Module: AWSCDK::S3::IBucket
- Includes:
- IResource, Interfaces::AWSS3::IBucketRef
- Included in:
- BucketBase
- Defined in:
- s3/i_bucket.rb
Class Method Summary collapse
Instance Method Summary collapse
-
#add_event_notification(event, dest, *filters) ⇒ void
Adds a bucket notification event destination.
-
#add_object_created_notification(dest, *filters) ⇒ void
Subscribes a destination to receive notifications when an object is created in the bucket.
-
#add_object_removed_notification(dest, *filters) ⇒ void
Subscribes a destination to receive notifications when an object is removed from the bucket.
-
#add_replication_policy(role_arn, access_control_transition = nil, account = nil) ⇒ void
Function to add required permissions to the destination bucket for cross account replication.
-
#add_to_resource_policy(permission) ⇒ AWSCDK::IAM::AddToResourcePolicyResult
Adds a statement to the resource policy for a principal (i.e. account/role/service) to perform actions on this bucket and/or its contents.
-
#apply_removal_policy(policy) ⇒ void
Apply the given removal policy to this resource.
-
#arn_for_objects(key_pattern) ⇒ String
Returns an ARN that represents all objects within the bucket that match the key pattern specified.
-
#bucket_arn ⇒ String
The ARN of the bucket.
-
#bucket_domain_name ⇒ String
The IPv4 DNS name of the specified bucket.
-
#bucket_dual_stack_domain_name ⇒ String
The IPv6 DNS name of the specified bucket.
-
#bucket_name ⇒ String
The name of the bucket.
-
#bucket_ref ⇒ AWSCDK::Interfaces::AWSS3::BucketReference
A reference to a Bucket resource.
-
#bucket_regional_domain_name ⇒ String
The regional domain name of the specified bucket.
-
#bucket_website_domain_name ⇒ String
The Domain name of the static website.
-
#bucket_website_url ⇒ String
The URL of the static website.
-
#enable_event_bridge_notification ⇒ void
Enables event bridge notification, causing all events below to be sent to EventBridge:.
-
#encryption_key ⇒ AWSCDK::KMS::IKey?
Optional KMS encryption key associated with this bucket.
-
#env ⇒ AWSCDK::Interfaces::ResourceEnvironment
The environment this resource belongs to.
-
#grant_delete(identity, objects_key_pattern = nil) ⇒ AWSCDK::IAM::Grant
Grants s3:DeleteObject* permission to an IAM principal for objects in this bucket.
-
#grant_public_access(key_prefix = nil, *allowed_actions) ⇒ AWSCDK::IAM::Grant
Allows unrestricted access to objects from this bucket.
-
#grant_put(identity, objects_key_pattern = nil) ⇒ AWSCDK::IAM::Grant
Grants s3:PutObject* and s3:Abort* permissions for this bucket to an IAM principal.
-
#grant_put_acl(identity, objects_key_pattern = nil) ⇒ AWSCDK::IAM::Grant
Grant the given IAM identity permissions to modify the ACLs of objects in the given Bucket.
-
#grant_read(identity, objects_key_pattern = nil) ⇒ AWSCDK::IAM::Grant
Grant read permissions for this bucket and its contents to an IAM principal (Role/Group/User).
-
#grant_read_write(identity, objects_key_pattern = nil) ⇒ AWSCDK::IAM::Grant
Grants read/write permissions for this bucket and its contents to an IAM principal (Role/Group/User).
-
#grant_replication_permission(identity, props) ⇒ AWSCDK::IAM::Grant
Allows permissions for replication operation to bucket replication role.
-
#grant_write(identity, objects_key_pattern = nil, allowed_action_patterns = nil) ⇒ AWSCDK::IAM::Grant
Grant write permissions to this bucket to an IAM principal.
-
#is_website ⇒ Boolean?
If this bucket has been configured for static website hosting.
-
#node ⇒ Constructs::Node
The tree node.
-
#on_cloud_trail_event(id, options = nil) ⇒ AWSCDK::Events::Rule
Defines a CloudWatch event that triggers when something happens to this bucket.
