This documentation is for the developer preview release of the AWS CDK. Do not use this version of the AWS CDK in production. Subsequent releases of the AWS CDK will likely include breaking changes.

@aws-cdk/aws-s3

AWS S3 Construct Library

Define an unencrypted S3 bucket.

new Bucket(this, 'MyFirstBucket');

Bucket constructs expose the following deploy-time attributes:

  • bucketArn - the ARN of the bucket (i.e. arn:aws:s3:::bucket_name)
  • bucketName - the name of the bucket (i.e. bucket_name)
  • bucketUrl - the URL of the bucket (i.e. https://s3.us-west-1.amazonaws.com/onlybucket)
  • arnForObjects(...pattern) - the ARN of an object or objects within the bucket (i.e. arn:aws:s3:::my_corporate_bucket/exampleobject.png or arn:aws:s3:::my_corporate_bucket/Development/*)
  • urlForObject(key) - the URL of an object within the bucket (i.e. https://s3.cn-north-1.amazonaws.com.cn/china-bucket/mykey)

Encryption

Define a KMS-encrypted bucket:

const bucket = new Bucket(this, 'MyUnencryptedBucket', {
    encryption: BucketEncryption.Kms
});

// you can access the encryption key:
assert(bucket.encryptionKey instanceof kms.EncryptionKey);

You can also supply your own key:

const myKmsKey = new kms.EncryptionKey(this, 'MyKey');

const bucket = new Bucket(this, 'MyEncryptedBucket', {
    encryption: BucketEncryption.Kms,
    encryptionKey: myKmsKey
});

assert(bucket.encryptionKey === myKmsKey);

Use BucketEncryption.ManagedKms to use the S3 master KMS key:

const bucket = new Bucket(this, 'Buck', {
    encryption: BucketEncryption.ManagedKms
});

assert(bucket.encryptionKey == null);

Permissions

A bucket policy will be automatically created for the bucket upon the first call to addToResourcePolicy(statement):

const bucket = new Bucket(this, 'MyBucket');
bucket.addToResourcePolicy(new iam.PolicyStatement()
  .addActions('s3:GetObject')
  .addResources(bucket.arnForObjects('file.txt'))
  .addAccountRootPrincipal());

Most of the time, you won’t have to manipulate the bucket policy directly. Instead, buckets have “grant” methods called to give prepackaged sets of permissions to other resources. For example:

const lambda = new lambda.Function(this, 'Lambda', { /* ... */ });

const bucket = new Bucket(this, 'MyBucket');
bucket.grantReadWrite(lambda.role);

Will give the Lambda’s execution role permissions to read and write from the bucket.

Sharing buckets between stacks

To use a bucket in a different stack in the same CDK application, pass the object to the other stack:

/**
 * Stack that defines the bucket
 */
class Producer extends cdk.Stack {
    public readonly myBucket: s3.Bucket;

    constructor(scope: cdk.App, id: string, props?: cdk.StackProps) {
        super(scope, id, props);

        const bucket = new s3.Bucket(this, 'MyBucket', {
          removalPolicy: cdk.RemovalPolicy.Destroy
        });
        this.myBucket = bucket;
    }
}

interface ConsumerProps extends cdk.StackProps {
    userBucket: s3.IBucket;
}

/**
 * Stack that consumes the bucket
 */
class Consumer extends cdk.Stack {
    constructor(scope: cdk.App, id: string, props: ConsumerProps) {
        super(scope, id, props);

        const user = new iam.User(this, 'MyUser');
        props.userBucket.grantReadWrite(user);
    }
}

const producer = new Producer(app, 'ProducerStack');
new Consumer(app, 'ConsumerStack', { userBucket: producer.myBucket });

Importing existing buckets

To import an existing bucket into your CDK application, use the Bucket.import factory method. This method accepts a BucketImportProps which describes the properties of the already existing bucket:

const bucket = Bucket.import(this, {
    bucketArn: 'arn:aws:s3:::my-bucket'
});

// now you can just call methods on the bucket
bucket.grantReadWrite(user);

Bucket Notifications

The Amazon S3 notification feature enables you to receive notifications when certain events happen in your bucket as described under S3 Bucket Notifications of the S3 Developer Guide.

To subscribe for bucket notifications, use the bucket.onEvent method. The bucket.onObjectCreated and bucket.onObjectRemoved can also be used for these common use cases.

The following example will subscribe an SNS topic to be notified of all `s3:ObjectCreated:* events:

const myTopic = new sns.Topic(this, 'MyTopic');
bucket.onEvent(s3.EventType.ObjectCreated, myTopic);

This call will also ensure that the topic policy can accept notifications for this specific bucket.

The following destinations are currently supported:

  • sns.Topic
  • sqs.Queue
  • lambda.Function

It is also possible to specify S3 object key filters when subscribing. The following example will notify myQueue when objects prefixed with foo/ and have the .jpg suffix are removed from the bucket.

bucket.onEvent(s3.EventType.ObjectRemoved, myQueue, { prefix: 'foo/', suffix: '.jpg' });

Block Public Access

Use blockPublicAccess to specify block public access settings on the bucket.

Enable all block public access settings:

const bucket = new Bucket(this, 'MyBlockedBucket', {
    blockPublicAccess: BlockPublicAccess.BlockAll
});

Block and ignore public ACLs:

const bucket = new Bucket(this, 'MyBlockedBucket', {
    blockPublicAccess: BlockPublicAccess.BlockAcls
});

Alternatively, specify the settings manually:

const bucket = new Bucket(this, 'MyBlockedBucket', {
    blockPublicAccess: new BlockPublicAccess({ blockPublicPolicy: true })
});

When blockPublicPolicy is set to true, grantPublicRead() throws an error.

Reference

View in Nuget

csproj:

<PackageReference Include="Amazon.CDK.AWS.S3" Version="0.28.0" />

dotnet:

dotnet add package Amazon.CDK.AWS.S3 --version 0.28.0

packages.config:

<package id="Amazon.CDK.AWS.S3" version="0.28.0" />

View in Maven Central

Apache Buildr:

'software.amazon.awscdk:s3:jar:0.28.0'

Apache Ivy:

<dependency groupId="software.amazon.awscdk" name="s3" rev="0.28.0"/>

Apache Maven:

<dependency>
  <groupId>software.amazon.awscdk</groupId>
  <artifactId>s3</artifactId>
  <version>0.28.0</version>
</dependency>

Gradle / Grails:

compile 'software.amazon.awscdk:s3:0.28.0'

Groovy Grape:

@Grapes(
@Grab(group='software.amazon.awscdk', module='s3', version='0.28.0')
)

View in NPM

npm:

$ npm i @aws-cdk/aws-s3@0.28.0

package.json:

{
  "@aws-cdk/aws-s3": "^0.28.0"
}

yarn:

$ yarn add @aws-cdk/aws-s3@0.28.0

View in NPM

npm:

$ npm i @aws-cdk/aws-s3@0.28.0

package.json:

{
  "@aws-cdk/aws-s3": "^0.28.0"
}

yarn:

$ yarn add @aws-cdk/aws-s3@0.28.0

BlockPublicAccess

class @aws-cdk/aws-s3.BlockPublicAccess(options)

Language-specific names:

using Amazon.CDK.AWS.S3;
import software.amazon.awscdk.services.s3.BlockPublicAccess;
const { BlockPublicAccess } = require('@aws-cdk/aws-s3');
import { BlockPublicAccess } from '@aws-cdk/aws-s3';
Parameters:options (BlockPublicAccessOptions) –
BlockAcls
Type:BlockPublicAccess (readonly) (static)
BlockAll
Type:BlockPublicAccess (readonly) (static)
blockPublicAcls
Type:boolean (optional)
blockPublicPolicy
Type:boolean (optional)
ignorePublicAcls
Type:boolean (optional)
restrictPublicBuckets
Type:boolean (optional)

BlockPublicAccessOptions (interface)

class @aws-cdk/aws-s3.BlockPublicAccessOptions

Language-specific names:

using Amazon.CDK.AWS.S3;
import software.amazon.awscdk.services.s3.BlockPublicAccessOptions;
// BlockPublicAccessOptions is an interface
import { BlockPublicAccessOptions } from '@aws-cdk/aws-s3';
blockPublicAcls

Whether to block public ACLs

Type:boolean (optional) (readonly)
blockPublicPolicy

Whether to block public policy

Type:boolean (optional) (readonly)
ignorePublicAcls

Whether to ignore public ACLs

Type:boolean (optional) (readonly)
restrictPublicBuckets

Whether to restrict public access

Type:boolean (optional) (readonly)

Bucket

class @aws-cdk/aws-s3.Bucket(scope, id[, props])

Language-specific names:

using Amazon.CDK.AWS.S3;
import software.amazon.awscdk.services.s3.Bucket;
const { Bucket } = require('@aws-cdk/aws-s3');
import { Bucket } from '@aws-cdk/aws-s3';

An S3 bucket with associated policy objects

This bucket does not yet have all features that exposed by the underlying

BucketResource.

Extends:

BucketBase

Parameters:
static import(scope, id, props) → @aws-cdk/aws-s3.IBucket

Creates a Bucket construct that represents an external bucket.

Parameters:
  • scope (@aws-cdk/cdk.Construct) –
  • id (string) – The construct’s name.
  • props (BucketImportProps) – A BucketAttributes object. Can be obtained from a call to bucket.export() or manually created.
Return type:

IBucket

addLifecycleRule(rule)

Add a lifecycle rule to the bucket

Parameters:rule (LifecycleRule) – The rule to add
export() → @aws-cdk/aws-s3.BucketImportProps

Implements @aws-cdk/aws-s3.BucketBase.export()

Exports this bucket from the stack.

Return type:BucketImportProps
onEvent(event, dest, *filters)

Adds a bucket notification event destination.

Parameters:
  • event (EventType) – The event to trigger the notification
  • dest (@aws-cdk/aws-s3-notifications.IBucketNotificationDestination) – The notification destination (Lambda, SNS Topic or SQS Queue)
  • *filters (NotificationKeyFilter) – S3 object key filter rules to determine which objects trigger this event. Each filter must include a prefix and/or suffix that will be matched against the s3 object key. Refer to the S3 Developer Guide for details about allowed filter rules.
onObjectCreated(dest, *filters)

Subscribes a destination to receive notificatins when an object is

created in the bucket. This is identical to calling

onEvent(EventType.ObjectCreated).

Parameters:
onObjectRemoved(dest, *filters)

Subscribes a destination to receive notificatins when an object is

removed from the bucket. This is identical to calling

onEvent(EventType.ObjectRemoved).

Parameters:
bucketArn

Implements @aws-cdk/aws-s3.BucketBase.bucketArn()

The ARN of the bucket.

Type:string (readonly)
bucketName

Implements @aws-cdk/aws-s3.BucketBase.bucketName()

The name of the bucket.

Type:string (readonly)
bucketWebsiteUrl
Type:string (readonly)
domainName

Implements @aws-cdk/aws-s3.BucketBase.domainName()

The domain of the bucket.

Type:string (readonly)
dualstackDomainName
Type:string (readonly)
encryptionKey

Implements @aws-cdk/aws-s3.BucketBase.encryptionKey()

Optional KMS encryption key associated with this bucket.

Type:@aws-cdk/aws-kms.IEncryptionKey (optional) (readonly)
autoCreatePolicy

Implements @aws-cdk/aws-s3.BucketBase.autoCreatePolicy()

Indicates if a bucket resource policy should automatically created upon

the first call to addToResourcePolicy.

Protected property

Type:boolean
disallowPublicAccess

Implements @aws-cdk/aws-s3.BucketBase.disallowPublicAccess()

Whether to disallow public access

Protected property

Type:boolean (optional)
policy

Implements @aws-cdk/aws-s3.BucketBase.policy()

The resource policy assoicated with this bucket.

