Class: AWSCDK::S3::BucketBase

Inherits:
Resource
  • Object
show all
Includes:
IAM::IEncryptedResource, IBucket
Defined in:
s3/bucket_base.rb

Overview

Represents an S3 Bucket.

Buckets can be either defined within this stack:

new Bucket(this, 'MyBucket', { props });

Or imported from an existing bucket:

Bucket.import(this, 'MyImportedBucket', { bucketArn: ... });

You can also export a bucket and import it into another stack:

const ref = myBucket.export(); Bucket.import(this, 'MyImportedBucket', ref);

Direct Known Subclasses

Bucket

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(scope, id, props = nil) ⇒ BucketBase

Returns a new instance of BucketBase.

Parameters:



26
27
28
29
30
31
32
# File 's3/bucket_base.rb', line 26

def initialize(scope, id, props = nil)
  props = props.is_a?(Hash) ? ::AWSCDK::ResourceProps.new(**props.transform_keys(&:to_sym)) : props
  Jsii::Type.check_type(scope, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJjb25zdHJ1Y3RzLkNvbnN0cnVjdCJ9")), "scope")
  Jsii::Type.check_type(id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "id")
  Jsii::Type.check_type(props, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5SZXNvdXJjZVByb3BzIn0=")), "props") unless props.nil?
  Jsii::Object.instance_method(:initialize).bind(self).call(scope, id, props)
end

Class Method Details

.jsii_overridable_methodsObject



34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
# File 's3/bucket_base.rb', line 34

def self.jsii_overridable_methods
  {
    :node => { kind: :property, name: "node", is_optional: false },
    :env => { kind: :property, name: "env", is_optional: false },
    :physical_name => { kind: :property, name: "physicalName", is_optional: false },
    :stack => { kind: :property, name: "stack", is_optional: false },
    :bucket_arn => { kind: :property, name: "bucketArn", is_optional: false },
    :bucket_domain_name => { kind: :property, name: "bucketDomainName", is_optional: false },
    :bucket_dual_stack_domain_name => { kind: :property, name: "bucketDualStackDomainName", is_optional: false },
    :bucket_name => { kind: :property, name: "bucketName", is_optional: false },
    :bucket_ref => { kind: :property, name: "bucketRef", is_optional: false },
    :bucket_regional_domain_name => { kind: :property, name: "bucketRegionalDomainName", is_optional: false },
    :bucket_website_domain_name => { kind: :property, name: "bucketWebsiteDomainName", is_optional: false },
    :bucket_website_url => { kind: :property, name: "bucketWebsiteUrl", is_optional: false },
    :grants => { kind: :property, name: "grants", is_optional: false },
    :encryption_key => { kind: :property, name: "encryptionKey", is_optional: true },
    :is_website => { kind: :property, name: "isWebsite", is_optional: true },
    :auto_create_policy => { kind: :property, name: "autoCreatePolicy", is_optional: false },
    :disallow_public_access => { kind: :property, name: "disallowPublicAccess", is_optional: true },
    :notifications_handler_role => { kind: :property, name: "notificationsHandlerRole", is_optional: true },
    :notifications_skip_destination_validation => { kind: :property, name: "notificationsSkipDestinationValidation", is_optional: true },
    :object_ownership => { kind: :property, name: "objectOwnership", is_optional: true },
    :policy => { kind: :property, name: "policy", is_optional: true },
    :replication_role_arn => { kind: :property, name: "replicationRoleArn", is_optional: true },
    :to_string => { kind: :method, name: "toString", is_optional: false },
    :with => { kind: :method, name: "with", is_optional: false },
    :apply_cross_stack_reference_strength => { kind: :method, name: "applyCrossStackReferenceStrength", is_optional: false },
    :apply_removal_policy => { kind: :method, name: "applyRemovalPolicy", is_optional: false },
    :generate_physical_name => { kind: :method, name: "generatePhysicalName", is_optional: false },
    :get_resource_arn_attribute => { kind: :method, name: "getResourceArnAttribute", is_optional: false },
    :get_resource_name_attribute => { kind: :method, name: "getResourceNameAttribute", is_optional: false },
    :add_event_notification => { kind: :method, name: "addEventNotification", is_optional: false },
    :add_object_created_notification => { kind: :method, name: "addObjectCreatedNotification", is_optional: false },
    :add_object_removed_notification => { kind: :method, name: "addObjectRemovedNotification", is_optional: false },
    :add_replication_policy => { kind: :method, name: "addReplicationPolicy", is_optional: false },
    :add_to_resource_policy => { kind: :method, name: "addToResourcePolicy", is_optional: false },
    :arn_for_objects => { kind: :method, name: "arnForObjects", is_optional: false },
    :enable_event_bridge_notification => { kind: :method, name: "enableEventBridgeNotification", is_optional: false },
    :grant_delete => { kind: :method, name: "grantDelete", is_optional: false },
    :grant_on_key => { kind: :method, name: "grantOnKey", is_optional: false },
    :grant_public_access => { kind: :method, name: "grantPublicAccess", is_optional: false },
    :grant_put => { kind: :method, name: "grantPut", is_optional: false },
    :grant_put_acl => { kind: :method, name: "grantPutAcl", is_optional: false },
    :grant_read => { kind: :method, name: "grantRead", is_optional: false },
    :grant_read_write => { kind: :method, name: "grantReadWrite", is_optional: false },
    :grant_replication_permission => { kind: :method, name: "grantReplicationPermission", is_optional: false },
    :grant_write => { kind: :method, name: "grantWrite", is_optional: false },
    :maybe_auto_create_policy => { kind: :method, name: "maybeAutoCreatePolicy", is_optional: false },
    :on_cloud_trail_event => { kind: :method, name: "onCloudTrailEvent", is_optional: false },
    :on_cloud_trail_put_object => { kind: :method, name: "onCloudTrailPutObject", is_optional: false },
    :on_cloud_trail_write_object => { kind: :method, name: "onCloudTrailWriteObject", is_optional: false },
    :s3_url_for_object => { kind: :method, name: "s3UrlForObject", is_optional: false },
    :transfer_acceleration_url_for_object => { kind: :method, name: "transferAccelerationUrlForObject", is_optional: false },
    :url_for_object => { kind: :method, name: "urlForObject", is_optional: false },
    :virtual_hosted_url_for_object => { kind: :method, name: "virtualHostedUrlForObject", is_optional: false },
  }
end

