Indicates if a bucket resource policy should automatically created upon the first call to addToResourcePolicy.
The ARN of the bucket.
The IPv4 DNS name of the specified bucket.
The IPv6 DNS name of the specified bucket.
The name of the bucket.
The regional domain name of the specified bucket.
The Domain name of the static website.
The URL of the static website.
Whether to disallow public access.
Optional KMS encryption key associated with this bucket.
The environment this resource belongs to.
For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.
If this bucket has been configured for static website hosting.
The construct tree node associated with this construct.
(experimental) Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
This value will resolve to one of the following:
"my-awesome-bucket")undefined, when a name should be generated by CloudFormationThe resource policy associated with this bucket.
If autoCreatePolicy is true, a BucketPolicy will be created upon the
first call to addToResourcePolicy(s).
The stack in which this resource is defined.
Called when this resource is referenced across environments (account/region) to order to request that a physical name will be generated for this resource during synthesis, so the resource can be referenced through it's absolute name/arn.
Adds a cross-origin access configuration for objects in an Amazon S3 bucket.
The CORS configuration rule to add.
Adds a bucket notification event destination.
The event to trigger the notification.
The notification destination (Lambda, SNS Topic or SQS Queue).
S3 object key filter rules to determine which objects trigger this event.
Add an inventory configuration.
configuration to add.
Add a lifecycle rule to the bucket.
The rule to add.
Adds a metrics configuration for the CloudWatch request metrics from the bucket.
The metric configuration to add.
Subscribes a destination to receive notifications when an object is created in the bucket.
This is identical to calling
onEvent(EventType.ObjectCreated).
The notification destination (see onEvent).
Filters (see onEvent).
Subscribes a destination to receive notifications when an object is removed from the bucket.
This is identical to calling
onEvent(EventType.ObjectRemoved).
The notification destination (see onEvent).
Filters (see onEvent).
Adds a statement to the resource policy for a principal (i.e. account/role/service) to perform actions on this bucket and/or it's contents. Use bucketArn and arnForObjects(keys) to obtain ARNs for this bucket or objects.
Returns an ARN that represents all objects within the bucket that match the key pattern specified.
To represent all keys, specify "*".
If you need to specify a keyPattern with multiple components, concatenate them into a single string, e.g.:
arnForObjects(home/${team}/${user}/*)
(experimental) Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. bucket.bucketArn).
Normally, this token will resolve to arnAttr, but if the resource is
referenced across environments, arnComponents will be used to synthesize
a concrete ARN with the resource's physical name. Make sure to reference
this.physicalName in arnComponents.
The CFN attribute which resolves to the ARN of the resource.
The format of the ARN of this resource.
(experimental) Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. bucket.bucketName).
Normally, this token will resolve to nameAttr, but if the resource is
referenced across environments, it will be resolved to this.physicalName,
which will be a concrete name.
The CFN attribute which resolves to the resource's name.
Grants s3:DeleteObject* permission to an IAM pricipal for objects in this bucket.
The principal.
Restrict the permission to a certain key pattern (default '*').
Allows unrestricted access to objects from this bucket.
IMPORTANT: This permission allows anyone to perform actions on S3 objects in this bucket, which is useful for when you configure your bucket as a website and want everyone to be able to read objects in the bucket without needing to authenticate.
Without arguments, this method will grant read ("s3:GetObject") access to all objects ("*") in the bucket.
The method returns the iam.Grant object, which can then be modified
as needed. For example, you can add a condition that will restrict access only
to an IPv4 range like this:
const grant = bucket.grantPublicAccess();
grant.resourceStatement!.addCondition(‘IpAddress’, { “aws:SourceIp”: “54.240.143.0/24” });the prefix of S3 object keys (e.g. home/*). Default is "*".
the set of S3 actions to allow.
Grants s3:PutObject* and s3:Abort* permissions for this bucket to an IAM principal.
If encryption is used, permission to use the key to encrypt the contents of written files will also be granted to the same principal.
