awss3

package
v2.163.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 22, 2024 License: Apache-2.0 Imports: 11 Imported by: 115

README

Amazon S3 Construct Library

Define an S3 bucket.

bucket := s3.NewBucket(this, jsii.String("MyFirstBucket"))

Bucket constructs expose the following deploy-time attributes:

  • bucketArn - the ARN of the bucket (i.e. arn:aws:s3:::amzn-s3-demo-bucket)
  • bucketName - the name of the bucket (i.e. amzn-s3-demo-bucket)
  • bucketWebsiteUrl - the Website URL of the bucket (i.e. http://amzn-s3-demo-bucket.s3-website-us-west-1.amazonaws.com)
  • bucketDomainName - the URL of the bucket (i.e. amzn-s3-demo-bucket.s3.amazonaws.com)
  • bucketDualStackDomainName - the dual-stack URL of the bucket (i.e. amzn-s3-demo-bucket.s3.dualstack.eu-west-1.amazonaws.com)
  • bucketRegionalDomainName - the regional URL of the bucket (i.e. amzn-s3-demo-bucket.s3.eu-west-1.amazonaws.com)
  • arnForObjects(pattern) - the ARN of an object or objects within the bucket (i.e. arn:aws:s3:::amzn-s3-demo-bucket/exampleobject.png or arn:aws:s3:::amzn-s3-demo-bucket/Development/*)
  • urlForObject(key) - the HTTP URL of an object within the bucket (i.e. https://s3.cn-north-1.amazonaws.com.cn/china-bucket/mykey)
  • virtualHostedUrlForObject(key) - the virtual-hosted style HTTP URL of an object within the bucket (i.e. https://china-bucket-s3.cn-north-1.amazonaws.com.cn/mykey)
  • s3UrlForObject(key) - the S3 URL of an object within the bucket (i.e. s3://bucket/mykey)

Encryption

Define a KMS-encrypted bucket:

bucket := s3.NewBucket(this, jsii.String("MyEncryptedBucket"), &BucketProps{
	Encryption: s3.BucketEncryption_KMS,
})

// you can access the encryption key:
assert(bucket.EncryptionKey instanceof kms.Key)

You can also supply your own key:

myKmsKey := kms.NewKey(this, jsii.String("MyKey"))

bucket := s3.NewBucket(this, jsii.String("MyEncryptedBucket"), &BucketProps{
	Encryption: s3.BucketEncryption_KMS,
	EncryptionKey: myKmsKey,
})

assert(bucket.EncryptionKey == myKmsKey)

Enable KMS-SSE encryption via S3 Bucket Keys:

bucket := s3.NewBucket(this, jsii.String("MyEncryptedBucket"), &BucketProps{
	Encryption: s3.BucketEncryption_KMS,
	BucketKeyEnabled: jsii.Boolean(true),
})

Use BucketEncryption.ManagedKms to use the S3 master KMS key:

bucket := s3.NewBucket(this, jsii.String("Buck"), &BucketProps{
	Encryption: s3.BucketEncryption_KMS_MANAGED,
})

assert(bucket.EncryptionKey == nil)

Enable DSSE encryption:

const bucket = new s3.Bucket(stack, 'MyDSSEBucket', {
  encryption: s3.BucketEncryption.DSSE_MANAGED,
  bucketKeyEnabled: true,
});

Permissions

A bucket policy will be automatically created for the bucket upon the first call to addToResourcePolicy(statement):

bucket := s3.NewBucket(this, jsii.String("MyBucket"))
result := bucket.AddToResourcePolicy(
iam.NewPolicyStatement(&PolicyStatementProps{
	Actions: []*string{
		jsii.String("s3:GetObject"),
	},
	Resources: []*string{
		bucket.ArnForObjects(jsii.String("file.txt")),
	},
	Principals: []iPrincipal{
		iam.NewAccountRootPrincipal(),
	},
}))

If you try to add a policy statement to an existing bucket, this method will not do anything:

bucket := s3.Bucket_FromBucketName(this, jsii.String("existingBucket"), jsii.String("amzn-s3-demo-bucket"))

// No policy statement will be added to the resource
result := bucket.AddToResourcePolicy(
iam.NewPolicyStatement(&PolicyStatementProps{
	Actions: []*string{
		jsii.String("s3:GetObject"),
	},
	Resources: []*string{
		bucket.ArnForObjects(jsii.String("file.txt")),
	},
	Principals: []iPrincipal{
		iam.NewAccountRootPrincipal(),
	},
}))

That's because it's not possible to tell whether the bucket already has a policy attached, let alone to re-use that policy to add more statements to it. We recommend that you always check the result of the call:

bucket := s3.NewBucket(this, jsii.String("MyBucket"))
result := bucket.AddToResourcePolicy(
iam.NewPolicyStatement(&PolicyStatementProps{
	Actions: []*string{
		jsii.String("s3:GetObject"),
	},
	Resources: []*string{
		bucket.ArnForObjects(jsii.String("file.txt")),
	},
	Principals: []iPrincipal{
		iam.NewAccountRootPrincipal(),
	},
}))

if !result.StatementAdded {}

The bucket policy can be directly accessed after creation to add statements or adjust the removal policy.

bucket := s3.NewBucket(this, jsii.String("MyBucket"))
bucket.Policy.ApplyRemovalPolicy(cdk.RemovalPolicy_RETAIN)

Most of the time, you won't have to manipulate the bucket policy directly. Instead, buckets have "grant" methods called to give prepackaged sets of permissions to other resources. For example:

var myLambda function


bucket := s3.NewBucket(this, jsii.String("MyBucket"))
bucket.GrantReadWrite(myLambda)

Will give the Lambda's execution role permissions to read and write from the bucket.

AWS Foundational Security Best Practices

Enforcing SSL

To require all requests use Secure Socket Layer (SSL):

bucket := s3.NewBucket(this, jsii.String("Bucket"), &BucketProps{
	EnforceSSL: jsii.Boolean(true),
})

To require a minimum TLS version for all requests:

bucket := s3.NewBucket(this, jsii.String("Bucket"), &BucketProps{
	EnforceSSL: jsii.Boolean(true),
	MinimumTLSVersion: jsii.Number(1.2),
})

Sharing buckets between stacks

To use a bucket in a different stack in the same CDK application, pass the object to the other stack:

/**
 * Stack that defines the bucket
 */
type producer struct {
	stack
	myBucket bucket
}

func newProducer(scope construct, id *string, props stackProps) *producer {
	this := &producer{}
	newStack_Override(this, scope, id, props)

	bucket := s3.NewBucket(this, jsii.String("MyBucket"), &BucketProps{
		RemovalPolicy: cdk.RemovalPolicy_DESTROY,
	})
	this.myBucket = bucket
	return this
}

type consumerProps struct {
	stackProps
	userBucket iBucket
}

/**
 * Stack that consumes the bucket
 */
type consumer struct {
	stack
}

func newConsumer(scope construct, id *string, props consumerProps) *consumer {
	this := &consumer{}
	newStack_Override(this, scope, id, props)

	user := iam.NewUser(this, jsii.String("MyUser"))
	*props.userBucket.GrantReadWrite(user)
	return this
}

app := awscdk.NewApp()
producer := NewProducer(app, jsii.String("ProducerStack"))
NewConsumer(app, jsii.String("ConsumerStack"), &consumerProps{
	userBucket: producer.myBucket,
})

Importing existing buckets

To import an existing bucket into your CDK application, use the Bucket.fromBucketAttributes factory method. This method accepts BucketAttributes which describes the properties of an already existing bucket:

Note that this method allows importing buckets with legacy names containing underscores (_), which was permitted for buckets created before March 1, 2018. For buckets created after this date, underscores are not allowed in the bucket name.

var myLambda function

bucket := s3.Bucket_FromBucketAttributes(this, jsii.String("ImportedBucket"), &BucketAttributes{
	BucketArn: jsii.String("arn:aws:s3:::amzn-s3-demo-bucket"),
})

// now you can just call methods on the bucket
bucket.AddEventNotification(s3.EventType_OBJECT_CREATED, s3n.NewLambdaDestination(myLambda), &NotificationKeyFilter{
	Prefix: jsii.String("home/myusername/*"),
})

Alternatively, short-hand factories are available as Bucket.fromBucketName and Bucket.fromBucketArn, which will derive all bucket attributes from the bucket name or ARN respectively:

byName := s3.Bucket_FromBucketName(this, jsii.String("BucketByName"), jsii.String("amzn-s3-demo-bucket"))
byArn := s3.Bucket_FromBucketArn(this, jsii.String("BucketByArn"), jsii.String("arn:aws:s3:::amzn-s3-demo-bucket"))

The bucket's region defaults to the current stack's region, but can also be explicitly set in cases where one of the bucket's regional properties needs to contain the correct values.

myCrossRegionBucket := s3.Bucket_FromBucketAttributes(this, jsii.String("CrossRegionImport"), &BucketAttributes{
	BucketArn: jsii.String("arn:aws:s3:::amzn-s3-demo-bucket"),
	Region: jsii.String("us-east-1"),
})

Bucket Notifications

The Amazon S3 notification feature enables you to receive notifications when certain events happen in your bucket as described under S3 Bucket Notifications of the S3 Developer Guide.

To subscribe for bucket notifications, use the bucket.addEventNotification method. The bucket.addObjectCreatedNotification and bucket.addObjectRemovedNotification can also be used for these common use cases.

The following example will subscribe an SNS topic to be notified of all s3:ObjectCreated:* events:

bucket := s3.NewBucket(this, jsii.String("MyBucket"))
topic := sns.NewTopic(this, jsii.String("MyTopic"))
bucket.AddEventNotification(s3.EventType_OBJECT_CREATED, s3n.NewSnsDestination(topic))

This call will also ensure that the topic policy can accept notifications for this specific bucket.

Supported S3 notification targets are exposed by the aws-cdk-lib/aws-s3-notifications package.

It is also possible to specify S3 object key filters when subscribing. The following example will notify myQueue when objects prefixed with foo/ and have the .jpg suffix are removed from the bucket.

var myQueue queue

bucket := s3.NewBucket(this, jsii.String("MyBucket"))
bucket.AddEventNotification(s3.EventType_OBJECT_REMOVED, s3n.NewSqsDestination(myQueue), &NotificationKeyFilter{
	Prefix: jsii.String("foo/"),
	Suffix: jsii.String(".jpg"),
})

Adding notifications on existing buckets:

var topic topic

bucket := s3.Bucket_FromBucketAttributes(this, jsii.String("ImportedBucket"), &BucketAttributes{
	BucketArn: jsii.String("arn:aws:s3:::amzn-s3-demo-bucket"),
})
bucket.AddEventNotification(s3.EventType_OBJECT_CREATED, s3n.NewSnsDestination(topic))

If you do not want for S3 to validate permissions of Amazon SQS, Amazon SNS, and Lambda destinations you can use the notificationsSkipDestinationValidation flag:

var myQueue queue

bucket := s3.NewBucket(this, jsii.String("MyBucket"), &BucketProps{
	NotificationsSkipDestinationValidation: jsii.Boolean(true),
})
bucket.AddEventNotification(s3.EventType_OBJECT_REMOVED, s3n.NewSqsDestination(myQueue))

When you add an event notification to a bucket, a custom resource is created to manage the notifications. By default, a new role is created for the Lambda function that implements this feature. If you want to use your own role instead, you should provide it in the Bucket constructor:

var myRole iRole

bucket := s3.NewBucket(this, jsii.String("MyBucket"), &BucketProps{
	NotificationsHandlerRole: myRole,
})

Whatever role you provide, the CDK will try to modify it by adding the permissions from AWSLambdaBasicExecutionRole (an AWS managed policy) as well as the permissions s3:PutBucketNotification and s3:GetBucketNotification. If you’re passing an imported role, and you don’t want this to happen, configure it to be immutable:

importedRole := iam.Role_FromRoleArn(this, jsii.String("role"), jsii.String("arn:aws:iam::123456789012:role/RoleName"), &FromRoleArnOptions{
	Mutable: jsii.Boolean(false),
})

If you provide an imported immutable role, make sure that it has at least all the permissions mentioned above. Otherwise, the deployment will fail!

EventBridge notifications

Amazon S3 can send events to Amazon EventBridge whenever certain events happen in your bucket. Unlike other destinations, you don't need to select which event types you want to deliver.

The following example will enable EventBridge notifications:

bucket := s3.NewBucket(this, jsii.String("MyEventBridgeBucket"), &BucketProps{
	EventBridgeEnabled: jsii.Boolean(true),
})

Block Public Access

Use blockPublicAccess to specify block public access settings on the bucket.

Enable all block public access settings:

bucket := s3.NewBucket(this, jsii.String("MyBlockedBucket"), &BucketProps{
	BlockPublicAccess: s3.BlockPublicAccess_BLOCK_ALL(),
})

Block and ignore public ACLs:

bucket := s3.NewBucket(this, jsii.String("MyBlockedBucket"), &BucketProps{
	BlockPublicAccess: s3.BlockPublicAccess_BLOCK_ACLS(),
})

Alternatively, specify the settings manually:

bucket := s3.NewBucket(this, jsii.String("MyBlockedBucket"), &BucketProps{
	BlockPublicAccess: s3.NewBlockPublicAccess(&BlockPublicAccessOptions{
		BlockPublicPolicy: jsii.Boolean(true),
	}),
})

When blockPublicPolicy is set to true, grantPublicRead() throws an error.

Public Read Access

Use publicReadAccess to allow public read access to the bucket.

Note that to enable publicReadAccess, make sure both bucket-level and account-level block public access control is disabled.

Bucket-level block public access control can be configured through blockPublicAccess property. Account-level block public access control can be configured on AWS Console -> S3 -> Block Public Access settings for this account (Navigation Panel).

bucket := s3.NewBucket(this, jsii.String("Bucket"), &BucketProps{
	PublicReadAccess: jsii.Boolean(true),
	BlockPublicAccess: map[string]*bool{
		"blockPublicPolicy": jsii.Boolean(false),
		"blockPublicAcls": jsii.Boolean(false),
		"ignorePublicAcls": jsii.Boolean(false),
		"restrictPublicBuckets": jsii.Boolean(false),
	},
})

Logging configuration

Use serverAccessLogsBucket to describe where server access logs are to be stored.

accessLogsBucket := s3.NewBucket(this, jsii.String("AccessLogsBucket"))

bucket := s3.NewBucket(this, jsii.String("MyBucket"), &BucketProps{
	ServerAccessLogsBucket: accessLogsBucket,
})

It's also possible to specify a prefix for Amazon S3 to assign to all log object keys.

accessLogsBucket := s3.NewBucket(this, jsii.String("AccessLogsBucket"))

bucket := s3.NewBucket(this, jsii.String("MyBucket"), &BucketProps{
	ServerAccessLogsBucket: accessLogsBucket,
	ServerAccessLogsPrefix: jsii.String("logs"),
})

You have two options for the log object key format. Non-date-based partitioning is the default log object key format and appears as follows:

[DestinationPrefix][YYYY]-[MM]-[DD]-[hh]-[mm]-[ss]-[UniqueString]
accessLogsBucket := s3.NewBucket(this, jsii.String("AccessLogsBucket"))

bucket := s3.NewBucket(this, jsii.String("MyBucket"), &BucketProps{
	ServerAccessLogsBucket: accessLogsBucket,
	ServerAccessLogsPrefix: jsii.String("logs"),
	// You can use a simple prefix with `TargetObjectKeyFormat.simplePrefix()`, but it is the same even if you do not specify `targetObjectKeyFormat` property.
	TargetObjectKeyFormat: s3.TargetObjectKeyFormat_SimplePrefix(),
})

Another option is Date-based partitioning. If you choose this format, you can select either the event time or the delivery time of the log file as the date source used in the log format. This format appears as follows:

[DestinationPrefix][SourceAccountId]/[SourceRegion]/[SourceBucket]/[YYYY]/[MM]/[DD]/[YYYY]-[MM]-[DD]-[hh]-[mm]-[ss]-[UniqueString]
accessLogsBucket := s3.NewBucket(this, jsii.String("AccessLogsBucket"))

bucket := s3.NewBucket(this, jsii.String("MyBucket"), &BucketProps{
	ServerAccessLogsBucket: accessLogsBucket,
	ServerAccessLogsPrefix: jsii.String("logs"),
	TargetObjectKeyFormat: s3.TargetObjectKeyFormat_PartitionedPrefix(s3.PartitionDateSource_EVENT_TIME),
})

When possible, it is recommended to use a bucket policy to grant access instead of using ACLs. When the @aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy feature flag is enabled, this is done by default for server access logs. If S3 Server Access Logs are the only logs delivered to your bucket (or if all other services logging to the bucket support using bucket policy instead of ACLs), you can set object ownership to bucket owner enforced, as is recommended.

accessLogsBucket := s3.NewBucket(this, jsii.String("AccessLogsBucket"), &BucketProps{
	ObjectOwnership: s3.ObjectOwnership_BUCKET_OWNER_ENFORCED,
})

bucket := s3.NewBucket(this, jsii.String("MyBucket"), &BucketProps{
	ServerAccessLogsBucket: accessLogsBucket,
	ServerAccessLogsPrefix: jsii.String("logs"),
})

The above code will create a new bucket policy if none exists or update the existing bucket policy to allow access log delivery.

However, there could be an edge case if the accessLogsBucket also defines a bucket policy resource using the L1 Construct. Although the mixing of L1 and L2 Constructs is not recommended, there are no mechanisms in place to prevent users from doing this at the moment.

bucketName := "amzn-s3-demo-bucket"
accessLogsBucket := s3.NewBucket(this, jsii.String("AccessLogsBucket"), &BucketProps{
	ObjectOwnership: s3.ObjectOwnership_BUCKET_OWNER_ENFORCED,
	BucketName: jsii.String(BucketName),
})

// Creating a bucket policy using L1
bucketPolicy := s3.NewCfnBucketPolicy(this, jsii.String("BucketPolicy"), &CfnBucketPolicyProps{
	Bucket: bucketName,
	PolicyDocument: map[string]interface{}{
		"Statement": []map[string]interface{}{
			map[string]interface{}{
				"Action": jsii.String("s3:*"),
				"Effect": jsii.String("Deny"),
				"Principal": map[string]*string{
					"AWS": jsii.String("*"),
				},
				"Resource": []*string{
					accessLogsBucket.bucketArn,
					fmt.Sprintf("%v/*", accessLogsBucket.bucketArn),
				},
			},
		},
		"Version": jsii.String("2012-10-17"),
	},
})

// 'serverAccessLogsBucket' will create a new L2 bucket policy
// to allow log delivery and overwrite the L1 bucket policy.
bucket := s3.NewBucket(this, jsii.String("MyBucket"), &BucketProps{
	ServerAccessLogsBucket: accessLogsBucket,
	ServerAccessLogsPrefix: jsii.String("logs"),
})

The above example uses the L2 Bucket Construct with the L1 CfnBucketPolicy Construct. However, when serverAccessLogsBucket is set, a new L2 Bucket Policy resource will be created which overwrites the permissions defined in the L1 Bucket Policy causing unintended behaviours.

As noted above, we highly discourage the mixed usage of L1 and L2 Constructs. The recommended approach would to define the bucket policy using addToResourcePolicy method.

accessLogsBucket := s3.NewBucket(this, jsii.String("AccessLogsBucket"), &BucketProps{
	ObjectOwnership: s3.ObjectOwnership_BUCKET_OWNER_ENFORCED,
})

accessLogsBucket.AddToResourcePolicy(
iam.NewPolicyStatement(&PolicyStatementProps{
	Actions: []*string{
		jsii.String("s3:*"),
	},
	Resources: []*string{
		accessLogsBucket.BucketArn,
		accessLogsBucket.ArnForObjects(jsii.String("*")),
	},
	Principals: []iPrincipal{
		iam.NewAnyPrincipal(),
	},
}))

bucket := s3.NewBucket(this, jsii.String("MyBucket"), &BucketProps{
	ServerAccessLogsBucket: accessLogsBucket,
	ServerAccessLogsPrefix: jsii.String("logs"),
})

Alternatively, users can use the L2 Bucket Policy Construct BucketPolicy.fromCfnBucketPolicy to wrap around CfnBucketPolicy Construct. This will allow the subsequent bucket policy generated by serverAccessLogsBucket usage to append to the existing bucket policy instead of overwriting.

bucketName := "amzn-s3-demo-bucket"
accessLogsBucket := s3.NewBucket(this, jsii.String("AccessLogsBucket"), &BucketProps{
	ObjectOwnership: s3.ObjectOwnership_BUCKET_OWNER_ENFORCED,
	BucketName: jsii.String(BucketName),
})

bucketPolicy := s3.NewCfnBucketPolicy(this, jsii.String("BucketPolicy"), &CfnBucketPolicyProps{
	Bucket: bucketName,
	PolicyDocument: map[string]interface{}{
		"Statement": []map[string]interface{}{
			map[string]interface{}{
				"Action": jsii.String("s3:*"),
				"Effect": jsii.String("Deny"),
				"Principal": map[string]*string{
					"AWS": jsii.String("*"),
				},
				"Resource": []*string{
					accessLogsBucket.bucketArn,
					fmt.Sprintf("%v/*", accessLogsBucket.bucketArn),
				},
			},
		},
		"Version": jsii.String("2012-10-17"),
	},
})

// Wrap L1 Construct with L2 Bucket Policy Construct. Subsequent
// generated bucket policy to allow access log delivery would append
// to the current policy.
s3.BucketPolicy_FromCfnBucketPolicy(bucketPolicy)

bucket := s3.NewBucket(this, jsii.String("MyBucket"), &BucketProps{
	ServerAccessLogsBucket: accessLogsBucket,
	ServerAccessLogsPrefix: jsii.String("logs"),
})

S3 Inventory

An inventory contains a list of the objects in the source bucket and metadata for each object. The inventory lists are stored in the destination bucket as a CSV file compressed with GZIP, as an Apache optimized row columnar (ORC) file compressed with ZLIB, or as an Apache Parquet (Parquet) file compressed with Snappy.

You can configure multiple inventory lists for a bucket. You can configure what object metadata to include in the inventory, whether to list all object versions or only current versions, where to store the inventory list file output, and whether to generate the inventory on a daily or weekly basis.

inventoryBucket := s3.NewBucket(this, jsii.String("InventoryBucket"))

dataBucket := s3.NewBucket(this, jsii.String("DataBucket"), &BucketProps{
	Inventories: []inventory{
		&inventory{
			Frequency: s3.InventoryFrequency_DAILY,
			IncludeObjectVersions: s3.InventoryObjectVersion_CURRENT,
			Destination: &InventoryDestination{
				Bucket: inventoryBucket,
			},
		},
		&inventory{
			Frequency: s3.InventoryFrequency_WEEKLY,
			IncludeObjectVersions: s3.InventoryObjectVersion_ALL,
			Destination: &InventoryDestination{
				Bucket: inventoryBucket,
				Prefix: jsii.String("with-all-versions"),
			},
		},
	},
})

If the destination bucket is created as part of the same CDK application, the necessary permissions will be automatically added to the bucket policy. However, if you use an imported bucket (i.e Bucket.fromXXX()), you'll have to make sure it contains the following policy document:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "InventoryAndAnalyticsExamplePolicy",
      "Effect": "Allow",
      "Principal": { "Service": "s3.amazonaws.com" },
      "Action": "s3:PutObject",
      "Resource": ["arn:aws:s3:::amzn-s3-demo-destination-bucket/*"]
    }
  ]
}

Website redirection

You can use the two following properties to specify the bucket redirection policy. Please note that these methods cannot both be applied to the same bucket.

Static redirection

You can statically redirect a to a given Bucket URL or any other host name with websiteRedirect:

bucket := s3.NewBucket(this, jsii.String("MyRedirectedBucket"), &BucketProps{
	WebsiteRedirect: &RedirectTarget{
		HostName: jsii.String("www.example.com"),
	},
})
Routing rules

Alternatively, you can also define multiple websiteRoutingRules, to define complex, conditional redirections:

bucket := s3.NewBucket(this, jsii.String("MyRedirectedBucket"), &BucketProps{
	WebsiteRoutingRules: []routingRule{
		&routingRule{
			HostName: jsii.String("www.example.com"),
			HttpRedirectCode: jsii.String("302"),
			Protocol: s3.RedirectProtocol_HTTPS,
			ReplaceKey: s3.ReplaceKey_PrefixWith(jsii.String("test/")),
			Condition: &RoutingRuleCondition{
				HttpErrorCodeReturnedEquals: jsii.String("200"),
				KeyPrefixEquals: jsii.String("prefix"),
			},
		},
	},
})

Filling the bucket as part of deployment

To put files into a bucket as part of a deployment (for example, to host a website), see the aws-cdk-lib/aws-s3-deployment package, which provides a resource that can do just that.

The URL for objects

S3 provides two types of URLs for accessing objects via HTTP(S). Path-Style and Virtual Hosted-Style URL. Path-Style is a classic way and will be deprecated. We recommend to use Virtual Hosted-Style URL for newly made bucket.

You can generate both of them.

bucket := s3.NewBucket(this, jsii.String("MyBucket"))
bucket.UrlForObject(jsii.String("objectname")) // Path-Style URL
bucket.VirtualHostedUrlForObject(jsii.String("objectname")) // Virtual Hosted-Style URL
bucket.VirtualHostedUrlForObject(jsii.String("objectname"), &VirtualHostedStyleUrlOptions{
	Regional: jsii.Boolean(false),
})

Object Ownership

You can use one of following properties to specify the bucket object Ownership.

Object writer

The Uploading account will own the object.

s3.NewBucket(this, jsii.String("MyBucket"), &BucketProps{
	ObjectOwnership: s3.ObjectOwnership_OBJECT_WRITER,
})
Bucket owner preferred

The bucket owner will own the object if the object is uploaded with the bucket-owner-full-control canned ACL. Without this setting and canned ACL, the object is uploaded and remains owned by the uploading account.

s3.NewBucket(this, jsii.String("MyBucket"), &BucketProps{
	ObjectOwnership: s3.ObjectOwnership_BUCKET_OWNER_PREFERRED,
})

ACLs are disabled, and the bucket owner automatically owns and has full control over every object in the bucket. ACLs no longer affect permissions to data in the S3 bucket. The bucket uses policies to define access control.

s3.NewBucket(this, jsii.String("MyBucket"), &BucketProps{
	ObjectOwnership: s3.ObjectOwnership_BUCKET_OWNER_ENFORCED,
})

Some services may not not support log delivery to buckets that have object ownership set to bucket owner enforced, such as S3 buckets using ACLs or CloudFront Distributions.

Bucket deletion

When a bucket is removed from a stack (or the stack is deleted), the S3 bucket will be removed according to its removal policy (which by default will simply orphan the bucket and leave it in your AWS account). If the removal policy is set to RemovalPolicy.DESTROY, the bucket will be deleted as long as it does not contain any objects.

To override this and force all objects to get deleted during bucket deletion, enable theautoDeleteObjects option.

When autoDeleteObjects is enabled, s3:PutBucketPolicy is added to the bucket policy. This is done to allow the custom resource this feature is built on to add a deny policy for s3:PutObject to the bucket policy when a delete stack event occurs. Adding this deny policy prevents new objects from being written to the bucket. Doing this prevents race conditions with external bucket writers during the deletion process.

bucket := s3.NewBucket(this, jsii.String("MyTempFileBucket"), &BucketProps{
	RemovalPolicy: cdk.RemovalPolicy_DESTROY,
	AutoDeleteObjects: jsii.Boolean(true),
})

Warning if you have deployed a bucket with autoDeleteObjects: true, switching this to false in a CDK version before 1.126.0 will lead to all objects in the bucket being deleted. Be sure to update your bucket resources by deploying with CDK version 1.126.0 or later before switching this value to false.

Transfer Acceleration

Transfer Acceleration can be configured to enable fast, easy, and secure transfers of files over long distances:

bucket := s3.NewBucket(this, jsii.String("MyBucket"), &BucketProps{
	TransferAcceleration: jsii.Boolean(true),
})

To access the bucket that is enabled for Transfer Acceleration, you must use a special endpoint. The URL can be generated using method transferAccelerationUrlForObject:

bucket := s3.NewBucket(this, jsii.String("MyBucket"), &BucketProps{
	TransferAcceleration: jsii.Boolean(true),
})
bucket.TransferAccelerationUrlForObject(jsii.String("objectname"))

Intelligent Tiering

Intelligent Tiering can be configured to automatically move files to glacier:

s3.NewBucket(this, jsii.String("MyBucket"), &BucketProps{
	IntelligentTieringConfigurations: []intelligentTieringConfiguration{
		&intelligentTieringConfiguration{
			Name: jsii.String("foo"),
			Prefix: jsii.String("folder/name"),
			ArchiveAccessTierTime: awscdk.Duration_Days(jsii.Number(90)),
			DeepArchiveAccessTierTime: awscdk.Duration_*Days(jsii.Number(180)),
			Tags: []tag{
				&tag{
					Key: jsii.String("tagname"),
					Value: jsii.String("tagvalue"),
				},
			},
		},
	},
})

Lifecycle Rule

Managing lifecycle can be configured transition or expiration actions.

bucket := s3.NewBucket(this, jsii.String("MyBucket"), &BucketProps{
	LifecycleRules: []lifecycleRule{
		&lifecycleRule{
			AbortIncompleteMultipartUploadAfter: awscdk.Duration_Minutes(jsii.Number(30)),
			Enabled: jsii.Boolean(false),
			Expiration: awscdk.Duration_Days(jsii.Number(30)),
			ExpirationDate: NewDate(),
			ExpiredObjectDeleteMarker: jsii.Boolean(false),
			Id: jsii.String("id"),
			NoncurrentVersionExpiration: awscdk.Duration_*Days(jsii.Number(30)),

			// the properties below are optional
			NoncurrentVersionsToRetain: jsii.Number(123),
			NoncurrentVersionTransitions: []noncurrentVersionTransition{
				&noncurrentVersionTransition{
					StorageClass: s3.StorageClass_GLACIER(),
					TransitionAfter: awscdk.Duration_*Days(jsii.Number(30)),

					// the properties below are optional
					NoncurrentVersionsToRetain: jsii.Number(123),
				},
			},
			ObjectSizeGreaterThan: jsii.Number(500),
			Prefix: jsii.String("prefix"),
			ObjectSizeLessThan: jsii.Number(10000),
			Transitions: []transition{
				&transition{
					StorageClass: s3.StorageClass_GLACIER(),

					// the properties below are optional
					TransitionAfter: awscdk.Duration_*Days(jsii.Number(30)),
					TransitionDate: NewDate(),
				},
			},
		},
	},
})

To indicate which default minimum object size behavior is applied to the lifecycle configuration, use the transitionDefaultMinimumObjectSize property.

The default value of the property before September 2024 is TransitionDefaultMinimumObjectSize.VARIES_BY_STORAGE_CLASS that allows objects smaller than 128 KB to be transitioned only to the S3 Glacier and S3 Glacier Deep Archive storage classes, otherwise TransitionDefaultMinimumObjectSize.ALL_STORAGE_CLASSES_128_K that prevents objects smaller than 128 KB from being transitioned to any storage class.

To customize the minimum object size for any transition you can add a filter that specifies a custom objectSizeGreaterThan or objectSizeLessThan for lifecycleRules property. Custom filters always take precedence over the default transition behavior.

s3.NewBucket(this, jsii.String("MyBucket"), &BucketProps{
	TransitionDefaultMinimumObjectSize: s3.TransitionDefaultMinimumObjectSize_VARIES_BY_STORAGE_CLASS,
	LifecycleRules: []lifecycleRule{
		&lifecycleRule{
			Transitions: []transition{
				&transition{
					StorageClass: s3.StorageClass_DEEP_ARCHIVE(),
					TransitionAfter: awscdk.Duration_Days(jsii.Number(30)),
				},
			},
		},
		&lifecycleRule{
			ObjectSizeLessThan: jsii.Number(300000),
			ObjectSizeGreaterThan: jsii.Number(200000),
			Transitions: []*transition{
				&transition{
					StorageClass: s3.StorageClass_ONE_ZONE_INFREQUENT_ACCESS(),
					TransitionAfter: awscdk.Duration_*Days(jsii.Number(30)),
				},
			},
		},
	},
})

Object Lock Configuration

Object Lock can be configured to enable a write-once-read-many model for an S3 bucket. Object Lock must be configured when a bucket is created; if a bucket is created without Object Lock, it cannot be enabled later via the CDK.

Object Lock can be enabled on an S3 bucket by specifying:

bucket := s3.NewBucket(this, jsii.String("MyBucket"), &BucketProps{
	ObjectLockEnabled: jsii.Boolean(true),
})

Usually, it is desired to not just enable Object Lock for a bucket but to also configure a retention mode and a retention period. These can be specified by providing objectLockDefaultRetention:

// Configure for governance mode with a duration of 7 years
// Configure for governance mode with a duration of 7 years
s3.NewBucket(this, jsii.String("Bucket1"), &BucketProps{
	ObjectLockDefaultRetention: s3.ObjectLockRetention_Governance(awscdk.Duration_Days(jsii.Number(7 * 365))),
})

// Configure for compliance mode with a duration of 1 year
// Configure for compliance mode with a duration of 1 year
s3.NewBucket(this, jsii.String("Bucket2"), &BucketProps{
	ObjectLockDefaultRetention: s3.ObjectLockRetention_Compliance(awscdk.Duration_*Days(jsii.Number(365))),
})

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func BucketBase_IsConstruct

func BucketBase_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func BucketBase_IsOwnedResource added in v2.32.0

func BucketBase_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise.

func BucketBase_IsResource

func BucketBase_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource.

func BucketPolicy_IsConstruct

func BucketPolicy_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func BucketPolicy_IsOwnedResource added in v2.32.0

func BucketPolicy_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise.

func BucketPolicy_IsResource

func BucketPolicy_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource.

func Bucket_IsConstruct

func Bucket_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func Bucket_IsOwnedResource added in v2.32.0

func Bucket_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise.

func Bucket_IsResource

func Bucket_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource.

func Bucket_ValidateBucketName

func Bucket_ValidateBucketName(physicalName *string, allowLegacyBucketNaming *bool)

Thrown an exception if the given bucket name is not valid.

func CfnAccessGrant_CFN_RESOURCE_TYPE_NAME added in v2.112.0

func CfnAccessGrant_CFN_RESOURCE_TYPE_NAME() *string

func CfnAccessGrant_IsCfnElement added in v2.112.0

func CfnAccessGrant_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element.

func CfnAccessGrant_IsCfnResource added in v2.112.0

func CfnAccessGrant_IsCfnResource(x interface{}) *bool

Check whether the given object is a CfnResource.

func CfnAccessGrant_IsConstruct added in v2.112.0

func CfnAccessGrant_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func CfnAccessGrantsInstance_CFN_RESOURCE_TYPE_NAME added in v2.112.0

func CfnAccessGrantsInstance_CFN_RESOURCE_TYPE_NAME() *string

func CfnAccessGrantsInstance_IsCfnElement added in v2.112.0

func CfnAccessGrantsInstance_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element.

func CfnAccessGrantsInstance_IsCfnResource added in v2.112.0

func CfnAccessGrantsInstance_IsCfnResource(x interface{}) *bool

Check whether the given object is a CfnResource.

func CfnAccessGrantsInstance_IsConstruct added in v2.112.0

func CfnAccessGrantsInstance_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func CfnAccessGrantsLocation_CFN_RESOURCE_TYPE_NAME added in v2.112.0

func CfnAccessGrantsLocation_CFN_RESOURCE_TYPE_NAME() *string

func CfnAccessGrantsLocation_IsCfnElement added in v2.112.0

func CfnAccessGrantsLocation_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element.

func CfnAccessGrantsLocation_IsCfnResource added in v2.112.0

func CfnAccessGrantsLocation_IsCfnResource(x interface{}) *bool

Check whether the given object is a CfnResource.

func CfnAccessGrantsLocation_IsConstruct added in v2.112.0

func CfnAccessGrantsLocation_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func CfnAccessPoint_CFN_RESOURCE_TYPE_NAME

func CfnAccessPoint_CFN_RESOURCE_TYPE_NAME() *string

func CfnAccessPoint_IsCfnElement

func CfnAccessPoint_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element.

func CfnAccessPoint_IsCfnResource

func CfnAccessPoint_IsCfnResource(x interface{}) *bool

Check whether the given object is a CfnResource.

func CfnAccessPoint_IsConstruct

func CfnAccessPoint_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func CfnBucketPolicy_CFN_RESOURCE_TYPE_NAME

func CfnBucketPolicy_CFN_RESOURCE_TYPE_NAME() *string

func CfnBucketPolicy_IsCfnElement

func CfnBucketPolicy_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element.

func CfnBucketPolicy_IsCfnResource

func CfnBucketPolicy_IsCfnResource(x interface{}) *bool

Check whether the given object is a CfnResource.

func CfnBucketPolicy_IsConstruct

func CfnBucketPolicy_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func CfnBucket_CFN_RESOURCE_TYPE_NAME

func CfnBucket_CFN_RESOURCE_TYPE_NAME() *string

func CfnBucket_IsCfnElement

func CfnBucket_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element.

func CfnBucket_IsCfnResource

func CfnBucket_IsCfnResource(x interface{}) *bool

Check whether the given object is a CfnResource.

func CfnBucket_IsConstruct

func CfnBucket_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func CfnMultiRegionAccessPointPolicy_CFN_RESOURCE_TYPE_NAME

func CfnMultiRegionAccessPointPolicy_CFN_RESOURCE_TYPE_NAME() *string

func CfnMultiRegionAccessPointPolicy_IsCfnElement

func CfnMultiRegionAccessPointPolicy_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element.

func CfnMultiRegionAccessPointPolicy_IsCfnResource

func CfnMultiRegionAccessPointPolicy_IsCfnResource(x interface{}) *bool

Check whether the given object is a CfnResource.

func CfnMultiRegionAccessPointPolicy_IsConstruct

func CfnMultiRegionAccessPointPolicy_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func CfnMultiRegionAccessPoint_CFN_RESOURCE_TYPE_NAME

func CfnMultiRegionAccessPoint_CFN_RESOURCE_TYPE_NAME() *string

func CfnMultiRegionAccessPoint_IsCfnElement

func CfnMultiRegionAccessPoint_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element.

func CfnMultiRegionAccessPoint_IsCfnResource

func CfnMultiRegionAccessPoint_IsCfnResource(x interface{}) *bool

Check whether the given object is a CfnResource.

func CfnMultiRegionAccessPoint_IsConstruct

func CfnMultiRegionAccessPoint_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func CfnStorageLensGroup_CFN_RESOURCE_TYPE_NAME added in v2.109.0

func CfnStorageLensGroup_CFN_RESOURCE_TYPE_NAME() *string

func CfnStorageLensGroup_IsCfnElement added in v2.109.0

func CfnStorageLensGroup_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element.

func CfnStorageLensGroup_IsCfnResource added in v2.109.0

func CfnStorageLensGroup_IsCfnResource(x interface{}) *bool

Check whether the given object is a CfnResource.

func CfnStorageLensGroup_IsConstruct added in v2.109.0

func CfnStorageLensGroup_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func CfnStorageLens_CFN_RESOURCE_TYPE_NAME

func CfnStorageLens_CFN_RESOURCE_TYPE_NAME() *string

func CfnStorageLens_IsCfnElement

func CfnStorageLens_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element.

func CfnStorageLens_IsCfnResource

func CfnStorageLens_IsCfnResource(x interface{}) *bool

Check whether the given object is a CfnResource.

func CfnStorageLens_IsConstruct

func CfnStorageLens_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func NewBlockPublicAccess_Override

func NewBlockPublicAccess_Override(b BlockPublicAccess, options *BlockPublicAccessOptions)

func NewBucketBase_Override

func NewBucketBase_Override(b BucketBase, scope constructs.Construct, id *string, props *awscdk.ResourceProps)

func NewBucketPolicy_Override

func NewBucketPolicy_Override(b BucketPolicy, scope constructs.Construct, id *string, props *BucketPolicyProps)

func NewBucket_Override

func NewBucket_Override(b Bucket, scope constructs.Construct, id *string, props *BucketProps)

func NewCfnAccessGrant_Override added in v2.112.0

func NewCfnAccessGrant_Override(c CfnAccessGrant, scope constructs.Construct, id *string, props *CfnAccessGrantProps)

func NewCfnAccessGrantsInstance_Override added in v2.112.0

func NewCfnAccessGrantsInstance_Override(c CfnAccessGrantsInstance, scope constructs.Construct, id *string, props *CfnAccessGrantsInstanceProps)

func NewCfnAccessGrantsLocation_Override added in v2.112.0

func NewCfnAccessGrantsLocation_Override(c CfnAccessGrantsLocation, scope constructs.Construct, id *string, props *CfnAccessGrantsLocationProps)

func NewCfnAccessPoint_Override

func NewCfnAccessPoint_Override(c CfnAccessPoint, scope constructs.Construct, id *string, props *CfnAccessPointProps)

func NewCfnBucketPolicy_Override

func NewCfnBucketPolicy_Override(c CfnBucketPolicy, scope constructs.Construct, id *string, props *CfnBucketPolicyProps)

func NewCfnBucket_Override

func NewCfnBucket_Override(c CfnBucket, scope constructs.Construct, id *string, props *CfnBucketProps)

func NewCfnMultiRegionAccessPointPolicy_Override

func NewCfnMultiRegionAccessPointPolicy_Override(c CfnMultiRegionAccessPointPolicy, scope constructs.Construct, id *string, props *CfnMultiRegionAccessPointPolicyProps)

func NewCfnMultiRegionAccessPoint_Override

func NewCfnMultiRegionAccessPoint_Override(c CfnMultiRegionAccessPoint, scope constructs.Construct, id *string, props *CfnMultiRegionAccessPointProps)

func NewCfnStorageLensGroup_Override added in v2.109.0

func NewCfnStorageLensGroup_Override(c CfnStorageLensGroup, scope constructs.Construct, id *string, props *CfnStorageLensGroupProps)

func NewCfnStorageLens_Override

func NewCfnStorageLens_Override(c CfnStorageLens, scope constructs.Construct, id *string, props *CfnStorageLensProps)

func NewStorageClass_Override

func NewStorageClass_Override(s StorageClass, value *string)

func NewTargetObjectKeyFormat_Override added in v2.124.0

func NewTargetObjectKeyFormat_Override(t TargetObjectKeyFormat)

Types

type BlockPublicAccess

type BlockPublicAccess interface {
	BlockPublicAcls() *bool
	SetBlockPublicAcls(val *bool)
	BlockPublicPolicy() *bool
	SetBlockPublicPolicy(val *bool)
	IgnorePublicAcls() *bool
	SetIgnorePublicAcls(val *bool)
	RestrictPublicBuckets() *bool
	SetRestrictPublicBuckets(val *bool)
}

Example:

bucket := s3.NewBucket(this, jsii.String("MyBlockedBucket"), &BucketProps{
	BlockPublicAccess: s3.BlockPublicAccess_BLOCK_ALL(),
})

func BlockPublicAccess_BLOCK_ACLS

func BlockPublicAccess_BLOCK_ACLS() BlockPublicAccess

func BlockPublicAccess_BLOCK_ALL

func BlockPublicAccess_BLOCK_ALL() BlockPublicAccess

func NewBlockPublicAccess

func NewBlockPublicAccess(options *BlockPublicAccessOptions) BlockPublicAccess

type BlockPublicAccessOptions

type BlockPublicAccessOptions struct {
	// Whether to block public ACLs.
	// See: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-options
	//
	BlockPublicAcls *bool `field:"optional" json:"blockPublicAcls" yaml:"blockPublicAcls"`
	// Whether to block public policy.
	// See: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-options
	//
	BlockPublicPolicy *bool `field:"optional" json:"blockPublicPolicy" yaml:"blockPublicPolicy"`
	// Whether to ignore public ACLs.
	// See: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-options
	//
	IgnorePublicAcls *bool `field:"optional" json:"ignorePublicAcls" yaml:"ignorePublicAcls"`
	// Whether to restrict public access.
	// See: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-options
	//
	RestrictPublicBuckets *bool `field:"optional" json:"restrictPublicBuckets" yaml:"restrictPublicBuckets"`
}