Instance Method Details

#add_event_notification(event, dest, *filters) ⇒ void

This method returns an undefined value.

Adds a bucket notification event destination.

Examples:

my_lambda = nil # AWSCDK::Lambda::Function

bucket = AWSCDK::S3::Bucket.new(self, "MyBucket")
filter = {prefix: "home/myusername/*"}
bucket.add_event_notification(AWSCDK::S3::EventType::OBJECT_CREATED, AWSCDK::S3Notifications::LambdaDestination.new(my_lambda), filter)

Parameters:

See Also:



396
397
398
399
400
401
402
403
404
# File 's3/bucket_base.rb', line 396

def add_event_notification(event, dest, *filters)
  Jsii::Type.check_type(event, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfczMuRXZlbnRUeXBlIn0=")), "event")
  Jsii::Type.check_type(dest, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfczMuSUJ1Y2tldE5vdGlmaWNhdGlvbkRlc3RpbmF0aW9uIn0=")), "dest")
  filters.map! { |jsii_v0| jsii_v0.is_a?(Hash) ? ::AWSCDK::S3::NotificationKeyFilter.new(**jsii_v0.transform_keys(&:to_sym)) : jsii_v0 }
  filters.each_with_index do |item, index|
    Jsii::Type.check_type(item, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfczMuTm90aWZpY2F0aW9uS2V5RmlsdGVyIn0=")), "filters[#{index}]")
  end
  jsii_call_method("addEventNotification", [event, dest, *filters])
end

#add_object_created_notification(dest, *filters) ⇒ void

This method returns an undefined value.

Subscribes a destination to receive notifications when an object is created in the bucket.

This is identical to calling onEvent(EventType.OBJECT_CREATED).

Parameters:



414
415
416
417
418
419
420
421
# File 's3/bucket_base.rb', line 414

def add_object_created_notification(dest, *filters)
  Jsii::Type.check_type(dest, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfczMuSUJ1Y2tldE5vdGlmaWNhdGlvbkRlc3RpbmF0aW9uIn0=")), "dest")
  filters.map! { |jsii_v0| jsii_v0.is_a?(Hash) ? ::AWSCDK::S3::NotificationKeyFilter.new(**jsii_v0.transform_keys(&:to_sym)) : jsii_v0 }
  filters.each_with_index do |item, index|
    Jsii::Type.check_type(item, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfczMuTm90aWZpY2F0aW9uS2V5RmlsdGVyIn0=")), "filters[#{index}]")
  end
  jsii_call_method("addObjectCreatedNotification", [dest, *filters])
end

#add_object_removed_notification(dest, *filters) ⇒ void

This method returns an undefined value.

Subscribes a destination to receive notifications when an object is removed from the bucket.

This is identical to calling onEvent(EventType.OBJECT_REMOVED).

Parameters:



431
432
433
434
435
436
437
438
# File 's3/bucket_base.rb', line 431

def add_object_removed_notification(dest, *filters)
  Jsii::Type.check_type(dest, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfczMuSUJ1Y2tldE5vdGlmaWNhdGlvbkRlc3RpbmF0aW9uIn0=")), "dest")
  filters.map! { |jsii_v0| jsii_v0.is_a?(Hash) ? ::AWSCDK::S3::NotificationKeyFilter.new(**jsii_v0.transform_keys(&:to_sym)) : jsii_v0 }
  filters.each_with_index do |item, index|
    Jsii::Type.check_type(item, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfczMuTm90aWZpY2F0aW9uS2V5RmlsdGVyIn0=")), "filters[#{index}]")
  end
  jsii_call_method("addObjectRemovedNotification", [dest, *filters])
end

#add_replication_policy(role_arn, access_control_transition = nil, account = nil) ⇒ void

This method returns an undefined value.

