aws-cdk-lib

import * as cdk from "../../core/lib"; import * as constructs from "constructs"; import * as cfn_parse from "../../core/lib/helpers-internal"; import { aws_s3 as s3Refs } from "../../interfaces"; import { AccessGrantReference, AccessGrantsInstanceReference, AccessGrantsLocationReference, AccessPointReference, BucketPolicyReference, BucketReference, IAccessGrantRef, IAccessGrantsInstanceRef, IAccessGrantsLocationRef, IAccessPointRef, IBucketPolicyRef, IBucketRef, IMultiRegionAccessPointPolicyRef, IMultiRegionAccessPointRef, IStorageLensGroupRef, IStorageLensRef, MultiRegionAccessPointPolicyReference, MultiRegionAccessPointReference, StorageLensGroupReference, StorageLensReference } from "../../interfaces/generated/aws-s3-interfaces.generated"; /** * The AWS::S3::AccessPoint resource is an Amazon S3 resource type that you can use to access buckets. * * @cloudformationResource AWS::S3::AccessPoint * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html */ export declare class CfnAccessPoint extends cdk.CfnResource implements cdk.IInspectable, IAccessPointRef, cdk.ITaggableV2 { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME: string; /** * Build a CfnAccessPoint from CloudFormation properties * * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnAccessPoint; /** * Checks whether the given object is a CfnAccessPoint */ static isCfnAccessPoint(x: any): x is CfnAccessPoint; /** * Creates a new IAccessPointRef from an ARN */ static fromAccessPointArn(scope: constructs.Construct, id: string, arn: string): IAccessPointRef; /** * Creates a new IAccessPointRef from a accessPointName */ static fromAccessPointName(scope: constructs.Construct, id: string, accessPointName: string): IAccessPointRef; static arnForAccessPoint(resource: IAccessPointRef): string; /** * The name of the bucket associated with this access point. */ private _bucket; /** * The AWS account ID associated with the S3 bucket associated with this access point. */ private _bucketAccountId?; /** * Tag Manager which manages the tags for this resource */ readonly cdkTagManager: cdk.TagManager; /** * The name of this access point. */ private _name?; /** * The access point policy associated with this access point. */ private _policy?; /** * The PublicAccessBlock configuration that you want to apply to this Amazon S3 bucket. */ private _publicAccessBlockConfiguration?; /** * An array of tags that you can apply to access points. */ private _tags?; /** * The Virtual Private Cloud (VPC) configuration for this access point, if one exists. */ private _vpcConfiguration?; /** * Create a new `AWS::S3::AccessPoint`. * * @param scope Scope in which this resource is defined * @param id Construct identifier for this resource (unique in its scope) * @param props Resource properties */ constructor(scope: constructs.Construct, id: string, props: CfnAccessPointProps); get accessPointRef(): AccessPointReference; /** * The name of the bucket associated with this access point. */ get bucket(): string; /** * The name of the bucket associated with this access point. */ set bucket(value: string); /** * The AWS account ID associated with the S3 bucket associated with this access point. */ get bucketAccountId(): string | undefined; /** * The AWS account ID associated with the S3 bucket associated with this access point. */ set bucketAccountId(value: string | undefined); /** * The name of this access point. */ get name(): string | undefined; /** * The name of this access point. */ set name(value: string | undefined); /** * The access point policy associated with this access point. */ get policy(): any | cdk.IResolvable | undefined; /** * The access point policy associated with this access point. */ set policy(value: any | cdk.IResolvable | undefined); /** * The PublicAccessBlock configuration that you want to apply to this Amazon S3 bucket. */ get publicAccessBlockConfiguration(): cdk.IResolvable | CfnAccessPoint.PublicAccessBlockConfigurationProperty | undefined; /** * The PublicAccessBlock configuration that you want to apply to this Amazon S3 bucket. */ set publicAccessBlockConfiguration(value: cdk.IResolvable | CfnAccessPoint.PublicAccessBlockConfigurationProperty | undefined); /** * An array of tags that you can apply to access points. */ get tags(): Array<cdk.CfnTag> | undefined; /** * An array of tags that you can apply to access points. */ set tags(value: Array<cdk.CfnTag> | undefined); /** * The Virtual Private Cloud (VPC) configuration for this access point, if one exists. */ get vpcConfiguration(): cdk.IResolvable | CfnAccessPoint.VpcConfigurationProperty | undefined; /** * The Virtual Private Cloud (VPC) configuration for this access point, if one exists. */ set vpcConfiguration(value: cdk.IResolvable | CfnAccessPoint.VpcConfigurationProperty | undefined); /** * The alias for this access point. * * @cloudformationAttribute Alias */ get attrAlias(): string; /** * This property contains the details of the ARN for the access