Package software.amazon.awscdk.services.s3

Class CfnAccessGrant

java.lang.Object
software.amazon.jsii.JsiiObject
software.constructs.Construct
software.amazon.awscdk.CfnElement
software.amazon.awscdk.CfnRefElement
software.amazon.awscdk.CfnResource
software.amazon.awscdk.services.s3.CfnAccessGrant
All Implemented Interfaces:
IInspectable, ITaggableV2, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct, software.constructs.IDependable
@Generated(value="jsii-pacmak/1.101.0 (build b95fe5d)", date="2024-07-12T19:34:09.057Z") @Stability(Stable) public class CfnAccessGrant extends CfnResource implements IInspectable, ITaggableV2
The AWS::S3::AccessGrant resource creates an access grant that gives a grantee access to your S3 data.

The grantee can be an IAM user or role or a directory user, or group. Before you can create a grant, you must have an S3 Access Grants instance in the same Region as the S3 data. You can create an S3 Access Grants instance using the AWS::S3::AccessGrantsInstance . You must also have registered at least one S3 data location in your S3 Access Grants instance using AWS::S3::AccessGrantsLocation .

  • Permissions - You must have the s3:CreateAccessGrant permission to use this resource.
  • Additional Permissions - For any directory identity - sso:DescribeInstance and sso:DescribeApplication

For directory users - identitystore:DescribeUser

For directory groups - identitystore:DescribeGroup

Example: 

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.s3.*;
 CfnAccessGrant cfnAccessGrant = CfnAccessGrant.Builder.create(this, "MyCfnAccessGrant")
         .accessGrantsLocationId("accessGrantsLocationId")
         .grantee(GranteeProperty.builder()
                 .granteeIdentifier("granteeIdentifier")
                 .granteeType("granteeType")
                 .build())
         .permission("permission")
         // the properties below are optional
         .accessGrantsLocationConfiguration(AccessGrantsLocationConfigurationProperty.builder()
                 .s3SubPrefix("s3SubPrefix")
                 .build())
         .applicationArn("applicationArn")
         .s3PrefixType("s3PrefixType")
         .tags(List.of(CfnTag.builder()
                 .key("key")
                 .value("value")
                 .build()))
         .build();

See Also:

  • Field Details

    • CFN_RESOURCE_TYPE_NAME

      @Stability(Stable) public static final String CFN_RESOURCE_TYPE_NAME
      The CloudFormation resource type name for this resource class.

  • Constructor Details

    • CfnAccessGrant

      protected CfnAccessGrant(software.amazon.jsii.JsiiObjectRef objRef)

    • CfnAccessGrant

      protected CfnAccessGrant(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

    • CfnAccessGrant

      @Stability(Stable) public CfnAccessGrant(@NotNull software.constructs.Construct scope, @NotNull String id, @NotNull CfnAccessGrantProps props)
      Parameters:
      scope - Scope in which this resource is defined. This parameter is required.
      id - Construct identifier for this resource (unique in its scope). This parameter is required.
      props - Resource properties. This parameter is required.

  • Method Details

    • inspect

      @Stability(Stable) public void inspect(@NotNull TreeInspector inspector)
      Examines the CloudFormation resource and discloses attributes.

      Specified by:
      inspect in interface IInspectable
      Parameters:
      inspector - tree inspector to collect and process attributes. This parameter is required.

    • renderProperties

      @Stability(Stable) @NotNull protected Map<String,Object> renderProperties(@NotNull Map<String,Object> props)
      Overrides:
      renderProperties in class CfnResource
      Parameters:
      props - This parameter is required.

    • getAttrAccessGrantArn

      @Stability(Stable) @NotNull public String getAttrAccessGrantArn()
      The ARN of the access grant.

    • getAttrAccessGrantId

      @Stability(Stable) @NotNull public String getAttrAccessGrantId()
      The ID of the access grant.

      S3 Access Grants auto-generates this ID when you create the access grant.

    • getAttrGrantScope

      @Stability(Stable) @NotNull public String getAttrGrantScope()
      The S3 path of the data to which you are granting access.

      It is the result of appending the Subprefix to the location scope.

    • getCdkTagManager

      @Stability(Stable) @NotNull public TagManager getCdkTagManager()
      Tag Manager which manages the tags for this resource.
      Specified by:
      getCdkTagManager in interface ITaggableV2

    • getCfnProperties

      @Stability(Stable) @NotNull protected Map<String,Object> getCfnProperties()
      Overrides:
      getCfnProperties in class CfnResource

    • getAccessGrantsLocationId

      @Stability(Stable) @NotNull public String getAccessGrantsLocationId()
      The ID of the registered location to which you are granting access.

    • setAccessGrantsLocationId

      @Stability(Stable) public void setAccessGrantsLocationId(@NotNull String value)
      The ID of the registered location to which you are granting access.

    • getGrantee

      @Stability(Stable) @NotNull public Object getGrantee()
      The user, group, or role to which you are granting access.

    • setGrantee

      @Stability(Stable) public void setGrantee(@NotNull IResolvable value)
      The user, group, or role to which you are granting access.

    • setGrantee

      @Stability(Stable) public void setGrantee(@NotNull CfnAccessGrant.GranteeProperty value)
      The user, group, or role to which you are granting access.

    • getPermission

      @Stability(Stable) @NotNull public String getPermission()
      The type of access that you are granting to your S3 data, which can be set to one of the following values: - READ – Grant read-only access to the S3 data.

    • setPermission

      @Stability(Stable) public void setPermission(@NotNull String value)
      The type of access that you are granting to your S3 data, which can be set to one of the following values: - READ – Grant read-only access to the S3 data.

    • getAccessGrantsLocationConfiguration

      @Stability(Stable) @Nullable public Object getAccessGrantsLocationConfiguration()
      The configuration options of the grant location.

    • setAccessGrantsLocationConfiguration

      @Stability(Stable) public void setAccessGrantsLocationConfiguration(@Nullable IResolvable value)
      The configuration options of the grant location.

    • setAccessGrantsLocationConfiguration

      @Stability(Stable) public void setAccessGrantsLocationConfiguration(@Nullable CfnAccessGrant.AccessGrantsLocationConfigurationProperty value)
      The configuration options of the grant location.

    • getApplicationArn

      @Stability(Stable) @Nullable public String getApplicationArn()
      The Amazon Resource Name (ARN) of an AWS IAM Identity Center application associated with your Identity Center instance.

    • setApplicationArn

      @Stability(Stable) public void setApplicationArn(@Nullable String value)
      The Amazon Resource Name (ARN) of an AWS IAM Identity Center application associated with your Identity Center instance.

    • getS3PrefixType

      @Stability(Stable) @Nullable public String getS3PrefixType()
      The type of S3SubPrefix .

    • setS3PrefixType

      @Stability(Stable) public void setS3PrefixType(@Nullable String value)
      The type of S3SubPrefix .

    • getTags

      @Stability(Stable) @Nullable public List<CfnTag> getTags()
      The AWS resource tags that you are adding to the access grant.

    • setTags

      @Stability(Stable) public void setTags(@Nullable List<CfnTag> value)
      The AWS resource tags that you are adding to the access grant.