Module: AWSCDK::S3::IBucket

Includes:
IResource, Interfaces::AWSS3::IBucketRef
Included in:
BucketBase
Defined in:
s3/i_bucket.rb

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.jsii_overridable_methodsObject



545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
# File 's3/i_bucket.rb', line 545

def self.jsii_overridable_methods
  {
    :node => { kind: :property, name: "node", is_optional: false },
    :env => { kind: :property, name: "env", is_optional: false },
    :stack => { kind: :property, name: "stack", is_optional: false },
    :bucket_ref => { kind: :property, name: "bucketRef", is_optional: false },
    :bucket_arn => { kind: :property, name: "bucketArn", is_optional: false },
    :bucket_domain_name => { kind: :property, name: "bucketDomainName", is_optional: false },
    :bucket_dual_stack_domain_name => { kind: :property, name: "bucketDualStackDomainName", is_optional: false },
    :bucket_name => { kind: :property, name: "bucketName", is_optional: false },
    :bucket_regional_domain_name => { kind: :property, name: "bucketRegionalDomainName", is_optional: false },
    :bucket_website_domain_name => { kind: :property, name: "bucketWebsiteDomainName", is_optional: false },
    :bucket_website_url => { kind: :property, name: "bucketWebsiteUrl", is_optional: false },
    :encryption_key => { kind: :property, name: "encryptionKey", is_optional: true },
    :is_website => { kind: :property, name: "isWebsite", is_optional: true },
    :policy => { kind: :property, name: "policy", is_optional: true },
    :replication_role_arn => { kind: :property, name: "replicationRoleArn", is_optional: true },
    :with => { kind: :method, name: "with", is_optional: false },
    :apply_removal_policy => { kind: :method, name: "applyRemovalPolicy", is_optional: false },
    :add_event_notification => { kind: :method, name: "addEventNotification", is_optional: false },
    :add_object_created_notification => { kind: :method, name: "addObjectCreatedNotification", is_optional: false },
    :add_object_removed_notification => { kind: :method, name: "addObjectRemovedNotification", is_optional: false },
    :add_replication_policy => { kind: :method, name: "addReplicationPolicy", is_optional: false },
    :add_to_resource_policy => { kind: :method, name: "addToResourcePolicy", is_optional: false },
    :arn_for_objects => { kind: :method, name: "arnForObjects", is_optional: false },
    :enable_event_bridge_notification => { kind: :method, name: "enableEventBridgeNotification", is_optional: false },
    :grant_delete => { kind: :method, name: "grantDelete", is_optional: false },
    :grant_public_access => { kind: :method, name: "grantPublicAccess", is_optional: false },
    :grant_put => { kind: :method, name: "grantPut", is_optional: false },
    :grant_put_acl => { kind: :method, name: "grantPutAcl", is_optional: false },
    :grant_read => { kind: :method, name: "grantRead", is_optional: false },
    :grant_read_write => { kind: :method, name: "grantReadWrite", is_optional: false },
    :grant_replication_permission => { kind: :method, name: "grantReplicationPermission", is_optional: false },
    :grant_write => { kind: :method, name: "grantWrite", is_optional: false },
    :on_cloud_trail_event => { kind: :method, name: "onCloudTrailEvent", is_optional: false },
    :on_cloud_trail_put_object => { kind: :method, name: "onCloudTrailPutObject", is_optional: false },
    :on_cloud_trail_write_object => { kind: :method, name: "onCloudTrailWriteObject", is_optional: false },
    :s3_url_for_object => { kind: :method, name: "s3UrlForObject", is_optional: false },
    :transfer_acceleration_url_for_object => { kind: :method, name: "transferAccelerationUrlForObject", is_optional: false },
    :url_for_object => { kind: :method, name: "urlForObject", is_optional: false },
    :virtual_hosted_url_for_object => { kind: :method, name: "virtualHostedUrlForObject", is_optional: false },
  }
end

Instance Method Details

#add_event_notification(event, dest, *filters) ⇒ void

This method returns an undefined value.