Function to add required permissions to the destination bucket for cross account replication.

These permissions will be added as a resource based policy on the bucket

Parameters:

  • role_arn (String)
  • access_control_transition (Boolean, nil) (defaults to: nil)
  • account (String, nil) (defaults to: nil)

See Also:



449
450
451
452
453
454
# File 's3/bucket_base.rb', line 449

def add_replication_policy(role_arn, access_control_transition = nil,  = nil)
  Jsii::Type.check_type(role_arn, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "roleArn")
  Jsii::Type.check_type(access_control_transition, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "accessControlTransition") unless access_control_transition.nil?
  Jsii::Type.check_type(, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "account") unless .nil?
  jsii_call_method("addReplicationPolicy", [role_arn, access_control_transition, ])
end

#add_to_resource_policy(permission) ⇒ AWSCDK::IAM::AddToResourcePolicyResult

Adds a statement to the resource policy for a principal (i.e. account/role/service) to perform actions on this bucket and/or its contents. Use bucketArn and arnForObjects(keys) to obtain ARNs for this bucket or objects.

Note that the policy statement may or may not be added to the policy. For example, when an IBucket is created from an existing bucket, it's not possible to tell whether the bucket already has a policy attached, let alone to re-use that policy to add more statements to it. So it's safest to do nothing in these cases.

Parameters:

Returns:

  • (AWSCDK::IAM::AddToResourcePolicyResult)

    metadata about the execution of this method. If the policy was not added, the value of statementAdded will be false. You should always check this value to make sure that the operation was actually carried out. Otherwise, synthesis and deploy will terminate silently, which may be confusing.



466
467
468
469
# File 's3/bucket_base.rb', line 466

def add_to_resource_policy(permission)
  Jsii::Type.check_type(permission, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLlBvbGljeVN0YXRlbWVudCJ9")), "permission")
  jsii_call_method("addToResourcePolicy", [permission])
end

#apply_cross_stack_reference_strength(strength) ⇒ void

This method returns an undefined value.

Override the cross-stack reference strength for this resource.

When set, any cross-stack reference to this resource will use the specified mechanism instead of the global default determined by the @aws-cdk/core:defaultCrossStackReferences context key. This is useful for selectively weakening specific references to avoid the "deadly embrace" problem without changing the app-wide default.

Parameters:



326
327
328
329
# File 's3/bucket_base.rb', line 326

def apply_cross_stack_reference_strength(strength)
  Jsii::Type.check_type(strength, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5SZWZlcmVuY2VTdHJlbmd0aCJ9")), "strength")
  jsii_call_method("applyCrossStackReferenceStrength", [strength])
end

#apply_removal_policy(policy) ⇒ void

This method returns an undefined value.

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).

Parameters:



343
344
345
346
# File 's3/bucket_base.rb', line 343

def apply_removal_policy(policy)
  Jsii::Type.check_type(policy, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5SZW1vdmFsUG9saWN5In0=")), "policy")
  jsii_call_method("applyRemovalPolicy", [policy])
end

#arn_for_objects(key_pattern) ⇒ String

Returns an ARN that represents all objects within the bucket that match the key pattern specified.

To represent all keys, specify "*".

If you need to specify a keyPattern with multiple components, concatenate them into a single string, e.g.:

arnForObjects(home/${team}/${user}/*)

Parameters:

  • key_pattern (String)

Returns:

  • (String)


481
482
483
484
# File 's3/bucket_base.rb', line 481

def arn_for_objects(key_pattern)
  Jsii::Type.check_type(key_pattern, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "keyPattern")
  jsii_call_method("arnForObjects", [key_pattern])
end

#auto_create_policyBoolean

Indicates if a bucket resource policy should automatically created upon the first call to addToResourcePolicy.

Returns:

  • (Boolean)


215
216
217
# File 's3/bucket_base.rb', line 215

def auto_create_policy()
  jsii_get_property("autoCreatePolicy")
end

#auto_create_policy=(value) ⇒ Object



219
220
221
222
# File 's3/bucket_base.rb', line 219

def auto_create_policy=(value)
  Jsii::Type.check_type(value, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "autoCreatePolicy")
  jsii_set_property("autoCreatePolicy", value)
end

#bucket_arnString

The ARN of the bucket.

Returns:

  • (String)


138
139
140
# File 's3/bucket_base.rb', line 138

def bucket_arn()
  jsii_get_property("bucketArn")
end

#bucket_domain_nameString

The IPv4 DNS name of the specified bucket.

Returns:

  • (String)


145
146
147
# File 's3/bucket_base.rb', line 145

def bucket_domain_name()
  jsii_get_property("bucketDomainName")
end

#bucket_dual_stack_domain_nameString

The IPv6 DNS name of the specified bucket.

Returns:

  • (String)


152
153
154
# File 's3/bucket_base.rb', line 152

def bucket_dual_stack_domain_name()
  jsii_get_property("bucketDualStackDomainName")
end

#bucket_nameString

The name of the bucket.