Example:

bucket := s3.NewBucket(this, jsii.String("MyBlockedBucket"), &BucketProps{
	BlockPublicAccess: s3.NewBlockPublicAccess(&BlockPublicAccessOptions{
		BlockPublicPolicy: jsii.Boolean(true),
	}),
})

type Bucket

type Bucket interface {
	BucketBase
	// Indicates if a bucket resource policy should automatically created upon the first call to `addToResourcePolicy`.
	AutoCreatePolicy() *bool
	SetAutoCreatePolicy(val *bool)
	// The ARN of the bucket.
	BucketArn() *string
	// The IPv4 DNS name of the specified bucket.
	BucketDomainName() *string
	// The IPv6 DNS name of the specified bucket.
	BucketDualStackDomainName() *string
	// The name of the bucket.
	BucketName() *string
	// The regional domain name of the specified bucket.
	BucketRegionalDomainName() *string
	// The Domain name of the static website.
	BucketWebsiteDomainName() *string
	// The URL of the static website.
	BucketWebsiteUrl() *string
	// Whether to disallow public access.
	DisallowPublicAccess() *bool
	SetDisallowPublicAccess(val *bool)
	// Optional KMS encryption key associated with this bucket.
	EncryptionKey() awskms.IKey
	// The environment this resource belongs to.
	//
	// For resources that are created and managed by the CDK
	// (generally, those created by creating new class instances like Role, Bucket, etc.),
	// this is always the same as the environment of the stack they belong to;
	// however, for imported resources
	// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
	// that might be different than the stack they were imported into.
	Env() *awscdk.ResourceEnvironment
	// If this bucket has been configured for static website hosting.
	IsWebsite() *bool
	// The tree node.
	Node() constructs.Node
	NotificationsHandlerRole() awsiam.IRole
	SetNotificationsHandlerRole(val awsiam.IRole)
	NotificationsSkipDestinationValidation() *bool
	SetNotificationsSkipDestinationValidation(val *bool)
	ObjectOwnership() ObjectOwnership
	SetObjectOwnership(val ObjectOwnership)
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//   cross-environment scenarios.
	PhysicalName() *string
	// The resource policy associated with this bucket.
	//
	// If `autoCreatePolicy` is true, a `BucketPolicy` will be created upon the
	// first call to addToResourcePolicy(s).
	Policy() BucketPolicy
	SetPolicy(val BucketPolicy)
	// The stack in which this resource is defined.
	Stack() awscdk.Stack
	// Adds a cross-origin access configuration for objects in an Amazon S3 bucket.
	AddCorsRule(rule *CorsRule)
	// Adds a bucket notification event destination.
	//
	// Example:
	//      declare const myLambda: lambda.Function;
	//      const bucket = new s3.Bucket(this, 'MyBucket');
	//      bucket.addEventNotification(s3.EventType.OBJECT_CREATED, new s3n.LambdaDestination(myLambda), {prefix: 'home/myusername/*'});
	//
	// See: https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html
	//
	AddEventNotification(event EventType, dest IBucketNotificationDestination, filters ...*NotificationKeyFilter)
	// Add an inventory configuration.
	AddInventory(inventory *Inventory)
	// Add a lifecycle rule to the bucket.
	AddLifecycleRule(rule *LifecycleRule)
	// Adds a metrics configuration for the CloudWatch request metrics from the bucket.
	AddMetric(metric *BucketMetrics)
	// Subscribes a destination to receive notifications when an object is created in the bucket.
	//
	// This is identical to calling
	// `onEvent(EventType.OBJECT_CREATED)`.
	AddObjectCreatedNotification(dest IBucketNotificationDestination, filters ...*NotificationKeyFilter)
	// Subscribes a destination to receive notifications when an object is removed from the bucket.
	//
	// This is identical to calling
	// `onEvent(EventType.OBJECT_REMOVED)`.
	AddObjectRemovedNotification(dest IBucketNotificationDestination, filters ...*NotificationKeyFilter)
	// Adds a statement to the resource policy for a principal (i.e. account/role/service) to perform actions on this bucket and/or its contents. Use `bucketArn` and `arnForObjects(keys)` to obtain ARNs for this bucket or objects.
	//
	// Note that the policy statement may or may not be added to the policy.
	// For example, when an `IBucket` is created from an existing bucket,
	// it's not possible to tell whether the bucket already has a policy
	// attached, let alone to re-use that policy to add more statements to it.
	// So it's safest to do nothing in these cases.
	//
	// Returns: metadata about the execution of this method. If the policy
	// was not added, the value of `statementAdded` will be `false`. You
	// should always check this value to make sure that the operation was
	// actually carried out. Otherwise, synthesis and deploy will terminate
	// silently, which may be confusing.
	AddToResourcePolicy(permission awsiam.PolicyStatement) *awsiam.AddToResourcePolicyResult
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	// Returns an ARN that represents all objects within the bucket that match the key pattern specified.
	//
	// To represent all keys, specify “"*"“.
	//
	// If you need to specify a keyPattern with multiple components, concatenate them into a single string, e.g.:
	//
	// arnForObjects(`home/${team}/${user}/*`).
	ArnForObjects(keyPattern *string) *string
	// Enables event bridge notification, causing all events below to be sent to EventBridge:.
	//
	// - Object Deleted (DeleteObject)
	// - Object Deleted (Lifecycle expiration)
	// - Object Restore Initiated
	// - Object Restore Completed
	// - Object Restore Expired
	// - Object Storage Class Changed
	// - Object Access Tier Changed
	// - Object ACL Updated
	// - Object Tags Added
	// - Object Tags Deleted.
	EnableEventBridgeNotification()
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	GetResourceNameAttribute(nameAttr *string) *string
	// Grants s3:DeleteObject* permission to an IAM principal for objects in this bucket.
	GrantDelete(identity awsiam.IGrantable, objectsKeyPattern interface{}) awsiam.Grant
	// Allows unrestricted access to objects from this bucket.
	//
	// IMPORTANT: This permission allows anyone to perform actions on S3 objects
	// in this bucket, which is useful for when you configure your bucket as a
	// website and want everyone to be able to read objects in the bucket without
	// needing to authenticate.
	//
	// Without arguments, this method will grant read ("s3:GetObject") access to
	// all objects ("*") in the bucket.
	//
	// The method returns the `iam.Grant` object, which can then be modified
	// as needed. For example, you can add a condition that will restrict access only
	// to an IPv4 range like this:
	//
	//     const grant = bucket.grantPublicAccess();
	//     grant.resourceStatement!.addCondition(‘IpAddress’, { “aws:SourceIp”: “54.240.143.0/24” });
	//
	// Note that if this `IBucket` refers to an existing bucket, possibly not
	// managed by CloudFormation, this method will have no effect, since it's
	// impossible to modify the policy of an existing bucket.
	GrantPublicAccess(keyPrefix *string, allowedActions ...*string) awsiam.Grant
	// Grants s3:PutObject* and s3:Abort* permissions for this bucket to an IAM principal.
	//
	// If encryption is used, permission to use the key to encrypt the contents
	// of written files will also be granted to the same principal.
	GrantPut(identity awsiam.IGrantable, objectsKeyPattern interface{}) awsiam.Grant
	// Grant the given IAM identity permissions to modify the ACLs of objects in the given Bucket.
	//
	// If your application has the '@aws-cdk/aws-s3:grantWriteWithoutAcl' feature flag set,
	// calling `grantWrite` or `grantReadWrite` no longer grants permissions to modify the ACLs of the objects;
	// in this case, if you need to modify object ACLs, call this method explicitly.
	GrantPutAcl(identity awsiam.IGrantable, objectsKeyPattern *string) awsiam.Grant
	// Grant read permissions for this bucket and it's contents to an IAM principal (Role/Group/User).
	//
	// If encryption is used, permission to use the key to decrypt the contents
	// of the bucket will also be granted to the same principal.
	GrantRead(identity awsiam.IGrantable, objectsKeyPattern interface{}) awsiam.Grant
	// Grants read/write permissions for this bucket and it's contents to an IAM principal (Role/Group/User).
	//
	// If an encryption key is used, permission to use the key for
	// encrypt/decrypt will also be granted.
	//
	// Before CDK version 1.85.0, this method granted the `s3:PutObject*` permission that included `s3:PutObjectAcl`,
	// which could be used to grant read/write object access to IAM principals in other accounts.
	// If you want to get rid of that behavior, update your CDK version to 1.85.0 or later,
	// and make sure the `@aws-cdk/aws-s3:grantWriteWithoutAcl` feature flag is set to `true`
	// in the `context` key of your cdk.json file.
	// If you've already updated, but still need the principal to have permissions to modify the ACLs,
	// use the `grantPutAcl` method.
	GrantReadWrite(identity awsiam.IGrantable, objectsKeyPattern interface{}) awsiam.Grant
	// Grant write permissions to this bucket to an IAM principal.
	//
	// If encryption is used, permission to use the key to encrypt the contents
	// of written files will also be granted to the same principal.
	//
	// Before CDK version 1.85.0, this method granted the `s3:PutObject*` permission that included `s3:PutObjectAcl`,
	// which could be used to grant read/write object access to IAM principals in other accounts.
	// If you want to get rid of that behavior, update your CDK version to 1.85.0 or later,
	// and make sure the `@aws-cdk/aws-s3:grantWriteWithoutAcl` feature flag is set to `true`
	// in the `context` key of your cdk.json file.
	// If you've already updated, but still need the principal to have permissions to modify the ACLs,
	// use the `grantPutAcl` method.
	GrantWrite(identity awsiam.IGrantable, objectsKeyPattern interface{}, allowedActionPatterns *[]*string) awsiam.Grant
	// Define a CloudWatch event that triggers when something happens to this repository.
	//
	// Requires that there exists at least one CloudTrail Trail in your account
	// that captures the event. This method will not create the Trail.
	OnCloudTrailEvent(id *string, options *OnCloudTrailBucketEventOptions) awsevents.Rule
	// Defines an AWS CloudWatch event that triggers when an object is uploaded to the specified paths (keys) in this bucket using the PutObject API call.
	//
	// Note that some tools like `aws s3 cp` will automatically use either
	// PutObject or the multipart upload API depending on the file size,
	// so using `onCloudTrailWriteObject` may be preferable.
	//
	// Requires that there exists at least one CloudTrail Trail in your account
	// that captures the event. This method will not create the Trail.
	OnCloudTrailPutObject(id *string, options *OnCloudTrailBucketEventOptions) awsevents.Rule
	// Defines an AWS CloudWatch event that triggers when an object at the specified paths (keys) in this bucket are written to.
	//
	// This includes
	// the events PutObject, CopyObject, and CompleteMultipartUpload.
	//
	// Note that some tools like `aws s3 cp` will automatically use either
	// PutObject or the multipart upload API depending on the file size,
	// so using this method may be preferable to `onCloudTrailPutObject`.
	//
	// Requires that there exists at least one CloudTrail Trail in your account
	// that captures the event. This method will not create the Trail.
	OnCloudTrailWriteObject(id *string, options *OnCloudTrailBucketEventOptions) awsevents.Rule
	// The S3 URL of an S3 object. For example:.
	//
	// - `s3://onlybucket`
	// - `s3://bucket/key`.
	//
	// Returns: an ObjectS3Url token.
	S3UrlForObject(key *string) *string
	// Returns a string representation of this construct.
	ToString() *string
	// The https Transfer Acceleration URL of an S3 object.
	//
	// Specify `dualStack: true` at the options
	// for dual-stack endpoint (connect to the bucket over IPv6). For example:
	//
	// - `https://bucket.s3-accelerate.amazonaws.com`
	// - `https://bucket.s3-accelerate.amazonaws.com/key`
	//
	// Returns: an TransferAccelerationUrl token.
	TransferAccelerationUrlForObject(key *string, options *TransferAccelerationUrlOptions) *string
	// The https URL of an S3 object. Specify `regional: false` at the options for non-regional URLs. For example:.
	//
	// - `https://s3.us-west-1.amazonaws.com/onlybucket`
	// - `https://s3.us-west-1.amazonaws.com/bucket/key`
	// - `https://s3.cn-north-1.amazonaws.com.cn/china-bucket/mykey`
	//
	// Returns: an ObjectS3Url token.
	UrlForObject(key *string) *string
	// The virtual hosted-style URL of an S3 object. Specify `regional: false` at the options for non-regional URL. For example:.
	//
	// - `https://only-bucket.s3.us-west-1.amazonaws.com`
	// - `https://bucket.s3.us-west-1.amazonaws.com/key`
	// - `https://bucket.s3.amazonaws.com/key`
	// - `https://china-bucket.s3.cn-north-1.amazonaws.com.cn/mykey`
	//
	// Returns: an ObjectS3Url token.
	VirtualHostedUrlForObject(key *string, options *VirtualHostedStyleUrlOptions) *string
}

An S3 bucket with associated policy objects.

This bucket does not yet have all features that exposed by the underlying BucketResource.

Example:

import "github.com/aws/aws-cdk-go/awscdk"

s3.NewBucket(*scope, jsii.String("Bucket"), &BucketProps{
	BlockPublicAccess: s3.BlockPublicAccess_BLOCK_ALL(),
	Encryption: s3.BucketEncryption_S3_MANAGED,
	EnforceSSL: jsii.Boolean(true),
	Versioned: jsii.Boolean(true),
	RemovalPolicy: awscdk.RemovalPolicy_RETAIN,
})

func NewBucket

func NewBucket(scope constructs.Construct, id *string, props *BucketProps) Bucket

type BucketAccessControl

type BucketAccessControl string

Default bucket access control types.

Example:

websiteBucket := s3.NewBucket(this, jsii.String("WebsiteBucket"), &BucketProps{
	WebsiteIndexDocument: jsii.String("index.html"),
	PublicReadAccess: jsii.Boolean(true),
})

s3deploy.NewBucketDeployment(this, jsii.String("DeployWebsite"), &BucketDeploymentProps{
	Sources: []iSource{
		s3deploy.Source_Asset(jsii.String("./website-dist")),
	},
	DestinationBucket: websiteBucket,
	DestinationKeyPrefix: jsii.String("web/static"),
	 // optional prefix in destination bucket
	Metadata: map[string]*string{
		"A": jsii.String("1"),
		"b": jsii.String("2"),
	},
	 // user-defined metadata

	// system-defined metadata
	ContentType: jsii.String("text/html"),
	ContentLanguage: jsii.String("en"),
	StorageClass: s3deploy.StorageClass_INTELLIGENT_TIERING,
	ServerSideEncryption: s3deploy.ServerSideEncryption_AES_256,
	CacheControl: []cacheControl{
		s3deploy.*cacheControl_SetPublic(),
		s3deploy.*cacheControl_MaxAge(awscdk.Duration_Hours(jsii.Number(1))),
	},
	AccessControl: s3.BucketAccessControl_BUCKET_OWNER_FULL_CONTROL,
})

See: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html

const (
	// Owner gets FULL_CONTROL.
	//
	// No one else has access rights.
	BucketAccessControl_PRIVATE BucketAccessControl = "PRIVATE"
	// Owner gets FULL_CONTROL.
	//
	// The AllUsers group gets READ access.
	BucketAccessControl_PUBLIC_READ BucketAccessControl = "PUBLIC_READ"
	// Owner gets FULL_CONTROL.
	//
	// The AllUsers group gets READ and WRITE access.
	// Granting this on a bucket is generally not recommended.
	BucketAccessControl_PUBLIC_READ_WRITE BucketAccessControl = "PUBLIC_READ_WRITE"
	// Owner gets FULL_CONTROL.
	//
	// The AuthenticatedUsers group gets READ access.
	BucketAccessControl_AUTHENTICATED_READ BucketAccessControl = "AUTHENTICATED_READ"
	// The LogDelivery group gets WRITE and READ_ACP permissions on the bucket.
	// See: https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerLogs.html
	//
	BucketAccessControl_LOG_DELIVERY_WRITE BucketAccessControl = "LOG_DELIVERY_WRITE"
	// Object owner gets FULL_CONTROL.
	//
	// Bucket owner gets READ access.
	// If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.
	BucketAccessControl_BUCKET_OWNER_READ BucketAccessControl = "BUCKET_OWNER_READ"
	// Both the object owner and the bucket owner get FULL_CONTROL over the object.
	//
	// If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.
	BucketAccessControl_BUCKET_OWNER_FULL_CONTROL BucketAccessControl = "BUCKET_OWNER_FULL_CONTROL"
	// Owner gets FULL_CONTROL.
	//
	// Amazon EC2 gets READ access to GET an Amazon Machine Image (AMI) bundle from Amazon S3.
	BucketAccessControl_AWS_EXEC_READ BucketAccessControl = "AWS_EXEC_READ"
)

type BucketAttributes

type BucketAttributes struct {
	// The account this existing bucket belongs to.
	// Default: - it's assumed the bucket belongs to the same account as the scope it's being imported into.
	//
	Account *string `field:"optional" json:"account" yaml:"account"`
	// The ARN of the bucket.
	//
	// At least one of bucketArn or bucketName must be
	// defined in order to initialize a bucket ref.
	BucketArn *string `field:"optional" json:"bucketArn" yaml:"bucketArn"`
	// The domain name of the bucket.
	// Default: - Inferred from bucket name.
	//
	BucketDomainName *string `field:"optional" json:"bucketDomainName" yaml:"bucketDomainName"`
	// The IPv6 DNS name of the specified bucket.
	BucketDualStackDomainName *string `field:"optional" json:"bucketDualStackDomainName" yaml:"bucketDualStackDomainName"`
	// The name of the bucket.
	//
	// If the underlying value of ARN is a string, the
	// name will be parsed from the ARN. Otherwise, the name is optional, but
	// some features that require the bucket name such as auto-creating a bucket
	// policy, won't work.
	BucketName *string `field:"optional" json:"bucketName" yaml:"bucketName"`
	// The regional domain name of the specified bucket.
	BucketRegionalDomainName *string `field:"optional" json:"bucketRegionalDomainName" yaml:"bucketRegionalDomainName"`
	// Force the format of the website URL of the bucket.
	//
	// This should be true for
	// regions launched since 2014.
	// Default: - inferred from available region information, `false` otherwise.
	//
	// Deprecated: The correct website url format can be inferred automatically from the bucket `region`.
	// Always provide the bucket region if the `bucketWebsiteUrl` will be used.
	// Alternatively provide the full `bucketWebsiteUrl` manually.
	BucketWebsiteNewUrlFormat *bool `field:"optional" json:"bucketWebsiteNewUrlFormat" yaml:"bucketWebsiteNewUrlFormat"`
	// The website URL of the bucket (if static web hosting is enabled).
	// Default: - Inferred from bucket name and region.
	//
	BucketWebsiteUrl *string `field:"optional" json:"bucketWebsiteUrl" yaml:"bucketWebsiteUrl"`
	// KMS encryption key associated with this bucket.
	// Default: - no encryption key.
	//
	EncryptionKey awskms.IKey `field:"optional" json:"encryptionKey" yaml:"encryptionKey"`
	// If this bucket has been configured for static website hosting.
	// Default: false.
	//
	IsWebsite *bool `field:"optional" json:"isWebsite" yaml:"isWebsite"`
	// The role to be used by the notifications handler.
	// Default: - a new role will be created.
	//
	NotificationsHandlerRole awsiam.IRole `field:"optional" json:"notificationsHandlerRole" yaml:"notificationsHandlerRole"`
	// The region this existing bucket is in.
	//
	// Features that require the region (e.g. `bucketWebsiteUrl`) won't fully work
	// if the region cannot be correctly inferred.
	// Default: - it's assumed the bucket is in the same region as the scope it's being imported into.
	//
	Region *string `field:"optional" json:"region" yaml:"region"`
}

A reference to a bucket outside this stack.

Example:

var myLambda function

bucket := s3.Bucket_FromBucketAttributes(this, jsii.String("ImportedBucket"), &BucketAttributes{
	BucketArn: jsii.String("arn:aws:s3:::amzn-s3-demo-bucket"),
})

// now you can just call methods on the bucket
bucket.AddEventNotification(s3.EventType_OBJECT_CREATED, s3n.NewLambdaDestination(myLambda), &NotificationKeyFilter{
	Prefix: jsii.String("home/myusername/*"),
})

type BucketBase

type BucketBase interface {
	awscdk.Resource
	IBucket
	// Indicates if a bucket resource policy should automatically created upon the first call to `addToResourcePolicy`.
	AutoCreatePolicy() *bool
	SetAutoCreatePolicy(val *bool)
	// The ARN of the bucket.
	BucketArn() *string
	// The IPv4 DNS name of the specified bucket.
	BucketDomainName() *string
	// The IPv6 DNS name of the specified bucket.
	BucketDualStackDomainName() *string
	// The name of the bucket.
	BucketName() *string
	// The regional domain name of the specified bucket.
	BucketRegionalDomainName() *string
	// The Domain name of the static website.
	BucketWebsiteDomainName() *string
	// The URL of the static website.
	BucketWebsiteUrl() *string
	// Whether to disallow public access.
	DisallowPublicAccess() *bool
	SetDisallowPublicAccess(val *bool)
	// Optional KMS encryption key associated with this bucket.
	EncryptionKey() awskms.IKey
	// The environment this resource belongs to.
	//
	// For resources that are created and managed by the CDK
	// (generally, those created by creating new class instances like Role, Bucket, etc.),
	// this is always the same as the environment of the stack they belong to;
	// however, for imported resources
	// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
	// that might be different than the stack they were imported into.
	Env() *awscdk.ResourceEnvironment
	// If this bucket has been configured for static website hosting.
	IsWebsite() *bool
	// The tree node.
	Node() constructs.Node
	NotificationsHandlerRole() awsiam.IRole
	SetNotificationsHandlerRole(val awsiam.IRole)
	NotificationsSkipDestinationValidation() *bool
	SetNotificationsSkipDestinationValidation(val *bool)
	ObjectOwnership() ObjectOwnership
	SetObjectOwnership(val ObjectOwnership)
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//   cross-environment scenarios.
	PhysicalName() *string
	// The resource policy associated with this bucket.
	//
	// If `autoCreatePolicy` is true, a `BucketPolicy` will be created upon the
	// first call to addToResourcePolicy(s).
	Policy() BucketPolicy
	SetPolicy(val BucketPolicy)
	// The stack in which this resource is defined.
	Stack() awscdk.Stack
	// Adds a bucket notification event destination.
	//
	// Example:
	//   var myLambda function
	//
	//   bucket := s3.NewBucket(this, jsii.String("MyBucket"))
	//   bucket.AddEventNotification(s3.EventType_OBJECT_CREATED, s3n.NewLambdaDestination(myLambda), &NotificationKeyFilter{
	//   	Prefix: jsii.String("home/myusername/*"),
	//   })
	//
	// See: https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html
	//
	AddEventNotification(event EventType, dest IBucketNotificationDestination, filters ...*NotificationKeyFilter)
	// Subscribes a destination to receive notifications when an object is created in the bucket.
	//
	// This is identical to calling
	// `onEvent(EventType.OBJECT_CREATED)`.
	AddObjectCreatedNotification(dest IBucketNotificationDestination, filters ...*NotificationKeyFilter)
	// Subscribes a destination to receive notifications when an object is removed from the bucket.
	//
	// This is identical to calling
	// `onEvent(EventType.OBJECT_REMOVED)`.
	AddObjectRemovedNotification(dest IBucketNotificationDestination, filters ...*NotificationKeyFilter)
	// Adds a statement to the resource policy for a principal (i.e. account/role/service) to perform actions on this bucket and/or its contents. Use `bucketArn` and `arnForObjects(keys)` to obtain ARNs for this bucket or objects.
	//
	// Note that the policy statement may or may not be added to the policy.
	// For example, when an `IBucket` is created from an existing bucket,
	// it's not possible to tell whether the bucket already has a policy
	// attached, let alone to re-use that policy to add more statements to it.
	// So it's safest to do nothing in these cases.
	//
	// Returns: metadata about the execution of this method. If the policy
	// was not added, the value of `statementAdded` will be `false`. You
	// should always check this value to make sure that the operation was
	// actually carried out. Otherwise, synthesis and deploy will terminate
	// silently, which may be confusing.
	AddToResourcePolicy(permission awsiam.PolicyStatement) *awsiam.AddToResourcePolicyResult
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	// Returns an ARN that represents all objects within the bucket that match the key pattern specified.
	//
	// To represent all keys, specify “"*"“.
	//
	// If you need to specify a keyPattern with multiple components, concatenate them into a single string, e.g.:
	//
	// arnForObjects(`home/${team}/${user}/*`).
	ArnForObjects(keyPattern *string) *string
	// Enables event bridge notification, causing all events below to be sent to EventBridge:.
	//
	// - Object Deleted (DeleteObject)
	// - Object Deleted (Lifecycle expiration)
	// - Object Restore Initiated
	// - Object Restore Completed
	// - Object Restore Expired
	// - Object Storage Class Changed
	// - Object Access Tier Changed
	// - Object ACL Updated
	// - Object Tags Added
	// - Object Tags Deleted.
	EnableEventBridgeNotification()
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	GetResourceNameAttribute(nameAttr *string) *string
	// Grants s3:DeleteObject* permission to an IAM principal for objects in this bucket.
	GrantDelete(identity awsiam.IGrantable, objectsKeyPattern interface{}) awsiam.Grant
	// Allows unrestricted access to objects from this bucket.
	//
	// IMPORTANT: This permission allows anyone to perform actions on S3 objects
	// in this bucket, which is useful for when you configure your bucket as a
	// website and want everyone to be able to read objects in the bucket without
	// needing to authenticate.
	//
	// Without arguments, this method will grant read ("s3:GetObject") access to
	// all objects ("*") in the bucket.
	//
	// The method returns the `iam.Grant` object, which can then be modified
	// as needed. For example, you can add a condition that will restrict access only
	// to an IPv4 range like this:
	//
	//     const grant = bucket.grantPublicAccess();
	//     grant.resourceStatement!.addCondition(‘IpAddress’, { “aws:SourceIp”: “54.240.143.0/24” });
	//
	// Note that if this `IBucket` refers to an existing bucket, possibly not
	// managed by CloudFormation, this method will have no effect, since it's
	// impossible to modify the policy of an existing bucket.
	GrantPublicAccess(keyPrefix *string, allowedActions ...*string) awsiam.Grant
	// Grants s3:PutObject* and s3:Abort* permissions for this bucket to an IAM principal.
	//
	// If encryption is used, permission to use the key to encrypt the contents
	// of written files will also be granted to the same principal.
	GrantPut(identity awsiam.IGrantable, objectsKeyPattern interface{}) awsiam.Grant
	// Grant the given IAM identity permissions to modify the ACLs of objects in the given Bucket.
	//
	// If your application has the '@aws-cdk/aws-s3:grantWriteWithoutAcl' feature flag set,
	// calling `grantWrite` or `grantReadWrite` no longer grants permissions to modify the ACLs of the objects;
	// in this case, if you need to modify object ACLs, call this method explicitly.
	GrantPutAcl(identity awsiam.IGrantable, objectsKeyPattern *string) awsiam.Grant
	// Grant read permissions for this bucket and it's contents to an IAM principal (Role/Group/User).
	//
	// If encryption is used, permission to use the key to decrypt the contents
	// of the bucket will also be granted to the same principal.
	GrantRead(identity awsiam.IGrantable, objectsKeyPattern interface{}) awsiam.Grant
	// Grants read/write permissions for this bucket and it's contents to an IAM principal (Role/Group/User).
	//
	// If an encryption key is used, permission to use the key for
	// encrypt/decrypt will also be granted.
	//
	// Before CDK version 1.85.0, this method granted the `s3:PutObject*` permission that included `s3:PutObjectAcl`,
	// which could be used to grant read/write object access to IAM principals in other accounts.
	// If you want to get rid of that behavior, update your CDK version to 1.85.0 or later,
	// and make sure the `@aws-cdk/aws-s3:grantWriteWithoutAcl` feature flag is set to `true`
	// in the `context` key of your cdk.json file.
	// If you've already updated, but still need the principal to have permissions to modify the ACLs,
	// use the `grantPutAcl` method.
	GrantReadWrite(identity awsiam.IGrantable, objectsKeyPattern interface{}) awsiam.Grant
	// Grant write permissions to this bucket to an IAM principal.
	//
	// If encryption is used, permission to use the key to encrypt the contents
	// of written files will also be granted to the same principal.
	//
	// Before CDK version 1.85.0, this method granted the `s3:PutObject*` permission that included `s3:PutObjectAcl`,
	// which could be used to grant read/write object access to IAM principals in other accounts.
	// If you want to get rid of that behavior, update your CDK version to 1.85.0 or later,
	// and make sure the `@aws-cdk/aws-s3:grantWriteWithoutAcl` feature flag is set to `true`
	// in the `context` key of your cdk.json file.
	// If you've already updated, but still need the principal to have permissions to modify the ACLs,
	// use the `grantPutAcl` method.
	GrantWrite(identity awsiam.IGrantable, objectsKeyPattern interface{}, allowedActionPatterns *[]*string) awsiam.Grant
	// Define a CloudWatch event that triggers when something happens to this repository.
	//
	// Requires that there exists at least one CloudTrail Trail in your account
	// that captures the event. This method will not create the Trail.
	OnCloudTrailEvent(id *string, options *OnCloudTrailBucketEventOptions) awsevents.Rule
	// Defines an AWS CloudWatch event that triggers when an object is uploaded to the specified paths (keys) in this bucket using the PutObject API call.
	//
	// Note that some tools like `aws s3 cp` will automatically use either
	// PutObject or the multipart upload API depending on the file size,
	// so using `onCloudTrailWriteObject` may be preferable.
	//
	// Requires that there exists at least one CloudTrail Trail in your account
	// that captures the event. This method will not create the Trail.
	OnCloudTrailPutObject(id *string, options *OnCloudTrailBucketEventOptions) awsevents.Rule
	// Defines an AWS CloudWatch event that triggers when an object at the specified paths (keys) in this bucket are written to.
	//
	// This includes
	// the events PutObject, CopyObject, and CompleteMultipartUpload.
	//
	// Note that some tools like `aws s3 cp` will automatically use either
	// PutObject or the multipart upload API depending on the file size,
	// so using this method may be preferable to `onCloudTrailPutObject`.
	//
	// Requires that there exists at least one CloudTrail Trail in your account
	// that captures the event. This method will not create the Trail.
	OnCloudTrailWriteObject(id *string, options *OnCloudTrailBucketEventOptions) awsevents.Rule
	// The S3 URL of an S3 object. For example:.
	//
	// - `s3://onlybucket`
	// - `s3://bucket/key`.
	//
	// Returns: an ObjectS3Url token.
	S3UrlForObject(key *string) *string
	// Returns a string representation of this construct.
	ToString() *string
	// The https Transfer Acceleration URL of an S3 object.
	//
	// Specify `dualStack: true` at the options
	// for dual-stack endpoint (connect to the bucket over IPv6). For example:
	//
	// - `https://bucket.s3-accelerate.amazonaws.com`
	// - `https://bucket.s3-accelerate.amazonaws.com/key`
	//
	// Returns: an TransferAccelerationUrl token.
	TransferAccelerationUrlForObject(key *string, options *TransferAccelerationUrlOptions) *string
	// The https URL of an S3 object. Specify `regional: false` at the options for non-regional URLs. For example:.
	//
	// - `https://s3.us-west-1.amazonaws.com/onlybucket`
	// - `https://s3.us-west-1.amazonaws.com/bucket/key`
	// - `https://s3.cn-north-1.amazonaws.com.cn/china-bucket/mykey`
	//
	// Returns: an ObjectS3Url token.
	UrlForObject(key *string) *string
	// The virtual hosted-style URL of an S3 object. Specify `regional: false` at the options for non-regional URL. For example:.
	//
	// - `https://only-bucket.s3.us-west-1.amazonaws.com`
	// - `https://bucket.s3.us-west-1.amazonaws.com/key`
	// - `https://bucket.s3.amazonaws.com/key`
	// - `https://china-bucket.s3.cn-north-1.amazonaws.com.cn/mykey`
	//
	// Returns: an ObjectS3Url token.
	VirtualHostedUrlForObject(key *string, options *VirtualHostedStyleUrlOptions) *string
}

Represents an S3 Bucket.

Buckets can be either defined within this stack:

new Bucket(this, 'MyBucket', { props });

Or imported from an existing bucket:

Bucket.import(this, 'MyImportedBucket', { bucketArn: ... });

You can also export a bucket and import it into another stack:

const ref = myBucket.export();
Bucket.import(this, 'MyImportedBucket', ref);

type BucketEncryption

type BucketEncryption string

What kind of server-side encryption to apply to this bucket.

Example:

import "github.com/aws/aws-cdk-go/awscdk"

app := awscdk.NewApp(&AppProps{
	DefaultStackSynthesizer: awscdkappstagingsynthesizeralpha.AppStagingSynthesizer_DefaultResources(&DefaultResourcesOptions{
		AppId: jsii.String("my-app-id"),
		StagingBucketEncryption: awscdk.BucketEncryption_S3_MANAGED,
		FileAssetPublishingRole: *awscdkappstagingsynthesizeralpha.BootstrapRole_FromRoleArn(jsii.String("arn:aws:iam::123456789012:role/S3Access")),
		ImageAssetPublishingRole: *awscdkappstagingsynthesizeralpha.BootstrapRole_*FromRoleArn(jsii.String("arn:aws:iam::123456789012:role/ECRAccess")),
	}),
})
const (
	// Previous option.
	//
	// Buckets can not be unencrypted now.
	// See: https://docs.aws.amazon.com/AmazonS3/latest/userguide/serv-side-encryption.html
	//
	// Deprecated: S3 applies server-side encryption with SSE-S3 for every bucket
	// that default encryption is not configured.
	BucketEncryption_UNENCRYPTED BucketEncryption = "UNENCRYPTED"
	// Server-side KMS encryption with a master key managed by KMS.
	BucketEncryption_KMS_MANAGED BucketEncryption = "KMS_MANAGED"
	// Server-side encryption with a master key managed by S3.
	BucketEncryption_S3_MANAGED BucketEncryption = "S3_MANAGED"
	// Server-side encryption with a KMS key managed by the user.
	//
	// If `encryptionKey` is specified, this key will be used, otherwise, one will be defined.
	BucketEncryption_KMS BucketEncryption = "KMS"
	// Double server-side KMS encryption with a master key managed by KMS.
	BucketEncryption_DSSE_MANAGED BucketEncryption = "DSSE_MANAGED"
	// Double server-side encryption with a KMS key managed by the user.
	//
	// If `encryptionKey` is specified, this key will be used, otherwise, one will be defined.
	BucketEncryption_DSSE BucketEncryption = "DSSE"
)

type BucketMetrics

type BucketMetrics struct {
	// The ID used to identify the metrics configuration.
	Id *string `field:"required" json:"id" yaml:"id"`
	// The prefix that an object must have to be included in the metrics results.
	Prefix *string `field:"optional" json:"prefix" yaml:"prefix"`
	// Specifies a list of tag filters to use as a metrics configuration filter.
	//
	// The metrics configuration includes only objects that meet the filter's criteria.
	TagFilters *map[string]interface{} `field:"optional" json:"tagFilters" yaml:"tagFilters"`
}

Specifies a metrics configuration for the CloudWatch request metrics from an Amazon S3 bucket.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var tagFilters interface{}

bucketMetrics := &BucketMetrics{
	Id: jsii.String("id"),

	// the properties below are optional
	Prefix: jsii.String("prefix"),
	TagFilters: map[string]interface{}{
		"tagFiltersKey": tagFilters,
	},
}

type BucketNotificationDestinationConfig

type BucketNotificationDestinationConfig struct {
	// The ARN of the destination (i.e. Lambda, SNS, SQS).
	Arn *string `field:"required" json:"arn" yaml:"arn"`
	// The notification type.
	Type BucketNotificationDestinationType `field:"required" json:"type" yaml:"type"`
	// Any additional dependencies that should be resolved before the bucket notification can be configured (for example, the SNS Topic Policy resource).
	Dependencies *[]constructs.IDependable `field:"optional" json:"dependencies" yaml:"dependencies"`
}

Represents the properties of a notification destination.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
import constructs "github.com/aws/constructs-go/constructs"

var dependable iDependable

bucketNotificationDestinationConfig := &BucketNotificationDestinationConfig{
	Arn: jsii.String("arn"),
	Type: awscdk.Aws_s3.BucketNotificationDestinationType_LAMBDA,

	// the properties below are optional
	Dependencies: []*iDependable{
		dependable,
	},
}

type BucketNotificationDestinationType

type BucketNotificationDestinationType string

Supported types of notification destinations.

const (
	BucketNotificationDestinationType_LAMBDA BucketNotificationDestinationType = "LAMBDA"
	BucketNotificationDestinationType_QUEUE  BucketNotificationDestinationType = "QUEUE"
	BucketNotificationDestinationType_TOPIC  BucketNotificationDestinationType = "TOPIC"
)

type BucketPolicy

type BucketPolicy interface {
	awscdk.Resource
	// The Bucket this Policy applies to.
	Bucket() IBucket
	// A policy document containing permissions to add to the specified bucket.
	//
	// For more information, see Access Policy Language Overview in the Amazon
	// Simple Storage Service Developer Guide.
	Document() awsiam.PolicyDocument
	// The environment this resource belongs to.
	//
	// For resources that are created and managed by the CDK
	// (generally, those created by creating new class instances like Role, Bucket, etc.),
	// this is always the same as the environment of the stack they belong to;
	// however, for imported resources
	// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
	// that might be different than the stack they were imported into.
	Env() *awscdk.ResourceEnvironment
	// The tree node.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//   cross-environment scenarios.
	PhysicalName() *string
	// The stack in which this resource is defined.
	Stack() awscdk.Stack
	// Sets the removal policy for the BucketPolicy.
	ApplyRemovalPolicy(removalPolicy awscdk.RemovalPolicy)
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	GetResourceNameAttribute(nameAttr *string) *string
	// Returns a string representation of this construct.
	ToString() *string
}

The bucket policy for an Amazon S3 bucket.

Policies define the operations that are allowed on this resource.

You almost never need to define this construct directly.

All AWS resources that support resource policies have a method called `addToResourcePolicy()`, which will automatically create a new resource policy if one doesn't exist yet, otherwise it will add to the existing policy.

The bucket policy method is implemented differently than `addToResourcePolicy()` as `BucketPolicy()` creates a new policy without knowing one earlier existed. e.g. if during Bucket creation, if `autoDeleteObject:true`, these policies are added to the bucket policy:

["s3:DeleteObject*", "s3:GetBucket*", "s3:List*", "s3:PutBucketPolicy"],

and when you add a new BucketPolicy with ["s3:GetObject", "s3:ListBucket"] on this existing bucket, invoking `BucketPolicy()` will create a new Policy without knowing one earlier exists already, so it creates a new one. In this case, the custom resource handler will not have access to `s3:GetBucketTagging` action which will cause failure during deletion of stack.

Hence its strongly recommended to use `addToResourcePolicy()` method to add new permissions to existing policy.

Example:

bucketName := "amzn-s3-demo-bucket"
accessLogsBucket := s3.NewBucket(this, jsii.String("AccessLogsBucket"), &BucketProps{
	ObjectOwnership: s3.ObjectOwnership_BUCKET_OWNER_ENFORCED,
	BucketName: jsii.String(BucketName),
})

bucketPolicy := s3.NewCfnBucketPolicy(this, jsii.String("BucketPolicy"), &CfnBucketPolicyProps{
	Bucket: bucketName,
	PolicyDocument: map[string]interface{}{
		"Statement": []map[string]interface{}{
			map[string]interface{}{
				"Action": jsii.String("s3:*"),
				"Effect": jsii.String("Deny"),
				"Principal": map[string]*string{
					"AWS": jsii.String("*"),
				},
				"Resource": []*string{
					accessLogsBucket.bucketArn,
					fmt.Sprintf("%v/*", accessLogsBucket.bucketArn),
				},
			},
		},
		"Version": jsii.String("2012-10-17"),
	},
})

// Wrap L1 Construct with L2 Bucket Policy Construct. Subsequent
// generated bucket policy to allow access log delivery would append
// to the current policy.
s3.BucketPolicy_FromCfnBucketPolicy(bucketPolicy)

bucket := s3.NewBucket(this, jsii.String("MyBucket"), &BucketProps{
	ServerAccessLogsBucket: accessLogsBucket,
	ServerAccessLogsPrefix: jsii.String("logs"),
})

func BucketPolicy_FromCfnBucketPolicy added in v2.38.0

func BucketPolicy_FromCfnBucketPolicy(cfnBucketPolicy CfnBucketPolicy) BucketPolicy

Create a mutable `BucketPolicy` from a `CfnBucketPolicy`.

func NewBucketPolicy

func NewBucketPolicy(scope constructs.Construct, id *string, props *BucketPolicyProps) BucketPolicy

type BucketPolicyProps

type BucketPolicyProps struct {
	// The Amazon S3 bucket that the policy applies to.
	Bucket IBucket `field:"required" json:"bucket" yaml:"bucket"`
	// Policy to apply when the policy is removed from this stack.
	// Default: - RemovalPolicy.DESTROY.
	//
	RemovalPolicy awscdk.RemovalPolicy `field:"optional" json:"removalPolicy" yaml:"removalPolicy"`
}

