interface BucketProps
Language | Type name |
---|---|
.NET | Amazon.CDK.AWS.S3.BucketProps |
Go | github.com/aws/aws-cdk-go/awscdk/v2/awss3#BucketProps |
Java | software.amazon.awscdk.services.s3.BucketProps |
Python | aws_cdk.aws_s3.BucketProps |
TypeScript (source) | aws-cdk-lib » aws_s3 » BucketProps |
Example
const sourceBucket = new s3.Bucket(this, 'MyBucket', {
versioned: true, // a Bucket used as a source in CodePipeline must be versioned
});
const pipeline = new codepipeline.Pipeline(this, 'MyPipeline');
const sourceOutput = new codepipeline.Artifact();
const sourceAction = new codepipeline_actions.S3SourceAction({
actionName: 'S3Source',
bucket: sourceBucket,
bucketKey: 'path/to/file.zip',
output: sourceOutput,
});
pipeline.addStage({
stageName: 'Source',
actions: [sourceAction],
});
Properties
Name | Type | Description |
---|---|---|
access | Bucket | Specifies a canned ACL that grants predefined permissions to the bucket. |
auto | boolean | Whether all objects should be automatically deleted when the bucket is removed from the stack or when the stack is deleted. |
block | Block | The block public access configuration of this bucket. |
bucket | boolean | Whether Amazon S3 should use its own intermediary key to generate data keys. |
bucket | string | Physical name of this bucket. |
cors? | Cors [] | The CORS configuration of this bucket. |
encryption? | Bucket | The kind of server-side encryption to apply to this bucket. |
encryption | IKey | External KMS key to use for bucket encryption. |
enforce | boolean | Enforces SSL for requests. |
event | boolean | Whether this bucket should send notifications to Amazon EventBridge or not. |
intelligent | Intelligent [] | Inteligent Tiering Configurations. |
inventories? | Inventory [] | The inventory configuration of the bucket. |
lifecycle | Lifecycle [] | Rules that define how Amazon S3 manages objects during their lifetime. |
metrics? | Bucket [] | The metrics configuration of this bucket. |
minimum | number | Enforces minimum TLS version for requests. |
notifications | IRole | The role to be used by the notifications handler. |
object | Object | The default retention mode and rules for S3 Object Lock. |
object | boolean | Enable object lock on the bucket. |
object | Object | The objectOwnership of the bucket. |
public | boolean | Grants public read access to all objects in the bucket. |
removal | Removal | Policy to apply when the bucket is removed from this stack. |
server | IBucket | Destination bucket for the server access logs. |
server | string | Optional log file prefix to use for the bucket's access logs. |
target | Target | Optional key format for log objects. |
transfer | boolean | Whether this bucket should have transfer acceleration turned on or not. |
versioned? | boolean | Whether this bucket should have versioning turned on or not. |
website | string | The name of the error document (e.g. "404.html") for the website. websiteIndexDocument must also be set if this is set. |
website | string | The name of the index document (e.g. "index.html") for the website. Enables static website hosting for this bucket. |
website | Redirect | Specifies the redirect behavior of all requests to a website endpoint of a bucket. |
website | Routing [] | Rules that define when a redirect is applied and the redirect behavior. |
accessControl?
Type:
Bucket
(optional, default: BucketAccessControl.PRIVATE)
Specifies a canned ACL that grants predefined permissions to the bucket.
autoDeleteObjects?
Type:
boolean
(optional, default: false)
Whether all objects should be automatically deleted when the bucket is removed from the stack or when the stack is deleted.
Requires the removalPolicy
to be set to RemovalPolicy.DESTROY
.
Warning if you have deployed a bucket with autoDeleteObjects: true
,
switching this to false
in a CDK version before 1.126.0
will lead to
all objects in the bucket being deleted. Be sure to update your bucket resources
by deploying with CDK version 1.126.0
or later before switching this value to false
.
blockPublicAccess?
Type:
Block
(optional, default: CloudFormation defaults will apply. New buckets and objects don't allow public access, but users can modify bucket policies or object permissions to allow public access)
The block public access configuration of this bucket.
See also: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html
bucketKeyEnabled?
Type:
boolean
(optional, default: false)
Whether Amazon S3 should use its own intermediary key to generate data keys.
Only relevant when using KMS for encryption.
- If not enabled, every object GET and PUT will cause an API call to KMS (with the attendant cost implications of that).
- If enabled, S3 will use its own time-limited key instead.
Only relevant, when Encryption is set to BucketEncryption.KMS
or BucketEncryption.KMS_MANAGED
.
bucketName?
Type:
string
(optional, default: Assigned by CloudFormation (recommended).)
Physical name of this bucket.
cors?
Type:
Cors
[]
(optional, default: No CORS configuration.)
The CORS configuration of this bucket.
See also: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-cors.html
encryption?