Adds a bucket notification event destination.

Examples:

my_lambda = nil # AWSCDK::Lambda::Function

bucket = AWSCDK::S3::Bucket.new(self, "MyBucket")
filter = {prefix: "home/myusername/*"}
bucket.add_event_notification(AWSCDK::S3::EventType::OBJECT_CREATED, AWSCDK::S3Notifications::LambdaDestination.new(my_lambda), filter)

Parameters:

See Also:



178
179
180
181
182
183
184
185
186
# File 's3/i_bucket.rb', line 178

def add_event_notification(event, dest, *filters)
  Jsii::Type.check_type(event, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfczMuRXZlbnRUeXBlIn0=")), "event")
  Jsii::Type.check_type(dest, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfczMuSUJ1Y2tldE5vdGlmaWNhdGlvbkRlc3RpbmF0aW9uIn0=")), "dest")
  filters.map! { |jsii_v0| jsii_v0.is_a?(Hash) ? ::AWSCDK::S3::NotificationKeyFilter.new(**jsii_v0.transform_keys(&:to_sym)) : jsii_v0 }
  filters.each_with_index do |item, index|
    Jsii::Type.check_type(item, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfczMuTm90aWZpY2F0aW9uS2V5RmlsdGVyIn0=")), "filters[#{index}]")
  end
  jsii_call_method("addEventNotification", [event, dest, *filters])
end

#add_object_created_notification(dest, *filters) ⇒ void

This method returns an undefined value.

Subscribes a destination to receive notifications when an object is created in the bucket.

This is identical to calling onEvent(s3.EventType.OBJECT_CREATED).

Parameters:



196
197
198
199
200
201
202
203
# File 's3/i_bucket.rb', line 196

def add_object_created_notification(dest, *filters)
  Jsii::Type.check_type(dest, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfczMuSUJ1Y2tldE5vdGlmaWNhdGlvbkRlc3RpbmF0aW9uIn0=")), "dest")
  filters.map! { |jsii_v0| jsii_v0.is_a?(Hash) ? ::AWSCDK::S3::NotificationKeyFilter.new(**jsii_v0.transform_keys(&:to_sym)) : jsii_v0 }
  filters.each_with_index do |item, index|
    Jsii::Type.check_type(item, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfczMuTm90aWZpY2F0aW9uS2V5RmlsdGVyIn0=")), "filters[#{index}]")
  end
  jsii_call_method("addObjectCreatedNotification", [dest, *filters])
end

#add_object_removed_notification(dest, *filters) ⇒ void

This method returns an undefined value.

Subscribes a destination to receive notifications when an object is removed from the bucket.

This is identical to calling onEvent(EventType.OBJECT_REMOVED).

Parameters:



213
214
215
216
217
218
219
220
# File 's3/i_bucket.rb', line 213

def add_object_removed_notification(dest, *filters)
  Jsii::Type.check_type(dest, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfczMuSUJ1Y2tldE5vdGlmaWNhdGlvbkRlc3RpbmF0aW9uIn0=")), "dest")
  filters.map! { |jsii_v0| jsii_v0.is_a?(Hash) ? ::AWSCDK::S3::NotificationKeyFilter.new(**jsii_v0.transform_keys(&:to_sym)) : jsii_v0 }
  filters.each_with_index do |item, index|
    Jsii::Type.check_type(item, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfczMuTm90aWZpY2F0aW9uS2V5RmlsdGVyIn0=")), "filters[#{index}]")
  end
  jsii_call_method("addObjectRemovedNotification", [dest, *filters])
end

#add_replication_policy(role_arn, access_control_transition = nil, account = nil) ⇒ void

This method returns an undefined value.

Function to add required permissions to the destination bucket for cross account replication.

These permissions will be added as a resource based policy on the bucket.