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import cdk "github.com/aws/aws-cdk-go/awscdk"
import "github.com/aws/aws-cdk-go/awscdk"

var bucket bucket

bucketPolicyProps := &BucketPolicyProps{
	Bucket: bucket,

	// the properties below are optional
	RemovalPolicy: cdk.RemovalPolicy_DESTROY,
}

type BucketProps

type BucketProps struct {
	// Specifies a canned ACL that grants predefined permissions to the bucket.
	// Default: BucketAccessControl.PRIVATE
	//
	AccessControl BucketAccessControl `field:"optional" json:"accessControl" yaml:"accessControl"`
	// Whether all objects should be automatically deleted when the bucket is removed from the stack or when the stack is deleted.
	//
	// Requires the `removalPolicy` to be set to `RemovalPolicy.DESTROY`.
	//
	// **Warning** if you have deployed a bucket with `autoDeleteObjects: true`,
	// switching this to `false` in a CDK version *before* `1.126.0` will lead to
	// all objects in the bucket being deleted. Be sure to update your bucket resources
	// by deploying with CDK version `1.126.0` or later **before** switching this value to `false`.
	//
	// Setting `autoDeleteObjects` to true on a bucket will add `s3:PutBucketPolicy` to the
	// bucket policy. This is because during bucket deletion, the custom resource provider
	// needs to update the bucket policy by adding a deny policy for `s3:PutObject` to
	// prevent race conditions with external bucket writers.
	// Default: false.
	//
	AutoDeleteObjects *bool `field:"optional" json:"autoDeleteObjects" yaml:"autoDeleteObjects"`
	// The block public access configuration of this bucket.
	// See: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html
	//
	// Default: - CloudFormation defaults will apply. New buckets and objects don't allow public access, but users can modify bucket policies or object permissions to allow public access
	//
	BlockPublicAccess BlockPublicAccess `field:"optional" json:"blockPublicAccess" yaml:"blockPublicAccess"`
	// Whether Amazon S3 should use its own intermediary key to generate data keys.
	//
	// Only relevant when using KMS for encryption.
	//
	// - If not enabled, every object GET and PUT will cause an API call to KMS (with the
	//   attendant cost implications of that).
	// - If enabled, S3 will use its own time-limited key instead.
	//
	// Only relevant, when Encryption is not set to `BucketEncryption.UNENCRYPTED`.
	// Default: - false.
	//
	BucketKeyEnabled *bool `field:"optional" json:"bucketKeyEnabled" yaml:"bucketKeyEnabled"`
	// Physical name of this bucket.
	// Default: - Assigned by CloudFormation (recommended).
	//
	BucketName *string `field:"optional" json:"bucketName" yaml:"bucketName"`
	// The CORS configuration of this bucket.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-cors.html
	//
	// Default: - No CORS configuration.
	//
	Cors *[]*CorsRule `field:"optional" json:"cors" yaml:"cors"`
	// The kind of server-side encryption to apply to this bucket.
	//
	// If you choose KMS, you can specify a KMS key via `encryptionKey`. If
	// encryption key is not specified, a key will automatically be created.
	// Default: - `KMS` if `encryptionKey` is specified, or `UNENCRYPTED` otherwise.
	// But if `UNENCRYPTED` is specified, the bucket will be encrypted as `S3_MANAGED` automatically.
	//
	Encryption BucketEncryption `field:"optional" json:"encryption" yaml:"encryption"`
	// External KMS key to use for bucket encryption.
	//
	// The `encryption` property must be either not specified or set to `KMS` or `DSSE`.
	// An error will be emitted if `encryption` is set to `UNENCRYPTED` or `S3_MANAGED`.
	// Default: - If `encryption` is set to `KMS` and this property is undefined,
	// a new KMS key will be created and associated with this bucket.
	//
	EncryptionKey awskms.IKey `field:"optional" json:"encryptionKey" yaml:"encryptionKey"`
	// Enforces SSL for requests.
	//
	// S3.5 of the AWS Foundational Security Best Practices Regarding S3.
	// See: https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-ssl-requests-only.html
	//
	// Default: false.
	//
	EnforceSSL *bool `field:"optional" json:"enforceSSL" yaml:"enforceSSL"`
	// Whether this bucket should send notifications to Amazon EventBridge or not.
	// Default: false.
	//
	EventBridgeEnabled *bool `field:"optional" json:"eventBridgeEnabled" yaml:"eventBridgeEnabled"`
	// Inteligent Tiering Configurations.
	// See: https://docs.aws.amazon.com/AmazonS3/latest/userguide/intelligent-tiering.html
	//
	// Default: No Intelligent Tiiering Configurations.
	//
	IntelligentTieringConfigurations *[]*IntelligentTieringConfiguration `field:"optional" json:"intelligentTieringConfigurations" yaml:"intelligentTieringConfigurations"`
	// The inventory configuration of the bucket.
	// See: https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-inventory.html
	//
	// Default: - No inventory configuration.
	//
	Inventories *[]*Inventory `field:"optional" json:"inventories" yaml:"inventories"`
	// Rules that define how Amazon S3 manages objects during their lifetime.
	// Default: - No lifecycle rules.
	//
	LifecycleRules *[]*LifecycleRule `field:"optional" json:"lifecycleRules" yaml:"lifecycleRules"`
	// The metrics configuration of this bucket.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-metricsconfiguration.html
	//
	// Default: - No metrics configuration.
	//
	Metrics *[]*BucketMetrics `field:"optional" json:"metrics" yaml:"metrics"`
	// Enforces minimum TLS version for requests.
	//
	// Requires `enforceSSL` to be enabled.
	// See: https://docs.aws.amazon.com/AmazonS3/latest/userguide/amazon-s3-policy-keys.html#example-object-tls-version
	//
	// Default: No minimum TLS version is enforced.
	//
	MinimumTLSVersion *float64 `field:"optional" json:"minimumTLSVersion" yaml:"minimumTLSVersion"`
	// The role to be used by the notifications handler.
	// Default: - a new role will be created.
	//
	NotificationsHandlerRole awsiam.IRole `field:"optional" json:"notificationsHandlerRole" yaml:"notificationsHandlerRole"`
	// Skips notification validation of Amazon SQS, Amazon SNS, and Lambda destinations.
	// Default: false.
	//
	NotificationsSkipDestinationValidation *bool `field:"optional" json:"notificationsSkipDestinationValidation" yaml:"notificationsSkipDestinationValidation"`
	// The default retention mode and rules for S3 Object Lock.
	//
	// Default retention can be configured after a bucket is created if the bucket already
	// has object lock enabled. Enabling object lock for existing buckets is not supported.
	// See: https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-overview.html#object-lock-bucket-config-enable
	//
	// Default: no default retention period.
	//
	ObjectLockDefaultRetention ObjectLockRetention `field:"optional" json:"objectLockDefaultRetention" yaml:"objectLockDefaultRetention"`
	// Enable object lock on the bucket.
	//
	// Enabling object lock for existing buckets is not supported. Object lock must be
	// enabled when the bucket is created.
	// See: https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-overview.html#object-lock-bucket-config-enable
	//
	// Default: false, unless objectLockDefaultRetention is set (then, true).
	//
	ObjectLockEnabled *bool `field:"optional" json:"objectLockEnabled" yaml:"objectLockEnabled"`
	// The objectOwnership of the bucket.
	// See: https://docs.aws.amazon.com/AmazonS3/latest/dev/about-object-ownership.html
	//
	// Default: - No ObjectOwnership configuration. By default, Amazon S3 sets Object Ownership to `Bucket owner enforced`.
	// This means ACLs are disabled and the bucket owner will own every object.
	//
	ObjectOwnership ObjectOwnership `field:"optional" json:"objectOwnership" yaml:"objectOwnership"`
	// Grants public read access to all objects in the bucket.
	//
	// Similar to calling `bucket.grantPublicAccess()`
	// Default: false.
	//
	PublicReadAccess *bool `field:"optional" json:"publicReadAccess" yaml:"publicReadAccess"`
	// Policy to apply when the bucket is removed from this stack.
	// Default: - The bucket will be orphaned.
	//
	RemovalPolicy awscdk.RemovalPolicy `field:"optional" json:"removalPolicy" yaml:"removalPolicy"`
	// Destination bucket for the server access logs.
	// Default: - If "serverAccessLogsPrefix" undefined - access logs disabled, otherwise - log to current bucket.
	//
	ServerAccessLogsBucket IBucket `field:"optional" json:"serverAccessLogsBucket" yaml:"serverAccessLogsBucket"`
	// Optional log file prefix to use for the bucket's access logs.
	//
	// If defined without "serverAccessLogsBucket", enables access logs to current bucket with this prefix.
	// Default: - No log file prefix.
	//
	ServerAccessLogsPrefix *string `field:"optional" json:"serverAccessLogsPrefix" yaml:"serverAccessLogsPrefix"`
	// Optional key format for log objects.
	// Default: - the default key format is: [DestinationPrefix][YYYY]-[MM]-[DD]-[hh]-[mm]-[ss]-[UniqueString].
	//
	TargetObjectKeyFormat TargetObjectKeyFormat `field:"optional" json:"targetObjectKeyFormat" yaml:"targetObjectKeyFormat"`
	// Whether this bucket should have transfer acceleration turned on or not.
	// Default: false.
	//
	TransferAcceleration *bool `field:"optional" json:"transferAcceleration" yaml:"transferAcceleration"`
	// Indicates which default minimum object size behavior is applied to the lifecycle configuration.
	//
	// To customize the minimum object size for any transition you can add a filter that specifies a custom
	// `objectSizeGreaterThan` or `objectSizeLessThan` for `lifecycleRules` property. Custom filters always
	// take precedence over the default transition behavior.
	// Default: - TransitionDefaultMinimumObjectSize.VARIES_BY_STORAGE_CLASS before September 2024,
	// otherwise TransitionDefaultMinimumObjectSize.ALL_STORAGE_CLASSES_128_K.
	//
	TransitionDefaultMinimumObjectSize TransitionDefaultMinimumObjectSize `field:"optional" json:"transitionDefaultMinimumObjectSize" yaml:"transitionDefaultMinimumObjectSize"`
	// Whether this bucket should have versioning turned on or not.
	// Default: false (unless object lock is enabled, then true).
	//
	Versioned *bool `field:"optional" json:"versioned" yaml:"versioned"`
	// The name of the error document (e.g. "404.html") for the website. `websiteIndexDocument` must also be set if this is set.
	// Default: - No error document.
	//
	WebsiteErrorDocument *string `field:"optional" json:"websiteErrorDocument" yaml:"websiteErrorDocument"`
	// The name of the index document (e.g. "index.html") for the website. Enables static website hosting for this bucket.
	// Default: - No index document.
	//
	WebsiteIndexDocument *string `field:"optional" json:"websiteIndexDocument" yaml:"websiteIndexDocument"`
	// Specifies the redirect behavior of all requests to a website endpoint of a bucket.
	//
	// If you specify this property, you can't specify "websiteIndexDocument", "websiteErrorDocument" nor , "websiteRoutingRules".
	// Default: - No redirection.
	//
	WebsiteRedirect *RedirectTarget `field:"optional" json:"websiteRedirect" yaml:"websiteRedirect"`
	// Rules that define when a redirect is applied and the redirect behavior.
	// Default: - No redirection rules.
	//
	WebsiteRoutingRules *[]*RoutingRule `field:"optional" json:"websiteRoutingRules" yaml:"websiteRoutingRules"`
}

Example:

import kms "github.com/aws/aws-cdk-go/awscdk"

myKmsKey := kms.NewKey(this, jsii.String("myKMSKey"))
myBucket := s3.NewBucket(this, jsii.String("mySSEKMSEncryptedBucket"), &BucketProps{
	Encryption: s3.BucketEncryption_KMS,
	EncryptionKey: myKmsKey,
	ObjectOwnership: s3.ObjectOwnership_BUCKET_OWNER_ENFORCED,
})
cloudfront.NewDistribution(this, jsii.String("myDist"), &DistributionProps{
	DefaultBehavior: &BehaviorOptions{
		Origin: origins.S3BucketOrigin_WithOriginAccessControl(myBucket),
	},
})

type CfnAccessGrant added in v2.112.0

type CfnAccessGrant interface {
	awscdk.CfnResource
	awscdk.IInspectable
	awscdk.ITaggableV2
	// The configuration options of the grant location.
	AccessGrantsLocationConfiguration() interface{}
	SetAccessGrantsLocationConfiguration(val interface{})
	// The ID of the registered location to which you are granting access.
	AccessGrantsLocationId() *string
	SetAccessGrantsLocationId(val *string)
	// The Amazon Resource Name (ARN) of an AWS IAM Identity Center application associated with your Identity Center instance.
	ApplicationArn() *string
	SetApplicationArn(val *string)
	// The ARN of the access grant.
	AttrAccessGrantArn() *string
	// The ID of the access grant.
	//
	// S3 Access Grants auto-generates this ID when you create the access grant.
	AttrAccessGrantId() *string
	// The S3 path of the data to which you are granting access.
	//
	// It is the result of appending the `Subprefix` to the location scope.
	AttrGrantScope() *string
	// Tag Manager which manages the tags for this resource.
	CdkTagManager() awscdk.TagManager
	// Options for this resource, such as condition, update policy etc.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	CfnResourceType() *string
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	CreationStack() *[]*string
	// The user, group, or role to which you are granting access.
	Grantee() interface{}
	SetGrantee(val interface{})
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	LogicalId() *string
	// The tree node.
	Node() constructs.Node
	// The type of access that you are granting to your S3 data, which can be set to one of the following values:  - `READ` – Grant read-only access to the S3 data.
	Permission() *string
	SetPermission(val *string)
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	Ref() *string
	// The type of `S3SubPrefix` .
	S3PrefixType() *string
	SetS3PrefixType(val *string)
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	Stack() awscdk.Stack
	// The AWS resource tags that you are adding to the access grant.
	Tags() *[]*awscdk.CfnTag
	SetTags(val *[]*awscdk.CfnTag)
	// Deprecated.
	// Deprecated: use `updatedProperties`
	//
	// Return properties modified after initiation
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperites() *map[string]interface{}
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperties() *map[string]interface{}
	// Syntactic sugar for `addOverride(path, undefined)`.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	AddDependency(target awscdk.CfnResource)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	// Deprecated: use addDependency.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//   "GlobalSecondaryIndexes": [
	//     {
	//       "Projection": {
	//         "NonKeyAttributes": [ "myattribute" ]
	//         ...
	//       }
	//       ...
	//     },
	//     {
	//       "ProjectionType": "INCLUDE"
	//       ...
	//     },
	//   ]
	//   ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
	// cases, a snapshot can be taken of the resource prior to deletion
	// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
	// can be found in the following link:.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
	//
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Retrieves an array of resources this resource depends on.
	//
	// This assembles dependencies on resources across stacks (including nested stacks)
	// automatically.
	ObtainDependencies() *[]interface{}
	// Get a shallow copy of dependencies between this resource and other resources in the same stack.
	ObtainResourceDependencies() *[]awscdk.CfnResource
	// Overrides the auto-generated logical ID with a specific ID.
	OverrideLogicalId(newLogicalId *string)
	// Indicates that this resource no longer depends on another resource.
	//
	// This can be used for resources across stacks (including nested stacks)
	// and the dependency will automatically be removed from the relevant scope.
	RemoveDependency(target awscdk.CfnResource)
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Replaces one dependency with another.
	ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	ShouldSynthesize() *bool
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	ToString() *string
	ValidateProperties(_properties interface{})
}

The `AWS::S3::AccessGrant` resource creates an access grant that gives a grantee access to your S3 data.

The grantee can be an IAM user or role or a directory user, or group. Before you can create a grant, you must have an S3 Access Grants instance in the same Region as the S3 data. You can create an S3 Access Grants instance using the [AWS::S3::AccessGrantsInstance](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accessgrantsinstance.html) . You must also have registered at least one S3 data location in your S3 Access Grants instance using [AWS::S3::AccessGrantsLocation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accessgrantslocation.html) .

- **Permissions** - You must have the `s3:CreateAccessGrant` permission to use this resource. - **Additional Permissions** - For any directory identity - `sso:DescribeInstance` and `sso:DescribeApplication`

For directory users - `identitystore:DescribeUser`

For directory groups - `identitystore:DescribeGroup`.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnAccessGrant := awscdk.Aws_s3.NewCfnAccessGrant(this, jsii.String("MyCfnAccessGrant"), &CfnAccessGrantProps{
	AccessGrantsLocationId: jsii.String("accessGrantsLocationId"),
	Grantee: &GranteeProperty{
		GranteeIdentifier: jsii.String("granteeIdentifier"),
		GranteeType: jsii.String("granteeType"),
	},
	Permission: jsii.String("permission"),

	// the properties below are optional
	AccessGrantsLocationConfiguration: &AccessGrantsLocationConfigurationProperty{
		S3SubPrefix: jsii.String("s3SubPrefix"),
	},
	ApplicationArn: jsii.String("applicationArn"),
	S3PrefixType: jsii.String("s3PrefixType"),
	Tags: []cfnTag{
		&cfnTag{
			Key: jsii.String("key"),
			Value: jsii.String("value"),
		},
	},
})

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accessgrant.html

func NewCfnAccessGrant added in v2.112.0

func NewCfnAccessGrant(scope constructs.Construct, id *string, props *CfnAccessGrantProps) CfnAccessGrant

type CfnAccessGrantProps added in v2.112.0

type CfnAccessGrantProps struct {
	// The ID of the registered location to which you are granting access.
	//
	// S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID `default` to the default location `s3://` and assigns an auto-generated ID to other locations that you register.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accessgrant.html#cfn-s3-accessgrant-accessgrantslocationid
	//
	AccessGrantsLocationId *string `field:"required" json:"accessGrantsLocationId" yaml:"accessGrantsLocationId"`
	// The user, group, or role to which you are granting access.
	//
	// You can grant access to an IAM user or role. If you have added your corporate directory to AWS IAM Identity Center and associated your Identity Center instance with your S3 Access Grants instance, the grantee can also be a corporate directory user or group.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accessgrant.html#cfn-s3-accessgrant-grantee
	//
	Grantee interface{} `field:"required" json:"grantee" yaml:"grantee"`
	// The type of access that you are granting to your S3 data, which can be set to one of the following values:  - `READ` – Grant read-only access to the S3 data.
	//
	// - `WRITE` – Grant write-only access to the S3 data.
	// - `READWRITE` – Grant both read and write access to the S3 data.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accessgrant.html#cfn-s3-accessgrant-permission
	//
	Permission *string `field:"required" json:"permission" yaml:"permission"`
	// The configuration options of the grant location.
	//
	// The grant location is the S3 path to the data to which you are granting access. It contains the `S3SubPrefix` field. The grant scope is the result of appending the subprefix to the location scope of the registered location.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accessgrant.html#cfn-s3-accessgrant-accessgrantslocationconfiguration
	//
	AccessGrantsLocationConfiguration interface{} `field:"optional" json:"accessGrantsLocationConfiguration" yaml:"accessGrantsLocationConfiguration"`
	// The Amazon Resource Name (ARN) of an AWS IAM Identity Center application associated with your Identity Center instance.
	//
	// If the grant includes an application ARN, the grantee can only access the S3 data through this application.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accessgrant.html#cfn-s3-accessgrant-applicationarn
	//
	ApplicationArn *string `field:"optional" json:"applicationArn" yaml:"applicationArn"`
	// The type of `S3SubPrefix` .
	//
	// The only possible value is `Object` . Pass this value if the access grant scope is an object. Do not pass this value if the access grant scope is a bucket or a bucket and a prefix.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accessgrant.html#cfn-s3-accessgrant-s3prefixtype
	//
	S3PrefixType *string `field:"optional" json:"s3PrefixType" yaml:"s3PrefixType"`
	// The AWS resource tags that you are adding to the access grant.
	//
	// Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accessgrant.html#cfn-s3-accessgrant-tags
	//
	Tags *[]*awscdk.CfnTag `field:"optional" json:"tags" yaml:"tags"`
}

Properties for defining a `CfnAccessGrant`.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnAccessGrantProps := &CfnAccessGrantProps{
	AccessGrantsLocationId: jsii.String("accessGrantsLocationId"),
	Grantee: &GranteeProperty{
		GranteeIdentifier: jsii.String("granteeIdentifier"),
		GranteeType: jsii.String("granteeType"),
	},
	Permission: jsii.String("permission"),

	// the properties below are optional
	AccessGrantsLocationConfiguration: &AccessGrantsLocationConfigurationProperty{
		S3SubPrefix: jsii.String("s3SubPrefix"),
	},
	ApplicationArn: jsii.String("applicationArn"),
	S3PrefixType: jsii.String("s3PrefixType"),
	Tags: []cfnTag{
		&cfnTag{
			Key: jsii.String("key"),
			Value: jsii.String("value"),
		},
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accessgrant.html

type CfnAccessGrant_AccessGrantsLocationConfigurationProperty added in v2.112.0

type CfnAccessGrant_AccessGrantsLocationConfigurationProperty struct {
	// The `S3SubPrefix` is appended to the location scope creating the grant scope.
	//
	// Use this field to narrow the scope of the grant to a subset of the location scope. This field is required if the location scope is the default location `s3://` because you cannot create a grant for all of your S3 data in the Region and must narrow the scope. For example, if the location scope is the default location `s3://` , the `S3SubPrefx` can be a `<bucket-name>/*` , so the full grant scope path would be `s3://<bucket-name>/*` . Or the `S3SubPrefx` can be `<bucket-name>/<prefix-name>*` , so the full grant scope path would be `s3://<bucket-name>/<prefix-name>*` .
	//
	// If the `S3SubPrefix` includes a prefix, append the wildcard character `*` after the prefix to indicate that you want to include all object key names in the bucket that start with that prefix.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-accessgrant-accessgrantslocationconfiguration.html#cfn-s3-accessgrant-accessgrantslocationconfiguration-s3subprefix
	//
	S3SubPrefix *string `field:"required" json:"s3SubPrefix" yaml:"s3SubPrefix"`
}

The configuration options of the S3 Access Grants location.

It contains the `S3SubPrefix` field. The grant scope, the data to which you are granting access, is the result of appending the `Subprefix` field to the scope of the registered location.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

accessGrantsLocationConfigurationProperty := &AccessGrantsLocationConfigurationProperty{
	S3SubPrefix: jsii.String("s3SubPrefix"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-accessgrant-accessgrantslocationconfiguration.html

type CfnAccessGrant_GranteeProperty added in v2.112.0

type CfnAccessGrant_GranteeProperty struct {
	// The unique identifier of the `Grantee` .
	//
	// If the grantee type is `IAM` , the identifier is the IAM Amazon Resource Name (ARN) of the user or role. If the grantee type is a directory user or group, the identifier is 128-bit universally unique identifier (UUID) in the format `a1b2c3d4-5678-90ab-cdef-EXAMPLE11111` . You can obtain this UUID from your AWS IAM Identity Center instance.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-accessgrant-grantee.html#cfn-s3-accessgrant-grantee-granteeidentifier
	//
	GranteeIdentifier *string `field:"required" json:"granteeIdentifier" yaml:"granteeIdentifier"`
	// The type of the grantee to which access has been granted. It can be one of the following values:.
	//
	// - `IAM` - An IAM user or role.
	// - `DIRECTORY_USER` - Your corporate directory user. You can use this option if you have added your corporate identity directory to IAM Identity Center and associated the IAM Identity Center instance with your S3 Access Grants instance.
	// - `DIRECTORY_GROUP` - Your corporate directory group. You can use this option if you have added your corporate identity directory to IAM Identity Center and associated the IAM Identity Center instance with your S3 Access Grants instance.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-accessgrant-grantee.html#cfn-s3-accessgrant-grantee-granteetype
	//
	GranteeType *string `field:"required" json:"granteeType" yaml:"granteeType"`
}

The user, group, or role to which you are granting access.

You can grant access to an IAM user or role. If you have added your corporate directory to AWS IAM Identity Center and associated your Identity Center instance with your S3 Access Grants instance, the grantee can also be a corporate directory user or group.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

granteeProperty := &GranteeProperty{
	GranteeIdentifier: jsii.String("granteeIdentifier"),
	GranteeType: jsii.String("granteeType"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-accessgrant-grantee.html

type CfnAccessGrantsInstance added in v2.112.0

type CfnAccessGrantsInstance interface {
	awscdk.CfnResource
	awscdk.IInspectable
	awscdk.ITaggableV2
	// The ARN of the S3 Access Grants instance.
	AttrAccessGrantsInstanceArn() *string
	// The ID of the S3 Access Grants instance.
	//
	// The ID is `default` . You can have one S3 Access Grants instance per Region per account.
	AttrAccessGrantsInstanceId() *string
	// Tag Manager which manages the tags for this resource.
	CdkTagManager() awscdk.TagManager
	// Options for this resource, such as condition, update policy etc.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	CfnResourceType() *string
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	CreationStack() *[]*string
	// If you would like to associate your S3 Access Grants instance with an AWS IAM Identity Center instance, use this field to pass the Amazon Resource Name (ARN) of the AWS IAM Identity Center instance that you are associating with your S3 Access Grants instance.
	IdentityCenterArn() *string
	SetIdentityCenterArn(val *string)
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	LogicalId() *string
	// The tree node.
	Node() constructs.Node
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	Ref() *string
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	Stack() awscdk.Stack
	// The AWS resource tags that you are adding to the S3 Access Grants instance.
	Tags() *[]*awscdk.CfnTag
	SetTags(val *[]*awscdk.CfnTag)
	// Deprecated.
	// Deprecated: use `updatedProperties`
	//
	// Return properties modified after initiation
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperites() *map[string]interface{}
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperties() *map[string]interface{}
	// Syntactic sugar for `addOverride(path, undefined)`.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	AddDependency(target awscdk.CfnResource)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	// Deprecated: use addDependency.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//   "GlobalSecondaryIndexes": [
	//     {
	//       "Projection": {
	//         "NonKeyAttributes": [ "myattribute" ]
	//         ...
	//       }
	//       ...
	//     },
	//     {
	//       "ProjectionType": "INCLUDE"
	//       ...
	//     },
	//   ]
	//   ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
	// cases, a snapshot can be taken of the resource prior to deletion
	// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
	// can be found in the following link:.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
	//
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Retrieves an array of resources this resource depends on.
	//
	// This assembles dependencies on resources across stacks (including nested stacks)
	// automatically.
	ObtainDependencies() *[]interface{}
	// Get a shallow copy of dependencies between this resource and other resources in the same stack.
	ObtainResourceDependencies() *[]awscdk.CfnResource
	// Overrides the auto-generated logical ID with a specific ID.
	OverrideLogicalId(newLogicalId *string)
	// Indicates that this resource no longer depends on another resource.
	//
	// This can be used for resources across stacks (including nested stacks)
	// and the dependency will automatically be removed from the relevant scope.
	RemoveDependency(target awscdk.CfnResource)
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Replaces one dependency with another.
	ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	ShouldSynthesize() *bool
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	ToString() *string
	ValidateProperties(_properties interface{})
}

The `AWS::S3::AccessGrantInstance` resource creates an S3 Access Grants instance, which serves as a logical grouping for access grants.

You can create one S3 Access Grants instance per Region per account.

- **Permissions** - You must have the `s3:CreateAccessGrantsInstance` permission to use this resource. - **Additional Permissions** - To associate an IAM Identity Center instance with your S3 Access Grants instance, you must also have the `sso:DescribeInstance` , `sso:CreateApplication` , `sso:PutApplicationGrant` , and `sso:PutApplicationAuthenticationMethod` permissions.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnAccessGrantsInstance := awscdk.Aws_s3.NewCfnAccessGrantsInstance(this, jsii.String("MyCfnAccessGrantsInstance"), &CfnAccessGrantsInstanceProps{
	IdentityCenterArn: jsii.String("identityCenterArn"),
	Tags: []cfnTag{
		&cfnTag{
			Key: jsii.String("key"),
			Value: jsii.String("value"),
		},
	},
})

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accessgrantsinstance.html

func NewCfnAccessGrantsInstance added in v2.112.0

func NewCfnAccessGrantsInstance(scope constructs.Construct, id *string, props *CfnAccessGrantsInstanceProps) CfnAccessGrantsInstance

type CfnAccessGrantsInstanceProps added in v2.112.0

type CfnAccessGrantsInstanceProps struct {
	// If you would like to associate your S3 Access Grants instance with an AWS IAM Identity Center instance, use this field to pass the Amazon Resource Name (ARN) of the AWS IAM Identity Center instance that you are associating with your S3 Access Grants instance.
	//
	// An IAM Identity Center instance is your corporate identity directory that you added to the IAM Identity Center.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accessgrantsinstance.html#cfn-s3-accessgrantsinstance-identitycenterarn
	//
	IdentityCenterArn *string `field:"optional" json:"identityCenterArn" yaml:"identityCenterArn"`
	// The AWS resource tags that you are adding to the S3 Access Grants instance.
	//
	// Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accessgrantsinstance.html#cfn-s3-accessgrantsinstance-tags
	//
	Tags *[]*awscdk.CfnTag `field:"optional" json:"tags" yaml:"tags"`
}

Properties for defining a `CfnAccessGrantsInstance`.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnAccessGrantsInstanceProps := &CfnAccessGrantsInstanceProps{
	IdentityCenterArn: jsii.String("identityCenterArn"),
	Tags: []cfnTag{
		&cfnTag{
			Key: jsii.String("key"),
			Value: jsii.String("value"),
		},
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accessgrantsinstance.html

type CfnAccessGrantsLocation added in v2.112.0

type CfnAccessGrantsLocation interface {
	awscdk.CfnResource
	awscdk.IInspectable
	awscdk.ITaggableV2
	// The ARN of the location you are registering.
	AttrAccessGrantsLocationArn() *string
	// The ID of the registered location to which you are granting access.
	//
	// S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID `default` to the default location `s3://` and assigns an auto-generated ID to other locations that you register.
	AttrAccessGrantsLocationId() *string
	// Tag Manager which manages the tags for this resource.
	CdkTagManager() awscdk.TagManager
	// Options for this resource, such as condition, update policy etc.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	CfnResourceType() *string
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	CreationStack() *[]*string
	// The Amazon Resource Name (ARN) of the IAM role for the registered location.
	IamRoleArn() *string
	SetIamRoleArn(val *string)
	// The S3 URI path to the location that you are registering.
	LocationScope() *string
	SetLocationScope(val *string)
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	LogicalId() *string
	// The tree node.
	Node() constructs.Node
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	Ref() *string
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	Stack() awscdk.Stack
	// The AWS resource tags that you are adding to the S3 Access Grants location.
	Tags() *[]*awscdk.CfnTag
	SetTags(val *[]*awscdk.CfnTag)
	// Deprecated.
	// Deprecated: use `updatedProperties`
	//
	// Return properties modified after initiation
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperites() *map[string]interface{}
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperties() *map[string]interface{}
	// Syntactic sugar for `addOverride(path, undefined)`.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	AddDependency(target awscdk.CfnResource)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	// Deprecated: use addDependency.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//   "GlobalSecondaryIndexes": [
	//     {
	//       "Projection": {
	//         "NonKeyAttributes": [ "myattribute" ]
	//         ...
	//       }
	//       ...
	//     },
	//     {
	//       "ProjectionType": "INCLUDE"
	//       ...
	//     },
	//   ]
	//   ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
	// cases, a snapshot can be taken of the resource prior to deletion
	// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
	// can be found in the following link:.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
	//
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Retrieves an array of resources this resource depends on.
	//
	// This assembles dependencies on resources across stacks (including nested stacks)
	// automatically.
	ObtainDependencies() *[]interface{}
	// Get a shallow copy of dependencies between this resource and other resources in the same stack.
	ObtainResourceDependencies() *[]awscdk.CfnResource
	// Overrides the auto-generated logical ID with a specific ID.
	OverrideLogicalId(newLogicalId *string)
	// Indicates that this resource no longer depends on another resource.
	//
	// This can be used for resources across stacks (including nested stacks)
	// and the dependency will automatically be removed from the relevant scope.
	RemoveDependency(target awscdk.CfnResource)
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Replaces one dependency with another.
	ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	ShouldSynthesize() *bool
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	ToString() *string
	ValidateProperties(_properties interface{})
}

The `AWS::S3::AccessGrantsLocation` resource creates the S3 data location that you would like to register in your S3 Access Grants instance.

Your S3 data must be in the same Region as your S3 Access Grants instance. The location can be one of the following:

- The default S3 location `s3://` - A bucket - `S3://<bucket-name>` - A bucket and prefix - `S3://<bucket-name>/<prefix>`

When you register a location, you must include the IAM role that has permission to manage the S3 location that you are registering. Give S3 Access Grants permission to assume this role [using a policy](https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-grants-location.html) . S3 Access Grants assumes this role to manage access to the location and to vend temporary credentials to grantees or client applications.

- **Permissions** - You must have the `s3:CreateAccessGrantsLocation` permission to use this resource. - **Additional Permissions** - You must also have the following permission for the specified IAM role: `iam:PassRole`.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnAccessGrantsLocation := awscdk.Aws_s3.NewCfnAccessGrantsLocation(this, jsii.String("MyCfnAccessGrantsLocation"), &CfnAccessGrantsLocationProps{
	IamRoleArn: jsii.String("iamRoleArn"),
	LocationScope: jsii.String("locationScope"),
	Tags: []cfnTag{
		&cfnTag{
			Key: jsii.String("key"),
			Value: jsii.String("value"),
		},
	},
})

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accessgrantslocation.html

func NewCfnAccessGrantsLocation added in v2.112.0

func NewCfnAccessGrantsLocation(scope constructs.Construct, id *string, props *CfnAccessGrantsLocationProps) CfnAccessGrantsLocation

type CfnAccessGrantsLocationProps added in v2.112.0

type CfnAccessGrantsLocationProps struct {
	// The Amazon Resource Name (ARN) of the IAM role for the registered location.
	//
	// S3 Access Grants assumes this role to manage access to the registered location.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accessgrantslocation.html#cfn-s3-accessgrantslocation-iamrolearn
	//
	IamRoleArn *string `field:"optional" json:"iamRoleArn" yaml:"iamRoleArn"`
	// The S3 URI path to the location that you are registering.
	//
	// The location scope can be the default S3 location `s3://` , the S3 path to a bucket, or the S3 path to a bucket and prefix. A prefix in S3 is a string of characters at the beginning of an object key name used to organize the objects that you store in your S3 buckets. For example, object key names that start with the `engineering/` prefix or object key names that start with the `marketing/campaigns/` prefix.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accessgrantslocation.html#cfn-s3-accessgrantslocation-locationscope
	//
	LocationScope *string `field:"optional" json:"locationScope" yaml:"locationScope"`
	// The AWS resource tags that you are adding to the S3 Access Grants location.
	//
	// Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accessgrantslocation.html#cfn-s3-accessgrantslocation-tags
	//
	Tags *[]*awscdk.CfnTag `field:"optional" json:"tags" yaml:"tags"`
}

Properties for defining a `CfnAccessGrantsLocation`.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnAccessGrantsLocationProps := &CfnAccessGrantsLocationProps{
	IamRoleArn: jsii.String("iamRoleArn"),
	LocationScope: jsii.String("locationScope"),
	Tags: []cfnTag{
		&cfnTag{
			Key: jsii.String("key"),
			Value: jsii.String("value"),
		},
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accessgrantslocation.html

type CfnAccessPoint

type CfnAccessPoint interface {
	awscdk.CfnResource
	awscdk.IInspectable
	// The alias for this access point.
	AttrAlias() *string
	// This property contains the details of the ARN for the access point.
	AttrArn() *string
	// The name of this access point.
	AttrName() *string
	// Indicates whether this access point allows access from the internet.
	//
	// If `VpcConfiguration` is specified for this access point, then `NetworkOrigin` is `VPC` , and the access point doesn't allow access from the internet. Otherwise, `NetworkOrigin` is `Internet` , and the access point allows access from the internet, subject to the access point and bucket access policies.
	//
	// *Allowed values* : `VPC` | `Internet`.
	AttrNetworkOrigin() *string
	// The name of the bucket associated with this access point.
	Bucket() *string
	SetBucket(val *string)
	// The AWS account ID associated with the S3 bucket associated with this access point.
	BucketAccountId() *string
	SetBucketAccountId(val *string)
	// Options for this resource, such as condition, update policy etc.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	CfnResourceType() *string
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	CreationStack() *[]*string
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	LogicalId() *string
	// The name of this access point.
	Name() *string
	SetName(val *string)
	// The tree node.
	Node() constructs.Node
	// The access point policy associated with this access point.
	Policy() interface{}
	SetPolicy(val interface{})
	// The PublicAccessBlock configuration that you want to apply to this Amazon S3 bucket.
	PublicAccessBlockConfiguration() interface{}
	SetPublicAccessBlockConfiguration(val interface{})
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	Ref() *string
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	Stack() awscdk.Stack
	// Deprecated.
	// Deprecated: use `updatedProperties`
	//
	// Return properties modified after initiation
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperites() *map[string]interface{}
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperties() *map[string]interface{}
	// The Virtual Private Cloud (VPC) configuration for this access point, if one exists.
	VpcConfiguration() interface{}
	SetVpcConfiguration(val interface{})
	// Syntactic sugar for `addOverride(path, undefined)`.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	AddDependency(target awscdk.CfnResource)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	// Deprecated: use addDependency.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//   "GlobalSecondaryIndexes": [
	//     {
	//       "Projection": {
	//         "NonKeyAttributes": [ "myattribute" ]
	//         ...
	//       }
	//       ...
	//     },
	//     {
	//       "ProjectionType": "INCLUDE"
	//       ...
	//     },
	//   ]
	//   ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
	// cases, a snapshot can be taken of the resource prior to deletion
	// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
	// can be found in the following link:.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
	//
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Retrieves an array of resources this resource depends on.
	//
	// This assembles dependencies on resources across stacks (including nested stacks)
	// automatically.
	ObtainDependencies() *[]interface{}
	// Get a shallow copy of dependencies between this resource and other resources in the same stack.
	ObtainResourceDependencies() *[]awscdk.CfnResource
	// Overrides the auto-generated logical ID with a specific ID.
	OverrideLogicalId(newLogicalId *string)
	// Indicates that this resource no longer depends on another resource.
	//
	// This can be used for resources across stacks (including nested stacks)
	// and the dependency will automatically be removed from the relevant scope.
	RemoveDependency(target awscdk.CfnResource)
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Replaces one dependency with another.
	ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	ShouldSynthesize() *bool
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	ToString() *string
	ValidateProperties(_properties interface{})
}

The AWS::S3::AccessPoint resource is an Amazon S3 resource type that you can use to access buckets.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var policy interface{}

cfnAccessPoint := awscdk.Aws_s3.NewCfnAccessPoint(this, jsii.String("MyCfnAccessPoint"), &CfnAccessPointProps{
	Bucket: jsii.String("bucket"),

	// the properties below are optional
	BucketAccountId: jsii.String("bucketAccountId"),
	Name: jsii.String("name"),
	Policy: policy,
	PublicAccessBlockConfiguration: &PublicAccessBlockConfigurationProperty{
		BlockPublicAcls: jsii.Boolean(false),
		BlockPublicPolicy: jsii.Boolean(false),
		IgnorePublicAcls: jsii.Boolean(false),
		RestrictPublicBuckets: jsii.Boolean(false),
	},
	VpcConfiguration: &VpcConfigurationProperty{
		VpcId: jsii.String("vpcId"),
	},
})

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html

func NewCfnAccessPoint

func NewCfnAccessPoint(scope constructs.Construct, id *string, props *CfnAccessPointProps) CfnAccessPoint

type CfnAccessPointProps

type CfnAccessPointProps struct {
	// The name of the bucket associated with this access point.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html#cfn-s3-accesspoint-bucket
	//
	Bucket *string `field:"required" json:"bucket" yaml:"bucket"`
	// The AWS account ID associated with the S3 bucket associated with this access point.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html#cfn-s3-accesspoint-bucketaccountid
	//
	BucketAccountId *string `field:"optional" json:"bucketAccountId" yaml:"bucketAccountId"`
	// The name of this access point.
	//
	// If you don't specify a name, AWS CloudFormation generates a unique ID and uses that ID for the access point name.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html#cfn-s3-accesspoint-name
	//
	Name *string `field:"optional" json:"name" yaml:"name"`
	// The access point policy associated with this access point.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html#cfn-s3-accesspoint-policy
	//
	Policy interface{} `field:"optional" json:"policy" yaml:"policy"`
	// The PublicAccessBlock configuration that you want to apply to this Amazon S3 bucket.
	//
	// You can enable the configuration options in any combination. For more information about when Amazon S3 considers a bucket or object public, see [The Meaning of "Public"](https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status) in the *Amazon S3 User Guide* .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html#cfn-s3-accesspoint-publicaccessblockconfiguration
	//
	PublicAccessBlockConfiguration interface{} `field:"optional" json:"publicAccessBlockConfiguration" yaml:"publicAccessBlockConfiguration"`
	// The Virtual Private Cloud (VPC) configuration for this access point, if one exists.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html#cfn-s3-accesspoint-vpcconfiguration
	//
	VpcConfiguration interface{} `field:"optional" json:"vpcConfiguration" yaml:"vpcConfiguration"`
}

Properties for defining a `CfnAccessPoint`.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var policy interface{}

cfnAccessPointProps := &CfnAccessPointProps{
	Bucket: jsii.String("bucket"),

	// the properties below are optional
	BucketAccountId: jsii.String("bucketAccountId"),
	Name: jsii.String("name"),
	Policy: policy,
	PublicAccessBlockConfiguration: &PublicAccessBlockConfigurationProperty{
		BlockPublicAcls: jsii.Boolean(false),
		BlockPublicPolicy: jsii.Boolean(false),
		IgnorePublicAcls: jsii.Boolean(false),
		RestrictPublicBuckets: jsii.Boolean(false),
	},
	VpcConfiguration: &VpcConfigurationProperty{
		VpcId: jsii.String("vpcId"),
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html

type CfnAccessPoint_PublicAccessBlockConfigurationProperty

type CfnAccessPoint_PublicAccessBlockConfigurationProperty struct {
	// Specifies whether Amazon S3 should block public access control lists (ACLs) for this bucket and objects in this bucket.
	//
	// Setting this element to `TRUE` causes the following behavior:
	//
	// - PUT Bucket ACL and PUT Object ACL calls fail if the specified ACL is public.
	// - PUT Object calls fail if the request includes a public ACL.
	// - PUT Bucket calls fail if the request includes a public ACL.
	//
	// Enabling this setting doesn't affect existing policies or ACLs.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-accesspoint-publicaccessblockconfiguration.html#cfn-s3-accesspoint-publicaccessblockconfiguration-blockpublicacls
	//
	BlockPublicAcls interface{} `field:"optional" json:"blockPublicAcls" yaml:"blockPublicAcls"`
	// Specifies whether Amazon S3 should block public bucket policies for this bucket.
	//
	// Setting this element to `TRUE` causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access.
	//
	// Enabling this setting doesn't affect existing bucket policies.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-accesspoint-publicaccessblockconfiguration.html#cfn-s3-accesspoint-publicaccessblockconfiguration-blockpublicpolicy
	//
	BlockPublicPolicy interface{} `field:"optional" json:"blockPublicPolicy" yaml:"blockPublicPolicy"`
	// Specifies whether Amazon S3 should ignore public ACLs for this bucket and objects in this bucket.
	//
	// Setting this element to `TRUE` causes Amazon S3 to ignore all public ACLs on this bucket and objects in this bucket.
	//
	// Enabling this setting doesn't affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-accesspoint-publicaccessblockconfiguration.html#cfn-s3-accesspoint-publicaccessblockconfiguration-ignorepublicacls
	//
	IgnorePublicAcls interface{} `field:"optional" json:"ignorePublicAcls" yaml:"ignorePublicAcls"`
	// Specifies whether Amazon S3 should restrict public bucket policies for this bucket.
	//
	// Setting this element to `TRUE` restricts access to this bucket to only AWS service principals and authorized users within this account if the bucket has a public policy.
	//
	// Enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-accesspoint-publicaccessblockconfiguration.html#cfn-s3-accesspoint-publicaccessblockconfiguration-restrictpublicbuckets
	//
	RestrictPublicBuckets interface{} `field:"optional" json:"restrictPublicBuckets" yaml:"restrictPublicBuckets"`
}

The PublicAccessBlock configuration that you want to apply to this Amazon S3 bucket.

You can enable the configuration options in any combination. For more information about when Amazon S3 considers a bucket or object public, see [The Meaning of "Public"](https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status) in the *Amazon S3 User Guide* .

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

publicAccessBlockConfigurationProperty := &PublicAccessBlockConfigurationProperty{
	BlockPublicAcls: jsii.Boolean(false),
	BlockPublicPolicy: jsii.Boolean(false),
	IgnorePublicAcls: jsii.Boolean(false),
	RestrictPublicBuckets: jsii.Boolean(false),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-accesspoint-publicaccessblockconfiguration.html

type CfnAccessPoint_VpcConfigurationProperty

type CfnAccessPoint_VpcConfigurationProperty struct {
	// If this field is specified, the access point will only allow connections from the specified VPC ID.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-accesspoint-vpcconfiguration.html#cfn-s3-accesspoint-vpcconfiguration-vpcid
	//
	VpcId *string `field:"optional" json:"vpcId" yaml:"vpcId"`
}

The Virtual Private Cloud (VPC) configuration for this access point.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

vpcConfigurationProperty := &VpcConfigurationProperty{
	VpcId: jsii.String("vpcId"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-accesspoint-vpcconfiguration.html

type CfnBucket

type CfnBucket interface {
	awscdk.CfnResource
	awscdk.IInspectable
	awscdk.ITaggable
	// Configures the transfer acceleration state for an Amazon S3 bucket.
	AccelerateConfiguration() interface{}
	SetAccelerateConfiguration(val interface{})
	// > This is a legacy property, and it is not recommended for most use cases.
	AccessControl() *string
	SetAccessControl(val *string)
	// Specifies the configuration and any analyses for the analytics filter of an Amazon S3 bucket.
	AnalyticsConfigurations() interface{}
	SetAnalyticsConfigurations(val interface{})
	// Returns the Amazon Resource Name (ARN) of the specified bucket.
	//
	// Example: `arn:aws:s3:::DOC-EXAMPLE-BUCKET`.
	AttrArn() *string
	// Returns the IPv4 DNS name of the specified bucket.
	//
	// Example: `DOC-EXAMPLE-BUCKET.s3.amazonaws.com`
	AttrDomainName() *string
	// Returns the IPv6 DNS name of the specified bucket.
	//
	// Example: `DOC-EXAMPLE-BUCKET.s3.dualstack.us-east-2.amazonaws.com`
	//
	// For more information about dual-stack endpoints, see [Using Amazon S3 Dual-Stack Endpoints](https://docs.aws.amazon.com/AmazonS3/latest/dev/dual-stack-endpoints.html) .
	AttrDualStackDomainName() *string
	// Returns the regional domain name of the specified bucket.
	//
	// Example: `DOC-EXAMPLE-BUCKET.s3.us-east-2.amazonaws.com`
	AttrRegionalDomainName() *string
	// Returns the Amazon S3 website endpoint for the specified bucket.
	//
	// Example (IPv4): `http://DOC-EXAMPLE-BUCKET.s3-website.us-east-2.amazonaws.com`
	//
	// Example (IPv6): `http://DOC-EXAMPLE-BUCKET.s3.dualstack.us-east-2.amazonaws.com`
	AttrWebsiteUrl() *string
	// Specifies default encryption for a bucket using server-side encryption with Amazon S3-managed keys (SSE-S3), AWS KMS-managed keys (SSE-KMS), or dual-layer server-side encryption with KMS-managed keys (DSSE-KMS).
	BucketEncryption() interface{}
	SetBucketEncryption(val interface{})
	// A name for the bucket.
	BucketName() *string
	SetBucketName(val *string)
	// Options for this resource, such as condition, update policy etc.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	CfnResourceType() *string
	// Describes the cross-origin access configuration for objects in an Amazon S3 bucket.
	CorsConfiguration() interface{}
	SetCorsConfiguration(val interface{})
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	CreationStack() *[]*string
	// Defines how Amazon S3 handles Intelligent-Tiering storage.
	IntelligentTieringConfigurations() interface{}
	SetIntelligentTieringConfigurations(val interface{})
	// Specifies the inventory configuration for an Amazon S3 bucket.
	InventoryConfigurations() interface{}
	SetInventoryConfigurations(val interface{})
	// Specifies the lifecycle configuration for objects in an Amazon S3 bucket.
	LifecycleConfiguration() interface{}
	SetLifecycleConfiguration(val interface{})
	// Settings that define where logs are stored.
	LoggingConfiguration() interface{}
	SetLoggingConfiguration(val interface{})
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	LogicalId() *string
	// Specifies a metrics configuration for the CloudWatch request metrics (specified by the metrics configuration ID) from an Amazon S3 bucket.
	MetricsConfigurations() interface{}
	SetMetricsConfigurations(val interface{})
	// The tree node.
	Node() constructs.Node
	// Configuration that defines how Amazon S3 handles bucket notifications.
	NotificationConfiguration() interface{}
	SetNotificationConfiguration(val interface{})
	// > This operation is not supported by directory buckets.
	ObjectLockConfiguration() interface{}
	SetObjectLockConfiguration(val interface{})
	// Indicates whether this bucket has an Object Lock configuration enabled.
	ObjectLockEnabled() interface{}
	SetObjectLockEnabled(val interface{})
	// Configuration that defines how Amazon S3 handles Object Ownership rules.
	OwnershipControls() interface{}
	SetOwnershipControls(val interface{})
	// Configuration that defines how Amazon S3 handles public access.
	PublicAccessBlockConfiguration() interface{}
	SetPublicAccessBlockConfiguration(val interface{})
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	Ref() *string
	// Configuration for replicating objects in an S3 bucket.
	ReplicationConfiguration() interface{}
	SetReplicationConfiguration(val interface{})
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	Stack() awscdk.Stack
	// Tag Manager which manages the tags for this resource.
	Tags() awscdk.TagManager
	// An arbitrary set of tags (key-value pairs) for this S3 bucket.
	TagsRaw() *[]*awscdk.CfnTag
	SetTagsRaw(val *[]*awscdk.CfnTag)
	// Deprecated.
	// Deprecated: use `updatedProperties`
	//
	// Return properties modified after initiation
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperites() *map[string]interface{}
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperties() *map[string]interface{}
	// Enables multiple versions of all objects in this bucket.
	VersioningConfiguration() interface{}
	SetVersioningConfiguration(val interface{})
	// Information used to configure the bucket as a static website.
	WebsiteConfiguration() interface{}
	SetWebsiteConfiguration(val interface{})
	// Syntactic sugar for `addOverride(path, undefined)`.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	AddDependency(target awscdk.CfnResource)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	// Deprecated: use addDependency.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//   "GlobalSecondaryIndexes": [
	//     {
	//       "Projection": {
	//         "NonKeyAttributes": [ "myattribute" ]
	//         ...
	//       }
	//       ...
	//     },
	//     {
	//       "ProjectionType": "INCLUDE"
	//       ...
	//     },
	//   ]
	//   ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
	// cases, a snapshot can be taken of the resource prior to deletion
	// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
	// can be found in the following link:.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
	//
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Retrieves an array of resources this resource depends on.
	//
	// This assembles dependencies on resources across stacks (including nested stacks)
	// automatically.
	ObtainDependencies() *[]interface{}
	// Get a shallow copy of dependencies between this resource and other resources in the same stack.
	ObtainResourceDependencies() *[]awscdk.CfnResource
	// Overrides the auto-generated logical ID with a specific ID.
	OverrideLogicalId(newLogicalId *string)
	// Indicates that this resource no longer depends on another resource.
	//
	// This can be used for resources across stacks (including nested stacks)
	// and the dependency will automatically be removed from the relevant scope.
	RemoveDependency(target awscdk.CfnResource)
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Replaces one dependency with another.
	ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	ShouldSynthesize() *bool
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	ToString() *string
	ValidateProperties(_properties interface{})
}

The `AWS::S3::Bucket` resource creates an Amazon S3 bucket in the same AWS Region where you create the AWS CloudFormation stack.

