GlobalConfig / LoggingConfig / AssetBucketConfig

Accelerator global S3 asset bucket configuration

Example

assetBucket:
s3ResourcePolicyAttachments:
- policy: s3-policies/policy1.json
importedBucket:
name: aws-accelerator-assets
applyAcceleratorManagedBucketPolicy: true

Hierarchy

  • AssetBucketConfig

Implements

Constructors

Properties

customPolicyOverrides: undefined | CustomS3ResourceAndKmsPolicyOverridesConfig = undefined

Custom policy overrides configuration.

Remarks

Use this configuration to provide JSON string policy file for bucket resource policy. Bucket resource policy will be over written by content of this file, so when using these option policy files must contain complete policy document. When customPolicyOverrides.s3Policy defined importedBucket.applyAcceleratorManagedBucketPolicy can not be set to true also s3ResourcePolicyAttachments property can not be defined.

Use the following configuration to apply custom bucket resource policy overrides through policy JSON file.

customPolicyOverrides:
s3Policy: path/to/policy.json
kmsPolicy: kms/full-central-logs-bucket-key-policy.json

Default

undefined

importedBucket: undefined | ImportedCustomerManagedEncryptionKeyBucketConfig = undefined

Imported bucket configuration.

Remarks

Use this configuration when accelerator will import existing Assets bucket.

Use the following configuration to imported Assets bucket, manage bucket resource policy and apply bucket encryption through the solution.

importedBucket:
name: aws-assets
applyAcceleratorManagedBucketPolicy: true
createAcceleratorManagedKey: true

Default

undefined

kmsResourcePolicyAttachments: undefined | {
    policy: string;
}[] = undefined

JSON policy files.

Remarks

Policy statements from these files will be added to the bucket encryption key policy. This property can not be used when customPolicyOverrides.kmsPolicy property has value. When imported CentralLogs bucket used with createAcceleratorManagedKey set to false, this property can not have any value.

s3ResourcePolicyAttachments: undefined | {
    policy: string;
}[] = undefined

JSON policy files.

Remarks

Policy statements from these files will be added to the bucket resource policy. This property can not be used when customPolicyOverrides.s3Policy property has value.

Note: When Block Public Access is enabled for S3 on the AWS account, you can't specify a policy that would make the S3 Bucket public.

Generated using TypeDoc