in order to perform

validation logic. It is called on all constructs before synthesis.

Protected method

Returns:	An array of validation error messages, or an empty array if there the construct is valid.
Return type:	string[]

dependencyRoots¶

Inherited from @aws-cdk/cdk.Construct

The set of constructs that form the root of this dependable

All resources under all returned constructs are included in the ordering

dependency.

Type:	`@aws-cdk/cdk.IConstruct`[] (readonly)

node¶

Inherited from @aws-cdk/cdk.Construct

Construct node.

Type:	`@aws-cdk/cdk.ConstructNode` (readonly)

BucketPolicyProps (interface)¶

class @aws-cdk/aws-s3.BucketPolicyProps¶

Language-specific names:

using Amazon.CDK.AWS.S3;

import software.amazon.awscdk.services.s3.BucketPolicyProps;

// BucketPolicyProps is an interface

import { BucketPolicyProps } from '@aws-cdk/aws-s3';

bucket¶

The Amazon S3 bucket that the policy applies to.

Type:	`IBucket` (readonly)

BucketProps (interface)¶

class @aws-cdk/aws-s3.BucketProps¶

Language-specific names:

using Amazon.CDK.AWS.S3;

import software.amazon.awscdk.services.s3.BucketProps;

// BucketProps is an interface

import { BucketProps } from '@aws-cdk/aws-s3';

blockPublicAccess¶

The block public access configuration of this bucket.

Type:	`BlockPublicAccess` (optional) (readonly)

bucketName¶

Physical name of this bucket.

Type:	string (optional) (readonly)
Default:	Assigned by CloudFormation (recommended)

encryption¶

The kind of server-side encryption to apply to this bucket.

If you choose KMS, you can specify a KMS key via encryptionKey. If

encryption key is not specified, a key will automatically be created.

Type:	`BucketEncryption` (optional) (readonly)
Default:	Unencrypted

encryptionKey¶

External KMS key to use for bucket encryption.

The ‘encryption’ property must be either not specified or set to “Kms”.

An error will be emitted if encryption is set to “Unencrypted” or

“Managed”.

Type:	`@aws-cdk/aws-kms.IEncryptionKey` (optional) (readonly)
Default:	If encryption is set to “Kms” and this property is undefined, a

new KMS key will be created and associated with this bucket.

@aws-cdk/aws-s3.lifecycleRules¶

Rules that define how Amazon S3 manages objects during their lifetime.

Type: LifecycleRule[] (optional) (readonly)

Default: No lifecycle rules

@aws-cdk/aws-s3.publicReadAccess¶

Grants public read access to all objects in the bucket.

Similar to calling bucket.grantPublicAccess()

Type: boolean (optional) (readonly)

@aws-cdk/aws-s3.removalPolicy¶

Policy to apply when the bucket is removed from this stack.

Type: @aws-cdk/cdk.RemovalPolicy (optional) (readonly)

Default: The bucket will be orphaned

@aws-cdk/aws-s3.versioned¶

Whether this bucket should have versioning turned on or not.

Type: boolean (optional) (readonly)

Default: false

@aws-cdk/aws-s3.websiteErrorDocument¶

The name of the error document (e.g. “404.html”) for the website.

websiteIndexDocument must also be set if this is set.

Type: string (optional) (readonly)

@aws-cdk/aws-s3.websiteIndexDocument¶

The name of the index document (e.g. “index.html”) for the website. Enables static website

hosting for this bucket.

Type: string (optional) (readonly)

CfnBucket¶

class @aws-cdk/aws-s3.CfnBucket(scope, id[, props])¶

Language-specific names:

using Amazon.CDK.AWS.S3;

import software.amazon.awscdk.services.s3.CfnBucket;

const { CfnBucket } = require('@aws-cdk/aws-s3');

import { CfnBucket } from '@aws-cdk/aws-s3';

A CloudFormation AWS::S3::Bucket

Extends:	`@aws-cdk/cdk.CfnResource`
Parameters:	scope (`@aws-cdk/cdk.Construct`) – scope in which this resource is defined id (string) – scoped id of the resource props (`CfnBucketProps` (optional)) – resource properties

renderProperties(properties) → string => any¶

Overrides @aws-cdk/cdk.CfnResource.renderProperties()

Protected method

Parameters:	properties (any) –
Return type:	string => any

resourceTypeName¶

The CloudFormation resource type name for this resource class.

Type:	string (readonly) (static)

bucketArn¶

Type:	string (readonly)

bucketDomainName¶

Type:	string (readonly)

bucketDualStackDomainName¶

Type:	string (readonly)

bucketName¶

Type:	string (readonly)

bucketRegionalDomainName¶

Type:	string (readonly)

bucketWebsiteUrl¶

Type:	string (readonly)

propertyOverrides¶

Type:	`CfnBucketProps` (readonly)

tags¶

The TagManager handles setting, removing and formatting tags

Tags should be managed either passing them as properties during

initiation or by calling methods on this object. If both techniques are

used only the tags from the TagManager will be used. Tag (aspect)

will use the manager.

Type:	`@aws-cdk/cdk.TagManager` (readonly)

class AbortIncompleteMultipartUploadProperty¶

Language-specific names:

using Amazon.CDK.AWS.S3;

import software.amazon.awscdk.services.s3.CfnBucket.AbortIncompleteMultipartUploadProperty;

// CfnBucket.AbortIncompleteMultipartUploadProperty is an interface

import { CfnBucket.AbortIncompleteMultipartUploadProperty } from '@aws-cdk/aws-s3';

daysAfterInitiation¶

CfnBucket.AbortIncompleteMultipartUploadProperty.DaysAfterInitiation

Type:	number or `@aws-cdk/cdk.Token` (readonly)

class AccelerateConfigurationProperty¶

Language-specific names:

using Amazon.CDK.AWS.S3;

import software.amazon.awscdk.services.s3.CfnBucket.AccelerateConfigurationProperty;

// CfnBucket.AccelerateConfigurationProperty is an interface

import { CfnBucket.AccelerateConfigurationProperty } from '@aws-cdk/aws-s3';

accelerationStatus¶

CfnBucket.AccelerateConfigurationProperty.AccelerationStatus

Type:	string (readonly)

class AccessControlTranslationProperty¶

Language-specific names:

using Amazon.CDK.AWS.S3;

import software.amazon.awscdk.services.s3.CfnBucket.AccessControlTranslationProperty;

// CfnBucket.AccessControlTranslationProperty is an interface

import { CfnBucket.AccessControlTranslationProperty } from '@aws-cdk/aws-s3';

owner¶

CfnBucket.AccessControlTranslationProperty.Owner

Type:	string (readonly)

class AnalyticsConfigurationProperty¶

Language-specific names:

using Amazon.CDK.AWS.S3;

import software.amazon.awscdk.services.s3.CfnBucket.AnalyticsConfigurationProperty;

// CfnBucket.AnalyticsConfigurationProperty is an interface

import { CfnBucket.AnalyticsConfigurationProperty } from '@aws-cdk/aws-s3';

id¶

CfnBucket.AnalyticsConfigurationProperty.Id

Type:	string (readonly)

storageClassAnalysis¶

CfnBucket.AnalyticsConfigurationProperty.StorageClassAnalysis

Type:	`@aws-cdk/cdk.Token` or `StorageClassAnalysisProperty` (readonly)

prefix¶

CfnBucket.AnalyticsConfigurationProperty.Prefix

Type:	string (optional) (readonly)

tagFilters¶

CfnBucket.AnalyticsConfigurationProperty.TagFilters

Type:	`@aws-cdk/cdk.Token` or (`@aws-cdk/cdk.Token` or `TagFilterProperty`)[] (optional) (readonly)

class BucketEncryptionProperty¶

Language-specific names:

using Amazon.CDK.AWS.S3;

import software.amazon.awscdk.services.s3.CfnBucket.BucketEncryptionProperty;

// CfnBucket.BucketEncryptionProperty is an interface

import { CfnBucket.BucketEncryptionProperty } from '@aws-cdk/aws-s3';

serverSideEncryptionConfiguration¶

CfnBucket.BucketEncryptionProperty.ServerSideEncryptionConfiguration

Type:	`@aws-cdk/cdk.Token` or (`@aws-cdk/cdk.Token` or `ServerSideEncryptionRuleProperty`)[] (readonly)

class CorsConfigurationProperty¶

Language-specific names:

using Amazon.CDK.AWS.S3;

import software.amazon.awscdk.services.s3.CfnBucket.CorsConfigurationProperty;

