Class: AWSCDK::S3::BucketProps

Inherits:
Jsii::Struct
  • Object
show all
Defined in:
s3/bucket_props.rb

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(abac_status: nil, access_control: nil, auto_delete_objects: nil, blocked_encryption_types: nil, block_public_access: nil, bucket_key_enabled: nil, bucket_name: nil, bucket_name_prefix: nil, bucket_namespace: nil, cors: nil, encryption: nil, encryption_key: nil, enforce_ssl: nil, event_bridge_enabled: nil, intelligent_tiering_configurations: nil, inventories: nil, lifecycle_rules: nil, metrics: nil, minimum_tls_version: nil, notifications_handler_role: nil, notifications_skip_destination_validation: nil, object_lock_default_retention: nil, object_lock_enabled: nil, object_ownership: nil, public_read_access: nil, removal_policy: nil, replication_role: nil, replication_rules: nil, server_access_logs_bucket: nil, server_access_logs_prefix: nil, target_object_key_format: nil, transfer_acceleration: nil, transition_default_minimum_object_size: nil, versioned: nil, website_error_document: nil, website_index_document: nil, website_redirect: nil, website_routing_rules: nil) ⇒ BucketProps

Returns a new instance of BucketProps.

Parameters:

  • abac_status (Boolean, nil) (defaults to: nil)

    Enables Amazon S3 to evaluate the ABAC policy in the request.

  • access_control (AWSCDK::S3::BucketAccessControl, nil) (defaults to: nil)

    Specifies a canned ACL that grants predefined permissions to the bucket.

  • auto_delete_objects (Boolean, nil) (defaults to: nil)

    Whether all objects should be automatically deleted when the bucket is removed from the stack or when the stack is deleted.

  • blocked_encryption_types (Array<AWSCDK::S3::BlockedEncryptionType>, nil) (defaults to: nil)

    Encryption types that should be blocked for this bucket. Use NONE to allow all encryption types.

  • block_public_access (AWSCDK::S3::BlockPublicAccess, nil) (defaults to: nil)

    The block public access configuration of this bucket.

  • bucket_key_enabled (Boolean, nil) (defaults to: nil)

    Whether Amazon S3 should use its own intermediary key to generate data keys.

  • bucket_name (String, nil) (defaults to: nil)

    Physical name of this bucket.

  • bucket_name_prefix (String, nil) (defaults to: nil)

    A prefix for the bucket name in the account-regional namespace.

  • bucket_namespace (AWSCDK::S3::BucketNamespace, nil) (defaults to: nil)

    The namespace for the bucket name.

  • cors (Array<AWSCDK::S3::CorsRule>, nil) (defaults to: nil)

    The CORS configuration of this bucket.

  • encryption (AWSCDK::S3::BucketEncryption, nil) (defaults to: nil)

    The kind of server-side encryption to apply to this bucket.

  • encryption_key (AWSCDK::KMS::IKey, nil) (defaults to: nil)

    External KMS key to use for bucket encryption.

  • enforce_ssl (Boolean, nil) (defaults to: nil)

    Enforces SSL for requests.

  • event_bridge_enabled (Boolean, nil) (defaults to: nil)

    Whether this bucket should send notifications to Amazon EventBridge or not.

  • intelligent_tiering_configurations (Array<AWSCDK::S3::IntelligentTieringConfiguration>, nil) (defaults to: nil)

    Intelligent Tiering Configurations.

  • inventories (Array<AWSCDK::S3::Inventory>, nil) (defaults to: nil)

    The inventory configuration of the bucket.

  • lifecycle_rules (Array<AWSCDK::S3::LifecycleRule>, nil) (defaults to: nil)

    Rules that define how Amazon S3 manages objects during their lifetime.

  • metrics (Array<AWSCDK::S3::BucketMetrics>, nil) (defaults to: nil)

    The metrics configuration of this bucket.

  • minimum_tls_version (Numeric, nil) (defaults to: nil)

    Enforces minimum TLS version for requests.

  • notifications_handler_role (AWSCDK::IAM::IRole, nil) (defaults to: nil)

    The role to be used by the notifications handler.

  • notifications_skip_destination_validation (Boolean, nil) (defaults to: nil)

    Skips notification validation of Amazon SQS, Amazon SNS, and Lambda destinations.

  • object_lock_default_retention (AWSCDK::S3::ObjectLockRetention, nil) (defaults to: nil)

    The default retention mode and rules for S3 Object Lock.

  • object_lock_enabled (Boolean, nil) (defaults to: nil)

    Enable object lock on the bucket.

  • object_ownership (AWSCDK::S3::ObjectOwnership, nil) (defaults to: nil)

    The objectOwnership of the bucket.

