@aws-cdk/aws-s3

constructor

constructor(options: BlockPublicAccessOptions);

property BLOCK_ACLS

static readonly BLOCK_ACLS: BlockPublicAccess;

property BLOCK_ALL

static readonly BLOCK_ALL: BlockPublicAccess;

property blockPublicAcls

blockPublicAcls: boolean;

property blockPublicPolicy

blockPublicPolicy: boolean;

property ignorePublicAcls

ignorePublicAcls: boolean;

property restrictPublicBuckets

restrictPublicBuckets: boolean;

constructor

constructor(scope: Construct, id: string, props?: BucketProps);

property autoCreatePolicy

protected autoCreatePolicy: boolean;

property bucketArn

readonly bucketArn: string;

property bucketDomainName

readonly bucketDomainName: string;

property bucketDualStackDomainName

readonly bucketDualStackDomainName: string;

property bucketName

readonly bucketName: string;

property bucketRegionalDomainName

readonly bucketRegionalDomainName: string;

property bucketWebsiteDomainName

readonly bucketWebsiteDomainName: string;

property bucketWebsiteUrl

readonly bucketWebsiteUrl: string;

property disallowPublicAccess

protected disallowPublicAccess?: boolean;

property encryptionKey

readonly encryptionKey?: kms.IKey;

property isWebsite

readonly isWebsite?: boolean;

property policy

policy?: BucketPolicy;

method addCorsRule

addCorsRule: (rule: CorsRule) => void;

• Adds a cross-origin access configuration for objects in an Amazon S3 bucket

  Parameter rule

  The CORS configuration rule to add

method addInventory

addInventory: (inventory: Inventory) => void;

• Add an inventory configuration.

  Parameter inventory

  configuration to add

method addLifecycleRule

addLifecycleRule: (rule: LifecycleRule) => void;

• Add a lifecycle rule to the bucket

  Parameter rule

  The rule to add

method addMetric

addMetric: (metric: BucketMetrics) => void;

• Adds a metrics configuration for the CloudWatch request metrics from the bucket.

  Parameter metric

  The metric configuration to add

method fromBucketArn

static fromBucketArn: (
    scope: Construct,
    id: string,
    bucketArn: string
) => IBucket;

method fromBucketAttributes

static fromBucketAttributes: (
    scope: Construct,
    id: string,
    attrs: BucketAttributes
) => IBucket;

• Creates a Bucket construct that represents an external bucket.

  Parameter scope

  The parent creating construct (usually this).

  Parameter id

  The construct's name.

  Parameter attrs

  A BucketAttributes object. Can be obtained from a call to bucket.export() or manually created.

method fromBucketName

static fromBucketName: (
    scope: Construct,
    id: string,
    bucketName: string
) => IBucket;

method validateBucketName

static validateBucketName: (physicalName: string) => void;

• Thrown an exception if the given bucket name is not valid.

  Parameter physicalName

  name of the bucket.

constructor

constructor(scope: Construct, id: string, props?: ResourceProps);

property autoCreatePolicy

protected abstract autoCreatePolicy: boolean;

• Indicates if a bucket resource policy should automatically created upon the first call to addToResourcePolicy.

property bucketArn

abstract readonly bucketArn: string;

property bucketDomainName

abstract readonly bucketDomainName: string;

property bucketDualStackDomainName

abstract readonly bucketDualStackDomainName: string;

property bucketName

abstract readonly bucketName: string;

property bucketRegionalDomainName

abstract readonly bucketRegionalDomainName: string;

property bucketWebsiteDomainName

abstract readonly bucketWebsiteDomainName: string;

property bucketWebsiteUrl

abstract readonly bucketWebsiteUrl: string;

property disallowPublicAccess

protected abstract disallowPublicAccess?: boolean;

• Whether to disallow public access

property encryptionKey

abstract readonly encryptionKey?: kms.IKey;

• Optional KMS encryption key associated with this bucket.

property isWebsite

abstract readonly isWebsite?: boolean;

• If this bucket has been configured for static website hosting.

property notificationsHandlerRole

protected notificationsHandlerRole?: iam.IRole;

property policy

abstract policy?: BucketPolicy;

• The resource policy associated with this bucket.

  If autoCreatePolicy is true, a BucketPolicy will be created upon the first call to addToResourcePolicy(s).

method addEventNotification

addEventNotification: (
    event: EventType,
    dest: IBucketNotificationDestination,
    ...filters: NotificationKeyFilter[]
) => void;

• Adds a bucket notification event destination.

  Parameter event

  The event to trigger the notification

  Parameter dest

  The notification destination (Lambda, SNS Topic or SQS Queue)

  Parameter filters

  S3 object key filter rules to determine which objects trigger this event. Each filter must include a prefix and/or suffix that will be matched against the s3 object key. Refer to the S3 Developer Guide for details about allowed filter rules.

  Example 1

  declare const myLambda: lambda.Function; const bucket = new s3.Bucket(this, 'MyBucket'); bucket.addEventNotification(s3.EventType.OBJECT_CREATED, new s3n.LambdaDestination(myLambda), {prefix: 'home/myusername/*'});

  See Also

  • https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html#notification-how-to-filtering

  • https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html

method addObjectCreatedNotification

addObjectCreatedNotification: (
    dest: IBucketNotificationDestination,
    ...filters: NotificationKeyFilter[]
) => void;

• Subscribes a destination to receive notifications when an object is created in the bucket. This is identical to calling onEvent(EventType.OBJECT_CREATED).

