AWS::S3Express::DirectoryBucket - AWS CloudFormation
SyntaxPropertiesReturn values

AWS::S3Express::DirectoryBucket

The AWS::S3Express::DirectoryBucket resource creates an Amazon S3 directory bucket in the same AWS Region where you create the AWS CloudFormation stack.

To control how AWS CloudFormation handles the bucket when the stack is deleted, you can set a deletion policy for your bucket. You can choose to retain the bucket or to delete the bucket. For more information, see DeletionPolicy attribute.

Important

You can only delete empty buckets. Deletion fails for buckets that have contents.

Permissions

The required permissions for CloudFormation to use are based on the operations that are performed on the stack.

  • Create

    • s3express:CreateBucket

    • s3express:ListAllMyDirectoryBuckets

  • Read

    • s3express:ListAllMyDirectoryBuckets

    • ec2:DescribeAvailabilityZones

  • Delete

    • s3express:DeleteBucket

    • s3express:ListAllMyDirectoryBuckets

  • List

    • s3express:ListAllMyDirectoryBuckets

  • PutBucketEncryption

    • s3express:PutEncryptionConfiguration

    • To set a directory bucket default encryption with SSE-KMS, you must also have the kms:GenerateDataKey and kms:Decrypt permissions in IAM identity-based policies and AWS KMS key policies for the target AWS KMS key.

  • GetBucketEncryption

    • s3express:GetBucketEncryption

  • DeleteBucketEncryption

    • s3express:PutEncryptionConfiguration

The following operations are related to AWS::S3Express::DirectoryBucket:

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{
  "Type" : "AWS::S3Express::DirectoryBucket",
  "Properties" : {
      "BucketEncryption" : BucketEncryption,
      "BucketName" : String,
      "DataRedundancy" : String,
      "LocationName" : String
    }
}

YAML

Type: AWS::S3Express::DirectoryBucket
Properties:
  BucketEncryption: 
    BucketEncryption
  BucketName: String
  DataRedundancy: String
  LocationName: String

Properties

BucketEncryption

Specifies default encryption for a bucket using server-side encryption with Amazon S3 managed keys (SSE-S3) or AWS KMS keys (SSE-KMS). For information about default encryption for directory buckets, see Setting and monitoring default encryption for directory buckets in the Amazon S3 User Guide.

Required: No

Type: BucketEncryption

Update requires: No interruption

BucketName

A name for the bucket. The bucket name must contain only lowercase letters, numbers, and hyphens (-). A directory bucket name must be unique in the chosen Availability Zone. The bucket name must also follow the format bucket_base_name--az_id--x-s3 (for example, bucket_base_name--usw2-az1--x-s3). If you don't specify a name, AWS CloudFormation generates a unique ID and uses that ID for the bucket name. For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.

Important

If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you need to replace the resource, specify a new name.

Required: No

Type: String

Pattern: ^[a-z0-9][a-z0-9//.//-]*[a-z0-9]$

Maximum: 63

Update requires: Replacement

DataRedundancy

The number of Availability Zone that's used for redundancy for the bucket.

Required: Yes

Type: String

Allowed values: SingleAvailabilityZone

Update requires: Replacement

LocationName

The name of the location where the bucket will be created.

For directory buckets, the name of the location is the AZ ID of the Availability Zone where the bucket will be created. An example AZ ID value is usw2-az1.

Required: Yes

Type: String

Update requires: Replacement

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the bucket name.

Example: bucket_base_name--usw2-az1--x-s3

For more information about using the Ref function, see Ref.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

Arn

Returns the Amazon Resource Name (ARN) of the specified bucket.

Example: arn:aws:s3express:us-west-2:account_id:bucket/bucket_base_name--usw2-az1--x-s3

AvailabilityZoneName

Returns the code for the Availability Zone where the directory bucket was created.

Example: us-east-1f

Note

An Availability Zone code might not represent the same physical location for different AWS accounts. For more information, see Availability Zones and Regions in the Amazon S3 User Guide.