Parameters:

  • role_arn (String)
  • access_control_transition (Boolean, nil) (defaults to: nil)
  • account (String, nil) (defaults to: nil)

See Also:



231
232
233
234
235
236
# File 's3/i_bucket.rb', line 231

def add_replication_policy(role_arn, access_control_transition = nil,  = nil)
  Jsii::Type.check_type(role_arn, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "roleArn")
  Jsii::Type.check_type(access_control_transition, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "accessControlTransition") unless access_control_transition.nil?
  Jsii::Type.check_type(, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "account") unless .nil?
  jsii_call_method("addReplicationPolicy", [role_arn, access_control_transition, ])
end

#add_to_resource_policy(permission) ⇒ AWSCDK::IAM::AddToResourcePolicyResult

Adds a statement to the resource policy for a principal (i.e. account/role/service) to perform actions on this bucket and/or its contents. Use bucketArn and arnForObjects(keys) to obtain ARNs for this bucket or objects.

Note that the policy statement may or may not be added to the policy. For example, when an IBucket is created from an existing bucket, it's not possible to tell whether the bucket already has a policy attached, let alone to re-use that policy to add more statements to it. So it's safest to do nothing in these cases.

Parameters:

Returns:

  • (AWSCDK::IAM::AddToResourcePolicyResult)

    metadata about the execution of this method. If the policy was not added, the value of statementAdded will be false. You should always check this value to make sure that the operation was actually carried out. Otherwise, synthesis and deploy will terminate silently, which may be confusing.



248
249
250
251
# File 's3/i_bucket.rb', line 248

def add_to_resource_policy(permission)
  Jsii::Type.check_type(permission, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLlBvbGljeVN0YXRlbWVudCJ9")), "permission")
  jsii_call_method("addToResourcePolicy", [permission])
end

#apply_removal_policy(policy) ⇒ void

This method returns an undefined value.

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).

Parameters:



160
161
162
163
# File 's3/i_bucket.rb', line 160

def apply_removal_policy(policy)
  Jsii::Type.check_type(policy, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5SZW1vdmFsUG9saWN5In0=")), "policy")
  jsii_call_method("applyRemovalPolicy", [policy])
end

#arn_for_objects(key_pattern) ⇒ String

Returns an ARN that represents all objects within the bucket that match the key pattern specified.

To represent all keys, specify "*".

Parameters:

  • key_pattern (String)

Returns:

  • (String)


259
260
261
262
# File 's3/i_bucket.rb', line 259

def arn_for_objects(key_pattern)
  Jsii::Type.check_type(key_pattern, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "keyPattern")
  jsii_call_method("arnForObjects", [key_pattern])
end

#bucket_arnString

The ARN of the bucket.

Returns:

  • (String)


47
48
49
# File 's3/i_bucket.rb', line 47

def bucket_arn()
  jsii_get_property("bucketArn")
end

#bucket_domain_nameString

The IPv4 DNS name of the specified bucket.

Returns:

  • (String)


54
55
56
# File 's3/i_bucket.rb', line 54

def bucket_domain_name()
  jsii_get_property("bucketDomainName")
end

#bucket_dual_stack_domain_nameString

The IPv6 DNS name of the specified bucket.

Returns:

  • (String)


61
62
63
# File 's3/i_bucket.rb', line 61

def bucket_dual_stack_domain_name()
  jsii_get_property("bucketDualStackDomainName")
end

#bucket_nameString

The name of the bucket.

Returns:

  • (String)


68
69
70
# File 's3/i_bucket.rb', line 68

def bucket_name()
  jsii_get_property("bucketName")
end

#bucket_refAWSCDK::Interfaces::AWSS3::BucketReference

A reference to a Bucket resource.



40
41
42
# File 's3/i_bucket.rb', line 40

def bucket_ref()
  jsii_get_property("bucketRef")
end

#bucket_regional_domain_nameString

The regional domain name of the specified bucket.

Returns:

  • (String)


75
76
77
# File 's3/i_bucket.rb', line 75

def bucket_regional_domain_name()
  jsii_get_property("bucketRegionalDomainName")
end

#bucket_website_domain_nameString

The Domain name of the static website.