If autoCreatePolicy is true, a BucketPolicy will be created upon the

first call to addToResourcePolicy(s).

Type:BucketPolicy (optional)
addToResourcePolicy(permission)

Inherited from @aws-cdk/aws-s3.BucketBase

Adds a statement to the resource policy for a principal (i.e.

account/role/service) to perform actions on this bucket and/or it’s

contents. Use bucketArn and arnForObjects(keys) to obtain ARNs for

this bucket or objects.

Parameters:permission (@aws-cdk/aws-iam.PolicyStatement) –
arnForObjects(*keyPattern) → string

Inherited from @aws-cdk/aws-s3.BucketBase

Returns an ARN that represents all objects within the bucket that match

the key pattern specified. To represent all keys, specify "*".

If you specify multiple components for keyPattern, they will be concatenated:

arnForObjects('home/', team, '/', user, '/*')
Parameters:*keyPattern (string) –
Return type:string
grantDelete(identity[, objectsKeyPattern]) → @aws-cdk/aws-iam.Grant

Inherited from @aws-cdk/aws-s3.BucketBase

Grants s3:DeleteObject* permission to an IAM pricipal for objects

in this bucket.

Parameters:
  • identity (@aws-cdk/aws-iam.IGrantable) – The principal
  • objectsKeyPattern (any (optional)) – Restrict the permission to a certain key pattern (default ‘*’)
Return type:

@aws-cdk/aws-iam.Grant

grantPublicAccess(keyPrefix, *allowedActions) → @aws-cdk/aws-iam.Grant

Inherited from @aws-cdk/aws-s3.BucketBase

Allows unrestricted access to objects from this bucket.

IMPORTANT: This permission allows anyone to perform actions on S3 objects

in this bucket, which is useful for when you configure your bucket as a

website and want everyone to be able to read objects in the bucket without

needing to authenticate.

Without arguments, this method will grant read (“s3:GetObject”) access to

all objects (“*”) in the bucket.

The method returns the iam.PolicyStatement object, which can then be modified

as needed. For example, you can add a condition that will restrict access only

to an IPv4 range like this:

const statement = bucket.grantPublicAccess();

statement.addCondition(‘IpAddress’, { “aws:SourceIp”: “54.240.143.0/24” });

Parameters:
  • keyPrefix (string (optional)) – the prefix of S3 object keys (e.g. home/*). Default is “*”.
  • *allowedActions (string) – the set of S3 actions to allow. Default is “s3:GetObject”.
Return type:

@aws-cdk/aws-iam.Grant

grantPut(identity[, objectsKeyPattern]) → @aws-cdk/aws-iam.Grant

Inherited from @aws-cdk/aws-s3.BucketBase

Grants s3:PutObject* and s3:Abort* permissions for this bucket to an IAM principal.

If encryption is used, permission to use the key to encrypt the contents

of written files will also be granted to the same principal.

Parameters:
  • identity (@aws-cdk/aws-iam.IGrantable) – The principal
  • objectsKeyPattern (any (optional)) – Restrict the permission to a certain key pattern (default ‘*’)
Return type:

@aws-cdk/aws-iam.Grant

grantRead(identity[, objectsKeyPattern]) → @aws-cdk/aws-iam.Grant

Inherited from @aws-cdk/aws-s3.BucketBase

Grant read permissions for this bucket and it’s contents to an IAM

principal (Role/Group/User).

If encryption is used, permission to use the key to decrypt the contents

of the bucket will also be granted to the same principal.

Parameters:
  • identity (@aws-cdk/aws-iam.IGrantable) – The principal
  • objectsKeyPattern (any (optional)) – Restrict the permission to a certain key pattern (default ‘*’)
Return type:

@aws-cdk/aws-iam.Grant

grantReadWrite(identity[, objectsKeyPattern]) → @aws-cdk/aws-iam.Grant

Inherited from @aws-cdk/aws-s3.BucketBase

Grants read/write permissions for this bucket and it’s contents to an IAM

principal (Role/Group/User).

If an encryption key is used, permission to use the key for

encrypt/decrypt will also be granted.

Parameters:
  • identity (@aws-cdk/aws-iam.IGrantable) – The principal
  • objectsKeyPattern (any (optional)) – Restrict the permission to a certain key pattern (default ‘*’)
Return type:

@aws-cdk/aws-iam.Grant

grantWrite(identity[, objectsKeyPattern]) → @aws-cdk/aws-iam.Grant

Inherited from @aws-cdk/aws-s3.BucketBase

Grant write permissions to this bucket to an IAM principal.

If encryption is used, permission to use the key to encrypt the contents

of written files will also be granted to the same principal.

Parameters:
  • identity (@aws-cdk/aws-iam.IGrantable) – The principal
  • objectsKeyPattern (any (optional)) – Restrict the permission to a certain key pattern (default ‘*’)
Return type:

@aws-cdk/aws-iam.Grant

onPutObject(name[, target[, path]]) → @aws-cdk/aws-events.EventRule

Inherited from @aws-cdk/aws-s3.BucketBase

Defines a CloudWatch Event Rule that triggers upon putting an object into the Bucket.

Parameters:
Return type:

@aws-cdk/aws-events.EventRule

urlForObject([key]) → string

Inherited from @aws-cdk/aws-s3.BucketBase

The https URL of an S3 object. For example:

Parameters:key (string (optional)) – The S3 key of the object. If not specified, the URL of the bucket is returned.
Returns:an ObjectS3Url token
Return type:string
bucketUrl

Inherited from @aws-cdk/aws-s3.BucketBase

The https:// URL of this bucket.

Type:string (readonly)
prepare()

Inherited from @aws-cdk/cdk.Construct

Perform final modifications before synthesis

This method can be implemented by derived constructs in order to perform

final changes before synthesis. prepare() will be called after child

constructs have been prepared.

This is an advanced framework feature. Only use this if you

understand the implications.

Protected method

toString() → string

Inherited from @aws-cdk/cdk.Construct

Returns a string representation of this construct.

Return type:string
validate() → string[]

Inherited from @aws-cdk/cdk.Construct

Validate the current construct.

This method can be implemented by derived constructs in order to perform

validation logic. It is called on all constructs before synthesis.

Protected method

Returns:An array of validation error messages, or an empty array if there the construct is valid.
Return type:string[]
dependencyRoots

Inherited from @aws-cdk/cdk.Construct

The set of constructs that form the root of this dependable

All resources under all returned constructs are included in the ordering

dependency.

Type:@aws-cdk/cdk.IConstruct[] (readonly)
node

Inherited from @aws-cdk/cdk.Construct

Construct node.

Type:@aws-cdk/cdk.ConstructNode (readonly)

BucketBase

class @aws-cdk/aws-s3.BucketBase(scope, id)

Language-specific names:

using Amazon.CDK.AWS.S3;
import software.amazon.awscdk.services.s3.BucketBase;
const { BucketBase } = require('@aws-cdk/aws-s3');
import { BucketBase } from '@aws-cdk/aws-s3';

Represents an S3 Bucket.

Buckets can be either defined within this stack:

new Bucket(this, ‘MyBucket’, { props });

Or imported from an existing bucket:

Bucket.import(this, ‘MyImportedBucket’, { bucketArn: … });

You can also export a bucket and import it into another stack:

const ref = myBucket.export();

Bucket.import(this, ‘MyImportedBucket’, ref);

Extends:

@aws-cdk/cdk.Construct

Implements:

IBucket

Abstract:

Yes

Parameters:
  • scope (@aws-cdk/cdk.Construct) – The scope in which to define this construct
  • id (string) – The scoped construct ID. Must be unique amongst siblings. If the ID includes a path separator (/), then it will be replaced by double dash .
addToResourcePolicy(permission)

Implements @aws-cdk/aws-s3.IBucket.addToResourcePolicy()

Adds a statement to the resource policy for a principal (i.e.

account/role/service) to perform actions on this bucket and/or it’s

contents. Use bucketArn and arnForObjects(keys) to obtain ARNs for

this bucket or objects.

Parameters:permission (@aws-cdk/aws-iam.PolicyStatement) –
arnForObjects(*keyPattern) → string

Implements @aws-cdk/aws-s3.IBucket.arnForObjects()

Returns an ARN that represents all objects within the bucket that match

the key pattern specified. To represent all keys, specify "*".

If you specify multiple components for keyPattern, they will be concatenated:

arnForObjects('home/', team, '/', user, '/*')
Parameters:*keyPattern (string) –
Return type:string
export() → @aws-cdk/aws-s3.BucketImportProps

Implements @aws-cdk/aws-s3.IBucket.export()

Exports this bucket from the stack.

Return type:BucketImportProps
Abstract:Yes
grantDelete(identity[, objectsKeyPattern]) → @aws-cdk/aws-iam.Grant

Implements @aws-cdk/aws-s3.IBucket.grantDelete()

Grants s3:DeleteObject* permission to an IAM pricipal for objects

in this bucket.

Parameters:
  • identity (@aws-cdk/aws-iam.IGrantable) – The principal
  • objectsKeyPattern (any (optional)) – Restrict the permission to a certain key pattern (default ‘*’)
Return type:

@aws-cdk/aws-iam.Grant

grantPublicAccess(keyPrefix, *allowedActions) → @aws-cdk/aws-iam.Grant

Implements @aws-cdk/aws-s3.IBucket.grantPublicAccess()

Allows unrestricted access to objects from this bucket.

IMPORTANT: This permission allows anyone to perform actions on S3 objects

in this bucket, which is useful for when you configure your bucket as a

website and want everyone to be able to read objects in the bucket without

needing to authenticate.

Without arguments, this method will grant read (“s3:GetObject”) access to

all objects (“*”) in the bucket.

The method returns the iam.PolicyStatement object, which can then be modified

as needed. For example, you can add a condition that will restrict access only

to an IPv4 range like this:

const statement = bucket.grantPublicAccess();

statement.addCondition(‘IpAddress’, { “aws:SourceIp”: “54.240.143.0/24” });

Parameters:
  • keyPrefix (string (optional)) – the prefix of S3 object keys (e.g. home/*). Default is “*”.
  • *allowedActions (string) – the set of S3 actions to allow. Default is “s3:GetObject”.
Return type:

@aws-cdk/aws-iam.Grant

grantPut(identity[, objectsKeyPattern]) → @aws-cdk/aws-iam.Grant

Implements @aws-cdk/aws-s3.IBucket.grantPut()

Grants s3:PutObject* and s3:Abort* permissions for this bucket to an IAM principal.

If encryption is used, permission to use the key to encrypt the contents

of written files will also be granted to the same principal.

Parameters:
  • identity (@aws-cdk/aws-iam.IGrantable) – The principal
  • objectsKeyPattern (any (optional)) – Restrict the permission to a certain key pattern (default ‘*’)
Return type:

@aws-cdk/aws-iam.Grant

grantRead(identity[, objectsKeyPattern]) → @aws-cdk/aws-iam.Grant

Implements @aws-cdk/aws-s3.IBucket.grantRead()

Grant read permissions for this bucket and it’s contents to an IAM

principal (Role/Group/User).

If encryption is used, permission to use the key to decrypt the contents

of the bucket will also be granted to the same principal.

Parameters:
  • identity (@aws-cdk/aws-iam.IGrantable) – The principal
  • objectsKeyPattern (any (optional)) – Restrict the permission to a certain key pattern (default ‘*’)
Return type:

@aws-cdk/aws-iam.Grant

grantReadWrite(identity[, objectsKeyPattern]) → @aws-cdk/aws-iam.Grant

Implements @aws-cdk/aws-s3.IBucket.grantReadWrite()

Grants read/write permissions for this bucket and it’s contents to an IAM

principal (Role/Group/User).

