BucketPolicyProps

class aws_cdk.aws_s3.BucketPolicyProps(*, bucket, document=None, removal_policy=None)

Bases: object

Parameters:

• bucket (IBucket) – The Amazon S3 bucket that the policy applies to.

• document (Optional[PolicyDocument]) – Policy document to apply to the bucket. Default: - A new empty PolicyDocument will be created.

• removal_policy (Optional[RemovalPolicy]) – Policy to apply when the policy is removed from this stack. Default: - RemovalPolicy.DESTROY.

ExampleMetadata:

infused

Example:

from aws_cdk.mixins_preview.with import
import aws_cdk.mixins_preview.aws_cloudfront.mixins as cloudfront_mixins

# Create CloudFront distribution
# bucket: s3.Bucket

distribution = cloudfront.Distribution(scope, "Distribution",
    default_behavior=cloudfront.BehaviorOptions(
        origin=origins.S3BucketOrigin.with_origin_access_control(bucket)
    )
)

# Create destination bucket
dest_bucket = s3.Bucket(scope, "DeliveryBucket")
# Add permissions to bucket to facilitate log delivery
bucket_policy = s3.BucketPolicy(scope, "DeliveryBucketPolicy",
    bucket=dest_bucket,
    document=iam.PolicyDocument()
)
# Create S3 delivery destination for logs
destination = logs.CfnDeliveryDestination(scope, "Destination",
    destination_resource_arn=dest_bucket.bucket_arn,
    name="unique-destination-name",
    delivery_destination_type="S3"
)

distribution.with(cloudfront_mixins.CfnDistributionLogsMixin.CONNECTION_LOGS.to_destination(destination))

Attributes

bucket

The Amazon S3 bucket that the policy applies to.

document

Policy document to apply to the bucket.

Default:

• A new empty PolicyDocument will be created.

removal_policy

Policy to apply when the policy is removed from this stack.

Default:

• RemovalPolicy.DESTROY.