// CfnBucket.CorsConfigurationProperty is an interface

import { CfnBucket.CorsConfigurationProperty } from '@aws-cdk/aws-s3';

corsRules¶

CfnBucket.CorsConfigurationProperty.CorsRules

Type:	`@aws-cdk/cdk.Token` or (`@aws-cdk/cdk.Token` or `CorsRuleProperty`)[] (readonly)

class CorsRuleProperty¶

Language-specific names:

using Amazon.CDK.AWS.S3;

import software.amazon.awscdk.services.s3.CfnBucket.CorsRuleProperty;

// CfnBucket.CorsRuleProperty is an interface

import { CfnBucket.CorsRuleProperty } from '@aws-cdk/aws-s3';

allowedMethods¶

CfnBucket.CorsRuleProperty.AllowedMethods

Type:	string[] (readonly)

allowedOrigins¶

CfnBucket.CorsRuleProperty.AllowedOrigins

Type:	string[] (readonly)

allowedHeaders¶

CfnBucket.CorsRuleProperty.AllowedHeaders

Type:	string[] (optional) (readonly)

exposedHeaders¶

CfnBucket.CorsRuleProperty.ExposedHeaders

Type:	string[] (optional) (readonly)

id¶

CfnBucket.CorsRuleProperty.Id

Type:	string (optional) (readonly)

maxAge¶

CfnBucket.CorsRuleProperty.MaxAge

Type:	number or `@aws-cdk/cdk.Token` (optional) (readonly)

class DataExportProperty¶

Language-specific names:

using Amazon.CDK.AWS.S3;

import software.amazon.awscdk.services.s3.CfnBucket.DataExportProperty;

// CfnBucket.DataExportProperty is an interface

import { CfnBucket.DataExportProperty } from '@aws-cdk/aws-s3';

destination¶

CfnBucket.DataExportProperty.Destination

Type:	`@aws-cdk/cdk.Token` or `DestinationProperty` (readonly)

outputSchemaVersion¶

CfnBucket.DataExportProperty.OutputSchemaVersion

Type:	string (readonly)

class DestinationProperty¶

Language-specific names:

using Amazon.CDK.AWS.S3;

import software.amazon.awscdk.services.s3.CfnBucket.DestinationProperty;

// CfnBucket.DestinationProperty is an interface

import { CfnBucket.DestinationProperty } from '@aws-cdk/aws-s3';

bucketArn¶

CfnBucket.DestinationProperty.BucketArn

Type:	string (readonly)

format¶

CfnBucket.DestinationProperty.Format

Type:	string (readonly)

bucketAccountId¶

CfnBucket.DestinationProperty.BucketAccountId

Type:	string (optional) (readonly)

prefix¶

CfnBucket.DestinationProperty.Prefix

Type:	string (optional) (readonly)

class EncryptionConfigurationProperty¶

Language-specific names:

using Amazon.CDK.AWS.S3;

import software.amazon.awscdk.services.s3.CfnBucket.EncryptionConfigurationProperty;

// CfnBucket.EncryptionConfigurationProperty is an interface

import { CfnBucket.EncryptionConfigurationProperty } from '@aws-cdk/aws-s3';

replicaKmsKeyId¶

CfnBucket.EncryptionConfigurationProperty.ReplicaKmsKeyID

Type:	string (readonly)

class FilterRuleProperty¶

Language-specific names:

using Amazon.CDK.AWS.S3;

import software.amazon.awscdk.services.s3.CfnBucket.FilterRuleProperty;

// CfnBucket.FilterRuleProperty is an interface

import { CfnBucket.FilterRuleProperty } from '@aws-cdk/aws-s3';

name¶

CfnBucket.FilterRuleProperty.Name

Type:	string (readonly)

value¶

CfnBucket.FilterRuleProperty.Value

Type:	string (readonly)

class InventoryConfigurationProperty¶

Language-specific names:

using Amazon.CDK.AWS.S3;

import software.amazon.awscdk.services.s3.CfnBucket.InventoryConfigurationProperty;

// CfnBucket.InventoryConfigurationProperty is an interface

import { CfnBucket.InventoryConfigurationProperty } from '@aws-cdk/aws-s3';

destination¶

CfnBucket.InventoryConfigurationProperty.Destination

Type:	`@aws-cdk/cdk.Token` or `DestinationProperty` (readonly)

enabled¶

CfnBucket.InventoryConfigurationProperty.Enabled

Type:	boolean or `@aws-cdk/cdk.Token` (readonly)

id¶

CfnBucket.InventoryConfigurationProperty.Id

Type:	string (readonly)

includedObjectVersions¶

CfnBucket.InventoryConfigurationProperty.IncludedObjectVersions

Type:	string (readonly)

scheduleFrequency¶

CfnBucket.InventoryConfigurationProperty.ScheduleFrequency

Type:	string (readonly)

optionalFields¶

CfnBucket.InventoryConfigurationProperty.OptionalFields

Type:	string[] (optional) (readonly)

prefix¶

CfnBucket.InventoryConfigurationProperty.Prefix

Type:	string (optional) (readonly)

class LambdaConfigurationProperty¶

Language-specific names:

using Amazon.CDK.AWS.S3;

import software.amazon.awscdk.services.s3.CfnBucket.LambdaConfigurationProperty;

// CfnBucket.LambdaConfigurationProperty is an interface

import { CfnBucket.LambdaConfigurationProperty } from '@aws-cdk/aws-s3';

event¶

CfnBucket.LambdaConfigurationProperty.Event

Type:	string (readonly)

function¶

CfnBucket.LambdaConfigurationProperty.Function

Type:	string (readonly)

filter¶

CfnBucket.LambdaConfigurationProperty.Filter

Type:	`@aws-cdk/cdk.Token` or `NotificationFilterProperty` (optional) (readonly)

class LifecycleConfigurationProperty¶

Language-specific names:

using Amazon.CDK.AWS.S3;

import software.amazon.awscdk.services.s3.CfnBucket.LifecycleConfigurationProperty;

// CfnBucket.LifecycleConfigurationProperty is an interface

import { CfnBucket.LifecycleConfigurationProperty } from '@aws-cdk/aws-s3';

rules¶

CfnBucket.LifecycleConfigurationProperty.Rules

Type:	`@aws-cdk/cdk.Token` or (`@aws-cdk/cdk.Token` or `RuleProperty`)[] (readonly)

class LoggingConfigurationProperty¶

Language-specific names:

using Amazon.CDK.AWS.S3;

import software.amazon.awscdk.services.s3.CfnBucket.LoggingConfigurationProperty;

// CfnBucket.LoggingConfigurationProperty is an interface

import { CfnBucket.LoggingConfigurationProperty } from '@aws-cdk/aws-s3';

destinationBucketName¶

CfnBucket.LoggingConfigurationProperty.DestinationBucketName

Type:	string (optional) (readonly)

logFilePrefix¶

CfnBucket.LoggingConfigurationProperty.LogFilePrefix

Type:	string (optional) (readonly)

class MetricsConfigurationProperty¶

Language-specific names:

using Amazon.CDK.AWS.S3;

import software.amazon.awscdk.services.s3.CfnBucket.MetricsConfigurationProperty;

// CfnBucket.MetricsConfigurationProperty is an interface

import { CfnBucket.MetricsConfigurationProperty } from '@aws-cdk/aws-s3';

id¶

CfnBucket.MetricsConfigurationProperty.Id

Type:	string (readonly)

prefix¶

CfnBucket.MetricsConfigurationProperty.Prefix

Type:	string (optional) (readonly)

tagFilters¶

CfnBucket.MetricsConfigurationProperty.TagFilters

Type:	`@aws-cdk/cdk.Token` or (`@aws-cdk/cdk.Token` or `TagFilterProperty`)[] (optional) (readonly)

class NoncurrentVersionTransitionProperty¶

Language-specific names:

using Amazon.CDK.AWS.S3;

import software.amazon.awscdk.services.s3.CfnBucket.NoncurrentVersionTransitionProperty;

// CfnBucket.NoncurrentVersionTransitionProperty is an interface

import { CfnBucket.NoncurrentVersionTransitionProperty } from '@aws-cdk/aws-s3';

storageClass¶

CfnBucket.NoncurrentVersionTransitionProperty.StorageClass

Type:	string (readonly)

transitionInDays¶

CfnBucket.NoncurrentVersionTransitionProperty.TransitionInDays

Type:	number or `@aws-cdk/cdk.Token` (readonly)

class NotificationConfigurationProperty¶

Language-specific names:

using Amazon.CDK.AWS.S3;

import software.amazon.awscdk.services.s3.CfnBucket.NotificationConfigurationProperty;

