BucketProps¶
-
class
aws_cdk.aws_s3.
BucketProps
(*, access_control=None, auto_delete_objects=None, block_public_access=None, bucket_key_enabled=None, bucket_name=None, cors=None, encryption=None, encryption_key=None, enforce_ssl=None, inventories=None, lifecycle_rules=None, metrics=None, object_ownership=None, public_read_access=None, removal_policy=None, server_access_logs_bucket=None, server_access_logs_prefix=None, versioned=None, website_error_document=None, website_index_document=None, website_redirect=None, website_routing_rules=None)¶ Bases:
object
- Parameters
access_control (
Optional
[BucketAccessControl
]) – Specifies a canned ACL that grants predefined permissions to the bucket. Default: BucketAccessControl.PRIVATEauto_delete_objects (
Optional
[bool
]) – Whether all objects should be automatically deleted when the bucket is removed from the stack or when the stack is deleted. Requires theremovalPolicy
to be set toRemovalPolicy.DESTROY
. Default: falseblock_public_access (
Optional
[BlockPublicAccess
]) – The block public access configuration of this bucket. Default: - CloudFormation defaults will apply. New buckets and objects don’t allow public access, but users can modify bucket policies or object permissions to allow public accessbucket_key_enabled (
Optional
[bool
]) – Specifies whether Amazon S3 should use an S3 Bucket Key with server-side encryption using KMS (SSE-KMS) for new objects in the bucket. Only relevant, when Encryption is set to {@link BucketEncryption.KMS} Default: - falsebucket_name (
Optional
[str
]) – Physical name of this bucket. Default: - Assigned by CloudFormation (recommended).cors (
Optional
[Sequence
[CorsRule
]]) – The CORS configuration of this bucket. Default: - No CORS configuration.encryption (
Optional
[BucketEncryption
]) – The kind of server-side encryption to apply to this bucket. If you choose KMS, you can specify a KMS key viaencryptionKey
. If encryption key is not specified, a key will automatically be created. Default: -Kms
ifencryptionKey
is specified, orUnencrypted
otherwise.encryption_key (
Optional
[IKey
]) – External KMS key to use for bucket encryption. The ‘encryption’ property must be either not specified or set to “Kms”. An error will be emitted if encryption is set to “Unencrypted” or “Managed”. Default: - If encryption is set to “Kms” and this property is undefined, a new KMS key will be created and associated with this bucket.enforce_ssl (
Optional
[bool
]) – Enforces SSL for requests. S3.5 of the AWS Foundational Security Best Practices Regarding S3. Default: falseinventories (
Optional
[Sequence
[Inventory
]]) – The inventory configuration of the bucket. Default: - No inventory configurationlifecycle_rules (
Optional
[Sequence
[LifecycleRule
]]) – Rules that define how Amazon S3 manages objects during their lifetime. Default: - No lifecycle rules.metrics (
Optional
[Sequence
[BucketMetrics
]]) – The metrics configuration of this bucket. Default: - No metrics configuration.object_ownership (
Optional
[ObjectOwnership
]) – The objectOwnership of the bucket. Default: - No ObjectOwnership configuration, uploading account will own the object.public_read_access (
Optional
[bool
]) – Grants public read access to all objects in the bucket. Similar to callingbucket.grantPublicAccess()
Default: falseremoval_policy (
Optional
[RemovalPolicy
]) – Policy to apply when the bucket is removed from this stack. Default: - The bucket will be orphaned.server_access_logs_bucket (
Optional
[IBucket
]) – Destination bucket for the server access logs. Default: - If “serverAccessLogsPrefix” undefined - access logs disabled, otherwise - log to current bucket.server_access_logs_prefix (
Optional
[str
]) – Optional log file prefix to use for the bucket’s access logs. If defined without “serverAccessLogsBucket”, enables access logs to current bucket with this prefix. Default: - No log file prefixversioned (
Optional
[bool
]) – Whether this bucket should have versioning turned on or not. Default: falsewebsite_error_document (
Optional
[str
]) – The name of the error document (e.g. “404.html”) for the website.websiteIndexDocument
must also be set if this is set. Default: - No error document.website_index_document (
Optional
[str
]) – The name of the index document (e.g. “index.html”) for the website. Enables static website hosting for this bucket. Default: - No index document.website_redirect (
Optional
[RedirectTarget
]) – Specifies the redirect behavior of all requests to a website endpoint of a bucket. If you specify this property, you can’t specify “websiteIndexDocument”, “websiteErrorDocument” nor , “websiteRoutingRules”. Default: - No redirection.website_routing_rules (
Optional
[Sequence
[RoutingRule
]]) – Rules that define when a redirect is applied and the redirect behavior. Default: - No redirection rules.
Attributes
-
access_control
¶ Specifies a canned ACL that grants predefined permissions to the bucket.
