software.amazon.awscdk.services.s3

Class Bucket

java.lang.Object

software.amazon.jsii.JsiiObject

software.constructs.Construct

software.amazon.awscdk.core.Construct

software.amazon.awscdk.core.Resource

software.amazon.awscdk.services.s3.Bucket

All Implemented Interfaces:

IDependable, IResource, IBucket, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct

@Generated(value="jsii-pacmak/1.24.0 (build b722f66)",
           date="2021-03-17T00:03:59.924Z")
 @Stability(value=Stable)
public class Bucket
extends Resource
implements IBucket

An S3 bucket with associated policy objects.

This bucket does not yet have all features that exposed by the underlying BucketResource.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	Bucket.Builder A fluent builder for Bucket.

Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject

software.amazon.jsii.JsiiObject.InitializationMode

Nested classes/interfaces inherited from interface software.amazon.awscdk.services.s3.IBucket

IBucket.Jsii$Default, IBucket.Jsii$Proxy

Constructor Summary

Constructors

Modifier	Constructor and Description
	Bucket(software.constructs.Construct scope, String id)
	Bucket(software.constructs.Construct scope, String id, BucketProps props)
protected	Bucket(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
protected	Bucket(software.amazon.jsii.JsiiObjectRef objRef)

Method Summary

Modifier and Type	Method and Description
void	addCorsRule(CorsRule rule) Adds a cross-origin access configuration for objects in an Amazon S3 bucket.
void	addEventNotification(EventType event, IBucketNotificationDestination dest, NotificationKeyFilter... filters) Adds a bucket notification event destination.
void	addInventory(Inventory inventory) Add an inventory configuration.
void	addLifecycleRule(LifecycleRule rule) Add a lifecycle rule to the bucket.
void	addMetric(BucketMetrics metric) Adds a metrics configuration for the CloudWatch request metrics from the bucket.
void	addObjectCreatedNotification(IBucketNotificationDestination dest, NotificationKeyFilter... filters) Subscribes a destination to receive notifications when an object is created in the bucket.
void	addObjectRemovedNotification(IBucketNotificationDestination dest, NotificationKeyFilter... filters) Subscribes a destination to receive notifications when an object is removed from the bucket.
AddToResourcePolicyResult	addToResourcePolicy(PolicyStatement permission) Adds a statement to the resource policy for a principal (i.e.
String	arnForObjects(String keyPattern) Returns an ARN that represents all objects within the bucket that match the key pattern specified.
static IBucket	fromBucketArn(software.constructs.Construct scope, String id, String bucketArn)
static IBucket	fromBucketAttributes(software.constructs.Construct scope, String id, BucketAttributes attrs) Creates a Bucket construct that represents an external bucket.
static IBucket	fromBucketName(software.constructs.Construct scope, String id, String bucketName)
protected Boolean	getAutoCreatePolicy() Indicates if a bucket resource policy should automatically created upon the first call to `addToResourcePolicy`.
String	getBucketArn() The ARN of the bucket.
String	getBucketDomainName() The IPv4 DNS name of the specified bucket.
String	getBucketDualStackDomainName() The IPv6 DNS name of the specified bucket.
String	getBucketName() The name of the bucket.
String	getBucketRegionalDomainName() The regional domain name of the specified bucket.
String	getBucketWebsiteDomainName() The Domain name of the static website.
String	getBucketWebsiteUrl() The URL of the static website.
protected Boolean	getDisallowPublicAccess() Whether to disallow public access.
IKey	getEncryptionKey() Optional KMS encryption key associated with this bucket.
Boolean	getIsWebsite() If this bucket has been configured for static website hosting.