  Parameter dest

  The notification destination (see onEvent)

  Parameter filters

  Filters (see onEvent)

method addObjectRemovedNotification

addObjectRemovedNotification: (
    dest: IBucketNotificationDestination,
    ...filters: NotificationKeyFilter[]
) => void;

• Subscribes a destination to receive notifications when an object is removed from the bucket. This is identical to calling onEvent(EventType.OBJECT_REMOVED).

  Parameter dest

  The notification destination (see onEvent)

  Parameter filters

  Filters (see onEvent)

method addToResourcePolicy

addToResourcePolicy: (
    permission: iam.PolicyStatement
) => iam.AddToResourcePolicyResult;

• Adds a statement to the resource policy for a principal (i.e. account/role/service) to perform actions on this bucket and/or its contents. Use bucketArn and arnForObjects(keys) to obtain ARNs for this bucket or objects.

  Note that the policy statement may or may not be added to the policy. For example, when an IBucket is created from an existing bucket, it's not possible to tell whether the bucket already has a policy attached, let alone to re-use that policy to add more statements to it. So it's safest to do nothing in these cases.

  Parameter permission

  the policy statement to be added to the bucket's policy.

  Returns

  metadata about the execution of this method. If the policy was not added, the value of statementAdded will be false. You should always check this value to make sure that the operation was actually carried out. Otherwise, synthesis and deploy will terminate silently, which may be confusing.

method arnForObjects

arnForObjects: (keyPattern: string) => string;

• Returns an ARN that represents all objects within the bucket that match the key pattern specified. To represent all keys, specify ``"*"``.

  If you need to specify a keyPattern with multiple components, concatenate them into a single string, e.g.:

  arnForObjects(home/${team}/${user}/*)

method enableEventBridgeNotification

protected enableEventBridgeNotification: () => void;

method grantDelete

grantDelete: (identity: iam.IGrantable, objectsKeyPattern?: any) => iam.Grant;

• Grants s3:DeleteObject* permission to an IAM principal for objects in this bucket.

  Parameter identity

  The principal

  Parameter objectsKeyPattern

  Restrict the permission to a certain key pattern (default '*')

method grantPublicAccess

grantPublicAccess: (
    keyPrefix?: string,
    ...allowedActions: string[]
) => iam.Grant;

• Allows unrestricted access to objects from this bucket.

  IMPORTANT: This permission allows anyone to perform actions on S3 objects in this bucket, which is useful for when you configure your bucket as a website and want everyone to be able to read objects in the bucket without needing to authenticate.

  Without arguments, this method will grant read ("s3:GetObject") access to all objects ("*") in the bucket.

  The method returns the iam.Grant object, which can then be modified as needed. For example, you can add a condition that will restrict access only to an IPv4 range like this:

  const grant = bucket.grantPublicAccess(); grant.resourceStatement!.addCondition(‘IpAddress’, { “aws:SourceIp”: “54.240.143.0/24” });

  Note that if this IBucket refers to an existing bucket, possibly not managed by CloudFormation, this method will have no effect, since it's impossible to modify the policy of an existing bucket.

  Parameter keyPrefix

  the prefix of S3 object keys (e.g. home/*). Default is "*".

  Parameter allowedActions

  the set of S3 actions to allow. Default is "s3:GetObject".

method grantPut

grantPut: (identity: iam.IGrantable, objectsKeyPattern?: any) => iam.Grant;

• Grants s3:PutObject* and s3:Abort* permissions for this bucket to an IAM principal.

  If encryption is used, permission to use the key to encrypt the contents of written files will also be granted to the same principal.

  Parameter identity

  The principal

  Parameter objectsKeyPattern

  Restrict the permission to a certain key pattern (default '*')

method grantPutAcl

grantPutAcl: (identity: iam.IGrantable, objectsKeyPattern?: string) => iam.Grant;

method grantRead

grantRead: (identity: iam.IGrantable, objectsKeyPattern?: any) => iam.Grant;

• Grant read permissions for this bucket and it's contents to an IAM principal (Role/Group/User).

  If encryption is used, permission to use the key to decrypt the contents of the bucket will also be granted to the same principal.

  Parameter identity

  The principal

  Parameter objectsKeyPattern

  Restrict the permission to a certain key pattern (default '*')

method grantReadWrite

grantReadWrite: (identity: iam.IGrantable, objectsKeyPattern?: any) => iam.Grant;

method grantWrite

grantWrite: (identity: iam.IGrantable, objectsKeyPattern?: any) => iam.Grant;

method onCloudTrailEvent

onCloudTrailEvent: (
    id: string,
    options?: OnCloudTrailBucketEventOptions
) => events.Rule;

• Define a CloudWatch event that triggers when something happens to this repository

  Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail.

  Parameter id

  The id of the rule

  Parameter options

  Options for adding the rule

method onCloudTrailPutObject

onCloudTrailPutObject: (
    id: string,
    options?: OnCloudTrailBucketEventOptions
) => events.Rule;

• Defines an AWS CloudWatch event that triggers when an object is uploaded to the specified paths (keys) in this bucket using the PutObject API call.