If an encryption key is used, permission to use the key for

encrypt/decrypt will also be granted.

Parameters:
  • identity (@aws-cdk/aws-iam.IGrantable) – The principal
  • objectsKeyPattern (any (optional)) – Restrict the permission to a certain key pattern (default ‘*’)
Return type:

@aws-cdk/aws-iam.Grant

grantWrite(identity[, objectsKeyPattern]) → @aws-cdk/aws-iam.Grant

Implements @aws-cdk/aws-s3.IBucket.grantWrite()

Grant write permissions to this bucket to an IAM principal.

If encryption is used, permission to use the key to encrypt the contents

of written files will also be granted to the same principal.

Parameters:
  • identity (@aws-cdk/aws-iam.IGrantable) – The principal
  • objectsKeyPattern (any (optional)) – Restrict the permission to a certain key pattern (default ‘*’)
Return type:

@aws-cdk/aws-iam.Grant

onPutObject(name[, target[, path]]) → @aws-cdk/aws-events.EventRule

Implements @aws-cdk/aws-s3.IBucket.onPutObject()

Defines a CloudWatch Event Rule that triggers upon putting an object into the Bucket.

Parameters:
Return type:

@aws-cdk/aws-events.EventRule

urlForObject([key]) → string

Implements @aws-cdk/aws-s3.IBucket.urlForObject()

The https URL of an S3 object. For example:

Parameters:key (string (optional)) – The S3 key of the object. If not specified, the URL of the bucket is returned.
Returns:an ObjectS3Url token
Return type:string
bucketArn

Implements @aws-cdk/aws-s3.IBucket.bucketArn()

The ARN of the bucket.

Type:string (readonly) (abstract)
bucketName

Implements @aws-cdk/aws-s3.IBucket.bucketName()

The name of the bucket.

Type:string (readonly) (abstract)
bucketUrl

Implements @aws-cdk/aws-s3.IBucket.bucketUrl()

The https:// URL of this bucket.

Type:string (readonly)
domainName

Implements @aws-cdk/aws-s3.IBucket.domainName()

The domain of the bucket.

Type:string (readonly) (abstract)
encryptionKey

Implements @aws-cdk/aws-s3.IBucket.encryptionKey()

Optional KMS encryption key associated with this bucket.

Type:@aws-cdk/aws-kms.IEncryptionKey (optional) (readonly) (abstract)
autoCreatePolicy

Indicates if a bucket resource policy should automatically created upon

the first call to addToResourcePolicy.

Protected property

Type:boolean (abstract)
disallowPublicAccess

Whether to disallow public access

Protected property

Type:boolean (optional) (abstract)
policy

Implements @aws-cdk/aws-s3.IBucket.policy()

The resource policy assoicated with this bucket.

If autoCreatePolicy is true, a BucketPolicy will be created upon the

first call to addToResourcePolicy(s).

Type:BucketPolicy (optional) (abstract)
prepare()

Inherited from @aws-cdk/cdk.Construct

Perform final modifications before synthesis

This method can be implemented by derived constructs in order to perform

final changes before synthesis. prepare() will be called after child

constructs have been prepared.

This is an advanced framework feature. Only use this if you

understand the implications.

Protected method

toString() → string

Inherited from @aws-cdk/cdk.Construct

Returns a string representation of this construct.

Return type:string
validate() → string[]

Inherited from @aws-cdk/cdk.Construct

Validate the current construct.

This method can be implemented by derived constructs in order to perform

validation logic. It is called on all constructs before synthesis.

Protected method

Returns:An array of validation error messages, or an empty array if there the construct is valid.
Return type:string[]
dependencyRoots

Inherited from @aws-cdk/cdk.Construct

The set of constructs that form the root of this dependable

All resources under all returned constructs are included in the ordering

dependency.

Type:@aws-cdk/cdk.IConstruct[] (readonly)
node

Inherited from @aws-cdk/cdk.Construct

Construct node.

Type:@aws-cdk/cdk.ConstructNode (readonly)

BucketEncryption (enum)

class @aws-cdk/aws-s3.BucketEncryption

Language-specific names:

using Amazon.CDK.AWS.S3;
import software.amazon.awscdk.services.s3.BucketEncryption;
const { BucketEncryption } = require('@aws-cdk/aws-s3');
import { BucketEncryption } from '@aws-cdk/aws-s3';

What kind of server-side encryption to apply to this bucket

Unencrypted

Objects in the bucket are not encrypted.

KmsManaged

Server-side KMS encryption with a master key managed by KMS.

S3Managed

Server-side encryption with a master key managed by S3.

Kms

Server-side encryption with a KMS key managed by the user.

If encryptionKey is specified, this key will be used, otherwise, one will be defined.

BucketImportProps (interface)

class @aws-cdk/aws-s3.BucketImportProps

Language-specific names:

using Amazon.CDK.AWS.S3;
import software.amazon.awscdk.services.s3.BucketImportProps;
// BucketImportProps is an interface
import { BucketImportProps } from '@aws-cdk/aws-s3';

A reference to a bucket. The easiest way to instantiate is to call

bucket.export(). Then, the consumer can use Bucket.import(this, ref) and

get a Bucket.

bucketArn

The ARN of the bucket. At least one of bucketArn or bucketName must be

defined in order to initialize a bucket ref.

Type:string (optional) (readonly)
bucketDomainName

The domain name of the bucket.

Type:string (optional) (readonly)
Default:Inferred from bucket name
bucketName

The name of the bucket. If the underlying value of ARN is a string, the

name will be parsed from the ARN. Otherwise, the name is optional, but

some features that require the bucket name such as auto-creating a bucket

policy, won’t work.

Type:string (optional) (readonly)
bucketWebsiteNewUrlFormat

The format of the website URL of the bucket. This should be true for

regions launched since 2014.

Type:boolean (optional) (readonly)
Default:false
bucketWebsiteUrl

The website URL of the bucket (if static web hosting is enabled).

Type:string (optional) (readonly)
Default:Inferred from bucket name

BucketPolicy

class @aws-cdk/aws-s3.BucketPolicy(scope, id, props)

Language-specific names:

using Amazon.CDK.AWS.S3;
import software.amazon.awscdk.services.s3.BucketPolicy;
const { BucketPolicy } = require('@aws-cdk/aws-s3');
import { BucketPolicy } from '@aws-cdk/aws-s3';

Applies an Amazon S3 bucket policy to an Amazon S3 bucket.

Extends:

@aws-cdk/cdk.Construct

Parameters:
document

A policy document containing permissions to add to the specified bucket.

For more information, see Access Policy Language Overview in the Amazon

Simple Storage Service Developer Guide.

Type:@aws-cdk/aws-iam.PolicyDocument (readonly)
prepare()

Inherited from @aws-cdk/cdk.Construct

Perform final modifications before synthesis

This method can be implemented by derived constructs in order to perform

final changes before synthesis. prepare() will be called after child

constructs have been prepared.

This is an advanced framework feature. Only use this if you

understand the implications.

Protected method

toString() → string

Inherited from @aws-cdk/cdk.Construct

Returns a string representation of this construct.

Return type:string
validate() → string[]

Inherited from @aws-cdk/cdk.Construct

Validate the current construct.

This method can be implemented by derived constructs in order to perform

validation logic. It is called on all constructs before synthesis.

Protected method

Returns:An array of validation error messages, or an empty array if there the construct is valid.
Return type:string[]
dependencyRoots

Inherited from @aws-cdk/cdk.Construct

The set of constructs that form the root of this dependable

All resources under all returned constructs are included in the ordering

dependency.

Type:@aws-cdk/cdk.IConstruct[] (readonly)
node

Inherited from @aws-cdk/cdk.Construct

Construct node.

Type:@aws-cdk/cdk.ConstructNode (readonly)

BucketPolicyProps (interface)

class @aws-cdk/aws-s3.BucketPolicyProps

Language-specific names:

using Amazon.CDK.AWS.S3;
import software.amazon.awscdk.services.s3.BucketPolicyProps;
// BucketPolicyProps is an interface
import { BucketPolicyProps } from '@aws-cdk/aws-s3';
bucket

The Amazon S3 bucket that the policy applies to.

Type:IBucket (readonly)

BucketProps (interface)

class @aws-cdk/aws-s3.BucketProps

Language-specific names:

using Amazon.CDK.AWS.S3;
import software.amazon.awscdk.services.s3.BucketProps;
// BucketProps is an interface
import { BucketProps } from '@aws-cdk/aws-s3';
blockPublicAccess

The block public access configuration of this bucket.

Type:BlockPublicAccess (optional) (readonly)
bucketName

Physical name of this bucket.

Type:string (optional) (readonly)
Default:Assigned by CloudFormation (recommended)
encryption

The kind of server-side encryption to apply to this bucket.

If you choose KMS, you can specify a KMS key via encryptionKey. If

encryption key is not specified, a key will automatically be created.

Type:BucketEncryption (optional) (readonly)
Default:Unencrypted
encryptionKey

External KMS key to use for bucket encryption.

The ‘encryption’ property must be either not specified or set to “Kms”.

An error will be emitted if encryption is set to “Unencrypted” or

“Managed”.

Type:@aws-cdk/aws-kms.IEncryptionKey (optional) (readonly)
Default:If encryption is set to “Kms” and this property is undefined, a

new KMS key will be created and associated with this bucket.

@aws-cdk/aws-s3.lifecycleRules

Rules that define how Amazon S3 manages objects during their lifetime.

Type:LifecycleRule[] (optional) (readonly)
Default:No lifecycle rules
@aws-cdk/aws-s3.publicReadAccess

Grants public read access to all objects in the bucket.

Similar to calling bucket.grantPublicAccess()

Type:boolean (optional) (readonly)
@aws-cdk/aws-s3.removalPolicy

Policy to apply when the bucket is removed from this stack.

Type:@aws-cdk/cdk.RemovalPolicy (optional) (readonly)
Default:The bucket will be orphaned
@aws-cdk/aws-s3.versioned

Whether this bucket should have versioning turned on or not.

Type:boolean (optional) (readonly)
Default:false
@aws-cdk/aws-s3.websiteErrorDocument

The name of the error document (e.g. “404.html”) for the website.

websiteIndexDocument must also be set if this is set.

Type:string (optional) (readonly)
@aws-cdk/aws-s3.websiteIndexDocument

The name of the index document (e.g. “index.html”) for the website. Enables static website

hosting for this bucket.

Type:string (optional) (readonly)

CfnBucket

class @aws-cdk/aws-s3.CfnBucket(scope, id[, props])

Language-specific names:

using Amazon.CDK.AWS.S3;
import software.amazon.awscdk.services.s3.CfnBucket;
const { CfnBucket } = require('@aws-cdk/aws-s3');
import { CfnBucket } from '@aws-cdk/aws-s3';

A CloudFormation AWS::S3::Bucket

Extends:

@aws-cdk/cdk.CfnResource

Parameters:
renderProperties(properties) → string => any

Overrides @aws-cdk/cdk.CfnResource.renderProperties()

Protected method

Parameters:properties (any) –
Return type:string => any
resourceTypeName

The CloudFormation resource type name for this resource class.

Type:string (readonly) (static)
bucketArn
Type:string (readonly)
bucketDomainName
Type:string (readonly)
bucketDualStackDomainName
Type:string (readonly)
bucketName
Type:string (readonly)
bucketRegionalDomainName
Type:string (readonly)
bucketWebsiteUrl
Type:string (readonly)
propertyOverrides
Type:CfnBucketProps (readonly)
tags

The TagManager handles setting, removing and formatting tags

Tags should be managed either passing them as properties during

initiation or by calling methods on this object. If both techniques are

used only the tags from the TagManager will be used. Tag (aspect)

will use the manager.