BucketPolicy	getPolicy() The resource policy associated with this bucket.
Grant	grantDelete(IGrantable identity) Grants s3:DeleteObject* permission to an IAM principal for objects in this bucket.
Grant	grantDelete(IGrantable identity, Object objectsKeyPattern) Grants s3:DeleteObject* permission to an IAM principal for objects in this bucket.
Grant	grantPublicAccess(String keyPrefix, String... allowedActions) Allows unrestricted access to objects from this bucket.
Grant	grantPut(IGrantable identity) Grants s3:PutObject* and s3:Abort* permissions for this bucket to an IAM principal.
Grant	grantPut(IGrantable identity, Object objectsKeyPattern) Grants s3:PutObject* and s3:Abort* permissions for this bucket to an IAM principal.
Grant	grantPutAcl(IGrantable identity) Grant the given IAM identity permissions to modify the ACLs of objects in the given Bucket.
Grant	grantPutAcl(IGrantable identity, String objectsKeyPattern) Grant the given IAM identity permissions to modify the ACLs of objects in the given Bucket.
Grant	grantRead(IGrantable identity) Grant read permissions for this bucket and it's contents to an IAM principal (Role/Group/User).
Grant	grantRead(IGrantable identity, Object objectsKeyPattern) Grant read permissions for this bucket and it's contents to an IAM principal (Role/Group/User).
Grant	grantReadWrite(IGrantable identity) Grants read/write permissions for this bucket and it's contents to an IAM principal (Role/Group/User).
Grant	grantReadWrite(IGrantable identity, Object objectsKeyPattern) Grants read/write permissions for this bucket and it's contents to an IAM principal (Role/Group/User).
Grant	grantWrite(IGrantable identity) Grant write permissions to this bucket to an IAM principal.
Grant	grantWrite(IGrantable identity, Object objectsKeyPattern) Grant write permissions to this bucket to an IAM principal.
Rule	onCloudTrailEvent(String id) Define a CloudWatch event that triggers when something happens to this repository.
Rule	onCloudTrailEvent(String id, OnCloudTrailBucketEventOptions options) Define a CloudWatch event that triggers when something happens to this repository.
Rule	onCloudTrailPutObject(String id) Defines an AWS CloudWatch event that triggers when an object is uploaded to the specified paths (keys) in this bucket using the PutObject API call.
Rule	onCloudTrailPutObject(String id, OnCloudTrailBucketEventOptions options) Defines an AWS CloudWatch event that triggers when an object is uploaded to the specified paths (keys) in this bucket using the PutObject API call.
Rule	onCloudTrailWriteObject(String id) Defines an AWS CloudWatch event that triggers when an object at the specified paths (keys) in this bucket are written to.
Rule	onCloudTrailWriteObject(String id, OnCloudTrailBucketEventOptions options) Defines an AWS CloudWatch event that triggers when an object at the specified paths (keys) in this bucket are written to.
String	s3UrlForObject() The S3 URL of an S3 object.
String	s3UrlForObject(String key) The S3 URL of an S3 object.
protected void	setAutoCreatePolicy(Boolean value) Indicates if a bucket resource policy should automatically created upon the first call to `addToResourcePolicy`.
protected void	setDisallowPublicAccess(Boolean value) Whether to disallow public access.
void	setPolicy(BucketPolicy value) The resource policy associated with this bucket.
String	urlForObject() The https URL of an S3 object.
String	urlForObject(String key) The https URL of an S3 object.
protected List<String>	validate() Validate the current construct.
String	virtualHostedUrlForObject() The virtual hosted-style URL of an S3 object.
String	virtualHostedUrlForObject(String key) The virtual hosted-style URL of an S3 object.
String	virtualHostedUrlForObject(String key, VirtualHostedStyleUrlOptions options) The virtual hosted-style URL of an S3 object.