To control how AWS CloudFormation handles the bucket when the stack is deleted, you can set a deletion policy for your bucket. You can choose to *retain* the bucket or to *delete* the bucket. For more information, see [DeletionPolicy Attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html) .

> You can only delete empty buckets. Deletion fails for buckets that have contents.

Example:

var cfnTemplate cfnInclude

cfnBucket := cfnTemplate.GetResource(jsii.String("Bucket")).(cfnBucket)

role := iam.NewRole(this, jsii.String("Role"), &RoleProps{
	AssumedBy: iam.NewAnyPrincipal(),
})
role.AddToPolicy(iam.NewPolicyStatement(&PolicyStatementProps{
	Actions: []*string{
		jsii.String("s3:*"),
	},
	Resources: []*string{
		cfnBucket.AttrArn,
	},
}))

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-bucket.html

func NewCfnBucket

func NewCfnBucket(scope constructs.Construct, id *string, props *CfnBucketProps) CfnBucket

type CfnBucketPolicy

type CfnBucketPolicy interface {
	awscdk.CfnResource
	awscdk.IInspectable
	// The name of the Amazon S3 bucket to which the policy applies.
	Bucket() *string
	SetBucket(val *string)
	// Options for this resource, such as condition, update policy etc.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	CfnResourceType() *string
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	CreationStack() *[]*string
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	LogicalId() *string
	// The tree node.
	Node() constructs.Node
	// A policy document containing permissions to add to the specified bucket.
	PolicyDocument() interface{}
	SetPolicyDocument(val interface{})
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	Ref() *string
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	Stack() awscdk.Stack
	// Deprecated.
	// Deprecated: use `updatedProperties`
	//
	// Return properties modified after initiation
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperites() *map[string]interface{}
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperties() *map[string]interface{}
	// Syntactic sugar for `addOverride(path, undefined)`.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	AddDependency(target awscdk.CfnResource)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	// Deprecated: use addDependency.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//   "GlobalSecondaryIndexes": [
	//     {
	//       "Projection": {
	//         "NonKeyAttributes": [ "myattribute" ]
	//         ...
	//       }
	//       ...
	//     },
	//     {
	//       "ProjectionType": "INCLUDE"
	//       ...
	//     },
	//   ]
	//   ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
	// cases, a snapshot can be taken of the resource prior to deletion
	// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
	// can be found in the following link:.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
	//
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Retrieves an array of resources this resource depends on.
	//
	// This assembles dependencies on resources across stacks (including nested stacks)
	// automatically.
	ObtainDependencies() *[]interface{}
	// Get a shallow copy of dependencies between this resource and other resources in the same stack.
	ObtainResourceDependencies() *[]awscdk.CfnResource
	// Overrides the auto-generated logical ID with a specific ID.
	OverrideLogicalId(newLogicalId *string)
	// Indicates that this resource no longer depends on another resource.
	//
	// This can be used for resources across stacks (including nested stacks)
	// and the dependency will automatically be removed from the relevant scope.
	RemoveDependency(target awscdk.CfnResource)
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Replaces one dependency with another.
	ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	ShouldSynthesize() *bool
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	ToString() *string
	ValidateProperties(_properties interface{})
}

Applies an Amazon S3 bucket policy to an Amazon S3 bucket.

If you are using an identity other than the root user of the AWS account that owns the bucket, the calling identity must have the `PutBucketPolicy` permissions on the specified bucket and belong to the bucket owner's account in order to use this operation.

If you don't have `PutBucketPolicy` permissions, Amazon S3 returns a `403 Access Denied` error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a `405 Method Not Allowed` error.

> As a security precaution, the root user of the AWS account that owns a bucket can always use this operation, even if the policy explicitly denies the root user the ability to perform this action.

For more information, see [Bucket policy examples](https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html) .

The following operations are related to `PutBucketPolicy` :

- [CreateBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) - [DeleteBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html)

Example:

bucketName := "amzn-s3-demo-bucket"
accessLogsBucket := s3.NewBucket(this, jsii.String("AccessLogsBucket"), &BucketProps{
	ObjectOwnership: s3.ObjectOwnership_BUCKET_OWNER_ENFORCED,
	BucketName: jsii.String(BucketName),
})

// Creating a bucket policy using L1
bucketPolicy := s3.NewCfnBucketPolicy(this, jsii.String("BucketPolicy"), &CfnBucketPolicyProps{
	Bucket: bucketName,
	PolicyDocument: map[string]interface{}{
		"Statement": []map[string]interface{}{
			map[string]interface{}{
				"Action": jsii.String("s3:*"),
				"Effect": jsii.String("Deny"),
				"Principal": map[string]*string{
					"AWS": jsii.String("*"),
				},
				"Resource": []*string{
					accessLogsBucket.bucketArn,
					fmt.Sprintf("%v/*", accessLogsBucket.bucketArn),
				},
			},
		},
		"Version": jsii.String("2012-10-17"),
	},
})

// 'serverAccessLogsBucket' will create a new L2 bucket policy
// to allow log delivery and overwrite the L1 bucket policy.
bucket := s3.NewBucket(this, jsii.String("MyBucket"), &BucketProps{
	ServerAccessLogsBucket: accessLogsBucket,
	ServerAccessLogsPrefix: jsii.String("logs"),
})

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-bucketpolicy.html

func NewCfnBucketPolicy

func NewCfnBucketPolicy(scope constructs.Construct, id *string, props *CfnBucketPolicyProps) CfnBucketPolicy

type CfnBucketPolicyProps

type CfnBucketPolicyProps struct {
	// The name of the Amazon S3 bucket to which the policy applies.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-bucketpolicy.html#cfn-s3-bucketpolicy-bucket
	//
	Bucket *string `field:"required" json:"bucket" yaml:"bucket"`
	// A policy document containing permissions to add to the specified bucket.
	//
	// In IAM, you must provide policy documents in JSON format. However, in CloudFormation you can provide the policy in JSON or YAML format because CloudFormation converts YAML to JSON before submitting it to IAM. For more information, see the AWS::IAM::Policy [PolicyDocument](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html#cfn-iam-policy-policydocument) resource description in this guide and [Access Policy Language Overview](https://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html) in the *Amazon S3 User Guide* .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-bucketpolicy.html#cfn-s3-bucketpolicy-policydocument
	//
	PolicyDocument interface{} `field:"required" json:"policyDocument" yaml:"policyDocument"`
}

Properties for defining a `CfnBucketPolicy`.

Example:

bucketName := "amzn-s3-demo-bucket"
accessLogsBucket := s3.NewBucket(this, jsii.String("AccessLogsBucket"), &BucketProps{
	ObjectOwnership: s3.ObjectOwnership_BUCKET_OWNER_ENFORCED,
	BucketName: jsii.String(BucketName),
})

// Creating a bucket policy using L1
bucketPolicy := s3.NewCfnBucketPolicy(this, jsii.String("BucketPolicy"), &CfnBucketPolicyProps{
	Bucket: bucketName,
	PolicyDocument: map[string]interface{}{
		"Statement": []map[string]interface{}{
			map[string]interface{}{
				"Action": jsii.String("s3:*"),
				"Effect": jsii.String("Deny"),
				"Principal": map[string]*string{
					"AWS": jsii.String("*"),
				},
				"Resource": []*string{
					accessLogsBucket.bucketArn,
					fmt.Sprintf("%v/*", accessLogsBucket.bucketArn),
				},
			},
		},
		"Version": jsii.String("2012-10-17"),
	},
})

// 'serverAccessLogsBucket' will create a new L2 bucket policy
// to allow log delivery and overwrite the L1 bucket policy.
bucket := s3.NewBucket(this, jsii.String("MyBucket"), &BucketProps{
	ServerAccessLogsBucket: accessLogsBucket,
	ServerAccessLogsPrefix: jsii.String("logs"),
})

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-bucketpolicy.html

type CfnBucketProps

type CfnBucketProps struct {
	// Configures the transfer acceleration state for an Amazon S3 bucket.
	//
	// For more information, see [Amazon S3 Transfer Acceleration](https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html) in the *Amazon S3 User Guide* .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-bucket.html#cfn-s3-bucket-accelerateconfiguration
	//
	AccelerateConfiguration interface{} `field:"optional" json:"accelerateConfiguration" yaml:"accelerateConfiguration"`
	// > This is a legacy property, and it is not recommended for most use cases.
	//
	// A majority of modern use cases in Amazon S3 no longer require the use of ACLs, and we recommend that you keep ACLs disabled. For more information, see [Controlling object ownership](https://docs.aws.amazon.com//AmazonS3/latest/userguide/about-object-ownership.html) in the *Amazon S3 User Guide* .
	//
	// A canned access control list (ACL) that grants predefined permissions to the bucket. For more information about canned ACLs, see [Canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl) in the *Amazon S3 User Guide* .
	//
	// S3 buckets are created with ACLs disabled by default. Therefore, unless you explicitly set the [AWS::S3::OwnershipControls](https://docs.aws.amazon.com//AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-ownershipcontrols.html) property to enable ACLs, your resource will fail to deploy with any value other than Private. Use cases requiring ACLs are uncommon.
	//
	// The majority of access control configurations can be successfully and more easily achieved with bucket policies. For more information, see [AWS::S3::BucketPolicy](https://docs.aws.amazon.com//AWSCloudFormation/latest/UserGuide/aws-properties-s3-policy.html) . For examples of common policy configurations, including S3 Server Access Logs buckets and more, see [Bucket policy examples](https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html) in the *Amazon S3 User Guide* .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-bucket.html#cfn-s3-bucket-accesscontrol
	//
	AccessControl *string `field:"optional" json:"accessControl" yaml:"accessControl"`
	// Specifies the configuration and any analyses for the analytics filter of an Amazon S3 bucket.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-bucket.html#cfn-s3-bucket-analyticsconfigurations
	//
	AnalyticsConfigurations interface{} `field:"optional" json:"analyticsConfigurations" yaml:"analyticsConfigurations"`
	// Specifies default encryption for a bucket using server-side encryption with Amazon S3-managed keys (SSE-S3), AWS KMS-managed keys (SSE-KMS), or dual-layer server-side encryption with KMS-managed keys (DSSE-KMS).
	//
	// For information about the Amazon S3 default encryption feature, see [Amazon S3 Default Encryption for S3 Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) in the *Amazon S3 User Guide* .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-bucket.html#cfn-s3-bucket-bucketencryption
	//
	BucketEncryption interface{} `field:"optional" json:"bucketEncryption" yaml:"bucketEncryption"`
	// A name for the bucket.
	//
	// If you don't specify a name, AWS CloudFormation generates a unique ID and uses that ID for the bucket name. The bucket name must contain only lowercase letters, numbers, periods (.), and dashes (-) and must follow [Amazon S3 bucket restrictions and limitations](https://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html) . For more information, see [Rules for naming Amazon S3 buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html#bucketnamingrules) in the *Amazon S3 User Guide* .
	//
	// > If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you need to replace the resource, specify a new name.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-bucket.html#cfn-s3-bucket-bucketname
	//
	BucketName *string `field:"optional" json:"bucketName" yaml:"bucketName"`
	// Describes the cross-origin access configuration for objects in an Amazon S3 bucket.
	//
	// For more information, see [Enabling Cross-Origin Resource Sharing](https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html) in the *Amazon S3 User Guide* .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-bucket.html#cfn-s3-bucket-corsconfiguration
	//
	CorsConfiguration interface{} `field:"optional" json:"corsConfiguration" yaml:"corsConfiguration"`
	// Defines how Amazon S3 handles Intelligent-Tiering storage.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-bucket.html#cfn-s3-bucket-intelligenttieringconfigurations
	//
	IntelligentTieringConfigurations interface{} `field:"optional" json:"intelligentTieringConfigurations" yaml:"intelligentTieringConfigurations"`
	// Specifies the inventory configuration for an Amazon S3 bucket.
	//
	// For more information, see [GET Bucket inventory](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETInventoryConfig.html) in the *Amazon S3 API Reference* .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-bucket.html#cfn-s3-bucket-inventoryconfigurations
	//
	InventoryConfigurations interface{} `field:"optional" json:"inventoryConfigurations" yaml:"inventoryConfigurations"`
	// Specifies the lifecycle configuration for objects in an Amazon S3 bucket.
	//
	// For more information, see [Object Lifecycle Management](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html) in the *Amazon S3 User Guide* .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-bucket.html#cfn-s3-bucket-lifecycleconfiguration
	//
	LifecycleConfiguration interface{} `field:"optional" json:"lifecycleConfiguration" yaml:"lifecycleConfiguration"`
	// Settings that define where logs are stored.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-bucket.html#cfn-s3-bucket-loggingconfiguration
	//
	LoggingConfiguration interface{} `field:"optional" json:"loggingConfiguration" yaml:"loggingConfiguration"`
	// Specifies a metrics configuration for the CloudWatch request metrics (specified by the metrics configuration ID) from an Amazon S3 bucket.
	//
	// If you're updating an existing metrics configuration, note that this is a full replacement of the existing metrics configuration. If you don't include the elements you want to keep, they are erased. For more information, see [PutBucketMetricsConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTMetricConfiguration.html) .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-bucket.html#cfn-s3-bucket-metricsconfigurations
	//
	MetricsConfigurations interface{} `field:"optional" json:"metricsConfigurations" yaml:"metricsConfigurations"`
	// Configuration that defines how Amazon S3 handles bucket notifications.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-bucket.html#cfn-s3-bucket-notificationconfiguration
	//
	NotificationConfiguration interface{} `field:"optional" json:"notificationConfiguration" yaml:"notificationConfiguration"`
	// > This operation is not supported by directory buckets.
	//
	// Places an Object Lock configuration on the specified bucket. The rule specified in the Object Lock configuration will be applied by default to every new object placed in the specified bucket. For more information, see [Locking Objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html) .
	//
	// > - The `DefaultRetention` settings require both a mode and a period.
	// > - The `DefaultRetention` period can be either `Days` or `Years` but you must select one. You cannot specify `Days` and `Years` at the same time.
	// > - You can enable Object Lock for new or existing buckets. For more information, see [Configuring Object Lock](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-configure.html) .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-bucket.html#cfn-s3-bucket-objectlockconfiguration
	//
	ObjectLockConfiguration interface{} `field:"optional" json:"objectLockConfiguration" yaml:"objectLockConfiguration"`
	// Indicates whether this bucket has an Object Lock configuration enabled.
	//
	// Enable `ObjectLockEnabled` when you apply `ObjectLockConfiguration` to a bucket.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-bucket.html#cfn-s3-bucket-objectlockenabled
	//
	ObjectLockEnabled interface{} `field:"optional" json:"objectLockEnabled" yaml:"objectLockEnabled"`
	// Configuration that defines how Amazon S3 handles Object Ownership rules.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-bucket.html#cfn-s3-bucket-ownershipcontrols
	//
	OwnershipControls interface{} `field:"optional" json:"ownershipControls" yaml:"ownershipControls"`
	// Configuration that defines how Amazon S3 handles public access.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-bucket.html#cfn-s3-bucket-publicaccessblockconfiguration
	//
	PublicAccessBlockConfiguration interface{} `field:"optional" json:"publicAccessBlockConfiguration" yaml:"publicAccessBlockConfiguration"`
	// Configuration for replicating objects in an S3 bucket.
	//
	// To enable replication, you must also enable versioning by using the `VersioningConfiguration` property.
	//
	// Amazon S3 can store replicated objects in a single destination bucket or multiple destination buckets. The destination bucket or buckets must already exist.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-bucket.html#cfn-s3-bucket-replicationconfiguration
	//
	ReplicationConfiguration interface{} `field:"optional" json:"replicationConfiguration" yaml:"replicationConfiguration"`
	// An arbitrary set of tags (key-value pairs) for this S3 bucket.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-bucket.html#cfn-s3-bucket-tags
	//
	Tags *[]*awscdk.CfnTag `field:"optional" json:"tags" yaml:"tags"`
	// Enables multiple versions of all objects in this bucket.
	//
	// You might enable versioning to prevent objects from being deleted or overwritten by mistake or to archive objects so that you can retrieve previous versions of them.
	//
	// > When you enable versioning on a bucket for the first time, it might take a short amount of time for the change to be fully propagated. We recommend that you wait for 15 minutes after enabling versioning before issuing write operations ( `PUT` or `DELETE` ) on objects in the bucket.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-bucket.html#cfn-s3-bucket-versioningconfiguration
	//
	VersioningConfiguration interface{} `field:"optional" json:"versioningConfiguration" yaml:"versioningConfiguration"`
	// Information used to configure the bucket as a static website.
	//
	// For more information, see [Hosting Websites on Amazon S3](https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html) .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-bucket.html#cfn-s3-bucket-websiteconfiguration
	//
	WebsiteConfiguration interface{} `field:"optional" json:"websiteConfiguration" yaml:"websiteConfiguration"`
}

Properties for defining a `CfnBucket`.

Example:

rawBucket := s3.NewCfnBucket(this, jsii.String("Bucket"), &CfnBucketProps{
})
// -or-
rawBucketAlt := myBucket.Node.defaultChild.(cfnBucket)

// then
rawBucket.CfnOptions.Condition = awscdk.NewCfnCondition(this, jsii.String("EnableBucket"), &CfnConditionProps{
})
rawBucket.CfnOptions.Metadata = map[string]interface{}{
	"metadataKey": jsii.String("MetadataValue"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-bucket.html

type CfnBucket_AbortIncompleteMultipartUploadProperty

type CfnBucket_AbortIncompleteMultipartUploadProperty struct {
	// Specifies the number of days after which Amazon S3 stops an incomplete multipart upload.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-abortincompletemultipartupload.html#cfn-s3-bucket-abortincompletemultipartupload-daysafterinitiation
	//
	DaysAfterInitiation *float64 `field:"required" json:"daysAfterInitiation" yaml:"daysAfterInitiation"`
}

Specifies the days since the initiation of an incomplete multipart upload that Amazon S3 will wait before permanently removing all parts of the upload.

For more information, see [Stopping Incomplete Multipart Uploads Using a Bucket Lifecycle Policy](https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config) in the *Amazon S3 User Guide* .

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

abortIncompleteMultipartUploadProperty := &AbortIncompleteMultipartUploadProperty{
	DaysAfterInitiation: jsii.Number(123),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-abortincompletemultipartupload.html

type CfnBucket_AccelerateConfigurationProperty

type CfnBucket_AccelerateConfigurationProperty struct {
	// Specifies the transfer acceleration status of the bucket.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-accelerateconfiguration.html#cfn-s3-bucket-accelerateconfiguration-accelerationstatus
	//
	AccelerationStatus *string `field:"required" json:"accelerationStatus" yaml:"accelerationStatus"`
}

Configures the transfer acceleration state for an Amazon S3 bucket.

For more information, see [Amazon S3 Transfer Acceleration](https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html) in the *Amazon S3 User Guide* .

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

accelerateConfigurationProperty := &AccelerateConfigurationProperty{
	AccelerationStatus: jsii.String("accelerationStatus"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-accelerateconfiguration.html

type CfnBucket_AccessControlTranslationProperty

type CfnBucket_AccessControlTranslationProperty struct {
	// Specifies the replica ownership.
	//
	// For default and valid values, see [PUT bucket replication](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTreplication.html) in the *Amazon S3 API Reference* .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-accesscontroltranslation.html#cfn-s3-bucket-accesscontroltranslation-owner
	//
	Owner *string `field:"required" json:"owner" yaml:"owner"`
}

Specify this only in a cross-account scenario (where source and destination bucket owners are not the same), and you want to change replica ownership to the AWS account that owns the destination bucket.

If this is not specified in the replication configuration, the replicas are owned by same AWS account that owns the source object.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

accessControlTranslationProperty := &AccessControlTranslationProperty{
	Owner: jsii.String("owner"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-accesscontroltranslation.html

type CfnBucket_AnalyticsConfigurationProperty

type CfnBucket_AnalyticsConfigurationProperty struct {
	// The ID that identifies the analytics configuration.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-analyticsconfiguration.html#cfn-s3-bucket-analyticsconfiguration-id
	//
	Id *string `field:"required" json:"id" yaml:"id"`
	// Contains data related to access patterns to be collected and made available to analyze the tradeoffs between different storage classes.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-analyticsconfiguration.html#cfn-s3-bucket-analyticsconfiguration-storageclassanalysis
	//
	StorageClassAnalysis interface{} `field:"required" json:"storageClassAnalysis" yaml:"storageClassAnalysis"`
	// The prefix that an object must have to be included in the analytics results.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-analyticsconfiguration.html#cfn-s3-bucket-analyticsconfiguration-prefix
	//
	Prefix *string `field:"optional" json:"prefix" yaml:"prefix"`
	// The tags to use when evaluating an analytics filter.
	//
	// The analytics only includes objects that meet the filter's criteria. If no filter is specified, all of the contents of the bucket are included in the analysis.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-analyticsconfiguration.html#cfn-s3-bucket-analyticsconfiguration-tagfilters
	//
	TagFilters interface{} `field:"optional" json:"tagFilters" yaml:"tagFilters"`
}

Specifies the configuration and any analyses for the analytics filter of an Amazon S3 bucket.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

analyticsConfigurationProperty := &AnalyticsConfigurationProperty{
	Id: jsii.String("id"),
	StorageClassAnalysis: &StorageClassAnalysisProperty{
		DataExport: &DataExportProperty{
			Destination: &DestinationProperty{
				BucketArn: jsii.String("bucketArn"),
				Format: jsii.String("format"),

				// the properties below are optional
				BucketAccountId: jsii.String("bucketAccountId"),
				Prefix: jsii.String("prefix"),
			},
			OutputSchemaVersion: jsii.String("outputSchemaVersion"),
		},
	},

	// the properties below are optional
	Prefix: jsii.String("prefix"),
	TagFilters: []interface{}{
		&TagFilterProperty{
			Key: jsii.String("key"),
			Value: jsii.String("value"),
		},
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-analyticsconfiguration.html

type CfnBucket_BucketEncryptionProperty

type CfnBucket_BucketEncryptionProperty struct {
	// Specifies the default server-side-encryption configuration.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-bucketencryption.html#cfn-s3-bucket-bucketencryption-serversideencryptionconfiguration
	//
	ServerSideEncryptionConfiguration interface{} `field:"required" json:"serverSideEncryptionConfiguration" yaml:"serverSideEncryptionConfiguration"`
}

Specifies default encryption for a bucket using server-side encryption with Amazon S3-managed keys (SSE-S3), AWS KMS-managed keys (SSE-KMS), or dual-layer server-side encryption with KMS-managed keys (DSSE-KMS).

For information about the Amazon S3 default encryption feature, see [Amazon S3 Default Encryption for S3 Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) in the *Amazon S3 User Guide* .

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

bucketEncryptionProperty := &BucketEncryptionProperty{
	ServerSideEncryptionConfiguration: []interface{}{
		&ServerSideEncryptionRuleProperty{
			BucketKeyEnabled: jsii.Boolean(false),
			ServerSideEncryptionByDefault: &ServerSideEncryptionByDefaultProperty{
				SseAlgorithm: jsii.String("sseAlgorithm"),

				// the properties below are optional
				KmsMasterKeyId: jsii.String("kmsMasterKeyId"),
			},
		},
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-bucketencryption.html

type CfnBucket_CorsConfigurationProperty

type CfnBucket_CorsConfigurationProperty struct {
	// A set of origins and methods (cross-origin access that you want to allow).
	//
	// You can add up to 100 rules to the configuration.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-corsconfiguration.html#cfn-s3-bucket-corsconfiguration-corsrules
	//
	CorsRules interface{} `field:"required" json:"corsRules" yaml:"corsRules"`
}

Describes the cross-origin access configuration for objects in an Amazon S3 bucket.

For more information, see [Enabling Cross-Origin Resource Sharing](https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html) in the *Amazon S3 User Guide* .

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

corsConfigurationProperty := &CorsConfigurationProperty{
	CorsRules: []interface{}{
		&CorsRuleProperty{
			AllowedMethods: []*string{
				jsii.String("allowedMethods"),
			},
			AllowedOrigins: []*string{
				jsii.String("allowedOrigins"),
			},

			// the properties below are optional
			AllowedHeaders: []*string{
				jsii.String("allowedHeaders"),
			},
			ExposedHeaders: []*string{
				jsii.String("exposedHeaders"),
			},
			Id: jsii.String("id"),
			MaxAge: jsii.Number(123),
		},
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-corsconfiguration.html

type CfnBucket_CorsRuleProperty

type CfnBucket_CorsRuleProperty struct {
	// An HTTP method that you allow the origin to run.
	//
	// *Allowed values* : `GET` | `PUT` | `HEAD` | `POST` | `DELETE`.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-corsrule.html#cfn-s3-bucket-corsrule-allowedmethods
	//
	AllowedMethods *[]*string `field:"required" json:"allowedMethods" yaml:"allowedMethods"`
	// One or more origins you want customers to be able to access the bucket from.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-corsrule.html#cfn-s3-bucket-corsrule-allowedorigins
	//
	AllowedOrigins *[]*string `field:"required" json:"allowedOrigins" yaml:"allowedOrigins"`
	// Headers that are specified in the `Access-Control-Request-Headers` header.
	//
	// These headers are allowed in a preflight OPTIONS request. In response to any preflight OPTIONS request, Amazon S3 returns any requested headers that are allowed.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-corsrule.html#cfn-s3-bucket-corsrule-allowedheaders
	//
	AllowedHeaders *[]*string `field:"optional" json:"allowedHeaders" yaml:"allowedHeaders"`
	// One or more headers in the response that you want customers to be able to access from their applications (for example, from a JavaScript `XMLHttpRequest` object).
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-corsrule.html#cfn-s3-bucket-corsrule-exposedheaders
	//
	ExposedHeaders *[]*string `field:"optional" json:"exposedHeaders" yaml:"exposedHeaders"`
	// A unique identifier for this rule.
	//
	// The value must be no more than 255 characters.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-corsrule.html#cfn-s3-bucket-corsrule-id
	//
	Id *string `field:"optional" json:"id" yaml:"id"`
	// The time in seconds that your browser is to cache the preflight response for the specified resource.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-corsrule.html#cfn-s3-bucket-corsrule-maxage
	//
	MaxAge *float64 `field:"optional" json:"maxAge" yaml:"maxAge"`
}

Specifies a cross-origin access rule for an Amazon S3 bucket.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

corsRuleProperty := &CorsRuleProperty{
	AllowedMethods: []*string{
		jsii.String("allowedMethods"),
	},
	AllowedOrigins: []*string{
		jsii.String("allowedOrigins"),
	},

	// the properties below are optional
	AllowedHeaders: []*string{
		jsii.String("allowedHeaders"),
	},
	ExposedHeaders: []*string{
		jsii.String("exposedHeaders"),
	},
	Id: jsii.String("id"),
	MaxAge: jsii.Number(123),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-corsrule.html

type CfnBucket_DataExportProperty

type CfnBucket_DataExportProperty struct {
	// The place to store the data for an analysis.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-dataexport.html#cfn-s3-bucket-dataexport-destination
	//
	Destination interface{} `field:"required" json:"destination" yaml:"destination"`
	// The version of the output schema to use when exporting data.
	//
	// Must be `V_1` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-dataexport.html#cfn-s3-bucket-dataexport-outputschemaversion
	//
	OutputSchemaVersion *string `field:"required" json:"outputSchemaVersion" yaml:"outputSchemaVersion"`
}

Specifies how data related to the storage class analysis for an Amazon S3 bucket should be exported.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

dataExportProperty := &DataExportProperty{
	Destination: &DestinationProperty{
		BucketArn: jsii.String("bucketArn"),
		Format: jsii.String("format"),

		// the properties below are optional
		BucketAccountId: jsii.String("bucketAccountId"),
		Prefix: jsii.String("prefix"),
	},
	OutputSchemaVersion: jsii.String("outputSchemaVersion"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-dataexport.html

type CfnBucket_DefaultRetentionProperty

type CfnBucket_DefaultRetentionProperty struct {
	// The number of days that you want to specify for the default retention period.
	//
	// If Object Lock is turned on, you must specify `Mode` and specify either `Days` or `Years` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-defaultretention.html#cfn-s3-bucket-defaultretention-days
	//
	Days *float64 `field:"optional" json:"days" yaml:"days"`
	// The default Object Lock retention mode you want to apply to new objects placed in the specified bucket.
	//
	// If Object Lock is turned on, you must specify `Mode` and specify either `Days` or `Years` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-defaultretention.html#cfn-s3-bucket-defaultretention-mode
	//
	Mode *string `field:"optional" json:"mode" yaml:"mode"`
	// The number of years that you want to specify for the default retention period.
	//
	// If Object Lock is turned on, you must specify `Mode` and specify either `Days` or `Years` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-defaultretention.html#cfn-s3-bucket-defaultretention-years
	//
	Years *float64 `field:"optional" json:"years" yaml:"years"`
}

The container element for optionally specifying the default Object Lock retention settings for new objects placed in the specified bucket.

> - The `DefaultRetention` settings require both a mode and a period. > - The `DefaultRetention` period can be either `Days` or `Years` but you must select one. You cannot specify `Days` and `Years` at the same time.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

defaultRetentionProperty := &DefaultRetentionProperty{
	Days: jsii.Number(123),
	Mode: jsii.String("mode"),
	Years: jsii.Number(123),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-defaultretention.html

type CfnBucket_DeleteMarkerReplicationProperty

type CfnBucket_DeleteMarkerReplicationProperty struct {
	// Indicates whether to replicate delete markers.
	//
	// Disabled by default.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-deletemarkerreplication.html#cfn-s3-bucket-deletemarkerreplication-status
	//
	Status *string `field:"optional" json:"status" yaml:"status"`
}

Specifies whether Amazon S3 replicates delete markers.

If you specify a `Filter` in your replication configuration, you must also include a `DeleteMarkerReplication` element. If your `Filter` includes a `Tag` element, the `DeleteMarkerReplication` `Status` must be set to Disabled, because Amazon S3 does not support replicating delete markers for tag-based rules. For an example configuration, see [Basic Rule Configuration](https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-config-min-rule-config) .

For more information about delete marker replication, see [Basic Rule Configuration](https://docs.aws.amazon.com/AmazonS3/latest/dev/delete-marker-replication.html) .

> If you are using an earlier version of the replication configuration, Amazon S3 handles replication of delete markers differently. For more information, see [Backward Compatibility](https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-backward-compat-considerations) .

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

deleteMarkerReplicationProperty := &DeleteMarkerReplicationProperty{
	Status: jsii.String("status"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-deletemarkerreplication.html

type CfnBucket_DestinationProperty

type CfnBucket_DestinationProperty struct {
	// The Amazon Resource Name (ARN) of the bucket to which data is exported.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-destination.html#cfn-s3-bucket-destination-bucketarn
	//
	BucketArn *string `field:"required" json:"bucketArn" yaml:"bucketArn"`
	// Specifies the file format used when exporting data to Amazon S3.
	//
	// *Allowed values* : `CSV` | `ORC` | `Parquet`.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-destination.html#cfn-s3-bucket-destination-format
	//
	Format *string `field:"required" json:"format" yaml:"format"`
	// The account ID that owns the destination S3 bucket.
	//
	// If no account ID is provided, the owner is not validated before exporting data.
	//
	// > Although this value is optional, we strongly recommend that you set it to help prevent problems if the destination bucket ownership changes.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-destination.html#cfn-s3-bucket-destination-bucketaccountid
	//
	BucketAccountId *string `field:"optional" json:"bucketAccountId" yaml:"bucketAccountId"`
	// The prefix to use when exporting data.
	//
	// The prefix is prepended to all results.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-destination.html#cfn-s3-bucket-destination-prefix
	//
	Prefix *string `field:"optional" json:"prefix" yaml:"prefix"`
}

Specifies information about where to publish analysis or configuration results for an Amazon S3 bucket.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

destinationProperty := &DestinationProperty{
	BucketArn: jsii.String("bucketArn"),
	Format: jsii.String("format"),

	// the properties below are optional
	BucketAccountId: jsii.String("bucketAccountId"),
	Prefix: jsii.String("prefix"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-destination.html

type CfnBucket_EncryptionConfigurationProperty

type CfnBucket_EncryptionConfigurationProperty struct {
	// Specifies the ID (Key ARN or Alias ARN) of the customer managed AWS KMS key stored in AWS Key Management Service (KMS) for the destination bucket.
	//
	// Amazon S3 uses this key to encrypt replica objects. Amazon S3 only supports symmetric encryption KMS keys. For more information, see [Asymmetric keys in AWS KMS](https://docs.aws.amazon.com//kms/latest/developerguide/symmetric-asymmetric.html) in the *AWS Key Management Service Developer Guide* .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-encryptionconfiguration.html#cfn-s3-bucket-encryptionconfiguration-replicakmskeyid
	//
	ReplicaKmsKeyId *string `field:"required" json:"replicaKmsKeyId" yaml:"replicaKmsKeyId"`
}

Specifies encryption-related information for an Amazon S3 bucket that is a destination for replicated objects.

> If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then AWS KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

encryptionConfigurationProperty := &EncryptionConfigurationProperty{
	ReplicaKmsKeyId: jsii.String("replicaKmsKeyId"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-encryptionconfiguration.html

type CfnBucket_EventBridgeConfigurationProperty added in v2.2.0

type CfnBucket_EventBridgeConfigurationProperty struct {
	// Enables delivery of events to Amazon EventBridge.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-eventbridgeconfiguration.html#cfn-s3-bucket-eventbridgeconfiguration-eventbridgeenabled
	//
	EventBridgeEnabled interface{} `field:"required" json:"eventBridgeEnabled" yaml:"eventBridgeEnabled"`
}

Amazon S3 can send events to Amazon EventBridge whenever certain events happen in your bucket, see [Using EventBridge](https://docs.aws.amazon.com/AmazonS3/latest/userguide/EventBridge.html) in the *Amazon S3 User Guide* .

Unlike other destinations, delivery of events to EventBridge can be either enabled or disabled for a bucket. If enabled, all events will be sent to EventBridge and you can use EventBridge rules to route events to additional targets. For more information, see [What Is Amazon EventBridge](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-what-is.html) in the *Amazon EventBridge User Guide*

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

eventBridgeConfigurationProperty := &EventBridgeConfigurationProperty{
	EventBridgeEnabled: jsii.Boolean(false),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-eventbridgeconfiguration.html

type CfnBucket_FilterRuleProperty

type CfnBucket_FilterRuleProperty struct {
	// The object key name prefix or suffix identifying one or more objects to which the filtering rule applies.
	//
	// The maximum length is 1,024 characters. Overlapping prefixes and suffixes are not supported. For more information, see [Configuring Event Notifications](https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) in the *Amazon S3 User Guide* .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-filterrule.html#cfn-s3-bucket-filterrule-name
	//
	Name *string `field:"required" json:"name" yaml:"name"`
	// The value that the filter searches for in object key names.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-filterrule.html#cfn-s3-bucket-filterrule-value
	//
	Value *string `field:"required" json:"value" yaml:"value"`
}

Specifies the Amazon S3 object key name to filter on.

An object key name is the name assigned to an object in your Amazon S3 bucket. You specify whether to filter on the suffix or prefix of the object key name. A prefix is a specific string of characters at the beginning of an object key name, which you can use to organize objects. For example, you can start the key names of related objects with a prefix, such as `2023-` or `engineering/` . Then, you can use `FilterRule` to find objects in a bucket with key names that have the same prefix. A suffix is similar to a prefix, but it is at the end of the object key name instead of at the beginning.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

filterRuleProperty := &FilterRuleProperty{
	Name: jsii.String("name"),
	Value: jsii.String("value"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-filterrule.html

type CfnBucket_IntelligentTieringConfigurationProperty

type CfnBucket_IntelligentTieringConfigurationProperty struct {
	// The ID used to identify the S3 Intelligent-Tiering configuration.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-intelligenttieringconfiguration.html#cfn-s3-bucket-intelligenttieringconfiguration-id
	//
	Id *string `field:"required" json:"id" yaml:"id"`
	// Specifies the status of the configuration.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-intelligenttieringconfiguration.html#cfn-s3-bucket-intelligenttieringconfiguration-status
	//
	Status *string `field:"required" json:"status" yaml:"status"`
	// Specifies a list of S3 Intelligent-Tiering storage class tiers in the configuration.
	//
	// At least one tier must be defined in the list. At most, you can specify two tiers in the list, one for each available AccessTier: `ARCHIVE_ACCESS` and `DEEP_ARCHIVE_ACCESS` .
	//
	// > You only need Intelligent Tiering Configuration enabled on a bucket if you want to automatically move objects stored in the Intelligent-Tiering storage class to Archive Access or Deep Archive Access tiers.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-intelligenttieringconfiguration.html#cfn-s3-bucket-intelligenttieringconfiguration-tierings
	//
	Tierings interface{} `field:"required" json:"tierings" yaml:"tierings"`
	// An object key name prefix that identifies the subset of objects to which the rule applies.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-intelligenttieringconfiguration.html#cfn-s3-bucket-intelligenttieringconfiguration-prefix
	//
	Prefix *string `field:"optional" json:"prefix" yaml:"prefix"`
	// A container for a key-value pair.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-intelligenttieringconfiguration.html#cfn-s3-bucket-intelligenttieringconfiguration-tagfilters
	//
	TagFilters interface{} `field:"optional" json:"tagFilters" yaml:"tagFilters"`
}

Specifies the S3 Intelligent-Tiering configuration for an Amazon S3 bucket.

For information about the S3 Intelligent-Tiering storage class, see [Storage class for automatically optimizing frequently and infrequently accessed objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access) .

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

intelligentTieringConfigurationProperty := &IntelligentTieringConfigurationProperty{
	Id: jsii.String("id"),
	Status: jsii.String("status"),
	Tierings: []interface{}{
		&TieringProperty{
			AccessTier: jsii.String("accessTier"),
			Days: jsii.Number(123),
		},
	},

	// the properties below are optional
	Prefix: jsii.String("prefix"),
	TagFilters: []interface{}{
		&TagFilterProperty{
			Key: jsii.String("key"),
			Value: jsii.String("value"),
		},
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-intelligenttieringconfiguration.html

type CfnBucket_InventoryConfigurationProperty

type CfnBucket_InventoryConfigurationProperty struct {
	// Contains information about where to publish the inventory results.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-inventoryconfiguration.html#cfn-s3-bucket-inventoryconfiguration-destination
	//
	Destination interface{} `field:"required" json:"destination" yaml:"destination"`
	// Specifies whether the inventory is enabled or disabled.
	//
	// If set to `True` , an inventory list is generated. If set to `False` , no inventory list is generated.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-inventoryconfiguration.html#cfn-s3-bucket-inventoryconfiguration-enabled
	//
	Enabled interface{} `field:"required" json:"enabled" yaml:"enabled"`
	// The ID used to identify the inventory configuration.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-inventoryconfiguration.html#cfn-s3-bucket-inventoryconfiguration-id
	//
	Id *string `field:"required" json:"id" yaml:"id"`
	// Object versions to include in the inventory list.
	//
	// If set to `All` , the list includes all the object versions, which adds the version-related fields `VersionId` , `IsLatest` , and `DeleteMarker` to the list. If set to `Current` , the list does not contain these version-related fields.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-inventoryconfiguration.html#cfn-s3-bucket-inventoryconfiguration-includedobjectversions
	//
	IncludedObjectVersions *string `field:"required" json:"includedObjectVersions" yaml:"includedObjectVersions"`
	// Specifies the schedule for generating inventory results.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-inventoryconfiguration.html#cfn-s3-bucket-inventoryconfiguration-schedulefrequency
	//
	ScheduleFrequency *string `field:"required" json:"scheduleFrequency" yaml:"scheduleFrequency"`
	// Contains the optional fields that are included in the inventory results.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-inventoryconfiguration.html#cfn-s3-bucket-inventoryconfiguration-optionalfields
	//
	OptionalFields *[]*string `field:"optional" json:"optionalFields" yaml:"optionalFields"`
	// Specifies the inventory filter prefix.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-inventoryconfiguration.html#cfn-s3-bucket-inventoryconfiguration-prefix
	//
	Prefix *string `field:"optional" json:"prefix" yaml:"prefix"`
}

Specifies the inventory configuration for an Amazon S3 bucket.

For more information, see [GET Bucket inventory](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETInventoryConfig.html) in the *Amazon S3 API Reference* .

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

inventoryConfigurationProperty := &InventoryConfigurationProperty{
	Destination: &DestinationProperty{
		BucketArn: jsii.String("bucketArn"),
		Format: jsii.String("format"),

		// the properties below are optional
		BucketAccountId: jsii.String("bucketAccountId"),
		Prefix: jsii.String("prefix"),
	},
	Enabled: jsii.Boolean(false),
	Id: jsii.String("id"),
	IncludedObjectVersions: jsii.String("includedObjectVersions"),
	ScheduleFrequency: jsii.String("scheduleFrequency"),

	// the properties below are optional
	OptionalFields: []*string{
		jsii.String("optionalFields"),
	},
	Prefix: jsii.String("prefix"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-inventoryconfiguration.html

type CfnBucket_LambdaConfigurationProperty

type CfnBucket_LambdaConfigurationProperty struct {
	// The Amazon S3 bucket event for which to invoke the AWS Lambda function.
	//
	// For more information, see [Supported Event Types](https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) in the *Amazon S3 User Guide* .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-lambdaconfiguration.html#cfn-s3-bucket-lambdaconfiguration-event
	//
	Event *string `field:"required" json:"event" yaml:"event"`
	// The Amazon Resource Name (ARN) of the AWS Lambda function that Amazon S3 invokes when the specified event type occurs.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-lambdaconfiguration.html#cfn-s3-bucket-lambdaconfiguration-function
	//
	Function *string `field:"required" json:"function" yaml:"function"`
	// The filtering rules that determine which objects invoke the AWS Lambda function.
	//
	// For example, you can create a filter so that only image files with a `.jpg` extension invoke the function when they are added to the Amazon S3 bucket.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-lambdaconfiguration.html#cfn-s3-bucket-lambdaconfiguration-filter
	//
	Filter interface{} `field:"optional" json:"filter" yaml:"filter"`
}

Describes the AWS Lambda functions to invoke and the events for which to invoke them.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

lambdaConfigurationProperty := &LambdaConfigurationProperty{
	Event: jsii.String("event"),
	Function: jsii.String("function"),

	// the properties below are optional
	Filter: &NotificationFilterProperty{
		S3Key: &S3KeyFilterProperty{
			Rules: []interface{}{
				&FilterRuleProperty{
					Name: jsii.String("name"),
					Value: jsii.String("value"),
				},
			},
		},
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-lambdaconfiguration.html

type CfnBucket_LifecycleConfigurationProperty

type CfnBucket_LifecycleConfigurationProperty struct {
	// A lifecycle rule for individual objects in an Amazon S3 bucket.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-lifecycleconfiguration.html#cfn-s3-bucket-lifecycleconfiguration-rules
	//
	Rules interface{} `field:"required" json:"rules" yaml:"rules"`
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-lifecycleconfiguration.html#cfn-s3-bucket-lifecycleconfiguration-transitiondefaultminimumobjectsize
	//
	TransitionDefaultMinimumObjectSize *string `field:"optional" json:"transitionDefaultMinimumObjectSize" yaml:"transitionDefaultMinimumObjectSize"`
}

Specifies the lifecycle configuration for objects in an Amazon S3 bucket.