Returns:

  • (String)


82
83
84
# File 's3/i_bucket.rb', line 82

def bucket_website_domain_name()
  jsii_get_property("bucketWebsiteDomainName")
end

#bucket_website_urlString

The URL of the static website.

Returns:

  • (String)


89
90
91
# File 's3/i_bucket.rb', line 89

def bucket_website_url()
  jsii_get_property("bucketWebsiteUrl")
end

#enable_event_bridge_notificationvoid

This method returns an undefined value.

Enables event bridge notification, causing all events below to be sent to EventBridge:.

  • Object Deleted (DeleteObject)
  • Object Deleted (Lifecycle expiration)
  • Object Restore Initiated
  • Object Restore Completed
  • Object Restore Expired
  • Object Storage Class Changed
  • Object Access Tier Changed
  • Object ACL Updated
  • Object Tags Added
  • Object Tags Deleted


278
279
280
# File 's3/i_bucket.rb', line 278

def enable_event_bridge_notification()
  jsii_call_method("enableEventBridgeNotification", [])
end

#encryption_keyAWSCDK::KMS::IKey?

Optional KMS encryption key associated with this bucket.

Returns:



96
97
98
# File 's3/i_bucket.rb', line 96

def encryption_key()
  jsii_get_property("encryptionKey")
end

#envAWSCDK::Interfaces::ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed in a Stack (those created by creating new class instances like new Role(), new Bucket(), etc.), this is always the same as the environment of the stack they belong to.

For referenced resources (those obtained from referencing methods like Role.fromRoleArn(), Bucket.fromBucketName(), etc.), they might be different than the stack they were imported into.



26
27
28
# File 's3/i_bucket.rb', line 26

def env()
  jsii_get_property("env")
end

#grant_delete(identity, objects_key_pattern = nil) ⇒ AWSCDK::IAM::Grant

Grants s3:DeleteObject* permission to an IAM principal for objects in this bucket.

Parameters:

  • identity (AWSCDK::IAM::IGrantable)

    The principal.

  • objects_key_pattern (Object, nil) (defaults to: nil)

    Restrict the permission to a certain key pattern (default '*').

Returns:



287
288
289
290
291
# File 's3/i_bucket.rb', line 287

def grant_delete(identity, objects_key_pattern = nil)
  Jsii::Type.check_type(identity, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "identity")
  Jsii::Type.check_type(objects_key_pattern, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJhbnkifQ==")), "objectsKeyPattern") unless objects_key_pattern.nil?
  jsii_call_method("grantDelete", [identity, objects_key_pattern])
end

#grant_public_access(key_prefix = nil, *allowed_actions) ⇒ AWSCDK::IAM::Grant

Allows unrestricted access to objects from this bucket.

IMPORTANT: This permission allows anyone to perform actions on S3 objects in this bucket, which is useful for when you configure your bucket as a website and want everyone to be able to read objects in the bucket without needing to authenticate.

Without arguments, this method will grant read ("s3:GetObject") access to all objects ("*") in the bucket.

The method returns the iam.Grant object, which can then be modified as needed. For example, you can add a condition that will restrict access only to an IPv4 range like this:

const grant = bucket.grantPublicAccess();
grant.resourceStatement!.addCondition(‘IpAddress’, { “aws:SourceIp”: “54.240.143.0/24” });

Parameters:

  • key_prefix (String, nil) (defaults to: nil)

    the prefix of S3 object keys (e.g. home/*). Default is "*".

  • allowed_actions (Array<String>)

    the set of S3 actions to allow.

Returns:

  • (AWSCDK::IAM::Grant)

    The iam.PolicyStatement object, which can be used to apply e.g. conditions.



315
316
317
318
319
320
321
# File 's3/i_bucket.rb', line 315

def grant_public_access(key_prefix = nil, *allowed_actions)
  Jsii::Type.check_type(key_prefix, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "keyPrefix") unless key_prefix.nil?
  allowed_actions.each_with_index do |item, index|
    Jsii::Type.check_type(item, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "allowedActions[#{index}]")
  end
  jsii_call_method("grantPublicAccess", [key_prefix, *allowed_actions])
end

#grant_put(identity, objects_key_pattern = nil) ⇒ AWSCDK::IAM::Grant

Grants s3:PutObject* and s3:Abort* permissions for this bucket to an IAM principal.