Methods inherited from class software.amazon.awscdk.core.Resource

applyRemovalPolicy, generatePhysicalName, getEnv, getPhysicalName, getResourceArnAttribute, getResourceNameAttribute, getStack, isResource

Methods inherited from class software.amazon.awscdk.core.Construct

getNode, isConstruct, onPrepare, onSynthesize, onValidate, prepare, synthesize

Methods inherited from class software.constructs.Construct

toString

Methods inherited from class software.amazon.jsii.JsiiObject

jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface software.amazon.awscdk.core.IResource

getEnv, getStack

Methods inherited from interface software.amazon.awscdk.core.IConstruct

getNode

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Constructor Detail

Bucket

protected Bucket(software.amazon.jsii.JsiiObjectRef objRef)

Bucket

protected Bucket(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

Bucket

@Stability(value=Stable)
public Bucket(@NotNull
                                       software.constructs.Construct scope,
                                       @NotNull
                                       String id,
                                       @Nullable
                                       BucketProps props)

Parameters:

scope - This parameter is required.

id - This parameter is required.

props -

Bucket

@Stability(value=Stable)
public Bucket(@NotNull
                                       software.constructs.Construct scope,
                                       @NotNull
                                       String id)

Parameters:

scope - This parameter is required.

id - This parameter is required.

Method Detail

fromBucketArn

@Stability(value=Stable)
 @NotNull
public static IBucket fromBucketArn(@NotNull
                                                                       software.constructs.Construct scope,
                                                                       @NotNull
                                                                       String id,
                                                                       @NotNull
                                                                       String bucketArn)

Parameters:

scope - This parameter is required.

id - This parameter is required.

bucketArn - This parameter is required.

fromBucketAttributes

@Stability(value=Stable)
 @NotNull
public static IBucket fromBucketAttributes(@NotNull
                                                                              software.constructs.Construct scope,
                                                                              @NotNull
                                                                              String id,
                                                                              @NotNull
                                                                              BucketAttributes attrs)

Creates a Bucket construct that represents an external bucket.

Parameters:

scope - The parent creating construct (usually `this`). This parameter is required.

id - The construct's name. This parameter is required.

attrs - A `BucketAttributes` object. This parameter is required.

fromBucketName

@Stability(value=Stable)
 @NotNull
public static IBucket fromBucketName(@NotNull
                                                                        software.constructs.Construct scope,
                                                                        @NotNull
                                                                        String id,
                                                                        @NotNull
                                                                        String bucketName)

Parameters:

scope - This parameter is required.

id - This parameter is required.

bucketName - This parameter is required.

addCorsRule

@Stability(value=Stable)
public void addCorsRule(@NotNull
                                                 CorsRule rule)

Adds a cross-origin access configuration for objects in an Amazon S3 bucket.

Parameters:

rule - The CORS configuration rule to add. This parameter is required.

addEventNotification

@Stability(value=Stable)
public void addEventNotification(@NotNull
                                                          EventType event,
                                                          @NotNull
                                                          IBucketNotificationDestination dest,
                                                          @NotNull
                                                          NotificationKeyFilter... filters)

Adds a bucket notification event destination.

Example:

 // Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
 bucket.addEventNotification(EventType.getOnObjectCreated(), myLambda, "home/myusername/*");

Parameters:

event - The event to trigger the notification. This parameter is required.

dest - The notification destination (Lambda, SNS Topic or SQS Queue). This parameter is required.

filters - S3 object key filter rules to determine which objects trigger this event. This parameter is required.

See Also:

https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html

addInventory

@Stability(value=Stable)
public void addInventory(@NotNull
                                                  Inventory inventory)

Add an inventory configuration.

Parameters:

inventory - configuration to add. This parameter is required.

addLifecycleRule

@Stability(value=Stable)
public void addLifecycleRule(@NotNull
                                                      LifecycleRule rule)

Add a lifecycle rule to the bucket.

Parameters:

rule - The rule to add. This parameter is required.

addMetric

@Stability(value=Stable)
public void addMetric(@NotNull
                                               BucketMetrics metric)

Adds a metrics configuration for the CloudWatch request metrics from the bucket.

Parameters:

metric - The metric configuration to add. This parameter is required.

addObjectCreatedNotification

@Stability(value=Stable)
public void addObjectCreatedNotification(@NotNull
                                                                  IBucketNotificationDestination dest,
                                                                  @NotNull
                                                                  NotificationKeyFilter... filters)

Subscribes a destination to receive notifications when an object is created in the bucket.

This is identical to calling onEvent(EventType.ObjectCreated).

