software.amazon.awscdk.services.s3

Interface IBucket.Jsii$Default

All Superinterfaces:

IBucket, software.constructs.IConstruct, software.constructs.IConstruct.Jsii$Default, software.constructs.IDependable, software.constructs.IDependable.Jsii$Default, IResource, IResource.Jsii$Default, software.amazon.jsii.JsiiSerializable

All Known Implementing Classes:

IBucket.Jsii$Proxy

Enclosing interface:

IBucket

@Internal
public static interface IBucket.Jsii$Default
extends IBucket, IResource.Jsii$Default

Internal default implementation for IBucket.

Nested Class Summary

Nested classes/interfaces inherited from interface software.amazon.awscdk.services.s3.IBucket

IBucket.Jsii$Default, IBucket.Jsii$Proxy

Method Summary

Modifier and Type	Method and Description
default AddToResourcePolicyResult	addToResourcePolicy(PolicyStatement permission) (experimental) Adds a statement to the resource policy for a principal (i.e.
default String	arnForObjects(String keyPattern) (experimental) Returns an ARN that represents all objects within the bucket that match the key pattern specified.
default String	getBucketArn() (experimental) The ARN of the bucket.
default String	getBucketDomainName() (experimental) The IPv4 DNS name of the specified bucket.
default String	getBucketDualStackDomainName() (experimental) The IPv6 DNS name of the specified bucket.
default String	getBucketName() (experimental) The name of the bucket.
default String	getBucketRegionalDomainName() (experimental) The regional domain name of the specified bucket.
default String	getBucketWebsiteDomainName() (experimental) The Domain name of the static website.
default String	getBucketWebsiteUrl() (experimental) The URL of the static website.
default IKey	getEncryptionKey() (experimental) Optional KMS encryption key associated with this bucket.
default ResourceEnvironment	getEnv() (experimental) The environment this resource belongs to.
default Boolean	getIsWebsite() (experimental) If this bucket has been configured for static website hosting.
default software.constructs.Node	getNode() The tree node.
default BucketPolicy	getPolicy() (experimental) The resource policy associated with this bucket.
default Stack	getStack() (experimental) The stack in which this resource is defined.
default Grant	grantDelete(IGrantable identity, Object objectsKeyPattern) (experimental) Grants s3:DeleteObject* permission to an IAM principal for objects in this bucket.
default Grant	grantPublicAccess(String keyPrefix, String... allowedActions) (experimental) Allows unrestricted access to objects from this bucket.
default Grant	grantPut(IGrantable identity, Object objectsKeyPattern) (experimental) Grants s3:PutObject* and s3:Abort* permissions for this bucket to an IAM principal.
default Grant	grantPutAcl(IGrantable identity, String objectsKeyPattern) (experimental) Grant the given IAM identity permissions to modify the ACLs of objects in the given Bucket.
default Grant	grantRead(IGrantable identity, Object objectsKeyPattern) (experimental) Grant read permissions for this bucket and it's contents to an IAM principal (Role/Group/User).
default Grant	grantReadWrite(IGrantable identity, Object objectsKeyPattern) (experimental) Grants read/write permissions for this bucket and it's contents to an IAM principal (Role/Group/User).
default Grant	grantWrite(IGrantable identity, Object objectsKeyPattern) (experimental) Grant write permissions to this bucket to an IAM principal.
default Rule	onCloudTrailEvent(String id, OnCloudTrailBucketEventOptions options) (experimental) Defines a CloudWatch event that triggers when something happens to this bucket.
default Rule	onCloudTrailPutObject(String id, OnCloudTrailBucketEventOptions options) (experimental) Defines an AWS CloudWatch event that triggers when an object is uploaded to the specified paths (keys) in this bucket using the PutObject API call.
default Rule	onCloudTrailWriteObject(String id, OnCloudTrailBucketEventOptions options) (experimental) Defines an AWS CloudWatch event that triggers when an object at the specified paths (keys) in this bucket are written to.
default String	s3UrlForObject(String key) (experimental) The S3 URL of an S3 object.
default void	setPolicy(BucketPolicy value) (experimental) The resource policy associated with this bucket.
default String	urlForObject(String key) (experimental) The https URL of an S3 object.
default String	virtualHostedUrlForObject(String key, VirtualHostedStyleUrlOptions options) (experimental) The virtual hosted-style URL of an S3 object.