Returns:

  • (String)


159
160
161
# File 's3/bucket_base.rb', line 159

def bucket_name()
  jsii_get_property("bucketName")
end

#bucket_refAWSCDK::Interfaces::AWSS3::BucketReference

A reference to a Bucket resource.



166
167
168
# File 's3/bucket_base.rb', line 166

def bucket_ref()
  jsii_get_property("bucketRef")
end

#bucket_regional_domain_nameString

The regional domain name of the specified bucket.

Returns:

  • (String)


173
174
175
# File 's3/bucket_base.rb', line 173

def bucket_regional_domain_name()
  jsii_get_property("bucketRegionalDomainName")
end

#bucket_website_domain_nameString

The Domain name of the static website.

Returns:

  • (String)


180
181
182
# File 's3/bucket_base.rb', line 180

def bucket_website_domain_name()
  jsii_get_property("bucketWebsiteDomainName")
end

#bucket_website_urlString

The URL of the static website.

Returns:

  • (String)


187
188
189
# File 's3/bucket_base.rb', line 187

def bucket_website_url()
  jsii_get_property("bucketWebsiteUrl")
end

#disallow_public_accessBoolean?

Whether to disallow public access.

Returns:

  • (Boolean, nil)


227
228
229
# File 's3/bucket_base.rb', line 227

def disallow_public_access()
  jsii_get_property("disallowPublicAccess")
end

#disallow_public_access=(value) ⇒ Object



231
232
233
234
# File 's3/bucket_base.rb', line 231

def disallow_public_access=(value)
  Jsii::Type.check_type(value, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "disallowPublicAccess") unless value.nil?
  jsii_set_property("disallowPublicAccess", value)
end

#enable_event_bridge_notificationvoid

This method returns an undefined value.

Enables event bridge notification, causing all events below to be sent to EventBridge:.

  • Object Deleted (DeleteObject)
  • Object Deleted (Lifecycle expiration)
  • Object Restore Initiated
  • Object Restore Completed
  • Object Restore Expired
  • Object Storage Class Changed
  • Object Access Tier Changed
  • Object ACL Updated
  • Object Tags Added
  • Object Tags Deleted


500
501
502
# File 's3/bucket_base.rb', line 500

def enable_event_bridge_notification()
  jsii_call_method("enableEventBridgeNotification", [])
end

#encryption_keyAWSCDK::KMS::IKey?

Optional KMS encryption key associated with this bucket.

Returns:



201
202
203
# File 's3/bucket_base.rb', line 201

def encryption_key()
  jsii_get_property("encryptionKey")
end

#envAWSCDK::Interfaces::ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed in a Stack (those created by creating new class instances like new Role(), new Bucket(), etc.), this is always the same as the environment of the stack they belong to.

For referenced resources (those obtained from referencing methods like Role.fromRoleArn(), Bucket.fromBucketName(), etc.), they might be different than the stack they were imported into.



110
111
112
# File 's3/bucket_base.rb', line 110

def env()
  jsii_get_property("env")
end

#generate_physical_nameString

Returns:

  • (String)


349
350
351
# File 's3/bucket_base.rb', line 349

def generate_physical_name()
  jsii_call_method("generatePhysicalName", [])
end

#get_resource_arn_attribute(arn_attr, arn_components) ⇒ String

Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. bucket.bucketArn).

Normally, this token will resolve to arn_attr, but if the resource is referenced across environments, arn_components will be used to synthesize a concrete ARN with the resource's physical name. Make sure to reference this.physicalName in arn_components.

Parameters:

  • arn_attr (String)

    The CFN attribute which resolves to the ARN of the resource.

  • arn_components (AWSCDK::ARNComponents)

    The format of the ARN of this resource.

Returns:

  • (String)


363
364
365
366
367
368
# File 's3/bucket_base.rb', line 363

def get_resource_arn_attribute(arn_attr, arn_components)
  Jsii::Type.check_type(arn_attr, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "arnAttr")
  arn_components = arn_components.is_a?(Hash) ? ::AWSCDK::ARNComponents.new(**arn_components.transform_keys(&:to_sym)) : arn_components
  Jsii::Type.check_type(arn_components, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5Bcm5Db21wb25lbnRzIn0=")), "arnComponents")
  jsii_call_method("getResourceArnAttribute", [arn_attr, arn_components])
end

#get_resource_name_attribute(name_attr) ⇒ String

Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. bucket.bucketName).

Normally, this token will resolve to name_attr, but if the resource is referenced across environments, it will be resolved to this.physicalName, which will be a concrete name.

Parameters:

  • name_attr (String)

    The CFN attribute which resolves to the resource's name.

Returns:

  • (String)


378
379
380
381
# File 's3/bucket_base.rb', line 378

def get_resource_name_attribute(name_attr)
  Jsii::Type.check_type(name_attr, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "nameAttr")
  jsii_call_method("getResourceNameAttribute", [name_attr])
end

#grant_delete(identity, objects_key_pattern = nil) ⇒ AWSCDK::IAM::Grant

Grants s3:DeleteObject* permission to an IAM principal for objects in this bucket.

The use of this method is discouraged. Please use grants.delete() instead.