-
#on_cloud_trail_put_object(id, options = nil) ⇒ AWSCDK::Events::Rule
Defines an AWS CloudWatch event that triggers when an object is uploaded to the specified paths (keys) in this bucket using the PutObject API call.
-
#on_cloud_trail_write_object(id, options = nil) ⇒ AWSCDK::Events::Rule
Defines an AWS CloudWatch event that triggers when an object at the specified paths (keys) in this bucket are written to.
-
#policy ⇒ AWSCDK::S3::BucketPolicy?
The resource policy associated with this bucket.
- #policy=(value) ⇒ Object
-
#replication_role_arn ⇒ String?
Role used to set up permissions on this bucket for replication.
- #replication_role_arn=(value) ⇒ Object
-
#s3_url_for_object(key = nil) ⇒ String
The S3 URL of an S3 object.
-
#stack ⇒ AWSCDK::Stack
The stack in which this resource is defined.
-
#transfer_acceleration_url_for_object(key = nil, options = nil) ⇒ String
The https Transfer Acceleration URL of an S3 object.
-
#url_for_object(key = nil) ⇒ String
The https URL of an S3 object.
-
#virtual_hosted_url_for_object(key = nil, options = nil) ⇒ String
The virtual hosted-style URL of an S3 object.
-
#with(*mixins) ⇒ Constructs::IConstruct
Applies one or more mixins to this construct.
Class Method Details
.jsii_overridable_methods ⇒ Object
545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 |
# File 's3/i_bucket.rb', line 545 def self.jsii_overridable_methods { :node => { kind: :property, name: "node", is_optional: false }, :env => { kind: :property, name: "env", is_optional: false }, :stack => { kind: :property, name: "stack", is_optional: false }, :bucket_ref => { kind: :property, name: "bucketRef", is_optional: false }, :bucket_arn => { kind: :property, name: "bucketArn", is_optional: false }, :bucket_domain_name => { kind: :property, name: "bucketDomainName", is_optional: false }, :bucket_dual_stack_domain_name => { kind: :property, name: "bucketDualStackDomainName", is_optional: false }, :bucket_name => { kind: :property, name: "bucketName", is_optional: false }, :bucket_regional_domain_name => { kind: :property, name: "bucketRegionalDomainName", is_optional: false }, :bucket_website_domain_name => { kind: :property, name: "bucketWebsiteDomainName", is_optional: false }, :bucket_website_url => { kind: :property, name: "bucketWebsiteUrl", is_optional: false }, :encryption_key => { kind: :property, name: "encryptionKey", is_optional: true }, :is_website => { kind: :property, name: "isWebsite", is_optional: true }, :policy => { kind: :property, name: "policy", is_optional: true }, :replication_role_arn => { kind: :property, name: "replicationRoleArn", is_optional: true }, :with => { kind: :method, name: "with", is_optional: false }, :apply_removal_policy => { kind: :method, name: "applyRemovalPolicy", is_optional: false }, :add_event_notification => { kind: :method, name: "addEventNotification", is_optional: false }, :add_object_created_notification => { kind: :method, name: "addObjectCreatedNotification", is_optional: false }, :add_object_removed_notification => { kind: :method, name: "addObjectRemovedNotification", is_optional: false }, :add_replication_policy => { kind: :method, name: "addReplicationPolicy", is_optional: false }, :add_to_resource_policy => { kind: :method, name: "addToResourcePolicy", is_optional: false }, :arn_for_objects => { kind: :method, name: "arnForObjects", is_optional: false }, :enable_event_bridge_notification => { kind: :method, name: "enableEventBridgeNotification", is_optional: false }, :grant_delete => { kind: :method, name: "grantDelete", is_optional: false }, :grant_public_access => { kind: :method, name: "grantPublicAccess", is_optional: false }, :grant_put => { kind: :method, name: "grantPut", is_optional: false }, :grant_put_acl => { kind: :method, name: "grantPutAcl", is_optional: false }, :grant_read => { kind: :method, name: "grantRead", is_optional: false }, :grant_read_write => { kind: :method, name: "grantReadWrite", is_optional: false }, :grant_replication_permission => { kind: :method, name: "grantReplicationPermission", is_optional: false }, :grant_write => { kind: :method, name: "grantWrite", is_optional: false }, :on_cloud_trail_event => { kind: :method, name: "onCloudTrailEvent", is_optional: false }, :on_cloud_trail_put_object => { kind: :method, name: "onCloudTrailPutObject", is_optional: false }, :on_cloud_trail_write_object => { kind: :method, name: "onCloudTrailWriteObject", is_optional: false }, :s3_url_for_object => { kind: :method, name: "s3UrlForObject", is_optional: false }, :transfer_acceleration_url_for_object => { kind: :method, name: "transferAccelerationUrlForObject", is_optional: false }, :url_for_object => { kind: :method, name: "urlForObject", is_optional: false }, :virtual_hosted_url_for_object => { kind: :method, name: "virtualHostedUrlForObject", is_optional: false }, } end |
Instance Method Details
#add_event_notification(event, dest, *filters) ⇒ void
This method returns an undefined value.
