BucketDeploymentProps

class aws_cdk.aws_s3_deployment.BucketDeploymentProps(*, destination_bucket, sources, access_control=None, cache_control=None, content_disposition=None, content_encoding=None, content_language=None, content_type=None, destination_key_prefix=None, distribution=None, distribution_paths=None, ephemeral_storage_size=None, exclude=None, expires=None, extract=None, include=None, log_group=None, log_retention=None, memory_limit=None, metadata=None, output_object_keys=None, prune=None, retain_on_delete=None, role=None, server_side_encryption=None, server_side_encryption_aws_kms_key_id=None, server_side_encryption_customer_algorithm=None, sign_content=None, storage_class=None, use_efs=None, vpc=None, vpc_subnets=None, website_redirect_location=None)

Bases: object

Properties for BucketDeployment.

Parameters:

  • destination_bucket (IBucket) – The S3 bucket to sync the contents of the zip file to.

  • sources (Sequence[ISource]) – The sources from which to deploy the contents of this bucket.

  • access_control (Optional[BucketAccessControl]) – System-defined x-amz-acl metadata to be set on all objects in the deployment. Default: - Not set.

  • cache_control (Optional[Sequence[CacheControl]]) – System-defined cache-control metadata to be set on all objects in the deployment. Default: - Not set.

  • content_disposition (Optional[str]) – System-defined cache-disposition metadata to be set on all objects in the deployment. Default: - Not set.

  • content_encoding (Optional[str]) – System-defined content-encoding metadata to be set on all objects in the deployment. Default: - Not set.

  • content_language (Optional[str]) – System-defined content-language metadata to be set on all objects in the deployment. Default: - Not set.

  • content_type (Optional[str]) – System-defined content-type metadata to be set on all objects in the deployment. Default: - Not set.

  • destination_key_prefix (Optional[str]) – Key prefix in the destination bucket. Must be <=104 characters. If it’s set with prune: true, it will only prune files with the prefix. We recommend to always configure the destinationKeyPrefix property. This will prevent the deployment from accidentally deleting data that wasn’t uploaded by it. Default: “/” (unzip to root of the destination bucket)

  • distribution (Optional[IDistribution]) – The CloudFront distribution using the destination bucket as an origin. Files in the distribution’s edge caches will be invalidated after files are uploaded to the destination bucket. Default: - No invalidation occurs

  • distribution_paths (Optional[Sequence[str]]) – The file paths to invalidate in the CloudFront distribution. Default: - All files under the destination bucket key prefix will be invalidated.

  • ephemeral_storage_size (Optional[Size]) – The size of the AWS Lambda function’s /tmp directory in MiB. Default: 512 MiB

  • exclude (Optional[Sequence[str]]) – If this is set, matching files or objects will be excluded from the deployment’s sync command. This can be used to exclude a file from being pruned in the destination bucket. If you want to just exclude files from the deployment package (which excludes these files evaluated when invalidating the asset), you should leverage the exclude property of AssetOptions when defining your source. Default: - No exclude filters are used

  • expires (Optional[Expiration]) – System-defined expires metadata to be set on all objects in the deployment. Default: - The objects in the distribution will not expire.

  • extract (Optional[bool]) – If this is set, the zip file will be synced to the destination S3 bucket and extracted. If false, the file will remain zipped in the destination bucket. Default: true

  • include (Optional[Sequence[str]]) – If this is set, matching files or objects will be included with the deployment’s sync command. Since all files from the deployment package are included by default, this property is usually leveraged alongside an exclude filter. Default: - No include filters are used and all files are included with the sync command

  • log_group (Optional[ILogGroup]) – The Log Group used for logging of events emitted by the custom resource’s lambda function. Providing a user-controlled log group was rolled out to commercial regions on 2023-11-16. If you are deploying to another type of region, please check regional availability first. Default: - a default log group created by AWS Lambda

  • log_retention (Optional[RetentionDays]) – The number of days that the lambda function’s log events are kept in CloudWatch Logs. This is a legacy API and we strongly recommend you migrate to logGroup if you can. logGroup allows you to create a fully customizable log group and instruct the Lambda function to send logs to it. Default: logs.RetentionDays.INFINITE

  • memory_limit (Union[int, float, None]) – The amount of memory (in MiB) to allocate to the AWS Lambda function which replicates the files from the CDK bucket to the destination bucket. If you are deploying large files, you will need to increase this number accordingly. Default: 128

  • metadata (Optional[Mapping[str, str]]) – User-defined object metadata to be set on all objects in the deployment. Default: - No user metadata is set

  • output_object_keys (Optional[bool]) – If set to false, the custom resource will not send back the SourceObjectKeys. This is useful when you are facing the error Response object is too long See https://github.com/aws/aws-cdk/issues/28579 Default: true