  • public_read_access (Boolean, nil) (defaults to: nil)

    Grants public read access to all objects in the bucket.

  • removal_policy (AWSCDK::RemovalPolicy, nil) (defaults to: nil)

    Policy to apply when the bucket is removed from this stack.

  • replication_role (AWSCDK::IAM::IRole, nil) (defaults to: nil)

    The role to be used by the replication.

  • replication_rules (Array<AWSCDK::S3::ReplicationRule>, nil) (defaults to: nil)

    A container for one or more replication rules.

  • server_access_logs_bucket (AWSCDK::S3::IBucket, nil) (defaults to: nil)

    Destination bucket for the server access logs.

  • server_access_logs_prefix (String, nil) (defaults to: nil)

    Optional log file prefix to use for the bucket's access logs.

  • target_object_key_format (AWSCDK::S3::TargetObjectKeyFormat, nil) (defaults to: nil)

    Optional key format for log objects.

  • transfer_acceleration (Boolean, nil) (defaults to: nil)

    Whether this bucket should have transfer acceleration turned on or not.

  • transition_default_minimum_object_size (AWSCDK::S3::TransitionDefaultMinimumObjectSize, nil) (defaults to: nil)

    Indicates which default minimum object size behavior is applied to the lifecycle configuration.

  • versioned (Boolean, nil) (defaults to: nil)

    Whether this bucket should have versioning turned on or not.

  • website_error_document (String, nil) (defaults to: nil)

    The name of the error document (e.g. "404.html") for the website. websiteIndexDocument must also be set if this is set.

  • website_index_document (String, nil) (defaults to: nil)

    The name of the index document (e.g. "index.html") for the website. Enables static website hosting for this bucket.

  • website_redirect (AWSCDK::S3::RedirectTarget, nil) (defaults to: nil)

    Specifies the redirect behavior of all requests to a website endpoint of a bucket.

  • website_routing_rules (Array<AWSCDK::S3::RoutingRule>, nil) (defaults to: nil)

    Rules that define when a redirect is applied and the redirect behavior.



44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
# File 's3/bucket_props.rb', line 44

