aws-cdk-lib

import * as cdk from "../../core"; import * as constructs from "constructs"; import * as cfn_parse from "../../core/lib/helpers-internal"; /** * The AWS::S3::AccessPoint resource is an Amazon S3 resource type that you can use to access buckets. * * @cloudformationResource AWS::S3::AccessPoint * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html */ export declare class CfnAccessPoint extends cdk.CfnResource implements cdk.IInspectable { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME: string; /** * Build a CfnAccessPoint from CloudFormation properties * * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnAccessPoint; /** * The alias for this access point. * * @cloudformationAttribute Alias */ readonly attrAlias: string; /** * This property contains the details of the ARN for the access point. * * @cloudformationAttribute Arn */ readonly attrArn: string; /** * The name of this access point. * * @cloudformationAttribute Name */ readonly attrName: string; /** * Indicates whether this access point allows access from the internet. If `VpcConfiguration` is specified for this access point, then `NetworkOrigin` is `VPC` , and the access point doesn't allow access from the internet. Otherwise, `NetworkOrigin` is `Internet` , and the access point allows access from the internet, subject to the access point and bucket access policies. * * *Allowed values* : `VPC` | `Internet` * * @cloudformationAttribute NetworkOrigin */ readonly attrNetworkOrigin: string; /** * The name of the bucket associated with this access point. */ bucket: string; /** * The AWS account ID associated with the S3 bucket associated with this access point. */ bucketAccountId?: string; /** * The name of this access point. */ name?: string; /** * The access point policy associated with this access point. */ policy?: any | cdk.IResolvable; /** * The PublicAccessBlock configuration that you want to apply to this Amazon S3 bucket. */ publicAccessBlockConfiguration?: cdk.IResolvable | CfnAccessPoint.PublicAccessBlockConfigurationProperty; /** * The Virtual Private Cloud (VPC) configuration for this access point, if one exists. */ vpcConfiguration?: cdk.IResolvable | CfnAccessPoint.VpcConfigurationProperty; /** * @param scope Scope in which this resource is defined * @param id Construct identifier for this resource (unique in its scope) * @param props Resource properties */ constructor(scope: constructs.Construct, id: string, props: CfnAccessPointProps); protected get cfnProperties(): Record<string, any>; /** * Examines the CloudFormation resource and discloses attributes * * @param inspector tree inspector to collect and process attributes */ inspect(inspector: cdk.TreeInspector): void; protected renderProperties(props: Record<string, any>): Record<string, any>; } export declare namespace CfnAccessPoint { /** * The PublicAccessBlock configuration that you want to apply to this Amazon S3 bucket. * * You can enable the configuration options in any combination. For more information about when Amazon S3 considers a bucket or object public, see [The Meaning of "Public"](https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status) in the *Amazon S3 User Guide* . * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-accesspoint-publicaccessblockconfiguration.html */ interface PublicAccessBlockConfigurationProperty { /** * Specifies whether Amazon S3 should block public access control lists (ACLs) for this bucket and objects in this bucket. * * Setting this element to `TRUE` causes the following behavior: * * - PUT Bucket ACL and PUT Object ACL calls fail if the specified ACL is public. * - PUT Object calls fail if the request includes a public ACL. * - PUT Bucket calls fail if the request includes a public ACL. * * Enabling this setting doesn't affect existing policies or ACLs. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-accesspoint-publicaccessblockconfiguration.html#cfn-s3-accesspoint-publicaccessblockconfiguration-blockpublicacls */ readonly blockPublicAcls?: boolean | cdk.IResolvable; /** * Specifies whether Amazon S3 should block public bucket policies for this bucket. * * Setting this element to `TRUE` causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access. * * Enabling this setting doesn't affect existing bucket policies. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-accesspoint-publicaccessblockconfiguration.html#cfn-s3-accesspoint-publicaccessblockconfiguration-blockpublicpolicy */ readonly blockPublicPolicy?: boolean | cdk.IResolvable; /** * Specifies whether Amazon S3 should ignore public ACLs for this bucket and objects in this bucket. * * Setting this element to `TRUE` causes Amazon S3 to ignore all public ACLs on this bucket and objects in this bucket. * * Enabling this setting doesn't affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-accesspoint-publicaccessblockconfiguration.html#cfn-s3-accesspoint-publicaccessblockconfiguration-ignorepublicacls */ readonly ignorePublicAcls?: boolean | cdk.IResolvable; /** * Specifies whether Amazon S3 should restrict public bucket policies for this bucket. * * Setting this element to `TRUE` restricts access to this bucket to only AWS service principals and authorized users within this account if the bucket has a public policy. * * Enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-accesspoint-publicaccessblockconfiguration.html#cfn-s3-accesspoint-publicaccessblockconfiguration-restrictpublicbuckets */ readonly restrictPublicBuckets?: boolean | cdk.IResolvable; } /** * The Virtual Private Cloud (VPC) configuration for this access point. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-accesspoint-vpcconfiguration.html */ interface VpcConfigurationProperty { /** * If this field is specified, the access point will only allow connections from the specified VPC ID. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-accesspoint-vpcconfiguration.html#cfn-s3-accesspoint-vpcconfiguration-vpcid */ readonly vpcId?: string; } } /** * Properties for defining a `CfnAccessPoint` * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html */ export interface CfnAccessPointProps { /** * The name of the bucket associated with this access point. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html#cfn-s3-accesspoint-bucket */ readonly bucket: string; /** * The AWS account ID associated with the S3 bucket associated with this access point. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html#cfn-s3-accesspoint-bucketaccountid */ readonly bucketAccountId?: string; /** * The name of this access point. * * If you don't specify a name, AWS CloudFormation generates a unique ID and uses that ID for the access point name. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html#cfn-s3-accesspoint-name */ readonly name?: string; /** * The access point policy associated with this access point. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html#cfn-s3-accesspoint-policy */ readonly policy?: any | cdk.IResolvable; /** * The PublicAccessBlock configuration that you want to apply to this Amazon S3 bucket. * * You can enable the configuration options in any combination. For more information about when Amazon S3 considers a bucket or object public, see [The Meaning of "Public"](https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status) in the *Amazon S3 User Guide* . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html#cfn-s3-accesspoint-publicaccessblockconfiguration */ readonly publicAccessBlockConfiguration?: cdk.IResolvable | CfnAccessPoint.PublicAccessBlockConfigurationProperty; /** * The Virtual Private Cloud (VPC) configuration for this access point, if one exists. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html#cfn-s3-accesspoint-vpcconfiguration */ readonly vpcConfiguration?: cdk.IResolvable | CfnAccessPoint.VpcConfigurationProperty; } /** * The `AWS::S3::Bucket` resource creates an Amazon S3 bucket in the same AWS Region where you create the AWS CloudFormation stack. * * To control how AWS CloudFormation handles the bucket when the stack is deleted, you can set a deletion policy for your bucket. You can choose to *retain* the bucket or to *delete* the bucket. For more information, see [DeletionPolicy Attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html) . * * > You can only delete empty buckets. Deletion fails for buckets that have contents. * * @cloudformationResource AWS::S3::Bucket * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-bucket.html */ export declare class CfnBucket extends cdk.CfnResource implements cdk.IInspectable, cdk.ITaggable { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME: string; /** * Build a CfnBucket from CloudFormation properties * * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnBucket; /** * Returns the Amazon Resource Name (ARN) of the specified bucket. * * Example: `arn:aws:s3:::DOC-EXAMPLE-BUCKET` * * @cloudformationAttribute Arn */ readonly attrArn: string; /** * Returns the IPv4 DNS name of the specified bucket. * * Example: `DOC-EXAMPLE-BUCKET.s3.amazonaws.com` * * @cloudformationAttribute DomainName */ readonly attrDomainName: string; /** * Returns the IPv6 DNS name of the specified bucket. * * Example: `DOC-EXAMPLE-BUCKET.s3.dualstack.us-east-2.amazonaws.com` * * For more information about dual-stack endpoints, see [Using Amazon S3 Dual-Stack Endpoints](https://docs.aws.amazon.com/AmazonS3/latest/dev/dual-stack-endpoints.html) . * * @cloudformationAttribute