// CfnBucket.NotificationConfigurationProperty is an interface

import { CfnBucket.NotificationConfigurationProperty } from '@aws-cdk/aws-s3';

lambdaConfigurations¶

CfnBucket.NotificationConfigurationProperty.LambdaConfigurations

Type:	`@aws-cdk/cdk.Token` or (`@aws-cdk/cdk.Token` or `LambdaConfigurationProperty`)[] (optional) (readonly)

queueConfigurations¶

CfnBucket.NotificationConfigurationProperty.QueueConfigurations

Type:	`@aws-cdk/cdk.Token` or (`@aws-cdk/cdk.Token` or `QueueConfigurationProperty`)[] (optional) (readonly)

topicConfigurations¶

CfnBucket.NotificationConfigurationProperty.TopicConfigurations

Type:	`@aws-cdk/cdk.Token` or (`@aws-cdk/cdk.Token` or `TopicConfigurationProperty`)[] (optional) (readonly)

class NotificationFilterProperty¶

Language-specific names:

using Amazon.CDK.AWS.S3;

import software.amazon.awscdk.services.s3.CfnBucket.NotificationFilterProperty;

// CfnBucket.NotificationFilterProperty is an interface

import { CfnBucket.NotificationFilterProperty } from '@aws-cdk/aws-s3';

s3Key¶

CfnBucket.NotificationFilterProperty.S3Key

Type:	`@aws-cdk/cdk.Token` or `S3KeyFilterProperty` (readonly)

class PublicAccessBlockConfigurationProperty¶

Language-specific names:

using Amazon.CDK.AWS.S3;

import software.amazon.awscdk.services.s3.CfnBucket.PublicAccessBlockConfigurationProperty;

// CfnBucket.PublicAccessBlockConfigurationProperty is an interface

import { CfnBucket.PublicAccessBlockConfigurationProperty } from '@aws-cdk/aws-s3';

blockPublicAcls¶

CfnBucket.PublicAccessBlockConfigurationProperty.BlockPublicAcls

Type:	boolean or `@aws-cdk/cdk.Token` (optional) (readonly)

blockPublicPolicy¶

CfnBucket.PublicAccessBlockConfigurationProperty.BlockPublicPolicy

Type:	boolean or `@aws-cdk/cdk.Token` (optional) (readonly)

ignorePublicAcls¶

CfnBucket.PublicAccessBlockConfigurationProperty.IgnorePublicAcls

Type:	boolean or `@aws-cdk/cdk.Token` (optional) (readonly)

restrictPublicBuckets¶

CfnBucket.PublicAccessBlockConfigurationProperty.RestrictPublicBuckets

Type:	boolean or `@aws-cdk/cdk.Token` (optional) (readonly)

class QueueConfigurationProperty¶

Language-specific names:

using Amazon.CDK.AWS.S3;

import software.amazon.awscdk.services.s3.CfnBucket.QueueConfigurationProperty;

// CfnBucket.QueueConfigurationProperty is an interface

import { CfnBucket.QueueConfigurationProperty } from '@aws-cdk/aws-s3';

event¶

CfnBucket.QueueConfigurationProperty.Event

Type:	string (readonly)

queue¶

CfnBucket.QueueConfigurationProperty.Queue

Type:	string (readonly)

filter¶

CfnBucket.QueueConfigurationProperty.Filter

Type:	`@aws-cdk/cdk.Token` or `NotificationFilterProperty` (optional) (readonly)

class RedirectAllRequestsToProperty¶

Language-specific names:

using Amazon.CDK.AWS.S3;

import software.amazon.awscdk.services.s3.CfnBucket.RedirectAllRequestsToProperty;

// CfnBucket.RedirectAllRequestsToProperty is an interface

import { CfnBucket.RedirectAllRequestsToProperty } from '@aws-cdk/aws-s3';

hostName¶

CfnBucket.RedirectAllRequestsToProperty.HostName

Type:	string (readonly)

protocol¶

CfnBucket.RedirectAllRequestsToProperty.Protocol

Type:	string (optional) (readonly)

class RedirectRuleProperty¶

Language-specific names:

using Amazon.CDK.AWS.S3;

import software.amazon.awscdk.services.s3.CfnBucket.RedirectRuleProperty;

// CfnBucket.RedirectRuleProperty is an interface

import { CfnBucket.RedirectRuleProperty } from '@aws-cdk/aws-s3';

hostName¶

CfnBucket.RedirectRuleProperty.HostName

Type:	string (optional) (readonly)

httpRedirectCode¶

CfnBucket.RedirectRuleProperty.HttpRedirectCode

Type:	string (optional) (readonly)

protocol¶

CfnBucket.RedirectRuleProperty.Protocol

Type:	string (optional) (readonly)

replaceKeyPrefixWith¶

CfnBucket.RedirectRuleProperty.ReplaceKeyPrefixWith

Type:	string (optional) (readonly)

replaceKeyWith¶

CfnBucket.RedirectRuleProperty.ReplaceKeyWith

Type:	string (optional) (readonly)

class ReplicationConfigurationProperty¶

Language-specific names:

using Amazon.CDK.AWS.S3;

import software.amazon.awscdk.services.s3.CfnBucket.ReplicationConfigurationProperty;

// CfnBucket.ReplicationConfigurationProperty is an interface

import { CfnBucket.ReplicationConfigurationProperty } from '@aws-cdk/aws-s3';

role¶

CfnBucket.ReplicationConfigurationProperty.Role

Type:	string (readonly)

rules¶

CfnBucket.ReplicationConfigurationProperty.Rules

Type:	`@aws-cdk/cdk.Token` or (`@aws-cdk/cdk.Token` or `ReplicationRuleProperty`)[] (readonly)

class ReplicationDestinationProperty¶

Language-specific names:

using Amazon.CDK.AWS.S3;

import software.amazon.awscdk.services.s3.CfnBucket.ReplicationDestinationProperty;

// CfnBucket.ReplicationDestinationProperty is an interface

import { CfnBucket.ReplicationDestinationProperty } from '@aws-cdk/aws-s3';

bucket¶

CfnBucket.ReplicationDestinationProperty.Bucket

Type:	string (readonly)

accessControlTranslation¶

CfnBucket.ReplicationDestinationProperty.AccessControlTranslation

Type:	`@aws-cdk/cdk.Token` or `AccessControlTranslationProperty` (optional) (readonly)

account¶

CfnBucket.ReplicationDestinationProperty.Account

Type:	string (optional) (readonly)

encryptionConfiguration¶

CfnBucket.ReplicationDestinationProperty.EncryptionConfiguration

Type:	`@aws-cdk/cdk.Token` or `EncryptionConfigurationProperty` (optional) (readonly)

storageClass¶

CfnBucket.ReplicationDestinationProperty.StorageClass

Type:	string (optional) (readonly)

class ReplicationRuleProperty¶

Language-specific names:

using Amazon.CDK.AWS.S3;

import software.amazon.awscdk.services.s3.CfnBucket.ReplicationRuleProperty;

// CfnBucket.ReplicationRuleProperty is an interface

import { CfnBucket.ReplicationRuleProperty } from '@aws-cdk/aws-s3';

destination¶

CfnBucket.ReplicationRuleProperty.Destination

Type:	`@aws-cdk/cdk.Token` or `ReplicationDestinationProperty` (readonly)

prefix¶

CfnBucket.ReplicationRuleProperty.Prefix

Type:	string (readonly)

status¶

CfnBucket.ReplicationRuleProperty.Status

Type:	string (readonly)

id¶

CfnBucket.ReplicationRuleProperty.Id

Type:	string (optional) (readonly)

sourceSelectionCriteria¶

CfnBucket.ReplicationRuleProperty.SourceSelectionCriteria

Type:	`@aws-cdk/cdk.Token` or `SourceSelectionCriteriaProperty` (optional) (readonly)

class RoutingRuleConditionProperty¶

Language-specific names:

using Amazon.CDK.AWS.S3;

import software.amazon.awscdk.services.s3.CfnBucket.RoutingRuleConditionProperty;