def initialize(abac_status: nil, access_control: nil, auto_delete_objects: nil, blocked_encryption_types: nil, block_public_access: nil, bucket_key_enabled: nil, bucket_name: nil, bucket_name_prefix: nil, bucket_namespace: nil, cors: nil, encryption: nil, encryption_key: nil, enforce_ssl: nil, event_bridge_enabled: nil, intelligent_tiering_configurations: nil, inventories: nil, lifecycle_rules: nil, metrics: nil, minimum_tls_version: nil, notifications_handler_role: nil, notifications_skip_destination_validation: nil, object_lock_default_retention: nil, object_lock_enabled: nil, object_ownership: nil, public_read_access: nil, removal_policy: nil, replication_role: nil, replication_rules: nil, server_access_logs_bucket: nil, server_access_logs_prefix: nil, target_object_key_format: nil, transfer_acceleration: nil, transition_default_minimum_object_size: nil, versioned: nil, website_error_document: nil, website_index_document: nil, website_redirect: nil, website_routing_rules: nil)
  @abac_status = abac_status
  Jsii::Type.check_type(@abac_status, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "abacStatus") unless @abac_status.nil?
  @access_control = access_control
  Jsii::Type.check_type(@access_control, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfczMuQnVja2V0QWNjZXNzQ29udHJvbCJ9")), "accessControl") unless @access_control.nil?
  @auto_delete_objects = auto_delete_objects
  Jsii::Type.check_type(@auto_delete_objects, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "autoDeleteObjects") unless @auto_delete_objects.nil?
  @blocked_encryption_types = blocked_encryption_types
  Jsii::Type.check_type(@blocked_encryption_types, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7ImZxbiI6ImF3cy1jZGstbGliLmF3c19zMy5CbG9ja2VkRW5jcnlwdGlvblR5cGUifSwia2luZCI6ImFycmF5In19")), "blockedEncryptionTypes") unless @blocked_encryption_types.nil?
  @block_public_access = block_public_access
  Jsii::Type.check_type(@block_public_access, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfczMuQmxvY2tQdWJsaWNBY2Nlc3MifQ==")), "blockPublicAccess") unless @block_public_access.nil?
  @bucket_key_enabled = bucket_key_enabled
  Jsii::Type.check_type(@bucket_key_enabled, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "bucketKeyEnabled") unless @bucket_key_enabled.nil?
  @bucket_name = bucket_name
  Jsii::Type.check_type(@bucket_name, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "bucketName") unless @bucket_name.nil?
  @bucket_name_prefix = bucket_name_prefix
  Jsii::Type.check_type(@bucket_name_prefix, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "bucketNamePrefix") unless @bucket_name_prefix.nil?
  @bucket_namespace = bucket_namespace
  Jsii::Type.check_type(@bucket_namespace, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfczMuQnVja2V0TmFtZXNwYWNlIn0=")), "bucketNamespace") unless @bucket_namespace.nil?
  @cors = cors.is_a?(Array) ? cors.map { |jsii_v0| jsii_v0.is_a?(Hash) ? ::AWSCDK::S3::CorsRule.new(**jsii_v0.transform_keys(&:to_sym)) : jsii_v0 } : cors
  Jsii::Type.check_type(@cors, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7ImZxbiI6ImF3cy1jZGstbGliLmF3c19zMy5Db3JzUnVsZSJ9LCJraW5kIjoiYXJyYXkifX0=")), "cors") unless @cors.nil?
  @encryption = encryption
  Jsii::Type.check_type(@encryption, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfczMuQnVja2V0RW5jcnlwdGlvbiJ9")), "encryption") unless @encryption.nil?
  @encryption_key = encryption_key
  Jsii::Type.check_type(@encryption_key, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3Nfa21zLklLZXkifQ==")), "encryptionKey") unless @encryption_key.nil?
  @enforce_ssl = enforce_ssl
  Jsii::Type.check_type(@enforce_ssl, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "enforceSSL") unless @enforce_ssl.nil?
  @event_bridge_enabled = event_bridge_enabled
  Jsii::Type.check_type(@event_bridge_enabled, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "eventBridgeEnabled") unless @event_bridge_enabled.nil?
  @intelligent_tiering_configurations = intelligent_tiering_configurations.is_a?(Array) ? intelligent_tiering_configurations.map { |jsii_v0| jsii_v0.is_a?(Hash) ? ::AWSCDK::S3::IntelligentTieringConfiguration.new(**jsii_v0.transform_keys(&:to_sym)) : jsii_v0 } : intelligent_tiering_configurations
  Jsii::Type.check_type(@intelligent_tiering_configurations, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7ImZxbiI6ImF3cy1jZGstbGliLmF3c19zMy5JbnRlbGxpZ2VudFRpZXJpbmdDb25maWd1cmF0aW9uIn0sImtpbmQiOiJhcnJheSJ9fQ==")), "intelligentTieringConfigurations") unless @intelligent_tiering_configurations.nil?
  @inventories = inventories.is_a?(Array) ? inventories.map { |jsii_v0| jsii_v0.is_a?(Hash) ? ::AWSCDK::S3::Inventory.new(**jsii_v0.transform_keys(&:to_sym)) : jsii_v0 } : inventories
  Jsii::Type.check_type(@inventories, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7ImZxbiI6ImF3cy1jZGstbGliLmF3c19zMy5JbnZlbnRvcnkifSwia2luZCI6ImFycmF5In19")), "inventories") unless @inventories.nil?
  @lifecycle_rules = lifecycle_rules.is_a?(Array) ? lifecycle_rules.map { |jsii_v0| jsii_v0.is_a?(Hash) ? ::AWSCDK::S3::LifecycleRule.new(**jsii_v0.transform_keys(&:to_sym)) : jsii_v0 } : lifecycle_rules
  Jsii::Type.check_type(@lifecycle_rules, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7ImZxbiI6ImF3cy1jZGstbGliLmF3c19zMy5MaWZlY3ljbGVSdWxlIn0sImtpbmQiOiJhcnJheSJ9fQ==")), "lifecycleRules") unless @lifecycle_rules.nil?