DualStackDomainName */ readonly attrDualStackDomainName: string; /** * The Amazon Resource Name (ARN) for the metadata table in the metadata table configuration. The specified metadata table name must be unique within the `aws_s3_metadata` namespace in the destination table bucket. * * @cloudformationAttribute MetadataTableConfiguration.S3TablesDestination.TableArn */ readonly attrMetadataTableConfigurationS3TablesDestinationTableArn: string; /** * The table bucket namespace for the metadata table in your metadata table configuration. This value is always `aws_s3_metadata` . * * @cloudformationAttribute MetadataTableConfiguration.S3TablesDestination.TableNamespace */ readonly attrMetadataTableConfigurationS3TablesDestinationTableNamespace: string; /** * Returns the regional domain name of the specified bucket. * * Example: `DOC-EXAMPLE-BUCKET.s3.us-east-2.amazonaws.com` * * @cloudformationAttribute RegionalDomainName */ readonly attrRegionalDomainName: string; /** * Returns the Amazon S3 website endpoint for the specified bucket. * * Example (IPv4): `http://DOC-EXAMPLE-BUCKET.s3-website.us-east-2.amazonaws.com` * * Example (IPv6): `http://DOC-EXAMPLE-BUCKET.s3.dualstack.us-east-2.amazonaws.com` * * @cloudformationAttribute WebsiteURL */ readonly attrWebsiteUrl: string; /** * Configures the transfer acceleration state for an Amazon S3 bucket. */ accelerateConfiguration?: CfnBucket.AccelerateConfigurationProperty | cdk.IResolvable; /** * > This is a legacy property, and it is not recommended for most use cases. */ accessControl?: string; /** * Specifies the configuration and any analyses for the analytics filter of an Amazon S3 bucket. */ analyticsConfigurations?: Array<CfnBucket.AnalyticsConfigurationProperty | cdk.IResolvable> | cdk.IResolvable; /** * Specifies default encryption for a bucket using server-side encryption with Amazon S3-managed keys (SSE-S3), AWS KMS-managed keys (SSE-KMS), or dual-layer server-side encryption with KMS-managed keys (DSSE-KMS). */ bucketEncryption?: CfnBucket.BucketEncryptionProperty | cdk.IResolvable; /** * A name for the bucket. */ bucketName?: string; /** * Describes the cross-origin access configuration for objects in an Amazon S3 bucket. */ corsConfiguration?: CfnBucket.CorsConfigurationProperty | cdk.IResolvable; /** * Defines how Amazon S3 handles Intelligent-Tiering storage. */ intelligentTieringConfigurations?: Array<CfnBucket.IntelligentTieringConfigurationProperty | cdk.IResolvable> | cdk.IResolvable; /** * Specifies the inventory configuration for an Amazon S3 bucket. */ inventoryConfigurations?: Array<CfnBucket.InventoryConfigurationProperty | cdk.IResolvable> | cdk.IResolvable; /** * Specifies the lifecycle configuration for objects in an Amazon S3 bucket. */ lifecycleConfiguration?: cdk.IResolvable | CfnBucket.LifecycleConfigurationProperty; /** * Settings that define where logs are stored. */ loggingConfiguration?: cdk.IResolvable | CfnBucket.LoggingConfigurationProperty; /** * The metadata table configuration of an Amazon S3 general purpose bucket. */ metadataTableConfiguration?: cdk.IResolvable | CfnBucket.MetadataTableConfigurationProperty; /** * Specifies a metrics configuration for the CloudWatch request metrics (specified by the metrics configuration ID) from an Amazon S3 bucket. */ metricsConfigurations?: Array<cdk.IResolvable | CfnBucket.MetricsConfigurationProperty> | cdk.IResolvable; /** * Configuration that defines how Amazon S3 handles bucket notifications. */ notificationConfiguration?: cdk.IResolvable | CfnBucket.NotificationConfigurationProperty; /** * > This operation is not supported for directory buckets. */ objectLockConfiguration?: cdk.IResolvable | CfnBucket.ObjectLockConfigurationProperty; /** * Indicates whether this bucket has an Object Lock configuration enabled. */ objectLockEnabled?: boolean | cdk.IResolvable; /** * Configuration that defines how Amazon S3 handles Object Ownership rules. */ ownershipControls?: cdk.IResolvable | CfnBucket.OwnershipControlsProperty; /** * Configuration that defines how Amazon S3 handles public access. */ publicAccessBlockConfiguration?: cdk.IResolvable | CfnBucket.PublicAccessBlockConfigurationProperty; /** * Configuration for replicating objects in an S3 bucket. */ replicationConfiguration?: cdk.IResolvable | CfnBucket.ReplicationConfigurationProperty; /** * Tag Manager which manages the tags for this resource */ readonly tags: cdk.TagManager; /** * An arbitrary set of tags (key-value pairs) for this S3 bucket. */ tagsRaw?: Array<cdk.CfnTag>; /** * Enables multiple versions of all objects in this bucket. */ versioningConfiguration?: cdk.IResolvable | CfnBucket.VersioningConfigurationProperty; /** * Information used to configure