  Note that some tools like aws s3 cp will automatically use either PutObject or the multipart upload API depending on the file size, so using onCloudTrailWriteObject may be preferable.

  Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail.

  Parameter id

  The id of the rule

  Parameter options

  Options for adding the rule

method onCloudTrailWriteObject

onCloudTrailWriteObject: (
    id: string,
    options?: OnCloudTrailBucketEventOptions
) => events.Rule;

• Defines an AWS CloudWatch event that triggers when an object at the specified paths (keys) in this bucket are written to. This includes the events PutObject, CopyObject, and CompleteMultipartUpload.

  Note that some tools like aws s3 cp will automatically use either PutObject or the multipart upload API depending on the file size, so using this method may be preferable to onCloudTrailPutObject.

  Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail.

  Parameter id

  The id of the rule

  Parameter options

  Options for adding the rule

method s3UrlForObject

s3UrlForObject: (key?: string) => string;

• The S3 URL of an S3 object. For example:

  - s3://onlybucket - s3://bucket/key

  Parameter key

  The S3 key of the object. If not specified, the S3 URL of the bucket is returned.

  Returns

  an ObjectS3Url token

method transferAccelerationUrlForObject

transferAccelerationUrlForObject: (
    key?: string,
    options?: TransferAccelerationUrlOptions
) => string;

• The https Transfer Acceleration URL of an S3 object. Specify dualStack: true at the options for dual-stack endpoint (connect to the bucket over IPv6). For example:

  - https://bucket.s3-accelerate.amazonaws.com - https://bucket.s3-accelerate.amazonaws.com/key

  Parameter key

  The S3 key of the object. If not specified, the URL of the bucket is returned.

  Parameter options

  Options for generating URL.

  Returns

  an TransferAccelerationUrl token

method urlForObject

urlForObject: (key?: string) => string;

• The https URL of an S3 object. Specify regional: false at the options for non-regional URLs. For example:

  - https://s3.us-west-1.amazonaws.com/onlybucket - https://s3.us-west-1.amazonaws.com/bucket/key - https://s3.cn-north-1.amazonaws.com.cn/china-bucket/mykey

  Parameter key

  The S3 key of the object. If not specified, the URL of the bucket is returned.

  Returns

  an ObjectS3Url token

method validate

protected validate: () => string[];

method virtualHostedUrlForObject

virtualHostedUrlForObject: (
    key?: string,
    options?: VirtualHostedStyleUrlOptions
) => string;

• The virtual hosted-style URL of an S3 object. Specify regional: false at the options for non-regional URL. For example:

  - https://only-bucket.s3.us-west-1.amazonaws.com - https://bucket.s3.us-west-1.amazonaws.com/key - https://bucket.s3.amazonaws.com/key - https://china-bucket.s3.cn-north-1.amazonaws.com.cn/mykey

  Parameter key

  The S3 key of the object. If not specified, the URL of the bucket is returned.

  Parameter options

  Options for generating URL.

  Returns

  an ObjectS3Url token

constructor

constructor(scope: Construct, id: string, props: BucketPolicyProps);

property document

readonly document: PolicyDocument;

• A policy document containing permissions to add to the specified bucket. For more information, see Access Policy Language Overview in the Amazon Simple Storage Service Developer Guide.

method applyRemovalPolicy

applyRemovalPolicy: (removalPolicy: RemovalPolicy) => void;

• Sets the removal policy for the BucketPolicy.

  Parameter removalPolicy

  the RemovalPolicy to set.

constructor

constructor(scope: cdk.Construct, id: string, props: CfnAccessPointProps);

• Create a new AWS::S3::AccessPoint.

  Parameter scope

  scope in which this resource is defined

  Parameter id

  scoped id of the resource

  Parameter props

  resource properties

property attrAlias

readonly attrAlias: string;

• The alias for this access point. Alias

property attrArn

readonly attrArn: string;

• This property contains the details of the ARN for the access point. Arn

property attrName

readonly attrName: string;

• The name of this access point. Name

property attrNetworkOrigin

readonly attrNetworkOrigin: string;

• Indicates whether this access point allows access from the internet. If VpcConfiguration is specified for this access point, then NetworkOrigin is VPC , and the access point doesn't allow access from the internet. Otherwise, NetworkOrigin is Internet , and the access point allows access from the internet, subject to the access point and bucket access policies.

  *Allowed values* : VPC | Internet NetworkOrigin

property bucket

bucket: string;

• The name of the bucket associated with this access point.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html#cfn-s3-accesspoint-bucket

property bucketAccountId

bucketAccountId: string;

• The AWS account ID associated with the S3 bucket associated with this access point.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html#cfn-s3-accesspoint-bucketaccountid

property CFN_RESOURCE_TYPE_NAME

static readonly CFN_RESOURCE_TYPE_NAME: string;

• The CloudFormation resource type name for this resource class.

property cfnProperties

readonly cfnProperties: { [key: string]: any };

property name

name: string;

• The name of this access point. If you don't specify a name, AWS CloudFormation generates a unique ID and uses that ID for the access point name.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html#cfn-s3-accesspoint-name

property policy

policy: any;

• The access point policy associated with this access point.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html#cfn-s3-accesspoint-policy

property publicAccessBlockConfiguration

publicAccessBlockConfiguration: any;

• The PublicAccessBlock configuration that you want to apply to this Amazon S3 bucket. You can enable the configuration options in any combination. For more information about when Amazon S3 considers a bucket or object public, see [The Meaning of "Public"](https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status) in the *Amazon S3 User Guide* .

