Optional
Readonly
accessBucketAccessControl.PRIVATE
Optional
Readonly
autoWhether all objects should be automatically deleted when the bucket is removed from the stack or when the stack is deleted.
Requires the removalPolicy
to be set to RemovalPolicy.DESTROY
.
Warning if you have deployed a bucket with autoDeleteObjects: true
,
switching this to false
in a CDK version before 1.126.0
will lead to
all objects in the bucket being deleted. Be sure to update your bucket resources
by deploying with CDK version 1.126.0
or later before switching this value to false
.
false
Optional
Readonly
blockThe block public access configuration of this bucket.
https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html
- CloudFormation defaults will apply. New buckets and objects don't allow public access, but users can modify bucket policies or object permissions to allow public access
Optional
Readonly
bucketWhether Amazon S3 should use its own intermediary key to generate data keys.
Only relevant when using KMS for encryption.
Only relevant, when Encryption is set to BucketEncryption.KMS
or BucketEncryption.KMS_MANAGED
.
- false
Optional
Readonly
bucketPhysical name of this bucket.
- Assigned by CloudFormation (recommended).
Optional
Readonly
corsThe CORS configuration of this bucket.
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-cors.html
- No CORS configuration.
Optional
Readonly
encryptionThe kind of server-side encryption to apply to this bucket.
If you choose KMS, you can specify a KMS key via encryptionKey
. If
encryption key is not specified, a key will automatically be created.
KMS
if encryptionKey
is specified, or UNENCRYPTED
otherwise.
But if UNENCRYPTED
is specified, the bucket will be encrypted as S3_MANAGED
automatically.Optional
Readonly
encryptionExternal KMS key to use for bucket encryption.
The encryption
property must be either not specified or set to KMS
or DSSE
.
An error will be emitted if encryption
is set to UNENCRYPTED
or S3_MANAGED
.
encryption
is set to KMS
and this property is undefined,
a new KMS key will be created and associated with this bucket.Optional
Readonly
enforceSSLEnforces SSL for requests. S3.5 of the AWS Foundational Security Best Practices Regarding S3.
Optional
Readonly
eventWhether this bucket should send notifications to Amazon EventBridge or not.
false
Optional
Readonly
intelligentInteligent Tiering Configurations
https://docs.aws.amazon.com/AmazonS3/latest/userguide/intelligent-tiering.html
No Intelligent Tiiering Configurations.
Optional
Readonly
inventoriesThe inventory configuration of the bucket.
https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-inventory.html
- No inventory configuration
Optional
Readonly
lifecycleRules that define how Amazon S3 manages objects during their lifetime.
- No lifecycle rules.
Optional
Readonly
metricsThe metrics configuration of this bucket.
- No metrics configuration.
Optional
Readonly
minimumTLSVersionEnforces minimum TLS version for requests.
Requires enforceSSL
to be enabled.
No minimum TLS version is enforced.
Optional
Readonly
notificationsThe role to be used by the notifications handler
- a new role will be created.
Optional
Readonly
objectThe default retention mode and rules for S3 Object Lock.
Default retention can be configured after a bucket is created if the bucket already has object lock enabled. Enabling object lock for existing buckets is not supported.
no default retention period
Optional
Readonly
objectEnable object lock on the bucket.
Enabling object lock for existing buckets is not supported. Object lock must be enabled when the bucket is created.
false, unless objectLockDefaultRetention is set (then, true)
Optional
Readonly
objectThe objectOwnership of the bucket.
https://docs.aws.amazon.com/AmazonS3/latest/dev/about-object-ownership.html
- No ObjectOwnership configuration, uploading account will own the object.
Optional
Readonly
publicGrants public read access to all objects in the bucket.
Similar to calling bucket.grantPublicAccess()
false
Optional
Readonly
serverDestination bucket for the server access logs.
- If "serverAccessLogsPrefix" undefined - access logs disabled, otherwise - log to current bucket.
Optional
Readonly
serverOptional log file prefix to use for the bucket's access logs. If defined without "serverAccessLogsBucket", enables access logs to current bucket with this prefix.
- No log file prefix
Optional
Readonly
targetOptional key format for log objects.
- the default key format is: [DestinationPrefix][YYYY]-[MM]-[DD]-[hh]-[mm]-[ss]-[UniqueString]
Optional
Readonly
transferWhether this bucket should have transfer acceleration turned on or not.
false
Optional
Readonly
versionedWhether this bucket should have versioning turned on or not.
false (unless object lock is enabled, then true)
Optional
Readonly
websiteThe name of the error document (e.g. "404.html") for the website.
websiteIndexDocument
must also be set if this is set.
- No error document.
Optional
Readonly
websiteThe name of the index document (e.g. "index.html") for the website. Enables static website hosting for this bucket.
- No index document.
Optional
Readonly
websiteSpecifies the redirect behavior of all requests to a website endpoint of a bucket.
If you specify this property, you can't specify "websiteIndexDocument", "websiteErrorDocument" nor , "websiteRoutingRules".
- No redirection.
Optional
Readonly
websiteRules that define when a redirect is applied and the redirect behavior
- No redirection rules.
Specifies a canned ACL that grants predefined permissions to the bucket.