Class BucketProps
Inheritance
Implements
Namespace: Amazon.CDK.AWS.S3
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public class BucketProps : Object, IBucketProps
Syntax (vb)
Public Class BucketProps
Inherits Object
Implements IBucketProps
Remarks
ExampleMetadata: infused
Examples
var accessLogsBucket = new Bucket(this, "AccessLogsBucket", new BucketProps {
ObjectOwnership = ObjectOwnership.BUCKET_OWNER_ENFORCED
});
accessLogsBucket.AddToResourcePolicy(
new PolicyStatement(new PolicyStatementProps {
Actions = new [] { "s3:*" },
Resources = new [] { accessLogsBucket.BucketArn, accessLogsBucket.ArnForObjects("*") },
Principals = new [] { new AnyPrincipal() }
}));
var bucket = new Bucket(this, "MyBucket", new BucketProps {
ServerAccessLogsBucket = accessLogsBucket,
ServerAccessLogsPrefix = "logs"
});
Synopsis
Constructors
BucketProps() |
Properties
AccessControl | Specifies a canned ACL that grants predefined permissions to the bucket. |
AutoDeleteObjects | Whether all objects should be automatically deleted when the bucket is removed from the stack or when the stack is deleted. |
BlockPublicAccess | The block public access configuration of this bucket. |
BucketKeyEnabled | Whether Amazon S3 should use its own intermediary key to generate data keys. |
BucketName | Physical name of this bucket. |
Cors | The CORS configuration of this bucket. |
Encryption | The kind of server-side encryption to apply to this bucket. |
EncryptionKey | External KMS key to use for bucket encryption. |
EnforceSSL | Enforces SSL for requests. |
EventBridgeEnabled | Whether this bucket should send notifications to Amazon EventBridge or not. |
IntelligentTieringConfigurations | Inteligent Tiering Configurations. |
Inventories | The inventory configuration of the bucket. |
LifecycleRules | Rules that define how Amazon S3 manages objects during their lifetime. |
Metrics | The metrics configuration of this bucket. |
MinimumTLSVersion | Enforces minimum TLS version for requests. |
NotificationsHandlerRole | The role to be used by the notifications handler. |
NotificationsSkipDestinationValidation | Skips notification validation of Amazon SQS, Amazon SNS, and Lambda destinations. |
ObjectLockDefaultRetention | The default retention mode and rules for S3 Object Lock. |
ObjectLockEnabled | Enable object lock on the bucket. |
ObjectOwnership | The objectOwnership of the bucket. |
PublicReadAccess | Grants public read access to all objects in the bucket. |
RemovalPolicy | Policy to apply when the bucket is removed from this stack. |
ServerAccessLogsBucket | Destination bucket for the server access logs. |
ServerAccessLogsPrefix | Optional log file prefix to use for the bucket's access logs. |
TargetObjectKeyFormat | Optional key format for log objects. |
TransferAcceleration | Whether this bucket should have transfer acceleration turned on or not. |
TransitionDefaultMinimumObjectSize | Indicates which default minimum object size behavior is applied to the lifecycle configuration. |
Versioned | Whether this bucket should have versioning turned on or not. |
WebsiteErrorDocument | The name of the error document (e.g. "404.html") for the website. |
WebsiteIndexDocument | The name of the index document (e.g. "index.html") for the website. Enables static website hosting for this bucket. |
WebsiteRedirect | Specifies the redirect behavior of all requests to a website endpoint of a bucket. |
WebsiteRoutingRules | Rules that define when a redirect is applied and the redirect behavior. |
Constructors
BucketProps()
public BucketProps()
Properties
AccessControl
Specifies a canned ACL that grants predefined permissions to the bucket.
public Nullable<BucketAccessControl> AccessControl { get; set; }
Property Value
System.Nullable<BucketAccessControl>
Remarks
Default: BucketAccessControl.PRIVATE
AutoDeleteObjects
Whether all objects should be automatically deleted when the bucket is removed from the stack or when the stack is deleted.
public Nullable<bool> AutoDeleteObjects { get; set; }
Property Value
System.Nullable<System.Boolean>
Remarks
Requires the removalPolicy
to be set to RemovalPolicy.DESTROY
.
Warning if you have deployed a bucket with autoDeleteObjects: true
,
switching this to false
in a CDK version before 1.126.0
will lead to
all objects in the bucket being deleted. Be sure to update your bucket resources
by deploying with CDK version 1.126.0
or later before switching this value to false
.