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html#cfn-s3-accesspoint-publicaccessblockconfiguration

property vpcConfiguration

vpcConfiguration: any;

• The Virtual Private Cloud (VPC) configuration for this access point, if one exists.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html#cfn-s3-accesspoint-vpcconfiguration

method inspect

inspect: (inspector: cdk.TreeInspector) => void;

• Examines the CloudFormation resource and discloses attributes.

  Parameter inspector

  tree inspector to collect and process attributes

method renderProperties

protected renderProperties: (props: { [key: string]: any }) => {
    [key: string]: any;
};

constructor

constructor(scope: cdk.Construct, id: string, props?: CfnBucketProps);

• Create a new AWS::S3::Bucket.

  Parameter scope

  scope in which this resource is defined

  Parameter id

  scoped id of the resource

  Parameter props

  resource properties

property accelerateConfiguration

accelerateConfiguration: any;

• Configures the transfer acceleration state for an Amazon S3 bucket. For more information, see [Amazon S3 Transfer Acceleration](https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html) in the *Amazon S3 User Guide* .

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-accelerateconfiguration

property accessControl

accessControl: string;

• A canned access control list (ACL) that grants predefined permissions to the bucket. For more information about canned ACLs, see [Canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl) in the *Amazon S3 User Guide* .

  Be aware that the syntax for this property differs from the information provided in the *Amazon S3 User Guide* . The AccessControl property is case-sensitive and must be one of the following values: Private, PublicRead, PublicReadWrite, AuthenticatedRead, LogDeliveryWrite, BucketOwnerRead, BucketOwnerFullControl, or AwsExecRead.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-accesscontrol

property analyticsConfigurations

analyticsConfigurations: any;

• Specifies the configuration and any analyses for the analytics filter of an Amazon S3 bucket.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-analyticsconfigurations

property attrArn

readonly attrArn: string;

• Returns the Amazon Resource Name (ARN) of the specified bucket.

  Example: arn:aws:s3:::DOC-EXAMPLE-BUCKET Arn

property attrDomainName

readonly attrDomainName: string;

• Returns the IPv4 DNS name of the specified bucket.

  Example: DOC-EXAMPLE-BUCKET.s3.amazonaws.com DomainName

property attrDualStackDomainName

readonly attrDualStackDomainName: string;

• Returns the IPv6 DNS name of the specified bucket.

  Example: DOC-EXAMPLE-BUCKET.s3.dualstack.us-east-2.amazonaws.com

  For more information about dual-stack endpoints, see [Using Amazon S3 Dual-Stack Endpoints](https://docs.aws.amazon.com/AmazonS3/latest/dev/dual-stack-endpoints.html) . DualStackDomainName

property attrRegionalDomainName

readonly attrRegionalDomainName: string;

• Returns the regional domain name of the specified bucket.

  Example: DOC-EXAMPLE-BUCKET.s3.us-east-2.amazonaws.com RegionalDomainName

property attrWebsiteUrl

readonly attrWebsiteUrl: string;

• Returns the Amazon S3 website endpoint for the specified bucket.

  Example (IPv4): http://DOC-EXAMPLE-BUCKET.s3-website.us-east-2.amazonaws.com

  Example (IPv6): http://DOC-EXAMPLE-BUCKET.s3.dualstack.us-east-2.amazonaws.com WebsiteURL

property bucketEncryption

bucketEncryption: any;

• Specifies default encryption for a bucket using server-side encryption with Amazon S3-managed keys (SSE-S3) or AWS KMS-managed keys (SSE-KMS) bucket. For information about the Amazon S3 default encryption feature, see [Amazon S3 Default Encryption for S3 Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) in the *Amazon S3 User Guide* .

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-bucketencryption

property bucketName

bucketName: string;

• A name for the bucket. If you don't specify a name, AWS CloudFormation generates a unique ID and uses that ID for the bucket name. The bucket name must contain only lowercase letters, numbers, periods (.), and dashes (-) and must follow [Amazon S3 bucket restrictions and limitations](https://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html) . For more information, see [Rules for naming Amazon S3 buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html#bucketnamingrules) in the *Amazon S3 User Guide* .

  > If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you need to replace the resource, specify a new name.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-name

property CFN_RESOURCE_TYPE_NAME

static readonly CFN_RESOURCE_TYPE_NAME: string;

• The CloudFormation resource type name for this resource class.

property cfnProperties

readonly cfnProperties: { [key: string]: any };

property corsConfiguration

corsConfiguration: any;

• Describes the cross-origin access configuration for objects in an Amazon S3 bucket. For more information, see [Enabling Cross-Origin Resource Sharing](https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html) in the *Amazon S3 User Guide* .

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-crossoriginconfig

property intelligentTieringConfigurations

intelligentTieringConfigurations: any;

• Defines how Amazon S3 handles Intelligent-Tiering storage.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-intelligenttieringconfigurations

property inventoryConfigurations

inventoryConfigurations: any;

• Specifies the inventory configuration for an Amazon S3 bucket. For more information, see [GET Bucket inventory](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETInventoryConfig.html) in the *Amazon S3 API Reference* .