If encryption is used, permission to use the key to encrypt the contents of written files will also be granted to the same principal.

Parameters:

  • identity (AWSCDK::IAM::IGrantable)

    The principal.

  • objects_key_pattern (Object, nil) (defaults to: nil)

    Restrict the permission to a certain key pattern (default '*').

Returns:



331
332
333
334
335
# File 's3/i_bucket.rb', line 331

def grant_put(identity, objects_key_pattern = nil)
  Jsii::Type.check_type(identity, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "identity")
  Jsii::Type.check_type(objects_key_pattern, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJhbnkifQ==")), "objectsKeyPattern") unless objects_key_pattern.nil?
  jsii_call_method("grantPut", [identity, objects_key_pattern])
end

#grant_put_acl(identity, objects_key_pattern = nil) ⇒ AWSCDK::IAM::Grant

Grant the given IAM identity permissions to modify the ACLs of objects in the given Bucket.

If your application has the '@aws-cdk/aws-s3:grantWriteWithoutAcl' feature flag set, calling grant_write or grant_read_write no longer grants permissions to modify the ACLs of the objects; in this case, if you need to modify object ACLs, call this method explicitly.

Parameters:

  • identity (AWSCDK::IAM::IGrantable)

    The principal.

  • objects_key_pattern (String, nil) (defaults to: nil)

    Restrict the permission to a certain key pattern (default '*').

Returns:



346
347
348
349
350
# File 's3/i_bucket.rb', line 346

def grant_put_acl(identity, objects_key_pattern = nil)
  Jsii::Type.check_type(identity, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "identity")
  Jsii::Type.check_type(objects_key_pattern, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "objectsKeyPattern") unless objects_key_pattern.nil?
  jsii_call_method("grantPutAcl", [identity, objects_key_pattern])
end

#grant_read(identity, objects_key_pattern = nil) ⇒ AWSCDK::IAM::Grant

Grant read permissions for this bucket and its contents to an IAM principal (Role/Group/User).

If encryption is used, permission to use the key to decrypt the contents of the bucket will also be granted to the same principal.

Parameters:

  • identity (AWSCDK::IAM::IGrantable)

    The principal.

  • objects_key_pattern (Object, nil) (defaults to: nil)

    Restrict the permission to a certain key pattern (default '*').

Returns:



360
361
362
363
364
# File 's3/i_bucket.rb', line 360

def grant_read(identity, objects_key_pattern = nil)
  Jsii::Type.check_type(identity, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "identity")
  Jsii::Type.check_type(objects_key_pattern, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJhbnkifQ==")), "objectsKeyPattern") unless objects_key_pattern.nil?
  jsii_call_method("grantRead", [identity, objects_key_pattern])
end

#grant_read_write(identity, objects_key_pattern = nil) ⇒ AWSCDK::IAM::Grant

Grants read/write permissions for this bucket and its contents to an IAM principal (Role/Group/User).

If an encryption key is used, permission to use the key for encrypt/decrypt will also be granted.

Before CDK version 1.85.0, this method granted the s3:PutObject* permission that included s3:PutObjectAcl, which could be used to grant read/write object access to IAM principals in other accounts. If you want to get rid of that behavior, update your CDK version to 1.85.0 or later, and make sure the @aws-cdk/aws-s3:grantWriteWithoutAcl feature flag is set to true in the context key of your cdk.json file. If you've already updated, but still need the principal to have permissions to modify the ACLs, use the grant_put_acl method.

Parameters:

  • identity (AWSCDK::IAM::IGrantable)

    The principal.

  • objects_key_pattern (Object, nil) (defaults to: nil)

    Restrict the permission to a certain key pattern (default '*').