  @metrics = metrics.is_a?(Array) ? metrics.map { |jsii_v0| jsii_v0.is_a?(Hash) ? ::AWSCDK::S3::BucketMetrics.new(**jsii_v0.transform_keys(&:to_sym)) : jsii_v0 } : metrics
  Jsii::Type.check_type(@metrics, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7ImZxbiI6ImF3cy1jZGstbGliLmF3c19zMy5CdWNrZXRNZXRyaWNzIn0sImtpbmQiOiJhcnJheSJ9fQ==")), "metrics") unless @metrics.nil?
  @minimum_tls_version = minimum_tls_version
  Jsii::Type.check_type(@minimum_tls_version, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJudW1iZXIifQ==")), "minimumTLSVersion") unless @minimum_tls_version.nil?
  @notifications_handler_role = notifications_handler_role
  Jsii::Type.check_type(@notifications_handler_role, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklSb2xlIn0=")), "notificationsHandlerRole") unless @notifications_handler_role.nil?
  @notifications_skip_destination_validation = notifications_skip_destination_validation
  Jsii::Type.check_type(@notifications_skip_destination_validation, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "notificationsSkipDestinationValidation") unless @notifications_skip_destination_validation.nil?
  @object_lock_default_retention = object_lock_default_retention
  Jsii::Type.check_type(@object_lock_default_retention, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfczMuT2JqZWN0TG9ja1JldGVudGlvbiJ9")), "objectLockDefaultRetention") unless @object_lock_default_retention.nil?
  @object_lock_enabled = object_lock_enabled
  Jsii::Type.check_type(@object_lock_enabled, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "objectLockEnabled") unless @object_lock_enabled.nil?
  @object_ownership = object_ownership
  Jsii::Type.check_type(@object_ownership, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfczMuT2JqZWN0T3duZXJzaGlwIn0=")), "objectOwnership") unless @object_ownership.nil?
  @public_read_access = public_read_access
  Jsii::Type.check_type(@public_read_access, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "publicReadAccess") unless @public_read_access.nil?
  @removal_policy = removal_policy
  Jsii::Type.check_type(@removal_policy, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5SZW1vdmFsUG9saWN5In0=")), "removalPolicy") unless @removal_policy.nil?
  @replication_role = replication_role
  Jsii::Type.check_type(@replication_role, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklSb2xlIn0=")), "replicationRole") unless @replication_role.nil?
  @replication_rules = replication_rules.is_a?(Array) ? replication_rules.map { |jsii_v0| jsii_v0.is_a?(Hash) ? ::AWSCDK::S3::ReplicationRule.new(**jsii_v0.transform_keys(&:to_sym)) : jsii_v0 } : replication_rules
  Jsii::Type.check_type(@replication_rules, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7ImZxbiI6ImF3cy1jZGstbGliLmF3c19zMy5SZXBsaWNhdGlvblJ1bGUifSwia2luZCI6ImFycmF5In19")), "replicationRules") unless @replication_rules.nil?
  @server_access_logs_bucket = server_access_logs_bucket
  Jsii::Type.check_type(@server_access_logs_bucket, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfczMuSUJ1Y2tldCJ9")), "serverAccessLogsBucket") unless @server_access_logs_bucket.nil?
  @server_access_logs_prefix = server_access_logs_prefix
  Jsii::Type.check_type(@server_access_logs_prefix, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "serverAccessLogsPrefix") unless @server_access_logs_prefix.nil?
  @target_object_key_format = target_object_key_format
  Jsii::Type.check_type(@target_object_key_format, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfczMuVGFyZ2V0T2JqZWN0S2V5Rm9ybWF0In0=")), "targetObjectKeyFormat") unless @target_object_key_format.nil?
  @transfer_acceleration = transfer_acceleration
  Jsii::Type.check_type(@transfer_acceleration, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "transferAcceleration") unless @transfer_acceleration.nil?
  @transition_default_minimum_object_size = transition_default_minimum_object_size
  Jsii::Type.check_type(@transition_default_minimum_object_size, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfczMuVHJhbnNpdGlvbkRlZmF1bHRNaW5pbXVtT2JqZWN0U2l6ZSJ9")), "transitionDefaultMinimumObjectSize") unless @transition_default_minimum_object_size.nil?
  @versioned = versioned
  Jsii::Type.check_type(@versioned, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "versioned") unless @versioned.nil?
  @website_error_document = website_error_document
  Jsii::Type.check_type(@website_error_document, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "websiteErrorDocument") unless @website_error_document.nil?
  @website_index_document = website_index_document
  Jsii::Type.check_type(@website_index_document, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "websiteIndexDocument") unless @website_index_document.nil?
  @website_redirect = website_redirect.is_a?(Hash) ? ::AWSCDK::S3::RedirectTarget.new(**website_redirect.transform_keys(&:to_sym)) : website_redirect
  Jsii::Type.check_type(@website_redirect, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfczMuUmVkaXJlY3RUYXJnZXQifQ==")), "websiteRedirect") unless @website_redirect.nil?
  @website_routing_rules = website_routing_rules.is_a?(Array) ? website_routing_rules.map { |jsii_v0| jsii_v0.is_a?(Hash) ? ::AWSCDK::S3::RoutingRule.new(**jsii_v0.transform_keys(&:to_sym)) : jsii_v0 } : website_routing_rules
  Jsii::Type.check_type(@website_routing_rules, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7ImZxbiI6ImF3cy1jZGstbGliLmF3c19zMy5Sb3V0aW5nUnVsZSJ9LCJraW5kIjoiYXJyYXkifX0=")), "websiteRoutingRules") unless @website_routing_rules.nil?
end