point. * * @cloudformationAttribute Arn */ get attrArn(): string; /** * The name of this access point. * * @cloudformationAttribute Name */ get attrName(): string; /** * Indicates whether this access point allows access from the internet. If `VpcConfiguration` is specified for this access point, then `NetworkOrigin` is `VPC` , and the access point doesn't allow access from the internet. Otherwise, `NetworkOrigin` is `Internet` , and the access point allows access from the internet, subject to the access point and bucket access policies. * * *Allowed values* : `VPC` | `Internet` * * @cloudformationAttribute NetworkOrigin */ get attrNetworkOrigin(): string; protected get cfnProperties(): Record<string, any>; /** * Examines the CloudFormation resource and discloses attributes * * @param inspector tree inspector to collect and process attributes */ inspect(inspector: cdk.TreeInspector): void; protected renderProperties(props: Record<string, any>): Record<string, any>; } export declare namespace CfnAccessPoint { /** * The PublicAccessBlock configuration that you want to apply to this Amazon S3 bucket. * * You can enable the configuration options in any combination. Bucket-level settings work alongside account-level settings (which may inherit from organization-level policies). For more information about when Amazon S3 considers a bucket or object public, see [The Meaning of "Public"](https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status) in the *Amazon S3 User Guide* . * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-accesspoint-publicaccessblockconfiguration.html */ interface PublicAccessBlockConfigurationProperty { /** * Specifies whether Amazon S3 should block public access control lists (ACLs) for this bucket and objects in this bucket. * * Setting this element to `TRUE` causes the following behavior: * * - PUT Bucket ACL and PUT Object ACL calls fail if the specified ACL is public. * - PUT Object calls fail if the request includes a public ACL. * - PUT Bucket calls fail if the request includes a public ACL. * * Enabling this setting doesn't affect existing policies or ACLs. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-accesspoint-publicaccessblockconfiguration.html#cfn-s3-accesspoint-publicaccessblockconfiguration-blockpublicacls */ readonly blockPublicAcls?: boolean | cdk.IResolvable; /** * Specifies whether Amazon S3 should block public bucket policies for this bucket. * * Setting this element to `TRUE` causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access. * * Enabling this setting doesn't affect existing bucket policies. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-accesspoint-publicaccessblockconfiguration.html#cfn-s3-accesspoint-publicaccessblockconfiguration-blockpublicpolicy */ readonly blockPublicPolicy?: boolean | cdk.IResolvable; /** * Specifies whether Amazon S3 should ignore public ACLs for this bucket and objects in this bucket. * * Setting this element to `TRUE` causes Amazon S3 to ignore all public ACLs on this bucket and objects in this bucket. * * Enabling this setting doesn't affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-accesspoint-publicaccessblockconfiguration.html#cfn-s3-accesspoint-publicaccessblockconfiguration-ignorepublicacls */ readonly ignorePublicAcls?: boolean | cdk.IResolvable; /** * Specifies whether Amazon S3 should restrict public bucket policies for this bucket. * * Setting this element to `TRUE` restricts access to this bucket to only AWS service principals and authorized users within this account if the bucket has a public policy. * * Enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-accesspoint-publicaccessblockconfiguration.html#cfn-s3-accesspoint-publicaccessblockconfiguration-restrictpublicbuckets */ readonly restrictPublicBuckets?: boolean | cdk.IResolvable; } /** * The Virtual Private Cloud (VPC) configuration for this access point. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-accesspoint-vpcconfiguration.html */ interface VpcConfigurationProperty { /** * If this field is specified, the access point will only allow connections from the specified VPC ID. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-accesspoint-vpcconfiguration.html#cfn-s3-accesspoint-vpcconfiguration-vpcid */ readonly vpcId?: string; } } /** * Properties for defining a `CfnAccessPoint` * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html */ export interface CfnAccessPointProps { /** * The name of the bucket associated with this access point. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html#cfn-s3-accesspoint-bucket */ readonly bucket: s3Refs.IBucketRef | string; /** * The AWS account ID associated with the S3 bucket associated with this access point. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html#cfn-s3-accesspoint-bucketaccountid */ readonly bucketAccountId?: string; /** * The name of this access point. * * If you don't specify a name, AWS CloudFormation generates a unique ID and uses that ID for the access point name. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html#cfn-s3-accesspoint-name */ readonly name?: string; /** * The access point policy associated with this access point. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html#cfn-s3-accesspoint-policy */ readonly policy?: any | cdk.IResolvable; /** * The PublicAccessBlock configuration that you want to apply to this Amazon S3 bucket. * * You can enable the configuration options in any combination. For more information about when Amazon S3 considers a bucket or object public, see [The Meaning of "Public"](https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status) in the *Amazon S3 User Guide* . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html#cfn-s3-accesspoint-publicaccessblockconfiguration */ readonly publicAccessBlockConfiguration?: cdk.IResolvable | CfnAccessPoint.PublicAccessBlockConfigurationProperty; /** * An array of tags that you can apply to access points. * * Tags are key-value pairs of metadata used to categorize your access points and control access. For more information, see [Using tags for attribute-based access control (ABAC)](https://docs.aws.amazon.com/AmazonS3/latest/userguide/tagging.html#using-tags-for-abac) . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html#cfn-s3-accesspoint-tags */ readonly tags?: Array<cdk.CfnTag>; /** * The Virtual Private Cloud (VPC) configuration for this access point, if one exists. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html#cfn-s3-accesspoint-vpcconfiguration */ readonly vpcConfiguration?: cdk.IResolvable | CfnAccessPoint.VpcConfigurationProperty; } /** * The `AWS::S3::Bucket` resource creates an Amazon S3 bucket in the same AWS Region where you create the AWS CloudFormation stack. * * To control how AWS CloudFormation handles the bucket when the stack is deleted, you can set a deletion policy for your bucket. You can choose to *retain* the bucket or to *delete* the bucket. For more information, see [DeletionPolicy Attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html) . * * > You can only delete empty buckets. Deletion fails for buckets that have contents. * * @cloudformationResource AWS::S3::Bucket * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-bucket.html */ export declare class CfnBucket extends cdk.CfnResource implements cdk.IInspectable, IBucketRef, cdk.ITaggable { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME: string; /** * Build a CfnBucket from CloudFormation properties * * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnBucket; /** * Checks whether the given object is a CfnBucket */ static isCfnBucket(x: any): x is CfnBucket; /** * Creates a new IBucketRef from an ARN */ static fromBucketArn(scope: constructs.Construct, id: string, arn: string): IBucketRef; /** * Creates a new IBucketRef from a bucketName */ static fromBucketName(scope: constructs.Construct, id: string, bucketName: string): IBucketRef; static arnForBucket(resource: IBucketRef): string; /** * The ABAC status of the general purpose bucket. */ private _abacStatus?; /** * Configures the transfer acceleration state for an Amazon S3 bucket. */ private _accelerateConfiguration?; /** * > This is a legacy property, and it is not recommended for most use cases. */ private _accessControl?; /** * Specifies the configuration and any analyses for the analytics filter of an Amazon S3 bucket. */ private _analyticsConfigurations?; /** * Specifies default encryption for a bucket using server-side encryption with Amazon S3-managed keys (SSE-S3), AWS KMS-managed keys (SSE-KMS), or dual-layer server-side encryption with KMS-managed keys (DSSE-KMS). */ private _bucketEncryption?; /** * A name for the bucket. */ private _bucketName?; private _bucketNamePrefix?; private _bucketNamespace?; /** * Describes the cross-origin access configuration for objects in an Amazon S3 bucket. */ private _corsConfiguration?; /** * Defines how Amazon S3 handles Intelligent-Tiering storage. */ private _intelligentTieringConfigurations?; /** * Specifies the S3 Inventory configuration for an Amazon S3 bucket. */ private _inventoryConfigurations?; /** * Specifies the lifecycle configuration for objects in an Amazon S3 bucket. */ private _lifecycleConfiguration?; /** * Settings that define where logs are stored. */ private _loggingConfiguration?; /** * The S3 Metadata configuration for a general purpose bucket. */ private _metadataConfiguration?; /** * The metadata table configuration of an Amazon S3 general purpose bucket. */ private _metadataTableConfiguration?; /** * Specifies a metrics configuration for the CloudWatch request metrics (specified by the metrics configuration ID) from an Amazon S3 bucket. */ private _metricsConfigurations?; /** * Configuration that defines how Amazon S3 handles bucket notifications. */ private _notificationConfiguration?; /** * > This operation is not supported for directory buckets. */ private _objectLockConfiguration?; /** * Indicates whether this bucket