Methods inherited from interface software.amazon.awscdk.services.s3.IBucket

grantDelete, grantPut, grantPutAcl, grantRead, grantReadWrite, grantWrite, onCloudTrailEvent, onCloudTrailPutObject, onCloudTrailWriteObject, s3UrlForObject, urlForObject, virtualHostedUrlForObject, virtualHostedUrlForObject

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Method Detail

getNode

@Stability(value=Stable)
 @NotNull
default software.constructs.Node getNode()

The tree node.

Specified by:

getNode in interface software.constructs.IConstruct

Specified by:

getNode in interface software.constructs.IConstruct.Jsii$Default

Specified by:

getNode in interface IResource.Jsii$Default

getEnv

@Stability(value=Experimental)
 @NotNull
default ResourceEnvironment getEnv()

(experimental) The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

Specified by:

getEnv in interface IResource

Specified by:

getEnv in interface IResource.Jsii$Default

getStack

@Stability(value=Experimental)
 @NotNull
default Stack getStack()

(experimental) The stack in which this resource is defined.

Specified by:

getStack in interface IResource

Specified by:

getStack in interface IResource.Jsii$Default

getBucketArn

@Stability(value=Experimental)
 @NotNull
default String getBucketArn()

(experimental) The ARN of the bucket.

Specified by:

getBucketArn in interface IBucket

getBucketDomainName

@Stability(value=Experimental)
 @NotNull
default String getBucketDomainName()

(experimental) The IPv4 DNS name of the specified bucket.

Specified by:

getBucketDomainName in interface IBucket

getBucketDualStackDomainName

@Stability(value=Experimental)
 @NotNull
default String getBucketDualStackDomainName()

(experimental) The IPv6 DNS name of the specified bucket.

Specified by:

getBucketDualStackDomainName in interface IBucket

getBucketName

@Stability(value=Experimental)
 @NotNull
default String getBucketName()

(experimental) The name of the bucket.

Specified by:

getBucketName in interface IBucket

getBucketRegionalDomainName

@Stability(value=Experimental)
 @NotNull
default String getBucketRegionalDomainName()

(experimental) The regional domain name of the specified bucket.

Specified by:

getBucketRegionalDomainName in interface IBucket

getBucketWebsiteDomainName

@Stability(value=Experimental)
 @NotNull
default String getBucketWebsiteDomainName()

(experimental) The Domain name of the static website.

Specified by:

getBucketWebsiteDomainName in interface IBucket

getBucketWebsiteUrl

@Stability(value=Experimental)
 @NotNull
default String getBucketWebsiteUrl()

(experimental) The URL of the static website.

Specified by:

getBucketWebsiteUrl in interface IBucket

getEncryptionKey

@Stability(value=Experimental)
 @Nullable
default IKey getEncryptionKey()

(experimental) Optional KMS encryption key associated with this bucket.

Specified by:

getEncryptionKey in interface IBucket

getIsWebsite

@Stability(value=Experimental)
 @Nullable
default Boolean getIsWebsite()

(experimental) If this bucket has been configured for static website hosting.

Specified by:

getIsWebsite in interface IBucket

getPolicy

@Stability(value=Experimental)
 @Nullable
default BucketPolicy getPolicy()

(experimental) The resource policy associated with this bucket.

If autoCreatePolicy is true, a BucketPolicy will be created upon the first call to addToResourcePolicy(s).

Specified by:

getPolicy in interface IBucket

setPolicy

@Stability(value=Experimental)
default void setPolicy(@Nullable
                                                      BucketPolicy value)

(experimental) The resource policy associated with this bucket.

If autoCreatePolicy is true, a BucketPolicy will be created upon the first call to addToResourcePolicy(s).

Specified by:

setPolicy in interface IBucket

addToResourcePolicy

@Stability(value=Experimental)
 @NotNull
default AddToResourcePolicyResult addToResourcePolicy(@NotNull
                                                                                               PolicyStatement permission)

(experimental) Adds a statement to the resource policy for a principal (i.e. account/role/service) to perform actions on this bucket and/or it's contents. Use `bucketArn` and `arnForObjects(keys)` to obtain ARNs for this bucket or objects.

Specified by:

addToResourcePolicy in interface IBucket

Parameters:

permission - This parameter is required.

arnForObjects

@Stability(value=Experimental)
 @NotNull
default String arnForObjects(@NotNull
                                                                      String keyPattern)

(experimental) Returns an ARN that represents all objects within the bucket that match the key pattern specified.

To represent all keys, specify "*".