Adds a bucket notification event destination.
178 179 180 181 182 183 184 185 186 |
# File 's3/i_bucket.rb', line 178 def add_event_notification(event, dest, *filters) Jsii::Type.check_type(event, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfczMuRXZlbnRUeXBlIn0=")), "event") Jsii::Type.check_type(dest, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfczMuSUJ1Y2tldE5vdGlmaWNhdGlvbkRlc3RpbmF0aW9uIn0=")), "dest") filters.map! { |jsii_v0| jsii_v0.is_a?(Hash) ? ::AWSCDK::S3::NotificationKeyFilter.new(**jsii_v0.transform_keys(&:to_sym)) : jsii_v0 } filters.each_with_index do |item, index| Jsii::Type.check_type(item, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfczMuTm90aWZpY2F0aW9uS2V5RmlsdGVyIn0=")), "filters[#{index}]") end jsii_call_method("addEventNotification", [event, dest, *filters]) end |
#add_object_created_notification(dest, *filters) ⇒ void
This method returns an undefined value.
Subscribes a destination to receive notifications when an object is created in the bucket.
This is identical to calling
onEvent(s3.EventType.OBJECT_CREATED).
196 197 198 199 200 201 202 203 |
# File 's3/i_bucket.rb', line 196 def add_object_created_notification(dest, *filters) Jsii::Type.check_type(dest, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfczMuSUJ1Y2tldE5vdGlmaWNhdGlvbkRlc3RpbmF0aW9uIn0=")), "dest") filters.map! { |jsii_v0| jsii_v0.is_a?(Hash) ? ::AWSCDK::S3::NotificationKeyFilter.new(**jsii_v0.transform_keys(&:to_sym)) : jsii_v0 } filters.each_with_index do |item, index| Jsii::Type.check_type(item, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfczMuTm90aWZpY2F0aW9uS2V5RmlsdGVyIn0=")), "filters[#{index}]") end jsii_call_method("addObjectCreatedNotification", [dest, *filters]) end |
#add_object_removed_notification(dest, *filters) ⇒ void
This method returns an undefined value.
Subscribes a destination to receive notifications when an object is removed from the bucket.
This is identical to calling
onEvent(EventType.OBJECT_REMOVED).
213 214 215 216 217 218 219 220 |
# File 's3/i_bucket.rb', line 213 def add_object_removed_notification(dest, *filters) Jsii::Type.check_type(dest, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfczMuSUJ1Y2tldE5vdGlmaWNhdGlvbkRlc3RpbmF0aW9uIn0=")), "dest") filters.map! { |jsii_v0| jsii_v0.is_a?(Hash) ? ::AWSCDK::S3::NotificationKeyFilter.new(**jsii_v0.transform_keys(&:to_sym)) : jsii_v0 } filters.each_with_index do |item, index| Jsii::Type.check_type(item, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfczMuTm90aWZpY2F0aW9uS2V5RmlsdGVyIn0=")), "filters[#{index}]") end jsii_call_method("addObjectRemovedNotification", [dest, *filters]) end |
#add_replication_policy(role_arn, access_control_transition = nil, account = nil) ⇒ void
This method returns an undefined value.
Function to add required permissions to the destination bucket for cross account replication.
These permissions will be added as a resource based policy on the bucket.