Parameters:

dest - The notification destination (see onEvent). This parameter is required.

filters - Filters (see onEvent). This parameter is required.

addObjectRemovedNotification

@Stability(value=Stable)
public void addObjectRemovedNotification(@NotNull
                                                                  IBucketNotificationDestination dest,
                                                                  @NotNull
                                                                  NotificationKeyFilter... filters)

Subscribes a destination to receive notifications when an object is removed from the bucket.

This is identical to calling onEvent(EventType.ObjectRemoved).

Parameters:

dest - The notification destination (see onEvent). This parameter is required.

filters - Filters (see onEvent). This parameter is required.

addToResourcePolicy

@Stability(value=Stable)
 @NotNull
public AddToResourcePolicyResult addToResourcePolicy(@NotNull
                                                                                        PolicyStatement permission)

Adds a statement to the resource policy for a principal (i.e. account/role/service) to perform actions on this bucket and/or it's contents. Use `bucketArn` and `arnForObjects(keys)` to obtain ARNs for this bucket or objects.

Specified by:

addToResourcePolicy in interface IBucket

Parameters:

permission - This parameter is required.

arnForObjects

@Stability(value=Stable)
 @NotNull
public String arnForObjects(@NotNull
                                                               String keyPattern)

Returns an ARN that represents all objects within the bucket that match the key pattern specified.

To represent all keys, specify "*".

If you need to specify a keyPattern with multiple components, concatenate them into a single string, e.g.:

arnForObjects(home/${team}/${user}/*)

Specified by:

arnForObjects in interface IBucket

Parameters:

keyPattern - This parameter is required.

grantDelete

@Stability(value=Stable)
 @NotNull
public Grant grantDelete(@NotNull
                                                            IGrantable identity,
                                                            @Nullable
                                                            Object objectsKeyPattern)

Grants s3:DeleteObject* permission to an IAM principal for objects in this bucket.

Specified by:

grantDelete in interface IBucket

Parameters:

identity - The principal. This parameter is required.

objectsKeyPattern - Restrict the permission to a certain key pattern (default '*').

grantDelete

@Stability(value=Stable)
 @NotNull
public Grant grantDelete(@NotNull
                                                            IGrantable identity)

Grants s3:DeleteObject* permission to an IAM principal for objects in this bucket.

Specified by:

grantDelete in interface IBucket

Parameters:

identity - The principal. This parameter is required.

grantPublicAccess

@Stability(value=Stable)
 @NotNull
public Grant grantPublicAccess(@Nullable
                                                                  String keyPrefix,
                                                                  @NotNull
                                                                  String... allowedActions)

Allows unrestricted access to objects from this bucket.

IMPORTANT: This permission allows anyone to perform actions on S3 objects in this bucket, which is useful for when you configure your bucket as a website and want everyone to be able to read objects in the bucket without needing to authenticate.

Without arguments, this method will grant read ("s3:GetObject") access to all objects ("*") in the bucket.

The method returns the iam.Grant object, which can then be modified as needed. For example, you can add a condition that will restrict access only to an IPv4 range like this:

  const grant = bucket.grantPublicAccess();
  grant.resourceStatement!.addCondition(‘IpAddress’, { “aws:SourceIp”: “54.240.143.0/24” });
 

Specified by:

grantPublicAccess in interface IBucket

Parameters:

keyPrefix - the prefix of S3 object keys (e.g. `home/*`). Default is "*".

allowedActions - the set of S3 actions to allow. This parameter is required.

Returns:

The `iam.PolicyStatement` object, which can be used to apply e.g. conditions.

grantPut

@Stability(value=Stable)
 @NotNull
public Grant grantPut(@NotNull
                                                         IGrantable identity,
                                                         @Nullable
                                                         Object objectsKeyPattern)

Grants s3:PutObject* and s3:Abort* permissions for this bucket to an IAM principal.

If encryption is used, permission to use the key to encrypt the contents of written files will also be granted to the same principal.