Type:@aws-cdk/cdk.TagManager (readonly)
class AbortIncompleteMultipartUploadProperty

Language-specific names:

using Amazon.CDK.AWS.S3;
import software.amazon.awscdk.services.s3.CfnBucket.AbortIncompleteMultipartUploadProperty;
// CfnBucket.AbortIncompleteMultipartUploadProperty is an interface
import { CfnBucket.AbortIncompleteMultipartUploadProperty } from '@aws-cdk/aws-s3';
daysAfterInitiation

CfnBucket.AbortIncompleteMultipartUploadProperty.DaysAfterInitiation

Type:number or @aws-cdk/cdk.Token (readonly)
class AccelerateConfigurationProperty

Language-specific names:

using Amazon.CDK.AWS.S3;
import software.amazon.awscdk.services.s3.CfnBucket.AccelerateConfigurationProperty;
// CfnBucket.AccelerateConfigurationProperty is an interface
import { CfnBucket.AccelerateConfigurationProperty } from '@aws-cdk/aws-s3';
accelerationStatus

CfnBucket.AccelerateConfigurationProperty.AccelerationStatus

Type:string (readonly)
class AccessControlTranslationProperty

Language-specific names:

using Amazon.CDK.AWS.S3;
import software.amazon.awscdk.services.s3.CfnBucket.AccessControlTranslationProperty;
// CfnBucket.AccessControlTranslationProperty is an interface
import { CfnBucket.AccessControlTranslationProperty } from '@aws-cdk/aws-s3';
owner

CfnBucket.AccessControlTranslationProperty.Owner

Type:string (readonly)
class AnalyticsConfigurationProperty

Language-specific names:

using Amazon.CDK.AWS.S3;
import software.amazon.awscdk.services.s3.CfnBucket.AnalyticsConfigurationProperty;
// CfnBucket.AnalyticsConfigurationProperty is an interface
import { CfnBucket.AnalyticsConfigurationProperty } from '@aws-cdk/aws-s3';
id

CfnBucket.AnalyticsConfigurationProperty.Id

Type:string (readonly)
storageClassAnalysis

CfnBucket.AnalyticsConfigurationProperty.StorageClassAnalysis

Type:@aws-cdk/cdk.Token or StorageClassAnalysisProperty (readonly)
prefix

CfnBucket.AnalyticsConfigurationProperty.Prefix

Type:string (optional) (readonly)
tagFilters

CfnBucket.AnalyticsConfigurationProperty.TagFilters

Type:@aws-cdk/cdk.Token or (@aws-cdk/cdk.Token or TagFilterProperty)[] (optional) (readonly)
class BucketEncryptionProperty

Language-specific names:

using Amazon.CDK.AWS.S3;
import software.amazon.awscdk.services.s3.CfnBucket.BucketEncryptionProperty;
// CfnBucket.BucketEncryptionProperty is an interface
import { CfnBucket.BucketEncryptionProperty } from '@aws-cdk/aws-s3';
serverSideEncryptionConfiguration

CfnBucket.BucketEncryptionProperty.ServerSideEncryptionConfiguration

Type:@aws-cdk/cdk.Token or (@aws-cdk/cdk.Token or ServerSideEncryptionRuleProperty)[] (readonly)
class CorsConfigurationProperty

Language-specific names:

using Amazon.CDK.AWS.S3;
import software.amazon.awscdk.services.s3.CfnBucket.CorsConfigurationProperty;
// CfnBucket.CorsConfigurationProperty is an interface
import { CfnBucket.CorsConfigurationProperty } from '@aws-cdk/aws-s3';
corsRules

CfnBucket.CorsConfigurationProperty.CorsRules

Type:@aws-cdk/cdk.Token or (@aws-cdk/cdk.Token or CorsRuleProperty)[] (readonly)
class CorsRuleProperty

Language-specific names:

using Amazon.CDK.AWS.S3;
import software.amazon.awscdk.services.s3.CfnBucket.CorsRuleProperty;
// CfnBucket.CorsRuleProperty is an interface
import { CfnBucket.CorsRuleProperty } from '@aws-cdk/aws-s3';
allowedMethods

CfnBucket.CorsRuleProperty.AllowedMethods

Type:string[] (readonly)
allowedOrigins

CfnBucket.CorsRuleProperty.AllowedOrigins

Type:string[] (readonly)
allowedHeaders

CfnBucket.CorsRuleProperty.AllowedHeaders

Type:string[] (optional) (readonly)
exposedHeaders

CfnBucket.CorsRuleProperty.ExposedHeaders

Type:string[] (optional) (readonly)
id

CfnBucket.CorsRuleProperty.Id

Type:string (optional) (readonly)
maxAge

CfnBucket.CorsRuleProperty.MaxAge

Type:number or @aws-cdk/cdk.Token (optional) (readonly)
class DataExportProperty

Language-specific names:

using Amazon.CDK.AWS.S3;
import software.amazon.awscdk.services.s3.CfnBucket.DataExportProperty;
// CfnBucket.DataExportProperty is an interface
import { CfnBucket.DataExportProperty } from '@aws-cdk/aws-s3';
destination

CfnBucket.DataExportProperty.Destination

Type:@aws-cdk/cdk.Token or DestinationProperty (readonly)
outputSchemaVersion

CfnBucket.DataExportProperty.OutputSchemaVersion

Type:string (readonly)
class DestinationProperty

Language-specific names:

using Amazon.CDK.AWS.S3;
import software.amazon.awscdk.services.s3.CfnBucket.DestinationProperty;
// CfnBucket.DestinationProperty is an interface
import { CfnBucket.DestinationProperty } from '@aws-cdk/aws-s3';
bucketArn

CfnBucket.DestinationProperty.BucketArn

Type:string (readonly)
format

CfnBucket.DestinationProperty.Format

Type:string (readonly)
bucketAccountId

CfnBucket.DestinationProperty.BucketAccountId

Type:string (optional) (readonly)
prefix

CfnBucket.DestinationProperty.Prefix

Type:string (optional) (readonly)
class EncryptionConfigurationProperty

Language-specific names:

using Amazon.CDK.AWS.S3;
import software.amazon.awscdk.services.s3.CfnBucket.EncryptionConfigurationProperty;
// CfnBucket.EncryptionConfigurationProperty is an interface
import { CfnBucket.EncryptionConfigurationProperty } from '@aws-cdk/aws-s3';
replicaKmsKeyId

CfnBucket.EncryptionConfigurationProperty.ReplicaKmsKeyID

Type:string (readonly)
class FilterRuleProperty

Language-specific names:

using Amazon.CDK.AWS.S3;
import software.amazon.awscdk.services.s3.CfnBucket.FilterRuleProperty;
// CfnBucket.FilterRuleProperty is an interface
import { CfnBucket.FilterRuleProperty } from '@aws-cdk/aws-s3';
name

CfnBucket.FilterRuleProperty.Name

Type:string (readonly)
value

CfnBucket.FilterRuleProperty.Value

Type:string (readonly)
class InventoryConfigurationProperty

Language-specific names:

using Amazon.CDK.AWS.S3;
import software.amazon.awscdk.services.s3.CfnBucket.InventoryConfigurationProperty;
// CfnBucket.InventoryConfigurationProperty is an interface
import { CfnBucket.InventoryConfigurationProperty } from '@aws-cdk/aws-s3';
destination

CfnBucket.InventoryConfigurationProperty.Destination

Type:@aws-cdk/cdk.Token or DestinationProperty (readonly)
enabled

CfnBucket.InventoryConfigurationProperty.Enabled

Type:boolean or @aws-cdk/cdk.Token (readonly)
id

CfnBucket.InventoryConfigurationProperty.Id

Type:string (readonly)
includedObjectVersions

CfnBucket.InventoryConfigurationProperty.IncludedObjectVersions

Type:string (readonly)
scheduleFrequency

CfnBucket.InventoryConfigurationProperty.ScheduleFrequency

Type:string (readonly)
optionalFields

CfnBucket.InventoryConfigurationProperty.OptionalFields

Type:string[] (optional) (readonly)
prefix

CfnBucket.InventoryConfigurationProperty.Prefix

Type:string (optional) (readonly)
class LambdaConfigurationProperty

Language-specific names:

using Amazon.CDK.AWS.S3;
import software.amazon.awscdk.services.s3.CfnBucket.LambdaConfigurationProperty;
// CfnBucket.LambdaConfigurationProperty is an interface
import { CfnBucket.LambdaConfigurationProperty } from '@aws-cdk/aws-s3';
event

CfnBucket.LambdaConfigurationProperty.Event

Type:string (readonly)
function

CfnBucket.LambdaConfigurationProperty.Function

Type:string (readonly)
filter

CfnBucket.LambdaConfigurationProperty.Filter

Type:@aws-cdk/cdk.Token or NotificationFilterProperty (optional) (readonly)
class LifecycleConfigurationProperty

Language-specific names:

using Amazon.CDK.AWS.S3;
import software.amazon.awscdk.services.s3.CfnBucket.LifecycleConfigurationProperty;
// CfnBucket.LifecycleConfigurationProperty is an interface
import { CfnBucket.LifecycleConfigurationProperty } from '@aws-cdk/aws-s3';
rules

CfnBucket.LifecycleConfigurationProperty.Rules

Type:@aws-cdk/cdk.Token or (@aws-cdk/cdk.Token or RuleProperty)[] (readonly)
class LoggingConfigurationProperty

Language-specific names:

using Amazon.CDK.AWS.S3;
import software.amazon.awscdk.services.s3.CfnBucket.LoggingConfigurationProperty;
// CfnBucket.LoggingConfigurationProperty is an interface
import { CfnBucket.LoggingConfigurationProperty } from '@aws-cdk/aws-s3';
destinationBucketName

CfnBucket.LoggingConfigurationProperty.DestinationBucketName

Type:string (optional) (readonly)
logFilePrefix

CfnBucket.LoggingConfigurationProperty.LogFilePrefix

Type:string (optional) (readonly)
class MetricsConfigurationProperty

Language-specific names:

using Amazon.CDK.AWS.S3;
import software.amazon.awscdk.services.s3.CfnBucket.MetricsConfigurationProperty;
// CfnBucket.MetricsConfigurationProperty is an interface
import { CfnBucket.MetricsConfigurationProperty } from '@aws-cdk/aws-s3';
id

CfnBucket.MetricsConfigurationProperty.Id

Type:string (readonly)
prefix

CfnBucket.MetricsConfigurationProperty.Prefix

Type:string (optional) (readonly)
tagFilters

CfnBucket.MetricsConfigurationProperty.TagFilters

Type:@aws-cdk/cdk.Token or (@aws-cdk/cdk.Token or TagFilterProperty)[] (optional) (readonly)
class NoncurrentVersionTransitionProperty

Language-specific names:

using Amazon.CDK.AWS.S3;
import software.amazon.awscdk.services.s3.CfnBucket.NoncurrentVersionTransitionProperty;
// CfnBucket.NoncurrentVersionTransitionProperty is an interface
import { CfnBucket.NoncurrentVersionTransitionProperty } from '@aws-cdk/aws-s3';
storageClass

CfnBucket.NoncurrentVersionTransitionProperty.StorageClass

Type:string (readonly)
transitionInDays

CfnBucket.NoncurrentVersionTransitionProperty.TransitionInDays

Type:number or @aws-cdk/cdk.Token (readonly)
class NotificationConfigurationProperty

Language-specific names:

using Amazon.CDK.AWS.S3;
import software.amazon.awscdk.services.s3.CfnBucket.NotificationConfigurationProperty;
// CfnBucket.NotificationConfigurationProperty is an interface
import { CfnBucket.NotificationConfigurationProperty } from '@aws-cdk/aws-s3';
lambdaConfigurations