231 232 233 234 235 236 |
# File 's3/i_bucket.rb', line 231 def add_replication_policy(role_arn, access_control_transition = nil, account = nil) Jsii::Type.check_type(role_arn, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "roleArn") Jsii::Type.check_type(access_control_transition, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "accessControlTransition") unless access_control_transition.nil? Jsii::Type.check_type(account, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "account") unless account.nil? jsii_call_method("addReplicationPolicy", [role_arn, access_control_transition, account]) end |
#add_to_resource_policy(permission) ⇒ AWSCDK::IAM::AddToResourcePolicyResult
Adds a statement to the resource policy for a principal (i.e. account/role/service) to perform actions on this bucket and/or its contents. Use bucketArn and arnForObjects(keys) to obtain ARNs for this bucket or objects.
Note that the policy statement may or may not be added to the policy.
For example, when an IBucket is created from an existing bucket,
it's not possible to tell whether the bucket already has a policy
attached, let alone to re-use that policy to add more statements to it.
So it's safest to do nothing in these cases.
248 249 250 251 |
# File 's3/i_bucket.rb', line 248 def add_to_resource_policy() Jsii::Type.check_type(, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLlBvbGljeVN0YXRlbWVudCJ9")), "permission") jsii_call_method("addToResourcePolicy", []) end |
#apply_removal_policy(policy) ⇒ void
This method returns an undefined value.
Apply the given removal policy to this resource.
The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.
The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS
account for data recovery and cleanup later (RemovalPolicy.RETAIN).
160 161 162 163 |
# File 's3/i_bucket.rb', line 160 def apply_removal_policy(policy) Jsii::Type.check_type(policy, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5SZW1vdmFsUG9saWN5In0=")), "policy") jsii_call_method("applyRemovalPolicy", [policy]) end |
#arn_for_objects(key_pattern) ⇒ String
Returns an ARN that represents all objects within the bucket that match the key pattern specified.
To represent all keys, specify "*".
259 260 261 262 |
# File 's3/i_bucket.rb', line 259 def arn_for_objects(key_pattern) Jsii::Type.check_type(key_pattern, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "keyPattern") jsii_call_method("arnForObjects", [key_pattern]) end |
#bucket_arn ⇒ String
The ARN of the bucket.
47 48 49 |
# File 's3/i_bucket.rb', line 47 def bucket_arn() jsii_get_property("bucketArn") end |
#bucket_domain_name ⇒ String
The IPv4 DNS name of the specified bucket.
54 55 56 |
# File 's3/i_bucket.rb', line 54 def bucket_domain_name() jsii_get_property("bucketDomainName") end |
#bucket_dual_stack_domain_name ⇒ String
The IPv6 DNS name of the specified bucket.
61 62 63 |
# File 's3/i_bucket.rb', line 61 def bucket_dual_stack_domain_name() jsii_get_property("bucketDualStackDomainName") end |
#bucket_name ⇒ String
The name of the bucket.
68 69 70 |
# File 's3/i_bucket.rb', line 68 def bucket_name() jsii_get_property("bucketName") end |
#bucket_ref ⇒ AWSCDK::Interfaces::AWSS3::BucketReference
A reference to a Bucket resource.
40 41 42 |
# File 's3/i_bucket.rb', line 40 def bucket_ref() jsii_get_property("bucketRef") end |
#bucket_regional_domain_name ⇒ String
The regional domain name of the specified bucket.
75 76 77 |
# File 's3/i_bucket.rb', line 75 def bucket_regional_domain_name() jsii_get_property("bucketRegionalDomainName") end |
#bucket_website_domain_name ⇒ String
The Domain name of the static website.
82 83 84 |
# File 's3/i_bucket.rb', line 82 def bucket_website_domain_name() jsii_get_property("bucketWebsiteDomainName") end |
#bucket_website_url ⇒ String
The URL of the static website.
89 90 91 |
# File 's3/i_bucket.rb', line 89 def bucket_website_url() jsii_get_property("bucketWebsiteUrl") end |
#enable_event_bridge_notification ⇒ void
This method returns an undefined value.
Enables event bridge notification, causing all events below to be sent to EventBridge:.
