BucketProps

class aws_cdk.aws_s3.BucketProps(*, access_control=None, auto_delete_objects=None, block_public_access=None, bucket_key_enabled=None, bucket_name=None, cors=None, encryption=None, encryption_key=None, enforce_ssl=None, inventories=None, lifecycle_rules=None, metrics=None, object_ownership=None, public_read_access=None, removal_policy=None, server_access_logs_bucket=None, server_access_logs_prefix=None, versioned=None, website_error_document=None, website_index_document=None, website_redirect=None, website_routing_rules=None)

Bases: object

Parameters

  • access_control (Optional[BucketAccessControl]) – Specifies a canned ACL that grants predefined permissions to the bucket. Default: BucketAccessControl.PRIVATE

  • auto_delete_objects (Optional[bool]) – Whether all objects should be automatically deleted when the bucket is removed from the stack or when the stack is deleted. Requires the removalPolicy to be set to RemovalPolicy.DESTROY. Default: false

  • block_public_access (Optional[BlockPublicAccess]) – The block public access configuration of this bucket. Default: - CloudFormation defaults will apply. New buckets and objects don’t allow public access, but users can modify bucket policies or object permissions to allow public access

  • bucket_key_enabled (Optional[bool]) – Specifies whether Amazon S3 should use an S3 Bucket Key with server-side encryption using KMS (SSE-KMS) for new objects in the bucket. Only relevant, when Encryption is set to {@link BucketEncryption.KMS} Default: - false

  • bucket_name (Optional[str]) – Physical name of this bucket. Default: - Assigned by CloudFormation (recommended).

  • cors (Optional[Sequence[CorsRule]]) – The CORS configuration of this bucket. Default: - No CORS configuration.

  • encryption (Optional[BucketEncryption]) – The kind of server-side encryption to apply to this bucket. If you choose KMS, you can specify a KMS key via encryptionKey. If encryption key is not specified, a key will automatically be created. Default: - Kms if encryptionKey is specified, or Unencrypted otherwise.

  • encryption_key (Optional[IKey]) – External KMS key to use for bucket encryption. The ‘encryption’ property must be either not specified or set to “Kms”. An error will be emitted if encryption is set to “Unencrypted” or “Managed”. Default: - If encryption is set to “Kms” and this property is undefined, a new KMS key will be created and associated with this bucket.

  • enforce_ssl (Optional[bool]) – Enforces SSL for requests. S3.5 of the AWS Foundational Security Best Practices Regarding S3. Default: false

  • inventories (Optional[Sequence[Inventory]]) – The inventory configuration of the bucket. Default: - No inventory configuration

  • lifecycle_rules (Optional[Sequence[LifecycleRule]]) – Rules that define how Amazon S3 manages objects during their lifetime. Default: - No lifecycle rules.

  • metrics (Optional[Sequence[BucketMetrics]]) – The metrics configuration of this bucket. Default: - No metrics configuration.

  • object_ownership (Optional[ObjectOwnership]) – The objectOwnership of the bucket. Default: - No ObjectOwnership configuration, uploading account will own the object.

  • public_read_access (Optional[bool]) – Grants public read access to all objects in the bucket. Similar to calling bucket.grantPublicAccess() Default: false

  • removal_policy (Optional[RemovalPolicy]) – Policy to apply when the bucket is removed from this stack. Default: - The bucket will be orphaned.

  • server_access_logs_bucket (Optional[IBucket]) – Destination bucket for the server access logs. Default: - If “serverAccessLogsPrefix” undefined - access logs disabled, otherwise - log to current bucket.

  • server_access_logs_prefix (Optional[str]) – Optional log file prefix to use for the bucket’s access logs. If defined without “serverAccessLogsBucket”, enables access logs to current bucket with this prefix. Default: - No log file prefix

  • versioned (Optional[bool]) – Whether this bucket should have versioning turned on or not. Default: false

  • website_error_document (Optional[str]) – The name of the error document (e.g. “404.html”) for the website. websiteIndexDocument must also be set if this is set. Default: - No error document.

  • website_index_document (Optional[str]) – The name of the index document (e.g. “index.html”) for the website. Enables static website hosting for this bucket. Default: - No index document.

  • website_redirect (Optional[RedirectTarget]) – Specifies the redirect behavior of all requests to a website endpoint of a bucket. If you specify this property, you can’t specify “websiteIndexDocument”, “websiteErrorDocument” nor , “websiteRoutingRules”. Default: - No redirection.

