BucketAccessControl

class aws_cdk.aws_s3.BucketAccessControl(value)

Bases: Enum

Default bucket access control types.

See

https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html

ExampleMetadata

infused

Example:

website_bucket = s3.Bucket(self, "WebsiteBucket",
    website_index_document="index.html",
    public_read_access=True
)

s3deploy.BucketDeployment(self, "DeployWebsite",
    sources=[s3deploy.Source.asset("./website-dist")],
    destination_bucket=website_bucket,
    destination_key_prefix="web/static",  # optional prefix in destination bucket
    metadata=s3deploy.UserDefinedObjectMetadata(A="1", b="2"),  # user-defined metadata

    # system-defined metadata
    content_type="text/html",
    content_language="en",
    storage_class=s3deploy.StorageClass.INTELLIGENT_TIERING,
    server_side_encryption=s3deploy.ServerSideEncryption.AES_256,
    cache_control=[
        s3deploy.CacheControl.set_public(),
        s3deploy.CacheControl.max_age(Duration.hours(1))
    ],
    access_control=s3.BucketAccessControl.BUCKET_OWNER_FULL_CONTROL
)

Attributes

AUTHENTICATED_READ

Owner gets FULL_CONTROL.

The AuthenticatedUsers group gets READ access.

AWS_EXEC_READ

Owner gets FULL_CONTROL.

Amazon EC2 gets READ access to GET an Amazon Machine Image (AMI) bundle from Amazon S3.

BUCKET_OWNER_FULL_CONTROL

Both the object owner and the bucket owner get FULL_CONTROL over the object.

If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.

BUCKET_OWNER_READ

Object owner gets FULL_CONTROL.

Bucket owner gets READ access. If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.

LOG_DELIVERY_WRITE

The LogDelivery group gets WRITE and READ_ACP permissions on the bucket.

See

https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerLogs.html

PRIVATE

Owner gets FULL_CONTROL.

No one else has access rights.

PUBLIC_READ

Owner gets FULL_CONTROL.

The AllUsers group gets READ access.

PUBLIC_READ_WRITE

Owner gets FULL_CONTROL.

The AllUsers group gets READ and WRITE access. Granting this on a bucket is generally not recommended.