// CfnBucket.RoutingRuleConditionProperty is an interface

import { CfnBucket.RoutingRuleConditionProperty } from '@aws-cdk/aws-s3';

httpErrorCodeReturnedEquals¶

CfnBucket.RoutingRuleConditionProperty.HttpErrorCodeReturnedEquals

Type:	string (optional) (readonly)

keyPrefixEquals¶

CfnBucket.RoutingRuleConditionProperty.KeyPrefixEquals

Type:	string (optional) (readonly)

class RoutingRuleProperty¶

Language-specific names:

using Amazon.CDK.AWS.S3;

import software.amazon.awscdk.services.s3.CfnBucket.RoutingRuleProperty;

// CfnBucket.RoutingRuleProperty is an interface

import { CfnBucket.RoutingRuleProperty } from '@aws-cdk/aws-s3';

redirectRule¶

CfnBucket.RoutingRuleProperty.RedirectRule

Type:	`@aws-cdk/cdk.Token` or `RedirectRuleProperty` (readonly)

routingRuleCondition¶

CfnBucket.RoutingRuleProperty.RoutingRuleCondition

Type:	`@aws-cdk/cdk.Token` or `RoutingRuleConditionProperty` (optional) (readonly)

class RuleProperty¶

Language-specific names:

using Amazon.CDK.AWS.S3;

import software.amazon.awscdk.services.s3.CfnBucket.RuleProperty;

// CfnBucket.RuleProperty is an interface

import { CfnBucket.RuleProperty } from '@aws-cdk/aws-s3';

status¶

CfnBucket.RuleProperty.Status

Type:	string (readonly)

abortIncompleteMultipartUpload¶

CfnBucket.RuleProperty.AbortIncompleteMultipartUpload

Type:	`@aws-cdk/cdk.Token` or `AbortIncompleteMultipartUploadProperty` (optional) (readonly)

expirationDate¶

CfnBucket.RuleProperty.ExpirationDate

Type:	`@aws-cdk/cdk.Token` or date (optional) (readonly)

expirationInDays¶

CfnBucket.RuleProperty.ExpirationInDays

Type:	number or `@aws-cdk/cdk.Token` (optional) (readonly)

id¶

CfnBucket.RuleProperty.Id

Type:	string (optional) (readonly)

noncurrentVersionExpirationInDays¶

CfnBucket.RuleProperty.NoncurrentVersionExpirationInDays

Type:	number or `@aws-cdk/cdk.Token` (optional) (readonly)

noncurrentVersionTransition¶

CfnBucket.RuleProperty.NoncurrentVersionTransition

Type:	`@aws-cdk/cdk.Token` or `NoncurrentVersionTransitionProperty` (optional) (readonly)

noncurrentVersionTransitions¶

CfnBucket.RuleProperty.NoncurrentVersionTransitions

Type:	`@aws-cdk/cdk.Token` or (`@aws-cdk/cdk.Token` or `NoncurrentVersionTransitionProperty`)[] (optional) (readonly)

prefix¶

CfnBucket.RuleProperty.Prefix

Type:	string (optional) (readonly)

tagFilters¶

CfnBucket.RuleProperty.TagFilters

Type:	`@aws-cdk/cdk.Token` or (`@aws-cdk/cdk.Token` or `TagFilterProperty`)[] (optional) (readonly)

transition¶

CfnBucket.RuleProperty.Transition

Type:	`@aws-cdk/cdk.Token` or `TransitionProperty` (optional) (readonly)

transitions¶

CfnBucket.RuleProperty.Transitions

Type:	`@aws-cdk/cdk.Token` or (`@aws-cdk/cdk.Token` or `TransitionProperty`)[] (optional) (readonly)

class S3KeyFilterProperty¶

Language-specific names:

using Amazon.CDK.AWS.S3;

import software.amazon.awscdk.services.s3.CfnBucket.S3KeyFilterProperty;

// CfnBucket.S3KeyFilterProperty is an interface

import { CfnBucket.S3KeyFilterProperty } from '@aws-cdk/aws-s3';

rules¶

CfnBucket.S3KeyFilterProperty.Rules

Type:	`@aws-cdk/cdk.Token` or (`@aws-cdk/cdk.Token` or `FilterRuleProperty`)[] (readonly)

class ServerSideEncryptionByDefaultProperty¶

Language-specific names:

using Amazon.CDK.AWS.S3;

import software.amazon.awscdk.services.s3.CfnBucket.ServerSideEncryptionByDefaultProperty;

// CfnBucket.ServerSideEncryptionByDefaultProperty is an interface

import { CfnBucket.ServerSideEncryptionByDefaultProperty } from '@aws-cdk/aws-s3';

sseAlgorithm¶

CfnBucket.ServerSideEncryptionByDefaultProperty.SSEAlgorithm

Type:	string (readonly)

kmsMasterKeyId¶

CfnBucket.ServerSideEncryptionByDefaultProperty.KMSMasterKeyID

Type:	string (optional) (readonly)

class ServerSideEncryptionRuleProperty¶

Language-specific names:

using Amazon.CDK.AWS.S3;

import software.amazon.awscdk.services.s3.CfnBucket.ServerSideEncryptionRuleProperty;

// CfnBucket.ServerSideEncryptionRuleProperty is an interface

import { CfnBucket.ServerSideEncryptionRuleProperty } from '@aws-cdk/aws-s3';

serverSideEncryptionByDefault¶

CfnBucket.ServerSideEncryptionRuleProperty.ServerSideEncryptionByDefault

Type:	`@aws-cdk/cdk.Token` or `ServerSideEncryptionByDefaultProperty` (optional) (readonly)

class SourceSelectionCriteriaProperty¶

Language-specific names:

using Amazon.CDK.AWS.S3;

import software.amazon.awscdk.services.s3.CfnBucket.SourceSelectionCriteriaProperty;

// CfnBucket.SourceSelectionCriteriaProperty is an interface

import { CfnBucket.SourceSelectionCriteriaProperty } from '@aws-cdk/aws-s3';

sseKmsEncryptedObjects¶

CfnBucket.SourceSelectionCriteriaProperty.SseKmsEncryptedObjects

Type:	`@aws-cdk/cdk.Token` or `SseKmsEncryptedObjectsProperty` (readonly)

class SseKmsEncryptedObjectsProperty¶

Language-specific names:

using Amazon.CDK.AWS.S3;

import software.amazon.awscdk.services.s3.CfnBucket.SseKmsEncryptedObjectsProperty;

// CfnBucket.SseKmsEncryptedObjectsProperty is an interface

import { CfnBucket.SseKmsEncryptedObjectsProperty } from '@aws-cdk/aws-s3';

status¶

CfnBucket.SseKmsEncryptedObjectsProperty.Status

Type:	string (readonly)

class StorageClassAnalysisProperty¶

Language-specific names:

using Amazon.CDK.AWS.S3;

import software.amazon.awscdk.services.s3.CfnBucket.StorageClassAnalysisProperty;

// CfnBucket.StorageClassAnalysisProperty is an interface

import { CfnBucket.StorageClassAnalysisProperty } from '@aws-cdk/aws-s3';

dataExport¶

CfnBucket.StorageClassAnalysisProperty.DataExport

Type:	`@aws-cdk/cdk.Token` or `DataExportProperty` (optional) (readonly)

class TagFilterProperty¶

Language-specific names:

using Amazon.CDK.AWS.S3;

import software.amazon.awscdk.services.s3.CfnBucket.TagFilterProperty;

// CfnBucket.TagFilterProperty is an interface

import { CfnBucket.TagFilterProperty } from '@aws-cdk/aws-s3';

key¶

CfnBucket.TagFilterProperty.Key

Type:	string (readonly)

value¶

CfnBucket.TagFilterProperty.Value

Type:	string (readonly)

class TopicConfigurationProperty¶

Language-specific names:

using Amazon.CDK.AWS.S3;

import software.amazon.awscdk.services.s3.CfnBucket.TopicConfigurationProperty;

// CfnBucket.TopicConfigurationProperty is an interface

import { CfnBucket.TopicConfigurationProperty } from '@aws-cdk/aws-s3';

event¶

CfnBucket.TopicConfigurationProperty.Event

Type:	string (readonly)

topic¶

CfnBucket.TopicConfigurationProperty.Topic

Type:	string (readonly)

filter¶

CfnBucket.TopicConfigurationProperty.Filter

Type:	`@aws-cdk/cdk.Token` or `NotificationFilterProperty` (optional) (readonly)

class TransitionProperty¶

Language-specific names:

using Amazon.CDK.AWS.S3;

import software.amazon.awscdk.services.s3.CfnBucket.TransitionProperty;