has an Object Lock configuration enabled. */ private _objectLockEnabled?; /** * Configuration that defines how Amazon S3 handles Object Ownership rules. */ private _ownershipControls?; /** * Configuration that defines how Amazon S3 handles public access. */ private _publicAccessBlockConfiguration?; /** * Configuration for replicating objects in an S3 bucket. */ private _replicationConfiguration?; /** * Tag Manager which manages the tags for this resource */ readonly tags: cdk.TagManager; /** * An arbitrary set of tags (key-value pairs) for this S3 bucket. */ private _tagsRaw?; /** * Enables multiple versions of all objects in this bucket. */ private _versioningConfiguration?; /** * Information used to configure the bucket as a static website. */ private _websiteConfiguration?; /** * Create a new `AWS::S3::Bucket`. * * @param scope Scope in which this resource is defined * @param id Construct identifier for this resource (unique in its scope) * @param props Resource properties */ constructor(scope: constructs.Construct, id: string, props?: CfnBucketProps); get bucketRef(): BucketReference; /** * The ABAC status of the general purpose bucket. */ get abacStatus(): string | undefined; /** * The ABAC status of the general purpose bucket. */ set abacStatus(value: string | undefined); /** * Configures the transfer acceleration state for an Amazon S3 bucket. */ get accelerateConfiguration(): CfnBucket.AccelerateConfigurationProperty | cdk.IResolvable | undefined; /** * Configures the transfer acceleration state for an Amazon S3 bucket. */ set accelerateConfiguration(value: CfnBucket.AccelerateConfigurationProperty | cdk.IResolvable | undefined); /** * > This is a legacy property, and it is not recommended for most use cases. */ get accessControl(): string | undefined; /** * > This is a legacy property, and it is not recommended for most use cases. */ set accessControl(value: string | undefined); /** * Specifies the configuration and any analyses for the analytics filter of an Amazon S3 bucket. */ get analyticsConfigurations(): Array<CfnBucket.AnalyticsConfigurationProperty | cdk.IResolvable> | cdk.IResolvable | undefined; /** * Specifies the configuration and any analyses for the analytics filter of an Amazon S3 bucket. */ set analyticsConfigurations(value: Array<CfnBucket.AnalyticsConfigurationProperty | cdk.IResolvable> | cdk.IResolvable | undefined); /** * Specifies default encryption for a bucket using server-side encryption with Amazon S3-managed keys (SSE-S3), AWS KMS-managed keys (SSE-KMS), or dual-layer server-side encryption with KMS-managed keys (DSSE-KMS). */ get bucketEncryption(): CfnBucket.BucketEncryptionProperty | cdk.IResolvable | undefined; /** * Specifies default encryption for a bucket using server-side encryption with Amazon S3-managed keys (SSE-S3), AWS KMS-managed keys (SSE-KMS), or dual-layer server-side encryption with KMS-managed keys (DSSE-KMS). */ set bucketEncryption(value: CfnBucket.BucketEncryptionProperty | cdk.IResolvable | undefined); /** * A name for the bucket. */ get bucketName(): string | undefined; /** * A name for the bucket. */ set bucketName(value: string | undefined); get bucketNamePrefix(): string | undefined; set bucketNamePrefix(value: string | undefined); get bucketNamespace(): string | undefined; set bucketNamespace(value: string | undefined); /** * Describes the cross-origin access configuration for objects in an Amazon S3 bucket. */ get corsConfiguration(): CfnBucket.CorsConfigurationProperty | cdk.IResolvable | undefined; /** * Describes the cross-origin access configuration for objects in an Amazon S3 bucket. */ set corsConfiguration(value: CfnBucket.CorsConfigurationProperty | cdk.IResolvable | undefined); /** * Defines how Amazon S3 handles Intelligent-Tiering storage. */ get intelligentTieringConfigurations(): Array<CfnBucket.IntelligentTieringConfigurationProperty | cdk.IResolvable> | cdk.IResolvable | undefined; /** * Defines how Amazon S3 handles Intelligent-Tiering storage. */ set intelligentTieringConfigurations(value: Array<CfnBucket.IntelligentTieringConfigurationProperty | cdk.IResolvable> | cdk.IResolvable | undefined); /** * Specifies the S3 Inventory configuration for an Amazon S3 bucket. */ get inventoryConfigurations(): Array<CfnBucket.InventoryConfigurationProperty | cdk.IResolvable> | cdk.IResolvable | undefined; /** * Specifies the S3 Inventory configuration for an Amazon S3 bucket. */ set inventoryConfigurations(value: Array<CfnBucket.InventoryConfigurationProperty | cdk.IResolvable> | cdk.IResolvable | undefined); /** * Specifies the lifecycle configuration for objects in an Amazon S3 bucket. */ get lifecycleConfiguration(): cdk.IResolvable | CfnBucket.LifecycleConfigurationProperty | undefined; /** * Specifies the lifecycle configuration for objects in an Amazon S3 bucket. */ set lifecycleConfiguration(value: cdk.IResolvable | CfnBucket.LifecycleConfigurationProperty | undefined); /** * Settings that define where logs are stored. */ get