Setting autoDeleteObjects
to true on a bucket will add s3:PutBucketPolicy
to the
bucket policy. This is because during bucket deletion, the custom resource provider
needs to update the bucket policy by adding a deny policy for s3:PutObject
to
prevent race conditions with external bucket writers.
Default: false
BlockPublicAccess
The block public access configuration of this bucket.
public BlockPublicAccess BlockPublicAccess { get; set; }
Property Value
Remarks
Default: - CloudFormation defaults will apply. New buckets and objects don't allow public access, but users can modify bucket policies or object permissions to allow public access
See: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html
BucketKeyEnabled
Whether Amazon S3 should use its own intermediary key to generate data keys.
public Nullable<bool> BucketKeyEnabled { get; set; }
Property Value
System.Nullable<System.Boolean>
Remarks
Only relevant when using KMS for encryption.
Only relevant, when Encryption is not set to BucketEncryption.UNENCRYPTED
.
Default: - false
BucketName
Physical name of this bucket.
public string BucketName { get; set; }
Property Value
System.String
Remarks
Default: - Assigned by CloudFormation (recommended).
Cors
The CORS configuration of this bucket.
public ICorsRule[] Cors { get; set; }
Property Value
Remarks
Default: - No CORS configuration.
See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-cors.html
Encryption
The kind of server-side encryption to apply to this bucket.
public Nullable<BucketEncryption> Encryption { get; set; }
Property Value
System.Nullable<BucketEncryption>
Remarks
If you choose KMS, you can specify a KMS key via encryptionKey
. If
encryption key is not specified, a key will automatically be created.
Default: - KMS
if encryptionKey
is specified, or UNENCRYPTED
otherwise.
But if UNENCRYPTED
is specified, the bucket will be encrypted as S3_MANAGED
automatically.
EncryptionKey
External KMS key to use for bucket encryption.
public IKey EncryptionKey { get; set; }
Property Value
Remarks
The encryption
property must be either not specified or set to KMS
or DSSE
.
An error will be emitted if encryption
is set to UNENCRYPTED
or S3_MANAGED
.
Default: - If encryption
is set to KMS
and this property is undefined,
a new KMS key will be created and associated with this bucket.
EnforceSSL
Enforces SSL for requests.
public Nullable<bool> EnforceSSL { get; set; }
Property Value
System.Nullable<System.Boolean>
Remarks
S3.5 of the AWS Foundational Security Best Practices Regarding S3.
Default: false
See: https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-ssl-requests-only.html
EventBridgeEnabled
Whether this bucket should send notifications to Amazon EventBridge or not.
public Nullable<bool> EventBridgeEnabled { get; set; }
Property Value
System.Nullable<System.Boolean>
Remarks
Default: false
IntelligentTieringConfigurations
Inteligent Tiering Configurations.
public IIntelligentTieringConfiguration[] IntelligentTieringConfigurations { get; set; }
Property Value
IIntelligentTieringConfiguration[]
Remarks
Default: No Intelligent Tiiering Configurations.
See: https://docs.aws.amazon.com/AmazonS3/latest/userguide/intelligent-tiering.html
Inventories
The inventory configuration of the bucket.
public IInventory[] Inventories { get; set; }
Property Value
Remarks
Default: - No inventory configuration
See: https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-inventory.html
LifecycleRules
Rules that define how Amazon S3 manages objects during their lifetime.
public ILifecycleRule[] LifecycleRules { get; set; }
Property Value
Remarks
Default: - No lifecycle rules.
Metrics
The metrics configuration of this bucket.
public IBucketMetrics[] Metrics { get; set; }
Property Value
Remarks
Default: - No metrics configuration.
MinimumTLSVersion
Enforces minimum TLS version for requests.
public Nullable<double> MinimumTLSVersion { get; set; }
Property Value
System.Nullable<System.Double>
Remarks
Requires enforceSSL
to be enabled.
Default: No minimum TLS version is enforced.
NotificationsHandlerRole
The role to be used by the notifications handler.
public IRole NotificationsHandlerRole { get; set; }
Property Value
Remarks
Default: - a new role will be created.
NotificationsSkipDestinationValidation
Skips notification validation of Amazon SQS, Amazon SNS, and Lambda destinations.
public Nullable<bool> NotificationsSkipDestinationValidation { get; set; }
Property Value
System.Nullable<System.Boolean>
Remarks
Default: false
ObjectLockDefaultRetention
The default retention mode and rules for S3 Object Lock.
public ObjectLockRetention ObjectLockDefaultRetention { get; set; }
Property Value
Remarks
Default retention can be configured after a bucket is created if the bucket already has object lock enabled. Enabling object lock for existing buckets is not supported.
