BucketAccessControl
- class aws_cdk.aws_s3.BucketAccessControl(value, names=None, *, module=None, qualname=None, type=None, start=1, boundary=None)
Bases:
EnumDefault bucket access control types.
- See:
https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html
- ExampleMetadata:
infused
Example:
website_bucket = s3.Bucket(self, "WebsiteBucket", website_index_document="index.html", public_read_access=True ) s3deploy.BucketDeployment(self, "DeployWebsite", sources=[s3deploy.Source.asset("./website-dist")], destination_bucket=website_bucket, destination_key_prefix="web/static", # optional prefix in destination bucket metadata={"A": "1", "b": "2"}, # user-defined metadata # system-defined metadata content_type="text/html", content_language="en", storage_class=s3deploy.StorageClass.INTELLIGENT_TIERING, server_side_encryption=s3deploy.ServerSideEncryption.AES_256, cache_control=[ s3deploy.CacheControl.set_public(), s3deploy.CacheControl.max_age(Duration.hours(1)) ], access_control=s3.BucketAccessControl.BUCKET_OWNER_FULL_CONTROL )
Attributes
- AUTHENTICATED_READ
Owner gets FULL_CONTROL.
The AuthenticatedUsers group gets READ access.
- AWS_EXEC_READ
Owner gets FULL_CONTROL.
Amazon EC2 gets READ access to GET an Amazon Machine Image (AMI) bundle from Amazon S3.
- BUCKET_OWNER_FULL_CONTROL
Both the object owner and the bucket owner get FULL_CONTROL over the object.
If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.
- BUCKET_OWNER_READ
Object owner gets FULL_CONTROL.
Bucket owner gets READ access. If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.
- LOG_DELIVERY_WRITE
The LogDelivery group gets WRITE and READ_ACP permissions on the bucket.
- PRIVATE
Owner gets FULL_CONTROL.
No one else has access rights.
- PUBLIC_READ
Owner gets FULL_CONTROL.
The AllUsers group gets READ access.
- PUBLIC_READ_WRITE
Owner gets FULL_CONTROL.
The AllUsers group gets READ and WRITE access. Granting this on a bucket is generally not recommended.