CfnBucketPolicyProps
- class aws_cdk.aws_s3.CfnBucketPolicyProps(*, bucket, policy_document)
Bases:
object
Properties for defining a
CfnBucketPolicy
.- Parameters:
bucket (
str
) – The name of the Amazon S3 bucket to which the policy applies.policy_document (
Any
) – A policy document containing permissions to add to the specified bucket. In IAM, you must provide policy documents in JSON format. However, in CloudFormation you can provide the policy in JSON or YAML format because CloudFormation converts YAML to JSON before submitting it to IAM. For more information, see the AWS::IAM::Policy PolicyDocument resource description in this guide and Access Policy Language Overview in the Amazon S3 User Guide .
- See:
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-bucketpolicy.html
- ExampleMetadata:
infused
Example:
bucket_name = "amzn-s3-demo-bucket" access_logs_bucket = s3.Bucket(self, "AccessLogsBucket", object_ownership=s3.ObjectOwnership.BUCKET_OWNER_ENFORCED, bucket_name=bucket_name ) # Creating a bucket policy using L1 bucket_policy = s3.CfnBucketPolicy(self, "BucketPolicy", bucket=bucket_name, policy_document={ "Statement": [{ "Action": "s3:*", "Effect": "Deny", "Principal": { "AWS": "*" }, "Resource": [access_logs_bucket.bucket_arn, f"{accessLogsBucket.bucketArn}/*" ] } ], "Version": "2012-10-17" } ) # 'serverAccessLogsBucket' will create a new L2 bucket policy # to allow log delivery and overwrite the L1 bucket policy. bucket = s3.Bucket(self, "MyBucket", server_access_logs_bucket=access_logs_bucket, server_access_logs_prefix="logs" )
Attributes
- bucket
The name of the Amazon S3 bucket to which the policy applies.
- policy_document
A policy document containing permissions to add to the specified bucket.
In IAM, you must provide policy documents in JSON format. However, in CloudFormation you can provide the policy in JSON or YAML format because CloudFormation converts YAML to JSON before submitting it to IAM. For more information, see the AWS::IAM::Policy PolicyDocument resource description in this guide and Access Policy Language Overview in the Amazon S3 User Guide .