For more information, see [Object Lifecycle Management](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html) in the *Amazon S3 User Guide* .

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

lifecycleConfigurationProperty := &LifecycleConfigurationProperty{
	Rules: []interface{}{
		&RuleProperty{
			Status: jsii.String("status"),

			// the properties below are optional
			AbortIncompleteMultipartUpload: &AbortIncompleteMultipartUploadProperty{
				DaysAfterInitiation: jsii.Number(123),
			},
			ExpirationDate: NewDate(),
			ExpirationInDays: jsii.Number(123),
			ExpiredObjectDeleteMarker: jsii.Boolean(false),
			Id: jsii.String("id"),
			NoncurrentVersionExpiration: &NoncurrentVersionExpirationProperty{
				NoncurrentDays: jsii.Number(123),

				// the properties below are optional
				NewerNoncurrentVersions: jsii.Number(123),
			},
			NoncurrentVersionExpirationInDays: jsii.Number(123),
			NoncurrentVersionTransition: &NoncurrentVersionTransitionProperty{
				StorageClass: jsii.String("storageClass"),
				TransitionInDays: jsii.Number(123),

				// the properties below are optional
				NewerNoncurrentVersions: jsii.Number(123),
			},
			NoncurrentVersionTransitions: []interface{}{
				&NoncurrentVersionTransitionProperty{
					StorageClass: jsii.String("storageClass"),
					TransitionInDays: jsii.Number(123),

					// the properties below are optional
					NewerNoncurrentVersions: jsii.Number(123),
				},
			},
			ObjectSizeGreaterThan: jsii.Number(123),
			ObjectSizeLessThan: jsii.Number(123),
			Prefix: jsii.String("prefix"),
			TagFilters: []interface{}{
				&TagFilterProperty{
					Key: jsii.String("key"),
					Value: jsii.String("value"),
				},
			},
			Transition: &TransitionProperty{
				StorageClass: jsii.String("storageClass"),

				// the properties below are optional
				TransitionDate: NewDate(),
				TransitionInDays: jsii.Number(123),
			},
			Transitions: []interface{}{
				&TransitionProperty{
					StorageClass: jsii.String("storageClass"),

					// the properties below are optional
					TransitionDate: NewDate(),
					TransitionInDays: jsii.Number(123),
				},
			},
		},
	},

	// the properties below are optional
	TransitionDefaultMinimumObjectSize: jsii.String("transitionDefaultMinimumObjectSize"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-lifecycleconfiguration.html

type CfnBucket_LoggingConfigurationProperty

type CfnBucket_LoggingConfigurationProperty struct {
	// The name of the bucket where Amazon S3 should store server access log files.
	//
	// You can store log files in any bucket that you own. By default, logs are stored in the bucket where the `LoggingConfiguration` property is defined.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-loggingconfiguration.html#cfn-s3-bucket-loggingconfiguration-destinationbucketname
	//
	DestinationBucketName *string `field:"optional" json:"destinationBucketName" yaml:"destinationBucketName"`
	// A prefix for all log object keys.
	//
	// If you store log files from multiple Amazon S3 buckets in a single bucket, you can use a prefix to distinguish which log files came from which bucket.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-loggingconfiguration.html#cfn-s3-bucket-loggingconfiguration-logfileprefix
	//
	LogFilePrefix *string `field:"optional" json:"logFilePrefix" yaml:"logFilePrefix"`
	// Amazon S3 key format for log objects.
	//
	// Only one format, either PartitionedPrefix or SimplePrefix, is allowed.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-loggingconfiguration.html#cfn-s3-bucket-loggingconfiguration-targetobjectkeyformat
	//
	TargetObjectKeyFormat interface{} `field:"optional" json:"targetObjectKeyFormat" yaml:"targetObjectKeyFormat"`
}

Describes where logs are stored and the prefix that Amazon S3 assigns to all log object keys for a bucket.

For examples and more information, see [PUT Bucket logging](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTlogging.html) in the *Amazon S3 API Reference* .

> To successfully complete the `AWS::S3::Bucket LoggingConfiguration` request, you must have `s3:PutObject` and `s3:PutObjectAcl` in your IAM permissions.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var simplePrefix interface{}

loggingConfigurationProperty := &LoggingConfigurationProperty{
	DestinationBucketName: jsii.String("destinationBucketName"),
	LogFilePrefix: jsii.String("logFilePrefix"),
	TargetObjectKeyFormat: &TargetObjectKeyFormatProperty{
		PartitionedPrefix: &PartitionedPrefixProperty{
			PartitionDateSource: jsii.String("partitionDateSource"),
		},
		SimplePrefix: simplePrefix,
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-loggingconfiguration.html

type CfnBucket_MetricsConfigurationProperty

type CfnBucket_MetricsConfigurationProperty struct {
	// The ID used to identify the metrics configuration.
	//
	// This can be any value you choose that helps you identify your metrics configuration.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-metricsconfiguration.html#cfn-s3-bucket-metricsconfiguration-id
	//
	Id *string `field:"required" json:"id" yaml:"id"`
	// The access point that was used while performing operations on the object.
	//
	// The metrics configuration only includes objects that meet the filter's criteria.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-metricsconfiguration.html#cfn-s3-bucket-metricsconfiguration-accesspointarn
	//
	AccessPointArn *string `field:"optional" json:"accessPointArn" yaml:"accessPointArn"`
	// The prefix that an object must have to be included in the metrics results.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-metricsconfiguration.html#cfn-s3-bucket-metricsconfiguration-prefix
	//
	Prefix *string `field:"optional" json:"prefix" yaml:"prefix"`
	// Specifies a list of tag filters to use as a metrics configuration filter.
	//
	// The metrics configuration includes only objects that meet the filter's criteria.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-metricsconfiguration.html#cfn-s3-bucket-metricsconfiguration-tagfilters
	//
	TagFilters interface{} `field:"optional" json:"tagFilters" yaml:"tagFilters"`
}

Specifies a metrics configuration for the CloudWatch request metrics (specified by the metrics configuration ID) from an Amazon S3 bucket.

If you're updating an existing metrics configuration, note that this is a full replacement of the existing metrics configuration. If you don't include the elements you want to keep, they are erased. For examples, see [AWS::S3::Bucket](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#aws-properties-s3-bucket--examples) . For more information, see [PUT Bucket metrics](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTMetricConfiguration.html) in the *Amazon S3 API Reference* .

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

metricsConfigurationProperty := &MetricsConfigurationProperty{
	Id: jsii.String("id"),

	// the properties below are optional
	AccessPointArn: jsii.String("accessPointArn"),
	Prefix: jsii.String("prefix"),
	TagFilters: []interface{}{
		&TagFilterProperty{
			Key: jsii.String("key"),
			Value: jsii.String("value"),
		},
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-metricsconfiguration.html

type CfnBucket_MetricsProperty

type CfnBucket_MetricsProperty struct {
	// Specifies whether the replication metrics are enabled.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-metrics.html#cfn-s3-bucket-metrics-status
	//
	Status *string `field:"required" json:"status" yaml:"status"`
	// A container specifying the time threshold for emitting the `s3:Replication:OperationMissedThreshold` event.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-metrics.html#cfn-s3-bucket-metrics-eventthreshold
	//
	EventThreshold interface{} `field:"optional" json:"eventThreshold" yaml:"eventThreshold"`
}

A container specifying replication metrics-related settings enabling replication metrics and events.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

metricsProperty := &MetricsProperty{
	Status: jsii.String("status"),

	// the properties below are optional
	EventThreshold: &ReplicationTimeValueProperty{
		Minutes: jsii.Number(123),
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-metrics.html

type CfnBucket_NoncurrentVersionExpirationProperty added in v2.2.0

type CfnBucket_NoncurrentVersionExpirationProperty struct {
	// Specifies the number of days an object is noncurrent before Amazon S3 can perform the associated action.
	//
	// For information about the noncurrent days calculations, see [How Amazon S3 Calculates When an Object Became Noncurrent](https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html#non-current-days-calculations) in the *Amazon S3 User Guide* .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-noncurrentversionexpiration.html#cfn-s3-bucket-noncurrentversionexpiration-noncurrentdays
	//
	NoncurrentDays *float64 `field:"required" json:"noncurrentDays" yaml:"noncurrentDays"`
	// Specifies how many noncurrent versions Amazon S3 will retain.
	//
	// If there are this many more recent noncurrent versions, Amazon S3 will take the associated action. For more information about noncurrent versions, see [Lifecycle configuration elements](https://docs.aws.amazon.com/AmazonS3/latest/userguide/intro-lifecycle-rules.html) in the *Amazon S3 User Guide* .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-noncurrentversionexpiration.html#cfn-s3-bucket-noncurrentversionexpiration-newernoncurrentversions
	//
	NewerNoncurrentVersions *float64 `field:"optional" json:"newerNoncurrentVersions" yaml:"newerNoncurrentVersions"`
}

Specifies when noncurrent object versions expire.

Upon expiration, Amazon S3 permanently deletes the noncurrent object versions. You set this lifecycle configuration action on a bucket that has versioning enabled (or suspended) to request that Amazon S3 delete noncurrent object versions at a specific period in the object's lifetime. For more information about setting a lifecycle rule configuration, see [AWS::S3::Bucket Rule](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-lifecycleconfig-rule.html) .

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

noncurrentVersionExpirationProperty := &NoncurrentVersionExpirationProperty{
	NoncurrentDays: jsii.Number(123),

	// the properties below are optional
	NewerNoncurrentVersions: jsii.Number(123),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-noncurrentversionexpiration.html

type CfnBucket_NoncurrentVersionTransitionProperty

type CfnBucket_NoncurrentVersionTransitionProperty struct {
	// The class of storage used to store the object.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-noncurrentversiontransition.html#cfn-s3-bucket-noncurrentversiontransition-storageclass
	//
	StorageClass *string `field:"required" json:"storageClass" yaml:"storageClass"`
	// Specifies the number of days an object is noncurrent before Amazon S3 can perform the associated action.
	//
	// For information about the noncurrent days calculations, see [How Amazon S3 Calculates How Long an Object Has Been Noncurrent](https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html#non-current-days-calculations) in the *Amazon S3 User Guide* .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-noncurrentversiontransition.html#cfn-s3-bucket-noncurrentversiontransition-transitionindays
	//
	TransitionInDays *float64 `field:"required" json:"transitionInDays" yaml:"transitionInDays"`
	// Specifies how many noncurrent versions Amazon S3 will retain.
	//
	// If there are this many more recent noncurrent versions, Amazon S3 will take the associated action. For more information about noncurrent versions, see [Lifecycle configuration elements](https://docs.aws.amazon.com/AmazonS3/latest/userguide/intro-lifecycle-rules.html) in the *Amazon S3 User Guide* .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-noncurrentversiontransition.html#cfn-s3-bucket-noncurrentversiontransition-newernoncurrentversions
	//
	NewerNoncurrentVersions *float64 `field:"optional" json:"newerNoncurrentVersions" yaml:"newerNoncurrentVersions"`
}

Container for the transition rule that describes when noncurrent objects transition to the `STANDARD_IA` , `ONEZONE_IA` , `INTELLIGENT_TIERING` , `GLACIER_IR` , `GLACIER` , or `DEEP_ARCHIVE` storage class.

If your bucket is versioning-enabled (or versioning is suspended), you can set this action to request that Amazon S3 transition noncurrent object versions to the `STANDARD_IA` , `ONEZONE_IA` , `INTELLIGENT_TIERING` , `GLACIER_IR` , `GLACIER` , or `DEEP_ARCHIVE` storage class at a specific period in the object's lifetime. If you specify this property, don't specify the `NoncurrentVersionTransitions` property.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

noncurrentVersionTransitionProperty := &NoncurrentVersionTransitionProperty{
	StorageClass: jsii.String("storageClass"),
	TransitionInDays: jsii.Number(123),

	// the properties below are optional
	NewerNoncurrentVersions: jsii.Number(123),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-noncurrentversiontransition.html

type CfnBucket_NotificationConfigurationProperty

type CfnBucket_NotificationConfigurationProperty struct {
	// Enables delivery of events to Amazon EventBridge.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-notificationconfiguration.html#cfn-s3-bucket-notificationconfiguration-eventbridgeconfiguration
	//
	EventBridgeConfiguration interface{} `field:"optional" json:"eventBridgeConfiguration" yaml:"eventBridgeConfiguration"`
	// Describes the AWS Lambda functions to invoke and the events for which to invoke them.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-notificationconfiguration.html#cfn-s3-bucket-notificationconfiguration-lambdaconfigurations
	//
	LambdaConfigurations interface{} `field:"optional" json:"lambdaConfigurations" yaml:"lambdaConfigurations"`
	// The Amazon Simple Queue Service queues to publish messages to and the events for which to publish messages.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-notificationconfiguration.html#cfn-s3-bucket-notificationconfiguration-queueconfigurations
	//
	QueueConfigurations interface{} `field:"optional" json:"queueConfigurations" yaml:"queueConfigurations"`
	// The topic to which notifications are sent and the events for which notifications are generated.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-notificationconfiguration.html#cfn-s3-bucket-notificationconfiguration-topicconfigurations
	//
	TopicConfigurations interface{} `field:"optional" json:"topicConfigurations" yaml:"topicConfigurations"`
}

Describes the notification configuration for an Amazon S3 bucket.

> If you create the target resource and related permissions in the same template, you might have a circular dependency. > > For example, you might use the `AWS::Lambda::Permission` resource to grant the bucket permission to invoke an AWS Lambda function. However, AWS CloudFormation can't create the bucket until the bucket has permission to invoke the function ( AWS CloudFormation checks whether the bucket can invoke the function). If you're using Refs to pass the bucket name, this leads to a circular dependency. > > To avoid this dependency, you can create all resources without specifying the notification configuration. Then, update the stack with a notification configuration. > > For more information on permissions, see [AWS::Lambda::Permission](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html) and [Granting Permissions to Publish Event Notification Messages to a Destination](https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html#grant-destinations-permissions-to-s3) .

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

notificationConfigurationProperty := &NotificationConfigurationProperty{
	EventBridgeConfiguration: &EventBridgeConfigurationProperty{
		EventBridgeEnabled: jsii.Boolean(false),
	},
	LambdaConfigurations: []interface{}{
		&LambdaConfigurationProperty{
			Event: jsii.String("event"),
			Function: jsii.String("function"),

			// the properties below are optional
			Filter: &NotificationFilterProperty{
				S3Key: &S3KeyFilterProperty{
					Rules: []interface{}{
						&FilterRuleProperty{
							Name: jsii.String("name"),
							Value: jsii.String("value"),
						},
					},
				},
			},
		},
	},
	QueueConfigurations: []interface{}{
		&QueueConfigurationProperty{
			Event: jsii.String("event"),
			Queue: jsii.String("queue"),

			// the properties below are optional
			Filter: &NotificationFilterProperty{
				S3Key: &S3KeyFilterProperty{
					Rules: []interface{}{
						&FilterRuleProperty{
							Name: jsii.String("name"),
							Value: jsii.String("value"),
						},
					},
				},
			},
		},
	},
	TopicConfigurations: []interface{}{
		&TopicConfigurationProperty{
			Event: jsii.String("event"),
			Topic: jsii.String("topic"),

			// the properties below are optional
			Filter: &NotificationFilterProperty{
				S3Key: &S3KeyFilterProperty{
					Rules: []interface{}{
						&FilterRuleProperty{
							Name: jsii.String("name"),
							Value: jsii.String("value"),
						},
					},
				},
			},
		},
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-notificationconfiguration.html

type CfnBucket_NotificationFilterProperty

type CfnBucket_NotificationFilterProperty struct {
	// A container for object key name prefix and suffix filtering rules.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-notificationfilter.html#cfn-s3-bucket-notificationfilter-s3key
	//
	S3Key interface{} `field:"required" json:"s3Key" yaml:"s3Key"`
}

Specifies object key name filtering rules.

For information about key name filtering, see [Configuring event notifications using object key name filtering](https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-filtering.html) in the *Amazon S3 User Guide* .

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

notificationFilterProperty := &NotificationFilterProperty{
	S3Key: &S3KeyFilterProperty{
		Rules: []interface{}{
			&FilterRuleProperty{
				Name: jsii.String("name"),
				Value: jsii.String("value"),
			},
		},
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-notificationfilter.html

type CfnBucket_ObjectLockConfigurationProperty

type CfnBucket_ObjectLockConfigurationProperty struct {
	// Indicates whether this bucket has an Object Lock configuration enabled.
	//
	// Enable `ObjectLockEnabled` when you apply `ObjectLockConfiguration` to a bucket.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-objectlockconfiguration.html#cfn-s3-bucket-objectlockconfiguration-objectlockenabled
	//
	ObjectLockEnabled *string `field:"optional" json:"objectLockEnabled" yaml:"objectLockEnabled"`
	// Specifies the Object Lock rule for the specified object.
	//
	// Enable this rule when you apply `ObjectLockConfiguration` to a bucket. If Object Lock is turned on, bucket settings require both `Mode` and a period of either `Days` or `Years` . You cannot specify `Days` and `Years` at the same time. For more information, see [ObjectLockRule](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-objectlockrule.html) and [DefaultRetention](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-defaultretention.html) .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-objectlockconfiguration.html#cfn-s3-bucket-objectlockconfiguration-rule
	//
	Rule interface{} `field:"optional" json:"rule" yaml:"rule"`
}

Places an Object Lock configuration on the specified bucket.

The rule specified in the Object Lock configuration will be applied by default to every new object placed in the specified bucket. For more information, see [Locking Objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html) .

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

objectLockConfigurationProperty := &ObjectLockConfigurationProperty{
	ObjectLockEnabled: jsii.String("objectLockEnabled"),
	Rule: &ObjectLockRuleProperty{
		DefaultRetention: &DefaultRetentionProperty{
			Days: jsii.Number(123),
			Mode: jsii.String("mode"),
			Years: jsii.Number(123),
		},
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-objectlockconfiguration.html

type CfnBucket_ObjectLockRuleProperty

type CfnBucket_ObjectLockRuleProperty struct {
	// The default Object Lock retention mode and period that you want to apply to new objects placed in the specified bucket.
	//
	// If Object Lock is turned on, bucket settings require both `Mode` and a period of either `Days` or `Years` . You cannot specify `Days` and `Years` at the same time. For more information about allowable values for mode and period, see [DefaultRetention](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-defaultretention.html) .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-objectlockrule.html#cfn-s3-bucket-objectlockrule-defaultretention
	//
	DefaultRetention interface{} `field:"optional" json:"defaultRetention" yaml:"defaultRetention"`
}

Specifies the Object Lock rule for the specified object.

Enable the this rule when you apply `ObjectLockConfiguration` to a bucket.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

objectLockRuleProperty := &ObjectLockRuleProperty{
	DefaultRetention: &DefaultRetentionProperty{
		Days: jsii.Number(123),
		Mode: jsii.String("mode"),
		Years: jsii.Number(123),
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-objectlockrule.html

type CfnBucket_OwnershipControlsProperty

type CfnBucket_OwnershipControlsProperty struct {
	// Specifies the container element for Object Ownership rules.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-ownershipcontrols.html#cfn-s3-bucket-ownershipcontrols-rules
	//
	Rules interface{} `field:"required" json:"rules" yaml:"rules"`
}

Specifies the container element for Object Ownership rules.

S3 Object Ownership is an Amazon S3 bucket-level setting that you can use to disable access control lists (ACLs) and take ownership of every object in your bucket, simplifying access management for data stored in Amazon S3. For more information, see [Controlling ownership of objects and disabling ACLs](https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) in the *Amazon S3 User Guide* .

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

ownershipControlsProperty := &OwnershipControlsProperty{
	Rules: []interface{}{
		&OwnershipControlsRuleProperty{
			ObjectOwnership: jsii.String("objectOwnership"),
		},
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-ownershipcontrols.html

type CfnBucket_OwnershipControlsRuleProperty

type CfnBucket_OwnershipControlsRuleProperty struct {
	// Specifies an object ownership rule.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-ownershipcontrolsrule.html#cfn-s3-bucket-ownershipcontrolsrule-objectownership
	//
	ObjectOwnership *string `field:"optional" json:"objectOwnership" yaml:"objectOwnership"`
}

Specifies an Object Ownership rule.

S3 Object Ownership is an Amazon S3 bucket-level setting that you can use to disable access control lists (ACLs) and take ownership of every object in your bucket, simplifying access management for data stored in Amazon S3. For more information, see [Controlling ownership of objects and disabling ACLs](https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) in the *Amazon S3 User Guide* .

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

ownershipControlsRuleProperty := &OwnershipControlsRuleProperty{
	ObjectOwnership: jsii.String("objectOwnership"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-ownershipcontrolsrule.html

type CfnBucket_PartitionedPrefixProperty added in v2.112.0

type CfnBucket_PartitionedPrefixProperty struct {
	// Specifies the partition date source for the partitioned prefix. `PartitionDateSource` can be `EventTime` or `DeliveryTime` .
	//
	// For `DeliveryTime` , the time in the log file names corresponds to the delivery time for the log files.
	//
	// For `EventTime` , The logs delivered are for a specific day only. The year, month, and day correspond to the day on which the event occurred, and the hour, minutes and seconds are set to 00 in the key.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-partitionedprefix.html#cfn-s3-bucket-partitionedprefix-partitiondatesource
	//
	PartitionDateSource *string `field:"optional" json:"partitionDateSource" yaml:"partitionDateSource"`
}

Amazon S3 keys for log objects are partitioned in the following format:.

`[DestinationPrefix][SourceAccountId]/[SourceRegion]/[SourceBucket]/[YYYY]/[MM]/[DD]/[YYYY]-[MM]-[DD]-[hh]-[mm]-[ss]-[UniqueString]`

PartitionedPrefix defaults to EventTime delivery when server access logs are delivered.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

partitionedPrefixProperty := &PartitionedPrefixProperty{
	PartitionDateSource: jsii.String("partitionDateSource"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-partitionedprefix.html

type CfnBucket_PublicAccessBlockConfigurationProperty

type CfnBucket_PublicAccessBlockConfigurationProperty struct {
	// Specifies whether Amazon S3 should block public access control lists (ACLs) for this bucket and objects in this bucket.
	//
	// Setting this element to `TRUE` causes the following behavior:
	//
	// - PUT Bucket ACL and PUT Object ACL calls fail if the specified ACL is public.
	// - PUT Object calls fail if the request includes a public ACL.
	// - PUT Bucket calls fail if the request includes a public ACL.
	//
	// Enabling this setting doesn't affect existing policies or ACLs.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-publicaccessblockconfiguration.html#cfn-s3-bucket-publicaccessblockconfiguration-blockpublicacls
	//
	BlockPublicAcls interface{} `field:"optional" json:"blockPublicAcls" yaml:"blockPublicAcls"`
	// Specifies whether Amazon S3 should block public bucket policies for this bucket.
	//
	// Setting this element to `TRUE` causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access.
	//
	// Enabling this setting doesn't affect existing bucket policies.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-publicaccessblockconfiguration.html#cfn-s3-bucket-publicaccessblockconfiguration-blockpublicpolicy
	//
	BlockPublicPolicy interface{} `field:"optional" json:"blockPublicPolicy" yaml:"blockPublicPolicy"`
	// Specifies whether Amazon S3 should ignore public ACLs for this bucket and objects in this bucket.
	//
	// Setting this element to `TRUE` causes Amazon S3 to ignore all public ACLs on this bucket and objects in this bucket.
	//
	// Enabling this setting doesn't affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-publicaccessblockconfiguration.html#cfn-s3-bucket-publicaccessblockconfiguration-ignorepublicacls
	//
	IgnorePublicAcls interface{} `field:"optional" json:"ignorePublicAcls" yaml:"ignorePublicAcls"`
	// Specifies whether Amazon S3 should restrict public bucket policies for this bucket.
	//
	// Setting this element to `TRUE` restricts access to this bucket to only AWS service principals and authorized users within this account if the bucket has a public policy.
	//
	// Enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-publicaccessblockconfiguration.html#cfn-s3-bucket-publicaccessblockconfiguration-restrictpublicbuckets
	//
	RestrictPublicBuckets interface{} `field:"optional" json:"restrictPublicBuckets" yaml:"restrictPublicBuckets"`
}

The PublicAccessBlock configuration that you want to apply to this Amazon S3 bucket.

You can enable the configuration options in any combination. For more information about when Amazon S3 considers a bucket or object public, see [The Meaning of "Public"](https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status) in the *Amazon S3 User Guide* .

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

publicAccessBlockConfigurationProperty := &PublicAccessBlockConfigurationProperty{
	BlockPublicAcls: jsii.Boolean(false),
	BlockPublicPolicy: jsii.Boolean(false),
	IgnorePublicAcls: jsii.Boolean(false),
	RestrictPublicBuckets: jsii.Boolean(false),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-publicaccessblockconfiguration.html

type CfnBucket_QueueConfigurationProperty

type CfnBucket_QueueConfigurationProperty struct {
	// The Amazon S3 bucket event about which you want to publish messages to Amazon SQS.
	//
	// For more information, see [Supported Event Types](https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) in the *Amazon S3 User Guide* .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-queueconfiguration.html#cfn-s3-bucket-queueconfiguration-event
	//
	Event *string `field:"required" json:"event" yaml:"event"`
	// The Amazon Resource Name (ARN) of the Amazon SQS queue to which Amazon S3 publishes a message when it detects events of the specified type.
	//
	// FIFO queues are not allowed when enabling an SQS queue as the event notification destination.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-queueconfiguration.html#cfn-s3-bucket-queueconfiguration-queue
	//
	Queue *string `field:"required" json:"queue" yaml:"queue"`
	// The filtering rules that determine which objects trigger notifications.
	//
	// For example, you can create a filter so that Amazon S3 sends notifications only when image files with a `.jpg` extension are added to the bucket. For more information, see [Configuring event notifications using object key name filtering](https://docs.aws.amazon.com/AmazonS3/latest/user-guide/notification-how-to-filtering.html) in the *Amazon S3 User Guide* .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-queueconfiguration.html#cfn-s3-bucket-queueconfiguration-filter
	//
	Filter interface{} `field:"optional" json:"filter" yaml:"filter"`
}

Specifies the configuration for publishing messages to an Amazon Simple Queue Service (Amazon SQS) queue when Amazon S3 detects specified events.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

queueConfigurationProperty := &QueueConfigurationProperty{
	Event: jsii.String("event"),
	Queue: jsii.String("queue"),

	// the properties below are optional
	Filter: &NotificationFilterProperty{
		S3Key: &S3KeyFilterProperty{
			Rules: []interface{}{
				&FilterRuleProperty{
					Name: jsii.String("name"),
					Value: jsii.String("value"),
				},
			},
		},
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-queueconfiguration.html

type CfnBucket_RedirectAllRequestsToProperty

type CfnBucket_RedirectAllRequestsToProperty struct {
	// Name of the host where requests are redirected.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-redirectallrequeststo.html#cfn-s3-bucket-redirectallrequeststo-hostname
	//
	HostName *string `field:"required" json:"hostName" yaml:"hostName"`
	// Protocol to use when redirecting requests.
	//
	// The default is the protocol that is used in the original request.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-redirectallrequeststo.html#cfn-s3-bucket-redirectallrequeststo-protocol
	//
	Protocol *string `field:"optional" json:"protocol" yaml:"protocol"`
}

Specifies the redirect behavior of all requests to a website endpoint of an Amazon S3 bucket.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

redirectAllRequestsToProperty := &RedirectAllRequestsToProperty{
	HostName: jsii.String("hostName"),

	// the properties below are optional
	Protocol: jsii.String("protocol"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-redirectallrequeststo.html

type CfnBucket_RedirectRuleProperty

type CfnBucket_RedirectRuleProperty struct {
	// The host name to use in the redirect request.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-redirectrule.html#cfn-s3-bucket-redirectrule-hostname
	//
	HostName *string `field:"optional" json:"hostName" yaml:"hostName"`
	// The HTTP redirect code to use on the response.
	//
	// Not required if one of the siblings is present.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-redirectrule.html#cfn-s3-bucket-redirectrule-httpredirectcode
	//
	HttpRedirectCode *string `field:"optional" json:"httpRedirectCode" yaml:"httpRedirectCode"`
	// Protocol to use when redirecting requests.
	//
	// The default is the protocol that is used in the original request.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-redirectrule.html#cfn-s3-bucket-redirectrule-protocol
	//
	Protocol *string `field:"optional" json:"protocol" yaml:"protocol"`
	// The object key prefix to use in the redirect request.
	//
	// For example, to redirect requests for all pages with prefix `docs/` (objects in the `docs/` folder) to `documents/` , you can set a condition block with `KeyPrefixEquals` set to `docs/` and in the Redirect set `ReplaceKeyPrefixWith` to `/documents` . Not required if one of the siblings is present. Can be present only if `ReplaceKeyWith` is not provided.
	//
	// > Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see [XML related object key constraints](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints) .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-redirectrule.html#cfn-s3-bucket-redirectrule-replacekeyprefixwith
	//
	ReplaceKeyPrefixWith *string `field:"optional" json:"replaceKeyPrefixWith" yaml:"replaceKeyPrefixWith"`
	// The specific object key to use in the redirect request.
	//
	// For example, redirect request to `error.html` . Not required if one of the siblings is present. Can be present only if `ReplaceKeyPrefixWith` is not provided.
	//
	// > Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see [XML related object key constraints](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints) .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-redirectrule.html#cfn-s3-bucket-redirectrule-replacekeywith
	//
	ReplaceKeyWith *string `field:"optional" json:"replaceKeyWith" yaml:"replaceKeyWith"`
}

Specifies how requests are redirected.

In the event of an error, you can specify a different error code to return.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

redirectRuleProperty := &RedirectRuleProperty{
	HostName: jsii.String("hostName"),
	HttpRedirectCode: jsii.String("httpRedirectCode"),
	Protocol: jsii.String("protocol"),
	ReplaceKeyPrefixWith: jsii.String("replaceKeyPrefixWith"),
	ReplaceKeyWith: jsii.String("replaceKeyWith"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-redirectrule.html

type CfnBucket_ReplicaModificationsProperty

type CfnBucket_ReplicaModificationsProperty struct {
	// Specifies whether Amazon S3 replicates modifications on replicas.
	//
	// *Allowed values* : `Enabled` | `Disabled`.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-replicamodifications.html#cfn-s3-bucket-replicamodifications-status
	//
	Status *string `field:"required" json:"status" yaml:"status"`
}

A filter that you can specify for selection for modifications on replicas.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

replicaModificationsProperty := &ReplicaModificationsProperty{
	Status: jsii.String("status"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-replicamodifications.html

type CfnBucket_ReplicationConfigurationProperty

type CfnBucket_ReplicationConfigurationProperty struct {
	// The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that Amazon S3 assumes when replicating objects.
	//
	// For more information, see [How to Set Up Replication](https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-how-setup.html) in the *Amazon S3 User Guide* .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-replicationconfiguration.html#cfn-s3-bucket-replicationconfiguration-role
	//
	Role *string `field:"required" json:"role" yaml:"role"`
	// A container for one or more replication rules.
	//
	// A replication configuration must have at least one rule and can contain a maximum of 1,000 rules.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-replicationconfiguration.html#cfn-s3-bucket-replicationconfiguration-rules
	//
	Rules interface{} `field:"required" json:"rules" yaml:"rules"`
}

A container for replication rules.

You can add up to 1,000 rules. The maximum size of a replication configuration is 2 MB. The latest version of the replication configuration XML is V2. For more information about XML V2 replication configurations, see [Replication configuration](https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication-add-config.html) in the *Amazon S3 User Guide* .

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

replicationConfigurationProperty := &ReplicationConfigurationProperty{
	Role: jsii.String("role"),
	Rules: []interface{}{
		&ReplicationRuleProperty{
			Destination: &ReplicationDestinationProperty{
				Bucket: jsii.String("bucket"),

				// the properties below are optional
				AccessControlTranslation: &AccessControlTranslationProperty{
					Owner: jsii.String("owner"),
				},
				Account: jsii.String("account"),
				EncryptionConfiguration: &EncryptionConfigurationProperty{
					ReplicaKmsKeyId: jsii.String("replicaKmsKeyId"),
				},
				Metrics: &MetricsProperty{
					Status: jsii.String("status"),

					// the properties below are optional
					EventThreshold: &ReplicationTimeValueProperty{
						Minutes: jsii.Number(123),
					},
				},
				ReplicationTime: &ReplicationTimeProperty{
					Status: jsii.String("status"),
					Time: &ReplicationTimeValueProperty{
						Minutes: jsii.Number(123),
					},
				},
				StorageClass: jsii.String("storageClass"),
			},
			Status: jsii.String("status"),

			// the properties below are optional
			DeleteMarkerReplication: &DeleteMarkerReplicationProperty{
				Status: jsii.String("status"),
			},
			Filter: &ReplicationRuleFilterProperty{
				And: &ReplicationRuleAndOperatorProperty{
					Prefix: jsii.String("prefix"),
					TagFilters: []interface{}{
						&TagFilterProperty{
							Key: jsii.String("key"),
							Value: jsii.String("value"),
						},
					},
				},
				Prefix: jsii.String("prefix"),
				TagFilter: &TagFilterProperty{
					Key: jsii.String("key"),
					Value: jsii.String("value"),
				},
			},
			Id: jsii.String("id"),
			Prefix: jsii.String("prefix"),
			Priority: jsii.Number(123),
			SourceSelectionCriteria: &SourceSelectionCriteriaProperty{
				ReplicaModifications: &ReplicaModificationsProperty{
					Status: jsii.String("status"),
				},
				SseKmsEncryptedObjects: &SseKmsEncryptedObjectsProperty{
					Status: jsii.String("status"),
				},
			},
		},
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-replicationconfiguration.html

type CfnBucket_ReplicationDestinationProperty

type CfnBucket_ReplicationDestinationProperty struct {
	// The Amazon Resource Name (ARN) of the bucket where you want Amazon S3 to store the results.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-replicationdestination.html#cfn-s3-bucket-replicationdestination-bucket
	//
	Bucket *string `field:"required" json:"bucket" yaml:"bucket"`
	// Specify this only in a cross-account scenario (where source and destination bucket owners are not the same), and you want to change replica ownership to the AWS account that owns the destination bucket.
	//
	// If this is not specified in the replication configuration, the replicas are owned by same AWS account that owns the source object.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-replicationdestination.html#cfn-s3-bucket-replicationdestination-accesscontroltranslation
	//
	AccessControlTranslation interface{} `field:"optional" json:"accessControlTranslation" yaml:"accessControlTranslation"`
	// Destination bucket owner account ID.
	//
	// In a cross-account scenario, if you direct Amazon S3 to change replica ownership to the AWS account that owns the destination bucket by specifying the `AccessControlTranslation` property, this is the account ID of the destination bucket owner. For more information, see [Cross-Region Replication Additional Configuration: Change Replica Owner](https://docs.aws.amazon.com/AmazonS3/latest/dev/crr-change-owner.html) in the *Amazon S3 User Guide* .
	//
	// If you specify the `AccessControlTranslation` property, the `Account` property is required.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-replicationdestination.html#cfn-s3-bucket-replicationdestination-account
	//
	Account *string `field:"optional" json:"account" yaml:"account"`
	// Specifies encryption-related information.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-replicationdestination.html#cfn-s3-bucket-replicationdestination-encryptionconfiguration
	//
	EncryptionConfiguration interface{} `field:"optional" json:"encryptionConfiguration" yaml:"encryptionConfiguration"`
	// A container specifying replication metrics-related settings enabling replication metrics and events.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-replicationdestination.html#cfn-s3-bucket-replicationdestination-metrics
	//
	Metrics interface{} `field:"optional" json:"metrics" yaml:"metrics"`
	// A container specifying S3 Replication Time Control (S3 RTC), including whether S3 RTC is enabled and the time when all objects and operations on objects must be replicated.
	//
	// Must be specified together with a `Metrics` block.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-replicationdestination.html#cfn-s3-bucket-replicationdestination-replicationtime
	//
	ReplicationTime interface{} `field:"optional" json:"replicationTime" yaml:"replicationTime"`
	// The storage class to use when replicating objects, such as S3 Standard or reduced redundancy.
	//
	// By default, Amazon S3 uses the storage class of the source object to create the object replica.
	//
	// For valid values, see the `StorageClass` element of the [PUT Bucket replication](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTreplication.html) action in the *Amazon S3 API Reference* .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-replicationdestination.html#cfn-s3-bucket-replicationdestination-storageclass
	//
	StorageClass *string `field:"optional" json:"storageClass" yaml:"storageClass"`
}

A container for information about the replication destination and its configurations including enabling the S3 Replication Time Control (S3 RTC).

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

replicationDestinationProperty := &ReplicationDestinationProperty{
	Bucket: jsii.String("bucket"),

	// the properties below are optional
	AccessControlTranslation: &AccessControlTranslationProperty{
		Owner: jsii.String("owner"),
	},
	Account: jsii.String("account"),
	EncryptionConfiguration: &EncryptionConfigurationProperty{
		ReplicaKmsKeyId: jsii.String("replicaKmsKeyId"),
	},
	Metrics: &MetricsProperty{
		Status: jsii.String("status"),

		// the properties below are optional
		EventThreshold: &ReplicationTimeValueProperty{
			Minutes: jsii.Number(123),
		},
	},
	ReplicationTime: &ReplicationTimeProperty{
		Status: jsii.String("status"),
		Time: &ReplicationTimeValueProperty{
			Minutes: jsii.Number(123),
		},
	},
	StorageClass: jsii.String("storageClass"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-replicationdestination.html

type CfnBucket_ReplicationRuleAndOperatorProperty

type CfnBucket_ReplicationRuleAndOperatorProperty struct {
	// An object key name prefix that identifies the subset of objects to which the rule applies.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-replicationruleandoperator.html#cfn-s3-bucket-replicationruleandoperator-prefix
	//
	Prefix *string `field:"optional" json:"prefix" yaml:"prefix"`
	// An array of tags containing key and value pairs.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-replicationruleandoperator.html#cfn-s3-bucket-replicationruleandoperator-tagfilters
	//
	TagFilters interface{} `field:"optional" json:"tagFilters" yaml:"tagFilters"`
}

A container for specifying rule filters.

The filters determine the subset of objects to which the rule applies. This element is required only if you specify more than one filter.

For example:

- If you specify both a `Prefix` and a `TagFilter` , wrap these filters in an `And` tag. - If you specify a filter based on multiple tags, wrap the `TagFilter` elements in an `And` tag.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

replicationRuleAndOperatorProperty := &ReplicationRuleAndOperatorProperty{
	Prefix: jsii.String("prefix"),
	TagFilters: []interface{}{
		&TagFilterProperty{
			Key: jsii.String("key"),
			Value: jsii.String("value"),
		},
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-replicationruleandoperator.html

type CfnBucket_ReplicationRuleFilterProperty

type CfnBucket_ReplicationRuleFilterProperty struct {
	// A container for specifying rule filters.
	//
	// The filters determine the subset of objects to which the rule applies. This element is required only if you specify more than one filter. For example:
	//
	// - If you specify both a `Prefix` and a `TagFilter` , wrap these filters in an `And` tag.
	// - If you specify a filter based on multiple tags, wrap the `TagFilter` elements in an `And` tag.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-replicationrulefilter.html#cfn-s3-bucket-replicationrulefilter-and
	//
	And interface{} `field:"optional" json:"and" yaml:"and"`
	// An object key name prefix that identifies the subset of objects to which the rule applies.
	//
	// > Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see [XML related object key constraints](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints) .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-replicationrulefilter.html#cfn-s3-bucket-replicationrulefilter-prefix
	//
	Prefix *string `field:"optional" json:"prefix" yaml:"prefix"`
	// A container for specifying a tag key and value.
	//
	// The rule applies only to objects that have the tag in their tag set.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-replicationrulefilter.html#cfn-s3-bucket-replicationrulefilter-tagfilter
	//
	TagFilter interface{} `field:"optional" json:"tagFilter" yaml:"tagFilter"`
}

A filter that identifies the subset of objects to which the replication rule applies.

A `Filter` must specify exactly one `Prefix` , `TagFilter` , or an `And` child element.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

replicationRuleFilterProperty := &ReplicationRuleFilterProperty{
	And: &ReplicationRuleAndOperatorProperty{
		Prefix: jsii.String("prefix"),
		TagFilters: []interface{}{
			&TagFilterProperty{
				Key: jsii.String("key"),
				Value: jsii.String("value"),
			},
		},
	},
	Prefix: jsii.String("prefix"),
	TagFilter: &TagFilterProperty{
		Key: jsii.String("key"),
		Value: jsii.String("value"),
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-replicationrulefilter.html

type CfnBucket_ReplicationRuleProperty

type CfnBucket_ReplicationRuleProperty struct {
	// A container for information about the replication destination and its configurations including enabling the S3 Replication Time Control (S3 RTC).
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-replicationrule.html#cfn-s3-bucket-replicationrule-destination
	//
	Destination interface{} `field:"required" json:"destination" yaml:"destination"`
	// Specifies whether the rule is enabled.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-replicationrule.html#cfn-s3-bucket-replicationrule-status
	//
	Status *string `field:"required" json:"status" yaml:"status"`
	// Specifies whether Amazon S3 replicates delete markers.
	//
	// If you specify a `Filter` in your replication configuration, you must also include a `DeleteMarkerReplication` element. If your `Filter` includes a `Tag` element, the `DeleteMarkerReplication` `Status` must be set to Disabled, because Amazon S3 does not support replicating delete markers for tag-based rules. For an example configuration, see [Basic Rule Configuration](https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-config-min-rule-config) .
	//
	// For more information about delete marker replication, see [Basic Rule Configuration](https://docs.aws.amazon.com/AmazonS3/latest/dev/delete-marker-replication.html) .
	//
	// > If you are using an earlier version of the replication configuration, Amazon S3 handles replication of delete markers differently. For more information, see [Backward Compatibility](https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-backward-compat-considerations) .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-replicationrule.html#cfn-s3-bucket-replicationrule-deletemarkerreplication
	//
	DeleteMarkerReplication interface{} `field:"optional" json:"deleteMarkerReplication" yaml:"deleteMarkerReplication"`
	// A filter that identifies the subset of objects to which the replication rule applies.
	//
	// A `Filter` must specify exactly one `Prefix` , `TagFilter` , or an `And` child element. The use of the filter field indicates that this is a V2 replication configuration. This field isn't supported in a V1 replication configuration.
	//
	// > V1 replication configuration only supports filtering by key prefix. To filter using a V1 replication configuration, add the `Prefix` directly as a child element of the `Rule` element.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-replicationrule.html#cfn-s3-bucket-replicationrule-filter
	//
	Filter interface{} `field:"optional" json:"filter" yaml:"filter"`
	// A unique identifier for the rule.
	//
	// The maximum value is 255 characters. If you don't specify a value, AWS CloudFormation generates a random ID. When using a V2 replication configuration this property is capitalized as "ID".
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-replicationrule.html#cfn-s3-bucket-replicationrule-id
	//
	Id *string `field:"optional" json:"id" yaml:"id"`
	// An object key name prefix that identifies the object or objects to which the rule applies.
	//
	// The maximum prefix length is 1,024 characters. To include all objects in a bucket, specify an empty string. To filter using a V1 replication configuration, add the `Prefix` directly as a child element of the `Rule` element.
	//
	// > Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see [XML related object key constraints](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints) .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-replicationrule.html#cfn-s3-bucket-replicationrule-prefix
	//
	Prefix *string `field:"optional" json:"prefix" yaml:"prefix"`
	// The priority indicates which rule has precedence whenever two or more replication rules conflict.
	//
	// Amazon S3 will attempt to replicate objects according to all replication rules. However, if there are two or more rules with the same destination bucket, then objects will be replicated according to the rule with the highest priority. The higher the number, the higher the priority.
	//
	// For more information, see [Replication](https://docs.aws.amazon.com/AmazonS3/latest/dev/replication.html) in the *Amazon S3 User Guide* .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-replicationrule.html#cfn-s3-bucket-replicationrule-priority
	//
	Priority *float64 `field:"optional" json:"priority" yaml:"priority"`
	// A container that describes additional filters for identifying the source objects that you want to replicate.
	//
	// You can choose to enable or disable the replication of these objects.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-replicationrule.html#cfn-s3-bucket-replicationrule-sourceselectioncriteria
	//
	SourceSelectionCriteria interface{} `field:"optional" json:"sourceSelectionCriteria" yaml:"sourceSelectionCriteria"`
}

Specifies which Amazon S3 objects to replicate and where to store the replicas.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

replicationRuleProperty := &ReplicationRuleProperty{
	Destination: &ReplicationDestinationProperty{
		Bucket: jsii.String("bucket"),

		// the properties below are optional
		AccessControlTranslation: &AccessControlTranslationProperty{
			Owner: jsii.String("owner"),
		},
		Account: jsii.String("account"),
		EncryptionConfiguration: &EncryptionConfigurationProperty{
			ReplicaKmsKeyId: jsii.String("replicaKmsKeyId"),
		},
		Metrics: &MetricsProperty{
			Status: jsii.String("status"),

			// the properties below are optional
			EventThreshold: &ReplicationTimeValueProperty{
				Minutes: jsii.Number(123),
			},
		},
		ReplicationTime: &ReplicationTimeProperty{
			Status: jsii.String("status"),
			Time: &ReplicationTimeValueProperty{
				Minutes: jsii.Number(123),
			},
		},
		StorageClass: jsii.String("storageClass"),
	},
	Status: jsii.String("status"),

	// the properties below are optional
	DeleteMarkerReplication: &DeleteMarkerReplicationProperty{
		Status: jsii.String("status"),
	},
	Filter: &ReplicationRuleFilterProperty{
		And: &ReplicationRuleAndOperatorProperty{
			Prefix: jsii.String("prefix"),
			TagFilters: []interface{}{
				&TagFilterProperty{
					Key: jsii.String("key"),
					Value: jsii.String("value"),
				},
			},
		},
		Prefix: jsii.String("prefix"),
		TagFilter: &TagFilterProperty{
			Key: jsii.String("key"),
			Value: jsii.String("value"),
		},
	},
	Id: jsii.String("id"),
	Prefix: jsii.String("prefix"),
	Priority: jsii.Number(123),
	SourceSelectionCriteria: &SourceSelectionCriteriaProperty{
		ReplicaModifications: &ReplicaModificationsProperty{
			Status: jsii.String("status"),
		},
		SseKmsEncryptedObjects: &SseKmsEncryptedObjectsProperty{
			Status: jsii.String("status"),
		},
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-replicationrule.html

type CfnBucket_ReplicationTimeProperty

type CfnBucket_ReplicationTimeProperty struct {
	// Specifies whether the replication time is enabled.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-replicationtime.html#cfn-s3-bucket-replicationtime-status
	//
	Status *string `field:"required" json:"status" yaml:"status"`
	// A container specifying the time by which replication should be complete for all objects and operations on objects.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-replicationtime.html#cfn-s3-bucket-replicationtime-time
	//
	Time interface{} `field:"required" json:"time" yaml:"time"`
}

A container specifying S3 Replication Time Control (S3 RTC) related information, including whether S3 RTC is enabled and the time when all objects and operations on objects must be replicated.