Returns:



382
383
384
385
386
# File 's3/i_bucket.rb', line 382

def grant_read_write(identity, objects_key_pattern = nil)
  Jsii::Type.check_type(identity, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "identity")
  Jsii::Type.check_type(objects_key_pattern, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJhbnkifQ==")), "objectsKeyPattern") unless objects_key_pattern.nil?
  jsii_call_method("grantReadWrite", [identity, objects_key_pattern])
end

#grant_replication_permission(identity, props) ⇒ AWSCDK::IAM::Grant

Allows permissions for replication operation to bucket replication role.

If an encryption key is used, permission to use the key for encrypt/decrypt will also be granted.

Parameters:

Returns:

  • (AWSCDK::IAM::Grant)

    The iam.Grant object, which represents the grant of permissions.



396
397
398
399
400
401
# File 's3/i_bucket.rb', line 396

def grant_replication_permission(identity, props)
  Jsii::Type.check_type(identity, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "identity")
  props = props.is_a?(Hash) ? ::AWSCDK::S3::GrantReplicationPermissionProps.new(**props.transform_keys(&:to_sym)) : props
  Jsii::Type.check_type(props, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfczMuR3JhbnRSZXBsaWNhdGlvblBlcm1pc3Npb25Qcm9wcyJ9")), "props")
  jsii_call_method("grantReplicationPermission", [identity, props])
end

#grant_write(identity, objects_key_pattern = nil, allowed_action_patterns = nil) ⇒ AWSCDK::IAM::Grant

Grant write permissions to this bucket to an IAM principal.

If encryption is used, permission to use the key to encrypt the contents of written files will also be granted to the same principal.

Before CDK version 1.85.0, this method granted the s3:PutObject* permission that included s3:PutObjectAcl, which could be used to grant read/write object access to IAM principals in other accounts. If you want to get rid of that behavior, update your CDK version to 1.85.0 or later, and make sure the @aws-cdk/aws-s3:grantWriteWithoutAcl feature flag is set to true in the context key of your cdk.json file. If you've already updated, but still need the principal to have permissions to modify the ACLs, use the grant_put_acl method.

Parameters:

  • identity (AWSCDK::IAM::IGrantable)

    The principal.

  • objects_key_pattern (Object, nil) (defaults to: nil)

    Restrict the permission to a certain key pattern (default '*').

  • allowed_action_patterns (Array<String>, nil) (defaults to: nil)

    Restrict the permissions to certain list of action patterns.

Returns:



420
421
422
423
424
425
# File 's3/i_bucket.rb', line 420

def grant_write(identity, objects_key_pattern = nil, allowed_action_patterns = nil)
  Jsii::Type.check_type(identity, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "identity")
  Jsii::Type.check_type(objects_key_pattern, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJhbnkifQ==")), "objectsKeyPattern") unless objects_key_pattern.nil?
  Jsii::Type.check_type(allowed_action_patterns, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7InByaW1pdGl2ZSI6InN0cmluZyJ9LCJraW5kIjoiYXJyYXkifX0=")), "allowedActionPatterns") unless allowed_action_patterns.nil?
  jsii_call_method("grantWrite", [identity, objects_key_pattern, allowed_action_patterns])
end

#is_websiteBoolean?

If this bucket has been configured for static website hosting.

Returns:

  • (Boolean, nil)


103
104
105
# File 's3/i_bucket.rb', line 103

def is_website()
  jsii_get_property("isWebsite")
end

#nodeConstructs::Node

The tree node.

Returns:

  • (Constructs::Node)


11
12
13
# File 's3/i_bucket.rb', line 11

def node()
  jsii_get_property("node")
end

#on_cloud_trail_event(id, options = nil) ⇒ AWSCDK::Events::Rule

Defines a CloudWatch event that triggers when something happens to this bucket.

Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail.