The principal.
Restrict the permission to a certain key pattern (default '*').
Grant the given IAM identity permissions to modify the ACLs of objects in the given Bucket.
If your application has the '@aws-cdk/aws-s3:grantWriteWithoutAcl' feature flag set, calling grantWrite or grantReadWrite no longer grants permissions to modify the ACLs of the objects; in this case, if you need to modify object ACLs, call this method explicitly.
Grant read permissions for this bucket and it's contents to an IAM principal (Role/Group/User).
If encryption is used, permission to use the key to decrypt the contents of the bucket will also be granted to the same principal.
The principal.
Restrict the permission to a certain key pattern (default '*').
Grants read/write permissions for this bucket and it's contents to an IAM principal (Role/Group/User).
If an encryption key is used, permission to use the key for encrypt/decrypt will also be granted.
The principal.
Restrict the permission to a certain key pattern (default '*').
Grant write permissions to this bucket to an IAM principal.
If encryption is used, permission to use the key to encrypt the contents of written files will also be granted to the same principal.
The principal.
Restrict the permission to a certain key pattern (default '*').
Define a CloudWatch event that triggers when something happens to this repository.
Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail.
The id of the rule.
Options for adding the rule.
Defines an AWS CloudWatch event that triggers when an object is uploaded to the specified paths (keys) in this bucket using the PutObject API call.
Note that some tools like aws s3 cp will automatically use either
PutObject or the multipart upload API depending on the file size,
so using onCloudTrailWriteObject may be preferable.
Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail.
The id of the rule.
Options for adding the rule.
Defines an AWS CloudWatch event that triggers when an object at the specified paths (keys) in this bucket are written to.
This includes the events PutObject, CopyObject, and CompleteMultipartUpload.
Note that some tools like aws s3 cp will automatically use either
PutObject or the multipart upload API depending on the file size,
so using this method may be preferable to onCloudTrailPutObject.
Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail.
The id of the rule.
Options for adding the rule.
Perform final modifications before synthesis.
This method can be implemented by derived constructs in order to perform final changes before synthesis. prepare() will be called after child constructs have been prepared.
This is an advanced framework feature. Only use this if you understand the implications.
Allows this construct to emit artifacts into the cloud assembly during synthesis.
This method is usually implemented by framework-level constructs such as Stack and Asset
as they participate in synthesizing the cloud assembly.
The synthesis session.
Validate the current construct.
This method can be implemented by derived constructs in order to perform validation logic. It is called on all constructs before synthesis.
An array of validation error messages, or an empty array if the construct is valid.
Perform final modifications before synthesis.
This method can be implemented by derived constructs in order to perform final changes before synthesis. prepare() will be called after child constructs have been prepared.
This is an advanced framework feature. Only use this if you understand the implications.
The S3 URL of an S3 object.
For example:
The S3 key of the object.
an ObjectS3Url token
Allows this construct to emit artifacts into the cloud assembly during synthesis.
This method is usually implemented by framework-level constructs such as Stack and Asset
as they participate in synthesizing the cloud assembly.
The synthesis session.
Returns a string representation of this construct.
The https URL of an S3 object.
Specify regional: false at the options
for non-regional URLs. For example:
The S3 key of the object.
an ObjectS3Url token
Validate the current construct.
This method can be implemented by derived constructs in order to perform validation logic. It is called on all constructs before synthesis.
The virtual hosted-style URL of an S3 object.
Specify regional: false at
the options for non-regional URL. For example:
The S3 key of the object.
Options for generating URL.
an ObjectS3Url token
Creates a Bucket construct that represents an external bucket.
The parent creating construct (usually this).
The construct's name.
A BucketAttributes object.
Return whether the given object is a Construct.
Generated using TypeDoc
A construct representing an AutoDeleteBucket.
This construct creates an S3 bucket that will be automatically emptied before the bucket itself is destroyed. This prevents Cloud Formation failing to destroy a stack when existing S3 resources remain.