interface CfnBucketPolicyProps

Language	Type name
.NET	`Amazon.CDK.AWS.S3.CfnBucketPolicyProps`
Go	`github.com/aws/aws-cdk-go/awscdk/v2/awss3#CfnBucketPolicyProps`
Java	`software.amazon.awscdk.services.s3.CfnBucketPolicyProps`
Python	`aws_cdk.aws_s3.CfnBucketPolicyProps`
TypeScript	`aws-cdk-lib` » `aws_s3` » `CfnBucketPolicyProps`

Properties for defining a CfnBucketPolicy.

Example

const bucketName = "amzn-s3-demo-bucket";
const accessLogsBucket = new s3.Bucket(this, 'AccessLogsBucket', {
  objectOwnership: s3.ObjectOwnership.BUCKET_OWNER_ENFORCED,
  bucketName,
});

// Creating a bucket policy using L1
const bucketPolicy = new s3.CfnBucketPolicy(this, "BucketPolicy", {
  bucket: bucketName,
  policyDocument: {
    Statement: [
      {
        Action: 's3:*',
        Effect: 'Deny',
        Principal: {
          AWS: '*',
        },
        Resource: [
          accessLogsBucket.bucketArn,
          `${accessLogsBucket.bucketArn}/*`
        ],
      },
    ],
    Version: '2012-10-17',
  },
});

// 'serverAccessLogsBucket' will create a new L2 bucket policy
// to allow log delivery and overwrite the L1 bucket policy.
const bucket = new s3.Bucket(this, 'MyBucket', {
  serverAccessLogsBucket: accessLogsBucket,
  serverAccessLogsPrefix: 'logs',
});

Properties

Name	Type	Description
bucket	`string`	The name of the Amazon S3 bucket to which the policy applies.
policyDocument	`any`	A policy document containing permissions to add to the specified bucket.

bucket

Type: string

The name of the Amazon S3 bucket to which the policy applies.

policyDocument

Type: any

A policy document containing permissions to add to the specified bucket.

In IAM, you must provide policy documents in JSON format. However, in CloudFormation you can provide the policy in JSON or YAML format because CloudFormation converts YAML to JSON before submitting it to IAM. For more information, see the AWS::IAM::Policy PolicyDocument resource description in this guide and Access Policy Language Overview in the Amazon S3 User Guide .