Specified by:

arnForObjects in interface IBucket

Parameters:

keyPattern - This parameter is required.

grantDelete

@Stability(value=Experimental)
 @NotNull
default Grant grantDelete(@NotNull
                                                                   IGrantable identity,
                                                                   @Nullable
                                                                   Object objectsKeyPattern)

(experimental) Grants s3:DeleteObject* permission to an IAM principal for objects in this bucket.

Specified by:

grantDelete in interface IBucket

Parameters:

identity - The principal. This parameter is required.

objectsKeyPattern - Restrict the permission to a certain key pattern (default '*').

grantPublicAccess

@Stability(value=Experimental)
 @NotNull
default Grant grantPublicAccess(@Nullable
                                                                         String keyPrefix,
                                                                         @NotNull
                                                                         String... allowedActions)

(experimental) Allows unrestricted access to objects from this bucket.

IMPORTANT: This permission allows anyone to perform actions on S3 objects in this bucket, which is useful for when you configure your bucket as a website and want everyone to be able to read objects in the bucket without needing to authenticate.

Without arguments, this method will grant read ("s3:GetObject") access to all objects ("*") in the bucket.

The method returns the iam.Grant object, which can then be modified as needed. For example, you can add a condition that will restrict access only to an IPv4 range like this:

  const grant = bucket.grantPublicAccess();
  grant.resourceStatement!.addCondition(‘IpAddress’, { “aws:SourceIp”: “54.240.143.0/24” });
 

Specified by:

grantPublicAccess in interface IBucket

Parameters:

keyPrefix - the prefix of S3 object keys (e.g. `home/*`). Default is "*".

allowedActions - the set of S3 actions to allow. This parameter is required.

Returns:

The `iam.PolicyStatement` object, which can be used to apply e.g. conditions.

grantPut

@Stability(value=Experimental)
 @NotNull
default Grant grantPut(@NotNull
                                                                IGrantable identity,
                                                                @Nullable
                                                                Object objectsKeyPattern)

(experimental) Grants s3:PutObject* and s3:Abort* permissions for this bucket to an IAM principal.

If encryption is used, permission to use the key to encrypt the contents of written files will also be granted to the same principal.

Specified by:

grantPut in interface IBucket

Parameters:

identity - The principal. This parameter is required.

objectsKeyPattern - Restrict the permission to a certain key pattern (default '*').

grantPutAcl

@Stability(value=Experimental)
 @NotNull
default Grant grantPutAcl(@NotNull
                                                                   IGrantable identity,
                                                                   @Nullable
                                                                   String objectsKeyPattern)

(experimental) Grant the given IAM identity permissions to modify the ACLs of objects in the given Bucket.

If your application has the '@aws-cdk/aws-s3:grantWriteWithoutAcl' feature flag set, calling {@link grantWrite} or {@link grantReadWrite} no longer grants permissions to modify the ACLs of the objects; in this case, if you need to modify object ACLs, call this method explicitly.

Specified by:

grantPutAcl in interface IBucket

Parameters:

identity - The principal. This parameter is required.

objectsKeyPattern - Restrict the permission to a certain key pattern (default '*').

grantRead

@Stability(value=Experimental)
 @NotNull
default Grant grantRead(@NotNull
                                                                 IGrantable identity,
                                                                 @Nullable
                                                                 Object objectsKeyPattern)

(experimental) Grant read permissions for this bucket and it's contents to an IAM principal (Role/Group/User).

If encryption is used, permission to use the key to decrypt the contents of the bucket will also be granted to the same principal.

Specified by:

grantRead in interface IBucket

Parameters:

identity - The principal. This parameter is required.

objectsKeyPattern - Restrict the permission to a certain key pattern (default '*').

grantReadWrite

@Stability(value=Experimental)
 @NotNull
default Grant grantReadWrite(@NotNull
                                                                      IGrantable identity,
                                                                      @Nullable
                                                                      Object objectsKeyPattern)

(experimental) Grants read/write permissions for this bucket and it's contents to an IAM principal (Role/Group/User).

If an encryption key is used, permission to use the key for encrypt/decrypt will also be granted.

Before CDK version 1.85.0, this method granted the s3:PutObject* permission that included s3:PutObjectAcl, which could be used to grant read/write object access to IAM principals in other accounts. If you want to get rid of that behavior, update your CDK version to 1.85.0 or later, and make sure the @aws-cdk/aws-s3:grantWriteWithoutAcl feature flag is set to true in the context key of your cdk.json file. If you've already updated, but still need the principal to have permissions to modify the ACLs, use the {@link grantPutAcl} method.

