This is the new *Amazon CloudFormation Template Reference Guide*. Please update your bookmarks and links. For help getting started with CloudFormation, see the [Amazon CloudFormation User Guide](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/Welcome.html). # AWS::S3::Bucket MetadataConfiguration Creates a V2 Amazon S3 Metadata configuration of a general purpose bucket. For more information, see [ Accelerating data discovery with S3 Metadata](https://docs.amazonaws.cn/AmazonS3/latest/userguide/metadata-tables-overview.html) in the *Amazon S3 User Guide*. ## Syntax To declare this entity in your Amazon CloudFormation template, use the following syntax: ### JSON ``` { "[Destination](#cfn-s3-bucket-metadataconfiguration-destination)" : {{MetadataDestination}}, "[InventoryTableConfiguration](#cfn-s3-bucket-metadataconfiguration-inventorytableconfiguration)" : {{InventoryTableConfiguration}}, "[JournalTableConfiguration](#cfn-s3-bucket-metadataconfiguration-journaltableconfiguration)" : {{JournalTableConfiguration}} } ``` ### YAML ``` [Destination](#cfn-s3-bucket-metadataconfiguration-destination): {{ MetadataDestination}} [InventoryTableConfiguration](#cfn-s3-bucket-metadataconfiguration-inventorytableconfiguration): {{ InventoryTableConfiguration}} [JournalTableConfiguration](#cfn-s3-bucket-metadataconfiguration-journaltableconfiguration): {{ JournalTableConfiguration}} ``` ## Properties `Destination` The destination information for the S3 Metadata configuration. *Required*: No *Type*: [MetadataDestination](aws-properties-s3-bucket-metadatadestination.md) *Update requires*: [No interruption](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `InventoryTableConfiguration` The inventory table configuration for a metadata configuration. *Required*: No *Type*: [InventoryTableConfiguration](aws-properties-s3-bucket-inventorytableconfiguration.md) *Update requires*: [No interruption](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `JournalTableConfiguration` The journal table configuration for a metadata configuration. *Required*: Yes *Type*: [JournalTableConfiguration](aws-properties-s3-bucket-journaltableconfiguration.md) *Update requires*: [No interruption](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## Examples ### Create a metadata configuration The following example creates an S3 Metadata configuration for the specified general purpose bucket. To use this example, replace ` {{amzn-s3-demo-bucket}} ` with the name of your general purpose bucket. Also make sure to update the Amazon Identity and Access Management (IAM) Amazon Resource Name (ARN) with the name of the IAM role that you want to use. #### JSON ``` { "Resources": { "S3MetadataKMSKey": { "Type": "AWS::KMS::Key", "Properties": { "Description": "KMS key for S3 metadata encryption", "EnableKeyRotation": true, "KeyPolicy": { "Version": "2012-10-17", "Statement": [ { "Sid": "Enable IAM User Permissions", "Effect": "Allow", "Principal": { "AWS": { "Fn::Sub": "arn:aws:iam::${AWS::AccountId}:role/SpecificRoleName" } }, "Action": "kms:*", "Resource": "*" }, { "Sid": "Allow S3 Metadata Service", "Effect": "Allow", "Principal": { "Service": [ "maintenance.s3tables.amazonaws.com", "metadata.s3.amazonaws.com" ] }, "Action": [ "kms:Decrypt", "kms:GenerateDataKey" ], "Resource": "*" } ] } } }, "S3MetadataKMSKeyAlias": { "Type": "AWS::KMS::Alias", "Properties": { "AliasName": "alias/s3-metadata-key", "TargetKeyId": { "Ref": "S3MetadataKMSKey" } } }, "TestMetadataBucket": { "Type": "AWS::S3::Bucket", "Properties": { "BucketName": "{{amzn-s3-demo-bucket}}", "MetadataConfiguration": { "JournalTableConfiguration": { "RecordExpiration": { "Expiration": "ENABLED", "Days": 10 }, "EncryptionConfiguration": { "SseAlgorithm": "aws:kms", "KmsKeyArn": { "Fn::GetAtt": [ "S3MetadataKMSKey", "Arn" ] } } }, "InventoryTableConfiguration": { "ConfigurationState": "ENABLED", "EncryptionConfiguration": { "SseAlgorithm": "aws:kms", "KmsKeyArn": { "Fn::GetAtt": [ "S3MetadataKMSKey", "Arn" ] } } } } } } } } ``` #### YAML ``` Resources: S3MetadataKMSKey: Type: 'AWS::KMS::Key' Properties: Description: 'KMS key for S3 metadata encryption' EnableKeyRotation: true KeyPolicy: Version: '2012-10-17 ' Statement: - Sid: 'Enable IAM User Permissions' Effect: Allow Principal: AWS: !Sub 'arn:aws:iam::${AWS::AccountId}:role/SpecificRoleName' Action: 'kms:*' Resource: '*' - Sid: 'Allow S3 Metadata Service' Effect: Allow Principal: Service: - 'maintenance.s3tables.amazonaws.com' - 'metadata.s3.amazonaws.com' Action: - 'kms:Decrypt' - 'kms:GenerateDataKey' Resource: '*' S3MetadataKMSKeyAlias: Type: 'AWS::KMS::Alias' Properties: AliasName: 'alias/s3-metadata-key' TargetKeyId: !Ref S3MetadataKMSKey TestMetadataBucket: Type: 'AWS::S3::Bucket' Properties: BucketName: {{amzn-s3-demo-bucket}} MetadataConfiguration: JournalTableConfiguration: RecordExpiration: Expiration: ENABLED Days: 10 EncryptionConfiguration: SseAlgorithm: aws:kms KmsKeyArn: !GetAtt S3MetadataKMSKey.Arn InventoryTableConfiguration: ConfigurationState: ENABLED EncryptionConfiguration: SseAlgorithm: aws:kms KmsKeyArn: !GetAtt S3MetadataKMSKey.Arn ```