// CfnBucket.TransitionProperty is an interface

import { CfnBucket.TransitionProperty } from '@aws-cdk/aws-s3';

storageClass¶

CfnBucket.TransitionProperty.StorageClass

Type:	string (readonly)

transitionDate¶

CfnBucket.TransitionProperty.TransitionDate

Type:	`@aws-cdk/cdk.Token` or date (optional) (readonly)

transitionInDays¶

CfnBucket.TransitionProperty.TransitionInDays

Type:	number or `@aws-cdk/cdk.Token` (optional) (readonly)

class VersioningConfigurationProperty¶

Language-specific names:

using Amazon.CDK.AWS.S3;

import software.amazon.awscdk.services.s3.CfnBucket.VersioningConfigurationProperty;

// CfnBucket.VersioningConfigurationProperty is an interface

import { CfnBucket.VersioningConfigurationProperty } from '@aws-cdk/aws-s3';

status¶

CfnBucket.VersioningConfigurationProperty.Status

Type:	string (readonly)

class WebsiteConfigurationProperty¶

Language-specific names:

using Amazon.CDK.AWS.S3;

import software.amazon.awscdk.services.s3.CfnBucket.WebsiteConfigurationProperty;

// CfnBucket.WebsiteConfigurationProperty is an interface

import { CfnBucket.WebsiteConfigurationProperty } from '@aws-cdk/aws-s3';

errorDocument¶

CfnBucket.WebsiteConfigurationProperty.ErrorDocument

Type:	string (optional) (readonly)

indexDocument¶

CfnBucket.WebsiteConfigurationProperty.IndexDocument

Type:	string (optional) (readonly)

redirectAllRequestsTo¶

CfnBucket.WebsiteConfigurationProperty.RedirectAllRequestsTo

Type:	`@aws-cdk/cdk.Token` or `RedirectAllRequestsToProperty` (optional) (readonly)

routingRules¶

CfnBucket.WebsiteConfigurationProperty.RoutingRules

Type:	`@aws-cdk/cdk.Token` or (`@aws-cdk/cdk.Token` or `RoutingRuleProperty`)[] (optional) (readonly)

overrideLogicalId(newLogicalId)¶

Inherited from @aws-cdk/cdk.CfnElement

Overrides the auto-generated logical ID with a specific ID.

Parameters:	newLogicalId (string) – The new logical ID to use for this stack element.

prepare()¶

Inherited from @aws-cdk/cdk.CfnElement

Automatically detect references in this CfnElement

Protected method

creationStackTrace¶

Inherited from @aws-cdk/cdk.CfnElement

Type:	string[] (readonly)

logicalId¶

Inherited from @aws-cdk/cdk.CfnElement

The logical ID for this CloudFormation stack element. The logical ID of the element

is calculated from the path of the resource node in the construct tree.

To override this value, use overrideLogicalId(newLogicalId).

Type:	string (readonly)

stackPath¶

Inherited from @aws-cdk/cdk.CfnElement

Return the path with respect to the stack

Type:	string (readonly)

ref¶

Inherited from @aws-cdk/cdk.CfnRefElement

Returns a token to a CloudFormation { Ref } that references this entity based on it’s logical ID.

Type:	string (readonly)

referenceToken¶

Inherited from @aws-cdk/cdk.CfnRefElement

Return a token that will CloudFormation { Ref } this stack element

Protected property

Type:	`@aws-cdk/cdk.Token` (readonly)

addDeletionOverride(path)¶

Inherited from @aws-cdk/cdk.CfnResource

Syntactic sugar for addOverride(path, undefined).

Parameters:	path (string) – The path of the value to delete

addDependsOn(resource)¶

Inherited from @aws-cdk/cdk.CfnResource

Indicates that this resource depends on another resource and cannot be provisioned

unless the other resource has been successfully provisioned.

Parameters:	resource (`@aws-cdk/cdk.CfnResource`) –

addOverride(path, value)¶

Inherited from @aws-cdk/cdk.CfnResource

Adds an override to the synthesized CloudFormation resource. To add a

property override, either use addPropertyOverride or prefix path with

“Properties.” (i.e. Properties.TopicName).

Parameters:	path (string) – The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. value (any) – The value. Could be primitive or complex.

addPropertyDeletionOverride(propertyPath)¶

Inherited from @aws-cdk/cdk.CfnResource

Adds an override that deletes the value of a property from the resource definition.

Parameters:	propertyPath (string) – The path to the property.

addPropertyOverride(propertyPath, value)¶

Inherited from @aws-cdk/cdk.CfnResource

Adds an override to a resource property.

Syntactic sugar for addOverride(“Properties.<…>”, value).

Parameters:	propertyPath (string) – The path of the property value (any) – The value

getAtt(attributeName) → @aws-cdk/cdk.CfnReference¶

Inherited from @aws-cdk/cdk.CfnResource

Returns a token for an runtime attribute of this resource.

Ideally, use generated attribute accessors (e.g. resource.arn), but this can be used for future compatibility

in case there is no generated attribute.

Parameters:	attributeName (string) – The name of the attribute.
Return type:	`@aws-cdk/cdk.CfnReference`

options¶

Inherited from @aws-cdk/cdk.CfnResource

Options for this resource, such as condition, update policy etc.

Type:	`@aws-cdk/cdk.IResourceOptions` (readonly)

properties¶

Inherited from @aws-cdk/cdk.CfnResource

AWS resource properties.

This object is rendered via a call to “renderProperties(this.properties)”.

Protected property

Type:	any (readonly)

resourceType¶

Inherited from @aws-cdk/cdk.CfnResource

AWS resource type.

Type:	string (readonly)

untypedPropertyOverrides¶

Inherited from @aws-cdk/cdk.CfnResource

AWS resource property overrides.

During synthesis, the method “renderProperties(this.overrides)” is called

with this object, and merged on top of the output of

“renderProperties(this.properties)”.

Derived classes should expose a strongly-typed version of this object as

a public property called propertyOverrides.

Protected property

Type:	any (readonly)

toString() → string¶

Inherited from @aws-cdk/cdk.Construct

Returns a string representation of this construct.

Return type:	string

validate() → string[]¶

Inherited from @aws-cdk/cdk.Construct

Validate the current construct.

This method can be implemented by derived constructs in order to perform

validation logic. It is called on all constructs before synthesis.

Protected method

Returns:	An array of validation error messages, or an empty array if there the construct is valid.
Return type:	string[]

dependencyRoots¶

Inherited from @aws-cdk/cdk.Construct

The set of constructs that form the root of this dependable

All resources under all returned constructs are included in the ordering

dependency.

Type:	`@aws-cdk/cdk.IConstruct`[] (readonly)

node¶

Inherited from @aws-cdk/cdk.Construct

Construct node.

Type:	`@aws-cdk/cdk.ConstructNode` (readonly)

CfnBucketPolicy¶

class @aws-cdk/aws-s3.CfnBucketPolicy(scope, id, props)¶

Language-specific names:

using Amazon.CDK.AWS.S3;

import software.amazon.awscdk.services.s3.CfnBucketPolicy;

const { CfnBucketPolicy } = require('@aws-cdk/aws-s3');

import { CfnBucketPolicy } from '@aws-cdk/aws-s3';

A CloudFormation AWS::S3::BucketPolicy

Extends:	`@aws-cdk/cdk.CfnResource`
Parameters:	scope (`@aws-cdk/cdk.Construct`) – scope in which this resource is defined id (string) – scoped id of the resource props (`CfnBucketPolicyProps`) – resource properties

renderProperties(properties) → string => any¶

Overrides @aws-cdk/cdk.CfnResource.renderProperties()

Protected method

Parameters:	properties (any) –
Return type:	string => any

resourceTypeName¶

The CloudFormation resource type name for this resource class.

Type:	string (readonly) (static)

propertyOverrides¶

Type:	`CfnBucketPolicyProps` (readonly)

overrideLogicalId(newLogicalId)¶

Inherited from @aws-cdk/cdk.CfnElement

Overrides the auto-generated logical ID with a specific ID.

Parameters:	newLogicalId (string) – The new logical ID to use for this stack element.

prepare()¶

Inherited from @aws-cdk/cdk.CfnElement

Automatically detect references in this CfnElement

Protected method

creationStackTrace¶

Inherited from @aws-cdk/cdk.CfnElement

Type:	string[] (readonly)

logicalId¶

Inherited from @aws-cdk/cdk.CfnElement

The logical ID for this CloudFormation stack element. The logical ID of the element

is calculated from the path of the resource node in the construct tree.