- Object Deleted (DeleteObject)
- Object Deleted (Lifecycle expiration)
- Object Restore Initiated
- Object Restore Completed
- Object Restore Expired
- Object Storage Class Changed
- Object Access Tier Changed
- Object ACL Updated
- Object Tags Added
- Object Tags Deleted
278 279 280 |
# File 's3/i_bucket.rb', line 278 def enable_event_bridge_notification() jsii_call_method("enableEventBridgeNotification", []) end |
#encryption_key ⇒ AWSCDK::KMS::IKey?
Optional KMS encryption key associated with this bucket.
96 97 98 |
# File 's3/i_bucket.rb', line 96 def encryption_key() jsii_get_property("encryptionKey") end |
#env ⇒ AWSCDK::Interfaces::ResourceEnvironment
The environment this resource belongs to.
For resources that are created and managed in a Stack (those created by
creating new class instances like new Role(), new Bucket(), etc.), this
is always the same as the environment of the stack they belong to.
For referenced resources (those obtained from referencing methods like
Role.fromRoleArn(), Bucket.fromBucketName(), etc.), they might be
different than the stack they were imported into.
26 27 28 |
# File 's3/i_bucket.rb', line 26 def env() jsii_get_property("env") end |
#grant_delete(identity, objects_key_pattern = nil) ⇒ AWSCDK::IAM::Grant
Grants s3:DeleteObject* permission to an IAM principal for objects in this bucket.
287 288 289 290 291 |
# File 's3/i_bucket.rb', line 287 def grant_delete(identity, objects_key_pattern = nil) Jsii::Type.check_type(identity, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "identity") Jsii::Type.check_type(objects_key_pattern, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJhbnkifQ==")), "objectsKeyPattern") unless objects_key_pattern.nil? jsii_call_method("grantDelete", [identity, objects_key_pattern]) end |
#grant_public_access(key_prefix = nil, *allowed_actions) ⇒ AWSCDK::IAM::Grant
Allows unrestricted access to objects from this bucket.
IMPORTANT: This permission allows anyone to perform actions on S3 objects in this bucket, which is useful for when you configure your bucket as a website and want everyone to be able to read objects in the bucket without needing to authenticate.
Without arguments, this method will grant read ("s3:GetObject") access to all objects ("*") in the bucket.
The method returns the iam.Grant object, which can then be modified
as needed. For example, you can add a condition that will restrict access only
to an IPv4 range like this:
const grant = bucket.grantPublicAccess();
grant.resourceStatement!.addCondition(‘IpAddress’, { “aws:SourceIp”: “54.240.143.0/24” });
315 316 317 318 319 320 321 |
# File 's3/i_bucket.rb', line 315 def grant_public_access(key_prefix = nil, *allowed_actions) Jsii::Type.check_type(key_prefix, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "keyPrefix") unless key_prefix.nil? allowed_actions.each_with_index do |item, index| Jsii::Type.check_type(item, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "allowedActions[#{index}]") end jsii_call_method("grantPublicAccess", [key_prefix, *allowed_actions]) end |
#grant_put(identity, objects_key_pattern = nil) ⇒ AWSCDK::IAM::Grant
Grants s3:PutObject* and s3:Abort* permissions for this bucket to an IAM principal.
If encryption is used, permission to use the key to encrypt the contents of written files will also be granted to the same principal.
331 332 333 334 335 |
# File 's3/i_bucket.rb', line 331 def grant_put(identity, objects_key_pattern = nil) Jsii::Type.check_type(identity, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "identity") Jsii::Type.check_type(objects_key_pattern, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJhbnkifQ==")), "objectsKeyPattern") unless objects_key_pattern.nil? jsii_call_method("grantPut", [identity, objects_key_pattern]) end |
#grant_put_acl(identity, objects_key_pattern = nil) ⇒ AWSCDK::IAM::Grant
Grant the given IAM identity permissions to modify the ACLs of objects in the given Bucket.
If your application has the '@aws-cdk/aws-s3:grantWriteWithoutAcl' feature flag set,
calling grant_write or grant_read_write no longer grants permissions to modify the ACLs of the objects;
in this case, if you need to modify object ACLs, call this method explicitly.
