Interface ICfnBucketPolicyProps

Properties for defining a CfnBucketPolicy.

Namespace: Amazon.CDK.AWS.S3

Assembly: Amazon.CDK.Lib.dll

Syntax (csharp)

public interface ICfnBucketPolicyProps

Syntax (vb)

Public Interface ICfnBucketPolicyProps

Remarks

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-bucketpolicy.html

ExampleMetadata: infused

Examples

var bucketName = "amzn-s3-demo-bucket";
             var accessLogsBucket = new Bucket(this, "AccessLogsBucket", new BucketProps {
                 ObjectOwnership = ObjectOwnership.BUCKET_OWNER_ENFORCED,
                 BucketName = bucketName
             });

             // Creating a bucket policy using L1
             var bucketPolicy = new CfnBucketPolicy(this, "BucketPolicy", new CfnBucketPolicyProps {
                 Bucket = bucketName,
                 PolicyDocument = new Dictionary<string, object> {
                     { "Statement", new [] { new Struct {
                         Action = "s3:*",
                         Effect = "Deny",
                         Principal = new Struct {
                             AWS = "*"
                         },
                         Resource = new [] { accessLogsBucket.BucketArn, $"{accessLogsBucket.bucketArn}/*" }
                     } } },
                     { "Version", "2012-10-17" }
                 }
             });

             // 'serverAccessLogsBucket' will create a new L2 bucket policy
             // to allow log delivery and overwrite the L1 bucket policy.
             var bucket = new Bucket(this, "MyBucket", new BucketProps {
                 ServerAccessLogsBucket = accessLogsBucket,
                 ServerAccessLogsPrefix = "logs"
             });

Synopsis

Properties

Bucket	The name of the Amazon S3 bucket to which the policy applies.
PolicyDocument	A policy document containing permissions to add to the specified bucket.

Properties

Bucket

The name of the Amazon S3 bucket to which the policy applies.

string Bucket { get; }

Property Value

string

Remarks

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-bucketpolicy.html#cfn-s3-bucketpolicy-bucket

PolicyDocument

A policy document containing permissions to add to the specified bucket.

object PolicyDocument { get; }

Property Value

object

Remarks

In IAM, you must provide policy documents in JSON format. However, in CloudFormation you can provide the policy in JSON or YAML format because CloudFormation converts YAML to JSON before submitting it to IAM. For more information, see the AWS::IAM::Policy PolicyDocument resource description in this guide and Access Policy Language Overview in the Amazon S3 User Guide .

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-bucketpolicy.html#cfn-s3-bucketpolicy-policydocument