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-inventoryconfigurations

property lifecycleConfiguration

lifecycleConfiguration: any;

• Specifies the lifecycle configuration for objects in an Amazon S3 bucket. For more information, see [Object Lifecycle Management](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html) in the *Amazon S3 User Guide* .

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-lifecycleconfig

property loggingConfiguration

loggingConfiguration: any;

• Settings that define where logs are stored.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-loggingconfig

property metricsConfigurations

metricsConfigurations: any;

• Specifies a metrics configuration for the CloudWatch request metrics (specified by the metrics configuration ID) from an Amazon S3 bucket. If you're updating an existing metrics configuration, note that this is a full replacement of the existing metrics configuration. If you don't include the elements you want to keep, they are erased. For more information, see [PutBucketMetricsConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTMetricConfiguration.html) .

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-metricsconfigurations

property notificationConfiguration

notificationConfiguration: any;

• Configuration that defines how Amazon S3 handles bucket notifications.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-notification

property objectLockConfiguration

objectLockConfiguration: any;

• Places an Object Lock configuration on the specified bucket. The rule specified in the Object Lock configuration will be applied by default to every new object placed in the specified bucket. For more information, see [Locking Objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html) .

  > - The DefaultRetention settings require both a mode and a period. > - The DefaultRetention period can be either Days or Years but you must select one. You cannot specify Days and Years at the same time. > - You can only enable Object Lock for new buckets. If you want to turn on Object Lock for an existing bucket, contact AWS Support.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-objectlockconfiguration

property objectLockEnabled

objectLockEnabled: any;

• Indicates whether this bucket has an Object Lock configuration enabled. Enable ObjectLockEnabled when you apply ObjectLockConfiguration to a bucket.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-objectlockenabled

property ownershipControls

ownershipControls: any;

• Configuration that defines how Amazon S3 handles Object Ownership rules.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-ownershipcontrols

property publicAccessBlockConfiguration

publicAccessBlockConfiguration: any;

• Configuration that defines how Amazon S3 handles public access.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-publicaccessblockconfiguration

property replicationConfiguration

replicationConfiguration: any;

• Configuration for replicating objects in an S3 bucket. To enable replication, you must also enable versioning by using the VersioningConfiguration property.

  Amazon S3 can store replicated objects in a single destination bucket or multiple destination buckets. The destination bucket or buckets must already exist.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-replicationconfiguration

property tags

readonly tags: cdk.TagManager;

• An arbitrary set of tags (key-value pairs) for this S3 bucket.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-tags

property versioningConfiguration

versioningConfiguration: any;

• Enables multiple versions of all objects in this bucket. You might enable versioning to prevent objects from being deleted or overwritten by mistake or to archive objects so that you can retrieve previous versions of them.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-versioning

property websiteConfiguration

websiteConfiguration: any;

• Information used to configure the bucket as a static website. For more information, see [Hosting Websites on Amazon S3](https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html) .

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-websiteconfiguration

method inspect

inspect: (inspector: cdk.TreeInspector) => void;

• Examines the CloudFormation resource and discloses attributes.

  Parameter inspector

  tree inspector to collect and process attributes

method renderProperties

protected renderProperties: (props: { [key: string]: any }) => {
    [key: string]: any;
};

constructor

constructor(scope: cdk.Construct, id: string, props: CfnBucketPolicyProps);

• Create a new AWS::S3::BucketPolicy.

  Parameter scope

  scope in which this resource is defined

  Parameter id

  scoped id of the resource

  Parameter props

  resource properties

property bucket

bucket: string;

• The name of the Amazon S3 bucket to which the policy applies.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-policy.html#aws-properties-s3-policy-bucket

property CFN_RESOURCE_TYPE_NAME

static readonly CFN_RESOURCE_TYPE_NAME: string;

• The CloudFormation resource type name for this resource class.

property cfnProperties

readonly cfnProperties: { [key: string]: any };

property policyDocument

policyDocument: any;

• A policy document containing permissions to add to the specified bucket. In IAM, you must provide policy documents in JSON format. However, in CloudFormation you can provide the policy in JSON or YAML format because CloudFormation converts YAML to JSON before submitting it to IAM. For more information, see the AWS::IAM::Policy [PolicyDocument](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html#cfn-iam-policy-policydocument) resource description in this guide and [Access Policy Language Overview](https://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html) in the *Amazon S3 User Guide* .

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-policy.html#aws-properties-s3-policy-policydocument

method inspect

inspect: (inspector: cdk.TreeInspector) => void;

• Examines the CloudFormation resource and discloses attributes.

  Parameter inspector

  tree inspector to collect and process attributes

method renderProperties

protected renderProperties: (props: { [key: string]: any }) => {
    [key: string]: any;
};

constructor

constructor(
    scope: cdk.Construct,
    id: string,
    props: CfnMultiRegionAccessPointProps
);

• Create a new AWS::S3::MultiRegionAccessPoint.