CfnBucket.NotificationConfigurationProperty.LambdaConfigurations

Type:@aws-cdk/cdk.Token or (@aws-cdk/cdk.Token or LambdaConfigurationProperty)[] (optional) (readonly)
queueConfigurations

CfnBucket.NotificationConfigurationProperty.QueueConfigurations

Type:@aws-cdk/cdk.Token or (@aws-cdk/cdk.Token or QueueConfigurationProperty)[] (optional) (readonly)
topicConfigurations

CfnBucket.NotificationConfigurationProperty.TopicConfigurations

Type:@aws-cdk/cdk.Token or (@aws-cdk/cdk.Token or TopicConfigurationProperty)[] (optional) (readonly)
class NotificationFilterProperty

Language-specific names:

using Amazon.CDK.AWS.S3;
import software.amazon.awscdk.services.s3.CfnBucket.NotificationFilterProperty;
// CfnBucket.NotificationFilterProperty is an interface
import { CfnBucket.NotificationFilterProperty } from '@aws-cdk/aws-s3';
s3Key

CfnBucket.NotificationFilterProperty.S3Key

Type:@aws-cdk/cdk.Token or S3KeyFilterProperty (readonly)
class PublicAccessBlockConfigurationProperty

Language-specific names:

using Amazon.CDK.AWS.S3;
import software.amazon.awscdk.services.s3.CfnBucket.PublicAccessBlockConfigurationProperty;
// CfnBucket.PublicAccessBlockConfigurationProperty is an interface
import { CfnBucket.PublicAccessBlockConfigurationProperty } from '@aws-cdk/aws-s3';
blockPublicAcls

CfnBucket.PublicAccessBlockConfigurationProperty.BlockPublicAcls

Type:boolean or @aws-cdk/cdk.Token (optional) (readonly)
blockPublicPolicy

CfnBucket.PublicAccessBlockConfigurationProperty.BlockPublicPolicy

Type:boolean or @aws-cdk/cdk.Token (optional) (readonly)
ignorePublicAcls

CfnBucket.PublicAccessBlockConfigurationProperty.IgnorePublicAcls

Type:boolean or @aws-cdk/cdk.Token (optional) (readonly)
restrictPublicBuckets

CfnBucket.PublicAccessBlockConfigurationProperty.RestrictPublicBuckets

Type:boolean or @aws-cdk/cdk.Token (optional) (readonly)
class QueueConfigurationProperty

Language-specific names:

using Amazon.CDK.AWS.S3;
import software.amazon.awscdk.services.s3.CfnBucket.QueueConfigurationProperty;
// CfnBucket.QueueConfigurationProperty is an interface
import { CfnBucket.QueueConfigurationProperty } from '@aws-cdk/aws-s3';
event

CfnBucket.QueueConfigurationProperty.Event

Type:string (readonly)
queue

CfnBucket.QueueConfigurationProperty.Queue

Type:string (readonly)
filter

CfnBucket.QueueConfigurationProperty.Filter

Type:@aws-cdk/cdk.Token or NotificationFilterProperty (optional) (readonly)
class RedirectAllRequestsToProperty

Language-specific names:

using Amazon.CDK.AWS.S3;
import software.amazon.awscdk.services.s3.CfnBucket.RedirectAllRequestsToProperty;
// CfnBucket.RedirectAllRequestsToProperty is an interface
import { CfnBucket.RedirectAllRequestsToProperty } from '@aws-cdk/aws-s3';
hostName

CfnBucket.RedirectAllRequestsToProperty.HostName

Type:string (readonly)
protocol

CfnBucket.RedirectAllRequestsToProperty.Protocol

Type:string (optional) (readonly)
class RedirectRuleProperty

Language-specific names:

using Amazon.CDK.AWS.S3;
import software.amazon.awscdk.services.s3.CfnBucket.RedirectRuleProperty;
// CfnBucket.RedirectRuleProperty is an interface
import { CfnBucket.RedirectRuleProperty } from '@aws-cdk/aws-s3';
hostName

CfnBucket.RedirectRuleProperty.HostName

Type:string (optional) (readonly)
httpRedirectCode

CfnBucket.RedirectRuleProperty.HttpRedirectCode

Type:string (optional) (readonly)
protocol

CfnBucket.RedirectRuleProperty.Protocol

Type:string (optional) (readonly)
replaceKeyPrefixWith

CfnBucket.RedirectRuleProperty.ReplaceKeyPrefixWith

Type:string (optional) (readonly)
replaceKeyWith

CfnBucket.RedirectRuleProperty.ReplaceKeyWith

Type:string (optional) (readonly)
class ReplicationConfigurationProperty

Language-specific names:

using Amazon.CDK.AWS.S3;
import software.amazon.awscdk.services.s3.CfnBucket.ReplicationConfigurationProperty;
// CfnBucket.ReplicationConfigurationProperty is an interface
import { CfnBucket.ReplicationConfigurationProperty } from '@aws-cdk/aws-s3';
role

CfnBucket.ReplicationConfigurationProperty.Role

Type:string (readonly)
rules

CfnBucket.ReplicationConfigurationProperty.Rules

Type:@aws-cdk/cdk.Token or (@aws-cdk/cdk.Token or ReplicationRuleProperty)[] (readonly)
class ReplicationDestinationProperty

Language-specific names:

using Amazon.CDK.AWS.S3;
import software.amazon.awscdk.services.s3.CfnBucket.ReplicationDestinationProperty;
// CfnBucket.ReplicationDestinationProperty is an interface
import { CfnBucket.ReplicationDestinationProperty } from '@aws-cdk/aws-s3';
bucket

CfnBucket.ReplicationDestinationProperty.Bucket

Type:string (readonly)
accessControlTranslation

CfnBucket.ReplicationDestinationProperty.AccessControlTranslation

Type:@aws-cdk/cdk.Token or AccessControlTranslationProperty (optional) (readonly)
account

CfnBucket.ReplicationDestinationProperty.Account

Type:string (optional) (readonly)
encryptionConfiguration

CfnBucket.ReplicationDestinationProperty.EncryptionConfiguration

Type:@aws-cdk/cdk.Token or EncryptionConfigurationProperty (optional) (readonly)
storageClass

CfnBucket.ReplicationDestinationProperty.StorageClass

Type:string (optional) (readonly)
class ReplicationRuleProperty

Language-specific names:

using Amazon.CDK.AWS.S3;
import software.amazon.awscdk.services.s3.CfnBucket.ReplicationRuleProperty;
// CfnBucket.ReplicationRuleProperty is an interface
import { CfnBucket.ReplicationRuleProperty } from '@aws-cdk/aws-s3';
destination

CfnBucket.ReplicationRuleProperty.Destination

Type:@aws-cdk/cdk.Token or ReplicationDestinationProperty (readonly)
prefix

CfnBucket.ReplicationRuleProperty.Prefix

Type:string (readonly)
status

CfnBucket.ReplicationRuleProperty.Status

Type:string (readonly)
id

CfnBucket.ReplicationRuleProperty.Id

Type:string (optional) (readonly)
sourceSelectionCriteria

CfnBucket.ReplicationRuleProperty.SourceSelectionCriteria

Type:@aws-cdk/cdk.Token or SourceSelectionCriteriaProperty (optional) (readonly)
class RoutingRuleConditionProperty

Language-specific names:

using Amazon.CDK.AWS.S3;
import software.amazon.awscdk.services.s3.CfnBucket.RoutingRuleConditionProperty;
// CfnBucket.RoutingRuleConditionProperty is an interface
import { CfnBucket.RoutingRuleConditionProperty } from '@aws-cdk/aws-s3';
httpErrorCodeReturnedEquals

CfnBucket.RoutingRuleConditionProperty.HttpErrorCodeReturnedEquals

Type:string (optional) (readonly)
keyPrefixEquals

CfnBucket.RoutingRuleConditionProperty.KeyPrefixEquals

Type:string (optional) (readonly)
class RoutingRuleProperty

Language-specific names:

using Amazon.CDK.AWS.S3;
import software.amazon.awscdk.services.s3.CfnBucket.RoutingRuleProperty;
// CfnBucket.RoutingRuleProperty is an interface
import { CfnBucket.RoutingRuleProperty } from '@aws-cdk/aws-s3';
redirectRule

CfnBucket.RoutingRuleProperty.RedirectRule

Type:@aws-cdk/cdk.Token or RedirectRuleProperty (readonly)
routingRuleCondition

CfnBucket.RoutingRuleProperty.RoutingRuleCondition

Type:@aws-cdk/cdk.Token or RoutingRuleConditionProperty (optional) (readonly)
class RuleProperty

Language-specific names:

using Amazon.CDK.AWS.S3;
import software.amazon.awscdk.services.s3.CfnBucket.RuleProperty;
// CfnBucket.RuleProperty is an interface
import { CfnBucket.RuleProperty } from '@aws-cdk/aws-s3';
status

CfnBucket.RuleProperty.Status

Type:string (readonly)
abortIncompleteMultipartUpload

CfnBucket.RuleProperty.AbortIncompleteMultipartUpload

Type:@aws-cdk/cdk.Token or AbortIncompleteMultipartUploadProperty (optional) (readonly)
expirationDate

CfnBucket.RuleProperty.ExpirationDate

Type:@aws-cdk/cdk.Token or date (optional) (readonly)
expirationInDays

CfnBucket.RuleProperty.ExpirationInDays

Type:number or @aws-cdk/cdk.Token (optional) (readonly)
id

CfnBucket.RuleProperty.Id

Type:string (optional) (readonly)
noncurrentVersionExpirationInDays

CfnBucket.RuleProperty.NoncurrentVersionExpirationInDays

Type:number or @aws-cdk/cdk.Token (optional) (readonly)
noncurrentVersionTransition

CfnBucket.RuleProperty.NoncurrentVersionTransition

Type:@aws-cdk/cdk.Token or NoncurrentVersionTransitionProperty (optional) (readonly)
noncurrentVersionTransitions

CfnBucket.RuleProperty.NoncurrentVersionTransitions

Type:@aws-cdk/cdk.Token or (@aws-cdk/cdk.Token or NoncurrentVersionTransitionProperty)[] (optional) (readonly)
prefix

CfnBucket.RuleProperty.Prefix

Type:string (optional) (readonly)
tagFilters

CfnBucket.RuleProperty.TagFilters

Type:@aws-cdk/cdk.Token or (@aws-cdk/cdk.Token or TagFilterProperty)[] (optional) (readonly)
transition

CfnBucket.RuleProperty.Transition

Type:@aws-cdk/cdk.Token or TransitionProperty (optional) (readonly)
transitions

CfnBucket.RuleProperty.Transitions

Type:@aws-cdk/cdk.Token or (@aws-cdk/cdk.Token or TransitionProperty)[] (optional) (readonly)
class S3KeyFilterProperty

Language-specific names:

using Amazon.CDK.AWS.S3;
import software.amazon.awscdk.services.s3.CfnBucket.S3KeyFilterProperty;
// CfnBucket.S3KeyFilterProperty is an interface
import { CfnBucket.S3KeyFilterProperty } from '@aws-cdk/aws-s3';
rules

CfnBucket.S3KeyFilterProperty.Rules

Type:@aws-cdk/cdk.Token or (@aws-cdk/cdk.Token or FilterRuleProperty)[] (readonly)
class ServerSideEncryptionByDefaultProperty

Language-specific names:

using Amazon.CDK.AWS.S3;
import software.amazon.awscdk.services.s3.CfnBucket.ServerSideEncryptionByDefaultProperty;
// CfnBucket.ServerSideEncryptionByDefaultProperty is an interface
import { CfnBucket.ServerSideEncryptionByDefaultProperty } from '@aws-cdk/aws-s3';
sseAlgorithm