Parameters:

Returns:



435
436
437
438
439
440
# File 's3/i_bucket.rb', line 435

def on_cloud_trail_event(id, options = nil)
  Jsii::Type.check_type(id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "id")
  options = options.is_a?(Hash) ? ::AWSCDK::S3::OnCloudTrailBucketEventOptions.new(**options.transform_keys(&:to_sym)) : options
  Jsii::Type.check_type(options, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfczMuT25DbG91ZFRyYWlsQnVja2V0RXZlbnRPcHRpb25zIn0=")), "options") unless options.nil?
  jsii_call_method("onCloudTrailEvent", [id, options])
end

#on_cloud_trail_put_object(id, options = nil) ⇒ AWSCDK::Events::Rule

Defines an AWS CloudWatch event that triggers when an object is uploaded to the specified paths (keys) in this bucket using the PutObject API call.

Note that some tools like aws s3 cp will automatically use either PutObject or the multipart upload API depending on the file size, so using on_cloud_trail_write_object may be preferable.

Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail.

Parameters:

Returns:



454
455
456
457
458
459
# File 's3/i_bucket.rb', line 454

def on_cloud_trail_put_object(id, options = nil)
  Jsii::Type.check_type(id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "id")
  options = options.is_a?(Hash) ? ::AWSCDK::S3::OnCloudTrailBucketEventOptions.new(**options.transform_keys(&:to_sym)) : options
  Jsii::Type.check_type(options, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfczMuT25DbG91ZFRyYWlsQnVja2V0RXZlbnRPcHRpb25zIn0=")), "options") unless options.nil?
  jsii_call_method("onCloudTrailPutObject", [id, options])
end

#on_cloud_trail_write_object(id, options = nil) ⇒ AWSCDK::Events::Rule

Defines an AWS CloudWatch event that triggers when an object at the specified paths (keys) in this bucket are written to.

This includes the events PutObject, CopyObject, and CompleteMultipartUpload.

Note that some tools like aws s3 cp will automatically use either PutObject or the multipart upload API depending on the file size, so using this method may be preferable to on_cloud_trail_put_object.

Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail.

Parameters:

Returns:



476
477
478
479
480
481
# File 's3/i_bucket.rb', line 476

def on_cloud_trail_write_object(id, options = nil)
  Jsii::Type.check_type(id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "id")
  options = options.is_a?(Hash) ? ::AWSCDK::S3::OnCloudTrailBucketEventOptions.new(**options.transform_keys(&:to_sym)) : options
  Jsii::Type.check_type(options, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfczMuT25DbG91ZFRyYWlsQnVja2V0RXZlbnRPcHRpb25zIn0=")), "options") unless options.nil?
  jsii_call_method("onCloudTrailWriteObject", [id, options])
end

#policyAWSCDK::S3::BucketPolicy?

The resource policy associated with this bucket.

If auto_create_policy is true, a BucketPolicy will be created upon the first call to addToResourcePolicy(s).

Returns:



113
114
115
# File 's3/i_bucket.rb', line 113

def policy()
  jsii_get_property("policy")
end

#policy=(value) ⇒ Object



117
118
119
120
# File 's3/i_bucket.rb', line 117

def policy=(value)
  Jsii::Type.check_type(value, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfczMuQnVja2V0UG9saWN5In0=")), "policy") unless value.nil?
  jsii_set_property("policy", value)
end

#replication_role_arnString?

Role used to set up permissions on this bucket for replication.

Returns:

  • (String, nil)


125
126
127
# File 's3/i_bucket.rb', line 125

def replication_role_arn()
  jsii_get_property("replicationRoleArn")
end

#replication_role_arn=(value) ⇒ Object



129
130
131
132
# File 's3/i_bucket.rb', line 129

def replication_role_arn=(value)
  Jsii::Type.check_type(value, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "replicationRoleArn") unless value.nil?
  jsii_set_property("replicationRoleArn", value)
end

#s3_url_for_object(key = nil) ⇒ String

The S3 URL of an S3 object.

For example:

  • s3://onlybucket
  • s3://bucket/key

Parameters:

  • key (String, nil) (defaults to: nil)

    The S3 key of the object.