346 347 348 349 350 |
# File 's3/i_bucket.rb', line 346 def grant_put_acl(identity, objects_key_pattern = nil) Jsii::Type.check_type(identity, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "identity") Jsii::Type.check_type(objects_key_pattern, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "objectsKeyPattern") unless objects_key_pattern.nil? jsii_call_method("grantPutAcl", [identity, objects_key_pattern]) end |
#grant_read(identity, objects_key_pattern = nil) ⇒ AWSCDK::IAM::Grant
Grant read permissions for this bucket and its contents to an IAM principal (Role/Group/User).
If encryption is used, permission to use the key to decrypt the contents of the bucket will also be granted to the same principal.
360 361 362 363 364 |
# File 's3/i_bucket.rb', line 360 def grant_read(identity, objects_key_pattern = nil) Jsii::Type.check_type(identity, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "identity") Jsii::Type.check_type(objects_key_pattern, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJhbnkifQ==")), "objectsKeyPattern") unless objects_key_pattern.nil? jsii_call_method("grantRead", [identity, objects_key_pattern]) end |
#grant_read_write(identity, objects_key_pattern = nil) ⇒ AWSCDK::IAM::Grant
Grants read/write permissions for this bucket and its contents to an IAM principal (Role/Group/User).
If an encryption key is used, permission to use the key for encrypt/decrypt will also be granted.
Before CDK version 1.85.0, this method granted the s3:PutObject* permission that included s3:PutObjectAcl,
which could be used to grant read/write object access to IAM principals in other accounts.
If you want to get rid of that behavior, update your CDK version to 1.85.0 or later,
and make sure the @aws-cdk/aws-s3:grantWriteWithoutAcl feature flag is set to true
in the context key of your cdk.json file.
If you've already updated, but still need the principal to have permissions to modify the ACLs,
use the grant_put_acl method.
382 383 384 385 386 |
# File 's3/i_bucket.rb', line 382 def grant_read_write(identity, objects_key_pattern = nil) Jsii::Type.check_type(identity, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "identity") Jsii::Type.check_type(objects_key_pattern, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJhbnkifQ==")), "objectsKeyPattern") unless objects_key_pattern.nil? jsii_call_method("grantReadWrite", [identity, objects_key_pattern]) end |
#grant_replication_permission(identity, props) ⇒ AWSCDK::IAM::Grant
Allows permissions for replication operation to bucket replication role.
If an encryption key is used, permission to use the key for encrypt/decrypt will also be granted.
396 397 398 399 400 401 |
# File 's3/i_bucket.rb', line 396 def (identity, props) Jsii::Type.check_type(identity, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "identity") props = props.is_a?(Hash) ? ::AWSCDK::S3::GrantReplicationPermissionProps.new(**props.transform_keys(&:to_sym)) : props Jsii::Type.check_type(props, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfczMuR3JhbnRSZXBsaWNhdGlvblBlcm1pc3Npb25Qcm9wcyJ9")), "props") jsii_call_method("grantReplicationPermission", [identity, props]) end |
#grant_write(identity, objects_key_pattern = nil, allowed_action_patterns = nil) ⇒ AWSCDK::IAM::Grant
Grant write permissions to this bucket to an IAM principal.
If encryption is used, permission to use the key to encrypt the contents of written files will also be granted to the same principal.
Before CDK version 1.85.0, this method granted the s3:PutObject* permission that included s3:PutObjectAcl,
which could be used to grant read/write object access to IAM principals in other accounts.
If you want to get rid of that behavior, update your CDK version to 1.85.0 or later,
and make sure the @aws-cdk/aws-s3:grantWriteWithoutAcl feature flag is set to true
in the context key of your cdk.json file.
If you've already updated, but still need the principal to have permissions to modify the ACLs,
use the grant_put_acl method.