  Parameter scope

  scope in which this resource is defined

  Parameter id

  scoped id of the resource

  Parameter props

  resource properties

property attrAlias

readonly attrAlias: string;

• The alias for the Multi-Region Access Point. For more information about the distinction between the name and the alias of an Multi-Region Access Point, see [Managing Multi-Region Access Points](https://docs.aws.amazon.com/AmazonS3/latest/userguide/CreatingMultiRegionAccessPoints.html#multi-region-access-point-naming) in the *Amazon S3 User Guide* . Alias

property attrCreatedAt

readonly attrCreatedAt: string;

• The timestamp of when the Multi-Region Access Point is created. CreatedAt

property CFN_RESOURCE_TYPE_NAME

static readonly CFN_RESOURCE_TYPE_NAME: string;

• The CloudFormation resource type name for this resource class.

property cfnProperties

readonly cfnProperties: { [key: string]: any };

property name

name: string;

• The name of the Multi-Region Access Point.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-multiregionaccesspoint.html#cfn-s3-multiregionaccesspoint-name

property publicAccessBlockConfiguration

publicAccessBlockConfiguration: any;

• The PublicAccessBlock configuration that you want to apply to this Multi-Region Access Point. You can enable the configuration options in any combination. For more information about when Amazon S3 considers an object public, see [The Meaning of "Public"](https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status) in the *Amazon S3 User Guide* .

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-multiregionaccesspoint.html#cfn-s3-multiregionaccesspoint-publicaccessblockconfiguration

property regions

regions: any;

• A collection of the Regions and buckets associated with the Multi-Region Access Point.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-multiregionaccesspoint.html#cfn-s3-multiregionaccesspoint-regions

method inspect

inspect: (inspector: cdk.TreeInspector) => void;

• Examines the CloudFormation resource and discloses attributes.

  Parameter inspector

  tree inspector to collect and process attributes

method renderProperties

protected renderProperties: (props: { [key: string]: any }) => {
    [key: string]: any;
};

constructor

constructor(
    scope: cdk.Construct,
    id: string,
    props: CfnMultiRegionAccessPointPolicyProps
);

• Create a new AWS::S3::MultiRegionAccessPointPolicy.

  Parameter scope

  scope in which this resource is defined

  Parameter id

  scoped id of the resource

  Parameter props

  resource properties

property attrPolicyStatusIsPublic

readonly attrPolicyStatusIsPublic: string;

• PolicyStatus.IsPublic

property CFN_RESOURCE_TYPE_NAME

static readonly CFN_RESOURCE_TYPE_NAME: string;

• The CloudFormation resource type name for this resource class.

property cfnProperties

readonly cfnProperties: { [key: string]: any };

property mrapName

mrapName: string;

• The name of the Multi-Region Access Point.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-multiregionaccesspointpolicy.html#cfn-s3-multiregionaccesspointpolicy-mrapname

property policy

policy: any;

• The access policy associated with the Multi-Region Access Point.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-multiregionaccesspointpolicy.html#cfn-s3-multiregionaccesspointpolicy-policy

method inspect

inspect: (inspector: cdk.TreeInspector) => void;

• Examines the CloudFormation resource and discloses attributes.

  Parameter inspector

  tree inspector to collect and process attributes

method renderProperties

protected renderProperties: (props: { [key: string]: any }) => {
    [key: string]: any;
};

constructor

constructor(scope: cdk.Construct, id: string, props: CfnStorageLensProps);

• Create a new AWS::S3::StorageLens.

  Parameter scope

  scope in which this resource is defined

  Parameter id

  scoped id of the resource

  Parameter props

  resource properties

property attrStorageLensConfigurationStorageLensArn

readonly attrStorageLensConfigurationStorageLensArn: string;

• This property contains the details of the ARN of the S3 Storage Lens configuration. This property is read-only. StorageLensConfiguration.StorageLensArn

property CFN_RESOURCE_TYPE_NAME

static readonly CFN_RESOURCE_TYPE_NAME: string;

• The CloudFormation resource type name for this resource class.

property cfnProperties

readonly cfnProperties: { [key: string]: any };

property storageLensConfiguration

storageLensConfiguration: any;

• This resource contains the details Amazon S3 Storage Lens configuration.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-storagelens.html#cfn-s3-storagelens-storagelensconfiguration

property tags

readonly tags: cdk.TagManager;

• A set of tags (key–value pairs) to associate with the Storage Lens configuration.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-storagelens.html#cfn-s3-storagelens-tags

method inspect

inspect: (inspector: cdk.TreeInspector) => void;

• Examines the CloudFormation resource and discloses attributes.

  Parameter inspector

  tree inspector to collect and process attributes

method renderProperties

protected renderProperties: (props: { [key: string]: any }) => {
    [key: string]: any;
};

property prefixWithKey

readonly prefixWithKey?: string;

property withKey

readonly withKey?: string;

method prefixWith

static prefixWith: (keyReplacement: string) => ReplaceKey;

• The object key prefix to use in the redirect request

method with

static with: (keyReplacement: string) => ReplaceKey;

• The specific object key to use in the redirect request

constructor

constructor(value: string);

property DEEP_ARCHIVE

static readonly DEEP_ARCHIVE: StorageClass;

• Use for archiving data that rarely needs to be accessed. Data stored in the DEEP_ARCHIVE storage class has a minimum storage duration period of 180 days and a default retrieval time of 12 hours. If you delete an object before the 180-day minimum, you are charged for 180 days. For pricing information, see Amazon S3 Pricing.

property GLACIER

static readonly GLACIER: StorageClass;

• Storage class for long-term archival that can take between minutes and hours to access.

