Class AccessLogBucketConfig

GlobalConfig / LoggingConfig / AccessLogBucketConfig

Accelerator global S3 access logging configuration

Example

accessLogBucket:
  enable: true
  deploymentTargets:
    organizationalUnits:
      - Root
  s3ResourcePolicyAttachments:
    - policy: s3-policies/policy1.json
  lifecycleRules:
    - enabled: true
      id: AccessLifecycle-01
      abortIncompleteMultipartUpload: 14
      expiration: 3563
      expiredObjectDeleteMarker: false
      noncurrentVersionExpiration: 3653
      noncurrentVersionTransitions:
        - storageClass: GLACIER
          transitionAfter: 365
      transitions:
        - storageClass: GLACIER
          transitionAfter: 365
      prefix: PREFIX
    - enabled: true
      id: AccessLifecycle-02
      abortIncompleteMultipartUpload: 14
      expiredObjectDeleteMarker: true
      noncurrentVersionExpiration: 3653
      noncurrentVersionTransitions:
        - storageClass: GLACIER
          transitionAfter: 365
      transitions:
        - storageClass: GLACIER
          transitionAfter: 365
      prefix: PREFIX
  importedBucket:
    name: existing-access-log-bucket
    applyAcceleratorManagedBucketPolicy: true

Hierarchy

  • AccessLogBucketConfig

Implements

Constructors

constructor

Properties

customPolicyOverrides deploymentTargets enable importedBucket lifecycleRules s3ResourcePolicyAttachments

Constructors

constructor

Properties

Readonly customPolicyOverrides

customPolicyOverrides: undefined | CustomS3ResourcePolicyOverridesConfig = undefined

Custom policy overrides configuration.

Remarks

Use this configuration to provide JSON string policy file for bucket resource policy. Bucket resource policy will be over written by content of this file, so when using these option policy files must contain complete policy document. When customPolicyOverrides.s3Policy defined importedBucket.applyAcceleratorManagedBucketPolicy can not be set to true also s3ResourcePolicyAttachments property can not be defined.

Use the following configuration to apply custom bucket resource policy overrides through policy JSON file.

customPolicyOverrides:
  s3Policy: path/to/policy.json

Default

undefined

Readonly deploymentTargets

deploymentTargets: undefined | DeploymentTargets = undefined

To control target environments (AWS Account and Region) for the given accessLogBucket setting, you may optionally specify deployment targets. Leaving deploymentTargets undefined will apply useCMK setting to all accounts and enabled regions.

Readonly enable

enable: undefined | boolean = undefined

Flag indicating S3 access logging bucket is enable by solution.

Remarks

When this property is undefined solution will create S3 access log bucket. You can use deploymentTargets to control target accounts and regions for the given accessLogBucket configuration. In the solution, this property will be ignored and S3 Access log buckets will be created for the installer bucket, pipeline bucket, solution deployed CentralLogs bucket, and solution deployed Assets bucket, since these buckets always have server access logging enabled.

Readonly importedBucket

importedBucket: undefined | ImportedS3ManagedEncryptionKeyBucketConfig = undefined

Imported bucket configuration.

Remarks

Use this configuration when accelerator will import existing AccessLogs bucket.

Use the following configuration to imported AccessLogs bucket, manage bucket resource policy through solution.

importedBucket:
   name: existing-access-log-bucket
   applyAcceleratorManagedBucketPolicy: true

Default

undefined

Readonly lifecycleRules

lifecycleRules: undefined | LifeCycleRule[] = undefined

Declaration of (S3 Bucket) Lifecycle rules.

Readonly s3ResourcePolicyAttachments

s3ResourcePolicyAttachments: undefined | {
    policy: string;
}[] = undefined

JSON policy files.

Remarks

Policy statements from these files will be added to the bucket resource policy. This property can not be used when customPolicyOverrides.s3Policy property has value.

Note: When Block Public Access is enabled for S3 on the AWS account, you can't specify a policy that would make the S3 Bucket public.

Settings

Member Visibility

Theme

Generated using TypeDoc