420 421 422 423 424 425 |
# File 's3/i_bucket.rb', line 420 def grant_write(identity, objects_key_pattern = nil, allowed_action_patterns = nil) Jsii::Type.check_type(identity, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "identity") Jsii::Type.check_type(objects_key_pattern, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJhbnkifQ==")), "objectsKeyPattern") unless objects_key_pattern.nil? Jsii::Type.check_type(allowed_action_patterns, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7InByaW1pdGl2ZSI6InN0cmluZyJ9LCJraW5kIjoiYXJyYXkifX0=")), "allowedActionPatterns") unless allowed_action_patterns.nil? jsii_call_method("grantWrite", [identity, objects_key_pattern, allowed_action_patterns]) end |
#is_website ⇒ Boolean?
If this bucket has been configured for static website hosting.
103 104 105 |
# File 's3/i_bucket.rb', line 103 def is_website() jsii_get_property("isWebsite") end |
#node ⇒ Constructs::Node
The tree node.
11 12 13 |
# File 's3/i_bucket.rb', line 11 def node() jsii_get_property("node") end |
#on_cloud_trail_event(id, options = nil) ⇒ AWSCDK::Events::Rule
Defines a CloudWatch event that triggers when something happens to this bucket.
Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail.
435 436 437 438 439 440 |
# File 's3/i_bucket.rb', line 435 def on_cloud_trail_event(id, = nil) Jsii::Type.check_type(id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "id") = .is_a?(Hash) ? ::AWSCDK::S3::OnCloudTrailBucketEventOptions.new(**.transform_keys(&:to_sym)) : Jsii::Type.check_type(, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfczMuT25DbG91ZFRyYWlsQnVja2V0RXZlbnRPcHRpb25zIn0=")), "options") unless .nil? jsii_call_method("onCloudTrailEvent", [id, ]) end |
#on_cloud_trail_put_object(id, options = nil) ⇒ AWSCDK::Events::Rule
Defines an AWS CloudWatch event that triggers when an object is uploaded to the specified paths (keys) in this bucket using the PutObject API call.
Note that some tools like aws s3 cp will automatically use either
PutObject or the multipart upload API depending on the file size,
so using on_cloud_trail_write_object may be preferable.
Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail.
454 455 456 457 458 459 |
# File 's3/i_bucket.rb', line 454 def on_cloud_trail_put_object(id, = nil) Jsii::Type.check_type(id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "id") = .is_a?(Hash) ? ::AWSCDK::S3::OnCloudTrailBucketEventOptions.new(**.transform_keys(&:to_sym)) : Jsii::Type.check_type(, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfczMuT25DbG91ZFRyYWlsQnVja2V0RXZlbnRPcHRpb25zIn0=")), "options") unless .nil? jsii_call_method("onCloudTrailPutObject", [id, ]) end |
#on_cloud_trail_write_object(id, options = nil) ⇒ AWSCDK::Events::Rule
Defines an AWS CloudWatch event that triggers when an object at the specified paths (keys) in this bucket are written to.
This includes the events PutObject, CopyObject, and CompleteMultipartUpload.
Note that some tools like aws s3 cp will automatically use either
PutObject or the multipart upload API depending on the file size,
so using this method may be preferable to on_cloud_trail_put_object.
Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail.
476 477 478 479 480 481 |
# File 's3/i_bucket.rb', line 476 def on_cloud_trail_write_object(id, = nil) Jsii::Type.check_type(id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "id") = .is_a?(Hash) ? ::AWSCDK::S3::OnCloudTrailBucketEventOptions.new(**.transform_keys(&:to_sym)) : Jsii::Type.check_type(, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfczMuT25DbG91ZFRyYWlsQnVja2V0RXZlbnRPcHRpb25zIn0=")), "options") unless .nil? jsii_call_method("onCloudTrailWriteObject", [id, ]) end |
#policy ⇒ AWSCDK::S3::BucketPolicy?
The resource policy associated with this bucket.
If auto_create_policy is true, a BucketPolicy will be created upon the
first call to addToResourcePolicy(s).
113 114 115 |
# File 's3/i_bucket.rb', line 113 def policy() jsii_get_property("policy") end |
#policy=(value) ⇒ Object
117 118 119 120 |
# File 's3/i_bucket.rb', line 117 def policy=(value) Jsii::Type.check_type(value, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfczMuQnVja2V0UG9saWN5In0=")), "policy") unless value.nil? jsii_set_property("policy", value) end |
#replication_role_arn ⇒ String?