Instance Attribute Details

#abac_statusBoolean? (readonly)

Note:

Default: - The ABAC status is not set

Enables Amazon S3 to evaluate the ABAC policy in the request.

Set to true to enable ABAC, false to explicitly disable it.



130
131
132
# File 's3/bucket_props.rb', line 130

def abac_status
  @abac_status
end

#access_controlAWSCDK::S3::BucketAccessControl? (readonly)

Note:

Default: BucketAccessControl.PRIVATE

Specifies a canned ACL that grants predefined permissions to the bucket.



135
136
137
# File 's3/bucket_props.rb', line 135

def access_control
  @access_control
end

#auto_delete_objectsBoolean? (readonly)

Note:

Default: false

Whether all objects should be automatically deleted when the bucket is removed from the stack or when the stack is deleted.

Requires the removal_policy to be set to RemovalPolicy.DESTROY.

Warning if you have deployed a bucket with autoDeleteObjects: true, switching this to false in a CDK version before 1.126.0 will lead to all objects in the bucket being deleted. Be sure to update your bucket resources by deploying with CDK version 1.126.0 or later before switching this value to false.

Setting auto_delete_objects to true on a bucket will add s3:PutBucketPolicy to the bucket policy. This is because during bucket deletion, the custom resource provider needs to update the bucket policy by adding a deny policy for s3:PutObject to prevent race conditions with external bucket writers.

Returns:

  • (Boolean, nil)


152
153
154
# File 's3/bucket_props.rb', line 152

def auto_delete_objects
  @auto_delete_objects
end

#block_public_accessAWSCDK::S3::BlockPublicAccess? (readonly)

Note:

Default: - CloudFormation defaults will apply. New buckets and objects don't allow public access, but users can modify bucket policies or object permissions to allow public access

The block public access configuration of this bucket.



166
167
168
# File 's3/bucket_props.rb', line 166

def block_public_access
  @block_public_access
end

#blocked_encryption_typesArray<AWSCDK::S3::BlockedEncryptionType>? (readonly)

Note:

Default: - Amazon S3 determines which encryption types to block.

Encryption types that should be blocked for this bucket. Use NONE to allow all encryption types.

At least one BlockedEncryptionType must be given. If NONE is given, it must be the only BlockedEncryptionType in the list.

Returns:



160
161
162
# File 's3/bucket_props.rb', line 160

def blocked_encryption_types
  @blocked_encryption_types
end

#bucket_key_enabledBoolean? (readonly)

Note:

Default: - false

Whether Amazon S3 should use its own intermediary key to generate data keys.

Only relevant when using KMS for encryption.

  • If not enabled, every object GET and PUT will cause an API call to KMS (with the attendant cost implications of that).
  • If enabled, S3 will use its own time-limited key instead.

Only relevant, when Encryption is not set to BucketEncryption.UNENCRYPTED.

Returns:

  • (Boolean, nil)


179
180
181
# File 's3/bucket_props.rb', line 179

def bucket_key_enabled
  @bucket_key_enabled
end

#bucket_nameString? (readonly)

Note:

Default: - Assigned by CloudFormation (recommended).

Physical name of this bucket.

Cannot be used together with bucket_name_prefix or bucket_namespace.

Returns:

  • (String, nil)


186
187
188
# File 's3/bucket_props.rb', line 186

def bucket_name
  @bucket_name
end

#bucket_name_prefixString? (readonly)

Note:

Default: - No prefix.

A prefix for the bucket name in the account-regional namespace.

Requires bucket_namespace to be set to ACCOUNT_REGIONAL. Cannot be used together with bucket_name.

CloudFormation appends -<accountId>-<region>-an to form the full name. For example, my-app becomes my-app-123456789012-us-east-1-an.

Must contain only lowercase letters, numbers, and hyphens. Must start and end with a lowercase letter or number.

Returns:

  • (String, nil)


200
201
202
# File 's3/bucket_props.rb', line 200

def bucket_name_prefix
  @bucket_name_prefix
end

#bucket_namespaceAWSCDK::S3::BucketNamespace? (readonly)

Note:

Default: - Global namespace.

The namespace for the bucket name.

AWS recommends ACCOUNT_REGIONAL for improved security, as bucket names are scoped to your account and cannot be claimed by other accounts. When set to ACCOUNT_REGIONAL, bucket_name_prefix is required. When set to GLOBAL, it can be used standalone to explicitly specify the default namespace.



211
212
213
# File 's3/bucket_props.rb', line 211

def bucket_namespace
  @bucket_namespace
end

#corsArray<AWSCDK::S3::CorsRule>? (readonly)

Note:

Default: - No CORS configuration.

The CORS configuration of this bucket.



217
218
219
# File 's3/bucket_props.rb', line 217

def cors
  @cors
end

#encryptionAWSCDK::S3::BucketEncryption? (readonly)

Note:

Default: - KMS if encryptionKey is specified, or S3_MANAGED otherwise.