- Default
BucketAccessControl.PRIVATE
- Return type
Optional
[BucketAccessControl
]
-
auto_delete_objects
¶ Whether all objects should be automatically deleted when the bucket is removed from the stack or when the stack is deleted.
Requires the
removalPolicy
to be set toRemovalPolicy.DESTROY
.- Default
false
- Return type
Optional
[bool
]
-
block_public_access
¶ The block public access configuration of this bucket.
- Default
CloudFormation defaults will apply. New buckets and objects don’t allow public access, but users can modify bucket policies or object permissions to allow public access
- See
https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html
- Return type
Optional
[BlockPublicAccess
]
-
bucket_key_enabled
¶ Specifies whether Amazon S3 should use an S3 Bucket Key with server-side encryption using KMS (SSE-KMS) for new objects in the bucket.
Only relevant, when Encryption is set to {@link BucketEncryption.KMS}
- Default
false
- Return type
Optional
[bool
]
-
bucket_name
¶ Physical name of this bucket.
- Default
Assigned by CloudFormation (recommended).
- Return type
Optional
[str
]
-
cors
¶ The CORS configuration of this bucket.
- Default
No CORS configuration.
- See
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-cors.html
- Return type
Optional
[List
[CorsRule
]]
-
encryption
¶ The kind of server-side encryption to apply to this bucket.
If you choose KMS, you can specify a KMS key via
encryptionKey
. If encryption key is not specified, a key will automatically be created.- Default
Kms
ifencryptionKey
is specified, orUnencrypted
otherwise.
- Return type
Optional
[BucketEncryption
]
-
encryption_key
¶ External KMS key to use for bucket encryption.
The ‘encryption’ property must be either not specified or set to “Kms”. An error will be emitted if encryption is set to “Unencrypted” or “Managed”.
- Default
If encryption is set to “Kms” and this property is undefined,
a new KMS key will be created and associated with this bucket.
- Return type
Optional
[IKey
]
-
enforce_ssl
¶ Enforces SSL for requests.
S3.5 of the AWS Foundational Security Best Practices Regarding S3.
- Default
false
- See
https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-ssl-requests-only.html
- Return type
Optional
[bool
]
-
inventories
¶ The inventory configuration of the bucket.
- Default
No inventory configuration
- See
https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-inventory.html
- Return type
Optional
[List
[Inventory
]]
-
lifecycle_rules
¶ Rules that define how Amazon S3 manages objects during their lifetime.
- Default
No lifecycle rules.
- Return type
Optional
[List
[LifecycleRule
]]
-
metrics
¶ The metrics configuration of this bucket.
- Default
No metrics configuration.
- See
- Return type
Optional
[List
[BucketMetrics
]]
-
object_ownership
¶ The objectOwnership of the bucket.
- Default
No ObjectOwnership configuration, uploading account will own the object.
- See
https://docs.aws.amazon.com/AmazonS3/latest/dev/about-object-ownership.html
- Return type
Optional
[ObjectOwnership
]
-
public_read_access
¶ Grants public read access to all objects in the bucket.
Similar to calling
bucket.grantPublicAccess()
- Default
false
- Return type
Optional
[bool
]
-
removal_policy
¶ Policy to apply when the bucket is removed from this stack.
- Default
The bucket will be orphaned.
- Return type
Optional
[RemovalPolicy
]
-
server_access_logs_bucket
¶ Destination bucket for the server access logs.
- Default
If “serverAccessLogsPrefix” undefined - access logs disabled, otherwise - log to current bucket.
- Return type
Optional
[IBucket
]
-
server_access_logs_prefix
¶ Optional log file prefix to use for the bucket’s access logs.
If defined without “serverAccessLogsBucket”, enables access logs to current bucket with this prefix.
- Default
No log file prefix
- Return type
Optional
[str
]
-
versioned
¶ Whether this bucket should have versioning turned on or not.
- Default
false
- Return type
Optional
[bool
]
-
website_error_document
¶ The name of the error document (e.g. “404.html”) for the website.
websiteIndexDocument
must also be set if this is set.- Default
No error document.
- Return type
Optional
[str
]
-
website_index_document
¶ The name of the index document (e.g. “index.html”) for the website. Enables static website hosting for this bucket.
- Default
No index document.
- Return type
Optional
[str
]
-
website_redirect
¶ Specifies the redirect behavior of all requests to a website endpoint of a bucket.
If you specify this property, you can’t specify “websiteIndexDocument”, “websiteErrorDocument” nor , “websiteRoutingRules”.
- Default
No redirection.
- Return type
Optional
[RedirectTarget
]
-
website_routing_rules
¶ Rules that define when a redirect is applied and the redirect behavior.
- Default
No redirection rules.
- Return type
Optional
[List
[RoutingRule
]]