Type:
Bucket
(optional, default: KMS
if encryptionKey
is specified, or UNENCRYPTED
otherwise.
But if UNENCRYPTED
is specified, the bucket will be encrypted as S3_MANAGED
automatically.)
The kind of server-side encryption to apply to this bucket.
If you choose KMS, you can specify a KMS key via encryptionKey
. If
encryption key is not specified, a key will automatically be created.
encryptionKey?
Type:
IKey
(optional, default: If encryption
is set to KMS
and this property is undefined,
a new KMS key will be created and associated with this bucket.)
External KMS key to use for bucket encryption.
The encryption
property must be either not specified or set to KMS
or DSSE
.
An error will be emitted if encryption
is set to UNENCRYPTED
or S3_MANAGED
.
enforceSSL?
Type:
boolean
(optional, default: false)
Enforces SSL for requests.
S3.5 of the AWS Foundational Security Best Practices Regarding S3.
See also: https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-ssl-requests-only.html
eventBridgeEnabled?
Type:
boolean
(optional, default: false)
Whether this bucket should send notifications to Amazon EventBridge or not.
intelligentTieringConfigurations?
Type:
Intelligent
[]
(optional, default: No Intelligent Tiiering Configurations.)
Inteligent Tiering Configurations.
See also: https://docs.aws.amazon.com/AmazonS3/latest/userguide/intelligent-tiering.html
inventories?
Type:
Inventory
[]
(optional, default: No inventory configuration)
The inventory configuration of the bucket.
See also: https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-inventory.html
lifecycleRules?
Type:
Lifecycle
[]
(optional, default: No lifecycle rules.)
Rules that define how Amazon S3 manages objects during their lifetime.
metrics?
Type:
Bucket
[]
(optional, default: No metrics configuration.)
The metrics configuration of this bucket.
minimumTLSVersion?
Type:
number
(optional, default: No minimum TLS version is enforced.)
Enforces minimum TLS version for requests.
Requires enforceSSL
to be enabled.
notificationsHandlerRole?
Type:
IRole
(optional, default: a new role will be created.)
The role to be used by the notifications handler.
objectLockDefaultRetention?
Type:
Object
(optional, default: no default retention period)
The default retention mode and rules for S3 Object Lock.
Default retention can be configured after a bucket is created if the bucket already has object lock enabled. Enabling object lock for existing buckets is not supported.
objectLockEnabled?
Type:
boolean
(optional, default: false, unless objectLockDefaultRetention is set (then, true))
Enable object lock on the bucket.
Enabling object lock for existing buckets is not supported. Object lock must be enabled when the bucket is created.
objectOwnership?
Type:
Object
(optional, default: No ObjectOwnership configuration, uploading account will own the object.)
The objectOwnership of the bucket.
See also: https://docs.aws.amazon.com/AmazonS3/latest/dev/about-object-ownership.html
publicReadAccess?
Type:
boolean
(optional, default: false)
Grants public read access to all objects in the bucket.
Similar to calling bucket.grantPublicAccess()
removalPolicy?
Type:
Removal
(optional, default: The bucket will be orphaned.)
Policy to apply when the bucket is removed from this stack.
serverAccessLogsBucket?
Type:
IBucket
(optional, default: If "serverAccessLogsPrefix" undefined - access logs disabled, otherwise - log to current bucket.)
Destination bucket for the server access logs.
serverAccessLogsPrefix?
Type:
string
(optional, default: No log file prefix)
Optional log file prefix to use for the bucket's access logs.
If defined without "serverAccessLogsBucket", enables access logs to current bucket with this prefix.
targetObjectKeyFormat?
Type:
Target
(optional, default: the default key format is: [DestinationPrefix][YYYY]-[MM]-[DD]-[hh]-[mm]-[ss]-[UniqueString])
Optional key format for log objects.
transferAcceleration?
Type:
boolean
(optional, default: false)
Whether this bucket should have transfer acceleration turned on or not.
versioned?
Type:
boolean
(optional, default: false (unless object lock is enabled, then true))
Whether this bucket should have versioning turned on or not.
websiteErrorDocument?
Type:
string
(optional, default: No error document.)
The name of the error document (e.g. "404.html") for the website. websiteIndexDocument
must also be set if this is set.
websiteIndexDocument?
Type:
string
(optional, default: No index document.)
The name of the index document (e.g. "index.html") for the website. Enables static website hosting for this bucket.
websiteRedirect?
Type:
Redirect
(optional, default: No redirection.)
Specifies the redirect behavior of all requests to a website endpoint of a bucket.
If you specify this property, you can't specify "websiteIndexDocument", "websiteErrorDocument" nor , "websiteRoutingRules".
websiteRoutingRules?
Type:
Routing
[]
(optional, default: No redirection rules.)
Rules that define when a redirect is applied and the redirect behavior.