  Use for archives where portions of the data might need to be retrieved in minutes. Data stored in the GLACIER storage class has a minimum storage duration period of 90 days and can be accessed in as little as 1-5 minutes using expedited retrieval. If you delete an object before the 90-day minimum, you are charged for 90 days.

property GLACIER_INSTANT_RETRIEVAL

static readonly GLACIER_INSTANT_RETRIEVAL: StorageClass;

• Storage class for long-term archival that can be accessed in a few milliseconds.

  It is ideal for data that is accessed once or twice per quarter, and that requires immediate access. Data stored in the GLACIER_IR storage class has a minimum storage duration period of 90 days and can be accessed in as milliseconds. If you delete an object before the 90-day minimum, you are charged for 90 days.

property INFREQUENT_ACCESS

static readonly INFREQUENT_ACCESS: StorageClass;

• Storage class for data that is accessed less frequently, but requires rapid access when needed.

  Has lower availability than Standard storage.

property INTELLIGENT_TIERING

static readonly INTELLIGENT_TIERING: StorageClass;

• The INTELLIGENT_TIERING storage class is designed to optimize storage costs by automatically moving data to the most cost-effective storage access tier, without performance impact or operational overhead. INTELLIGENT_TIERING delivers automatic cost savings by moving data on a granular object level between two access tiers, a frequent access tier and a lower-cost infrequent access tier, when access patterns change. The INTELLIGENT_TIERING storage class is ideal if you want to optimize storage costs automatically for long-lived data when access patterns are unknown or unpredictable.

property ONE_ZONE_INFREQUENT_ACCESS

static readonly ONE_ZONE_INFREQUENT_ACCESS: StorageClass;

• Infrequent Access that's only stored in one availability zone.

  Has lower availability than standard InfrequentAccess.

property value

readonly value: string;

method toString

toString: () => string;

property blockPublicAcls

readonly blockPublicAcls?: boolean;

• Whether to block public ACLs

  See Also

  • https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-options

property blockPublicPolicy

readonly blockPublicPolicy?: boolean;

• Whether to block public policy

  See Also

  • https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-options

property ignorePublicAcls

readonly ignorePublicAcls?: boolean;

• Whether to ignore public ACLs

  See Also

  • https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-options

property restrictPublicBuckets

readonly restrictPublicBuckets?: boolean;

• Whether to restrict public access

  See Also

  • https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-options

property account

readonly account?: string;

• The account this existing bucket belongs to.

  - it's assumed the bucket belongs to the same account as the scope it's being imported into

property bucketArn

readonly bucketArn?: string;

• The ARN of the bucket. At least one of bucketArn or bucketName must be defined in order to initialize a bucket ref.

property bucketDomainName

readonly bucketDomainName?: string;

• The domain name of the bucket.

  Inferred from bucket name

property bucketDualStackDomainName

readonly bucketDualStackDomainName?: string;

• The IPv6 DNS name of the specified bucket.

property bucketName

readonly bucketName?: string;

• The name of the bucket. If the underlying value of ARN is a string, the name will be parsed from the ARN. Otherwise, the name is optional, but some features that require the bucket name such as auto-creating a bucket policy, won't work.

property bucketRegionalDomainName

readonly bucketRegionalDomainName?: string;

• The regional domain name of the specified bucket.

property bucketWebsiteNewUrlFormat

readonly bucketWebsiteNewUrlFormat?: boolean;

• The format of the website URL of the bucket. This should be true for regions launched since 2014.

  false

property bucketWebsiteUrl

readonly bucketWebsiteUrl?: string;

• The website URL of the bucket (if static web hosting is enabled).

  Inferred from bucket name

property encryptionKey

readonly encryptionKey?: kms.IKey;

property isWebsite

readonly isWebsite?: boolean;

• If this bucket has been configured for static website hosting.

  false

property notificationsHandlerRole

readonly notificationsHandlerRole?: iam.IRole;

• The role to be used by the notifications handler

  - a new role will be created.

property region

readonly region?: string;

• The region this existing bucket is in.

  - it's assumed the bucket is in the same region as the scope it's being imported into

property id

readonly id: string;

• The ID used to identify the metrics configuration.

property prefix

readonly prefix?: string;

• The prefix that an object must have to be included in the metrics results.

property tagFilters

readonly tagFilters?: {
    [tag: string]: any;
};

• Specifies a list of tag filters to use as a metrics configuration filter. The metrics configuration includes only objects that meet the filter's criteria.

property arn

readonly arn: string;

• The ARN of the destination (i.e. Lambda, SNS, SQS).

property dependencies

readonly dependencies?: cdk.IDependable[];

• Any additional dependencies that should be resolved before the bucket notification can be configured (for example, the SNS Topic Policy resource).

property type

readonly type: BucketNotificationDestinationType;

• The notification type.

property bucket

readonly bucket: IBucket;

• The Amazon S3 bucket that the policy applies to.

property removalPolicy

readonly removalPolicy?: RemovalPolicy;

• Policy to apply when the policy is removed from this stack.

  - RemovalPolicy.DESTROY.

property accessControl

readonly accessControl?: BucketAccessControl;

• Specifies a canned ACL that grants predefined permissions to the bucket.

  BucketAccessControl.PRIVATE

property autoDeleteObjects

readonly autoDeleteObjects?: boolean;

• Whether all objects should be automatically deleted when the bucket is removed from the stack or when the stack is deleted.