Specified by:

grantPut in interface IBucket

Parameters:

identity - The principal. This parameter is required.

objectsKeyPattern - Restrict the permission to a certain key pattern (default '*').

grantPut

@Stability(value=Stable)
 @NotNull
public Grant grantPut(@NotNull
                                                         IGrantable identity)

Grants s3:PutObject* and s3:Abort* permissions for this bucket to an IAM principal.

If encryption is used, permission to use the key to encrypt the contents of written files will also be granted to the same principal.

Specified by:

grantPut in interface IBucket

Parameters:

identity - The principal. This parameter is required.

grantPutAcl

@Stability(value=Stable)
 @NotNull
public Grant grantPutAcl(@NotNull
                                                            IGrantable identity,
                                                            @Nullable
                                                            String objectsKeyPattern)

Grant the given IAM identity permissions to modify the ACLs of objects in the given Bucket.

If your application has the '@aws-cdk/aws-s3:grantWriteWithoutAcl' feature flag set, calling {@link grantWrite} or {@link grantReadWrite} no longer grants permissions to modify the ACLs of the objects; in this case, if you need to modify object ACLs, call this method explicitly.

Specified by:

grantPutAcl in interface IBucket

Parameters:

identity - This parameter is required.

objectsKeyPattern -

grantPutAcl

@Stability(value=Stable)
 @NotNull
public Grant grantPutAcl(@NotNull
                                                            IGrantable identity)

Grant the given IAM identity permissions to modify the ACLs of objects in the given Bucket.

If your application has the '@aws-cdk/aws-s3:grantWriteWithoutAcl' feature flag set, calling {@link grantWrite} or {@link grantReadWrite} no longer grants permissions to modify the ACLs of the objects; in this case, if you need to modify object ACLs, call this method explicitly.

Specified by:

grantPutAcl in interface IBucket

Parameters:

identity - This parameter is required.

grantRead

@Stability(value=Stable)
 @NotNull
public Grant grantRead(@NotNull
                                                          IGrantable identity,
                                                          @Nullable
                                                          Object objectsKeyPattern)

Grant read permissions for this bucket and it's contents to an IAM principal (Role/Group/User).

If encryption is used, permission to use the key to decrypt the contents of the bucket will also be granted to the same principal.

Specified by:

grantRead in interface IBucket

Parameters:

identity - The principal. This parameter is required.

objectsKeyPattern - Restrict the permission to a certain key pattern (default '*').

grantRead

@Stability(value=Stable)
 @NotNull
public Grant grantRead(@NotNull
                                                          IGrantable identity)

Grant read permissions for this bucket and it's contents to an IAM principal (Role/Group/User).

If encryption is used, permission to use the key to decrypt the contents of the bucket will also be granted to the same principal.

Specified by:

grantRead in interface IBucket

Parameters:

identity - The principal. This parameter is required.

grantReadWrite

@Stability(value=Stable)
 @NotNull
public Grant grantReadWrite(@NotNull
                                                               IGrantable identity,
                                                               @Nullable
                                                               Object objectsKeyPattern)

Grants read/write permissions for this bucket and it's contents to an IAM principal (Role/Group/User).

If an encryption key is used, permission to use the key for encrypt/decrypt will also be granted.

Before CDK version 1.85.0, this method granted the s3:PutObject* permission that included s3:PutObjectAcl, which could be used to grant read/write object access to IAM principals in other accounts. If you want to get rid of that behavior, update your CDK version to 1.85.0 or later, and make sure the @aws-cdk/aws-s3:grantWriteWithoutAcl feature flag is set to true in the context key of your cdk.json file. If you've already updated, but still need the principal to have permissions to modify the ACLs, use the {@link grantPutAcl} method.

Specified by:

grantReadWrite in interface IBucket

Parameters:

identity - This parameter is required.

objectsKeyPattern -

grantReadWrite

@Stability(value=Stable)
 @NotNull
public Grant grantReadWrite(@NotNull
                                                               IGrantable identity)

Grants read/write permissions for this bucket and it's contents to an IAM principal (Role/Group/User).