Returns:

  • (String)

    an ObjectS3Url token



492
493
494
495
# File 's3/i_bucket.rb', line 492

def s3_url_for_object(key = nil)
  Jsii::Type.check_type(key, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "key") unless key.nil?
  jsii_call_method("s3UrlForObject", [key])
end

#stackAWSCDK::Stack

The stack in which this resource is defined.

Returns:



33
34
35
# File 's3/i_bucket.rb', line 33

def stack()
  jsii_get_property("stack")
end

#transfer_acceleration_url_for_object(key = nil, options = nil) ⇒ String

The https Transfer Acceleration URL of an S3 object.

Specify dualStack: true at the options for dual-stack endpoint (connect to the bucket over IPv6). For example:

  • https://bucket.s3-accelerate.amazonaws.com
  • https://bucket.s3-accelerate.amazonaws.com/key

Parameters:

Returns:

  • (String)

    an TransferAccelerationUrl token



508
509
510
511
512
513
# File 's3/i_bucket.rb', line 508

def transfer_acceleration_url_for_object(key = nil, options = nil)
  Jsii::Type.check_type(key, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "key") unless key.nil?
  options = options.is_a?(Hash) ? ::AWSCDK::S3::TransferAccelerationURLOptions.new(**options.transform_keys(&:to_sym)) : options
  Jsii::Type.check_type(options, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfczMuVHJhbnNmZXJBY2NlbGVyYXRpb25VcmxPcHRpb25zIn0=")), "options") unless options.nil?
  jsii_call_method("transferAccelerationUrlForObject", [key, options])
end

#url_for_object(key = nil) ⇒ String

The https URL of an S3 object. For example:.

  • https://s3.us-west-1.amazonaws.com/onlybucket
  • https://s3.us-west-1.amazonaws.com/bucket/key
  • https://s3.cn-north-1.amazonaws.com.cn/china-bucket/mykey

Parameters:

  • key (String, nil) (defaults to: nil)

    The S3 key of the object.

Returns:

  • (String)

    an ObjectS3Url token



523
524
525
526
# File 's3/i_bucket.rb', line 523

def url_for_object(key = nil)
  Jsii::Type.check_type(key, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "key") unless key.nil?
  jsii_call_method("urlForObject", [key])
end

#virtual_hosted_url_for_object(key = nil, options = nil) ⇒ String

The virtual hosted-style URL of an S3 object. Specify regional: false at the options for non-regional URL. For example:.

  • https://only-bucket.s3.us-west-1.amazonaws.com
  • https://bucket.s3.us-west-1.amazonaws.com/key
  • https://bucket.s3.amazonaws.com/key
  • https://china-bucket.s3.cn-north-1.amazonaws.com.cn/mykey

Parameters:

Returns:

  • (String)

    an ObjectS3Url token



538
539
540
541
542
543
# File 's3/i_bucket.rb', line 538

def virtual_hosted_url_for_object(key = nil, options = nil)
  Jsii::Type.check_type(key, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "key") unless key.nil?
  options = options.is_a?(Hash) ? ::AWSCDK::S3::VirtualHostedStyleURLOptions.new(**options.transform_keys(&:to_sym)) : options
  Jsii::Type.check_type(options, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfczMuVmlydHVhbEhvc3RlZFN0eWxlVXJsT3B0aW9ucyJ9")), "options") unless options.nil?
  jsii_call_method("virtualHostedUrlForObject", [key, options])
end

#with(*mixins) ⇒ Constructs::IConstruct

Applies one or more mixins to this construct.

Mixins are applied in order. The list of constructs is captured at the start of the call, so constructs added by a mixin will not be visited.

Parameters:

  • mixins (Array<Constructs::IMixin>)

    The mixins to apply.

Returns:

  • (Constructs::IConstruct)

    This construct for chaining



141
142
143
144
145
146
# File 's3/i_bucket.rb', line 141

def with(*mixins)
  mixins.each_with_index do |item, index|
    Jsii::Type.check_type(item, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJjb25zdHJ1Y3RzLklNaXhpbiJ9")), "mixins[#{index}]")
  end
  jsii_call_method("with", [*mixins])
end