CfnBucketPolicyProps

class aws_cdk.aws_s3.CfnBucketPolicyProps(*, bucket, policy_document)

Bases: object

Properties for defining a CfnBucketPolicy.

Parameters:
  • bucket (str) – The name of the Amazon S3 bucket to which the policy applies.

  • policy_document (Any) – A policy document containing permissions to add to the specified bucket. In IAM, you must provide policy documents in JSON format. However, in CloudFormation you can provide the policy in JSON or YAML format because CloudFormation converts YAML to JSON before submitting it to IAM. For more information, see the AWS::IAM::Policy PolicyDocument resource description in this guide and Access Policy Language Overview in the Amazon S3 User Guide .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-bucketpolicy.html

ExampleMetadata:

infused

Example:

bucket_name = "amzn-s3-demo-bucket"
access_logs_bucket = s3.Bucket(self, "AccessLogsBucket",
    object_ownership=s3.ObjectOwnership.BUCKET_OWNER_ENFORCED,
    bucket_name=bucket_name
)

# Creating a bucket policy using L1
bucket_policy = s3.CfnBucketPolicy(self, "BucketPolicy",
    bucket=bucket_name,
    policy_document={
        "Statement": [{
            "Action": "s3:*",
            "Effect": "Deny",
            "Principal": {
                "AWS": "*"
            },
            "Resource": [access_logs_bucket.bucket_arn, f"{accessLogsBucket.bucketArn}/*"
            ]
        }
        ],
        "Version": "2012-10-17"
    }
)

# 'serverAccessLogsBucket' will create a new L2 bucket policy
# to allow log delivery and overwrite the L1 bucket policy.
bucket = s3.Bucket(self, "MyBucket",
    server_access_logs_bucket=access_logs_bucket,
    server_access_logs_prefix="logs"
)

Attributes

bucket

The name of the Amazon S3 bucket to which the policy applies.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-bucketpolicy.html#cfn-s3-bucketpolicy-bucket

policy_document

A policy document containing permissions to add to the specified bucket.

In IAM, you must provide policy documents in JSON format. However, in CloudFormation you can provide the policy in JSON or YAML format because CloudFormation converts YAML to JSON before submitting it to IAM. For more information, see the AWS::IAM::Policy PolicyDocument resource description in this guide and Access Policy Language Overview in the Amazon S3 User Guide .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-bucketpolicy.html#cfn-s3-bucketpolicy-policydocument