Specified by:

grantReadWrite in interface IBucket

Parameters:

identity - The principal. This parameter is required.

objectsKeyPattern - Restrict the permission to a certain key pattern (default '*').

grantWrite

@Stability(value=Experimental)
 @NotNull
default Grant grantWrite(@NotNull
                                                                  IGrantable identity,
                                                                  @Nullable
                                                                  Object objectsKeyPattern)

(experimental) Grant write permissions to this bucket to an IAM principal.

If encryption is used, permission to use the key to encrypt the contents of written files will also be granted to the same principal.

Before CDK version 1.85.0, this method granted the s3:PutObject* permission that included s3:PutObjectAcl, which could be used to grant read/write object access to IAM principals in other accounts. If you want to get rid of that behavior, update your CDK version to 1.85.0 or later, and make sure the @aws-cdk/aws-s3:grantWriteWithoutAcl feature flag is set to true in the context key of your cdk.json file. If you've already updated, but still need the principal to have permissions to modify the ACLs, use the {@link grantPutAcl} method.

Specified by:

grantWrite in interface IBucket

Parameters:

identity - The principal. This parameter is required.

objectsKeyPattern - Restrict the permission to a certain key pattern (default '*').

onCloudTrailEvent

@Stability(value=Experimental)
 @NotNull
default Rule onCloudTrailEvent(@NotNull
                                                                        String id,
                                                                        @Nullable
                                                                        OnCloudTrailBucketEventOptions options)

(experimental) Defines a CloudWatch event that triggers when something happens to this bucket.

Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail.

Specified by:

onCloudTrailEvent in interface IBucket

Parameters:

id - The id of the rule. This parameter is required.

options - Options for adding the rule.

onCloudTrailPutObject

@Stability(value=Experimental)
 @NotNull
default Rule onCloudTrailPutObject(@NotNull
                                                                            String id,
                                                                            @Nullable
                                                                            OnCloudTrailBucketEventOptions options)

(experimental) Defines an AWS CloudWatch event that triggers when an object is uploaded to the specified paths (keys) in this bucket using the PutObject API call.

Note that some tools like aws s3 cp will automatically use either PutObject or the multipart upload API depending on the file size, so using onCloudTrailWriteObject may be preferable.

Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail.

Specified by:

onCloudTrailPutObject in interface IBucket

Parameters:

id - The id of the rule. This parameter is required.

options - Options for adding the rule.

onCloudTrailWriteObject

@Stability(value=Experimental)
 @NotNull
default Rule onCloudTrailWriteObject(@NotNull
                                                                              String id,
                                                                              @Nullable
                                                                              OnCloudTrailBucketEventOptions options)

(experimental) Defines an AWS CloudWatch event that triggers when an object at the specified paths (keys) in this bucket are written to.

This includes the events PutObject, CopyObject, and CompleteMultipartUpload.

Note that some tools like aws s3 cp will automatically use either PutObject or the multipart upload API depending on the file size, so using this method may be preferable to onCloudTrailPutObject.

Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail.

Specified by:

onCloudTrailWriteObject in interface IBucket

Parameters:

id - The id of the rule. This parameter is required.

options - Options for adding the rule.

s3UrlForObject

@Stability(value=Experimental)
 @NotNull
default String s3UrlForObject(@Nullable
                                                                       String key)

(experimental) The S3 URL of an S3 object.

For example:

Example:

 // Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
 s3:

Specified by:

s3UrlForObject in interface IBucket

Parameters:

key - The S3 key of the object.

Returns:

an ObjectS3Url token

urlForObject

@Stability(value=Experimental)
 @NotNull
default String urlForObject(@Nullable
                                                                     String key)

(experimental) The https URL of an S3 object.

For example:

Example:

 // Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
 https:

Specified by:

urlForObject in interface IBucket

Parameters:

key - The S3 key of the object.

Returns:

an ObjectS3Url token

virtualHostedUrlForObject

@Stability(value=Experimental)
 @NotNull
default String virtualHostedUrlForObject(@Nullable
                                                                                  String key,
                                                                                  @Nullable
                                                                                  VirtualHostedStyleUrlOptions options)

(experimental) The virtual hosted-style URL of an S3 object.

Specify regional: false at the options for non-regional URL. For example:

Example:

 // Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
 https:

Specified by:

virtualHostedUrlForObject in interface IBucket

Parameters:

key - The S3 key of the object.

options - Options for generating URL.

Returns:

an ObjectS3Url token