  Requires the removalPolicy to be set to RemovalPolicy.DESTROY.

  **Warning** if you have deployed a bucket with autoDeleteObjects: true, switching this to false in a CDK version *before* 1.126.0 will lead to all objects in the bucket being deleted. Be sure to update your bucket resources by deploying with CDK version 1.126.0 or later **before** switching this value to false.

  false

property blockPublicAccess

readonly blockPublicAccess?: BlockPublicAccess;

• The block public access configuration of this bucket.

  See Also

  • https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html

    - CloudFormation defaults will apply. New buckets and objects don't allow public access, but users can modify bucket policies or object permissions to allow public access

property bucketKeyEnabled

readonly bucketKeyEnabled?: boolean;

• Specifies whether Amazon S3 should use an S3 Bucket Key with server-side encryption using KMS (SSE-KMS) for new objects in the bucket.

  Only relevant, when Encryption is set to BucketEncryption.KMS

  - false

property bucketName

readonly bucketName?: string;

• Physical name of this bucket.

  - Assigned by CloudFormation (recommended).

property cors

readonly cors?: CorsRule[];

• The CORS configuration of this bucket.

  See Also

  • https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-cors.html

    - No CORS configuration.

property encryption

readonly encryption?: BucketEncryption;

• The kind of server-side encryption to apply to this bucket.

  If you choose KMS, you can specify a KMS key via encryptionKey. If encryption key is not specified, a key will automatically be created.

  - Kms if encryptionKey is specified, or Unencrypted otherwise.

property encryptionKey

readonly encryptionKey?: kms.IKey;

• External KMS key to use for bucket encryption.

  The 'encryption' property must be either not specified or set to "Kms". An error will be emitted if encryption is set to "Unencrypted" or "Managed".

  - If encryption is set to "Kms" and this property is undefined, a new KMS key will be created and associated with this bucket.

property enforceSSL

readonly enforceSSL?: boolean;

• Enforces SSL for requests. S3.5 of the AWS Foundational Security Best Practices Regarding S3.

  See Also

  • https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-ssl-requests-only.html

    false

property eventBridgeEnabled

readonly eventBridgeEnabled?: boolean;

• Whether this bucket should send notifications to Amazon EventBridge or not.

  false

property intelligentTieringConfigurations

readonly intelligentTieringConfigurations?: IntelligentTieringConfiguration[];

• Inteligent Tiering Configurations

  See Also

  • https://docs.aws.amazon.com/AmazonS3/latest/userguide/intelligent-tiering.html

    No Intelligent Tiiering Configurations.

property inventories

readonly inventories?: Inventory[];

• The inventory configuration of the bucket.

  See Also

  • https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-inventory.html

    - No inventory configuration

property lifecycleRules

readonly lifecycleRules?: LifecycleRule[];

• Rules that define how Amazon S3 manages objects during their lifetime.

  - No lifecycle rules.

property metrics

readonly metrics?: BucketMetrics[];

• The metrics configuration of this bucket.

  See Also

  • https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-metricsconfiguration.html

    - No metrics configuration.

property notificationsHandlerRole

readonly notificationsHandlerRole?: iam.IRole;

• The role to be used by the notifications handler

  - a new role will be created.

property objectOwnership

readonly objectOwnership?: ObjectOwnership;

• The objectOwnership of the bucket.

  See Also

  • https://docs.aws.amazon.com/AmazonS3/latest/dev/about-object-ownership.html

    - No ObjectOwnership configuration, uploading account will own the object.

property publicReadAccess

readonly publicReadAccess?: boolean;

• Grants public read access to all objects in the bucket. Similar to calling bucket.grantPublicAccess()

  false

property removalPolicy

readonly removalPolicy?: RemovalPolicy;

• Policy to apply when the bucket is removed from this stack.

  - The bucket will be orphaned.

property serverAccessLogsBucket

readonly serverAccessLogsBucket?: IBucket;

• Destination bucket for the server access logs. - If "serverAccessLogsPrefix" undefined - access logs disabled, otherwise - log to current bucket.

property serverAccessLogsPrefix

readonly serverAccessLogsPrefix?: string;

• Optional log file prefix to use for the bucket's access logs. If defined without "serverAccessLogsBucket", enables access logs to current bucket with this prefix. - No log file prefix

property transferAcceleration

readonly transferAcceleration?: boolean;

• Whether this bucket should have transfer acceleration turned on or not.

  false

property versioned

readonly versioned?: boolean;

• Whether this bucket should have versioning turned on or not.

  false

property websiteErrorDocument

readonly websiteErrorDocument?: string;

• The name of the error document (e.g. "404.html") for the website. websiteIndexDocument must also be set if this is set.

  - No error document.

property websiteIndexDocument

readonly websiteIndexDocument?: string;

• The name of the index document (e.g. "index.html") for the website. Enables static website hosting for this bucket.

  - No index document.

property websiteRedirect

readonly websiteRedirect?: RedirectTarget;

• Specifies the redirect behavior of all requests to a website endpoint of a bucket.

  If you specify this property, you can't specify "websiteIndexDocument", "websiteErrorDocument" nor , "websiteRoutingRules".

  - No redirection.

property websiteRoutingRules

readonly websiteRoutingRules?: RoutingRule[];

• Rules that define when a redirect is applied and the redirect behavior

  - No redirection rules.

property bucket