enum ObjectOwnership
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.S3.ObjectOwnership |
 Go | github.com/aws/aws-cdk-go/awscdk/v2/awss3#ObjectOwnership |
 Java | software.amazon.awscdk.services.s3.ObjectOwnership |
 Python | aws_cdk.aws_s3.ObjectOwnership |
 TypeScript (source) | aws-cdk-lib » aws_s3 » ObjectOwnership |
The ObjectOwnership of the bucket.
See also: https://docs.aws.amazon.com/AmazonS3/latest/dev/about-object-ownership.html
Example
const accessLogsBucket = new s3.Bucket(this, 'AccessLogsBucket', {
objectOwnership: s3.ObjectOwnership.BUCKET_OWNER_ENFORCED,
});
accessLogsBucket.addToResourcePolicy(
new iam.PolicyStatement({
actions: ['s3:*'],
resources: [accessLogsBucket.bucketArn, accessLogsBucket.arnForObjects('*')],
principals: [new iam.AnyPrincipal()],
})
)
const bucket = new s3.Bucket(this, 'MyBucket', {
serverAccessLogsBucket: accessLogsBucket,
serverAccessLogsPrefix: 'logs',
});
Members
| Name | Description |
|---|---|
| BUCKET_OWNER_ENFORCED | ACLs are disabled, and the bucket owner automatically owns and has full control over every object in the bucket. |
| BUCKET_OWNER_PREFERRED | The bucket owner will own the object if the object is uploaded with the bucket-owner-full-control canned ACL. |
| OBJECT_WRITER | The uploading account will own the object. |
BUCKET_OWNER_ENFORCED
ACLs are disabled, and the bucket owner automatically owns and has full control over every object in the bucket.
ACLs no longer affect permissions to data in the S3 bucket. The bucket uses policies to define access control.
BUCKET_OWNER_PREFERRED
The bucket owner will own the object if the object is uploaded with the bucket-owner-full-control canned ACL.
Without this setting and canned ACL, the object is uploaded and remains owned by the uploading account.
OBJECT_WRITER
The uploading account will own the object.