ObjectOwnership

class aws_cdk.aws_s3.ObjectOwnership(value, names=None, *, module=None, qualname=None, type=None, start=1, boundary=None)

Bases: Enum

The ObjectOwnership of the bucket.

See:

https://docs.aws.amazon.com/AmazonS3/latest/dev/about-object-ownership.html

ExampleMetadata:

infused

Example:

access_logs_bucket = s3.Bucket(self, "AccessLogsBucket",
    object_ownership=s3.ObjectOwnership.BUCKET_OWNER_ENFORCED
)

access_logs_bucket.add_to_resource_policy(
    iam.PolicyStatement(
        actions=["s3:*"],
        resources=[access_logs_bucket.bucket_arn, access_logs_bucket.arn_for_objects("*")],
        principals=[iam.AnyPrincipal()]
    ))

bucket = s3.Bucket(self, "MyBucket",
    server_access_logs_bucket=access_logs_bucket,
    server_access_logs_prefix="logs"
)

Attributes

BUCKET_OWNER_ENFORCED

ACLs are disabled, and the bucket owner automatically owns and has full control over every object in the bucket.

ACLs no longer affect permissions to data in the S3 bucket. The bucket uses policies to define access control.

BUCKET_OWNER_PREFERRED

The bucket owner will own the object if the object is uploaded with the bucket-owner-full-control canned ACL.

Without this setting and canned ACL, the object is uploaded and remains owned by the uploading account.

OBJECT_WRITER

The uploading account will own the object.