If an encryption key is used, permission to use the key for encrypt/decrypt will also be granted.

Before CDK version 1.85.0, this method granted the s3:PutObject* permission that included s3:PutObjectAcl, which could be used to grant read/write object access to IAM principals in other accounts. If you want to get rid of that behavior, update your CDK version to 1.85.0 or later, and make sure the @aws-cdk/aws-s3:grantWriteWithoutAcl feature flag is set to true in the context key of your cdk.json file. If you've already updated, but still need the principal to have permissions to modify the ACLs, use the {@link grantPutAcl} method.

Specified by:

grantReadWrite in interface IBucket

Parameters:

identity - This parameter is required.

grantWrite

@Stability(value=Stable)
 @NotNull
public Grant grantWrite(@NotNull
                                                           IGrantable identity,
                                                           @Nullable
                                                           Object objectsKeyPattern)

Grant write permissions to this bucket to an IAM principal.

If encryption is used, permission to use the key to encrypt the contents of written files will also be granted to the same principal.

Before CDK version 1.85.0, this method granted the s3:PutObject* permission that included s3:PutObjectAcl, which could be used to grant read/write object access to IAM principals in other accounts. If you want to get rid of that behavior, update your CDK version to 1.85.0 or later, and make sure the @aws-cdk/aws-s3:grantWriteWithoutAcl feature flag is set to true in the context key of your cdk.json file. If you've already updated, but still need the principal to have permissions to modify the ACLs, use the {@link grantPutAcl} method.

Specified by:

grantWrite in interface IBucket

Parameters:

identity - This parameter is required.

objectsKeyPattern -

grantWrite

@Stability(value=Stable)
 @NotNull
public Grant grantWrite(@NotNull
                                                           IGrantable identity)

Grant write permissions to this bucket to an IAM principal.

If encryption is used, permission to use the key to encrypt the contents of written files will also be granted to the same principal.

Before CDK version 1.85.0, this method granted the s3:PutObject* permission that included s3:PutObjectAcl, which could be used to grant read/write object access to IAM principals in other accounts. If you want to get rid of that behavior, update your CDK version to 1.85.0 or later, and make sure the @aws-cdk/aws-s3:grantWriteWithoutAcl feature flag is set to true in the context key of your cdk.json file. If you've already updated, but still need the principal to have permissions to modify the ACLs, use the {@link grantPutAcl} method.

Specified by:

grantWrite in interface IBucket

Parameters:

identity - This parameter is required.

onCloudTrailEvent

@Stability(value=Stable)
 @NotNull
public Rule onCloudTrailEvent(@NotNull
                                                                 String id,
                                                                 @Nullable
                                                                 OnCloudTrailBucketEventOptions options)

Define a CloudWatch event that triggers when something happens to this repository.

Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail.

Specified by:

onCloudTrailEvent in interface IBucket

Parameters:

id - The id of the rule. This parameter is required.

options - Options for adding the rule.

onCloudTrailEvent

@Stability(value=Stable)
 @NotNull
public Rule onCloudTrailEvent(@NotNull
                                                                 String id)

Define a CloudWatch event that triggers when something happens to this repository.

Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail.

Specified by:

onCloudTrailEvent in interface IBucket

Parameters:

id - The id of the rule. This parameter is required.

onCloudTrailPutObject

@Stability(value=Stable)
 @NotNull
public Rule onCloudTrailPutObject(@NotNull
                                                                     String id,
                                                                     @Nullable
                                                                     OnCloudTrailBucketEventOptions options)

Defines an AWS CloudWatch event that triggers when an object is uploaded to the specified paths (keys) in this bucket using the PutObject API call.

Note that some tools like aws s3 cp will automatically use either PutObject or the multipart upload API depending on the file size, so using onCloudTrailWriteObject may be preferable.

Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail.