  • website_routing_rules (Optional[Sequence[RoutingRule]]) – Rules that define when a redirect is applied and the redirect behavior. Default: - No redirection rules.

Attributes

access_control

Specifies a canned ACL that grants predefined permissions to the bucket.

Default

BucketAccessControl.PRIVATE

Return type

Optional[BucketAccessControl]

auto_delete_objects

Whether all objects should be automatically deleted when the bucket is removed from the stack or when the stack is deleted.

Requires the removalPolicy to be set to RemovalPolicy.DESTROY.

Default

false

Return type

Optional[bool]

block_public_access

The block public access configuration of this bucket.

Default

  • CloudFormation defaults will apply. New buckets and objects don’t allow public access, but users can modify bucket policies or object permissions to allow public access

See

https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html

Return type

Optional[BlockPublicAccess]

bucket_key_enabled

Specifies whether Amazon S3 should use an S3 Bucket Key with server-side encryption using KMS (SSE-KMS) for new objects in the bucket.

Only relevant, when Encryption is set to {@link BucketEncryption.KMS}

Default

  • false

Return type

Optional[bool]

bucket_name

Physical name of this bucket.

Default

  • Assigned by CloudFormation (recommended).

Return type

Optional[str]

cors

The CORS configuration of this bucket.

Default

  • No CORS configuration.

See

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-cors.html

Return type

Optional[List[CorsRule]]

encryption

The kind of server-side encryption to apply to this bucket.

If you choose KMS, you can specify a KMS key via encryptionKey. If encryption key is not specified, a key will automatically be created.

Default

  • Kms if encryptionKey is specified, or Unencrypted otherwise.

Return type

Optional[BucketEncryption]

encryption_key

External KMS key to use for bucket encryption.

The ‘encryption’ property must be either not specified or set to “Kms”. An error will be emitted if encryption is set to “Unencrypted” or “Managed”.

Default

  • If encryption is set to “Kms” and this property is undefined,

a new KMS key will be created and associated with this bucket.

Return type

Optional[IKey]

enforce_ssl

Enforces SSL for requests.

S3.5 of the AWS Foundational Security Best Practices Regarding S3.

Default

false

See

https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-ssl-requests-only.html

Return type

Optional[bool]

inventories

The inventory configuration of the bucket.

Default

  • No inventory configuration

See

https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-inventory.html

Return type

Optional[List[Inventory]]

lifecycle_rules

Rules that define how Amazon S3 manages objects during their lifetime.

Default

  • No lifecycle rules.

Return type

Optional[List[LifecycleRule]]

metrics

The metrics configuration of this bucket.

Default

  • No metrics configuration.

See

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-metricsconfiguration.html

Return type

Optional[List[BucketMetrics]]

object_ownership

The objectOwnership of the bucket.

Default

  • No ObjectOwnership configuration, uploading account will own the object.

See

https://docs.aws.amazon.com/AmazonS3/latest/dev/about-object-ownership.html

Return type

Optional[ObjectOwnership]

public_read_access

Grants public read access to all objects in the bucket.

Similar to calling bucket.grantPublicAccess()

Default

false

Return type

Optional[bool]

removal_policy

Policy to apply when the bucket is removed from this stack.

Default

  • The bucket will be orphaned.

Return type

Optional[RemovalPolicy]

server_access_logs_bucket

Destination bucket for the server access logs.

Default

  • If “serverAccessLogsPrefix” undefined - access logs disabled, otherwise - log to current bucket.

Return type

Optional[IBucket]

server_access_logs_prefix

Optional log file prefix to use for the bucket’s access logs.

If defined without “serverAccessLogsBucket”, enables access logs to current bucket with this prefix.

Default

  • No log file prefix

Return type

Optional[str]

versioned

Whether this bucket should have versioning turned on or not.

Default

false

Return type

Optional[bool]

website_error_document

The name of the error document (e.g. “404.html”) for the website. websiteIndexDocument must also be set if this is set.

Default

  • No error document.

Return type

Optional[str]

website_index_document

The name of the index document (e.g. “index.html”) for the website. Enables static website hosting for this bucket.

Default

  • No index document.

Return type

Optional[str]

website_redirect

Specifies the redirect behavior of all requests to a website endpoint of a bucket.

If you specify this property, you can’t specify “websiteIndexDocument”, “websiteErrorDocument” nor , “websiteRoutingRules”.

Default

  • No redirection.

Return type

Optional[RedirectTarget]

website_routing_rules

Rules that define when a redirect is applied and the redirect behavior.

Default

  • No redirection rules.

Return type

Optional[List[RoutingRule]]