[disable-awslint:no-grants]

Parameters:

  • identity (AWSCDK::IAM::IGrantable)

    The principal.

  • objects_key_pattern (Object, nil) (defaults to: nil)

    Restrict the permission to a certain key pattern (default '*').

Returns:



513
514
515
516
517
# File 's3/bucket_base.rb', line 513

def grant_delete(identity, objects_key_pattern = nil)
  Jsii::Type.check_type(identity, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "identity")
  Jsii::Type.check_type(objects_key_pattern, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJhbnkifQ==")), "objectsKeyPattern") unless objects_key_pattern.nil?
  jsii_call_method("grantDelete", [identity, objects_key_pattern])
end

#grant_on_key(grantee, *actions) ⇒ AWSCDK::IAM::GrantOnKeyResult

Gives permissions to a grantable entity to perform actions on the encryption key.

Parameters:

Returns:



524
525
526
527
528
529
530
# File 's3/bucket_base.rb', line 524

def grant_on_key(grantee, *actions)
  Jsii::Type.check_type(grantee, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "grantee")
  actions.each_with_index do |item, index|
    Jsii::Type.check_type(item, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "actions[#{index}]")
  end
  jsii_call_method("grantOnKey", [grantee, *actions])
end

#grant_public_access(key_prefix = nil, *allowed_actions) ⇒ AWSCDK::IAM::Grant

Allows unrestricted access to objects from this bucket.

IMPORTANT: This permission allows anyone to perform actions on S3 objects in this bucket, which is useful for when you configure your bucket as a website and want everyone to be able to read objects in the bucket without needing to authenticate.

Without arguments, this method will grant read ("s3:GetObject") access to all objects ("*") in the bucket.

The method returns the iam.Grant object, which can then be modified as needed. For example, you can add a condition that will restrict access only to an IPv4 range like this:

const grant = bucket.grantPublicAccess();
grant.resourceStatement!.addCondition(‘IpAddress’, { “aws:SourceIp”: “54.240.143.0/24” });

Note that if this IBucket refers to an existing bucket, possibly not managed by CloudFormation, this method will have no effect, since it's impossible to modify the policy of an existing bucket.

The use of this method is discouraged. Please use grants.publicAccess() instead.

[disable-awslint:no-grants]

Parameters:

  • key_prefix (String, nil) (defaults to: nil)

    the prefix of S3 object keys (e.g. home/*). Default is "*".

  • allowed_actions (Array<String>)

    the set of S3 actions to allow.

Returns:



562
563
564
565
566
567
568
# File 's3/bucket_base.rb', line 562

def grant_public_access(key_prefix = nil, *allowed_actions)
  Jsii::Type.check_type(key_prefix, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "keyPrefix") unless key_prefix.nil?
  allowed_actions.each_with_index do |item, index|
    Jsii::Type.check_type(item, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "allowedActions[#{index}]")
  end
  jsii_call_method("grantPublicAccess", [key_prefix, *allowed_actions])
end

#grant_put(identity, objects_key_pattern = nil) ⇒ AWSCDK::IAM::Grant

Grants s3:PutObject* and s3:Abort* permissions for this bucket to an IAM principal.

If encryption is used, permission to use the key to encrypt the contents of written files will also be granted to the same principal.

The use of this method is discouraged. Please use grants.put() instead.

[disable-awslint:no-grants]

Parameters:

  • identity (AWSCDK::IAM::IGrantable)

    The principal.

  • objects_key_pattern (Object, nil) (defaults to: nil)

    Restrict the permission to a certain key pattern (default '*').

Returns:



582
583
584
585
586
# File 's3/bucket_base.rb', line 582

def grant_put(identity, objects_key_pattern = nil)
  Jsii::Type.check_type(identity, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "identity")
  Jsii::Type.check_type(objects_key_pattern, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJhbnkifQ==")), "objectsKeyPattern") unless objects_key_pattern.nil?
  jsii_call_method("grantPut", [identity, objects_key_pattern])
end

#grant_put_acl(identity, objects_key_pattern = nil) ⇒ AWSCDK::IAM::Grant

The use of this method is discouraged. Please use grants.putAcl() instead.

[disable-awslint:no-grants]

Parameters:

Returns:



595
596
597
598
599
# File 's3/bucket_base.rb', line 595

def grant_put_acl(identity, objects_key_pattern = nil)
  Jsii::Type.check_type(identity, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "identity")
  Jsii::Type.check_type(objects_key_pattern, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "objectsKeyPattern") unless objects_key_pattern.nil?
  jsii_call_method("grantPutAcl", [identity, objects_key_pattern])
end

#grant_read(identity, objects_key_pattern = nil) ⇒ AWSCDK::IAM::Grant

Grant read permissions for this bucket and its contents to an IAM principal (Role/Group/User).

If encryption is used, permission to use the key to decrypt the contents of the bucket will also be granted to the same principal.

The use of this method is discouraged. Please use grants.read() instead.

[disable-awslint:no-grants]

Parameters:

  • identity (AWSCDK::IAM::IGrantable)

    The principal.