CfnBucket.ServerSideEncryptionByDefaultProperty.SSEAlgorithm

Type:string (readonly)
kmsMasterKeyId

CfnBucket.ServerSideEncryptionByDefaultProperty.KMSMasterKeyID

Type:string (optional) (readonly)
class ServerSideEncryptionRuleProperty

Language-specific names:

using Amazon.CDK.AWS.S3;
import software.amazon.awscdk.services.s3.CfnBucket.ServerSideEncryptionRuleProperty;
// CfnBucket.ServerSideEncryptionRuleProperty is an interface
import { CfnBucket.ServerSideEncryptionRuleProperty } from '@aws-cdk/aws-s3';
serverSideEncryptionByDefault

CfnBucket.ServerSideEncryptionRuleProperty.ServerSideEncryptionByDefault

Type:@aws-cdk/cdk.Token or ServerSideEncryptionByDefaultProperty (optional) (readonly)
class SourceSelectionCriteriaProperty

Language-specific names:

using Amazon.CDK.AWS.S3;
import software.amazon.awscdk.services.s3.CfnBucket.SourceSelectionCriteriaProperty;
// CfnBucket.SourceSelectionCriteriaProperty is an interface
import { CfnBucket.SourceSelectionCriteriaProperty } from '@aws-cdk/aws-s3';
sseKmsEncryptedObjects

CfnBucket.SourceSelectionCriteriaProperty.SseKmsEncryptedObjects

Type:@aws-cdk/cdk.Token or SseKmsEncryptedObjectsProperty (readonly)
class SseKmsEncryptedObjectsProperty

Language-specific names:

using Amazon.CDK.AWS.S3;
import software.amazon.awscdk.services.s3.CfnBucket.SseKmsEncryptedObjectsProperty;
// CfnBucket.SseKmsEncryptedObjectsProperty is an interface
import { CfnBucket.SseKmsEncryptedObjectsProperty } from '@aws-cdk/aws-s3';
status

CfnBucket.SseKmsEncryptedObjectsProperty.Status

Type:string (readonly)
class StorageClassAnalysisProperty

Language-specific names:

using Amazon.CDK.AWS.S3;
import software.amazon.awscdk.services.s3.CfnBucket.StorageClassAnalysisProperty;
// CfnBucket.StorageClassAnalysisProperty is an interface
import { CfnBucket.StorageClassAnalysisProperty } from '@aws-cdk/aws-s3';
dataExport

CfnBucket.StorageClassAnalysisProperty.DataExport

Type:@aws-cdk/cdk.Token or DataExportProperty (optional) (readonly)
class TagFilterProperty

Language-specific names:

using Amazon.CDK.AWS.S3;
import software.amazon.awscdk.services.s3.CfnBucket.TagFilterProperty;
// CfnBucket.TagFilterProperty is an interface
import { CfnBucket.TagFilterProperty } from '@aws-cdk/aws-s3';
key

CfnBucket.TagFilterProperty.Key

Type:string (readonly)
value

CfnBucket.TagFilterProperty.Value

Type:string (readonly)
class TopicConfigurationProperty

Language-specific names:

using Amazon.CDK.AWS.S3;
import software.amazon.awscdk.services.s3.CfnBucket.TopicConfigurationProperty;
// CfnBucket.TopicConfigurationProperty is an interface
import { CfnBucket.TopicConfigurationProperty } from '@aws-cdk/aws-s3';
event

CfnBucket.TopicConfigurationProperty.Event

Type:string (readonly)
topic

CfnBucket.TopicConfigurationProperty.Topic

Type:string (readonly)
filter

CfnBucket.TopicConfigurationProperty.Filter

Type:@aws-cdk/cdk.Token or NotificationFilterProperty (optional) (readonly)
class TransitionProperty

Language-specific names:

using Amazon.CDK.AWS.S3;
import software.amazon.awscdk.services.s3.CfnBucket.TransitionProperty;
// CfnBucket.TransitionProperty is an interface
import { CfnBucket.TransitionProperty } from '@aws-cdk/aws-s3';
storageClass

CfnBucket.TransitionProperty.StorageClass

Type:string (readonly)
transitionDate

CfnBucket.TransitionProperty.TransitionDate

Type:@aws-cdk/cdk.Token or date (optional) (readonly)
transitionInDays

CfnBucket.TransitionProperty.TransitionInDays

Type:number or @aws-cdk/cdk.Token (optional) (readonly)
class VersioningConfigurationProperty

Language-specific names:

using Amazon.CDK.AWS.S3;
import software.amazon.awscdk.services.s3.CfnBucket.VersioningConfigurationProperty;
// CfnBucket.VersioningConfigurationProperty is an interface
import { CfnBucket.VersioningConfigurationProperty } from '@aws-cdk/aws-s3';
status

CfnBucket.VersioningConfigurationProperty.Status

Type:string (readonly)
class WebsiteConfigurationProperty

Language-specific names:

using Amazon.CDK.AWS.S3;
import software.amazon.awscdk.services.s3.CfnBucket.WebsiteConfigurationProperty;
// CfnBucket.WebsiteConfigurationProperty is an interface
import { CfnBucket.WebsiteConfigurationProperty } from '@aws-cdk/aws-s3';
errorDocument

CfnBucket.WebsiteConfigurationProperty.ErrorDocument

Type:string (optional) (readonly)
indexDocument

CfnBucket.WebsiteConfigurationProperty.IndexDocument

Type:string (optional) (readonly)
redirectAllRequestsTo

CfnBucket.WebsiteConfigurationProperty.RedirectAllRequestsTo

Type:@aws-cdk/cdk.Token or RedirectAllRequestsToProperty (optional) (readonly)
routingRules

CfnBucket.WebsiteConfigurationProperty.RoutingRules

Type:@aws-cdk/cdk.Token or (@aws-cdk/cdk.Token or RoutingRuleProperty)[] (optional) (readonly)
overrideLogicalId(newLogicalId)

Inherited from @aws-cdk/cdk.CfnElement

Overrides the auto-generated logical ID with a specific ID.

Parameters:newLogicalId (string) – The new logical ID to use for this stack element.
prepare()

Inherited from @aws-cdk/cdk.CfnElement

Automatically detect references in this CfnElement

Protected method

creationStackTrace

Inherited from @aws-cdk/cdk.CfnElement

Type:string[] (readonly)
logicalId

Inherited from @aws-cdk/cdk.CfnElement

The logical ID for this CloudFormation stack element. The logical ID of the element

is calculated from the path of the resource node in the construct tree.

To override this value, use overrideLogicalId(newLogicalId).

Type:string (readonly)
stackPath

Inherited from @aws-cdk/cdk.CfnElement

Return the path with respect to the stack

Type:string (readonly)
ref

Inherited from @aws-cdk/cdk.CfnRefElement

Returns a token to a CloudFormation { Ref } that references this entity based on it’s logical ID.

Type:string (readonly)
referenceToken

Inherited from @aws-cdk/cdk.CfnRefElement

Return a token that will CloudFormation { Ref } this stack element

Protected property

Type:@aws-cdk/cdk.Token (readonly)
addDeletionOverride(path)

Inherited from @aws-cdk/cdk.CfnResource

Syntactic sugar for addOverride(path, undefined).

Parameters:path (string) – The path of the value to delete
addDependsOn(resource)

Inherited from @aws-cdk/cdk.CfnResource

Indicates that this resource depends on another resource and cannot be provisioned

unless the other resource has been successfully provisioned.

Parameters:resource (@aws-cdk/cdk.CfnResource) –
addOverride(path, value)

Inherited from @aws-cdk/cdk.CfnResource

Adds an override to the synthesized CloudFormation resource. To add a

property override, either use addPropertyOverride or prefix path with

“Properties.” (i.e. Properties.TopicName).

Parameters:
  • path (string) – The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed.
  • value (any) – The value. Could be primitive or complex.
addPropertyDeletionOverride(propertyPath)

Inherited from @aws-cdk/cdk.CfnResource

Adds an override that deletes the value of a property from the resource definition.

Parameters:propertyPath (string) – The path to the property.
addPropertyOverride(propertyPath, value)

Inherited from @aws-cdk/cdk.CfnResource

Adds an override to a resource property.

Syntactic sugar for addOverride(“Properties.<…>”, value).

Parameters:
  • propertyPath (string) – The path of the property
  • value (any) – The value
getAtt(attributeName) → @aws-cdk/cdk.CfnReference

Inherited from @aws-cdk/cdk.CfnResource

Returns a token for an runtime attribute of this resource.

Ideally, use generated attribute accessors (e.g. resource.arn), but this can be used for future compatibility

in case there is no generated attribute.

Parameters:attributeName (string) – The name of the attribute.
Return type:@aws-cdk/cdk.CfnReference
options

Inherited from @aws-cdk/cdk.CfnResource

Options for this resource, such as condition, update policy etc.

Type:@aws-cdk/cdk.IResourceOptions (readonly)
properties

Inherited from @aws-cdk/cdk.CfnResource

AWS resource properties.

This object is rendered via a call to “renderProperties(this.properties)”.

Protected property

Type:any (readonly)
resourceType

Inherited from @aws-cdk/cdk.CfnResource

AWS resource type.

Type:string (readonly)
untypedPropertyOverrides

Inherited from @aws-cdk/cdk.CfnResource

AWS resource property overrides.

During synthesis, the method “renderProperties(this.overrides)” is called

with this object, and merged on top of the output of

“renderProperties(this.properties)”.

Derived classes should expose a strongly-typed version of this object as

a public property called propertyOverrides.

Protected property

Type:any (readonly)
toString() → string

Inherited from @aws-cdk/cdk.Construct

Returns a string representation of this construct.

Return type:string
validate() → string[]

Inherited from @aws-cdk/cdk.Construct

Validate the current construct.

This method can be implemented by derived constructs in order to perform

validation logic. It is called on all constructs before synthesis.

Protected method

Returns:An array of validation error messages, or an empty array if there the construct is valid.
Return type:string[]
dependencyRoots

Inherited from @aws-cdk/cdk.Construct

The set of constructs that form the root of this dependable

All resources under all returned constructs are included in the ordering

dependency.

Type:@aws-cdk/cdk.IConstruct[] (readonly)
node

Inherited from @aws-cdk/cdk.Construct

Construct node.

Type:@aws-cdk/cdk.ConstructNode (readonly)

CfnBucketPolicy

class @aws-cdk/aws-s3.CfnBucketPolicy(scope, id, props)

Language-specific names:

using Amazon.CDK.AWS.S3;
import software.amazon.awscdk.services.s3.CfnBucketPolicy;
const { CfnBucketPolicy } = require('@aws-cdk/aws-s3');
import { CfnBucketPolicy } from '@aws-cdk/aws-s3';

A CloudFormation AWS::S3::BucketPolicy

Extends:

@aws-cdk/cdk.CfnResource

Parameters:
renderProperties(properties) → string => any

Overrides @aws-cdk/cdk.CfnResource.renderProperties()

Protected method

Parameters:properties (any) –
Return type:string => any
resourceTypeName

The CloudFormation resource type name for this resource class.

Type:string (readonly) (static)
propertyOverrides
Type:CfnBucketPolicyProps (readonly)
overrideLogicalId(newLogicalId)

Inherited from @aws-cdk/cdk.CfnElement

Overrides the auto-generated logical ID with a specific ID.

Parameters:newLogicalId (string) – The new logical ID to use for this stack element.
prepare()

Inherited from @aws-cdk/cdk.CfnElement

Automatically detect references in this CfnElement

Protected method

creationStackTrace

Inherited from @aws-cdk/cdk.CfnElement

Type:string[] (readonly)
logicalId

Inherited from @aws-cdk/cdk.CfnElement

The logical ID for this CloudFormation stack element. The logical ID of the element

is calculated from the path of the resource node in the construct tree.