  • prune (Optional[bool]) – By default, files in the destination bucket that don’t exist in the source will be deleted when the BucketDeployment resource is created or updated. If this is set to false, files in the destination bucket that do not exist in the asset, will NOT be deleted during deployment (create/update). Default: true

  • retain_on_delete (Optional[bool]) – If this is set to “false”, the destination files will be deleted when the resource is deleted or the destination is updated. NOTICE: Configuring this to “false” might have operational implications. Please visit to the package documentation referred below to make sure you fully understand those implications. Default: true - when resource is deleted/updated, files are retained

  • role (Optional[IRole]) – Execution role associated with this function. Default: - A role is automatically created

  • server_side_encryption (Optional[ServerSideEncryption]) – System-defined x-amz-server-side-encryption metadata to be set on all objects in the deployment. Default: - Server side encryption is not used.

  • server_side_encryption_aws_kms_key_id (Optional[str]) – System-defined x-amz-server-side-encryption-aws-kms-key-id metadata to be set on all objects in the deployment. Default: - Not set.

  • server_side_encryption_customer_algorithm (Optional[str]) – System-defined x-amz-server-side-encryption-customer-algorithm metadata to be set on all objects in the deployment. Warning: This is not a useful parameter until this bug is fixed: https://github.com/aws/aws-cdk/issues/6080 Default: - Not set.

  • sign_content (Optional[bool]) – If set to true, uploads will precompute the value of x-amz-content-sha256 and include it in the signed S3 request headers. Default: - x-amz-content-sha256 will not be computed

  • storage_class (Optional[StorageClass]) – System-defined x-amz-storage-class metadata to be set on all objects in the deployment. Default: - Default storage-class for the bucket is used.

  • use_efs (Optional[bool]) – Mount an EFS file system. Enable this if your assets are large and you encounter disk space errors. Enabling this option will require a VPC to be specified. Default: - No EFS. Lambda has access only to 512MB of disk space.

  • vpc (Optional[IVpc]) – The VPC network to place the deployment lambda handler in. This is required if useEfs is set. Default: None

  • vpc_subnets (Union[SubnetSelection, Dict[str, Any], None]) – Where in the VPC to place the deployment lambda handler. Only used if ‘vpc’ is supplied. Default: - the Vpc default strategy if not specified

  • website_redirect_location (Optional[str]) – System-defined x-amz-website-redirect-location metadata to be set on all objects in the deployment. Default: - No website redirection.

ExampleMetadata:

infused

Example:

# destination_bucket: s3.Bucket


deployment = s3deploy.BucketDeployment(self, "DeployFiles",
    sources=[s3deploy.Source.asset(path.join(__dirname, "source-files"))],
    destination_bucket=destination_bucket
)

deployment.handler_role.add_to_policy(
    iam.PolicyStatement(
        actions=["kms:Decrypt", "kms:DescribeKey"],
        effect=iam.Effect.ALLOW,
        resources=["<encryption key ARN>"]
    ))

Attributes

access_control

System-defined x-amz-acl metadata to be set on all objects in the deployment.

Default:

  • Not set.

See:

https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#canned-acl

cache_control

System-defined cache-control metadata to be set on all objects in the deployment.

Default:

  • Not set.

See:

https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html#SysMetadata

content_disposition

System-defined cache-disposition metadata to be set on all objects in the deployment.

Default:

  • Not set.

See:

https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html#SysMetadata

content_encoding

System-defined content-encoding metadata to be set on all objects in the deployment.

Default:

  • Not set.

See:

https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html#SysMetadata

content_language

System-defined content-language metadata to be set on all objects in the deployment.

Default:

  • Not set.

See:

https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html#SysMetadata

content_type

System-defined content-type metadata to be set on all objects in the deployment.

Default:

  • Not set.

See:

https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html#SysMetadata

destination_bucket

The S3 bucket to sync the contents of the zip file to.

destination_key_prefix

Key prefix in the destination bucket. Must be <=104 characters.

If it’s set with prune: true, it will only prune files with the prefix.

We recommend to always configure the destinationKeyPrefix property. This will prevent the deployment from accidentally deleting data that wasn’t uploaded by it.

Default:

“/” (unzip to root of the destination bucket)

distribution

The CloudFront distribution using the destination bucket as an origin.

Files in the distribution’s edge caches will be invalidated after files are uploaded to the destination bucket.

Default:

  • No invalidation occurs

distribution_paths

The file paths to invalidate in the CloudFront distribution.

Default:

  • All files under the destination bucket key prefix will be invalidated.

ephemeral_storage_size

The size of the AWS Lambda function’s /tmp directory in MiB.

Default:

512 MiB

exclude

If this is set, matching files or objects will be excluded from the deployment’s sync command.