  • objects_key_pattern (Object, nil) (defaults to: nil)

    Restrict the permission to a certain key pattern (default '*').

Returns:



613
614
615
616
617
# File 's3/bucket_base.rb', line 613

def grant_read(identity, objects_key_pattern = nil)
  Jsii::Type.check_type(identity, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "identity")
  Jsii::Type.check_type(objects_key_pattern, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJhbnkifQ==")), "objectsKeyPattern") unless objects_key_pattern.nil?
  jsii_call_method("grantRead", [identity, objects_key_pattern])
end

#grant_read_write(identity, objects_key_pattern = nil) ⇒ AWSCDK::IAM::Grant

The use of this method is discouraged. Please use grants.readWrite() instead.

[disable-awslint:no-grants]

Parameters:

Returns:



626
627
628
629
630
# File 's3/bucket_base.rb', line 626

def grant_read_write(identity, objects_key_pattern = nil)
  Jsii::Type.check_type(identity, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "identity")
  Jsii::Type.check_type(objects_key_pattern, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJhbnkifQ==")), "objectsKeyPattern") unless objects_key_pattern.nil?
  jsii_call_method("grantReadWrite", [identity, objects_key_pattern])
end

#grant_replication_permission(identity, props) ⇒ AWSCDK::IAM::Grant

Grant replication permission to a principal. This method allows the principal to perform replication operations on this bucket.

Note that when calling this function for source or destination buckets that support KMS encryption, you need to specify the KMS key for encryption and the KMS key for decryption, respectively.

The use of this method is discouraged. Please use grants.replicationPermission() instead.

[disable-awslint:no-grants]

Parameters:

Returns:



644
645
646
647
648
649
# File 's3/bucket_base.rb', line 644

def grant_replication_permission(identity, props)
  Jsii::Type.check_type(identity, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "identity")
  props = props.is_a?(Hash) ? ::AWSCDK::S3::GrantReplicationPermissionProps.new(**props.transform_keys(&:to_sym)) : props
  Jsii::Type.check_type(props, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfczMuR3JhbnRSZXBsaWNhdGlvblBlcm1pc3Npb25Qcm9wcyJ9")), "props")
  jsii_call_method("grantReplicationPermission", [identity, props])
end

#grant_write(identity, objects_key_pattern = nil, allowed_action_patterns = nil) ⇒ AWSCDK::IAM::Grant

The use of this method is discouraged. Please use grants.write() instead.

[disable-awslint:no-grants]

Parameters:

  • identity (AWSCDK::IAM::IGrantable)
  • objects_key_pattern (Object, nil) (defaults to: nil)
  • allowed_action_patterns (Array<String>, nil) (defaults to: nil)

Returns:



659
660
661
662
663
664
# File 's3/bucket_base.rb', line 659

def grant_write(identity, objects_key_pattern = nil, allowed_action_patterns = nil)
  Jsii::Type.check_type(identity, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "identity")
  Jsii::Type.check_type(objects_key_pattern, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJhbnkifQ==")), "objectsKeyPattern") unless objects_key_pattern.nil?
  Jsii::Type.check_type(allowed_action_patterns, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7InByaW1pdGl2ZSI6InN0cmluZyJ9LCJraW5kIjoiYXJyYXkifX0=")), "allowedActionPatterns") unless allowed_action_patterns.nil?
  jsii_call_method("grantWrite", [identity, objects_key_pattern, allowed_action_patterns])
end

#grantsAWSCDK::S3::BucketGrants

Collection of grant methods for a Bucket.



194
195
196
# File 's3/bucket_base.rb', line 194

def grants()
  jsii_get_property("grants")
end

#is_websiteBoolean?

If this bucket has been configured for static website hosting.

Returns:

  • (Boolean, nil)


208
209
210
# File 's3/bucket_base.rb', line 208

def is_website()
  jsii_get_property("isWebsite")
end

#maybe_auto_create_policyvoid

This method returns an undefined value.

Ensures a bucket policy exists on the L2 if autoCreatePolicy is set.



669
670
671
# File 's3/bucket_base.rb', line 669

def maybe_auto_create_policy()
  jsii_call_method("maybeAutoCreatePolicy", [])
end

#nodeConstructs::Node

The tree node.

Returns:

  • (Constructs::Node)


95
96
97
# File 's3/bucket_base.rb', line 95

def node()
  jsii_get_property("node")
end

#notifications_handler_roleAWSCDK::IAM::IRole?

Returns:



237
238
239
# File 's3/bucket_base.rb', line 237

def notifications_handler_role()
  jsii_get_property("notificationsHandlerRole")
end

#notifications_handler_role=(value) ⇒ Object



241
242
243
244
# File 's3/bucket_base.rb', line 241

def notifications_handler_role=(value)
  Jsii::Type.check_type(value, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklSb2xlIn0=")), "notificationsHandlerRole") unless value.nil?
  jsii_set_property("notificationsHandlerRole", value)
end

#notifications_skip_destination_validationBoolean?