Specified by:

onCloudTrailPutObject in interface IBucket

Parameters:

id - The id of the rule. This parameter is required.

options - Options for adding the rule.

onCloudTrailPutObject

@Stability(value=Stable)
 @NotNull
public Rule onCloudTrailPutObject(@NotNull
                                                                     String id)

Defines an AWS CloudWatch event that triggers when an object is uploaded to the specified paths (keys) in this bucket using the PutObject API call.

Note that some tools like aws s3 cp will automatically use either PutObject or the multipart upload API depending on the file size, so using onCloudTrailWriteObject may be preferable.

Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail.

Specified by:

onCloudTrailPutObject in interface IBucket

Parameters:

id - The id of the rule. This parameter is required.

onCloudTrailWriteObject

@Stability(value=Stable)
 @NotNull
public Rule onCloudTrailWriteObject(@NotNull
                                                                       String id,
                                                                       @Nullable
                                                                       OnCloudTrailBucketEventOptions options)

Defines an AWS CloudWatch event that triggers when an object at the specified paths (keys) in this bucket are written to.

This includes the events PutObject, CopyObject, and CompleteMultipartUpload.

Note that some tools like aws s3 cp will automatically use either PutObject or the multipart upload API depending on the file size, so using this method may be preferable to onCloudTrailPutObject.

Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail.

Specified by:

onCloudTrailWriteObject in interface IBucket

Parameters:

id - The id of the rule. This parameter is required.

options - Options for adding the rule.

onCloudTrailWriteObject

@Stability(value=Stable)
 @NotNull
public Rule onCloudTrailWriteObject(@NotNull
                                                                       String id)

Defines an AWS CloudWatch event that triggers when an object at the specified paths (keys) in this bucket are written to.

This includes the events PutObject, CopyObject, and CompleteMultipartUpload.

Note that some tools like aws s3 cp will automatically use either PutObject or the multipart upload API depending on the file size, so using this method may be preferable to onCloudTrailPutObject.

Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail.

Specified by:

onCloudTrailWriteObject in interface IBucket

Parameters:

id - The id of the rule. This parameter is required.

s3UrlForObject

@Stability(value=Stable)
 @NotNull
public String s3UrlForObject(@Nullable
                                                                String key)

The S3 URL of an S3 object.

For example:

Example:

 // Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
 s3:

Specified by:

s3UrlForObject in interface IBucket

Parameters:

key - The S3 key of the object.

Returns:

an ObjectS3Url token

s3UrlForObject

@Stability(value=Stable)
 @NotNull
public String s3UrlForObject()

The S3 URL of an S3 object.

For example:

Example:

 // Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
 s3:

Specified by:

s3UrlForObject in interface IBucket

Returns:

an ObjectS3Url token

urlForObject

@Stability(value=Stable)
 @NotNull
public String urlForObject(@Nullable
                                                              String key)

The https URL of an S3 object.

Specify regional: false at the options for non-regional URLs. For example:

Example:

 // Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
 https:

Specified by:

urlForObject in interface IBucket

Parameters:

key - The S3 key of the object.

Returns:

an ObjectS3Url token

urlForObject

@Stability(value=Stable)
 @NotNull
public String urlForObject()

The https URL of an S3 object.

Specify regional: false at the options for non-regional URLs. For example:

Example:

 // Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
 https:

Specified by:

urlForObject in interface IBucket

Returns:

an ObjectS3Url token

validate

@Stability(value=Stable)
 @NotNull
protected List<String> validate()

Validate the current construct.

This method can be implemented by derived constructs in order to perform validation logic. It is called on all constructs before synthesis.

Overrides:

validate in class Construct

virtualHostedUrlForObject

@Stability(value=Stable)
 @NotNull
public String virtualHostedUrlForObject(@Nullable
                                                                           String key,
                                                                           @Nullable
                                                                           VirtualHostedStyleUrlOptions options)

The virtual hosted-style URL of an S3 object.

Specify regional: false at the options for non-regional URL. For example:

Example:

 // Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
 https:

Specified by:

virtualHostedUrlForObject in interface IBucket

Parameters:

key - The S3 key of the object.

options - Options for generating URL.