Must be specified together with a `Metrics` block.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

replicationTimeProperty := &ReplicationTimeProperty{
	Status: jsii.String("status"),
	Time: &ReplicationTimeValueProperty{
		Minutes: jsii.Number(123),
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-replicationtime.html

type CfnBucket_ReplicationTimeValueProperty

type CfnBucket_ReplicationTimeValueProperty struct {
	// Contains an integer specifying time in minutes.
	//
	// Valid value: 15.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-replicationtimevalue.html#cfn-s3-bucket-replicationtimevalue-minutes
	//
	Minutes *float64 `field:"required" json:"minutes" yaml:"minutes"`
}

A container specifying the time value for S3 Replication Time Control (S3 RTC) and replication metrics `EventThreshold` .

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

replicationTimeValueProperty := &ReplicationTimeValueProperty{
	Minutes: jsii.Number(123),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-replicationtimevalue.html

type CfnBucket_RoutingRuleConditionProperty

type CfnBucket_RoutingRuleConditionProperty struct {
	// The HTTP error code when the redirect is applied.
	//
	// In the event of an error, if the error code equals this value, then the specified redirect is applied.
	//
	// Required when parent element `Condition` is specified and sibling `KeyPrefixEquals` is not specified. If both are specified, then both must be true for the redirect to be applied.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-routingrulecondition.html#cfn-s3-bucket-routingrulecondition-httperrorcodereturnedequals
	//
	HttpErrorCodeReturnedEquals *string `field:"optional" json:"httpErrorCodeReturnedEquals" yaml:"httpErrorCodeReturnedEquals"`
	// The object key name prefix when the redirect is applied.
	//
	// For example, to redirect requests for `ExamplePage.html` , the key prefix will be `ExamplePage.html` . To redirect request for all pages with the prefix `docs/` , the key prefix will be `/docs` , which identifies all objects in the docs/ folder.
	//
	// Required when the parent element `Condition` is specified and sibling `HttpErrorCodeReturnedEquals` is not specified. If both conditions are specified, both must be true for the redirect to be applied.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-routingrulecondition.html#cfn-s3-bucket-routingrulecondition-keyprefixequals
	//
	KeyPrefixEquals *string `field:"optional" json:"keyPrefixEquals" yaml:"keyPrefixEquals"`
}

A container for describing a condition that must be met for the specified redirect to apply.

For example, 1. If request is for pages in the `/docs` folder, redirect to the `/documents` folder. 2. If request results in HTTP error 4xx, redirect request to another host where you might process the error.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

routingRuleConditionProperty := &RoutingRuleConditionProperty{
	HttpErrorCodeReturnedEquals: jsii.String("httpErrorCodeReturnedEquals"),
	KeyPrefixEquals: jsii.String("keyPrefixEquals"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-routingrulecondition.html

type CfnBucket_RoutingRuleProperty

type CfnBucket_RoutingRuleProperty struct {
	// Container for redirect information.
	//
	// You can redirect requests to another host, to another page, or with another protocol. In the event of an error, you can specify a different error code to return.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-routingrule.html#cfn-s3-bucket-routingrule-redirectrule
	//
	RedirectRule interface{} `field:"required" json:"redirectRule" yaml:"redirectRule"`
	// A container for describing a condition that must be met for the specified redirect to apply.
	//
	// For example, 1. If request is for pages in the `/docs` folder, redirect to the `/documents` folder. 2. If request results in HTTP error 4xx, redirect request to another host where you might process the error.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-routingrule.html#cfn-s3-bucket-routingrule-routingrulecondition
	//
	RoutingRuleCondition interface{} `field:"optional" json:"routingRuleCondition" yaml:"routingRuleCondition"`
}

Specifies the redirect behavior and when a redirect is applied.

For more information about routing rules, see [Configuring advanced conditional redirects](https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html#advanced-conditional-redirects) in the *Amazon S3 User Guide* .

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

routingRuleProperty := &RoutingRuleProperty{
	RedirectRule: &RedirectRuleProperty{
		HostName: jsii.String("hostName"),
		HttpRedirectCode: jsii.String("httpRedirectCode"),
		Protocol: jsii.String("protocol"),
		ReplaceKeyPrefixWith: jsii.String("replaceKeyPrefixWith"),
		ReplaceKeyWith: jsii.String("replaceKeyWith"),
	},

	// the properties below are optional
	RoutingRuleCondition: &RoutingRuleConditionProperty{
		HttpErrorCodeReturnedEquals: jsii.String("httpErrorCodeReturnedEquals"),
		KeyPrefixEquals: jsii.String("keyPrefixEquals"),
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-routingrule.html

type CfnBucket_RuleProperty

type CfnBucket_RuleProperty struct {
	// If `Enabled` , the rule is currently being applied.
	//
	// If `Disabled` , the rule is not currently being applied.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-rule.html#cfn-s3-bucket-rule-status
	//
	Status *string `field:"required" json:"status" yaml:"status"`
	// Specifies a lifecycle rule that stops incomplete multipart uploads to an Amazon S3 bucket.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-rule.html#cfn-s3-bucket-rule-abortincompletemultipartupload
	//
	AbortIncompleteMultipartUpload interface{} `field:"optional" json:"abortIncompleteMultipartUpload" yaml:"abortIncompleteMultipartUpload"`
	// Indicates when objects are deleted from Amazon S3 and Amazon S3 Glacier.
	//
	// The date value must be in ISO 8601 format. The time is always midnight UTC. If you specify an expiration and transition time, you must use the same time unit for both properties (either in days or by date). The expiration time must also be later than the transition time.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-rule.html#cfn-s3-bucket-rule-expirationdate
	//
	ExpirationDate interface{} `field:"optional" json:"expirationDate" yaml:"expirationDate"`
	// Indicates the number of days after creation when objects are deleted from Amazon S3 and Amazon S3 Glacier.
	//
	// If you specify an expiration and transition time, you must use the same time unit for both properties (either in days or by date). The expiration time must also be later than the transition time.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-rule.html#cfn-s3-bucket-rule-expirationindays
	//
	ExpirationInDays *float64 `field:"optional" json:"expirationInDays" yaml:"expirationInDays"`
	// Indicates whether Amazon S3 will remove a delete marker without any noncurrent versions.
	//
	// If set to true, the delete marker will be removed if there are no noncurrent versions. This cannot be specified with `ExpirationInDays` , `ExpirationDate` , or `TagFilters` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-rule.html#cfn-s3-bucket-rule-expiredobjectdeletemarker
	//
	ExpiredObjectDeleteMarker interface{} `field:"optional" json:"expiredObjectDeleteMarker" yaml:"expiredObjectDeleteMarker"`
	// Unique identifier for the rule.
	//
	// The value can't be longer than 255 characters.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-rule.html#cfn-s3-bucket-rule-id
	//
	Id *string `field:"optional" json:"id" yaml:"id"`
	// Specifies when noncurrent object versions expire.
	//
	// Upon expiration, Amazon S3 permanently deletes the noncurrent object versions. You set this lifecycle configuration action on a bucket that has versioning enabled (or suspended) to request that Amazon S3 delete noncurrent object versions at a specific period in the object's lifetime.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-rule.html#cfn-s3-bucket-rule-noncurrentversionexpiration
	//
	NoncurrentVersionExpiration interface{} `field:"optional" json:"noncurrentVersionExpiration" yaml:"noncurrentVersionExpiration"`
	// (Deprecated.) For buckets with versioning enabled (or suspended), specifies the time, in days, between when a new version of the object is uploaded to the bucket and when old versions of the object expire. When object versions expire, Amazon S3 permanently deletes them. If you specify a transition and expiration time, the expiration time must be later than the transition time.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-rule.html#cfn-s3-bucket-rule-noncurrentversionexpirationindays
	//
	NoncurrentVersionExpirationInDays *float64 `field:"optional" json:"noncurrentVersionExpirationInDays" yaml:"noncurrentVersionExpirationInDays"`
	// (Deprecated.) For buckets with versioning enabled (or suspended), specifies when non-current objects transition to a specified storage class. If you specify a transition and expiration time, the expiration time must be later than the transition time. If you specify this property, don't specify the `NoncurrentVersionTransitions` property.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-rule.html#cfn-s3-bucket-rule-noncurrentversiontransition
	//
	NoncurrentVersionTransition interface{} `field:"optional" json:"noncurrentVersionTransition" yaml:"noncurrentVersionTransition"`
	// For buckets with versioning enabled (or suspended), one or more transition rules that specify when non-current objects transition to a specified storage class.
	//
	// If you specify a transition and expiration time, the expiration time must be later than the transition time. If you specify this property, don't specify the `NoncurrentVersionTransition` property.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-rule.html#cfn-s3-bucket-rule-noncurrentversiontransitions
	//
	NoncurrentVersionTransitions interface{} `field:"optional" json:"noncurrentVersionTransitions" yaml:"noncurrentVersionTransitions"`
	// Specifies the minimum object size in bytes for this rule to apply to.
	//
	// Objects must be larger than this value in bytes. For more information about size based rules, see [Lifecycle configuration using size-based rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/lifecycle-configuration-examples.html#lc-size-rules) in the *Amazon S3 User Guide* .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-rule.html#cfn-s3-bucket-rule-objectsizegreaterthan
	//
	ObjectSizeGreaterThan *float64 `field:"optional" json:"objectSizeGreaterThan" yaml:"objectSizeGreaterThan"`
	// Specifies the maximum object size in bytes for this rule to apply to.
	//
	// Objects must be smaller than this value in bytes. For more information about sized based rules, see [Lifecycle configuration using size-based rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/lifecycle-configuration-examples.html#lc-size-rules) in the *Amazon S3 User Guide* .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-rule.html#cfn-s3-bucket-rule-objectsizelessthan
	//
	ObjectSizeLessThan *float64 `field:"optional" json:"objectSizeLessThan" yaml:"objectSizeLessThan"`
	// Object key prefix that identifies one or more objects to which this rule applies.
	//
	// > Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see [XML related object key constraints](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints) .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-rule.html#cfn-s3-bucket-rule-prefix
	//
	Prefix *string `field:"optional" json:"prefix" yaml:"prefix"`
	// Tags to use to identify a subset of objects to which the lifecycle rule applies.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-rule.html#cfn-s3-bucket-rule-tagfilters
	//
	TagFilters interface{} `field:"optional" json:"tagFilters" yaml:"tagFilters"`
	// (Deprecated.) Specifies when an object transitions to a specified storage class. If you specify an expiration and transition time, you must use the same time unit for both properties (either in days or by date). The expiration time must also be later than the transition time. If you specify this property, don't specify the `Transitions` property.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-rule.html#cfn-s3-bucket-rule-transition
	//
	Transition interface{} `field:"optional" json:"transition" yaml:"transition"`
	// One or more transition rules that specify when an object transitions to a specified storage class.
	//
	// If you specify an expiration and transition time, you must use the same time unit for both properties (either in days or by date). The expiration time must also be later than the transition time. If you specify this property, don't specify the `Transition` property.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-rule.html#cfn-s3-bucket-rule-transitions
	//
	Transitions interface{} `field:"optional" json:"transitions" yaml:"transitions"`
}

Specifies lifecycle rules for an Amazon S3 bucket.

For more information, see [Put Bucket Lifecycle Configuration](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTlifecycle.html) in the *Amazon S3 API Reference* .

You must specify at least one of the following properties: `AbortIncompleteMultipartUpload` , `ExpirationDate` , `ExpirationInDays` , `NoncurrentVersionExpirationInDays` , `NoncurrentVersionTransition` , `NoncurrentVersionTransitions` , `Transition` , or `Transitions` .

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

ruleProperty := &RuleProperty{
	Status: jsii.String("status"),

	// the properties below are optional
	AbortIncompleteMultipartUpload: &AbortIncompleteMultipartUploadProperty{
		DaysAfterInitiation: jsii.Number(123),
	},
	ExpirationDate: NewDate(),
	ExpirationInDays: jsii.Number(123),
	ExpiredObjectDeleteMarker: jsii.Boolean(false),
	Id: jsii.String("id"),
	NoncurrentVersionExpiration: &NoncurrentVersionExpirationProperty{
		NoncurrentDays: jsii.Number(123),

		// the properties below are optional
		NewerNoncurrentVersions: jsii.Number(123),
	},
	NoncurrentVersionExpirationInDays: jsii.Number(123),
	NoncurrentVersionTransition: &NoncurrentVersionTransitionProperty{
		StorageClass: jsii.String("storageClass"),
		TransitionInDays: jsii.Number(123),

		// the properties below are optional
		NewerNoncurrentVersions: jsii.Number(123),
	},
	NoncurrentVersionTransitions: []interface{}{
		&NoncurrentVersionTransitionProperty{
			StorageClass: jsii.String("storageClass"),
			TransitionInDays: jsii.Number(123),

			// the properties below are optional
			NewerNoncurrentVersions: jsii.Number(123),
		},
	},
	ObjectSizeGreaterThan: jsii.Number(123),
	ObjectSizeLessThan: jsii.Number(123),
	Prefix: jsii.String("prefix"),
	TagFilters: []interface{}{
		&TagFilterProperty{
			Key: jsii.String("key"),
			Value: jsii.String("value"),
		},
	},
	Transition: &TransitionProperty{
		StorageClass: jsii.String("storageClass"),

		// the properties below are optional
		TransitionDate: NewDate(),
		TransitionInDays: jsii.Number(123),
	},
	Transitions: []interface{}{
		&TransitionProperty{
			StorageClass: jsii.String("storageClass"),

			// the properties below are optional
			TransitionDate: NewDate(),
			TransitionInDays: jsii.Number(123),
		},
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-rule.html

type CfnBucket_S3KeyFilterProperty

type CfnBucket_S3KeyFilterProperty struct {
	// A list of containers for the key-value pair that defines the criteria for the filter rule.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-s3keyfilter.html#cfn-s3-bucket-s3keyfilter-rules
	//
	Rules interface{} `field:"required" json:"rules" yaml:"rules"`
}

A container for object key name prefix and suffix filtering rules.

For more information about object key name filtering, see [Configuring event notifications using object key name filtering](https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-filtering.html) in the *Amazon S3 User Guide* .

> The same type of filter rule cannot be used more than once. For example, you cannot specify two prefix rules.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

s3KeyFilterProperty := &S3KeyFilterProperty{
	Rules: []interface{}{
		&FilterRuleProperty{
			Name: jsii.String("name"),
			Value: jsii.String("value"),
		},
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-s3keyfilter.html

type CfnBucket_ServerSideEncryptionByDefaultProperty

type CfnBucket_ServerSideEncryptionByDefaultProperty struct {
	// Server-side encryption algorithm to use for the default encryption.
	//
	// > For directory buckets, there are only two supported values for server-side encryption: `AES256` and `aws:kms` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-serversideencryptionbydefault.html#cfn-s3-bucket-serversideencryptionbydefault-ssealgorithm
	//
	SseAlgorithm *string `field:"required" json:"sseAlgorithm" yaml:"sseAlgorithm"`
	// AWS Key Management Service (KMS) customer managed key ID to use for the default encryption.
	//
	// > - *General purpose buckets* - This parameter is allowed if and only if `SSEAlgorithm` is set to `aws:kms` or `aws:kms:dsse` .
	// > - *Directory buckets* - This parameter is allowed if and only if `SSEAlgorithm` is set to `aws:kms` .
	//
	// You can specify the key ID, key alias, or the Amazon Resource Name (ARN) of the KMS key.
	//
	// - Key ID: `1234abcd-12ab-34cd-56ef-1234567890ab`
	// - Key ARN: `arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`
	// - Key Alias: `alias/alias-name`
	//
	// If you are using encryption with cross-account or AWS service operations, you must use a fully qualified KMS key ARN. For more information, see [Using encryption for cross-account operations](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy) .
	//
	// > - *General purpose buckets* - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then AWS KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. Also, if you use a key ID, you can run into a LogDestination undeliverable error when creating a VPC flow log.
	// > - *Directory buckets* - When you specify an [AWS KMS customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported. > Amazon S3 only supports symmetric encryption KMS keys. For more information, see [Asymmetric keys in AWS KMS](https://docs.aws.amazon.com//kms/latest/developerguide/symmetric-asymmetric.html) in the *AWS Key Management Service Developer Guide* .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-serversideencryptionbydefault.html#cfn-s3-bucket-serversideencryptionbydefault-kmsmasterkeyid
	//
	KmsMasterKeyId *string `field:"optional" json:"kmsMasterKeyId" yaml:"kmsMasterKeyId"`
}

Describes the default server-side encryption to apply to new objects in the bucket.

If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. For more information, see [PutBucketEncryption](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html) .

> - *General purpose buckets* - If you don't specify a customer managed key at configuration, Amazon S3 automatically creates an AWS KMS key ( `aws/s3` ) in your AWS account the first time that you add an object encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS. > - *Directory buckets* - Your SSE-KMS configuration can only support 1 [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) per directory bucket for the lifetime of the bucket. The [AWS managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk) ( `aws/s3` ) isn't supported. > - *Directory buckets* - For directory buckets, there are only two supported options for server-side encryption: SSE-S3 and SSE-KMS.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

serverSideEncryptionByDefaultProperty := &ServerSideEncryptionByDefaultProperty{
	SseAlgorithm: jsii.String("sseAlgorithm"),

	// the properties below are optional
	KmsMasterKeyId: jsii.String("kmsMasterKeyId"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-serversideencryptionbydefault.html

type CfnBucket_ServerSideEncryptionRuleProperty

type CfnBucket_ServerSideEncryptionRuleProperty struct {
	// Specifies whether Amazon S3 should use an S3 Bucket Key with server-side encryption using KMS (SSE-KMS) for new objects in the bucket.
	//
	// Existing objects are not affected. Setting the `BucketKeyEnabled` element to `true` causes Amazon S3 to use an S3 Bucket Key. By default, S3 Bucket Key is not enabled.
	//
	// For more information, see [Amazon S3 Bucket Keys](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html) in the *Amazon S3 User Guide* .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-serversideencryptionrule.html#cfn-s3-bucket-serversideencryptionrule-bucketkeyenabled
	//
	BucketKeyEnabled interface{} `field:"optional" json:"bucketKeyEnabled" yaml:"bucketKeyEnabled"`
	// Specifies the default server-side encryption to apply to new objects in the bucket.
	//
	// If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-serversideencryptionrule.html#cfn-s3-bucket-serversideencryptionrule-serversideencryptionbydefault
	//
	ServerSideEncryptionByDefault interface{} `field:"optional" json:"serverSideEncryptionByDefault" yaml:"serverSideEncryptionByDefault"`
}

Specifies the default server-side encryption configuration.

> - *General purpose buckets* - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then AWS KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. > - *Directory buckets* - When you specify an [AWS KMS customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

serverSideEncryptionRuleProperty := &ServerSideEncryptionRuleProperty{
	BucketKeyEnabled: jsii.Boolean(false),
	ServerSideEncryptionByDefault: &ServerSideEncryptionByDefaultProperty{
		SseAlgorithm: jsii.String("sseAlgorithm"),

		// the properties below are optional
		KmsMasterKeyId: jsii.String("kmsMasterKeyId"),
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-serversideencryptionrule.html

type CfnBucket_SourceSelectionCriteriaProperty

type CfnBucket_SourceSelectionCriteriaProperty struct {
	// A filter that you can specify for selection for modifications on replicas.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-sourceselectioncriteria.html#cfn-s3-bucket-sourceselectioncriteria-replicamodifications
	//
	ReplicaModifications interface{} `field:"optional" json:"replicaModifications" yaml:"replicaModifications"`
	// A container for filter information for the selection of Amazon S3 objects encrypted with AWS KMS.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-sourceselectioncriteria.html#cfn-s3-bucket-sourceselectioncriteria-ssekmsencryptedobjects
	//
	SseKmsEncryptedObjects interface{} `field:"optional" json:"sseKmsEncryptedObjects" yaml:"sseKmsEncryptedObjects"`
}

A container that describes additional filters for identifying the source objects that you want to replicate.

You can choose to enable or disable the replication of these objects.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

sourceSelectionCriteriaProperty := &SourceSelectionCriteriaProperty{
	ReplicaModifications: &ReplicaModificationsProperty{
		Status: jsii.String("status"),
	},
	SseKmsEncryptedObjects: &SseKmsEncryptedObjectsProperty{
		Status: jsii.String("status"),
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-sourceselectioncriteria.html

type CfnBucket_SseKmsEncryptedObjectsProperty

type CfnBucket_SseKmsEncryptedObjectsProperty struct {
	// Specifies whether Amazon S3 replicates objects created with server-side encryption using an AWS KMS key stored in AWS Key Management Service.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-ssekmsencryptedobjects.html#cfn-s3-bucket-ssekmsencryptedobjects-status
	//
	Status *string `field:"required" json:"status" yaml:"status"`
}

A container for filter information for the selection of S3 objects encrypted with AWS KMS.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

sseKmsEncryptedObjectsProperty := &SseKmsEncryptedObjectsProperty{
	Status: jsii.String("status"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-ssekmsencryptedobjects.html

type CfnBucket_StorageClassAnalysisProperty

type CfnBucket_StorageClassAnalysisProperty struct {
	// Specifies how data related to the storage class analysis for an Amazon S3 bucket should be exported.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-storageclassanalysis.html#cfn-s3-bucket-storageclassanalysis-dataexport
	//
	DataExport interface{} `field:"optional" json:"dataExport" yaml:"dataExport"`
}

Specifies data related to access patterns to be collected and made available to analyze the tradeoffs between different storage classes for an Amazon S3 bucket.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

storageClassAnalysisProperty := &StorageClassAnalysisProperty{
	DataExport: &DataExportProperty{
		Destination: &DestinationProperty{
			BucketArn: jsii.String("bucketArn"),
			Format: jsii.String("format"),

			// the properties below are optional
			BucketAccountId: jsii.String("bucketAccountId"),
			Prefix: jsii.String("prefix"),
		},
		OutputSchemaVersion: jsii.String("outputSchemaVersion"),
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-storageclassanalysis.html

type CfnBucket_TagFilterProperty

type CfnBucket_TagFilterProperty struct {
	// The tag key.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-tagfilter.html#cfn-s3-bucket-tagfilter-key
	//
	Key *string `field:"required" json:"key" yaml:"key"`
	// The tag value.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-tagfilter.html#cfn-s3-bucket-tagfilter-value
	//
	Value *string `field:"required" json:"value" yaml:"value"`
}

Specifies tags to use to identify a subset of objects for an Amazon S3 bucket.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

tagFilterProperty := &TagFilterProperty{
	Key: jsii.String("key"),
	Value: jsii.String("value"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-tagfilter.html

type CfnBucket_TargetObjectKeyFormatProperty added in v2.112.0

type CfnBucket_TargetObjectKeyFormatProperty struct {
	// Partitioned S3 key for log objects.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-targetobjectkeyformat.html#cfn-s3-bucket-targetobjectkeyformat-partitionedprefix
	//
	PartitionedPrefix interface{} `field:"optional" json:"partitionedPrefix" yaml:"partitionedPrefix"`
	// To use the simple format for S3 keys for log objects.
	//
	// To specify SimplePrefix format, set SimplePrefix to {}.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-targetobjectkeyformat.html#cfn-s3-bucket-targetobjectkeyformat-simpleprefix
	//
	SimplePrefix interface{} `field:"optional" json:"simplePrefix" yaml:"simplePrefix"`
}

Amazon S3 key format for log objects.

Only one format, PartitionedPrefix or SimplePrefix, is allowed.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var simplePrefix interface{}

targetObjectKeyFormatProperty := &TargetObjectKeyFormatProperty{
	PartitionedPrefix: &PartitionedPrefixProperty{
		PartitionDateSource: jsii.String("partitionDateSource"),
	},
	SimplePrefix: simplePrefix,
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-targetobjectkeyformat.html

type CfnBucket_TieringProperty

type CfnBucket_TieringProperty struct {
	// S3 Intelligent-Tiering access tier.
	//
	// See [Storage class for automatically optimizing frequently and infrequently accessed objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access) for a list of access tiers in the S3 Intelligent-Tiering storage class.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-tiering.html#cfn-s3-bucket-tiering-accesstier
	//
	AccessTier *string `field:"required" json:"accessTier" yaml:"accessTier"`
	// The number of consecutive days of no access after which an object will be eligible to be transitioned to the corresponding tier.
	//
	// The minimum number of days specified for Archive Access tier must be at least 90 days and Deep Archive Access tier must be at least 180 days. The maximum can be up to 2 years (730 days).
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-tiering.html#cfn-s3-bucket-tiering-days
	//
	Days *float64 `field:"required" json:"days" yaml:"days"`
}

The S3 Intelligent-Tiering storage class is designed to optimize storage costs by automatically moving data to the most cost-effective storage access tier, without additional operational overhead.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

tieringProperty := &TieringProperty{
	AccessTier: jsii.String("accessTier"),
	Days: jsii.Number(123),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-tiering.html

type CfnBucket_TopicConfigurationProperty

type CfnBucket_TopicConfigurationProperty struct {
	// The Amazon S3 bucket event about which to send notifications.
	//
	// For more information, see [Supported Event Types](https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) in the *Amazon S3 User Guide* .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-topicconfiguration.html#cfn-s3-bucket-topicconfiguration-event
	//
	Event *string `field:"required" json:"event" yaml:"event"`
	// The Amazon Resource Name (ARN) of the Amazon SNS topic to which Amazon S3 publishes a message when it detects events of the specified type.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-topicconfiguration.html#cfn-s3-bucket-topicconfiguration-topic
	//
	Topic *string `field:"required" json:"topic" yaml:"topic"`
	// The filtering rules that determine for which objects to send notifications.
	//
	// For example, you can create a filter so that Amazon S3 sends notifications only when image files with a `.jpg` extension are added to the bucket.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-topicconfiguration.html#cfn-s3-bucket-topicconfiguration-filter
	//
	Filter interface{} `field:"optional" json:"filter" yaml:"filter"`
}

A container for specifying the configuration for publication of messages to an Amazon Simple Notification Service (Amazon SNS) topic when Amazon S3 detects specified events.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

topicConfigurationProperty := &TopicConfigurationProperty{
	Event: jsii.String("event"),
	Topic: jsii.String("topic"),

	// the properties below are optional
	Filter: &NotificationFilterProperty{
		S3Key: &S3KeyFilterProperty{
			Rules: []interface{}{
				&FilterRuleProperty{
					Name: jsii.String("name"),
					Value: jsii.String("value"),
				},
			},
		},
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-topicconfiguration.html

type CfnBucket_TransitionProperty

type CfnBucket_TransitionProperty struct {
	// The storage class to which you want the object to transition.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-transition.html#cfn-s3-bucket-transition-storageclass
	//
	StorageClass *string `field:"required" json:"storageClass" yaml:"storageClass"`
	// Indicates when objects are transitioned to the specified storage class.
	//
	// The date value must be in ISO 8601 format. The time is always midnight UTC.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-transition.html#cfn-s3-bucket-transition-transitiondate
	//
	TransitionDate interface{} `field:"optional" json:"transitionDate" yaml:"transitionDate"`
	// Indicates the number of days after creation when objects are transitioned to the specified storage class.
	//
	// The value must be a positive integer.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-transition.html#cfn-s3-bucket-transition-transitionindays
	//
	TransitionInDays *float64 `field:"optional" json:"transitionInDays" yaml:"transitionInDays"`
}

Specifies when an object transitions to a specified storage class.

For more information about Amazon S3 lifecycle configuration rules, see [Transitioning Objects Using Amazon S3 Lifecycle](https://docs.aws.amazon.com/AmazonS3/latest/dev/lifecycle-transition-general-considerations.html) in the *Amazon S3 User Guide* .

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

transitionProperty := &TransitionProperty{
	StorageClass: jsii.String("storageClass"),

	// the properties below are optional
	TransitionDate: NewDate(),
	TransitionInDays: jsii.Number(123),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-transition.html

type CfnBucket_VersioningConfigurationProperty

type CfnBucket_VersioningConfigurationProperty struct {
	// The versioning state of the bucket.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-versioningconfiguration.html#cfn-s3-bucket-versioningconfiguration-status
	//
	// Default: - "Suspended".
	//
	Status *string `field:"required" json:"status" yaml:"status"`
}

Describes the versioning state of an Amazon S3 bucket.

For more information, see [PUT Bucket versioning](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTVersioningStatus.html) in the *Amazon S3 API Reference* .

> When you enable versioning on a bucket for the first time, it might take a short amount of time for the change to be fully propagated. We recommend that you wait for 15 minutes after enabling versioning before issuing write operations ( `PUT` or `DELETE` ) on objects in the bucket.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

versioningConfigurationProperty := &VersioningConfigurationProperty{
	Status: jsii.String("status"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-versioningconfiguration.html

type CfnBucket_WebsiteConfigurationProperty

type CfnBucket_WebsiteConfigurationProperty struct {
	// The name of the error document for the website.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-websiteconfiguration.html#cfn-s3-bucket-websiteconfiguration-errordocument
	//
	ErrorDocument *string `field:"optional" json:"errorDocument" yaml:"errorDocument"`
	// The name of the index document for the website.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-websiteconfiguration.html#cfn-s3-bucket-websiteconfiguration-indexdocument
	//
	IndexDocument *string `field:"optional" json:"indexDocument" yaml:"indexDocument"`
	// The redirect behavior for every request to this bucket's website endpoint.
	//
	// > If you specify this property, you can't specify any other property.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-websiteconfiguration.html#cfn-s3-bucket-websiteconfiguration-redirectallrequeststo
	//
	RedirectAllRequestsTo interface{} `field:"optional" json:"redirectAllRequestsTo" yaml:"redirectAllRequestsTo"`
	// Rules that define when a redirect is applied and the redirect behavior.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-websiteconfiguration.html#cfn-s3-bucket-websiteconfiguration-routingrules
	//
	RoutingRules interface{} `field:"optional" json:"routingRules" yaml:"routingRules"`
}

Specifies website configuration parameters for an Amazon S3 bucket.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

websiteConfigurationProperty := &WebsiteConfigurationProperty{
	ErrorDocument: jsii.String("errorDocument"),
	IndexDocument: jsii.String("indexDocument"),
	RedirectAllRequestsTo: &RedirectAllRequestsToProperty{
		HostName: jsii.String("hostName"),

		// the properties below are optional
		Protocol: jsii.String("protocol"),
	},
	RoutingRules: []interface{}{
		&RoutingRuleProperty{
			RedirectRule: &RedirectRuleProperty{
				HostName: jsii.String("hostName"),
				HttpRedirectCode: jsii.String("httpRedirectCode"),
				Protocol: jsii.String("protocol"),
				ReplaceKeyPrefixWith: jsii.String("replaceKeyPrefixWith"),
				ReplaceKeyWith: jsii.String("replaceKeyWith"),
			},

			// the properties below are optional
			RoutingRuleCondition: &RoutingRuleConditionProperty{
				HttpErrorCodeReturnedEquals: jsii.String("httpErrorCodeReturnedEquals"),
				KeyPrefixEquals: jsii.String("keyPrefixEquals"),
			},
		},
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-websiteconfiguration.html

type CfnMultiRegionAccessPoint

type CfnMultiRegionAccessPoint interface {
	awscdk.CfnResource
	awscdk.IInspectable
	// The alias for the Multi-Region Access Point.
	//
	// For more information about the distinction between the name and the alias of an Multi-Region Access Point, see [Managing Multi-Region Access Points](https://docs.aws.amazon.com/AmazonS3/latest/userguide/CreatingMultiRegionAccessPoints.html#multi-region-access-point-naming) in the *Amazon S3 User Guide* .
	AttrAlias() *string
	// The timestamp of when the Multi-Region Access Point is created.
	AttrCreatedAt() *string
	// Options for this resource, such as condition, update policy etc.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	CfnResourceType() *string
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	CreationStack() *[]*string
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	LogicalId() *string
	// The name of the Multi-Region Access Point.
	Name() *string
	SetName(val *string)
	// The tree node.
	Node() constructs.Node
	// The PublicAccessBlock configuration that you want to apply to this Multi-Region Access Point.
	PublicAccessBlockConfiguration() interface{}
	SetPublicAccessBlockConfiguration(val interface{})
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	Ref() *string
	// A collection of the Regions and buckets associated with the Multi-Region Access Point.
	Regions() interface{}
	SetRegions(val interface{})
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	Stack() awscdk.Stack
	// Deprecated.
	// Deprecated: use `updatedProperties`
	//
	// Return properties modified after initiation
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperites() *map[string]interface{}
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperties() *map[string]interface{}
	// Syntactic sugar for `addOverride(path, undefined)`.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	AddDependency(target awscdk.CfnResource)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	// Deprecated: use addDependency.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//   "GlobalSecondaryIndexes": [
	//     {
	//       "Projection": {
	//         "NonKeyAttributes": [ "myattribute" ]
	//         ...
	//       }
	//       ...
	//     },
	//     {
	//       "ProjectionType": "INCLUDE"
	//       ...
	//     },
	//   ]
	//   ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
	// cases, a snapshot can be taken of the resource prior to deletion
	// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
	// can be found in the following link:.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
	//
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Retrieves an array of resources this resource depends on.
	//
	// This assembles dependencies on resources across stacks (including nested stacks)
	// automatically.
	ObtainDependencies() *[]interface{}
	// Get a shallow copy of dependencies between this resource and other resources in the same stack.
	ObtainResourceDependencies() *[]awscdk.CfnResource
	// Overrides the auto-generated logical ID with a specific ID.
	OverrideLogicalId(newLogicalId *string)
	// Indicates that this resource no longer depends on another resource.
	//
	// This can be used for resources across stacks (including nested stacks)
	// and the dependency will automatically be removed from the relevant scope.
	RemoveDependency(target awscdk.CfnResource)
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Replaces one dependency with another.
	ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	ShouldSynthesize() *bool
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	ToString() *string
	ValidateProperties(_properties interface{})
}

The `AWS::S3::MultiRegionAccessPoint` resource creates an Amazon S3 Multi-Region Access Point.

To learn more about Multi-Region Access Points, see [Multi-Region Access Points in Amazon S3](https://docs.aws.amazon.com/AmazonS3/latest/userguide/MultiRegionAccessPoints.html) in the in the *Amazon S3 User Guide* .

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnMultiRegionAccessPoint := awscdk.Aws_s3.NewCfnMultiRegionAccessPoint(this, jsii.String("MyCfnMultiRegionAccessPoint"), &CfnMultiRegionAccessPointProps{
	Regions: []interface{}{
		&RegionProperty{
			Bucket: jsii.String("bucket"),

			// the properties below are optional
			BucketAccountId: jsii.String("bucketAccountId"),
		},
	},

	// the properties below are optional
	Name: jsii.String("name"),
	PublicAccessBlockConfiguration: &PublicAccessBlockConfigurationProperty{
		BlockPublicAcls: jsii.Boolean(false),
		BlockPublicPolicy: jsii.Boolean(false),
		IgnorePublicAcls: jsii.Boolean(false),
		RestrictPublicBuckets: jsii.Boolean(false),
	},
})

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-multiregionaccesspoint.html

func NewCfnMultiRegionAccessPoint

func NewCfnMultiRegionAccessPoint(scope constructs.Construct, id *string, props *CfnMultiRegionAccessPointProps) CfnMultiRegionAccessPoint

type CfnMultiRegionAccessPointPolicy

type CfnMultiRegionAccessPointPolicy interface {
	awscdk.CfnResource
	awscdk.IInspectable
	// The Policy Status associated with this Multi Region Access Point.
	AttrPolicyStatus() awscdk.IResolvable
	// Specifies whether the policy is public or not.
	AttrPolicyStatusIsPublic() *string
	// Options for this resource, such as condition, update policy etc.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	CfnResourceType() *string
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	CreationStack() *[]*string
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	LogicalId() *string
	// The name of the Multi-Region Access Point.
	MrapName() *string
	SetMrapName(val *string)
	// The tree node.
	Node() constructs.Node
	// The access policy associated with the Multi-Region Access Point.
	Policy() interface{}
	SetPolicy(val interface{})
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	Ref() *string
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	Stack() awscdk.Stack
	// Deprecated.
	// Deprecated: use `updatedProperties`
	//
	// Return properties modified after initiation
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperites() *map[string]interface{}
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperties() *map[string]interface{}
	// Syntactic sugar for `addOverride(path, undefined)`.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	AddDependency(target awscdk.CfnResource)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	// Deprecated: use addDependency.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//   "GlobalSecondaryIndexes": [
	//     {
	//       "Projection": {
	//         "NonKeyAttributes": [ "myattribute" ]
	//         ...
	//       }
	//       ...
	//     },
	//     {
	//       "ProjectionType": "INCLUDE"
	//       ...
	//     },
	//   ]
	//   ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
	// cases, a snapshot can be taken of the resource prior to deletion
	// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
	// can be found in the following link:.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
	//
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Retrieves an array of resources this resource depends on.
	//
	// This assembles dependencies on resources across stacks (including nested stacks)
	// automatically.
	ObtainDependencies() *[]interface{}
	// Get a shallow copy of dependencies between this resource and other resources in the same stack.
	ObtainResourceDependencies() *[]awscdk.CfnResource
	// Overrides the auto-generated logical ID with a specific ID.
	OverrideLogicalId(newLogicalId *string)
	// Indicates that this resource no longer depends on another resource.
	//
	// This can be used for resources across stacks (including nested stacks)
	// and the dependency will automatically be removed from the relevant scope.
	RemoveDependency(target awscdk.CfnResource)
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Replaces one dependency with another.
	ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	ShouldSynthesize() *bool
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	ToString() *string
	ValidateProperties(_properties interface{})
}

Applies an Amazon S3 access policy to an Amazon S3 Multi-Region Access Point.

It is not possible to delete an access policy for a Multi-Region Access Point from the CloudFormation template. When you attempt to delete the policy, CloudFormation updates the policy using `DeletionPolicy:Retain` and `UpdateReplacePolicy:Retain` . CloudFormation updates the policy to only allow access to the account that created the bucket.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var policy interface{}

cfnMultiRegionAccessPointPolicy := awscdk.Aws_s3.NewCfnMultiRegionAccessPointPolicy(this, jsii.String("MyCfnMultiRegionAccessPointPolicy"), &CfnMultiRegionAccessPointPolicyProps{
	MrapName: jsii.String("mrapName"),
	Policy: policy,
})

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-multiregionaccesspointpolicy.html

func NewCfnMultiRegionAccessPointPolicy

func NewCfnMultiRegionAccessPointPolicy(scope constructs.Construct, id *string, props *CfnMultiRegionAccessPointPolicyProps) CfnMultiRegionAccessPointPolicy

type CfnMultiRegionAccessPointPolicyProps

type CfnMultiRegionAccessPointPolicyProps struct {
	// The name of the Multi-Region Access Point.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-multiregionaccesspointpolicy.html#cfn-s3-multiregionaccesspointpolicy-mrapname
	//
	MrapName *string `field:"required" json:"mrapName" yaml:"mrapName"`
	// The access policy associated with the Multi-Region Access Point.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-multiregionaccesspointpolicy.html#cfn-s3-multiregionaccesspointpolicy-policy
	//
	Policy interface{} `field:"required" json:"policy" yaml:"policy"`
}

Properties for defining a `CfnMultiRegionAccessPointPolicy`.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var policy interface{}

cfnMultiRegionAccessPointPolicyProps := &CfnMultiRegionAccessPointPolicyProps{
	MrapName: jsii.String("mrapName"),
	Policy: policy,
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-multiregionaccesspointpolicy.html

type CfnMultiRegionAccessPointPolicy_PolicyStatusProperty added in v2.55.0

type CfnMultiRegionAccessPointPolicy_PolicyStatusProperty struct {
	// The policy status for this bucket.
	//
	// `TRUE` indicates that this bucket is public. `FALSE` indicates that the bucket is not public.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-multiregionaccesspointpolicy-policystatus.html#cfn-s3-multiregionaccesspointpolicy-policystatus-ispublic
	//
	IsPublic *string `field:"required" json:"isPublic" yaml:"isPublic"`
}

The container element for a bucket's policy status.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

policyStatusProperty := &PolicyStatusProperty{
	IsPublic: jsii.String("isPublic"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-multiregionaccesspointpolicy-policystatus.html

type CfnMultiRegionAccessPointProps

type CfnMultiRegionAccessPointProps struct {
	// A collection of the Regions and buckets associated with the Multi-Region Access Point.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-multiregionaccesspoint.html#cfn-s3-multiregionaccesspoint-regions
	//
	Regions interface{} `field:"required" json:"regions" yaml:"regions"`
	// The name of the Multi-Region Access Point.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-multiregionaccesspoint.html#cfn-s3-multiregionaccesspoint-name
	//
	Name *string `field:"optional" json:"name" yaml:"name"`
	// The PublicAccessBlock configuration that you want to apply to this Multi-Region Access Point.
	//
	// You can enable the configuration options in any combination. For more information about when Amazon S3 considers an object public, see [The Meaning of "Public"](https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status) in the *Amazon S3 User Guide* .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-multiregionaccesspoint.html#cfn-s3-multiregionaccesspoint-publicaccessblockconfiguration
	//
	PublicAccessBlockConfiguration interface{} `field:"optional" json:"publicAccessBlockConfiguration" yaml:"publicAccessBlockConfiguration"`
}

Properties for defining a `CfnMultiRegionAccessPoint`.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnMultiRegionAccessPointProps := &CfnMultiRegionAccessPointProps{
	Regions: []interface{}{
		&RegionProperty{
			Bucket: jsii.String("bucket"),

			// the properties below are optional
			BucketAccountId: jsii.String("bucketAccountId"),
		},
	},

	// the properties below are optional
	Name: jsii.String("name"),
	PublicAccessBlockConfiguration: &PublicAccessBlockConfigurationProperty{
		BlockPublicAcls: jsii.Boolean(false),
		BlockPublicPolicy: jsii.Boolean(false),
		IgnorePublicAcls: jsii.Boolean(false),
		RestrictPublicBuckets: jsii.Boolean(false),
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-multiregionaccesspoint.html

type CfnMultiRegionAccessPoint_PublicAccessBlockConfigurationProperty

type CfnMultiRegionAccessPoint_PublicAccessBlockConfigurationProperty struct {
	// Specifies whether Amazon S3 should block public access control lists (ACLs) for this bucket and objects in this bucket.
	//
	// Setting this element to `TRUE` causes the following behavior:
	//
	// - PUT Bucket ACL and PUT Object ACL calls fail if the specified ACL is public.
	// - PUT Object calls fail if the request includes a public ACL.
	// - PUT Bucket calls fail if the request includes a public ACL.
	//
	// Enabling this setting doesn't affect existing policies or ACLs.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-multiregionaccesspoint-publicaccessblockconfiguration.html#cfn-s3-multiregionaccesspoint-publicaccessblockconfiguration-blockpublicacls
	//
	BlockPublicAcls interface{} `field:"optional" json:"blockPublicAcls" yaml:"blockPublicAcls"`
	// Specifies whether Amazon S3 should block public bucket policies for this bucket.
	//
	// Setting this element to `TRUE` causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access.
	//
	// Enabling this setting doesn't affect existing bucket policies.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-multiregionaccesspoint-publicaccessblockconfiguration.html#cfn-s3-multiregionaccesspoint-publicaccessblockconfiguration-blockpublicpolicy
	//
	BlockPublicPolicy interface{} `field:"optional" json:"blockPublicPolicy" yaml:"blockPublicPolicy"`
	// Specifies whether Amazon S3 should ignore public ACLs for this bucket and objects in this bucket.
	//
	// Setting this element to `TRUE` causes Amazon S3 to ignore all public ACLs on this bucket and objects in this bucket.
	//
	// Enabling this setting doesn't affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-multiregionaccesspoint-publicaccessblockconfiguration.html#cfn-s3-multiregionaccesspoint-publicaccessblockconfiguration-ignorepublicacls
	//
	IgnorePublicAcls interface{} `field:"optional" json:"ignorePublicAcls" yaml:"ignorePublicAcls"`
	// Specifies whether Amazon S3 should restrict public bucket policies for this bucket.
	//
	// Setting this element to `TRUE` restricts access to this bucket to only AWS service principals and authorized users within this account if the bucket has a public policy.
	//
	// Enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-multiregionaccesspoint-publicaccessblockconfiguration.html#cfn-s3-multiregionaccesspoint-publicaccessblockconfiguration-restrictpublicbuckets
	//
	RestrictPublicBuckets interface{} `field:"optional" json:"restrictPublicBuckets" yaml:"restrictPublicBuckets"`
}

The PublicAccessBlock configuration that you want to apply to this Amazon S3 Multi-Region Access Point.