the bucket as a static website. */ websiteConfiguration?: cdk.IResolvable | CfnBucket.WebsiteConfigurationProperty; /** * @param scope Scope in which this resource is defined * @param id Construct identifier for this resource (unique in its scope) * @param props Resource properties */ constructor(scope: constructs.Construct, id: string, props?: CfnBucketProps); protected get cfnProperties(): Record<string, any>; /** * Examines the CloudFormation resource and discloses attributes * * @param inspector tree inspector to collect and process attributes */ inspect(inspector: cdk.TreeInspector): void; protected renderProperties(props: Record<string, any>): Record<string, any>; } export declare namespace CfnBucket { /** * Configures the transfer acceleration state for an Amazon S3 bucket. * * For more information, see [Amazon S3 Transfer Acceleration](https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html) in the *Amazon S3 User Guide* . * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-accelerateconfiguration.html */ interface AccelerateConfigurationProperty { /** * Specifies the transfer acceleration status of the bucket. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-accelerateconfiguration.html#cfn-s3-bucket-accelerateconfiguration-accelerationstatus */ readonly accelerationStatus: string; } /** * Specifies the configuration and any analyses for the analytics filter of an Amazon S3 bucket. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-analyticsconfiguration.html */ interface AnalyticsConfigurationProperty { /** * The ID that identifies the analytics configuration. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-analyticsconfiguration.html#cfn-s3-bucket-analyticsconfiguration-id */ readonly id: string; /** * The prefix that an object must have to be included in the analytics results. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-analyticsconfiguration.html#cfn-s3-bucket-analyticsconfiguration-prefix */ readonly prefix?: string; /** * Contains data related to access patterns to be collected and made available to analyze the tradeoffs between different storage classes. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-analyticsconfiguration.html#cfn-s3-bucket-analyticsconfiguration-storageclassanalysis */ readonly storageClassAnalysis: cdk.IResolvable | CfnBucket.StorageClassAnalysisProperty; /** * The tags to use when evaluating an analytics filter. * * The analytics only includes objects that meet the filter's criteria. If no filter is specified, all of the contents of the bucket are included in the analysis. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-analyticsconfiguration.html#cfn-s3-bucket-analyticsconfiguration-tagfilters */ readonly tagFilters?: Array<cdk.IResolvable | CfnBucket.TagFilterProperty> | cdk.IResolvable; } /** * Specifies data related to access patterns to be collected and made available to analyze the tradeoffs between different storage classes for an Amazon S3 bucket. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-storageclassanalysis.html */ interface StorageClassAnalysisProperty { /** * Specifies how data related to the storage class analysis for an Amazon S3 bucket should be exported. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-storageclassanalysis.html#cfn-s3-bucket-storageclassanalysis-dataexport */ readonly dataExport?: CfnBucket.DataExportProperty | cdk.IResolvable; } /** * Specifies how data related to the storage class analysis for an Amazon S3 bucket should be exported. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-dataexport.html */ interface DataExportProperty { /** * The place to store the data for an analysis. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-dataexport.html#cfn-s3-bucket-dataexport-destination */ readonly destination: CfnBucket.DestinationProperty | cdk.IResolvable; /** * The version of the output schema to use when exporting data. * * Must be `V_1` . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-dataexport.html#cfn-s3-bucket-dataexport-outputschemaversion */ readonly outputSchemaVersion: string; } /** * Specifies information about where to publish analysis or configuration results for an Amazon S3 bucket. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-destination.html */ interface DestinationProperty { /** * The account ID that owns the destination S3 bucket. * * If no account ID is provided, the owner is not validated before exporting data. * * > Although this value is optional, we strongly recommend that you set it to help prevent problems if the destination bucket ownership changes. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-destination.html#cfn-s3-bucket-destination-bucketaccountid */ readonly bucketAccountId?: string; /** * The Amazon Resource Name (ARN) of the bucket to which data is exported. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-destination.html#cfn-s3-bucket-destination-bucketarn */ readonly bucketArn: string; /** * Specifies the file format used when exporting data to Amazon S3. * * *Allowed values* : `CSV` | `ORC` | `Parquet` * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-destination.html#cfn-s3-bucket-destination-format */ readonly format: string; /** * The prefix to use when exporting data. * * The prefix is prepended to all results. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-destination.html#cfn-s3-bucket-destination-prefix */ readonly prefix?: string; } /** * Specifies tags to use to identify a subset of objects for an Amazon S3 bucket. * * For more information, see [Categorizing your storage using tags](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-tagging.html) in the *Amazon Simple Storage Service User Guide* . * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-tagfilter.html */ interface TagFilterProperty { /** * The tag key. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-tagfilter.html#cfn-s3-bucket-tagfilter-key */ readonly key: string; /** * The tag value. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-tagfilter.html#cfn-s3-bucket-tagfilter-value */ readonly value: string; } /** * Specifies default encryption for a bucket using server-side encryption with Amazon S3-managed keys (SSE-S3), AWS KMS-managed keys (SSE-KMS), or dual-layer server-side encryption with KMS-managed keys (DSSE-KMS). * * For information about the Amazon S3 default encryption feature, see [Amazon S3 Default Encryption for S3 Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) in the *Amazon S3 User Guide* . * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-bucketencryption.html */ interface BucketEncryptionProperty { /** * Specifies the default server-side-encryption configuration. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-bucketencryption.html#cfn-s3-bucket-bucketencryption-serversideencryptionconfiguration */ readonly serverSideEncryptionConfiguration: Array<cdk.IResolvable | CfnBucket.ServerSideEncryptionRuleProperty> | cdk.IResolvable; } /** * Specifies the default server-side encryption configuration. * * > - *General purpose buckets* - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then AWS KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. * > - *Directory buckets* - When you specify an [AWS KMS customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-serversideencryptionrule.html */ interface ServerSideEncryptionRuleProperty { /** * Specifies whether Amazon S3 should use an S3 Bucket Key with server-side encryption using KMS (SSE-KMS) for new objects in the bucket. * * Existing objects are not affected. Setting the `BucketKeyEnabled` element to `true` causes Amazon S3 to use an S3 Bucket Key. By default, S3 Bucket Key is not enabled. * * For more information, see [Amazon S3 Bucket Keys](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html) in the *Amazon S3 User Guide* . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-serversideencryptionrule.html#cfn-s3-bucket-serversideencryptionrule-bucketkeyenabled */ readonly bucketKeyEnabled?: boolean | cdk.IResolvable; /** * Specifies the default server-side encryption to apply to new objects in the bucket. * * If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-serversideencryptionrule.html#cfn-s3-bucket-serversideencryptionrule-serversideencryptionbydefault */ readonly serverSideEncryptionByDefault?: cdk.IResolvable | CfnBucket.ServerSideEncryptionByDefaultProperty; } /** * Describes the default server-side encryption to apply to new objects in the bucket. * * If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. For more information, see [PutBucketEncryption](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html) . * * > - *General purpose buckets* - If you don't specify a customer managed key at configuration, Amazon S3 automatically creates an AWS KMS key ( `aws/s3` ) in your AWS account the first time that you add an object encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS. * > - *Directory buckets* - Your SSE-KMS configuration can only support 1 [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) per directory bucket's lifetime. The [AWS managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk) ( `aws/s3` ) isn't supported. * > - *Directory buckets* - For directory buckets, there are only two supported options for server-side encryption: SSE-S3 and SSE-KMS. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-serversideencryptionbydefault.html */ interface ServerSideEncryptionByDefaultProperty { /** * AWS Key Management Service (KMS) customer managed key ID to use for the default encryption. * * > - *General purpose buckets* - This parameter is allowed if and only if `SSEAlgorithm` is set to `aws:kms` or `aws:kms:dsse` . * > - *Directory buckets* - This parameter is allowed if and only if `SSEAlgorithm` is set to `aws:kms` . * * You can specify the key ID, key alias, or the Amazon Resource Name (ARN) of the KMS key. * * - Key ID: `1234abcd-12ab-34cd-56ef-1234567890ab` * - Key ARN: `arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab` * - Key Alias: `alias/alias-name` * * If you are using encryption with cross-account or AWS service operations, you must use a fully qualified KMS key ARN. For more information, see [Using encryption for cross-account operations](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy) . * * > - *General purpose buckets* - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then AWS KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. Also, if you use a key ID, you can run into a LogDestination undeliverable error when creating a VPC flow log. * > - *Directory buckets* - When you specify an [AWS KMS customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported. > Amazon S3 only supports symmetric encryption KMS keys. For more information, see [Asymmetric keys in AWS KMS](https://docs.aws.amazon.com//kms/latest/developerguide/symmetric-asymmetric.html) in the *AWS Key Management Service Developer Guide* . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-serversideencryptionbydefault.html#cfn-s3-bucket-serversideencryptionbydefault-kmsmasterkeyid */ readonly kmsMasterKeyId?: string; /** * Server-side encryption algorithm to use for the default encryption. * * > For directory buckets, there are only two supported values for server-side encryption: `AES256` and `aws:kms` . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-serversideencryptionbydefault.html#cfn-s3-bucket-serversideencryptionbydefault-ssealgorithm */ readonly sseAlgorithm: string; } /** * Describes the cross-origin access configuration for objects in an Amazon S3 bucket. * * For more information, see [Enabling Cross-Origin Resource Sharing](https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html) in the *Amazon S3 User Guide* . * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-corsconfiguration.html */ interface CorsConfigurationProperty { /** * A set of origins and methods (cross-origin access that you want to allow). * * You can add up to 100 rules to the configuration. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-corsconfiguration.html#cfn-s3-bucket-corsconfiguration-corsrules */ readonly corsRules: Array<CfnBucket.CorsRuleProperty | cdk.IResolvable> | cdk.IResolvable; } /** * Specifies a cross-origin access rule for an Amazon S3 bucket. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-corsrule.html */ interface CorsRuleProperty { /** * Headers that are specified in the `Access-Control-Request-Headers` header. * * These headers are allowed in a preflight OPTIONS request. In response to any preflight OPTIONS request, Amazon S3 returns any requested headers that are allowed. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-corsrule.html#cfn-s3-bucket-corsrule-allowedheaders */ readonly allowedHeaders?: Array<string>; /** * An HTTP method that you allow the origin to run. * * *Allowed values* : `GET` | `PUT` | `HEAD` | `POST` | `DELETE` * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-corsrule.html#cfn-s3-bucket-corsrule-allowedmethods */ readonly allowedMethods: Array<string>; /** * One or more origins you want customers to be able to access the bucket from. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-corsrule.html#cfn-s3-bucket-corsrule-allowedorigins */ readonly allowedOrigins: Array<string>; /** * One or more headers in the response that you want customers to be able to access from their applications (for example, from a JavaScript `XMLHttpRequest` object). * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-corsrule.html#cfn-s3-bucket-corsrule-exposedheaders */ readonly exposedHeaders?: Array<string>; /** * A unique identifier for this rule. * * The value must be no more than 255 characters. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-corsrule.html#cfn-s3-bucket-corsrule-id */ readonly id?: string; /** * The time in seconds that your browser is to cache the preflight response for the specified resource. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-corsrule.html#cfn-s3-bucket-corsrule-maxage */ readonly maxAge?: number; } /** * Specifies the S3 Intelligent-Tiering configuration for an Amazon S3 bucket. * * For information about the S3 Intelligent-Tiering storage class, see [Storage class for automatically optimizing frequently and infrequently accessed objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access) . * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-intelligenttieringconfiguration.html */ interface IntelligentTieringConfigurationProperty { /** * The ID used to identify the S3 Intelligent-Tiering configuration. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-intelligenttieringconfiguration.html#cfn-s3-bucket-intelligenttieringconfiguration-id */ readonly id: string; /** * An object key name prefix that identifies the subset of objects to which the rule applies. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-intelligenttieringconfiguration.html#cfn-s3-bucket-intelligenttieringconfiguration-prefix */ readonly prefix?: string; /** * Specifies the status of the configuration. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-intelligenttieringconfiguration.html#cfn-s3-bucket-intelligenttieringconfiguration-status */ readonly status: string; /** * A container for a key-value pair. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-intelligenttieringconfiguration.html#cfn-s3-bucket-intelligenttieringconfiguration-tagfilters */ readonly tagFilters?: Array<cdk.IResolvable | CfnBucket.TagFilterProperty> | cdk.IResolvable; /** * Specifies a list of S3 Intelligent-Tiering storage class tiers in the configuration. * * At least one tier must be defined in the list. At most, you can specify two tiers in the list, one for each available AccessTier: `ARCHIVE_ACCESS` and `DEEP_ARCHIVE_ACCESS` . * * > You only need Intelligent Tiering Configuration enabled on a bucket if you want to automatically move objects stored in the Intelligent-Tiering storage class to Archive Access or Deep Archive Access tiers. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-intelligenttieringconfiguration.html#cfn-s3-bucket-intelligenttieringconfiguration-tierings */ readonly tierings: Array<cdk.IResolvable | CfnBucket.TieringProperty> | cdk.IResolvable; } /** * The S3 Intelligent-Tiering storage class is designed to optimize storage costs by automatically moving data to the most cost-effective storage access tier, without additional operational overhead. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-tiering.html */ interface TieringProperty { /** * S3 Intelligent-Tiering access tier. * * See [Storage class for automatically optimizing frequently and infrequently accessed objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access) for a list of access tiers in the S3 Intelligent-Tiering storage class. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-tiering.html#cfn-s3-bucket-tiering-accesstier */ readonly accessTier: string; /** * The number of consecutive days of no access after which an object will be eligible to be transitioned to the corresponding tier. * * The minimum number of days specified for Archive Access tier must be at least 90 days and Deep Archive Access tier must be at least 180 days. The maximum can be up to 2 years (730 days). * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-tiering.html#cfn-s3-bucket-tiering-days */ readonly days: number; } /** * Specifies the inventory configuration for an Amazon S3 bucket. * * For more information, see [GET Bucket inventory](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETInventoryConfig.html) in the *Amazon S3 API Reference* . * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-inventoryconfiguration.html */ interface InventoryConfigurationProperty { /** * Contains information about where to publish the inventory results. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-inventoryconfiguration.html#cfn-s3-bucket-inventoryconfiguration-destination */ readonly destination: CfnBucket.DestinationProperty | cdk.IResolvable; /** * Specifies whether the inventory is enabled or disabled. * * If set to `True` , an inventory list is generated. If set to `False` , no inventory list is generated. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-inventoryconfiguration.html#cfn-s3-bucket-inventoryconfiguration-enabled */ readonly enabled: boolean | cdk.IResolvable; /** * The ID used to identify the inventory configuration. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-inventoryconfiguration.html#cfn-s3-bucket-inventoryconfiguration-id */ readonly id: string; /** * Object versions to include in the inventory list. * * If set to `All` , the list includes all the object versions, which adds the version-related fields `VersionId` , `IsLatest` , and `DeleteMarker` to the list. If set to `Current` , the list does not contain these version-related fields. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-inventoryconfiguration.html#cfn-s3-bucket-inventoryconfiguration-includedobjectversions */ readonly includedObjectVersions: string; /** * Contains the optional fields that are included in the inventory results. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-inventoryconfiguration.html#cfn-s3-bucket-inventoryconfiguration-optionalfields */ readonly optionalFields?: Array<string>; /** * Specifies the inventory filter prefix. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-inventoryconfiguration.html#cfn-s3-bucket-inventoryconfiguration-prefix */ readonly prefix?: string; /** * Specifies the schedule for generating inventory results. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-inventoryconfiguration.html#cfn-s3-bucket-inventoryconfiguration-schedulefrequency */ readonly scheduleFrequency: string; } /** * Specifies the lifecycle configuration for objects in an Amazon S3 bucket. * * For more information, see [Object Lifecycle Management](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html) in the *Amazon S3 User Guide* . * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-lifecycleconfiguration.html */ interface LifecycleConfigurationProperty { /** * A lifecycle rule for individual objects in an Amazon S3 bucket. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-lifecycleconfiguration.html#cfn-s3-bucket-lifecycleconfiguration-rules */ readonly rules: Array<cdk.IResolvable | CfnBucket.RuleProperty> | cdk.IResolvable; /** * Indicates which default minimum object size behavior is applied to the lifecycle configuration. * * > This parameter applies to general purpose buckets only. It isn't supported for directory bucket lifecycle configurations. * * - `all_storage_classes_128K` - Objects smaller than 128 KB will not transition to any storage class by default. * - `varies_by_storage_class` - Objects smaller than 128 KB will transition to Glacier Flexible Retrieval or Glacier Deep Archive storage classes. By default, all other storage classes will prevent transitions smaller than 128 KB. * * To customize the minimum object size for any transition you can add a filter that specifies a custom `ObjectSizeGreaterThan` or `ObjectSizeLessThan` in the body of your transition rule. Custom filters always take precedence over the default transition behavior. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-lifecycleconfiguration.html#cfn-s3-bucket-lifecycleconfiguration-transitiondefaultminimumobjectsize */ readonly transitionDefaultMinimumObjectSize?: string; } /** * Specifies lifecycle rules for an Amazon S3 bucket. * * For more information, see [Put Bucket Lifecycle Configuration](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTlifecycle.html) in the *Amazon S3 API Reference* . * * You must specify at least one of the following properties: `AbortIncompleteMultipartUpload` , `ExpirationDate` , `ExpirationInDays` , `NoncurrentVersionExpirationInDays` , `NoncurrentVersionTransition` , `NoncurrentVersionTransitions` , `Transition` , or `Transitions` . * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-rule.html */ interface RuleProperty { /** * Specifies a lifecycle rule that stops incomplete multipart uploads to an Amazon S3 bucket. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-rule.html#cfn-s3-bucket-rule-abortincompletemultipartupload */ readonly abortIncompleteMultipartUpload?: CfnBucket.AbortIncompleteMultipartUploadProperty | cdk.IResolvable; /** * Indicates when objects are deleted from Amazon S3 and Amazon S3 Glacier. * * The date value must be in ISO 8601 format. The time is always midnight UTC. If you specify an expiration and transition time, you must use the same time unit for both properties (either in days or by date). The expiration time must also be later than the transition time. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-rule.html#cfn-s3-bucket-rule-expirationdate */ readonly expirationDate?: Date | cdk.IResolvable; /** * Indicates the number of days after creation when objects are deleted from Amazon S3 and Amazon S3 Glacier. * * If you specify an expiration and transition time, you must use the same time unit for both properties (either in days or by date). The expiration time must also be later than the transition time. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-rule.html#cfn-s3-bucket-rule-expirationindays */ readonly expirationInDays?: number; /** * Indicates whether Amazon S3 will remove a delete marker without any noncurrent versions. * * If set to true, the delete marker will be removed if there are no noncurrent versions. This cannot be specified with `ExpirationInDays` , `ExpirationDate` , or `TagFilters` . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/Us