enum BucketAccessControl
Language | Type name |
---|---|
![]() | Amazon.CDK.AWS.S3.BucketAccessControl |
![]() | github.com/aws/aws-cdk-go/awscdk/v2/awss3#BucketAccessControl |
![]() | software.amazon.awscdk.services.s3.BucketAccessControl |
![]() | aws_cdk.aws_s3.BucketAccessControl |
![]() | aws-cdk-lib » aws_s3 » BucketAccessControl |
Default bucket access control types.
See also: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html
Example
const websiteBucket = new s3.Bucket(this, 'WebsiteBucket', {
websiteIndexDocument: 'index.html',
publicReadAccess: true,
});
new s3deploy.BucketDeployment(this, 'DeployWebsite', {
sources: [s3deploy.Source.asset('./website-dist')],
destinationBucket: websiteBucket,
destinationKeyPrefix: 'web/static', // optional prefix in destination bucket
metadata: { A: "1", b: "2" }, // user-defined metadata
// system-defined metadata
contentType: "text/html",
contentLanguage: "en",
storageClass: s3deploy.StorageClass.INTELLIGENT_TIERING,
serverSideEncryption: s3deploy.ServerSideEncryption.AES_256,
cacheControl: [
s3deploy.CacheControl.setPublic(),
s3deploy.CacheControl.maxAge(Duration.hours(1)),
],
accessControl: s3.BucketAccessControl.BUCKET_OWNER_FULL_CONTROL,
});
Members
Name | Description |
---|---|
PRIVATE | Owner gets FULL_CONTROL. |
PUBLIC_READ | Owner gets FULL_CONTROL. |
PUBLIC_READ_WRITE | Owner gets FULL_CONTROL. |
AUTHENTICATED_READ | Owner gets FULL_CONTROL. |
LOG_DELIVERY_WRITE | The LogDelivery group gets WRITE and READ_ACP permissions on the bucket. |
BUCKET_OWNER_READ | Object owner gets FULL_CONTROL. |
BUCKET_OWNER_FULL_CONTROL | Both the object owner and the bucket owner get FULL_CONTROL over the object. |
AWS_EXEC_READ | Owner gets FULL_CONTROL. |
PRIVATE
Owner gets FULL_CONTROL.
No one else has access rights.
PUBLIC_READ
Owner gets FULL_CONTROL.
The AllUsers group gets READ access.
PUBLIC_READ_WRITE
Owner gets FULL_CONTROL.
The AllUsers group gets READ and WRITE access. Granting this on a bucket is generally not recommended.
AUTHENTICATED_READ
Owner gets FULL_CONTROL.
The AuthenticatedUsers group gets READ access.
LOG_DELIVERY_WRITE
The LogDelivery group gets WRITE and READ_ACP permissions on the bucket.
See also: https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerLogs.html
BUCKET_OWNER_READ
Object owner gets FULL_CONTROL.
Bucket owner gets READ access. If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.
BUCKET_OWNER_FULL_CONTROL
Both the object owner and the bucket owner get FULL_CONTROL over the object.
If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.
AWS_EXEC_READ
Owner gets FULL_CONTROL.
Amazon EC2 gets READ access to GET an Amazon Machine Image (AMI) bundle from Amazon S3.