Returns:

  • (Boolean, nil)


247
248
249
# File 's3/bucket_base.rb', line 247

def notifications_skip_destination_validation()
  jsii_get_property("notificationsSkipDestinationValidation")
end

#notifications_skip_destination_validation=(value) ⇒ Object



251
252
253
254
# File 's3/bucket_base.rb', line 251

def notifications_skip_destination_validation=(value)
  Jsii::Type.check_type(value, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "notificationsSkipDestinationValidation") unless value.nil?
  jsii_set_property("notificationsSkipDestinationValidation", value)
end

#object_ownershipAWSCDK::S3::ObjectOwnership?

Returns:



257
258
259
# File 's3/bucket_base.rb', line 257

def object_ownership()
  jsii_get_property("objectOwnership")
end

#object_ownership=(value) ⇒ Object



261
262
263
264
# File 's3/bucket_base.rb', line 261

def object_ownership=(value)
  Jsii::Type.check_type(value, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfczMuT2JqZWN0T3duZXJzaGlwIn0=")), "objectOwnership") unless value.nil?
  jsii_set_property("objectOwnership", value)
end

#on_cloud_trail_event(id, options = nil) ⇒ AWSCDK::Events::Rule

Define a CloudWatch event that triggers when something happens to this repository.

Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail.

Parameters:

Returns:



681
682
683
684
685
686
# File 's3/bucket_base.rb', line 681

def on_cloud_trail_event(id, options = nil)
  Jsii::Type.check_type(id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "id")
  options = options.is_a?(Hash) ? ::AWSCDK::S3::OnCloudTrailBucketEventOptions.new(**options.transform_keys(&:to_sym)) : options
  Jsii::Type.check_type(options, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfczMuT25DbG91ZFRyYWlsQnVja2V0RXZlbnRPcHRpb25zIn0=")), "options") unless options.nil?
  jsii_call_method("onCloudTrailEvent", [id, options])
end

#on_cloud_trail_put_object(id, options = nil) ⇒ AWSCDK::Events::Rule

Defines an AWS CloudWatch event that triggers when an object is uploaded to the specified paths (keys) in this bucket using the PutObject API call.

Note that some tools like aws s3 cp will automatically use either PutObject or the multipart upload API depending on the file size, so using on_cloud_trail_write_object may be preferable.

Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail.

Parameters:

Returns:



700
701
702
703
704
705
# File 's3/bucket_base.rb', line 700

def on_cloud_trail_put_object(id, options = nil)
  Jsii::Type.check_type(id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "id")
  options = options.is_a?(Hash) ? ::AWSCDK::S3::OnCloudTrailBucketEventOptions.new(**options.transform_keys(&:to_sym)) : options
  Jsii::Type.check_type(options, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfczMuT25DbG91ZFRyYWlsQnVja2V0RXZlbnRPcHRpb25zIn0=")), "options") unless options.nil?
  jsii_call_method("onCloudTrailPutObject", [id, options])
end

#on_cloud_trail_write_object(id, options = nil) ⇒ AWSCDK::Events::Rule

Defines an AWS CloudWatch event that triggers when an object at the specified paths (keys) in this bucket are written to.

This includes the events PutObject, CopyObject, and CompleteMultipartUpload.

Note that some tools like aws s3 cp will automatically use either PutObject or the multipart upload API depending on the file size, so using this method may be preferable to on_cloud_trail_put_object.

Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail.

Parameters:

Returns:



722
723
724
725
726
727
# File 's3/bucket_base.rb', line 722

def on_cloud_trail_write_object(id, options = nil)
  Jsii::Type.check_type(id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "id")
  options = options.is_a?(Hash) ? ::AWSCDK::S3::OnCloudTrailBucketEventOptions.new(**options.transform_keys(&:to_sym)) : options
  Jsii::Type.check_type(options, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfczMuT25DbG91ZFRyYWlsQnVja2V0RXZlbnRPcHRpb25zIn0=")), "options") unless options.nil?
  jsii_call_method("onCloudTrailWriteObject", [id, options])
end

#physical_nameString

Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.

This value will resolve to one of the following:

  • a concrete value (e.g. "my-awesome-bucket")
  • undefined, when a name should be generated by CloudFormation
  • a concrete name generated automatically during synthesis, in cross-environment scenarios.

Returns:

  • (String)


124
125
126
# File 's3/bucket_base.rb', line 124

def physical_name()
  jsii_get_property("physicalName")
end

#policyAWSCDK::S3::BucketPolicy?

The resource policy associated with this bucket.

If auto_create_policy is true, a BucketPolicy will be created upon the first call to addToResourcePolicy(s).

Returns:



272
273
274
# File 's3/bucket_base.rb', line 272

def policy()
  jsii_get_property("policy")
end

#policy=(value) ⇒ Object



276
277
278
279
# File 's3/bucket_base.rb', line 276

def policy=(value)
  Jsii::Type.check_type(value, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfczMuQnVja2V0UG9saWN5In0=")), "policy") unless value.nil?
  jsii_set_property("policy", value)
end

#replication_role_arnString?

Role used to set up permissions on this bucket for replication.