The kind of server-side encryption to apply to this bucket.

If you choose KMS, you can specify a KMS key via encryption_key. If encryption key is not specified, a key will automatically be created.



225
226
227
# File 's3/bucket_props.rb', line 225

def encryption
  @encryption
end

#encryption_keyAWSCDK::KMS::IKey? (readonly)

Note:

Default: - If encryption is set to KMS and this property is undefined, a new KMS key will be created and associated with this bucket.

External KMS key to use for bucket encryption.

The encryption property must be either not specified or set to KMS or DSSE. An error will be emitted if encryption is set to UNENCRYPTED or S3_MANAGED.

Returns:



233
234
235
# File 's3/bucket_props.rb', line 233

def encryption_key
  @encryption_key
end

#enforce_sslBoolean? (readonly)

Note:

Default: false

Enforces SSL for requests.

S3.5 of the AWS Foundational Security Best Practices Regarding S3.



241
242
243
# File 's3/bucket_props.rb', line 241

def enforce_ssl
  @enforce_ssl
end

#event_bridge_enabledBoolean? (readonly)

Note:

Default: false

Whether this bucket should send notifications to Amazon EventBridge or not.

Returns:

  • (Boolean, nil)


246
247
248
# File 's3/bucket_props.rb', line 246

def event_bridge_enabled
  @event_bridge_enabled
end

#intelligent_tiering_configurationsArray<AWSCDK::S3::IntelligentTieringConfiguration>? (readonly)

Note:

Default: No Intelligent Tiering Configurations.

Intelligent Tiering Configurations.



252
253
254
# File 's3/bucket_props.rb', line 252

def intelligent_tiering_configurations
  @intelligent_tiering_configurations
end

#inventoriesArray<AWSCDK::S3::Inventory>? (readonly)

Note:

Default: - No inventory configuration

The inventory configuration of the bucket.



258
259
260
# File 's3/bucket_props.rb', line 258

def inventories
  @inventories
end

#lifecycle_rulesArray<AWSCDK::S3::LifecycleRule>? (readonly)

Note:

Default: - No lifecycle rules.

Rules that define how Amazon S3 manages objects during their lifetime.

Returns:



263
264
265
# File 's3/bucket_props.rb', line 263

def lifecycle_rules
  @lifecycle_rules
end

#metricsArray<AWSCDK::S3::BucketMetrics>? (readonly)

Note:

Default: - No metrics configuration.

The metrics configuration of this bucket.



269
270
271
# File 's3/bucket_props.rb', line 269

def metrics
  @metrics
end

#minimum_tls_versionNumeric? (readonly)

Note:

Default: No minimum TLS version is enforced.

Enforces minimum TLS version for requests.

Requires enforce_ssl to be enabled.



277
278
279
# File 's3/bucket_props.rb', line 277

def minimum_tls_version
  @minimum_tls_version
end

#notifications_handler_roleAWSCDK::IAM::IRole? (readonly)

Note:

Default: - a new role will be created.

The role to be used by the notifications handler.

Returns:



282
283
284
# File 's3/bucket_props.rb', line 282

def notifications_handler_role
  @notifications_handler_role
end

#notifications_skip_destination_validationBoolean? (readonly)

Note:

Default: false

Skips notification validation of Amazon SQS, Amazon SNS, and Lambda destinations.

Returns:

  • (Boolean, nil)


287
288
289
# File 's3/bucket_props.rb', line 287

def notifications_skip_destination_validation
  @notifications_skip_destination_validation
end

#object_lock_default_retentionAWSCDK::S3::ObjectLockRetention? (readonly)

Note:

Default: no default retention period

The default retention mode and rules for S3 Object Lock.

Default retention can be configured after a bucket is created if the bucket already has object lock enabled. Enabling object lock for existing buckets is not supported.



296
297
298
# File 's3/bucket_props.rb', line 296

def object_lock_default_retention
  @object_lock_default_retention
end

#object_lock_enabledBoolean? (readonly)

Note:

Default: false, unless objectLockDefaultRetention is set (then, true)

Enable object lock on the bucket.

Enabling object lock for existing buckets is not supported. Object lock must be enabled when the bucket is created.



305
306
307
# File 's3/bucket_props.rb', line 305

def object_lock_enabled
  @object_lock_enabled
end

#object_ownershipAWSCDK::S3::ObjectOwnership? (readonly)

Note:

Default: - No ObjectOwnership configuration. By default, Amazon S3 sets Object Ownership to Bucket owner enforced. This means ACLs are disabled and the bucket owner will own every object.

The objectOwnership of the bucket.