This can be used to exclude a file from being pruned in the destination bucket.

If you want to just exclude files from the deployment package (which excludes these files evaluated when invalidating the asset), you should leverage the exclude property of AssetOptions when defining your source.

Default:

  • No exclude filters are used

See:

https://docs.aws.amazon.com/cli/latest/reference/s3/index.html#use-of-exclude-and-include-filters

expires

System-defined expires metadata to be set on all objects in the deployment.

Default:

  • The objects in the distribution will not expire.

See:

https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html#SysMetadata

extract

If this is set, the zip file will be synced to the destination S3 bucket and extracted.

If false, the file will remain zipped in the destination bucket.

Default:

true

include

If this is set, matching files or objects will be included with the deployment’s sync command.

Since all files from the deployment package are included by default, this property is usually leveraged alongside an exclude filter.

Default:

  • No include filters are used and all files are included with the sync command

See:

https://docs.aws.amazon.com/cli/latest/reference/s3/index.html#use-of-exclude-and-include-filters

log_group

The Log Group used for logging of events emitted by the custom resource’s lambda function.

Providing a user-controlled log group was rolled out to commercial regions on 2023-11-16. If you are deploying to another type of region, please check regional availability first.

Default:

  • a default log group created by AWS Lambda

log_retention

The number of days that the lambda function’s log events are kept in CloudWatch Logs.

This is a legacy API and we strongly recommend you migrate to logGroup if you can. logGroup allows you to create a fully customizable log group and instruct the Lambda function to send logs to it.

Default:

logs.RetentionDays.INFINITE

memory_limit

The amount of memory (in MiB) to allocate to the AWS Lambda function which replicates the files from the CDK bucket to the destination bucket.

If you are deploying large files, you will need to increase this number accordingly.

Default:

128

metadata

User-defined object metadata to be set on all objects in the deployment.

Default:

  • No user metadata is set

See:

https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html#UserMetadata

output_object_keys

If set to false, the custom resource will not send back the SourceObjectKeys.

This is useful when you are facing the error Response object is too long

See https://github.com/aws/aws-cdk/issues/28579

Default:

true

prune

By default, files in the destination bucket that don’t exist in the source will be deleted when the BucketDeployment resource is created or updated.

If this is set to false, files in the destination bucket that do not exist in the asset, will NOT be deleted during deployment (create/update).

Default:

true

See:

https://docs.aws.amazon.com/cli/latest/reference/s3/sync.html

retain_on_delete

If this is set to “false”, the destination files will be deleted when the resource is deleted or the destination is updated.

NOTICE: Configuring this to “false” might have operational implications. Please visit to the package documentation referred below to make sure you fully understand those implications.

Default:

true - when resource is deleted/updated, files are retained

See:

https://github.com/aws/aws-cdk/tree/main/packages/aws-cdk-lib/aws-s3-deployment#retain-on-delete

role

Execution role associated with this function.

Default:

  • A role is automatically created

server_side_encryption

System-defined x-amz-server-side-encryption metadata to be set on all objects in the deployment.

Default:

  • Server side encryption is not used.

See:

https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html#SysMetadata

server_side_encryption_aws_kms_key_id

System-defined x-amz-server-side-encryption-aws-kms-key-id metadata to be set on all objects in the deployment.

Default:

  • Not set.

See:

https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html#SysMetadata

server_side_encryption_customer_algorithm

System-defined x-amz-server-side-encryption-customer-algorithm metadata to be set on all objects in the deployment.

Warning: This is not a useful parameter until this bug is fixed: https://github.com/aws/aws-cdk/issues/6080

Default:

  • Not set.

See:

https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html#sse-c-how-to-programmatically-intro

sign_content

If set to true, uploads will precompute the value of x-amz-content-sha256 and include it in the signed S3 request headers.

Default:

  • x-amz-content-sha256 will not be computed

sources

The sources from which to deploy the contents of this bucket.

storage_class

System-defined x-amz-storage-class metadata to be set on all objects in the deployment.

Default:

  • Default storage-class for the bucket is used.

See:

https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html#SysMetadata

use_efs

Mount an EFS file system.

Enable this if your assets are large and you encounter disk space errors. Enabling this option will require a VPC to be specified.

Default:

  • No EFS. Lambda has access only to 512MB of disk space.

vpc

The VPC network to place the deployment lambda handler in.

This is required if useEfs is set.

Default:

None

vpc_subnets

Where in the VPC to place the deployment lambda handler.

Only used if ‘vpc’ is supplied.

Default:

  • the Vpc default strategy if not specified

website_redirect_location

System-defined x-amz-website-redirect-location metadata to be set on all objects in the deployment.

Default:

  • No website redirection.

See:

https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html#SysMetadata