To override this value, use overrideLogicalId(newLogicalId).

Type:string (readonly)
stackPath

Inherited from @aws-cdk/cdk.CfnElement

Return the path with respect to the stack

Type:string (readonly)
ref

Inherited from @aws-cdk/cdk.CfnRefElement

Returns a token to a CloudFormation { Ref } that references this entity based on it’s logical ID.

Type:string (readonly)
referenceToken

Inherited from @aws-cdk/cdk.CfnRefElement

Return a token that will CloudFormation { Ref } this stack element

Protected property

Type:@aws-cdk/cdk.Token (readonly)
addDeletionOverride(path)

Inherited from @aws-cdk/cdk.CfnResource

Syntactic sugar for addOverride(path, undefined).

Parameters:path (string) – The path of the value to delete
addDependsOn(resource)

Inherited from @aws-cdk/cdk.CfnResource

Indicates that this resource depends on another resource and cannot be provisioned

unless the other resource has been successfully provisioned.

Parameters:resource (@aws-cdk/cdk.CfnResource) –
addOverride(path, value)

Inherited from @aws-cdk/cdk.CfnResource

Adds an override to the synthesized CloudFormation resource. To add a

property override, either use addPropertyOverride or prefix path with

“Properties.” (i.e. Properties.TopicName).

Parameters:
  • path (string) – The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed.
  • value (any) – The value. Could be primitive or complex.
addPropertyDeletionOverride(propertyPath)

Inherited from @aws-cdk/cdk.CfnResource

Adds an override that deletes the value of a property from the resource definition.

Parameters:propertyPath (string) – The path to the property.
addPropertyOverride(propertyPath, value)

Inherited from @aws-cdk/cdk.CfnResource

Adds an override to a resource property.

Syntactic sugar for addOverride(“Properties.<…>”, value).

Parameters:
  • propertyPath (string) – The path of the property
  • value (any) – The value
getAtt(attributeName) → @aws-cdk/cdk.CfnReference

Inherited from @aws-cdk/cdk.CfnResource

Returns a token for an runtime attribute of this resource.

Ideally, use generated attribute accessors (e.g. resource.arn), but this can be used for future compatibility

in case there is no generated attribute.

Parameters:attributeName (string) – The name of the attribute.
Return type:@aws-cdk/cdk.CfnReference
options

Inherited from @aws-cdk/cdk.CfnResource

Options for this resource, such as condition, update policy etc.

Type:@aws-cdk/cdk.IResourceOptions (readonly)
properties

Inherited from @aws-cdk/cdk.CfnResource

AWS resource properties.

This object is rendered via a call to “renderProperties(this.properties)”.

Protected property

Type:any (readonly)
resourceType

Inherited from @aws-cdk/cdk.CfnResource

AWS resource type.

Type:string (readonly)
untypedPropertyOverrides

Inherited from @aws-cdk/cdk.CfnResource

AWS resource property overrides.

During synthesis, the method “renderProperties(this.overrides)” is called

with this object, and merged on top of the output of

“renderProperties(this.properties)”.

Derived classes should expose a strongly-typed version of this object as

a public property called propertyOverrides.

Protected property

Type:any (readonly)
toString() → string

Inherited from @aws-cdk/cdk.Construct

Returns a string representation of this construct.

Return type:string
validate() → string[]

Inherited from @aws-cdk/cdk.Construct

Validate the current construct.

This method can be implemented by derived constructs in order to perform

validation logic. It is called on all constructs before synthesis.

Protected method

Returns:An array of validation error messages, or an empty array if there the construct is valid.
Return type:string[]
dependencyRoots

Inherited from @aws-cdk/cdk.Construct

The set of constructs that form the root of this dependable

All resources under all returned constructs are included in the ordering

dependency.

Type:@aws-cdk/cdk.IConstruct[] (readonly)
node

Inherited from @aws-cdk/cdk.Construct

Construct node.

Type:@aws-cdk/cdk.ConstructNode (readonly)

CfnBucketPolicyProps (interface)

class @aws-cdk/aws-s3.CfnBucketPolicyProps

Language-specific names:

using Amazon.CDK.AWS.S3;
import software.amazon.awscdk.services.s3.CfnBucketPolicyProps;
// CfnBucketPolicyProps is an interface
import { CfnBucketPolicyProps } from '@aws-cdk/aws-s3';

Properties for defining a AWS::S3::BucketPolicy

bucket

AWS::S3::BucketPolicy.Bucket

Type:string (readonly)
policyDocument

AWS::S3::BucketPolicy.PolicyDocument

Type:json or @aws-cdk/cdk.Token (readonly)

CfnBucketProps (interface)

class @aws-cdk/aws-s3.CfnBucketProps

Language-specific names:

using Amazon.CDK.AWS.S3;
import software.amazon.awscdk.services.s3.CfnBucketProps;
// CfnBucketProps is an interface
import { CfnBucketProps } from '@aws-cdk/aws-s3';

Properties for defining a AWS::S3::Bucket

accelerateConfiguration

AWS::S3::Bucket.AccelerateConfiguration

Type:@aws-cdk/cdk.Token or AccelerateConfigurationProperty (optional) (readonly)
accessControl

AWS::S3::Bucket.AccessControl

Type:string (optional) (readonly)
analyticsConfigurations

AWS::S3::Bucket.AnalyticsConfigurations

Type:@aws-cdk/cdk.Token or (@aws-cdk/cdk.Token or AnalyticsConfigurationProperty)[] (optional) (readonly)
bucketEncryption

AWS::S3::Bucket.BucketEncryption

Type:@aws-cdk/cdk.Token or BucketEncryptionProperty (optional) (readonly)
bucketName

AWS::S3::Bucket.BucketName

Type:string (optional) (readonly)
corsConfiguration

AWS::S3::Bucket.CorsConfiguration

Type:@aws-cdk/cdk.Token or CorsConfigurationProperty (optional) (readonly)
inventoryConfigurations

AWS::S3::Bucket.InventoryConfigurations

Type:@aws-cdk/cdk.Token or (@aws-cdk/cdk.Token or InventoryConfigurationProperty)[] (optional) (readonly)
lifecycleConfiguration

AWS::S3::Bucket.LifecycleConfiguration

Type:@aws-cdk/cdk.Token or LifecycleConfigurationProperty (optional) (readonly)
loggingConfiguration

AWS::S3::Bucket.LoggingConfiguration

Type:@aws-cdk/cdk.Token or LoggingConfigurationProperty (optional) (readonly)
metricsConfigurations

AWS::S3::Bucket.MetricsConfigurations

Type:@aws-cdk/cdk.Token or (@aws-cdk/cdk.Token or MetricsConfigurationProperty)[] (optional) (readonly)
notificationConfiguration

AWS::S3::Bucket.NotificationConfiguration

Type:@aws-cdk/cdk.Token or NotificationConfigurationProperty (optional) (readonly)
publicAccessBlockConfiguration

AWS::S3::Bucket.PublicAccessBlockConfiguration

Type:@aws-cdk/cdk.Token or PublicAccessBlockConfigurationProperty (optional) (readonly)
replicationConfiguration

AWS::S3::Bucket.ReplicationConfiguration

Type:@aws-cdk/cdk.Token or ReplicationConfigurationProperty (optional) (readonly)
tags

AWS::S3::Bucket.Tags

Type:@aws-cdk/cdk.CfnTag[] (optional) (readonly)
versioningConfiguration

AWS::S3::Bucket.VersioningConfiguration

Type:@aws-cdk/cdk.Token or VersioningConfigurationProperty (optional) (readonly)
websiteConfiguration

AWS::S3::Bucket.WebsiteConfiguration

Type:@aws-cdk/cdk.Token or WebsiteConfigurationProperty (optional) (readonly)

EventType (enum)

class @aws-cdk/aws-s3.EventType

Language-specific names:

using Amazon.CDK.AWS.S3;
import software.amazon.awscdk.services.s3.EventType;
const { EventType } = require('@aws-cdk/aws-s3');
import { EventType } from '@aws-cdk/aws-s3';

Notification event types.

ObjectCreated

Amazon S3 APIs such as PUT, POST, and COPY can create an object. Using

these event types, you can enable notification when an object is created

using a specific API, or you can use the s3:ObjectCreated:* event type to

request notification regardless of the API that was used to create an

object.

ObjectCreatedPut

Amazon S3 APIs such as PUT, POST, and COPY can create an object. Using

these event types, you can enable notification when an object is created

using a specific API, or you can use the s3:ObjectCreated:* event type to

request notification regardless of the API that was used to create an

object.

ObjectCreatedPost

Amazon S3 APIs such as PUT, POST, and COPY can create an object. Using

these event types, you can enable notification when an object is created

using a specific API, or you can use the s3:ObjectCreated:* event type to

request notification regardless of the API that was used to create an

object.

ObjectCreatedCopy

Amazon S3 APIs such as PUT, POST, and COPY can create an object. Using

these event types, you can enable notification when an object is created

using a specific API, or you can use the s3:ObjectCreated:* event type to

request notification regardless of the API that was used to create an

object.

ObjectCreatedCompleteMultipartUpload

Amazon S3 APIs such as PUT, POST, and COPY can create an object. Using

these event types, you can enable notification when an object is created

using a specific API, or you can use the s3:ObjectCreated:* event type to

request notification regardless of the API that was used to create an

object.

ObjectRemoved

By using the ObjectRemoved event types, you can enable notification when

an object or a batch of objects is removed from a bucket.

You can request notification when an object is deleted or a versioned

object is permanently deleted by using the s3:ObjectRemoved:Delete event

type. Or you can request notification when a delete marker is created for

a versioned object by using s3:ObjectRemoved:DeleteMarkerCreated. For

information about deleting versioned objects, see Deleting Object

Versions. You can also use a wildcard s3:ObjectRemoved:* to request

notification anytime an object is deleted.

You will not receive event notifications from automatic deletes from

lifecycle policies or from failed operations.

ObjectRemovedDelete

By using the ObjectRemoved event types, you can enable notification when

an object or a batch of objects is removed from a bucket.

You can request notification when an object is deleted or a versioned

object is permanently deleted by using the s3:ObjectRemoved:Delete event

type. Or you can request notification when a delete marker is created for

a versioned object by using s3:ObjectRemoved:DeleteMarkerCreated. For

information about deleting versioned objects, see Deleting Object

Versions. You can also use a wildcard s3:ObjectRemoved:* to request

notification anytime an object is deleted.

You will not receive event notifications from automatic deletes from

lifecycle policies or from failed operations.

ObjectRemovedDeleteMarkerCreated

By using the ObjectRemoved event types, you can enable notification when

an object or a batch of objects is removed from a bucket.

You can request notification when an object is deleted or a versioned

object is permanently deleted by using the s3:ObjectRemoved:Delete event

type. Or you can request notification when a delete marker is created for

a versioned object by using s3:ObjectRemoved:DeleteMarkerCreated. For

information about deleting versioned objects, see Deleting Object

Versions. You can also use a wildcard s3:ObjectRemoved:* to request

notification anytime an object is deleted.

You will not receive event notifications from automatic deletes from

lifecycle policies or from failed operations.

ReducedRedundancyLostObject

You can use this event type to request Amazon S3 to send a notification

message when Amazon S3 detects that an object of the RRS storage class is

lost.

IBucket (interface)

class @aws-cdk/aws-s3.IBucket

Language-specific names:

using Amazon.CDK.AWS.S3;
import software.amazon.awscdk.services.s3.IBucket;
// IBucket is an interface
import { IBucket } from '@aws-cdk/aws-s3';
Extends:@aws-cdk/cdk.IConstruct
bucketArn

The ARN of the bucket.

Type:string (readonly)
bucketName

The name of the bucket.

Type:string (readonly)
bucketUrl

The https:// URL of this bucket.