To override this value, use overrideLogicalId(newLogicalId).

Type:	string (readonly)

stackPath¶

Inherited from @aws-cdk/cdk.CfnElement

Return the path with respect to the stack

Type:	string (readonly)

ref¶

Inherited from @aws-cdk/cdk.CfnRefElement

Returns a token to a CloudFormation { Ref } that references this entity based on it’s logical ID.

Type:	string (readonly)

referenceToken¶

Inherited from @aws-cdk/cdk.CfnRefElement

Return a token that will CloudFormation { Ref } this stack element

Protected property

Type:	`@aws-cdk/cdk.Token` (readonly)

addDeletionOverride(path)¶

Inherited from @aws-cdk/cdk.CfnResource

Syntactic sugar for addOverride(path, undefined).

Parameters:	path (string) – The path of the value to delete

addDependsOn(resource)¶

Inherited from @aws-cdk/cdk.CfnResource

Indicates that this resource depends on another resource and cannot be provisioned

unless the other resource has been successfully provisioned.

Parameters:	resource (`@aws-cdk/cdk.CfnResource`) –

addOverride(path, value)¶

Inherited from @aws-cdk/cdk.CfnResource

Adds an override to the synthesized CloudFormation resource. To add a

property override, either use addPropertyOverride or prefix path with

“Properties.” (i.e. Properties.TopicName).

Parameters:	path (string) – The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. value (any) – The value. Could be primitive or complex.

addPropertyDeletionOverride(propertyPath)¶

Inherited from @aws-cdk/cdk.CfnResource

Adds an override that deletes the value of a property from the resource definition.

Parameters:	propertyPath (string) – The path to the property.

addPropertyOverride(propertyPath, value)¶

Inherited from @aws-cdk/cdk.CfnResource

Adds an override to a resource property.

Syntactic sugar for addOverride(“Properties.<…>”, value).

Parameters:	propertyPath (string) – The path of the property value (any) – The value

getAtt(attributeName) → @aws-cdk/cdk.CfnReference¶

Inherited from @aws-cdk/cdk.CfnResource

Returns a token for an runtime attribute of this resource.

Ideally, use generated attribute accessors (e.g. resource.arn), but this can be used for future compatibility

in case there is no generated attribute.

Parameters:	attributeName (string) – The name of the attribute.
Return type:	`@aws-cdk/cdk.CfnReference`

options¶

Inherited from @aws-cdk/cdk.CfnResource

Options for this resource, such as condition, update policy etc.

Type:	`@aws-cdk/cdk.IResourceOptions` (readonly)

properties¶

Inherited from @aws-cdk/cdk.CfnResource

AWS resource properties.

This object is rendered via a call to “renderProperties(this.properties)”.

Protected property

Type:	any (readonly)

resourceType¶

Inherited from @aws-cdk/cdk.CfnResource

AWS resource type.

Type:	string (readonly)

untypedPropertyOverrides¶

Inherited from @aws-cdk/cdk.CfnResource

AWS resource property overrides.

During synthesis, the method “renderProperties(this.overrides)” is called

with this object, and merged on top of the output of

“renderProperties(this.properties)”.

Derived classes should expose a strongly-typed version of this object as

a public property called propertyOverrides.

Protected property

Type:	any (readonly)

toString() → string¶

Inherited from @aws-cdk/cdk.Construct

Returns a string representation of this construct.

Return type:	string

validate() → string[]¶

Inherited from @aws-cdk/cdk.Construct

Validate the current construct.

This method can be implemented by derived constructs in order to perform

validation logic. It is called on all constructs before synthesis.

Protected method

Returns:	An array of validation error messages, or an empty array if there the construct is valid.
Return type:	string[]

dependencyRoots¶

Inherited from @aws-cdk/cdk.Construct

The set of constructs that form the root of this dependable

All resources under all returned constructs are included in the ordering

dependency.

Type:	`@aws-cdk/cdk.IConstruct`[] (readonly)

node¶

Inherited from @aws-cdk/cdk.Construct

Construct node.

Type:	`@aws-cdk/cdk.ConstructNode` (readonly)

CfnBucketPolicyProps (interface)¶

class @aws-cdk/aws-s3.CfnBucketPolicyProps¶

Language-specific names:

using Amazon.CDK.AWS.S3;

import software.amazon.awscdk.services.s3.CfnBucketPolicyProps;

// CfnBucketPolicyProps is an interface

import { CfnBucketPolicyProps } from '@aws-cdk/aws-s3';

Properties for defining a AWS::S3::BucketPolicy

bucket¶

AWS::S3::BucketPolicy.Bucket

Type:	string (readonly)

policyDocument¶

AWS::S3::BucketPolicy.PolicyDocument

Type:	json or `@aws-cdk/cdk.Token` (readonly)

CfnBucketProps (interface)¶

class @aws-cdk/aws-s3.CfnBucketProps¶

Language-specific names:

using Amazon.CDK.AWS.S3;

import software.amazon.awscdk.services.s3.CfnBucketProps;

// CfnBucketProps is an interface

import { CfnBucketProps } from '@aws-cdk/aws-s3';

Properties for defining a AWS::S3::Bucket

accelerateConfiguration¶

AWS::S3::Bucket.AccelerateConfiguration

Type:	`@aws-cdk/cdk.Token` or `AccelerateConfigurationProperty` (optional) (readonly)

accessControl¶

AWS::S3::Bucket.AccessControl

Type:	string (optional) (readonly)

analyticsConfigurations¶

AWS::S3::Bucket.AnalyticsConfigurations

Type:	`@aws-cdk/cdk.Token` or (`@aws-cdk/cdk.Token` or `AnalyticsConfigurationProperty`)[] (optional) (readonly)

bucketEncryption¶

AWS::S3::Bucket.BucketEncryption

Type:	`@aws-cdk/cdk.Token` or `BucketEncryptionProperty` (optional) (readonly)

bucketName¶

AWS::S3::Bucket.BucketName

Type:	string (optional) (readonly)

corsConfiguration¶

AWS::S3::Bucket.CorsConfiguration

Type:	`@aws-cdk/cdk.Token` or `CorsConfigurationProperty` (optional) (readonly)

inventoryConfigurations¶

AWS::S3::Bucket.InventoryConfigurations

Type:	`@aws-cdk/cdk.Token` or (`@aws-cdk/cdk.Token` or `InventoryConfigurationProperty`)[] (optional) (readonly)

lifecycleConfiguration¶

AWS::S3::Bucket.LifecycleConfiguration

Type:	`@aws-cdk/cdk.Token` or `LifecycleConfigurationProperty` (optional) (readonly)

loggingConfiguration¶

AWS::S3::Bucket.LoggingConfiguration

Type:	`@aws-cdk/cdk.Token` or `LoggingConfigurationProperty` (optional) (readonly)

metricsConfigurations¶

AWS::S3::Bucket.MetricsConfigurations

Type:	`@aws-cdk/cdk.Token` or (`@aws-cdk/cdk.Token` or `MetricsConfigurationProperty`)[] (optional) (readonly)

notificationConfiguration¶

AWS::S3::Bucket.NotificationConfiguration

Type:	`@aws-cdk/cdk.Token` or `NotificationConfigurationProperty` (optional) (readonly)

publicAccessBlockConfiguration¶

AWS::S3::Bucket.PublicAccessBlockConfiguration

Type:	`@aws-cdk/cdk.Token` or `PublicAccessBlockConfigurationProperty` (optional) (readonly)

replicationConfiguration¶

AWS::S3::Bucket.ReplicationConfiguration

Type:	`@aws-cdk/cdk.Token` or `ReplicationConfigurationProperty` (optional) (readonly)

tags¶

AWS::S3::Bucket.Tags

Type:	`@aws-cdk/cdk.CfnTag`[] (optional) (readonly)

versioningConfiguration¶

AWS::S3::Bucket.VersioningConfiguration

Type:	`@aws-cdk/cdk.Token` or `VersioningConfigurationProperty` (optional) (readonly)

websiteConfiguration¶

AWS::S3::Bucket.WebsiteConfiguration

Type:	`@aws-cdk/cdk.Token` or `WebsiteConfigurationProperty` (optional) (readonly)

EventType (enum)¶

class @aws-cdk/aws-s3.EventType¶

Language-specific names:

using Amazon.CDK.AWS.S3;

import software.amazon.awscdk.services.s3.EventType;

const { EventType } = require('@aws-cdk/aws-s3');

import { EventType } from '@aws-cdk/aws-s3';

Notification event types.