Returns:

  • (String, nil)


284
285
286
# File 's3/bucket_base.rb', line 284

def replication_role_arn()
  jsii_get_property("replicationRoleArn")
end

#replication_role_arn=(value) ⇒ Object



288
289
290
291
# File 's3/bucket_base.rb', line 288

def replication_role_arn=(value)
  Jsii::Type.check_type(value, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "replicationRoleArn") unless value.nil?
  jsii_set_property("replicationRoleArn", value)
end

#s3_url_for_object(key = nil) ⇒ String

The S3 URL of an S3 object. For example:.

  • s3://onlybucket
  • s3://bucket/key

Parameters:

  • key (String, nil) (defaults to: nil)

    The S3 key of the object.

Returns:

  • (String)

    an ObjectS3Url token



736
737
738
739
# File 's3/bucket_base.rb', line 736

def s3_url_for_object(key = nil)
  Jsii::Type.check_type(key, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "key") unless key.nil?
  jsii_call_method("s3UrlForObject", [key])
end

#stackAWSCDK::Stack

The stack in which this resource is defined.

Returns:



131
132
133
# File 's3/bucket_base.rb', line 131

def stack()
  jsii_get_property("stack")
end

#to_stringString

Returns a string representation of this construct.

Returns:

  • (String)


296
297
298
# File 's3/bucket_base.rb', line 296

def to_string()
  jsii_call_method("toString", [])
end

#transfer_acceleration_url_for_object(key = nil, options = nil) ⇒ String

The https Transfer Acceleration URL of an S3 object.

Specify dualStack: true at the options for dual-stack endpoint (connect to the bucket over IPv6). For example:

  • https://bucket.s3-accelerate.amazonaws.com
  • https://bucket.s3-accelerate.amazonaws.com/key

Parameters:

Returns:

  • (String)

    an TransferAccelerationUrl token



752
753
754
755
756
757
# File 's3/bucket_base.rb', line 752

def transfer_acceleration_url_for_object(key = nil, options = nil)
  Jsii::Type.check_type(key, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "key") unless key.nil?
  options = options.is_a?(Hash) ? ::AWSCDK::S3::TransferAccelerationURLOptions.new(**options.transform_keys(&:to_sym)) : options
  Jsii::Type.check_type(options, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfczMuVHJhbnNmZXJBY2NlbGVyYXRpb25VcmxPcHRpb25zIn0=")), "options") unless options.nil?
  jsii_call_method("transferAccelerationUrlForObject", [key, options])
end

#url_for_object(key = nil) ⇒ String

The https URL of an S3 object. Specify regional: false at the options for non-regional URLs. For example:.

  • https://s3.us-west-1.amazonaws.com/onlybucket
  • https://s3.us-west-1.amazonaws.com/bucket/key
  • https://s3.cn-north-1.amazonaws.com.cn/china-bucket/mykey

Parameters:

  • key (String, nil) (defaults to: nil)

    The S3 key of the object.

Returns:

  • (String)

    an ObjectS3Url token



767
768
769
770
# File 's3/bucket_base.rb', line 767

def url_for_object(key = nil)
  Jsii::Type.check_type(key, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "key") unless key.nil?
  jsii_call_method("urlForObject", [key])
end

#virtual_hosted_url_for_object(key = nil, options = nil) ⇒ String

The virtual hosted-style URL of an S3 object. Specify regional: false at the options for non-regional URL. For example:.

  • https://only-bucket.s3.us-west-1.amazonaws.com
  • https://bucket.s3.us-west-1.amazonaws.com/key
  • https://bucket.s3.amazonaws.com/key
  • https://china-bucket.s3.cn-north-1.amazonaws.com.cn/mykey

Parameters:

Returns:

  • (String)

    an ObjectS3Url token



782
783
784
785
786
787
# File 's3/bucket_base.rb', line 782

def virtual_hosted_url_for_object(key = nil, options = nil)
  Jsii::Type.check_type(key, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "key") unless key.nil?
  options = options.is_a?(Hash) ? ::AWSCDK::S3::VirtualHostedStyleURLOptions.new(**options.transform_keys(&:to_sym)) : options
  Jsii::Type.check_type(options, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfczMuVmlydHVhbEhvc3RlZFN0eWxlVXJsT3B0aW9ucyJ9")), "options") unless options.nil?
  jsii_call_method("virtualHostedUrlForObject", [key, options])
end

#with(*mixins) ⇒ Constructs::IConstruct

Applies one or more mixins to this construct.

Mixins are applied in order. The list of constructs is captured at the start of the call, so constructs added by a mixin will not be visited. Use multiple with() calls if subsequent mixins should apply to added constructs.

Parameters:

  • mixins (Array<Constructs::IMixin>)

Returns:

  • (Constructs::IConstruct)


309
310
311
312
313
314
# File 's3/bucket_base.rb', line 309

def with(*mixins)
  mixins.each_with_index do |item, index|
    Jsii::Type.check_type(item, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJjb25zdHJ1Y3RzLklNaXhpbiJ9")), "mixins[#{index}]")
  end
  jsii_call_method("with", [*mixins])
end