Returns:

an ObjectS3Url token

virtualHostedUrlForObject

@Stability(value=Stable)
 @NotNull
public String virtualHostedUrlForObject(@Nullable
                                                                           String key)

The virtual hosted-style URL of an S3 object.

Specify regional: false at the options for non-regional URL. For example:

Example:

 // Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
 https:

Specified by:

virtualHostedUrlForObject in interface IBucket

Parameters:

key - The S3 key of the object.

Returns:

an ObjectS3Url token

virtualHostedUrlForObject

@Stability(value=Stable)
 @NotNull
public String virtualHostedUrlForObject()

The virtual hosted-style URL of an S3 object.

Specify regional: false at the options for non-regional URL. For example:

Example:

 // Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
 https:

Specified by:

virtualHostedUrlForObject in interface IBucket

Returns:

an ObjectS3Url token

getBucketArn

@Stability(value=Stable)
 @NotNull
public String getBucketArn()

The ARN of the bucket.

Specified by:

getBucketArn in interface IBucket

getBucketDomainName

@Stability(value=Stable)
 @NotNull
public String getBucketDomainName()

The IPv4 DNS name of the specified bucket.

Specified by:

getBucketDomainName in interface IBucket

getBucketDualStackDomainName

@Stability(value=Stable)
 @NotNull
public String getBucketDualStackDomainName()

The IPv6 DNS name of the specified bucket.

Specified by:

getBucketDualStackDomainName in interface IBucket

getBucketName

@Stability(value=Stable)
 @NotNull
public String getBucketName()

The name of the bucket.

Specified by:

getBucketName in interface IBucket

getBucketRegionalDomainName

@Stability(value=Stable)
 @NotNull
public String getBucketRegionalDomainName()

The regional domain name of the specified bucket.

Specified by:

getBucketRegionalDomainName in interface IBucket

getBucketWebsiteDomainName

@Stability(value=Stable)
 @NotNull
public String getBucketWebsiteDomainName()

The Domain name of the static website.

Specified by:

getBucketWebsiteDomainName in interface IBucket

getBucketWebsiteUrl

@Stability(value=Stable)
 @NotNull
public String getBucketWebsiteUrl()

The URL of the static website.

Specified by:

getBucketWebsiteUrl in interface IBucket

getEncryptionKey

@Stability(value=Stable)
 @Nullable
public IKey getEncryptionKey()

Optional KMS encryption key associated with this bucket.

Specified by:

getEncryptionKey in interface IBucket

getIsWebsite

@Stability(value=Stable)
 @Nullable
public Boolean getIsWebsite()

If this bucket has been configured for static website hosting.

Specified by:

getIsWebsite in interface IBucket

getAutoCreatePolicy

@Stability(value=Stable)
 @NotNull
protected Boolean getAutoCreatePolicy()

Indicates if a bucket resource policy should automatically created upon the first call to `addToResourcePolicy`.

setAutoCreatePolicy

@Stability(value=Stable)
protected void setAutoCreatePolicy(@NotNull
                                                            Boolean value)

Indicates if a bucket resource policy should automatically created upon the first call to `addToResourcePolicy`.

getDisallowPublicAccess

@Stability(value=Stable)
 @Nullable
protected Boolean getDisallowPublicAccess()

Whether to disallow public access.

setDisallowPublicAccess

@Stability(value=Stable)
protected void setDisallowPublicAccess(@Nullable
                                                                Boolean value)

Whether to disallow public access.

getPolicy

@Stability(value=Stable)
 @Nullable
public BucketPolicy getPolicy()

The resource policy associated with this bucket.

If autoCreatePolicy is true, a BucketPolicy will be created upon the first call to addToResourcePolicy(s).

Specified by:

getPolicy in interface IBucket

setPolicy

@Stability(value=Stable)
public void setPolicy(@Nullable
                                               BucketPolicy value)

The resource policy associated with this bucket.

If autoCreatePolicy is true, a BucketPolicy will be created upon the first call to addToResourcePolicy(s).

Specified by:

setPolicy in interface IBucket