311
312
313
# File 's3/bucket_props.rb', line 311

def object_ownership
  @object_ownership
end

#public_read_accessBoolean? (readonly)

Note:

Default: false

Grants public read access to all objects in the bucket.

Similar to calling bucket.grantPublicAccess()

Returns:

  • (Boolean, nil)


318
319
320
# File 's3/bucket_props.rb', line 318

def public_read_access
  @public_read_access
end

#removal_policyAWSCDK::RemovalPolicy? (readonly)

Note:

Default: - The bucket will be orphaned.

Policy to apply when the bucket is removed from this stack.

Returns:



323
324
325
# File 's3/bucket_props.rb', line 323

def removal_policy
  @removal_policy
end

#replication_roleAWSCDK::IAM::IRole? (readonly)

Note:

Default: - a new role will be created.

The role to be used by the replication.

When setting this property, you must also set replication_rules.

Returns:



330
331
332
# File 's3/bucket_props.rb', line 330

def replication_role
  @replication_role
end

#replication_rulesArray<AWSCDK::S3::ReplicationRule>? (readonly)

Note:

Default: - No replication

A container for one or more replication rules.

Returns:



335
336
337
# File 's3/bucket_props.rb', line 335

def replication_rules
  @replication_rules
end

#server_access_logs_bucketAWSCDK::S3::IBucket? (readonly)

Note:

Default: - If "serverAccessLogsPrefix" undefined - access logs disabled, otherwise - log to current bucket.

Destination bucket for the server access logs.

Returns:



340
341
342
# File 's3/bucket_props.rb', line 340

def server_access_logs_bucket
  @server_access_logs_bucket
end

#server_access_logs_prefixString? (readonly)

Note:

Default: - No log file prefix

Optional log file prefix to use for the bucket's access logs.

If defined without "serverAccessLogsBucket", enables access logs to current bucket with this prefix.

Returns:

  • (String, nil)


347
348
349
# File 's3/bucket_props.rb', line 347

def server_access_logs_prefix
  @server_access_logs_prefix
end

#target_object_key_formatAWSCDK::S3::TargetObjectKeyFormat? (readonly)

Note:

Default: - the default key format is: [DestinationPrefix][YYYY]-[MM]-[DD]-[hh]-[mm]-[ss]-[UniqueString]

Optional key format for log objects.



352
353
354
# File 's3/bucket_props.rb', line 352

def target_object_key_format
  @target_object_key_format
end

#transfer_accelerationBoolean? (readonly)

Note:

Default: false

Whether this bucket should have transfer acceleration turned on or not.

Returns:

  • (Boolean, nil)


357
358
359
# File 's3/bucket_props.rb', line 357

def transfer_acceleration
  @transfer_acceleration
end

#transition_default_minimum_object_sizeAWSCDK::S3::TransitionDefaultMinimumObjectSize? (readonly)

Note:

Default: - TransitionDefaultMinimumObjectSize.VARIES_BY_STORAGE_CLASS before September 2024, otherwise TransitionDefaultMinimumObjectSize.ALL_STORAGE_CLASSES_128_K.

Indicates which default minimum object size behavior is applied to the lifecycle configuration.

To customize the minimum object size for any transition you can add a filter that specifies a custom object_size_greater_than or object_size_less_than for lifecycle_rules property. Custom filters always take precedence over the default transition behavior.



366
367
368
# File 's3/bucket_props.rb', line 366

def transition_default_minimum_object_size
  @transition_default_minimum_object_size
end

#versionedBoolean? (readonly)

Note:

Default: false (unless object lock is enabled, then true)

Whether this bucket should have versioning turned on or not.

Returns:

  • (Boolean, nil)


371
372
373
# File 's3/bucket_props.rb', line 371

def versioned
  @versioned
end

#website_error_documentString? (readonly)

Note:

Default: - No error document.

The name of the error document (e.g. "404.html") for the website. websiteIndexDocument must also be set if this is set.

Returns:

  • (String, nil)


376
377
378
# File 's3/bucket_props.rb', line 376

def website_error_document
  @website_error_document
end

#website_index_documentString? (readonly)

Note:

Default: - No index document.

The name of the index document (e.g. "index.html") for the website. Enables static website hosting for this bucket.

Returns:

  • (String, nil)


381
382
383
# File 's3/bucket_props.rb', line 381

def website_index_document
  @website_index_document
end

#website_redirectAWSCDK::S3::RedirectTarget? (readonly)

Note:

Default: - No redirection.

Specifies the redirect behavior of all requests to a website endpoint of a bucket.

If you specify this property, you can't specify "websiteIndexDocument", "websiteErrorDocument" nor , "websiteRoutingRules".