ObjectCreated¶

Amazon S3 APIs such as PUT, POST, and COPY can create an object. Using

these event types, you can enable notification when an object is created

using a specific API, or you can use the s3:ObjectCreated:* event type to

request notification regardless of the API that was used to create an

object.

ObjectCreatedPut¶

Amazon S3 APIs such as PUT, POST, and COPY can create an object. Using

these event types, you can enable notification when an object is created

using a specific API, or you can use the s3:ObjectCreated:* event type to

request notification regardless of the API that was used to create an

object.

ObjectCreatedPost¶

Amazon S3 APIs such as PUT, POST, and COPY can create an object. Using

these event types, you can enable notification when an object is created

using a specific API, or you can use the s3:ObjectCreated:* event type to

request notification regardless of the API that was used to create an

object.

ObjectCreatedCopy¶

Amazon S3 APIs such as PUT, POST, and COPY can create an object. Using

these event types, you can enable notification when an object is created

using a specific API, or you can use the s3:ObjectCreated:* event type to

request notification regardless of the API that was used to create an

object.

ObjectCreatedCompleteMultipartUpload¶

Amazon S3 APIs such as PUT, POST, and COPY can create an object. Using

these event types, you can enable notification when an object is created

using a specific API, or you can use the s3:ObjectCreated:* event type to

request notification regardless of the API that was used to create an

object.

ObjectRemoved¶

By using the ObjectRemoved event types, you can enable notification when

an object or a batch of objects is removed from a bucket.

You can request notification when an object is deleted or a versioned

object is permanently deleted by using the s3:ObjectRemoved:Delete event

type. Or you can request notification when a delete marker is created for

a versioned object by using s3:ObjectRemoved:DeleteMarkerCreated. For

information about deleting versioned objects, see Deleting Object

Versions. You can also use a wildcard s3:ObjectRemoved:* to request

notification anytime an object is deleted.

You will not receive event notifications from automatic deletes from

lifecycle policies or from failed operations.

ObjectRemovedDelete¶

By using the ObjectRemoved event types, you can enable notification when

an object or a batch of objects is removed from a bucket.

You can request notification when an object is deleted or a versioned

object is permanently deleted by using the s3:ObjectRemoved:Delete event

type. Or you can request notification when a delete marker is created for

a versioned object by using s3:ObjectRemoved:DeleteMarkerCreated. For

information about deleting versioned objects, see Deleting Object

Versions. You can also use a wildcard s3:ObjectRemoved:* to request

notification anytime an object is deleted.

You will not receive event notifications from automatic deletes from

lifecycle policies or from failed operations.

ObjectRemovedDeleteMarkerCreated¶

By using the ObjectRemoved event types, you can enable notification when

an object or a batch of objects is removed from a bucket.

You can request notification when an object is deleted or a versioned

object is permanently deleted by using the s3:ObjectRemoved:Delete event

type. Or you can request notification when a delete marker is created for

a versioned object by using s3:ObjectRemoved:DeleteMarkerCreated. For

information about deleting versioned objects, see Deleting Object

Versions. You can also use a wildcard s3:ObjectRemoved:* to request

notification anytime an object is deleted.

You will not receive event notifications from automatic deletes from

lifecycle policies or from failed operations.

ReducedRedundancyLostObject¶

You can use this event type to request Amazon S3 to send a notification

message when Amazon S3 detects that an object of the RRS storage class is

lost.

IBucket (interface)¶

class @aws-cdk/aws-s3.IBucket¶

Language-specific names:

using Amazon.CDK.AWS.S3;

import software.amazon.awscdk.services.s3.IBucket;

// IBucket is an interface

import { IBucket } from '@aws-cdk/aws-s3';

Extends:	`@aws-cdk/cdk.IConstruct`

bucketArn¶

The ARN of the bucket.

Type:	string (readonly)

bucketName¶

The name of the bucket.

Type:	string (readonly)

bucketUrl¶

The https:// URL of this bucket.

Type:	string (readonly)

domainName¶

The domain of the bucket.

Type:	string (readonly)

encryptionKey¶

Optional KMS encryption key associated with this bucket.

Type:	`@aws-cdk/aws-kms.IEncryptionKey` (optional) (readonly)

policy¶

The resource policy assoicated with this bucket.

If autoCreatePolicy is true, a BucketPolicy will be created upon the

first call to addToResourcePolicy(s).

Type:	`BucketPolicy` (optional)

addToResourcePolicy(permission)¶

Adds a statement to the resource policy for a principal (i.e.

account/role/service) to perform actions on this bucket and/or it’s

contents. Use bucketArn and arnForObjects(keys) to obtain ARNs for

this bucket or objects.

Parameters:	permission (`@aws-cdk/aws-iam.PolicyStatement`) –
Abstract:	Yes

arnForObjects(*keyPattern) → string¶

Returns an ARN that represents all objects within the bucket that match

the key pattern specified. To represent all keys, specify "*".

If you specify multiple components for keyPattern, they will be concatenated:

arnForObjects('home/', team, '/', user, '/*')

Parameters:	keyPattern (string*) –
Return type:	string
Abstract:	Yes

export() → @aws-cdk/aws-s3.BucketImportProps¶

Exports this bucket from the stack.

Return type:	`BucketImportProps`
Abstract:	Yes

grantDelete(identity[, objectsKeyPattern]) → @aws-cdk/aws-iam.Grant¶

Grants s3:DeleteObject* permission to an IAM pricipal for objects

in this bucket.

Parameters:	identity (`@aws-cdk/aws-iam.IGrantable`) – The principal objectsKeyPattern (any (optional)) – Restrict the permission to a certain key pattern (default ‘*’)
Return type:	`@aws-cdk/aws-iam.Grant`
Abstract:	Yes

grantPublicAccess(keyPrefix, *allowedActions) → @aws-cdk/aws-iam.Grant¶

Allows unrestricted access to objects from this bucket.

IMPORTANT: This permission allows anyone to perform actions on S3 objects

in this bucket, which is useful for when you configure your bucket as a

website and want everyone to be able to read objects in the bucket without

needing to authenticate.

Without arguments, this method will grant read (“s3:GetObject”) access to

all objects (“*”) in the bucket.

The method returns the iam.PolicyStatement object, which can then be modified

as needed. For example, you can add a condition that will restrict access only

to an IPv4 range like this:

const statement = bucket.grantPublicAccess();

statement.addCondition(‘IpAddress’, { “aws:SourceIp”: “54.240.143.0/24” });

Parameters:	keyPrefix (string (optional)) – the prefix of S3 object keys (e.g. home/). Default is “”. allowedActions (string*) – the set of S3 actions to allow. Default is “s3:GetObject”.
Returns:	The iam.PolicyStatement object, which can be used to apply e.g. conditions.
Return type:	`@aws-cdk/aws-iam.Grant`
Abstract:	Yes

grantPut(identity[, objectsKeyPattern]) → @aws-cdk/aws-iam.Grant¶

Grants s3:PutObject* and s3:Abort* permissions for this bucket to an IAM principal.

If encryption is used, permission to use the key to encrypt the contents

of written files will also be granted to the same principal.

Parameters:	identity (`@aws-cdk/aws-iam.IGrantable`) – The principal objectsKeyPattern (any (optional)) – Restrict the permission to a certain key pattern (default ‘*’)
Return type:	`@aws-cdk/aws-iam.Grant`
Abstract:	Yes

grantRead(identity[, objectsKeyPattern]) → @aws-cdk/aws-iam.Grant¶

Grant read permissions for this bucket and it’s contents to an IAM

principal (Role/Group/User).

If encryption is used, permission to use the key to decrypt the contents

of the bucket will also be granted to the same principal.

Parameters:	identity (`@aws-cdk/aws-iam.IGrantable`) – The principal objectsKeyPattern (any (optional)) – Restrict the permission to a certain key pattern (default ‘*’)
Return type:	`@aws-cdk/aws-iam.Grant`
Abstract:	Yes

grantReadWrite(identity[, objectsKeyPattern]) → @aws-cdk/aws-iam.Grant¶

Grants read/write permissions for this bucket and it’s contents to an IAM

principal (Role/Group/User).

If an encryption key is used, permission to use the key for

encrypt/decrypt will also be granted.

Parameters:	identity (`@aws-cdk/aws-iam.IGrantable`) – The principal objectsKeyPattern (any (optional)) – Restrict the permission to a certain key pattern (default ‘*’)
Return type:	`@aws-cdk/aws-iam.Grant`
Abstract:	Yes

grantWrite(identity[, objectsKeyPattern]) → @aws-cdk/aws-iam.Grant¶

Grant write permissions to this bucket to an IAM principal.