You can enable the configuration options in any combination. For more information about when Amazon S3 considers an object public, see [The Meaning of "Public"](https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status) in the *Amazon S3 User Guide* .

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

publicAccessBlockConfigurationProperty := &PublicAccessBlockConfigurationProperty{
	BlockPublicAcls: jsii.Boolean(false),
	BlockPublicPolicy: jsii.Boolean(false),
	IgnorePublicAcls: jsii.Boolean(false),
	RestrictPublicBuckets: jsii.Boolean(false),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-multiregionaccesspoint-publicaccessblockconfiguration.html

type CfnMultiRegionAccessPoint_RegionProperty

type CfnMultiRegionAccessPoint_RegionProperty struct {
	// The name of the associated bucket for the Region.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-multiregionaccesspoint-region.html#cfn-s3-multiregionaccesspoint-region-bucket
	//
	Bucket *string `field:"required" json:"bucket" yaml:"bucket"`
	// The AWS account ID that owns the Amazon S3 bucket that's associated with this Multi-Region Access Point.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-multiregionaccesspoint-region.html#cfn-s3-multiregionaccesspoint-region-bucketaccountid
	//
	BucketAccountId *string `field:"optional" json:"bucketAccountId" yaml:"bucketAccountId"`
}

A bucket associated with a specific Region when creating Multi-Region Access Points.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

regionProperty := &RegionProperty{
	Bucket: jsii.String("bucket"),

	// the properties below are optional
	BucketAccountId: jsii.String("bucketAccountId"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-multiregionaccesspoint-region.html

type CfnStorageLens

type CfnStorageLens interface {
	awscdk.CfnResource
	awscdk.IInspectable
	awscdk.ITaggable
	// This property contains the details of the ARN of the S3 Storage Lens configuration.
	//
	// This property is read-only.
	AttrStorageLensConfigurationStorageLensArn() *string
	// Options for this resource, such as condition, update policy etc.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	CfnResourceType() *string
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	CreationStack() *[]*string
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	LogicalId() *string
	// The tree node.
	Node() constructs.Node
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	Ref() *string
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	Stack() awscdk.Stack
	// This resource contains the details Amazon S3 Storage Lens configuration.
	StorageLensConfiguration() interface{}
	SetStorageLensConfiguration(val interface{})
	// Tag Manager which manages the tags for this resource.
	Tags() awscdk.TagManager
	// A set of tags (key–value pairs) to associate with the Storage Lens configuration.
	TagsRaw() *[]*awscdk.CfnTag
	SetTagsRaw(val *[]*awscdk.CfnTag)
	// Deprecated.
	// Deprecated: use `updatedProperties`
	//
	// Return properties modified after initiation
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperites() *map[string]interface{}
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperties() *map[string]interface{}
	// Syntactic sugar for `addOverride(path, undefined)`.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	AddDependency(target awscdk.CfnResource)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	// Deprecated: use addDependency.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//   "GlobalSecondaryIndexes": [
	//     {
	//       "Projection": {
	//         "NonKeyAttributes": [ "myattribute" ]
	//         ...
	//       }
	//       ...
	//     },
	//     {
	//       "ProjectionType": "INCLUDE"
	//       ...
	//     },
	//   ]
	//   ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
	// cases, a snapshot can be taken of the resource prior to deletion
	// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
	// can be found in the following link:.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
	//
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Retrieves an array of resources this resource depends on.
	//
	// This assembles dependencies on resources across stacks (including nested stacks)
	// automatically.
	ObtainDependencies() *[]interface{}
	// Get a shallow copy of dependencies between this resource and other resources in the same stack.
	ObtainResourceDependencies() *[]awscdk.CfnResource
	// Overrides the auto-generated logical ID with a specific ID.
	OverrideLogicalId(newLogicalId *string)
	// Indicates that this resource no longer depends on another resource.
	//
	// This can be used for resources across stacks (including nested stacks)
	// and the dependency will automatically be removed from the relevant scope.
	RemoveDependency(target awscdk.CfnResource)
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Replaces one dependency with another.
	ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	ShouldSynthesize() *bool
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	ToString() *string
	ValidateProperties(_properties interface{})
}

The AWS::S3::StorageLens resource creates an Amazon S3 Storage Lens configuration.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var sses3 interface{}

cfnStorageLens := awscdk.Aws_s3.NewCfnStorageLens(this, jsii.String("MyCfnStorageLens"), &CfnStorageLensProps{
	StorageLensConfiguration: &StorageLensConfigurationProperty{
		AccountLevel: &AccountLevelProperty{
			BucketLevel: &BucketLevelProperty{
				ActivityMetrics: &ActivityMetricsProperty{
					IsEnabled: jsii.Boolean(false),
				},
				AdvancedCostOptimizationMetrics: &AdvancedCostOptimizationMetricsProperty{
					IsEnabled: jsii.Boolean(false),
				},
				AdvancedDataProtectionMetrics: &AdvancedDataProtectionMetricsProperty{
					IsEnabled: jsii.Boolean(false),
				},
				DetailedStatusCodesMetrics: &DetailedStatusCodesMetricsProperty{
					IsEnabled: jsii.Boolean(false),
				},
				PrefixLevel: &PrefixLevelProperty{
					StorageMetrics: &PrefixLevelStorageMetricsProperty{
						IsEnabled: jsii.Boolean(false),
						SelectionCriteria: &SelectionCriteriaProperty{
							Delimiter: jsii.String("delimiter"),
							MaxDepth: jsii.Number(123),
							MinStorageBytesPercentage: jsii.Number(123),
						},
					},
				},
			},

			// the properties below are optional
			ActivityMetrics: &ActivityMetricsProperty{
				IsEnabled: jsii.Boolean(false),
			},
			AdvancedCostOptimizationMetrics: &AdvancedCostOptimizationMetricsProperty{
				IsEnabled: jsii.Boolean(false),
			},
			AdvancedDataProtectionMetrics: &AdvancedDataProtectionMetricsProperty{
				IsEnabled: jsii.Boolean(false),
			},
			DetailedStatusCodesMetrics: &DetailedStatusCodesMetricsProperty{
				IsEnabled: jsii.Boolean(false),
			},
			StorageLensGroupLevel: &StorageLensGroupLevelProperty{
				StorageLensGroupSelectionCriteria: &StorageLensGroupSelectionCriteriaProperty{
					Exclude: []*string{
						jsii.String("exclude"),
					},
					Include: []*string{
						jsii.String("include"),
					},
				},
			},
		},
		Id: jsii.String("id"),
		IsEnabled: jsii.Boolean(false),

		// the properties below are optional
		AwsOrg: &AwsOrgProperty{
			Arn: jsii.String("arn"),
		},
		DataExport: &DataExportProperty{
			CloudWatchMetrics: &CloudWatchMetricsProperty{
				IsEnabled: jsii.Boolean(false),
			},
			S3BucketDestination: &S3BucketDestinationProperty{
				AccountId: jsii.String("accountId"),
				Arn: jsii.String("arn"),
				Format: jsii.String("format"),
				OutputSchemaVersion: jsii.String("outputSchemaVersion"),

				// the properties below are optional
				Encryption: &EncryptionProperty{
					Ssekms: &SSEKMSProperty{
						KeyId: jsii.String("keyId"),
					},
					Sses3: sses3,
				},
				Prefix: jsii.String("prefix"),
			},
		},
		Exclude: &BucketsAndRegionsProperty{
			Buckets: []*string{
				jsii.String("buckets"),
			},
			Regions: []*string{
				jsii.String("regions"),
			},
		},
		Include: &BucketsAndRegionsProperty{
			Buckets: []*string{
				jsii.String("buckets"),
			},
			Regions: []*string{
				jsii.String("regions"),
			},
		},
		StorageLensArn: jsii.String("storageLensArn"),
	},

	// the properties below are optional
	Tags: []cfnTag{
		&cfnTag{
			Key: jsii.String("key"),
			Value: jsii.String("value"),
		},
	},
})

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-storagelens.html

func NewCfnStorageLens

func NewCfnStorageLens(scope constructs.Construct, id *string, props *CfnStorageLensProps) CfnStorageLens

type CfnStorageLensGroup added in v2.109.0

type CfnStorageLensGroup interface {
	awscdk.CfnResource
	awscdk.IInspectable
	awscdk.ITaggableV2
	// The ARN for the Amazon S3 Storage Lens Group.
	AttrStorageLensGroupArn() *string
	// Tag Manager which manages the tags for this resource.
	CdkTagManager() awscdk.TagManager
	// Options for this resource, such as condition, update policy etc.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	CfnResourceType() *string
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	CreationStack() *[]*string
	// This property contains the criteria for the Storage Lens group data that is displayed.
	Filter() interface{}
	SetFilter(val interface{})
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	LogicalId() *string
	// This property contains the Storage Lens group name.
	Name() *string
	SetName(val *string)
	// The tree node.
	Node() constructs.Node
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	Ref() *string
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	Stack() awscdk.Stack
	// This property contains the AWS resource tags that you're adding to your Storage Lens group.
	Tags() *[]*awscdk.CfnTag
	SetTags(val *[]*awscdk.CfnTag)
	// Deprecated.
	// Deprecated: use `updatedProperties`
	//
	// Return properties modified after initiation
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperites() *map[string]interface{}
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperties() *map[string]interface{}
	// Syntactic sugar for `addOverride(path, undefined)`.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	AddDependency(target awscdk.CfnResource)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	// Deprecated: use addDependency.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//   "GlobalSecondaryIndexes": [
	//     {
	//       "Projection": {
	//         "NonKeyAttributes": [ "myattribute" ]
	//         ...
	//       }
	//       ...
	//     },
	//     {
	//       "ProjectionType": "INCLUDE"
	//       ...
	//     },
	//   ]
	//   ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
	// cases, a snapshot can be taken of the resource prior to deletion
	// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
	// can be found in the following link:.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
	//
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Retrieves an array of resources this resource depends on.
	//
	// This assembles dependencies on resources across stacks (including nested stacks)
	// automatically.
	ObtainDependencies() *[]interface{}
	// Get a shallow copy of dependencies between this resource and other resources in the same stack.
	ObtainResourceDependencies() *[]awscdk.CfnResource
	// Overrides the auto-generated logical ID with a specific ID.
	OverrideLogicalId(newLogicalId *string)
	// Indicates that this resource no longer depends on another resource.
	//
	// This can be used for resources across stacks (including nested stacks)
	// and the dependency will automatically be removed from the relevant scope.
	RemoveDependency(target awscdk.CfnResource)
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Replaces one dependency with another.
	ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	ShouldSynthesize() *bool
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	ToString() *string
	ValidateProperties(_properties interface{})
}

The `AWS::S3::StorageLensGroup` resource creates an S3 Storage Lens group.

A Storage Lens group is a custom grouping of objects that include filters for prefixes, suffixes, object tags, object size, or object age. You can create an S3 Storage Lens group that includes a single filter or multiple filter conditions. To specify multiple filter conditions, you use `AND` or `OR` logical operators. For more information about S3 Storage Lens groups, see [Working with S3 Storage Lens groups](https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage-lens-groups-overview.html) .

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnStorageLensGroup := awscdk.Aws_s3.NewCfnStorageLensGroup(this, jsii.String("MyCfnStorageLensGroup"), &CfnStorageLensGroupProps{
	Filter: &FilterProperty{
		And: &AndProperty{
			MatchAnyPrefix: []*string{
				jsii.String("matchAnyPrefix"),
			},
			MatchAnySuffix: []*string{
				jsii.String("matchAnySuffix"),
			},
			MatchAnyTag: []interface{}{
				&CfnTag{
					Key: jsii.String("key"),
					Value: jsii.String("value"),
				},
			},
			MatchObjectAge: &MatchObjectAgeProperty{
				DaysGreaterThan: jsii.Number(123),
				DaysLessThan: jsii.Number(123),
			},
			MatchObjectSize: &MatchObjectSizeProperty{
				BytesGreaterThan: jsii.Number(123),
				BytesLessThan: jsii.Number(123),
			},
		},
		MatchAnyPrefix: []*string{
			jsii.String("matchAnyPrefix"),
		},
		MatchAnySuffix: []*string{
			jsii.String("matchAnySuffix"),
		},
		MatchAnyTag: []interface{}{
			&CfnTag{
				Key: jsii.String("key"),
				Value: jsii.String("value"),
			},
		},
		MatchObjectAge: &MatchObjectAgeProperty{
			DaysGreaterThan: jsii.Number(123),
			DaysLessThan: jsii.Number(123),
		},
		MatchObjectSize: &MatchObjectSizeProperty{
			BytesGreaterThan: jsii.Number(123),
			BytesLessThan: jsii.Number(123),
		},
		Or: &OrProperty{
			MatchAnyPrefix: []*string{
				jsii.String("matchAnyPrefix"),
			},
			MatchAnySuffix: []*string{
				jsii.String("matchAnySuffix"),
			},
			MatchAnyTag: []interface{}{
				&CfnTag{
					Key: jsii.String("key"),
					Value: jsii.String("value"),
				},
			},
			MatchObjectAge: &MatchObjectAgeProperty{
				DaysGreaterThan: jsii.Number(123),
				DaysLessThan: jsii.Number(123),
			},
			MatchObjectSize: &MatchObjectSizeProperty{
				BytesGreaterThan: jsii.Number(123),
				BytesLessThan: jsii.Number(123),
			},
		},
	},
	Name: jsii.String("name"),

	// the properties below are optional
	Tags: []cfnTag{
		&cfnTag{
			Key: jsii.String("key"),
			Value: jsii.String("value"),
		},
	},
})

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-storagelensgroup.html

func NewCfnStorageLensGroup added in v2.109.0

func NewCfnStorageLensGroup(scope constructs.Construct, id *string, props *CfnStorageLensGroupProps) CfnStorageLensGroup

type CfnStorageLensGroupProps added in v2.109.0

type CfnStorageLensGroupProps struct {
	// This property contains the criteria for the Storage Lens group data that is displayed.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-storagelensgroup.html#cfn-s3-storagelensgroup-filter
	//
	Filter interface{} `field:"required" json:"filter" yaml:"filter"`
	// This property contains the Storage Lens group name.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-storagelensgroup.html#cfn-s3-storagelensgroup-name
	//
	Name *string `field:"required" json:"name" yaml:"name"`
	// This property contains the AWS resource tags that you're adding to your Storage Lens group.
	//
	// This parameter is optional.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-storagelensgroup.html#cfn-s3-storagelensgroup-tags
	//
	Tags *[]*awscdk.CfnTag `field:"optional" json:"tags" yaml:"tags"`
}

Properties for defining a `CfnStorageLensGroup`.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnStorageLensGroupProps := &CfnStorageLensGroupProps{
	Filter: &FilterProperty{
		And: &AndProperty{
			MatchAnyPrefix: []*string{
				jsii.String("matchAnyPrefix"),
			},
			MatchAnySuffix: []*string{
				jsii.String("matchAnySuffix"),
			},
			MatchAnyTag: []interface{}{
				&CfnTag{
					Key: jsii.String("key"),
					Value: jsii.String("value"),
				},
			},
			MatchObjectAge: &MatchObjectAgeProperty{
				DaysGreaterThan: jsii.Number(123),
				DaysLessThan: jsii.Number(123),
			},
			MatchObjectSize: &MatchObjectSizeProperty{
				BytesGreaterThan: jsii.Number(123),
				BytesLessThan: jsii.Number(123),
			},
		},
		MatchAnyPrefix: []*string{
			jsii.String("matchAnyPrefix"),
		},
		MatchAnySuffix: []*string{
			jsii.String("matchAnySuffix"),
		},
		MatchAnyTag: []interface{}{
			&CfnTag{
				Key: jsii.String("key"),
				Value: jsii.String("value"),
			},
		},
		MatchObjectAge: &MatchObjectAgeProperty{
			DaysGreaterThan: jsii.Number(123),
			DaysLessThan: jsii.Number(123),
		},
		MatchObjectSize: &MatchObjectSizeProperty{
			BytesGreaterThan: jsii.Number(123),
			BytesLessThan: jsii.Number(123),
		},
		Or: &OrProperty{
			MatchAnyPrefix: []*string{
				jsii.String("matchAnyPrefix"),
			},
			MatchAnySuffix: []*string{
				jsii.String("matchAnySuffix"),
			},
			MatchAnyTag: []interface{}{
				&CfnTag{
					Key: jsii.String("key"),
					Value: jsii.String("value"),
				},
			},
			MatchObjectAge: &MatchObjectAgeProperty{
				DaysGreaterThan: jsii.Number(123),
				DaysLessThan: jsii.Number(123),
			},
			MatchObjectSize: &MatchObjectSizeProperty{
				BytesGreaterThan: jsii.Number(123),
				BytesLessThan: jsii.Number(123),
			},
		},
	},
	Name: jsii.String("name"),

	// the properties below are optional
	Tags: []cfnTag{
		&cfnTag{
			Key: jsii.String("key"),
			Value: jsii.String("value"),
		},
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-storagelensgroup.html

type CfnStorageLensGroup_AndProperty added in v2.109.0

type CfnStorageLensGroup_AndProperty struct {
	// This property contains a list of prefixes.
	//
	// At least one prefix must be specified. Up to 10 prefixes are allowed.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelensgroup-and.html#cfn-s3-storagelensgroup-and-matchanyprefix
	//
	MatchAnyPrefix *[]*string `field:"optional" json:"matchAnyPrefix" yaml:"matchAnyPrefix"`
	// This property contains a list of suffixes.
	//
	// At least one suffix must be specified. Up to 10 suffixes are allowed.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelensgroup-and.html#cfn-s3-storagelensgroup-and-matchanysuffix
	//
	MatchAnySuffix *[]*string `field:"optional" json:"matchAnySuffix" yaml:"matchAnySuffix"`
	// This property contains the list of object tags.
	//
	// At least one object tag must be specified. Up to 10 object tags are allowed.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelensgroup-and.html#cfn-s3-storagelensgroup-and-matchanytag
	//
	MatchAnyTag interface{} `field:"optional" json:"matchAnyTag" yaml:"matchAnyTag"`
	// This property contains `DaysGreaterThan` and `DaysLessThan` properties to define the object age range (minimum and maximum number of days).
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelensgroup-and.html#cfn-s3-storagelensgroup-and-matchobjectage
	//
	MatchObjectAge interface{} `field:"optional" json:"matchObjectAge" yaml:"matchObjectAge"`
	// This property contains `BytesGreaterThan` and `BytesLessThan` to define the object size range (minimum and maximum number of Bytes).
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelensgroup-and.html#cfn-s3-storagelensgroup-and-matchobjectsize
	//
	MatchObjectSize interface{} `field:"optional" json:"matchObjectSize" yaml:"matchObjectSize"`
}

This resource is a logical operator that allows multiple filter conditions to be joined for more complex comparisons of Storage Lens group data.

Objects must match all of the listed filter conditions that are joined by the `And` logical operator. Only one of each filter condition is allowed.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

andProperty := &AndProperty{
	MatchAnyPrefix: []*string{
		jsii.String("matchAnyPrefix"),
	},
	MatchAnySuffix: []*string{
		jsii.String("matchAnySuffix"),
	},
	MatchAnyTag: []interface{}{
		&CfnTag{
			Key: jsii.String("key"),
			Value: jsii.String("value"),
		},
	},
	MatchObjectAge: &MatchObjectAgeProperty{
		DaysGreaterThan: jsii.Number(123),
		DaysLessThan: jsii.Number(123),
	},
	MatchObjectSize: &MatchObjectSizeProperty{
		BytesGreaterThan: jsii.Number(123),
		BytesLessThan: jsii.Number(123),
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelensgroup-and.html

type CfnStorageLensGroup_FilterProperty added in v2.109.0

type CfnStorageLensGroup_FilterProperty struct {
	// This property contains the `And` logical operator, which allows multiple filter conditions to be joined for more complex comparisons of Storage Lens group data.
	//
	// Objects must match all of the listed filter conditions that are joined by the `And` logical operator. Only one of each filter condition is allowed.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelensgroup-filter.html#cfn-s3-storagelensgroup-filter-and
	//
	And interface{} `field:"optional" json:"and" yaml:"and"`
	// This property contains a list of prefixes.
	//
	// At least one prefix must be specified. Up to 10 prefixes are allowed.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelensgroup-filter.html#cfn-s3-storagelensgroup-filter-matchanyprefix
	//
	MatchAnyPrefix *[]*string `field:"optional" json:"matchAnyPrefix" yaml:"matchAnyPrefix"`
	// This property contains a list of suffixes.
	//
	// At least one suffix must be specified. Up to 10 suffixes are allowed.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelensgroup-filter.html#cfn-s3-storagelensgroup-filter-matchanysuffix
	//
	MatchAnySuffix *[]*string `field:"optional" json:"matchAnySuffix" yaml:"matchAnySuffix"`
	// This property contains the list of S3 object tags.
	//
	// At least one object tag must be specified. Up to 10 object tags are allowed.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelensgroup-filter.html#cfn-s3-storagelensgroup-filter-matchanytag
	//
	MatchAnyTag interface{} `field:"optional" json:"matchAnyTag" yaml:"matchAnyTag"`
	// This property contains `DaysGreaterThan` and `DaysLessThan` to define the object age range (minimum and maximum number of days).
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelensgroup-filter.html#cfn-s3-storagelensgroup-filter-matchobjectage
	//
	MatchObjectAge interface{} `field:"optional" json:"matchObjectAge" yaml:"matchObjectAge"`
	// This property contains `BytesGreaterThan` and `BytesLessThan` to define the object size range (minimum and maximum number of Bytes).
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelensgroup-filter.html#cfn-s3-storagelensgroup-filter-matchobjectsize
	//
	MatchObjectSize interface{} `field:"optional" json:"matchObjectSize" yaml:"matchObjectSize"`
	// This property contains the `Or` logical operator, which allows multiple filter conditions to be joined.
	//
	// Objects can match any of the listed filter conditions, which are joined by the `Or` logical operator. Only one of each filter condition is allowed.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelensgroup-filter.html#cfn-s3-storagelensgroup-filter-or
	//
	Or interface{} `field:"optional" json:"or" yaml:"or"`
}

This resource sets the criteria for the Storage Lens group data that is displayed.

For multiple filter conditions, the `AND` or `OR` logical operator is used.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

filterProperty := &FilterProperty{
	And: &AndProperty{
		MatchAnyPrefix: []*string{
			jsii.String("matchAnyPrefix"),
		},
		MatchAnySuffix: []*string{
			jsii.String("matchAnySuffix"),
		},
		MatchAnyTag: []interface{}{
			&CfnTag{
				Key: jsii.String("key"),
				Value: jsii.String("value"),
			},
		},
		MatchObjectAge: &MatchObjectAgeProperty{
			DaysGreaterThan: jsii.Number(123),
			DaysLessThan: jsii.Number(123),
		},
		MatchObjectSize: &MatchObjectSizeProperty{
			BytesGreaterThan: jsii.Number(123),
			BytesLessThan: jsii.Number(123),
		},
	},
	MatchAnyPrefix: []*string{
		jsii.String("matchAnyPrefix"),
	},
	MatchAnySuffix: []*string{
		jsii.String("matchAnySuffix"),
	},
	MatchAnyTag: []interface{}{
		&CfnTag{
			Key: jsii.String("key"),
			Value: jsii.String("value"),
		},
	},
	MatchObjectAge: &MatchObjectAgeProperty{
		DaysGreaterThan: jsii.Number(123),
		DaysLessThan: jsii.Number(123),
	},
	MatchObjectSize: &MatchObjectSizeProperty{
		BytesGreaterThan: jsii.Number(123),
		BytesLessThan: jsii.Number(123),
	},
	Or: &OrProperty{
		MatchAnyPrefix: []*string{
			jsii.String("matchAnyPrefix"),
		},
		MatchAnySuffix: []*string{
			jsii.String("matchAnySuffix"),
		},
		MatchAnyTag: []interface{}{
			&CfnTag{
				Key: jsii.String("key"),
				Value: jsii.String("value"),
			},
		},
		MatchObjectAge: &MatchObjectAgeProperty{
			DaysGreaterThan: jsii.Number(123),
			DaysLessThan: jsii.Number(123),
		},
		MatchObjectSize: &MatchObjectSizeProperty{
			BytesGreaterThan: jsii.Number(123),
			BytesLessThan: jsii.Number(123),
		},
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelensgroup-filter.html

type CfnStorageLensGroup_MatchObjectAgeProperty added in v2.109.0

type CfnStorageLensGroup_MatchObjectAgeProperty struct {
	// This property indicates the minimum object age in days.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelensgroup-matchobjectage.html#cfn-s3-storagelensgroup-matchobjectage-daysgreaterthan
	//
	DaysGreaterThan *float64 `field:"optional" json:"daysGreaterThan" yaml:"daysGreaterThan"`
	// This property indicates the maximum object age in days.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelensgroup-matchobjectage.html#cfn-s3-storagelensgroup-matchobjectage-dayslessthan
	//
	DaysLessThan *float64 `field:"optional" json:"daysLessThan" yaml:"daysLessThan"`
}

This resource contains `DaysGreaterThan` and `DaysLessThan` to define the object age range (minimum and maximum number of days).

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

matchObjectAgeProperty := &MatchObjectAgeProperty{
	DaysGreaterThan: jsii.Number(123),
	DaysLessThan: jsii.Number(123),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelensgroup-matchobjectage.html

type CfnStorageLensGroup_MatchObjectSizeProperty added in v2.109.0

type CfnStorageLensGroup_MatchObjectSizeProperty struct {
	// This property specifies the minimum object size in bytes.
	//
	// The value must be a positive number, greater than 0 and less than 5 TB.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelensgroup-matchobjectsize.html#cfn-s3-storagelensgroup-matchobjectsize-bytesgreaterthan
	//
	BytesGreaterThan *float64 `field:"optional" json:"bytesGreaterThan" yaml:"bytesGreaterThan"`
	// This property specifies the maximum object size in bytes.
	//
	// The value must be a positive number, greater than the minimum object size and less than 5 TB.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelensgroup-matchobjectsize.html#cfn-s3-storagelensgroup-matchobjectsize-byteslessthan
	//
	BytesLessThan *float64 `field:"optional" json:"bytesLessThan" yaml:"bytesLessThan"`
}

This resource filters objects that match the specified object size range.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

matchObjectSizeProperty := &MatchObjectSizeProperty{
	BytesGreaterThan: jsii.Number(123),
	BytesLessThan: jsii.Number(123),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelensgroup-matchobjectsize.html

type CfnStorageLensGroup_OrProperty added in v2.109.0

type CfnStorageLensGroup_OrProperty struct {
	// This property contains a list of prefixes.
	//
	// At least one prefix must be specified. Up to 10 prefixes are allowed.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelensgroup-or.html#cfn-s3-storagelensgroup-or-matchanyprefix
	//
	MatchAnyPrefix *[]*string `field:"optional" json:"matchAnyPrefix" yaml:"matchAnyPrefix"`
	// This property contains the list of suffixes.
	//
	// At least one suffix must be specified. Up to 10 suffixes are allowed.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelensgroup-or.html#cfn-s3-storagelensgroup-or-matchanysuffix
	//
	MatchAnySuffix *[]*string `field:"optional" json:"matchAnySuffix" yaml:"matchAnySuffix"`
	// This property contains the list of S3 object tags.
	//
	// At least one object tag must be specified. Up to 10 object tags are allowed.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelensgroup-or.html#cfn-s3-storagelensgroup-or-matchanytag
	//
	MatchAnyTag interface{} `field:"optional" json:"matchAnyTag" yaml:"matchAnyTag"`
	// This property filters objects that match the specified object age range.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelensgroup-or.html#cfn-s3-storagelensgroup-or-matchobjectage
	//
	MatchObjectAge interface{} `field:"optional" json:"matchObjectAge" yaml:"matchObjectAge"`
	// This property contains the `BytesGreaterThan` and `BytesLessThan` values to define the object size range (minimum and maximum number of Bytes).
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelensgroup-or.html#cfn-s3-storagelensgroup-or-matchobjectsize
	//
	MatchObjectSize interface{} `field:"optional" json:"matchObjectSize" yaml:"matchObjectSize"`
}

This resource contains the `Or` logical operator, which allows multiple filter conditions to be joined for more complex comparisons of Storage Lens group data.

Objects can match any of the listed filter conditions that are joined by the `Or` logical operator. Only one of each filter condition is allowed.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

orProperty := &OrProperty{
	MatchAnyPrefix: []*string{
		jsii.String("matchAnyPrefix"),
	},
	MatchAnySuffix: []*string{
		jsii.String("matchAnySuffix"),
	},
	MatchAnyTag: []interface{}{
		&CfnTag{
			Key: jsii.String("key"),
			Value: jsii.String("value"),
		},
	},
	MatchObjectAge: &MatchObjectAgeProperty{
		DaysGreaterThan: jsii.Number(123),
		DaysLessThan: jsii.Number(123),
	},
	MatchObjectSize: &MatchObjectSizeProperty{
		BytesGreaterThan: jsii.Number(123),
		BytesLessThan: jsii.Number(123),
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelensgroup-or.html

type CfnStorageLensProps

type CfnStorageLensProps struct {
	// This resource contains the details Amazon S3 Storage Lens configuration.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-storagelens.html#cfn-s3-storagelens-storagelensconfiguration
	//
	StorageLensConfiguration interface{} `field:"required" json:"storageLensConfiguration" yaml:"storageLensConfiguration"`
	// A set of tags (key–value pairs) to associate with the Storage Lens configuration.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-storagelens.html#cfn-s3-storagelens-tags
	//
	Tags *[]*awscdk.CfnTag `field:"optional" json:"tags" yaml:"tags"`
}

Properties for defining a `CfnStorageLens`.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var sses3 interface{}

cfnStorageLensProps := &CfnStorageLensProps{
	StorageLensConfiguration: &StorageLensConfigurationProperty{
		AccountLevel: &AccountLevelProperty{
			BucketLevel: &BucketLevelProperty{
				ActivityMetrics: &ActivityMetricsProperty{
					IsEnabled: jsii.Boolean(false),
				},
				AdvancedCostOptimizationMetrics: &AdvancedCostOptimizationMetricsProperty{
					IsEnabled: jsii.Boolean(false),
				},
				AdvancedDataProtectionMetrics: &AdvancedDataProtectionMetricsProperty{
					IsEnabled: jsii.Boolean(false),
				},
				DetailedStatusCodesMetrics: &DetailedStatusCodesMetricsProperty{
					IsEnabled: jsii.Boolean(false),
				},
				PrefixLevel: &PrefixLevelProperty{
					StorageMetrics: &PrefixLevelStorageMetricsProperty{
						IsEnabled: jsii.Boolean(false),
						SelectionCriteria: &SelectionCriteriaProperty{
							Delimiter: jsii.String("delimiter"),
							MaxDepth: jsii.Number(123),
							MinStorageBytesPercentage: jsii.Number(123),
						},
					},
				},
			},

			// the properties below are optional
			ActivityMetrics: &ActivityMetricsProperty{
				IsEnabled: jsii.Boolean(false),
			},
			AdvancedCostOptimizationMetrics: &AdvancedCostOptimizationMetricsProperty{
				IsEnabled: jsii.Boolean(false),
			},
			AdvancedDataProtectionMetrics: &AdvancedDataProtectionMetricsProperty{
				IsEnabled: jsii.Boolean(false),
			},
			DetailedStatusCodesMetrics: &DetailedStatusCodesMetricsProperty{
				IsEnabled: jsii.Boolean(false),
			},
			StorageLensGroupLevel: &StorageLensGroupLevelProperty{
				StorageLensGroupSelectionCriteria: &StorageLensGroupSelectionCriteriaProperty{
					Exclude: []*string{
						jsii.String("exclude"),
					},
					Include: []*string{
						jsii.String("include"),
					},
				},
			},
		},
		Id: jsii.String("id"),
		IsEnabled: jsii.Boolean(false),

		// the properties below are optional
		AwsOrg: &AwsOrgProperty{
			Arn: jsii.String("arn"),
		},
		DataExport: &DataExportProperty{
			CloudWatchMetrics: &CloudWatchMetricsProperty{
				IsEnabled: jsii.Boolean(false),
			},
			S3BucketDestination: &S3BucketDestinationProperty{
				AccountId: jsii.String("accountId"),
				Arn: jsii.String("arn"),
				Format: jsii.String("format"),
				OutputSchemaVersion: jsii.String("outputSchemaVersion"),

				// the properties below are optional
				Encryption: &EncryptionProperty{
					Ssekms: &SSEKMSProperty{
						KeyId: jsii.String("keyId"),
					},
					Sses3: sses3,
				},
				Prefix: jsii.String("prefix"),
			},
		},
		Exclude: &BucketsAndRegionsProperty{
			Buckets: []*string{
				jsii.String("buckets"),
			},
			Regions: []*string{
				jsii.String("regions"),
			},
		},
		Include: &BucketsAndRegionsProperty{
			Buckets: []*string{
				jsii.String("buckets"),
			},
			Regions: []*string{
				jsii.String("regions"),
			},
		},
		StorageLensArn: jsii.String("storageLensArn"),
	},

	// the properties below are optional
	Tags: []cfnTag{
		&cfnTag{
			Key: jsii.String("key"),
			Value: jsii.String("value"),
		},
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-storagelens.html

type CfnStorageLens_AccountLevelProperty

type CfnStorageLens_AccountLevelProperty struct {
	// This property contains the details of the account-level bucket-level configurations for Amazon S3 Storage Lens.
	//
	// To enable bucket-level configurations, make sure to also set the same metrics at the account level.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-accountlevel.html#cfn-s3-storagelens-accountlevel-bucketlevel
	//
	BucketLevel interface{} `field:"required" json:"bucketLevel" yaml:"bucketLevel"`
	// This property contains the details of account-level activity metrics for S3 Storage Lens.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-accountlevel.html#cfn-s3-storagelens-accountlevel-activitymetrics
	//
	ActivityMetrics interface{} `field:"optional" json:"activityMetrics" yaml:"activityMetrics"`
	// This property contains the details of account-level advanced cost optimization metrics for S3 Storage Lens.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-accountlevel.html#cfn-s3-storagelens-accountlevel-advancedcostoptimizationmetrics
	//
	AdvancedCostOptimizationMetrics interface{} `field:"optional" json:"advancedCostOptimizationMetrics" yaml:"advancedCostOptimizationMetrics"`
	// This property contains the details of account-level advanced data protection metrics for S3 Storage Lens.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-accountlevel.html#cfn-s3-storagelens-accountlevel-advanceddataprotectionmetrics
	//
	AdvancedDataProtectionMetrics interface{} `field:"optional" json:"advancedDataProtectionMetrics" yaml:"advancedDataProtectionMetrics"`
	// This property contains the details of account-level detailed status code metrics for S3 Storage Lens.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-accountlevel.html#cfn-s3-storagelens-accountlevel-detailedstatuscodesmetrics
	//
	DetailedStatusCodesMetrics interface{} `field:"optional" json:"detailedStatusCodesMetrics" yaml:"detailedStatusCodesMetrics"`
	// This property determines the scope of Storage Lens group data that is displayed in the Storage Lens dashboard.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-accountlevel.html#cfn-s3-storagelens-accountlevel-storagelensgrouplevel
	//
	StorageLensGroupLevel interface{} `field:"optional" json:"storageLensGroupLevel" yaml:"storageLensGroupLevel"`
}

This resource contains the details of the account-level metrics for Amazon S3 Storage Lens.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

accountLevelProperty := &AccountLevelProperty{
	BucketLevel: &BucketLevelProperty{
		ActivityMetrics: &ActivityMetricsProperty{
			IsEnabled: jsii.Boolean(false),
		},
		AdvancedCostOptimizationMetrics: &AdvancedCostOptimizationMetricsProperty{
			IsEnabled: jsii.Boolean(false),
		},
		AdvancedDataProtectionMetrics: &AdvancedDataProtectionMetricsProperty{
			IsEnabled: jsii.Boolean(false),
		},
		DetailedStatusCodesMetrics: &DetailedStatusCodesMetricsProperty{
			IsEnabled: jsii.Boolean(false),
		},
		PrefixLevel: &PrefixLevelProperty{
			StorageMetrics: &PrefixLevelStorageMetricsProperty{
				IsEnabled: jsii.Boolean(false),
				SelectionCriteria: &SelectionCriteriaProperty{
					Delimiter: jsii.String("delimiter"),
					MaxDepth: jsii.Number(123),
					MinStorageBytesPercentage: jsii.Number(123),
				},
			},
		},
	},

	// the properties below are optional
	ActivityMetrics: &ActivityMetricsProperty{
		IsEnabled: jsii.Boolean(false),
	},
	AdvancedCostOptimizationMetrics: &AdvancedCostOptimizationMetricsProperty{
		IsEnabled: jsii.Boolean(false),
	},
	AdvancedDataProtectionMetrics: &AdvancedDataProtectionMetricsProperty{
		IsEnabled: jsii.Boolean(false),
	},
	DetailedStatusCodesMetrics: &DetailedStatusCodesMetricsProperty{
		IsEnabled: jsii.Boolean(false),
	},
	StorageLensGroupLevel: &StorageLensGroupLevelProperty{
		StorageLensGroupSelectionCriteria: &StorageLensGroupSelectionCriteriaProperty{
			Exclude: []*string{
				jsii.String("exclude"),
			},
			Include: []*string{
				jsii.String("include"),
			},
		},
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-accountlevel.html

type CfnStorageLens_ActivityMetricsProperty

type CfnStorageLens_ActivityMetricsProperty struct {
	// A property that indicates whether the activity metrics is enabled.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-activitymetrics.html#cfn-s3-storagelens-activitymetrics-isenabled
	//
	IsEnabled interface{} `field:"optional" json:"isEnabled" yaml:"isEnabled"`
}

This resource enables Amazon S3 Storage Lens activity metrics.

Activity metrics show details about how your storage is requested, such as requests (for example, All requests, Get requests, Put requests), bytes uploaded or downloaded, and errors.

For more information, see [Assessing your storage activity and usage with S3 Storage Lens](https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage_lens.html) in the *Amazon S3 User Guide* . For a complete list of metrics, see [S3 Storage Lens metrics glossary](https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage_lens_metrics_glossary.html) in the *Amazon S3 User Guide* .

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

activityMetricsProperty := &ActivityMetricsProperty{
	IsEnabled: jsii.Boolean(false),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-activitymetrics.html

type CfnStorageLens_AdvancedCostOptimizationMetricsProperty added in v2.54.0

type CfnStorageLens_AdvancedCostOptimizationMetricsProperty struct {
	// Indicates whether advanced cost optimization metrics are enabled.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-advancedcostoptimizationmetrics.html#cfn-s3-storagelens-advancedcostoptimizationmetrics-isenabled
	//
	IsEnabled interface{} `field:"optional" json:"isEnabled" yaml:"isEnabled"`
}

This resource enables Amazon S3 Storage Lens advanced cost optimization metrics.

Advanced cost optimization metrics provide insights that you can use to manage and optimize your storage costs, for example, lifecycle rule counts for transitions, expirations, and incomplete multipart uploads.

For more information, see [Assessing your storage activity and usage with S3 Storage Lens](https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage_lens.html) in the *Amazon S3 User Guide* . For a complete list of metrics, see [S3 Storage Lens metrics glossary](https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage_lens_metrics_glossary.html) in the *Amazon S3 User Guide* .

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

advancedCostOptimizationMetricsProperty := &AdvancedCostOptimizationMetricsProperty{
	IsEnabled: jsii.Boolean(false),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-advancedcostoptimizationmetrics.html

type CfnStorageLens_AdvancedDataProtectionMetricsProperty added in v2.54.0

type CfnStorageLens_AdvancedDataProtectionMetricsProperty struct {
	// Indicates whether advanced data protection metrics are enabled.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-advanceddataprotectionmetrics.html#cfn-s3-storagelens-advanceddataprotectionmetrics-isenabled
	//
	IsEnabled interface{} `field:"optional" json:"isEnabled" yaml:"isEnabled"`
}

This resource enables Amazon S3 Storage Lens advanced data protection metrics.

Advanced data protection metrics provide insights that you can use to perform audits and protect your data, for example replication rule counts within and across Regions.

For more information, see [Assessing your storage activity and usage with S3 Storage Lens](https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage_lens.html) in the *Amazon S3 User Guide* . For a complete list of metrics, see [S3 Storage Lens metrics glossary](https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage_lens_metrics_glossary.html) in the *Amazon S3 User Guide* .

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

advancedDataProtectionMetricsProperty := &AdvancedDataProtectionMetricsProperty{
	IsEnabled: jsii.Boolean(false),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-advanceddataprotectionmetrics.html

type CfnStorageLens_AwsOrgProperty

type CfnStorageLens_AwsOrgProperty struct {
	// This resource contains the ARN of the AWS Organization.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-awsorg.html#cfn-s3-storagelens-awsorg-arn
	//
	Arn *string `field:"required" json:"arn" yaml:"arn"`
}

This resource contains the details of the AWS Organization for Amazon S3 Storage Lens.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

awsOrgProperty := &AwsOrgProperty{
	Arn: jsii.String("arn"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-awsorg.html

type CfnStorageLens_BucketLevelProperty

type CfnStorageLens_BucketLevelProperty struct {
	// A property for bucket-level activity metrics for S3 Storage Lens.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-bucketlevel.html#cfn-s3-storagelens-bucketlevel-activitymetrics
	//
	ActivityMetrics interface{} `field:"optional" json:"activityMetrics" yaml:"activityMetrics"`
	// A property for bucket-level advanced cost optimization metrics for S3 Storage Lens.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-bucketlevel.html#cfn-s3-storagelens-bucketlevel-advancedcostoptimizationmetrics
	//
	AdvancedCostOptimizationMetrics interface{} `field:"optional" json:"advancedCostOptimizationMetrics" yaml:"advancedCostOptimizationMetrics"`
	// A property for bucket-level advanced data protection metrics for S3 Storage Lens.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-bucketlevel.html#cfn-s3-storagelens-bucketlevel-advanceddataprotectionmetrics
	//
	AdvancedDataProtectionMetrics interface{} `field:"optional" json:"advancedDataProtectionMetrics" yaml:"advancedDataProtectionMetrics"`
	// A property for bucket-level detailed status code metrics for S3 Storage Lens.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-bucketlevel.html#cfn-s3-storagelens-bucketlevel-detailedstatuscodesmetrics
	//
	DetailedStatusCodesMetrics interface{} `field:"optional" json:"detailedStatusCodesMetrics" yaml:"detailedStatusCodesMetrics"`
	// A property for bucket-level prefix-level storage metrics for S3 Storage Lens.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-bucketlevel.html#cfn-s3-storagelens-bucketlevel-prefixlevel
	//
	PrefixLevel interface{} `field:"optional" json:"prefixLevel" yaml:"prefixLevel"`
}

A property for the bucket-level storage metrics for Amazon S3 Storage Lens.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

bucketLevelProperty := &BucketLevelProperty{
	ActivityMetrics: &ActivityMetricsProperty{
		IsEnabled: jsii.Boolean(false),
	},
	AdvancedCostOptimizationMetrics: &AdvancedCostOptimizationMetricsProperty{
		IsEnabled: jsii.Boolean(false),
	},
	AdvancedDataProtectionMetrics: &AdvancedDataProtectionMetricsProperty{
		IsEnabled: jsii.Boolean(false),
	},
	DetailedStatusCodesMetrics: &DetailedStatusCodesMetricsProperty{
		IsEnabled: jsii.Boolean(false),
	},
	PrefixLevel: &PrefixLevelProperty{
		StorageMetrics: &PrefixLevelStorageMetricsProperty{
			IsEnabled: jsii.Boolean(false),
			SelectionCriteria: &SelectionCriteriaProperty{
				Delimiter: jsii.String("delimiter"),
				MaxDepth: jsii.Number(123),
				MinStorageBytesPercentage: jsii.Number(123),
			},
		},
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-bucketlevel.html

type CfnStorageLens_BucketsAndRegionsProperty

type CfnStorageLens_BucketsAndRegionsProperty struct {
	// This property contains the details of the buckets for the Amazon S3 Storage Lens configuration.
	//
	// This should be the bucket Amazon Resource Name(ARN). For valid values, see [Buckets ARN format here](https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_Include.html#API_control_Include_Contents) in the *Amazon S3 API Reference* .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-bucketsandregions.html#cfn-s3-storagelens-bucketsandregions-buckets
	//
	Buckets *[]*string `field:"optional" json:"buckets" yaml:"buckets"`
	// This property contains the details of the Regions for the S3 Storage Lens configuration.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-bucketsandregions.html#cfn-s3-storagelens-bucketsandregions-regions
	//
	Regions *[]*string `field:"optional" json:"regions" yaml:"regions"`
}

This resource contains the details of the buckets and Regions for the Amazon S3 Storage Lens configuration.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

bucketsAndRegionsProperty := &BucketsAndRegionsProperty{
	Buckets: []*string{
		jsii.String("buckets"),
	},
	Regions: []*string{
		jsii.String("regions"),
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-bucketsandregions.html

type CfnStorageLens_CloudWatchMetricsProperty added in v2.2.0

type CfnStorageLens_CloudWatchMetricsProperty struct {
	// This property identifies whether the CloudWatch publishing option for S3 Storage Lens is enabled.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-cloudwatchmetrics.html#cfn-s3-storagelens-cloudwatchmetrics-isenabled
	//
	IsEnabled interface{} `field:"required" json:"isEnabled" yaml:"isEnabled"`
}

This resource enables the Amazon CloudWatch publishing option for Amazon S3 Storage Lens metrics.