Role used to set up permissions on this bucket for replication.
125 126 127 |
# File 's3/i_bucket.rb', line 125 def replication_role_arn() jsii_get_property("replicationRoleArn") end |
#replication_role_arn=(value) ⇒ Object
129 130 131 132 |
# File 's3/i_bucket.rb', line 129 def replication_role_arn=(value) Jsii::Type.check_type(value, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "replicationRoleArn") unless value.nil? jsii_set_property("replicationRoleArn", value) end |
#s3_url_for_object(key = nil) ⇒ String
The S3 URL of an S3 object.
For example:
s3://onlybuckets3://bucket/key
492 493 494 495 |
# File 's3/i_bucket.rb', line 492 def s3_url_for_object(key = nil) Jsii::Type.check_type(key, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "key") unless key.nil? jsii_call_method("s3UrlForObject", [key]) end |
#stack ⇒ AWSCDK::Stack
The stack in which this resource is defined.
33 34 35 |
# File 's3/i_bucket.rb', line 33 def stack() jsii_get_property("stack") end |
#transfer_acceleration_url_for_object(key = nil, options = nil) ⇒ String
The https Transfer Acceleration URL of an S3 object.
Specify dualStack: true at the options
for dual-stack endpoint (connect to the bucket over IPv6). For example:
https://bucket.s3-accelerate.amazonaws.comhttps://bucket.s3-accelerate.amazonaws.com/key
508 509 510 511 512 513 |
# File 's3/i_bucket.rb', line 508 def transfer_acceleration_url_for_object(key = nil, = nil) Jsii::Type.check_type(key, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "key") unless key.nil? = .is_a?(Hash) ? ::AWSCDK::S3::TransferAccelerationURLOptions.new(**.transform_keys(&:to_sym)) : Jsii::Type.check_type(, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfczMuVHJhbnNmZXJBY2NlbGVyYXRpb25VcmxPcHRpb25zIn0=")), "options") unless .nil? jsii_call_method("transferAccelerationUrlForObject", [key, ]) end |
#url_for_object(key = nil) ⇒ String
The https URL of an S3 object. For example:.
https://s3.us-west-1.amazonaws.com/onlybuckethttps://s3.us-west-1.amazonaws.com/bucket/keyhttps://s3.cn-north-1.amazonaws.com.cn/china-bucket/mykey
523 524 525 526 |
# File 's3/i_bucket.rb', line 523 def url_for_object(key = nil) Jsii::Type.check_type(key, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "key") unless key.nil? jsii_call_method("urlForObject", [key]) end |
#virtual_hosted_url_for_object(key = nil, options = nil) ⇒ String
The virtual hosted-style URL of an S3 object. Specify regional: false at the options for non-regional URL. For example:.
https://only-bucket.s3.us-west-1.amazonaws.comhttps://bucket.s3.us-west-1.amazonaws.com/keyhttps://bucket.s3.amazonaws.com/keyhttps://china-bucket.s3.cn-north-1.amazonaws.com.cn/mykey
538 539 540 541 542 543 |
# File 's3/i_bucket.rb', line 538 def virtual_hosted_url_for_object(key = nil, = nil) Jsii::Type.check_type(key, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "key") unless key.nil? = .is_a?(Hash) ? ::AWSCDK::S3::VirtualHostedStyleURLOptions.new(**.transform_keys(&:to_sym)) : Jsii::Type.check_type(, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfczMuVmlydHVhbEhvc3RlZFN0eWxlVXJsT3B0aW9ucyJ9")), "options") unless .nil? jsii_call_method("virtualHostedUrlForObject", [key, ]) end |
#with(*mixins) ⇒ Constructs::IConstruct
Applies one or more mixins to this construct.
Mixins are applied in order. The list of constructs is captured at the start of the call, so constructs added by a mixin will not be visited.
141 142 143 144 145 146 |
# File 's3/i_bucket.rb', line 141 def with(*mixins) mixins.each_with_index do |item, index| Jsii::Type.check_type(item, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJjb25zdHJ1Y3RzLklNaXhpbiJ9")), "mixins[#{index}]") end jsii_call_method("with", [*mixins]) end |