If encryption is used, permission to use the key to encrypt the contents

of written files will also be granted to the same principal.

Parameters:	identity (`@aws-cdk/aws-iam.IGrantable`) – The principal objectsKeyPattern (any (optional)) – Restrict the permission to a certain key pattern (default ‘*’)
Return type:	`@aws-cdk/aws-iam.Grant`
Abstract:	Yes

onPutObject(name[, target[, path]]) → @aws-cdk/aws-events.EventRule¶

Defines a CloudWatch Event Rule that triggers upon putting an object into the Bucket.

Parameters:	name (string) – the logical ID of the newly created Event Rule target (`@aws-cdk/aws-events.IEventRuleTarget` (optional)) – the optional target of the Event Rule path (string (optional)) – the optional path inside the Bucket that will be watched for changes
Returns:	a new {@link events.EventRule} instance
Return type:	`@aws-cdk/aws-events.EventRule`
Abstract:	Yes

urlForObject([key]) → string¶

The https URL of an S3 object. For example:

Parameters:	key (string (optional)) – The S3 key of the object. If not specified, the URL of the bucket is returned.
Returns:	an ObjectS3Url token
Return type:	string
Abstract:	Yes

node¶

Inherited from @aws-cdk/cdk.IConstruct

The construct node in the scope tree.

Type:	`@aws-cdk/cdk.ConstructNode` (readonly)

dependencyRoots¶

Inherited from @aws-cdk/cdk.IDependable

The set of constructs that form the root of this dependable

All resources under all returned constructs are included in the ordering

dependency.

Type:	`@aws-cdk/cdk.IConstruct`[] (readonly)

LifecycleRule (interface)¶

class @aws-cdk/aws-s3.LifecycleRule¶

Language-specific names:

using Amazon.CDK.AWS.S3;

import software.amazon.awscdk.services.s3.LifecycleRule;

// LifecycleRule is an interface

import { LifecycleRule } from '@aws-cdk/aws-s3';

Declaration of a Life cycle rule

abortIncompleteMultipartUploadAfterDays¶

Specifies a lifecycle rule that aborts incomplete multipart uploads to an Amazon S3 bucket.

The AbortIncompleteMultipartUpload property type creates a lifecycle

rule that aborts incomplete multipart uploads to an Amazon S3 bucket.

When Amazon S3 aborts a multipart upload, it deletes all parts

associated with the multipart upload.

Type:	number (optional) (readonly)
Default:	Incomplete uploads are never aborted

enabled¶

Whether this rule is enabled.

Type:	boolean (optional) (readonly)
Default:	true

expirationDate¶

Indicates when objects are deleted from Amazon S3 and Amazon Glacier.

The date value must be in ISO 8601 format. The time is always midnight UTC.

If you specify an expiration and transition time, you must use the same

time unit for both properties (either in days or by date). The

expiration time must also be later than the transition time.

Type:	date (optional) (readonly)
Default:	No expiration date

expirationInDays¶

Indicates the number of days after creation when objects are deleted from Amazon S3 and Amazon Glacier.

If you specify an expiration and transition time, you must use the same

time unit for both properties (either in days or by date). The

expiration time must also be later than the transition time.

Type:	number (optional) (readonly)
Default:	No expiration timeout

id¶

A unique identifier for this rule. The value cannot be more than 255 characters.

Type:	string (optional) (readonly)

noncurrentVersionExpirationInDays¶

Time between when a new version of the object is uploaded to the bucket and when old versions of the object expire.

For buckets with versioning enabled (or suspended), specifies the time,

in days, between when a new version of the object is uploaded to the

bucket and when old versions of the object expire. When object versions

expire, Amazon S3 permanently deletes them. If you specify a transition

and expiration time, the expiration time must be later than the

transition time.

Type:	number (optional) (readonly)
Default:	No noncurrent version expiration

noncurrentVersionTransitions¶

One or more transition rules that specify when non-current objects transition to a specified storage class.

Only for for buckets with versioning enabled (or suspended).

If you specify a transition and expiration time, the expiration time

must be later than the transition time.

Type:	`NoncurrentVersionTransition`[] (optional) (readonly)

prefix¶

Object key prefix that identifies one or more objects to which this rule applies.

Type:	string (optional) (readonly)
Default:	Rule applies to all objects

tagFilters¶

The TagFilter property type specifies tags to use to identify a subset of objects for an Amazon S3 bucket.

Type:	string => any (optional) (readonly)
Default:	Rule applies to all objects

transitions¶

One or more transition rules that specify when an object transitions to a specified storage class.

If you specify an expiration and transition time, you must use the same

time unit for both properties (either in days or by date). The

expiration time must also be later than the transition time.

Type:	`Transition`[] (optional) (readonly)
Default:	No transition rules

NoncurrentVersionTransition (interface)¶

class @aws-cdk/aws-s3.NoncurrentVersionTransition¶

Language-specific names:

using Amazon.CDK.AWS.S3;

import software.amazon.awscdk.services.s3.NoncurrentVersionTransition;

// NoncurrentVersionTransition is an interface

import { NoncurrentVersionTransition } from '@aws-cdk/aws-s3';

Describes when noncurrent versions transition to a specified storage class.

storageClass¶

The storage class to which you want the object to transition.

Type:	`StorageClass` (readonly)

transitionInDays¶

Indicates the number of days after creation when objects are transitioned to the specified storage class.

Type:	number (readonly)
Default:	No transition count.

NotificationKeyFilter (interface)¶

class @aws-cdk/aws-s3.NotificationKeyFilter¶

Language-specific names:

using Amazon.CDK.AWS.S3;

import software.amazon.awscdk.services.s3.NotificationKeyFilter;

// NotificationKeyFilter is an interface

import { NotificationKeyFilter } from '@aws-cdk/aws-s3';

prefix¶

S3 keys must have the specified prefix.

Type:	string (optional) (readonly)

suffix¶

S3 keys must have the specified suffix.

Type:	string (optional) (readonly)

StorageClass (enum)¶

class @aws-cdk/aws-s3.StorageClass¶

Language-specific names:

using Amazon.CDK.AWS.S3;

import software.amazon.awscdk.services.s3.StorageClass;

const { StorageClass } = require('@aws-cdk/aws-s3');

import { StorageClass } from '@aws-cdk/aws-s3';

Storage class to move an object to

InfrequentAccess¶

Storage class for data that is accessed less frequently, but requires rapid access when needed.

Has lower availability than Standard storage.

OneZoneInfrequentAccess¶

Infrequent Access that’s only stored in one availability zone.

Has lower availability than standard InfrequentAccess.

Glacier¶

Storage class for long-term archival that can take between minutes and hours to access.

Transition (interface)¶

class @aws-cdk/aws-s3.Transition¶

Language-specific names:

using Amazon.CDK.AWS.S3;

import software.amazon.awscdk.services.s3.Transition;

// Transition is an interface

import { Transition } from '@aws-cdk/aws-s3';

Describes when an object transitions to a specified storage class.

storageClass¶

The storage class to which you want the object to transition.

Type:	`StorageClass` (readonly)

transitionDate¶

Indicates when objects are transitioned to the specified storage class.

The date value must be in ISO 8601 format. The time is always midnight UTC.

Type:	date (optional) (readonly)
Default:	No transition date.

transitionInDays¶

Indicates the number of days after creation when objects are transitioned to the specified storage class.

Type:	number (optional) (readonly)
Default:	No transition count.

@aws-cdk/aws-s3¶

AWS S3 Construct Library¶

Encryption¶

Permissions¶

Sharing buckets between stacks¶

Importing existing buckets¶

Bucket Notifications¶

Block Public Access¶

Reference¶

BlockPublicAccess¶

BlockPublicAccessOptions (interface)¶

Bucket¶

BucketBase¶

BucketEncryption (enum)¶

BucketImportProps (interface)¶

BucketPolicy¶

BucketPolicyProps (interface)¶

BucketProps (interface)¶

CfnBucket¶

CfnBucketPolicy¶

CfnBucketPolicyProps (interface)¶

CfnBucketProps (interface)¶

EventType (enum)¶

IBucket (interface)¶

LifecycleRule (interface)¶

NoncurrentVersionTransition (interface)¶

NotificationKeyFilter (interface)¶

StorageClass (enum)¶

Transition (interface)¶