CDK Constructs for AWS S3
Project description
Amazon S3 Construct Library
---Define an unencrypted S3 bucket.
# Example automatically generated. See https://github.com/aws/jsii/issues/826
Bucket(self, "MyFirstBucket")
Bucket
constructs expose the following deploy-time attributes:
bucketArn
- the ARN of the bucket (i.e.arn:aws:s3:::bucket_name
)bucketName
- the name of the bucket (i.e.bucket_name
)bucketWebsiteUrl
- the Website URL of the bucket (i.e.http://bucket_name.s3-website-us-west-1.amazonaws.com
)bucketDomainName
- the URL of the bucket (i.e.bucket_name.s3.amazonaws.com
)bucketDualStackDomainName
- the dual-stack URL of the bucket (i.e.bucket_name.s3.dualstack.eu-west-1.amazonaws.com
)bucketRegionalDomainName
- the regional URL of the bucket (i.e.bucket_name.s3.eu-west-1.amazonaws.com
)arnForObjects(pattern)
- the ARN of an object or objects within the bucket (i.e.arn:aws:s3:::bucket_name/exampleobject.png
orarn:aws:s3:::bucket_name/Development/*
)urlForObject(key)
- the URL of an object within the bucket (i.e.https://s3.cn-north-1.amazonaws.com.cn/china-bucket/mykey
)
Encryption
Define a KMS-encrypted bucket:
# Example automatically generated. See https://github.com/aws/jsii/issues/826
bucket = Bucket(self, "MyUnencryptedBucket",
encryption=BucketEncryption.KMS
)
# you can access the encryption key:
assert(bucket.encryption_key instanceof kms.Key)
You can also supply your own key:
# Example automatically generated. See https://github.com/aws/jsii/issues/826
my_kms_key = kms.Key(self, "MyKey")
bucket = Bucket(self, "MyEncryptedBucket",
encryption=BucketEncryption.KMS,
encryption_key=my_kms_key
)
assert(bucket.encryption_key === my_kms_key)
Use BucketEncryption.ManagedKms
to use the S3 master KMS key:
# Example automatically generated. See https://github.com/aws/jsii/issues/826
bucket = Bucket(self, "Buck",
encryption=BucketEncryption.KMS_MANAGED
)
assert(bucket.encryption_key == null)
Permissions
A bucket policy will be automatically created for the bucket upon the first call to
addToResourcePolicy(statement)
:
# Example automatically generated. See https://github.com/aws/jsii/issues/826
bucket = Bucket(self, "MyBucket")
bucket.add_to_resource_policy(iam.PolicyStatement(
actions=["s3:GetObject"],
resources=[bucket.arn_for_objects("file.txt")],
principals=[iam.AccountRootPrincipal()]
))
Most of the time, you won't have to manipulate the bucket policy directly. Instead, buckets have "grant" methods called to give prepackaged sets of permissions to other resources. For example:
# Example automatically generated. See https://github.com/aws/jsii/issues/826
lambda = lambda.Function(self, "Lambda")
bucket = Bucket(self, "MyBucket")
bucket.grant_read_write(lambda)
Will give the Lambda's execution role permissions to read and write from the bucket.
Sharing buckets between stacks
To use a bucket in a different stack in the same CDK application, pass the object to the other stack:
# Example automatically generated. See https://github.com/aws/jsii/issues/826
#
# Stack that defines the bucket
#
class Producer(cdk.Stack):
def __init__(self, scope, id, *, description=None, env=None, stackName=None, tags=None):
super().__init__(scope, id, description=description, env=env, stackName=stackName, tags=tags)
bucket = s3.Bucket(self, "MyBucket",
removal_policy=cdk.RemovalPolicy.DESTROY
)
self.my_bucket = bucket
#
# Stack that consumes the bucket
#
class Consumer(cdk.Stack):
def __init__(self, scope, id, *, userBucket, description=None, env=None, stackName=None, tags=None):
super().__init__(scope, id, userBucket=userBucket, description=description, env=env, stackName=stackName, tags=tags)
user = iam.User(self, "MyUser")
user_bucket.grant_read_write(user)
producer = Producer(app, "ProducerStack")
Consumer(app, "ConsumerStack", user_bucket=producer.my_bucket)
Importing existing buckets
To import an existing bucket into your CDK application, use the Bucket.fromBucketAttributes
factory method. This method accepts BucketAttributes
which describes the properties of an already
existing bucket:
# Example automatically generated. See https://github.com/aws/jsii/issues/826
bucket = Bucket.from_bucket_attributes(self, "ImportedBucket",
bucket_arn="arn:aws:s3:::my-bucket"
)
# now you can just call methods on the bucket
bucket.grant_read_write(user)
Alternatively, short-hand factories are available as Bucket.fromBucketName
and
Bucket.fromBucketArn
, which will derive all bucket attributes from the bucket
name or ARN respectively:
# Example automatically generated. See https://github.com/aws/jsii/issues/826
by_name = Bucket.from_bucket_name(self, "BucketByName", "my-bucket")
by_arn = Bucket.from_bucket_arn(self, "BucketByArn", "arn:aws:s3:::my-bucket")
Bucket Notifications
The Amazon S3 notification feature enables you to receive notifications when certain events happen in your bucket as described under S3 Bucket Notifications of the S3 Developer Guide.