Type:string (readonly)
domainName

The domain of the bucket.

Type:string (readonly)
encryptionKey

Optional KMS encryption key associated with this bucket.

Type:@aws-cdk/aws-kms.IEncryptionKey (optional) (readonly)
policy

The resource policy assoicated with this bucket.

If autoCreatePolicy is true, a BucketPolicy will be created upon the

first call to addToResourcePolicy(s).

Type:BucketPolicy (optional)
addToResourcePolicy(permission)

Adds a statement to the resource policy for a principal (i.e.

account/role/service) to perform actions on this bucket and/or it’s

contents. Use bucketArn and arnForObjects(keys) to obtain ARNs for

this bucket or objects.

Parameters:permission (@aws-cdk/aws-iam.PolicyStatement) –
Abstract:Yes
arnForObjects(*keyPattern) → string

Returns an ARN that represents all objects within the bucket that match

the key pattern specified. To represent all keys, specify "*".

If you specify multiple components for keyPattern, they will be concatenated:

arnForObjects('home/', team, '/', user, '/*')
Parameters:*keyPattern (string) –
Return type:string
Abstract:Yes
export() → @aws-cdk/aws-s3.BucketImportProps

Exports this bucket from the stack.

Return type:BucketImportProps
Abstract:Yes
grantDelete(identity[, objectsKeyPattern]) → @aws-cdk/aws-iam.Grant

Grants s3:DeleteObject* permission to an IAM pricipal for objects

in this bucket.

Parameters:
  • identity (@aws-cdk/aws-iam.IGrantable) – The principal
  • objectsKeyPattern (any (optional)) – Restrict the permission to a certain key pattern (default ‘*’)
Return type:

@aws-cdk/aws-iam.Grant

Abstract:

Yes

grantPublicAccess(keyPrefix, *allowedActions) → @aws-cdk/aws-iam.Grant

Allows unrestricted access to objects from this bucket.

IMPORTANT: This permission allows anyone to perform actions on S3 objects

in this bucket, which is useful for when you configure your bucket as a

website and want everyone to be able to read objects in the bucket without

needing to authenticate.

Without arguments, this method will grant read (“s3:GetObject”) access to

all objects (“*”) in the bucket.

The method returns the iam.PolicyStatement object, which can then be modified

as needed. For example, you can add a condition that will restrict access only

to an IPv4 range like this:

const statement = bucket.grantPublicAccess();

statement.addCondition(‘IpAddress’, { “aws:SourceIp”: “54.240.143.0/24” });

Parameters:
  • keyPrefix (string (optional)) – the prefix of S3 object keys (e.g. home/*). Default is “*”.
  • *allowedActions (string) – the set of S3 actions to allow. Default is “s3:GetObject”.
Returns:

The iam.PolicyStatement object, which can be used to apply e.g. conditions.

Return type:

@aws-cdk/aws-iam.Grant

Abstract:

Yes

grantPut(identity[, objectsKeyPattern]) → @aws-cdk/aws-iam.Grant

Grants s3:PutObject* and s3:Abort* permissions for this bucket to an IAM principal.

If encryption is used, permission to use the key to encrypt the contents

of written files will also be granted to the same principal.

Parameters:
  • identity (@aws-cdk/aws-iam.IGrantable) – The principal
  • objectsKeyPattern (any (optional)) – Restrict the permission to a certain key pattern (default ‘*’)
Return type:

@aws-cdk/aws-iam.Grant

Abstract:

Yes

grantRead(identity[, objectsKeyPattern]) → @aws-cdk/aws-iam.Grant

Grant read permissions for this bucket and it’s contents to an IAM

principal (Role/Group/User).

If encryption is used, permission to use the key to decrypt the contents

of the bucket will also be granted to the same principal.

Parameters:
  • identity (@aws-cdk/aws-iam.IGrantable) – The principal
  • objectsKeyPattern (any (optional)) – Restrict the permission to a certain key pattern (default ‘*’)
Return type:

@aws-cdk/aws-iam.Grant

Abstract:

Yes

grantReadWrite(identity[, objectsKeyPattern]) → @aws-cdk/aws-iam.Grant

Grants read/write permissions for this bucket and it’s contents to an IAM

principal (Role/Group/User).

If an encryption key is used, permission to use the key for

encrypt/decrypt will also be granted.

Parameters:
  • identity (@aws-cdk/aws-iam.IGrantable) – The principal
  • objectsKeyPattern (any (optional)) – Restrict the permission to a certain key pattern (default ‘*’)
Return type:

@aws-cdk/aws-iam.Grant

Abstract:

Yes

grantWrite(identity[, objectsKeyPattern]) → @aws-cdk/aws-iam.Grant

Grant write permissions to this bucket to an IAM principal.

If encryption is used, permission to use the key to encrypt the contents

of written files will also be granted to the same principal.

Parameters:
  • identity (@aws-cdk/aws-iam.IGrantable) – The principal
  • objectsKeyPattern (any (optional)) – Restrict the permission to a certain key pattern (default ‘*’)
Return type:

@aws-cdk/aws-iam.Grant

Abstract:

Yes

onPutObject(name[, target[, path]]) → @aws-cdk/aws-events.EventRule

Defines a CloudWatch Event Rule that triggers upon putting an object into the Bucket.

Parameters:
  • name (string) – the logical ID of the newly created Event Rule
  • target (@aws-cdk/aws-events.IEventRuleTarget (optional)) – the optional target of the Event Rule
  • path (string (optional)) – the optional path inside the Bucket that will be watched for changes
Returns:

a new {@link events.EventRule} instance

Return type:

@aws-cdk/aws-events.EventRule

Abstract:

Yes

urlForObject([key]) → string

The https URL of an S3 object. For example:

Parameters:key (string (optional)) – The S3 key of the object. If not specified, the URL of the bucket is returned.
Returns:an ObjectS3Url token
Return type:string
Abstract:Yes
node

Inherited from @aws-cdk/cdk.IConstruct

The construct node in the scope tree.

Type:@aws-cdk/cdk.ConstructNode (readonly)
dependencyRoots

Inherited from @aws-cdk/cdk.IDependable

The set of constructs that form the root of this dependable

All resources under all returned constructs are included in the ordering

dependency.

Type:@aws-cdk/cdk.IConstruct[] (readonly)

LifecycleRule (interface)

class @aws-cdk/aws-s3.LifecycleRule

Language-specific names:

using Amazon.CDK.AWS.S3;
import software.amazon.awscdk.services.s3.LifecycleRule;
// LifecycleRule is an interface
import { LifecycleRule } from '@aws-cdk/aws-s3';

Declaration of a Life cycle rule

abortIncompleteMultipartUploadAfterDays

Specifies a lifecycle rule that aborts incomplete multipart uploads to an Amazon S3 bucket.

The AbortIncompleteMultipartUpload property type creates a lifecycle

rule that aborts incomplete multipart uploads to an Amazon S3 bucket.

When Amazon S3 aborts a multipart upload, it deletes all parts

associated with the multipart upload.

Type:number (optional) (readonly)
Default:Incomplete uploads are never aborted
enabled

Whether this rule is enabled.

Type:boolean (optional) (readonly)
Default:true
expirationDate

Indicates when objects are deleted from Amazon S3 and Amazon Glacier.

The date value must be in ISO 8601 format. The time is always midnight UTC.

If you specify an expiration and transition time, you must use the same

time unit for both properties (either in days or by date). The

expiration time must also be later than the transition time.

Type:date (optional) (readonly)
Default:No expiration date
expirationInDays

Indicates the number of days after creation when objects are deleted from Amazon S3 and Amazon Glacier.

If you specify an expiration and transition time, you must use the same

time unit for both properties (either in days or by date). The

expiration time must also be later than the transition time.

Type:number (optional) (readonly)
Default:No expiration timeout
id

A unique identifier for this rule. The value cannot be more than 255 characters.

Type:string (optional) (readonly)
noncurrentVersionExpirationInDays

Time between when a new version of the object is uploaded to the bucket and when old versions of the object expire.

For buckets with versioning enabled (or suspended), specifies the time,

in days, between when a new version of the object is uploaded to the

bucket and when old versions of the object expire. When object versions

expire, Amazon S3 permanently deletes them. If you specify a transition

and expiration time, the expiration time must be later than the

transition time.

Type:number (optional) (readonly)
Default:No noncurrent version expiration
noncurrentVersionTransitions

One or more transition rules that specify when non-current objects transition to a specified storage class.

Only for for buckets with versioning enabled (or suspended).

If you specify a transition and expiration time, the expiration time

must be later than the transition time.

Type:NoncurrentVersionTransition[] (optional) (readonly)
prefix

Object key prefix that identifies one or more objects to which this rule applies.

Type:string (optional) (readonly)
Default:Rule applies to all objects
tagFilters

The TagFilter property type specifies tags to use to identify a subset of objects for an Amazon S3 bucket.

Type:string => any (optional) (readonly)
Default:Rule applies to all objects
transitions

One or more transition rules that specify when an object transitions to a specified storage class.

If you specify an expiration and transition time, you must use the same

time unit for both properties (either in days or by date). The

expiration time must also be later than the transition time.

Type:Transition[] (optional) (readonly)
Default:No transition rules

NoncurrentVersionTransition (interface)

class @aws-cdk/aws-s3.NoncurrentVersionTransition

Language-specific names:

using Amazon.CDK.AWS.S3;
import software.amazon.awscdk.services.s3.NoncurrentVersionTransition;
// NoncurrentVersionTransition is an interface
import { NoncurrentVersionTransition } from '@aws-cdk/aws-s3';

Describes when noncurrent versions transition to a specified storage class.

storageClass

The storage class to which you want the object to transition.

Type:StorageClass (readonly)
transitionInDays

Indicates the number of days after creation when objects are transitioned to the specified storage class.

Type:number (readonly)
Default:No transition count.

NotificationKeyFilter (interface)

class @aws-cdk/aws-s3.NotificationKeyFilter

Language-specific names:

using Amazon.CDK.AWS.S3;
import software.amazon.awscdk.services.s3.NotificationKeyFilter;
// NotificationKeyFilter is an interface
import { NotificationKeyFilter } from '@aws-cdk/aws-s3';
prefix

S3 keys must have the specified prefix.

Type:string (optional) (readonly)
suffix

S3 keys must have the specified suffix.

Type:string (optional) (readonly)

StorageClass (enum)

class @aws-cdk/aws-s3.StorageClass

Language-specific names:

using Amazon.CDK.AWS.S3;
import software.amazon.awscdk.services.s3.StorageClass;
const { StorageClass } = require('@aws-cdk/aws-s3');
import { StorageClass } from '@aws-cdk/aws-s3';

Storage class to move an object to

InfrequentAccess

Storage class for data that is accessed less frequently, but requires rapid access when needed.

Has lower availability than Standard storage.

OneZoneInfrequentAccess

Infrequent Access that’s only stored in one availability zone.

Has lower availability than standard InfrequentAccess.

Glacier

Storage class for long-term archival that can take between minutes and hours to access.

Transition (interface)

class @aws-cdk/aws-s3.Transition

Language-specific names:

using Amazon.CDK.AWS.S3;
import software.amazon.awscdk.services.s3.Transition;
// Transition is an interface
import { Transition } from '@aws-cdk/aws-s3';

Describes when an object transitions to a specified storage class.

storageClass

The storage class to which you want the object to transition.

Type:StorageClass (readonly)
transitionDate

Indicates when objects are transitioned to the specified storage class.

The date value must be in ISO 8601 format. The time is always midnight UTC.

Type:date (optional) (readonly)
Default:No transition date.
transitionInDays

Indicates the number of days after creation when objects are transitioned to the specified storage class.

Type:number (optional) (readonly)
Default:No transition count.