loggingConfiguration(): cdk.IResolvable | CfnBucket.LoggingConfigurationProperty | undefined; /** * Settings that define where logs are stored. */ set loggingConfiguration(value: cdk.IResolvable | CfnBucket.LoggingConfigurationProperty | undefined); /** * The S3 Metadata configuration for a general purpose bucket. */ get metadataConfiguration(): cdk.IResolvable | CfnBucket.MetadataConfigurationProperty | undefined; /** * The S3 Metadata configuration for a general purpose bucket. */ set metadataConfiguration(value: cdk.IResolvable | CfnBucket.MetadataConfigurationProperty | undefined); /** * The metadata table configuration of an Amazon S3 general purpose bucket. */ get metadataTableConfiguration(): cdk.IResolvable | CfnBucket.MetadataTableConfigurationProperty | undefined; /** * The metadata table configuration of an Amazon S3 general purpose bucket. */ set metadataTableConfiguration(value: cdk.IResolvable | CfnBucket.MetadataTableConfigurationProperty | undefined); /** * Specifies a metrics configuration for the CloudWatch request metrics (specified by the metrics configuration ID) from an Amazon S3 bucket. */ get metricsConfigurations(): Array<cdk.IResolvable | CfnBucket.MetricsConfigurationProperty> | cdk.IResolvable | undefined; /** * Specifies a metrics configuration for the CloudWatch request metrics (specified by the metrics configuration ID) from an Amazon S3 bucket. */ set metricsConfigurations(value: Array<cdk.IResolvable | CfnBucket.MetricsConfigurationProperty> | cdk.IResolvable | undefined); /** * Configuration that defines how Amazon S3 handles bucket notifications. */ get notificationConfiguration(): cdk.IResolvable | CfnBucket.NotificationConfigurationProperty | undefined; /** * Configuration that defines how Amazon S3 handles bucket notifications. */ set notificationConfiguration(value: cdk.IResolvable | CfnBucket.NotificationConfigurationProperty | undefined); /** * > This operation is not supported for directory buckets. */ get objectLockConfiguration(): cdk.IResolvable | CfnBucket.ObjectLockConfigurationProperty | undefined; /** * > This operation is not supported for directory buckets. */ set objectLockConfiguration(value: cdk.IResolvable | CfnBucket.ObjectLockConfigurationProperty | undefined); /** * Indicates whether this bucket has an Object Lock configuration enabled. */ get objectLockEnabled(): boolean | cdk.IResolvable | undefined; /** * Indicates whether this bucket has an Object Lock configuration enabled. */ set objectLockEnabled(value: boolean | cdk.IResolvable | undefined); /** * Configuration that defines how Amazon S3 handles Object Ownership rules. */ get ownershipControls(): cdk.IResolvable | CfnBucket.OwnershipControlsProperty | undefined; /** * Configuration that defines how Amazon S3 handles Object Ownership rules. */ set ownershipControls(value: cdk.IResolvable | CfnBucket.OwnershipControlsProperty | undefined); /** * Configuration that defines how Amazon S3 handles public access. */ get publicAccessBlockConfiguration(): cdk.IResolvable | CfnBucket.PublicAccessBlockConfigurationProperty | undefined; /** * Configuration that defines how Amazon S3 handles public access. */ set publicAccessBlockConfiguration(value: cdk.IResolvable | CfnBucket.PublicAccessBlockConfigurationProperty | undefined); /** * Configuration for replicating objects in an S3 bucket. */ get replicationConfiguration(): cdk.IResolvable | CfnBucket.ReplicationConfigurationProperty | undefined; /** * Configuration for replicating objects in an S3 bucket. */ set replicationConfiguration(value: cdk.IResolvable | CfnBucket.ReplicationConfigurationProperty | undefined); /** * An arbitrary set of tags (key-value pairs) for this S3 bucket. */ get tagsRaw(): Array<cdk.CfnTag> | undefined; /** * An arbitrary set of tags (key-value pairs) for this S3 bucket. */ set tagsRaw(value: Array<cdk.CfnTag> | undefined); /** * Enables multiple versions of all objects in this bucket. */ get versioningConfiguration(): cdk.IResolvable | CfnBucket.VersioningConfigurationProperty | undefined; /** * Enables multiple versions of all objects in this bucket. */ set versioningConfiguration(value: cdk.IResolvable | CfnBucket.VersioningConfigurationProperty | undefined); /** * Information used to configure the bucket as a static website. */ get websiteConfiguration(): cdk.IResolvable | CfnBucket.WebsiteConfigurationProperty | undefined; /** * Information used to configure the bucket as a static website. */ set websiteConfiguration(value: cdk.IResolvable | CfnBucket.WebsiteConfigurationProperty | undefined); /** * Returns the Amazon Resource Name (ARN) of the specified bucket. * * Example: `arn:aws:s3:::DOC-EXAMPLE-BUCKET` * * @cloudformationAttribute Arn */ get attrArn(): string; /** * Returns the IPv4 DNS name of the specified bucket. * * Example: `DOC-EXAMPLE-BUCKET.s3.amazonaws.com` * * @cloudformationAttribute DomainName */ get attrDomainName(): string; /** * Returns the IPv6 DNS name of the specified bucket. * * Example: `DOC-EXAMPLE-BUCKET.s3.dualstack.us-east-2.amazonaws.com` * * For more information about dual-stack endpoints, see [Using Amazon S3 Dual-Stack Endpoints](https://docs.aws.amazon.com/AmazonS3/latest/dev/dual-stack-endpoints.html) . * * @cloudformationAttribute DualStackDomainName */ get attrDualStackDomainName(): string; /** * The destination information for the S3 Metadata configuration. * * @cloudformationAttribute MetadataConfiguration.Destination */ get attrMetadataConfigurationDestination(): cdk.IResolvable; /** * The Amazon Resource Name (ARN) for the inventory table. * * @cloudformationAttribute MetadataConfiguration.InventoryTableConfiguration.TableArn */ get attrMetadataConfigurationInventoryTableConfigurationTableArn(): string; /** * The name of the inventory table. * * @cloudformationAttribute MetadataConfiguration.InventoryTableConfiguration.TableName */ get attrMetadataConfigurationInventoryTableConfigurationTableName(): string; /** * The Amazon Resource Name (ARN) for the journal table. * * @cloudformationAttribute MetadataConfiguration.JournalTableConfiguration.TableArn */ get attrMetadataConfigurationJournalTableConfigurationTableArn(): string; /** * The name of the journal table. * * @cloudformationAttribute MetadataConfiguration.JournalTableConfiguration.TableName */ get attrMetadataConfigurationJournalTableConfigurationTableName(): string; /** * The Amazon Resource Name (ARN) for the metadata table in the metadata table configuration. The specified metadata table name must be unique within the `aws_s3_metadata` namespace in the destination table bucket. * * @cloudformationAttribute MetadataTableConfiguration.S3TablesDestination.TableArn */ get attrMetadataTableConfigurationS3TablesDestinationTableArn(): string; /** * The table bucket namespace for the metadata table in your metadata table configuration. This value is always `aws_s3_metadata` . * * @cloudformationAttribute MetadataTableConfiguration.S3TablesDestination.TableNamespace */ get attrMetadataTableConfigurationS3TablesDestinationTableNamespace(): string; /** * Returns the regional domain name of the specified bucket. * * Example: `DOC-EXAMPLE-BUCKET.s3.us-east-2.amazonaws.com` * * @cloudformationAttribute RegionalDomainName */ get attrRegionalDomainName(): string; /** * Returns the Amazon S3 website endpoint for the specified bucket. * * Example (IPv4): `http://DOC-EXAMPLE-BUCKET.s3-website.us-east-2.amazonaws.com` * * Example (IPv6): `http://DOC-EXAMPLE-BUCKET.s3.dualstack.us-east-2.amazonaws.com` * * @cloudformationAttribute WebsiteURL */ get attrWebsiteUrl(): string; protected get cfnProperties(): Record<string, any>; /** * Examines the CloudFormation resource and discloses attributes * * @param inspector tree inspector to collect and process attributes */ inspect(inspector: cdk.TreeInspector): void; protected renderProperties(props: Record<string, any>): Record<string, any>; } export declare namespace CfnBucket { /** * Configures the transfer acceleration state for an Amazon S3 bucket. * * For more information, see [Amazon S3 Transfer Acceleration](https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html) in the *Amazon S3 User Guide* . * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-accelerateconfiguration.html */ interface AccelerateConfigurationProperty { /** * Specifies the transfer acceleration status of the bucket. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-accelerateconfiguration.html#cfn-s3-bucket-accelerateconfiguration-accelerationstatus */ readonly accelerationStatus: string; } /** * Specifies the configuration and any analyses for the analytics filter of an Amazon S3 bucket. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-analyticsconfiguration.html */ interface AnalyticsConfigurationProperty { /** * The ID that identifies the analytics configuration. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-analyticsconfiguration.html#cfn-s3-bucket-analyticsconfiguration-id */ readonly id: string; /** * The prefix that an object must have to be included in the analytics results. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-analyticsconfiguration.html#cfn-s3-bucket-analyticsconfiguration-prefix */ readonly prefix?: string; /** * Contains data related to access patterns to be collected and made available to analyze the tradeoffs between different storage classes. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-analyticsconfiguration.html#cfn-s3-bucket-analyticsconfiguration-storageclassanalysis */ readonly storageClassAnalysis: cdk.IResolvable | CfnBucket.StorageClassAnalysisProperty; /** * The tags to use when evaluating an analytics filter. * * The analytics only includes objects that meet the filter's criteria. If no filter is specified, all of the contents of the bucket are included in the analysis. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-analyticsconfiguration.html#cfn-s3-bucket-analyticsconfiguration-tagfilters */ readonly tagFilters?: Array<cdk.IResolvable | CfnBucket.TagFilterProperty> | cdk.IResolvable; } /** * Specifies data related to access patterns to be collected and made available to analyze the tradeoffs between different storage classes for an Amazon S3 bucket. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-storageclassanalysis.html */ interface StorageClassAnalysisProperty { /** * Specifies how data related to the storage class analysis for an Amazon S3 bucket should be exported. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-storageclassanalysis.html#cfn-s3-bucket-storageclassanalysis-dataexport */ readonly dataExport?: CfnBucket.DataExportProperty | cdk.IResolvable; } /** * Specifies how data related to the storage class analysis for an Amazon S3 bucket should be exported. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-dataexport.html */ interface DataExportProperty { /** * The place to store the data for an analysis. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-dataexport.html#cfn-s3-bucket-dataexport-destination */ readonly destination: CfnBucket.DestinationProperty | cdk.IResolvable; /** * The version of the output schema to use when exporting data. * * Must be `V_1` . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-dataexport.html#cfn-s3-bucket-dataexport-outputschemaversion */ readonly outputSchemaVersion: string; } /** * Specifies information about where to publish analysis or configuration results for an Amazon S3 bucket. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-destination.html */ interface DestinationProperty { /** * The account ID that owns the destination S3 bucket. * * If no account ID is provided, the owner is not validated before exporting data. * * > Although this value is optional, we strongly recommend that you set it to help prevent problems if the destination bucket ownership changes. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-destination.html#cfn-s3-bucket-destination-bucketaccountid */ readonly bucketAccountId?: string; /** * The Amazon Resource Name (ARN) of the bucket to which data is exported. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-destination.html#cfn-s3-bucket-destination-bucketarn */ readonly bucketArn: string; /** * Specifies the file format used when exporting data to Amazon S3. * * *Allowed values* : `CSV` | `ORC` | `Parquet` * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-destination.html#cfn-s3-bucket-destination-format */ readonly format: string; /** * The prefix to use when exporting data. * * The prefix is prepended to all results. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-destination.html#cfn-s3-bucket-destination-prefix */ readonly prefix?: string; } /** * Specifies tags to use to identify a subset of objects for an Amazon S3 bucket. * * For more information, see [Categorizing your storage using tags](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-tagging.html) in the *Amazon Simple Storage Service User Guide* . * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-tagfilter.html */ interface TagFilterProperty { /** * The tag key. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-tagfilter.html#cfn-s3-bucket-tagfilter-key */ readonly key: string; /** * The tag value. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-tagfilter.html#cfn-s3-bucket-tagfilter-value */ readonly value: string; } /** * Specifies default encryption for a bucket using server-side encryption with Amazon S3-managed keys (SSE-S3), AWS KMS-managed keys (SSE-KMS), or dual-layer server-side encryption with KMS-managed keys (DSSE-KMS). * * For information about the Amazon S3 default encryption feature, see [Amazon S3 Default Encryption for S3 Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) in the *Amazon S3 User Guide* . * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-bucketencryption.html */ interface BucketEncryptionProperty { /** * Specifies the default server-side-encryption configuration. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-bucketencryption.html#cfn-s3-bucket-bucketencryption-serversideencryptionconfiguration */ readonly serverSideEncryptionConfiguration: Array<cdk.IResolvable | CfnBucket.ServerSideEncryptionRuleProperty> | cdk.IResolvable; } /** * Specifies the default server-side encryption configuration. * * > - *General purpose buckets* - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then AWS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. * > - *Directory buckets* - When you specify an [AWS customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-serversideencryptionrule.html */ interface ServerSideEncryptionRuleProperty { /** * A bucket-level setting for Amazon S3 general purpose buckets used to prevent the upload of new objects encrypted with the specified server-side encryption type. * * For example, blocking an encryption type will block `PutObject` , `CopyObject` , `PostObject` , multipart upload, and replication requests to the bucket for objects with the specified encryption type. However, you can continue to read and list any pre-existing objects already encrypted with the specified encryption type. For more information, see [Blocking or unblocking SSE-C for a general purpose bucket](https://docs.aws.amazon.com/AmazonS3/latest/userguide/blocking-unblocking-s3-c-encryption-gpb.html) . * * > Currently, this parameter only supports blocking or unblocking server-side encryption with customer-provided keys (SSE-C). For more information about SSE-C, see [Using server-side encryption with customer-provided keys (SSE-C)](https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html) . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-serversideencryptionrule.html#cfn-s3-bucket-serversideencryptionrule-blockedencryptiontypes */ readonly blockedEncryptionTypes?: CfnBucket.BlockedEncryptionTypesProperty | cdk.IResolvable; /** * Specifies whether Amazon S3 should use an S3 Bucket Key with server-side encryption using KMS (SSE-KMS) for new objects in the bucket. * * Existing objects are not affected. Setting the `BucketKeyEnabled` element to `true` causes Amazon S3 to use an S3 Bucket Key. By default, S3 Bucket Key is not enabled. * * For more information, see [Amazon S3 Bucket Keys](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html) in the *Amazon S3 User Guide* . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-serversideencryptionrule.html#cfn-s3-bucket-serversideencryptionrule-bucketkeyenabled */ readonly bucketKeyEnabled?: boolean | cdk.IResolvable; /** * Specifies the default server-side encryption to apply to new objects in the bucket. * * If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-serversideencryptionrule.html#cfn-s3-bucket-serversideencryptionrule-serversideencryptionbydefault */ readonly serverSideEncryptionByDefault?: cdk.IResolvable | CfnBucket.ServerSideEncryptionByDefaultProperty; } /** * Describes the default server-side encryption to apply to new objects in the bucket. * * If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. For more information, see [PutBucketEncryption](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html) . * * > - *General purpose buckets* - If you don't specify a customer managed key at configuration, Amazon S3 automatically creates an AWS KMS key ( `aws/s3` ) in your AWS account the first time that you add an object encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS. * > - *Directory buckets* - Your SSE-KMS configuration can only support 1 [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) per directory bucket's lifetime. The [AWS managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk) ( `aws/s3` ) isn't supported. * > - *Directory buckets* - For directory buckets, there are only two supported options for server-side encryption: SSE-S3 and SSE-KMS. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-serversideencryptionbydefault.html */ interface ServerSideEncryptionByDefaultProperty { /** * AWS Key Management Service (KMS) customer managed key ID to use for the default encryption. * * > - *General purpose buckets* - This parameter is allowed if and only if `SSEAlgorithm` is set to `aws:kms` or `aws:kms:dsse` . * > - *Directory buckets* - This parameter is allowed if and only if `SSEAlgorithm` is set to `aws:kms` . * * You can specify the key ID, key alias, or the Amazon Resource Name (ARN) of the KMS key. * * - Key ID: `1234abcd-12ab-34cd-56ef-1234567890ab` * - Key ARN: `arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab` * - Key Alias: `alias/alias-name` * * If you are using encryption with cross-account or AWS service operations, you must use a fully qualified KMS key ARN. For more information, see [Using encryption for cross-account operations](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy) . * * > - *General purpose buckets* - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then AWS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. Also, if you use a key ID, you can run into a LogDestination undeliverable error when creating a VPC flow log. * > - *Directory buckets* - When you specify an [AWS customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported. > Amazon S3 only supports symmetric encryption KMS keys. For more information, see [Asymmetric keys in AWS KMS](https://docs.aws.amazon.com//kms/latest/developerguide/symmetric-asymmetric.html) in the *AWS Key Management Service Developer Guide* . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-serversideencryptionbydefault.html#cfn-s3-bucket-serversideencryptionbydefault-kmsmasterkeyid */ readonly kmsMasterKeyId?: string; /** * Server-side encryption algorithm to use for the default encryption. * * > For directory buckets, there are only two supported values for server-side encryption: `AES256` and `aws:kms` . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-serversideencryptionbydefault.html#cfn-s3-bucket-serversideencryptionbydefault-ssealgorithm */ readonly sseAlgorithm: string; } /** *