To subscribe for bucket notifications, use the bucket.addEventNotification
method. The
bucket.addObjectCreatedNotification
and bucket.addObjectRemovedNotification
can also be used for
these common use cases.
The following example will subscribe an SNS topic to be notified of all s3:ObjectCreated:*
events:
# Example automatically generated. See https://github.com/aws/jsii/issues/826
import aws_cdk.aws_s3_notifications as s3n
my_topic = sns.Topic(self, "MyTopic")
bucket.add_event_notification(s3.EventType.OBJECT_CREATED, s3n.SnsDestination(topic))
This call will also ensure that the topic policy can accept notifications for this specific bucket.
Supported S3 notification targets are exposed by the @aws-cdk/aws-s3-notifications
package.
It is also possible to specify S3 object key filters when subscribing. The
following example will notify myQueue
when objects prefixed with foo/
and
have the .jpg
suffix are removed from the bucket.
# Example automatically generated. See https://github.com/aws/jsii/issues/826
bucket.add_event_notification(s3.EventType.OBJECT_REMOVED,
s3n.SqsDestination(my_queue), prefix="foo/", suffix=".jpg")
Block Public Access
Use blockPublicAccess
to specify block public access settings on the bucket.
Enable all block public access settings:
# Example automatically generated. See https://github.com/aws/jsii/issues/826
bucket = Bucket(self, "MyBlockedBucket",
block_public_access=BlockPublicAccess.BLOCK_ALL
)
Block and ignore public ACLs:
# Example automatically generated. See https://github.com/aws/jsii/issues/826
bucket = Bucket(self, "MyBlockedBucket",
block_public_access=BlockPublicAccess.BLOCK_ACLS
)
Alternatively, specify the settings manually:
# Example automatically generated. See https://github.com/aws/jsii/issues/826
bucket = Bucket(self, "MyBlockedBucket",
block_public_access=BlockPublicAccess(block_public_policy=True)
)
When blockPublicPolicy
is set to true
, grantPublicRead()
throws an error.
Website redirection
You can use the two following properties to specify the bucket redirection policy. Please note that these methods cannot both be applied to the same bucket.
Static redirection
You can statically redirect a to a given Bucket URL or any other host name with websiteRedirect
:
# Example automatically generated. See https://github.com/aws/jsii/issues/826
bucket = Bucket(self, "MyRedirectedBucket",
website_redirect={"host_name": "www.example.com"}
)
Routing rules
Alternatively, you can also define multiple websiteRoutingRules
, to define complex, conditional redirections:
# Example automatically generated. See https://github.com/aws/jsii/issues/826
bucket = Bucket(self, "MyRedirectedBucket",
website_routing_rules=[{
"host_name": "www.example.com",
"http_redirect_code": "302",
"protocol": RedirectProtocol.HTTPS,
"replace_key": ReplaceKey.prefix_with("test/"),
"condition": {
"http_error_code_returned_equals": "200",
"key_prefix_equals": "prefix"
}
}]
)
Filling the bucket as part of deployment
To put files into a bucket as part of a deployment (for example, to host a
website), see the @aws-cdk/aws-s3-deployment
package, which provides a
resource that can do just that.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file aws-cdk.aws-s3-1.19.0.tar.gz
.
File metadata
- Download URL: aws-cdk.aws-s3-1.19.0.tar.gz
- Upload date:
- Size: 238.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.1.1 pkginfo/1.5.0.1 requests/2.22.0 setuptools/39.0.1 requests-toolbelt/0.9.1 tqdm/4.40.2 CPython/3.6.5
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 8731ff4edad957cb9345fc117697a5a4099ba111631a5cd9fa277bf88cf23d9e |
|
MD5 | b25f7995d7d94ad1d7a7ee3c4cb78d27 |
|
BLAKE2b-256 | a739487962f87bd7ec215ac1c2e7b4a4e98659e9538fa1a51f51e34f8b9dc11a |
File details
Details for the file aws_cdk.aws_s3-1.19.0-py3-none-any.whl
.
File metadata
- Download URL: aws_cdk.aws_s3-1.19.0-py3-none-any.whl
- Upload date:
- Size: 236.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.1.1 pkginfo/1.5.0.1 requests/2.22.0 setuptools/39.0.1 requests-toolbelt/0.9.1 tqdm/4.40.2 CPython/3.6.5
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | e94bb5117be6407b388df42b379bce75e5a73cd7f6e4b799dcab4442af8df721 |
|
MD5 | 686880f91fa73325541fa129dcc14d30 |
|
BLAKE2b-256 | c7c15499308c9fb5ca046b01e52171bf8159cb190f98c50d9b09aa8c2c56f3eb |