Returns:



388
389
390
# File 's3/bucket_props.rb', line 388

def website_redirect
  @website_redirect
end

#website_routing_rulesArray<AWSCDK::S3::RoutingRule>? (readonly)

Note:

Default: - No redirection rules.

Rules that define when a redirect is applied and the redirect behavior.

Returns:



393
394
395
# File 's3/bucket_props.rb', line 393

def website_routing_rules
  @website_routing_rules
end

Class Method Details

.jsii_propertiesObject



395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
# File 's3/bucket_props.rb', line 395

def self.jsii_properties
  {
    :abac_status => "abacStatus",
    :access_control => "accessControl",
    :auto_delete_objects => "autoDeleteObjects",
    :blocked_encryption_types => "blockedEncryptionTypes",
    :block_public_access => "blockPublicAccess",
    :bucket_key_enabled => "bucketKeyEnabled",
    :bucket_name => "bucketName",
    :bucket_name_prefix => "bucketNamePrefix",
    :bucket_namespace => "bucketNamespace",
    :cors => "cors",
    :encryption => "encryption",
    :encryption_key => "encryptionKey",
    :enforce_ssl => "enforceSSL",
    :event_bridge_enabled => "eventBridgeEnabled",
    :intelligent_tiering_configurations => "intelligentTieringConfigurations",
    :inventories => "inventories",
    :lifecycle_rules => "lifecycleRules",
    :metrics => "metrics",
    :minimum_tls_version => "minimumTLSVersion",
    :notifications_handler_role => "notificationsHandlerRole",
    :notifications_skip_destination_validation => "notificationsSkipDestinationValidation",
    :object_lock_default_retention => "objectLockDefaultRetention",
    :object_lock_enabled => "objectLockEnabled",
    :object_ownership => "objectOwnership",
    :public_read_access => "publicReadAccess",
    :removal_policy => "removalPolicy",
    :replication_role => "replicationRole",
    :replication_rules => "replicationRules",
    :server_access_logs_bucket => "serverAccessLogsBucket",
    :server_access_logs_prefix => "serverAccessLogsPrefix",
    :target_object_key_format => "targetObjectKeyFormat",
    :transfer_acceleration => "transferAcceleration",
    :transition_default_minimum_object_size => "transitionDefaultMinimumObjectSize",
    :versioned => "versioned",
    :website_error_document => "websiteErrorDocument",
    :website_index_document => "websiteIndexDocument",
    :website_redirect => "websiteRedirect",
    :website_routing_rules => "websiteRoutingRules",
  }
end

Instance Method Details

#to_jsiiObject



438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
# File 's3/bucket_props.rb', line 438

def to_jsii
  result = {}
  result.merge!({
    "abacStatus" => @abac_status,
    "accessControl" => @access_control,
    "autoDeleteObjects" => @auto_delete_objects,
    "blockedEncryptionTypes" => @blocked_encryption_types,
    "blockPublicAccess" => @block_public_access,
    "bucketKeyEnabled" => @bucket_key_enabled,
    "bucketName" => @bucket_name,
    "bucketNamePrefix" => @bucket_name_prefix,
    "bucketNamespace" => @bucket_namespace,
    "cors" => @cors,
    "encryption" => @encryption,
    "encryptionKey" => @encryption_key,
    "enforceSSL" => @enforce_ssl,
    "eventBridgeEnabled" => @event_bridge_enabled,
    "intelligentTieringConfigurations" => @intelligent_tiering_configurations,
    "inventories" => @inventories,
    "lifecycleRules" => @lifecycle_rules,
    "metrics" => @metrics,
    "minimumTLSVersion" => @minimum_tls_version,
    "notificationsHandlerRole" => @notifications_handler_role,
    "notificationsSkipDestinationValidation" => @notifications_skip_destination_validation,
    "objectLockDefaultRetention" => @object_lock_default_retention,
    "objectLockEnabled" => @object_lock_enabled,
    "objectOwnership" => @object_ownership,
    "publicReadAccess" => @public_read_access,
    "removalPolicy" => @removal_policy,
    "replicationRole" => @replication_role,
    "replicationRules" => @replication_rules,
    "serverAccessLogsBucket" => @server_access_logs_bucket,
    "serverAccessLogsPrefix" => @server_access_logs_prefix,
    "targetObjectKeyFormat" => @target_object_key_format,
    "transferAcceleration" => @transfer_acceleration,
    "transitionDefaultMinimumObjectSize" => @transition_default_minimum_object_size,
    "versioned" => @versioned,
    "websiteErrorDocument" => @website_error_document,
    "websiteIndexDocument" => @website_index_document,
    "websiteRedirect" => @website_redirect,
    "websiteRoutingRules" => @website_routing_rules,
  })
  result.compact
end