Default: no default retention period
ObjectLockEnabled
Enable object lock on the bucket.
public Nullable<bool> ObjectLockEnabled { get; set; }
Property Value
System.Nullable<System.Boolean>
Remarks
Enabling object lock for existing buckets is not supported. Object lock must be enabled when the bucket is created.
Default: false, unless objectLockDefaultRetention is set (then, true)
ObjectOwnership
The objectOwnership of the bucket.
public Nullable<ObjectOwnership> ObjectOwnership { get; set; }
Property Value
System.Nullable<ObjectOwnership>
Remarks
Default: - No ObjectOwnership configuration. By default, Amazon S3 sets Object Ownership to Bucket owner enforced
.
This means ACLs are disabled and the bucket owner will own every object.
See: https://docs.aws.amazon.com/AmazonS3/latest/dev/about-object-ownership.html
PublicReadAccess
Grants public read access to all objects in the bucket.
public Nullable<bool> PublicReadAccess { get; set; }
Property Value
System.Nullable<System.Boolean>
Remarks
Similar to calling bucket.grantPublicAccess()
Default: false
RemovalPolicy
Policy to apply when the bucket is removed from this stack.
public Nullable<RemovalPolicy> RemovalPolicy { get; set; }
Property Value
System.Nullable<RemovalPolicy>
Remarks
Default: - The bucket will be orphaned.
ServerAccessLogsBucket
Destination bucket for the server access logs.
public IBucket ServerAccessLogsBucket { get; set; }
Property Value
Remarks
Default: - If "serverAccessLogsPrefix" undefined - access logs disabled, otherwise - log to current bucket.
ServerAccessLogsPrefix
Optional log file prefix to use for the bucket's access logs.
public string ServerAccessLogsPrefix { get; set; }
Property Value
System.String
Remarks
If defined without "serverAccessLogsBucket", enables access logs to current bucket with this prefix.
Default: - No log file prefix
TargetObjectKeyFormat
Optional key format for log objects.
public TargetObjectKeyFormat TargetObjectKeyFormat { get; set; }
Property Value
Remarks
Default: - the default key format is: [DestinationPrefix][YYYY]-[MM]-[DD]-[hh]-[mm]-[ss]-[UniqueString]
TransferAcceleration
Whether this bucket should have transfer acceleration turned on or not.
public Nullable<bool> TransferAcceleration { get; set; }
Property Value
System.Nullable<System.Boolean>
Remarks
Default: false
TransitionDefaultMinimumObjectSize
Indicates which default minimum object size behavior is applied to the lifecycle configuration.
public Nullable<TransitionDefaultMinimumObjectSize> TransitionDefaultMinimumObjectSize { get; set; }
Property Value
System.Nullable<TransitionDefaultMinimumObjectSize>
Remarks
To customize the minimum object size for any transition you can add a filter that specifies a custom
objectSizeGreaterThan
or objectSizeLessThan
for lifecycleRules
property. Custom filters always
take precedence over the default transition behavior.
Default: - TransitionDefaultMinimumObjectSize.VARIES_BY_STORAGE_CLASS before September 2024, otherwise TransitionDefaultMinimumObjectSize.ALL_STORAGE_CLASSES_128_K.
Versioned
Whether this bucket should have versioning turned on or not.
public Nullable<bool> Versioned { get; set; }
Property Value
System.Nullable<System.Boolean>
Remarks
Default: false (unless object lock is enabled, then true)
WebsiteErrorDocument
The name of the error document (e.g. "404.html") for the website. websiteIndexDocument
must also be set if this is set.
public string WebsiteErrorDocument { get; set; }
Property Value
System.String
Remarks
Default: - No error document.
WebsiteIndexDocument
The name of the index document (e.g. "index.html") for the website. Enables static website hosting for this bucket.
public string WebsiteIndexDocument { get; set; }
Property Value
System.String
Remarks
Default: - No index document.
WebsiteRedirect
Specifies the redirect behavior of all requests to a website endpoint of a bucket.
public IRedirectTarget WebsiteRedirect { get; set; }
Property Value
Remarks
If you specify this property, you can't specify "websiteIndexDocument", "websiteErrorDocument" nor , "websiteRoutingRules".
Default: - No redirection.
WebsiteRoutingRules
Rules that define when a redirect is applied and the redirect behavior.
public IRoutingRule[] WebsiteRoutingRules { get; set; }
Property Value
Remarks
Default: - No redirection rules.