For more information, see [Monitor S3 Storage Lens metrics in CloudWatch](https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage_lens_view_metrics_cloudwatch.html) in the *Amazon S3 User Guide* .

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cloudWatchMetricsProperty := &CloudWatchMetricsProperty{
	IsEnabled: jsii.Boolean(false),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-cloudwatchmetrics.html

type CfnStorageLens_DataExportProperty

type CfnStorageLens_DataExportProperty struct {
	// This property enables the Amazon CloudWatch publishing option for S3 Storage Lens metrics.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-dataexport.html#cfn-s3-storagelens-dataexport-cloudwatchmetrics
	//
	CloudWatchMetrics interface{} `field:"optional" json:"cloudWatchMetrics" yaml:"cloudWatchMetrics"`
	// This property contains the details of the bucket where the S3 Storage Lens metrics export will be placed.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-dataexport.html#cfn-s3-storagelens-dataexport-s3bucketdestination
	//
	S3BucketDestination interface{} `field:"optional" json:"s3BucketDestination" yaml:"s3BucketDestination"`
}

This resource contains the details of the Amazon S3 Storage Lens metrics export.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var sses3 interface{}

dataExportProperty := &DataExportProperty{
	CloudWatchMetrics: &CloudWatchMetricsProperty{
		IsEnabled: jsii.Boolean(false),
	},
	S3BucketDestination: &S3BucketDestinationProperty{
		AccountId: jsii.String("accountId"),
		Arn: jsii.String("arn"),
		Format: jsii.String("format"),
		OutputSchemaVersion: jsii.String("outputSchemaVersion"),

		// the properties below are optional
		Encryption: &EncryptionProperty{
			Ssekms: &SSEKMSProperty{
				KeyId: jsii.String("keyId"),
			},
			Sses3: sses3,
		},
		Prefix: jsii.String("prefix"),
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-dataexport.html

type CfnStorageLens_DetailedStatusCodesMetricsProperty added in v2.54.0

type CfnStorageLens_DetailedStatusCodesMetricsProperty struct {
	// Indicates whether detailed status code metrics are enabled.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-detailedstatuscodesmetrics.html#cfn-s3-storagelens-detailedstatuscodesmetrics-isenabled
	//
	IsEnabled interface{} `field:"optional" json:"isEnabled" yaml:"isEnabled"`
}

This resource enables Amazon S3 Storage Lens detailed status code metrics.

Detailed status code metrics generate metrics for HTTP status codes, such as `200 OK` , `403 Forbidden` , `503 Service Unavailable` and others.

For more information, see [Assessing your storage activity and usage with S3 Storage Lens](https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage_lens.html) in the *Amazon S3 User Guide* . For a complete list of metrics, see [S3 Storage Lens metrics glossary](https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage_lens_metrics_glossary.html) in the *Amazon S3 User Guide* .

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

detailedStatusCodesMetricsProperty := &DetailedStatusCodesMetricsProperty{
	IsEnabled: jsii.Boolean(false),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-detailedstatuscodesmetrics.html

type CfnStorageLens_EncryptionProperty

type CfnStorageLens_EncryptionProperty struct {
	// Specifies the use of AWS Key Management Service keys (SSE-KMS) to encrypt the S3 Storage Lens metrics export file.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-encryption.html#cfn-s3-storagelens-encryption-ssekms
	//
	Ssekms interface{} `field:"optional" json:"ssekms" yaml:"ssekms"`
	// Specifies the use of an Amazon S3-managed key (SSE-S3) to encrypt the S3 Storage Lens metrics export file.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-encryption.html#cfn-s3-storagelens-encryption-sses3
	//
	Sses3 interface{} `field:"optional" json:"sses3" yaml:"sses3"`
}

This resource contains the type of server-side encryption used to encrypt an Amazon S3 Storage Lens metrics export.

For valid values, see the [StorageLensDataExportEncryption](https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_StorageLensDataExportEncryption.html) in the *Amazon S3 API Reference* .

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var sses3 interface{}

encryptionProperty := &EncryptionProperty{
	Ssekms: &SSEKMSProperty{
		KeyId: jsii.String("keyId"),
	},
	Sses3: sses3,
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-encryption.html

type CfnStorageLens_PrefixLevelProperty

type CfnStorageLens_PrefixLevelProperty struct {
	// A property for the prefix-level storage metrics for Amazon S3 Storage Lens.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-prefixlevel.html#cfn-s3-storagelens-prefixlevel-storagemetrics
	//
	StorageMetrics interface{} `field:"required" json:"storageMetrics" yaml:"storageMetrics"`
}

This resource contains the details of the prefix-level of the Amazon S3 Storage Lens.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

prefixLevelProperty := &PrefixLevelProperty{
	StorageMetrics: &PrefixLevelStorageMetricsProperty{
		IsEnabled: jsii.Boolean(false),
		SelectionCriteria: &SelectionCriteriaProperty{
			Delimiter: jsii.String("delimiter"),
			MaxDepth: jsii.Number(123),
			MinStorageBytesPercentage: jsii.Number(123),
		},
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-prefixlevel.html

type CfnStorageLens_PrefixLevelStorageMetricsProperty

type CfnStorageLens_PrefixLevelStorageMetricsProperty struct {
	// This property identifies whether the details of the prefix-level storage metrics for S3 Storage Lens are enabled.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-prefixlevelstoragemetrics.html#cfn-s3-storagelens-prefixlevelstoragemetrics-isenabled
	//
	IsEnabled interface{} `field:"optional" json:"isEnabled" yaml:"isEnabled"`
	// This property identifies whether the details of the prefix-level storage metrics for S3 Storage Lens are enabled.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-prefixlevelstoragemetrics.html#cfn-s3-storagelens-prefixlevelstoragemetrics-selectioncriteria
	//
	SelectionCriteria interface{} `field:"optional" json:"selectionCriteria" yaml:"selectionCriteria"`
}

This resource contains the details of the prefix-level storage metrics for Amazon S3 Storage Lens.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

prefixLevelStorageMetricsProperty := &PrefixLevelStorageMetricsProperty{
	IsEnabled: jsii.Boolean(false),
	SelectionCriteria: &SelectionCriteriaProperty{
		Delimiter: jsii.String("delimiter"),
		MaxDepth: jsii.Number(123),
		MinStorageBytesPercentage: jsii.Number(123),
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-prefixlevelstoragemetrics.html

type CfnStorageLens_S3BucketDestinationProperty

type CfnStorageLens_S3BucketDestinationProperty struct {
	// This property contains the details of the AWS account ID of the S3 Storage Lens export bucket destination.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-s3bucketdestination.html#cfn-s3-storagelens-s3bucketdestination-accountid
	//
	AccountId *string `field:"required" json:"accountId" yaml:"accountId"`
	// This property contains the details of the ARN of the bucket destination of the S3 Storage Lens export.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-s3bucketdestination.html#cfn-s3-storagelens-s3bucketdestination-arn
	//
	Arn *string `field:"required" json:"arn" yaml:"arn"`
	// This property contains the details of the format of the S3 Storage Lens export bucket destination.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-s3bucketdestination.html#cfn-s3-storagelens-s3bucketdestination-format
	//
	Format *string `field:"required" json:"format" yaml:"format"`
	// This property contains the details of the output schema version of the S3 Storage Lens export bucket destination.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-s3bucketdestination.html#cfn-s3-storagelens-s3bucketdestination-outputschemaversion
	//
	OutputSchemaVersion *string `field:"required" json:"outputSchemaVersion" yaml:"outputSchemaVersion"`
	// This property contains the details of the encryption of the bucket destination of the Amazon S3 Storage Lens metrics export.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-s3bucketdestination.html#cfn-s3-storagelens-s3bucketdestination-encryption
	//
	Encryption interface{} `field:"optional" json:"encryption" yaml:"encryption"`
	// This property contains the details of the prefix of the bucket destination of the S3 Storage Lens export .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-s3bucketdestination.html#cfn-s3-storagelens-s3bucketdestination-prefix
	//
	Prefix *string `field:"optional" json:"prefix" yaml:"prefix"`
}

This resource contains the details of the bucket where the Amazon S3 Storage Lens metrics export will be placed.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var sses3 interface{}

s3BucketDestinationProperty := &S3BucketDestinationProperty{
	AccountId: jsii.String("accountId"),
	Arn: jsii.String("arn"),
	Format: jsii.String("format"),
	OutputSchemaVersion: jsii.String("outputSchemaVersion"),

	// the properties below are optional
	Encryption: &EncryptionProperty{
		Ssekms: &SSEKMSProperty{
			KeyId: jsii.String("keyId"),
		},
		Sses3: sses3,
	},
	Prefix: jsii.String("prefix"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-s3bucketdestination.html

type CfnStorageLens_SSEKMSProperty added in v2.45.0

type CfnStorageLens_SSEKMSProperty struct {
	// Specifies the Amazon Resource Name (ARN) of the customer managed AWS KMS key to use for encrypting the S3 Storage Lens metrics export file.
	//
	// Amazon S3 only supports symmetric encryption keys. For more information, see [Special-purpose keys](https://docs.aws.amazon.com/kms/latest/developerguide/key-types.html) in the *AWS Key Management Service Developer Guide* .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-ssekms.html#cfn-s3-storagelens-ssekms-keyid
	//
	KeyId *string `field:"required" json:"keyId" yaml:"keyId"`
}

Specifies the use of server-side encryption using an AWS Key Management Service key (SSE-KMS) to encrypt the delivered S3 Storage Lens metrics export file.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

sSEKMSProperty := &SSEKMSProperty{
	KeyId: jsii.String("keyId"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-ssekms.html

type CfnStorageLens_SelectionCriteriaProperty

type CfnStorageLens_SelectionCriteriaProperty struct {
	// This property contains the details of the S3 Storage Lens delimiter being used.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-selectioncriteria.html#cfn-s3-storagelens-selectioncriteria-delimiter
	//
	Delimiter *string `field:"optional" json:"delimiter" yaml:"delimiter"`
	// This property contains the details of the max depth that S3 Storage Lens will collect metrics up to.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-selectioncriteria.html#cfn-s3-storagelens-selectioncriteria-maxdepth
	//
	MaxDepth *float64 `field:"optional" json:"maxDepth" yaml:"maxDepth"`
	// This property contains the details of the minimum storage bytes percentage threshold that S3 Storage Lens will collect metrics up to.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-selectioncriteria.html#cfn-s3-storagelens-selectioncriteria-minstoragebytespercentage
	//
	MinStorageBytesPercentage *float64 `field:"optional" json:"minStorageBytesPercentage" yaml:"minStorageBytesPercentage"`
}

This resource contains the details of the Amazon S3 Storage Lens selection criteria.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

selectionCriteriaProperty := &SelectionCriteriaProperty{
	Delimiter: jsii.String("delimiter"),
	MaxDepth: jsii.Number(123),
	MinStorageBytesPercentage: jsii.Number(123),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-selectioncriteria.html

type CfnStorageLens_StorageLensConfigurationProperty

type CfnStorageLens_StorageLensConfigurationProperty struct {
	// This property contains the details of the account-level metrics for Amazon S3 Storage Lens configuration.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-storagelensconfiguration.html#cfn-s3-storagelens-storagelensconfiguration-accountlevel
	//
	AccountLevel interface{} `field:"required" json:"accountLevel" yaml:"accountLevel"`
	// This property contains the details of the ID of the S3 Storage Lens configuration.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-storagelensconfiguration.html#cfn-s3-storagelens-storagelensconfiguration-id
	//
	Id *string `field:"required" json:"id" yaml:"id"`
	// This property contains the details of whether the Amazon S3 Storage Lens configuration is enabled.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-storagelensconfiguration.html#cfn-s3-storagelens-storagelensconfiguration-isenabled
	//
	IsEnabled interface{} `field:"required" json:"isEnabled" yaml:"isEnabled"`
	// This property contains the details of the AWS Organization for the S3 Storage Lens configuration.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-storagelensconfiguration.html#cfn-s3-storagelens-storagelensconfiguration-awsorg
	//
	AwsOrg interface{} `field:"optional" json:"awsOrg" yaml:"awsOrg"`
	// This property contains the details of this S3 Storage Lens configuration's metrics export.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-storagelensconfiguration.html#cfn-s3-storagelens-storagelensconfiguration-dataexport
	//
	DataExport interface{} `field:"optional" json:"dataExport" yaml:"dataExport"`
	// This property contains the details of the bucket and or Regions excluded for Amazon S3 Storage Lens configuration.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-storagelensconfiguration.html#cfn-s3-storagelens-storagelensconfiguration-exclude
	//
	Exclude interface{} `field:"optional" json:"exclude" yaml:"exclude"`
	// This property contains the details of the bucket and or Regions included for Amazon S3 Storage Lens configuration.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-storagelensconfiguration.html#cfn-s3-storagelens-storagelensconfiguration-include
	//
	Include interface{} `field:"optional" json:"include" yaml:"include"`
	// This property contains the details of the ARN of the S3 Storage Lens configuration.
	//
	// This property is read-only.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-storagelensconfiguration.html#cfn-s3-storagelens-storagelensconfiguration-storagelensarn
	//
	StorageLensArn *string `field:"optional" json:"storageLensArn" yaml:"storageLensArn"`
}

This is the property of the Amazon S3 Storage Lens configuration.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var sses3 interface{}

storageLensConfigurationProperty := &StorageLensConfigurationProperty{
	AccountLevel: &AccountLevelProperty{
		BucketLevel: &BucketLevelProperty{
			ActivityMetrics: &ActivityMetricsProperty{
				IsEnabled: jsii.Boolean(false),
			},
			AdvancedCostOptimizationMetrics: &AdvancedCostOptimizationMetricsProperty{
				IsEnabled: jsii.Boolean(false),
			},
			AdvancedDataProtectionMetrics: &AdvancedDataProtectionMetricsProperty{
				IsEnabled: jsii.Boolean(false),
			},
			DetailedStatusCodesMetrics: &DetailedStatusCodesMetricsProperty{
				IsEnabled: jsii.Boolean(false),
			},
			PrefixLevel: &PrefixLevelProperty{
				StorageMetrics: &PrefixLevelStorageMetricsProperty{
					IsEnabled: jsii.Boolean(false),
					SelectionCriteria: &SelectionCriteriaProperty{
						Delimiter: jsii.String("delimiter"),
						MaxDepth: jsii.Number(123),
						MinStorageBytesPercentage: jsii.Number(123),
					},
				},
			},
		},

		// the properties below are optional
		ActivityMetrics: &ActivityMetricsProperty{
			IsEnabled: jsii.Boolean(false),
		},
		AdvancedCostOptimizationMetrics: &AdvancedCostOptimizationMetricsProperty{
			IsEnabled: jsii.Boolean(false),
		},
		AdvancedDataProtectionMetrics: &AdvancedDataProtectionMetricsProperty{
			IsEnabled: jsii.Boolean(false),
		},
		DetailedStatusCodesMetrics: &DetailedStatusCodesMetricsProperty{
			IsEnabled: jsii.Boolean(false),
		},
		StorageLensGroupLevel: &StorageLensGroupLevelProperty{
			StorageLensGroupSelectionCriteria: &StorageLensGroupSelectionCriteriaProperty{
				Exclude: []*string{
					jsii.String("exclude"),
				},
				Include: []*string{
					jsii.String("include"),
				},
			},
		},
	},
	Id: jsii.String("id"),
	IsEnabled: jsii.Boolean(false),

	// the properties below are optional
	AwsOrg: &AwsOrgProperty{
		Arn: jsii.String("arn"),
	},
	DataExport: &DataExportProperty{
		CloudWatchMetrics: &CloudWatchMetricsProperty{
			IsEnabled: jsii.Boolean(false),
		},
		S3BucketDestination: &S3BucketDestinationProperty{
			AccountId: jsii.String("accountId"),
			Arn: jsii.String("arn"),
			Format: jsii.String("format"),
			OutputSchemaVersion: jsii.String("outputSchemaVersion"),

			// the properties below are optional
			Encryption: &EncryptionProperty{
				Ssekms: &SSEKMSProperty{
					KeyId: jsii.String("keyId"),
				},
				Sses3: sses3,
			},
			Prefix: jsii.String("prefix"),
		},
	},
	Exclude: &BucketsAndRegionsProperty{
		Buckets: []*string{
			jsii.String("buckets"),
		},
		Regions: []*string{
			jsii.String("regions"),
		},
	},
	Include: &BucketsAndRegionsProperty{
		Buckets: []*string{
			jsii.String("buckets"),
		},
		Regions: []*string{
			jsii.String("regions"),
		},
	},
	StorageLensArn: jsii.String("storageLensArn"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-storagelensconfiguration.html

type CfnStorageLens_StorageLensGroupLevelProperty added in v2.106.0

type CfnStorageLens_StorageLensGroupLevelProperty struct {
	// This property indicates which Storage Lens group ARNs to include or exclude in the Storage Lens group aggregation.
	//
	// If this value is left null, then all Storage Lens groups are selected.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-storagelensgrouplevel.html#cfn-s3-storagelens-storagelensgrouplevel-storagelensgroupselectioncriteria
	//
	StorageLensGroupSelectionCriteria interface{} `field:"optional" json:"storageLensGroupSelectionCriteria" yaml:"storageLensGroupSelectionCriteria"`
}

This resource determines the scope of Storage Lens group data that is displayed in the Storage Lens dashboard.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

storageLensGroupLevelProperty := &StorageLensGroupLevelProperty{
	StorageLensGroupSelectionCriteria: &StorageLensGroupSelectionCriteriaProperty{
		Exclude: []*string{
			jsii.String("exclude"),
		},
		Include: []*string{
			jsii.String("include"),
		},
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-storagelensgrouplevel.html

type CfnStorageLens_StorageLensGroupSelectionCriteriaProperty added in v2.106.0

type CfnStorageLens_StorageLensGroupSelectionCriteriaProperty struct {
	// This property indicates which Storage Lens group ARNs to exclude from the Storage Lens group aggregation.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-storagelensgroupselectioncriteria.html#cfn-s3-storagelens-storagelensgroupselectioncriteria-exclude
	//
	Exclude *[]*string `field:"optional" json:"exclude" yaml:"exclude"`
	// This property indicates which Storage Lens group ARNs to include in the Storage Lens group aggregation.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-storagelensgroupselectioncriteria.html#cfn-s3-storagelens-storagelensgroupselectioncriteria-include
	//
	Include *[]*string `field:"optional" json:"include" yaml:"include"`
}

This resource indicates which Storage Lens group ARNs to include or exclude in the Storage Lens group aggregation.

You can only attach Storage Lens groups to your dashboard if they're included in your Storage Lens group aggregation. If this value is left null, then all Storage Lens groups are selected.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

storageLensGroupSelectionCriteriaProperty := &StorageLensGroupSelectionCriteriaProperty{
	Exclude: []*string{
		jsii.String("exclude"),
	},
	Include: []*string{
		jsii.String("include"),
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-storagelens-storagelensgroupselectioncriteria.html

type CorsRule

type CorsRule struct {
	// An HTTP method that you allow the origin to execute.
	AllowedMethods *[]HttpMethods `field:"required" json:"allowedMethods" yaml:"allowedMethods"`
	// One or more origins you want customers to be able to access the bucket from.
	AllowedOrigins *[]*string `field:"required" json:"allowedOrigins" yaml:"allowedOrigins"`
	// Headers that are specified in the Access-Control-Request-Headers header.
	// Default: - No headers allowed.
	//
	AllowedHeaders *[]*string `field:"optional" json:"allowedHeaders" yaml:"allowedHeaders"`
	// One or more headers in the response that you want customers to be able to access from their applications.
	// Default: - No headers exposed.
	//
	ExposedHeaders *[]*string `field:"optional" json:"exposedHeaders" yaml:"exposedHeaders"`
	// A unique identifier for this rule.
	// Default: - No id specified.
	//
	Id *string `field:"optional" json:"id" yaml:"id"`
	// The time in seconds that your browser is to cache the preflight response for the specified resource.
	// Default: - No caching.
	//
	MaxAge *float64 `field:"optional" json:"maxAge" yaml:"maxAge"`
}

Specifies a cross-origin access rule for an Amazon S3 bucket.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

corsRule := &CorsRule{
	AllowedMethods: []httpMethods{
		awscdk.Aws_s3.*httpMethods_GET,
	},
	AllowedOrigins: []*string{
		jsii.String("allowedOrigins"),
	},

	// the properties below are optional
	AllowedHeaders: []*string{
		jsii.String("allowedHeaders"),
	},
	ExposedHeaders: []*string{
		jsii.String("exposedHeaders"),
	},
	Id: jsii.String("id"),
	MaxAge: jsii.Number(123),
}

type EventType

type EventType string

Notification event types.

Example:

var myQueue queue

bucket := s3.NewBucket(this, jsii.String("MyBucket"))
bucket.AddEventNotification(s3.EventType_OBJECT_REMOVED, s3n.NewSqsDestination(myQueue), &NotificationKeyFilter{
	Prefix: jsii.String("foo/"),
	Suffix: jsii.String(".jpg"),
})
const (
	// Amazon S3 APIs such as PUT, POST, and COPY can create an object.
	//
	// Using
	// these event types, you can enable notification when an object is created
	// using a specific API, or you can use the s3:ObjectCreated:* event type to
	// request notification regardless of the API that was used to create an
	// object.
	EventType_OBJECT_CREATED EventType = "OBJECT_CREATED"
	// Amazon S3 APIs such as PUT, POST, and COPY can create an object.
	//
	// Using
	// these event types, you can enable notification when an object is created
	// using a specific API, or you can use the s3:ObjectCreated:* event type to
	// request notification regardless of the API that was used to create an
	// object.
	EventType_OBJECT_CREATED_PUT EventType = "OBJECT_CREATED_PUT"
	// Amazon S3 APIs such as PUT, POST, and COPY can create an object.
	//
	// Using
	// these event types, you can enable notification when an object is created
	// using a specific API, or you can use the s3:ObjectCreated:* event type to
	// request notification regardless of the API that was used to create an
	// object.
	EventType_OBJECT_CREATED_POST EventType = "OBJECT_CREATED_POST"
	// Amazon S3 APIs such as PUT, POST, and COPY can create an object.
	//
	// Using
	// these event types, you can enable notification when an object is created
	// using a specific API, or you can use the s3:ObjectCreated:* event type to
	// request notification regardless of the API that was used to create an
	// object.
	EventType_OBJECT_CREATED_COPY EventType = "OBJECT_CREATED_COPY"
	// Amazon S3 APIs such as PUT, POST, and COPY can create an object.
	//
	// Using
	// these event types, you can enable notification when an object is created
	// using a specific API, or you can use the s3:ObjectCreated:* event type to
	// request notification regardless of the API that was used to create an
	// object.
	EventType_OBJECT_CREATED_COMPLETE_MULTIPART_UPLOAD EventType = "OBJECT_CREATED_COMPLETE_MULTIPART_UPLOAD"
	// By using the ObjectRemoved event types, you can enable notification when an object or a batch of objects is removed from a bucket.
	//
	// You can request notification when an object is deleted or a versioned
	// object is permanently deleted by using the s3:ObjectRemoved:Delete event
	// type. Or you can request notification when a delete marker is created for
	// a versioned object by using s3:ObjectRemoved:DeleteMarkerCreated. For
	// information about deleting versioned objects, see Deleting Object
	// Versions. You can also use a wildcard s3:ObjectRemoved:* to request
	// notification anytime an object is deleted.
	//
	// You will not receive event notifications from automatic deletes from
	// lifecycle policies or from failed operations.
	EventType_OBJECT_REMOVED EventType = "OBJECT_REMOVED"
	// By using the ObjectRemoved event types, you can enable notification when an object or a batch of objects is removed from a bucket.
	//
	// You can request notification when an object is deleted or a versioned
	// object is permanently deleted by using the s3:ObjectRemoved:Delete event
	// type. Or you can request notification when a delete marker is created for
	// a versioned object by using s3:ObjectRemoved:DeleteMarkerCreated. For
	// information about deleting versioned objects, see Deleting Object
	// Versions. You can also use a wildcard s3:ObjectRemoved:* to request
	// notification anytime an object is deleted.
	//
	// You will not receive event notifications from automatic deletes from
	// lifecycle policies or from failed operations.
	EventType_OBJECT_REMOVED_DELETE EventType = "OBJECT_REMOVED_DELETE"
	// By using the ObjectRemoved event types, you can enable notification when an object or a batch of objects is removed from a bucket.
	//
	// You can request notification when an object is deleted or a versioned
	// object is permanently deleted by using the s3:ObjectRemoved:Delete event
	// type. Or you can request notification when a delete marker is created for
	// a versioned object by using s3:ObjectRemoved:DeleteMarkerCreated. For
	// information about deleting versioned objects, see Deleting Object
	// Versions. You can also use a wildcard s3:ObjectRemoved:* to request
	// notification anytime an object is deleted.
	//
	// You will not receive event notifications from automatic deletes from
	// lifecycle policies or from failed operations.
	EventType_OBJECT_REMOVED_DELETE_MARKER_CREATED EventType = "OBJECT_REMOVED_DELETE_MARKER_CREATED"
	// Using restore object event types you can receive notifications for initiation and completion when restoring objects from the S3 Glacier storage class.
	//
	// You use s3:ObjectRestore:Post to request notification of object restoration
	// initiation.
	EventType_OBJECT_RESTORE_POST EventType = "OBJECT_RESTORE_POST"
	// Using restore object event types you can receive notifications for initiation and completion when restoring objects from the S3 Glacier storage class.
	//
	// You use s3:ObjectRestore:Completed to request notification of
	// restoration completion.
	EventType_OBJECT_RESTORE_COMPLETED EventType = "OBJECT_RESTORE_COMPLETED"
	// Using restore object event types you can receive notifications for initiation and completion when restoring objects from the S3 Glacier storage class.
	//
	// You use s3:ObjectRestore:Delete to request notification of
	// restoration completion.
	EventType_OBJECT_RESTORE_DELETE EventType = "OBJECT_RESTORE_DELETE"
	// You can use this event type to request Amazon S3 to send a notification message when Amazon S3 detects that an object of the RRS storage class is lost.
	EventType_REDUCED_REDUNDANCY_LOST_OBJECT EventType = "REDUCED_REDUNDANCY_LOST_OBJECT"
	// You receive this notification event when an object that was eligible for replication using Amazon S3 Replication Time Control failed to replicate.
	EventType_REPLICATION_OPERATION_FAILED_REPLICATION EventType = "REPLICATION_OPERATION_FAILED_REPLICATION"
	// You receive this notification event when an object that was eligible for replication using Amazon S3 Replication Time Control exceeded the 15-minute threshold for replication.
	EventType_REPLICATION_OPERATION_MISSED_THRESHOLD EventType = "REPLICATION_OPERATION_MISSED_THRESHOLD"
	// You receive this notification event for an object that was eligible for replication using the Amazon S3 Replication Time Control feature replicated after the 15-minute threshold.
	EventType_REPLICATION_OPERATION_REPLICATED_AFTER_THRESHOLD EventType = "REPLICATION_OPERATION_REPLICATED_AFTER_THRESHOLD"
	// You receive this notification event for an object that was eligible for replication using Amazon S3 Replication Time Control but is no longer tracked by replication metrics.
	EventType_REPLICATION_OPERATION_NOT_TRACKED EventType = "REPLICATION_OPERATION_NOT_TRACKED"
	// By using the LifecycleExpiration event types, you can receive a notification when Amazon S3 deletes an object based on your S3 Lifecycle configuration.
	EventType_LIFECYCLE_EXPIRATION EventType = "LIFECYCLE_EXPIRATION"
	// The s3:LifecycleExpiration:Delete event type notifies you when an object in an unversioned bucket is deleted.
	//
	// It also notifies you when an object version is permanently deleted by an
	// S3 Lifecycle configuration.
	EventType_LIFECYCLE_EXPIRATION_DELETE EventType = "LIFECYCLE_EXPIRATION_DELETE"
	// The s3:LifecycleExpiration:DeleteMarkerCreated event type notifies you when S3 Lifecycle creates a delete marker when a current version of an object in versioned bucket is deleted.
	EventType_LIFECYCLE_EXPIRATION_DELETE_MARKER_CREATED EventType = "LIFECYCLE_EXPIRATION_DELETE_MARKER_CREATED"
	// You receive this notification event when an object is transitioned to another Amazon S3 storage class by an S3 Lifecycle configuration.
	EventType_LIFECYCLE_TRANSITION EventType = "LIFECYCLE_TRANSITION"
	// You receive this notification event when an object within the S3 Intelligent-Tiering storage class moved to the Archive Access tier or Deep Archive Access tier.
	EventType_INTELLIGENT_TIERING EventType = "INTELLIGENT_TIERING"
	// By using the ObjectTagging event types, you can enable notification when an object tag is added or deleted from an object.
	EventType_OBJECT_TAGGING EventType = "OBJECT_TAGGING"
	// The s3:ObjectTagging:Put event type notifies you when a tag is PUT on an object or an existing tag is updated.
	EventType_OBJECT_TAGGING_PUT EventType = "OBJECT_TAGGING_PUT"
	// The s3:ObjectTagging:Delete event type notifies you when a tag is removed from an object.
	EventType_OBJECT_TAGGING_DELETE EventType = "OBJECT_TAGGING_DELETE"
	// You receive this notification event when an ACL is PUT on an object or when an existing ACL is changed.
	//
	// An event is not generated when a request results in no change to an
	// object’s ACL.
	EventType_OBJECT_ACL_PUT EventType = "OBJECT_ACL_PUT"
)

type HttpMethods

type HttpMethods string

All http request methods.

const (
	// The GET method requests a representation of the specified resource.
	HttpMethods_GET HttpMethods = "GET"
	// The PUT method replaces all current representations of the target resource with the request payload.
	HttpMethods_PUT HttpMethods = "PUT"
	// The HEAD method asks for a response identical to that of a GET request, but without the response body.
	HttpMethods_HEAD HttpMethods = "HEAD"
	// The POST method is used to submit an entity to the specified resource, often causing a change in state or side effects on the server.
	HttpMethods_POST HttpMethods = "POST"
	// The DELETE method deletes the specified resource.
	HttpMethods_DELETE HttpMethods = "DELETE"
)

type IBucket

type IBucket interface {
	awscdk.IResource
	// Adds a bucket notification event destination.
	//
	// Example:
	//   var myLambda function
	//
	//   bucket := s3.NewBucket(this, jsii.String("MyBucket"))
	//   bucket.AddEventNotification(s3.EventType_OBJECT_CREATED, s3n.NewLambdaDestination(myLambda), &NotificationKeyFilter{
	//   	Prefix: jsii.String("home/myusername/*"),
	//   })
	//
	// See: https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html
	//
	AddEventNotification(event EventType, dest IBucketNotificationDestination, filters ...*NotificationKeyFilter)
	// Subscribes a destination to receive notifications when an object is created in the bucket.
	//
	// This is identical to calling
	// `onEvent(s3.EventType.OBJECT_CREATED)`.
	AddObjectCreatedNotification(dest IBucketNotificationDestination, filters ...*NotificationKeyFilter)
	// Subscribes a destination to receive notifications when an object is removed from the bucket.
	//
	// This is identical to calling
	// `onEvent(EventType.OBJECT_REMOVED)`.
	AddObjectRemovedNotification(dest IBucketNotificationDestination, filters ...*NotificationKeyFilter)
	// Adds a statement to the resource policy for a principal (i.e. account/role/service) to perform actions on this bucket and/or its contents. Use `bucketArn` and `arnForObjects(keys)` to obtain ARNs for this bucket or objects.
	//
	// Note that the policy statement may or may not be added to the policy.
	// For example, when an `IBucket` is created from an existing bucket,
	// it's not possible to tell whether the bucket already has a policy
	// attached, let alone to re-use that policy to add more statements to it.
	// So it's safest to do nothing in these cases.
	//
	// Returns: metadata about the execution of this method. If the policy
	// was not added, the value of `statementAdded` will be `false`. You
	// should always check this value to make sure that the operation was
	// actually carried out. Otherwise, synthesis and deploy will terminate
	// silently, which may be confusing.
	AddToResourcePolicy(permission awsiam.PolicyStatement) *awsiam.AddToResourcePolicyResult
	// Returns an ARN that represents all objects within the bucket that match the key pattern specified.
	//
	// To represent all keys, specify “"*"“.
	ArnForObjects(keyPattern *string) *string
	// Enables event bridge notification, causing all events below to be sent to EventBridge:.
	//
	// - Object Deleted (DeleteObject)
	// - Object Deleted (Lifecycle expiration)
	// - Object Restore Initiated
	// - Object Restore Completed
	// - Object Restore Expired
	// - Object Storage Class Changed
	// - Object Access Tier Changed
	// - Object ACL Updated
	// - Object Tags Added
	// - Object Tags Deleted.
	EnableEventBridgeNotification()
	// Grants s3:DeleteObject* permission to an IAM principal for objects in this bucket.
	GrantDelete(identity awsiam.IGrantable, objectsKeyPattern interface{}) awsiam.Grant
	// Allows unrestricted access to objects from this bucket.
	//
	// IMPORTANT: This permission allows anyone to perform actions on S3 objects
	// in this bucket, which is useful for when you configure your bucket as a
	// website and want everyone to be able to read objects in the bucket without
	// needing to authenticate.
	//
	// Without arguments, this method will grant read ("s3:GetObject") access to
	// all objects ("*") in the bucket.
	//
	// The method returns the `iam.Grant` object, which can then be modified
	// as needed. For example, you can add a condition that will restrict access only
	// to an IPv4 range like this:
	//
	//     const grant = bucket.grantPublicAccess();
	//     grant.resourceStatement!.addCondition(‘IpAddress’, { “aws:SourceIp”: “54.240.143.0/24” });
	//
	// Returns: The `iam.PolicyStatement` object, which can be used to apply e.g. conditions.
	GrantPublicAccess(keyPrefix *string, allowedActions ...*string) awsiam.Grant
	// Grants s3:PutObject* and s3:Abort* permissions for this bucket to an IAM principal.
	//
	// If encryption is used, permission to use the key to encrypt the contents
	// of written files will also be granted to the same principal.
	GrantPut(identity awsiam.IGrantable, objectsKeyPattern interface{}) awsiam.Grant
	// Grant the given IAM identity permissions to modify the ACLs of objects in the given Bucket.
	//
	// If your application has the '@aws-cdk/aws-s3:grantWriteWithoutAcl' feature flag set,
	// calling `grantWrite` or `grantReadWrite` no longer grants permissions to modify the ACLs of the objects;
	// in this case, if you need to modify object ACLs, call this method explicitly.
	GrantPutAcl(identity awsiam.IGrantable, objectsKeyPattern *string) awsiam.Grant
	// Grant read permissions for this bucket and it's contents to an IAM principal (Role/Group/User).
	//
	// If encryption is used, permission to use the key to decrypt the contents
	// of the bucket will also be granted to the same principal.
	GrantRead(identity awsiam.IGrantable, objectsKeyPattern interface{}) awsiam.Grant
	// Grants read/write permissions for this bucket and it's contents to an IAM principal (Role/Group/User).
	//
	// If an encryption key is used, permission to use the key for
	// encrypt/decrypt will also be granted.
	//
	// Before CDK version 1.85.0, this method granted the `s3:PutObject*` permission that included `s3:PutObjectAcl`,
	// which could be used to grant read/write object access to IAM principals in other accounts.
	// If you want to get rid of that behavior, update your CDK version to 1.85.0 or later,
	// and make sure the `@aws-cdk/aws-s3:grantWriteWithoutAcl` feature flag is set to `true`
	// in the `context` key of your cdk.json file.
	// If you've already updated, but still need the principal to have permissions to modify the ACLs,
	// use the `grantPutAcl` method.
	GrantReadWrite(identity awsiam.IGrantable, objectsKeyPattern interface{}) awsiam.Grant
	// Grant write permissions to this bucket to an IAM principal.
	//
	// If encryption is used, permission to use the key to encrypt the contents
	// of written files will also be granted to the same principal.
	//
	// Before CDK version 1.85.0, this method granted the `s3:PutObject*` permission that included `s3:PutObjectAcl`,
	// which could be used to grant read/write object access to IAM principals in other accounts.
	// If you want to get rid of that behavior, update your CDK version to 1.85.0 or later,
	// and make sure the `@aws-cdk/aws-s3:grantWriteWithoutAcl` feature flag is set to `true`
	// in the `context` key of your cdk.json file.
	// If you've already updated, but still need the principal to have permissions to modify the ACLs,
	// use the `grantPutAcl` method.
	GrantWrite(identity awsiam.IGrantable, objectsKeyPattern interface{}, allowedActionPatterns *[]*string) awsiam.Grant
	// Defines a CloudWatch event that triggers when something happens to this bucket.
	//
	// Requires that there exists at least one CloudTrail Trail in your account
	// that captures the event. This method will not create the Trail.
	OnCloudTrailEvent(id *string, options *OnCloudTrailBucketEventOptions) awsevents.Rule
	// Defines an AWS CloudWatch event that triggers when an object is uploaded to the specified paths (keys) in this bucket using the PutObject API call.
	//
	// Note that some tools like `aws s3 cp` will automatically use either
	// PutObject or the multipart upload API depending on the file size,
	// so using `onCloudTrailWriteObject` may be preferable.
	//
	// Requires that there exists at least one CloudTrail Trail in your account
	// that captures the event. This method will not create the Trail.
	OnCloudTrailPutObject(id *string, options *OnCloudTrailBucketEventOptions) awsevents.Rule
	// Defines an AWS CloudWatch event that triggers when an object at the specified paths (keys) in this bucket are written to.
	//
	// This includes
	// the events PutObject, CopyObject, and CompleteMultipartUpload.
	//
	// Note that some tools like `aws s3 cp` will automatically use either
	// PutObject or the multipart upload API depending on the file size,
	// so using this method may be preferable to `onCloudTrailPutObject`.
	//
	// Requires that there exists at least one CloudTrail Trail in your account
	// that captures the event. This method will not create the Trail.
	OnCloudTrailWriteObject(id *string, options *OnCloudTrailBucketEventOptions) awsevents.Rule
	// The S3 URL of an S3 object.
	//
	// For example:
	// - `s3://onlybucket`
	// - `s3://bucket/key`.
	//
	// Returns: an ObjectS3Url token.
	S3UrlForObject(key *string) *string
	// The https Transfer Acceleration URL of an S3 object.
	//
	// Specify `dualStack: true` at the options
	// for dual-stack endpoint (connect to the bucket over IPv6). For example:
	//
	// - `https://bucket.s3-accelerate.amazonaws.com`
	// - `https://bucket.s3-accelerate.amazonaws.com/key`
	//
	// Returns: an TransferAccelerationUrl token.
	TransferAccelerationUrlForObject(key *string, options *TransferAccelerationUrlOptions) *string
	// The https URL of an S3 object. For example:.
	//
	// - `https://s3.us-west-1.amazonaws.com/onlybucket`
	// - `https://s3.us-west-1.amazonaws.com/bucket/key`
	// - `https://s3.cn-north-1.amazonaws.com.cn/china-bucket/mykey`
	//
	// Returns: an ObjectS3Url token.
	UrlForObject(key *string) *string
	// The virtual hosted-style URL of an S3 object. Specify `regional: false` at the options for non-regional URL. For example:.
	//
	// - `https://only-bucket.s3.us-west-1.amazonaws.com`
	// - `https://bucket.s3.us-west-1.amazonaws.com/key`
	// - `https://bucket.s3.amazonaws.com/key`
	// - `https://china-bucket.s3.cn-north-1.amazonaws.com.cn/mykey`
	//
	// Returns: an ObjectS3Url token.
	VirtualHostedUrlForObject(key *string, options *VirtualHostedStyleUrlOptions) *string
	// The ARN of the bucket.
	BucketArn() *string
	// The IPv4 DNS name of the specified bucket.
	BucketDomainName() *string
	// The IPv6 DNS name of the specified bucket.
	BucketDualStackDomainName() *string
	// The name of the bucket.
	BucketName() *string
	// The regional domain name of the specified bucket.
	BucketRegionalDomainName() *string
	// The Domain name of the static website.
	BucketWebsiteDomainName() *string
	// The URL of the static website.
	BucketWebsiteUrl() *string
	// Optional KMS encryption key associated with this bucket.
	EncryptionKey() awskms.IKey
	// If this bucket has been configured for static website hosting.
	IsWebsite() *bool
	// The resource policy associated with this bucket.
	//
	// If `autoCreatePolicy` is true, a `BucketPolicy` will be created upon the
	// first call to addToResourcePolicy(s).
	Policy() BucketPolicy
	SetPolicy(p BucketPolicy)
}

func Bucket_FromBucketArn

func Bucket_FromBucketArn(scope constructs.Construct, id *string, bucketArn *string) IBucket

func Bucket_FromBucketAttributes

func Bucket_FromBucketAttributes(scope constructs.Construct, id *string, attrs *BucketAttributes) IBucket

Creates a Bucket construct that represents an external bucket.

func Bucket_FromBucketName

func Bucket_FromBucketName(scope constructs.Construct, id *string, bucketName *string) IBucket

func Bucket_FromCfnBucket added in v2.38.0

func Bucket_FromCfnBucket(cfnBucket CfnBucket) IBucket

Create a mutable `IBucket` based on a low-level `CfnBucket`.

type IBucketNotificationDestination

type IBucketNotificationDestination interface {
	// Registers this resource to receive notifications for the specified bucket.
	//
	// This method will only be called once for each destination/bucket
	// pair and the result will be cached, so there is no need to implement
	// idempotency in each destination.
	Bind(scope constructs.Construct, bucket IBucket) *BucketNotificationDestinationConfig
}

Implemented by constructs that can be used as bucket notification destinations.

type IntelligentTieringConfiguration added in v2.4.0

type IntelligentTieringConfiguration struct {
	// Configuration name.
	Name *string `field:"required" json:"name" yaml:"name"`
	// When enabled, Intelligent-Tiering will automatically move objects that haven’t been accessed for a minimum of 90 days to the Archive Access tier.
	// Default: Objects will not move to Glacier.
	//
	ArchiveAccessTierTime awscdk.Duration `field:"optional" json:"archiveAccessTierTime" yaml:"archiveAccessTierTime"`
	// When enabled, Intelligent-Tiering will automatically move objects that haven’t been accessed for a minimum of 180 days to the Deep Archive Access tier.
	// Default: Objects will not move to Glacier Deep Access.
	//
	DeepArchiveAccessTierTime awscdk.Duration `field:"optional" json:"deepArchiveAccessTierTime" yaml:"deepArchiveAccessTierTime"`
	// Add a filter to limit the scope of this configuration to a single prefix.
	// Default: this configuration will apply to **all** objects in the bucket.
	//
	Prefix *string `field:"optional" json:"prefix" yaml:"prefix"`
	// You can limit the scope of this rule to the key value pairs added below.
	// Default: No filtering will be performed on tags.
	//
	Tags *[]*Tag `field:"optional" json:"tags" yaml:"tags"`
}

The intelligent tiering configuration.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
import "github.com/aws/aws-cdk-go/awscdk"

intelligentTieringConfiguration := &IntelligentTieringConfiguration{
	Name: jsii.String("name"),

	// the properties below are optional
	ArchiveAccessTierTime: cdk.Duration_Minutes(jsii.Number(30)),
	DeepArchiveAccessTierTime: cdk.Duration_*Minutes(jsii.Number(30)),
	Prefix: jsii.String("prefix"),
	Tags: []tag{
		&tag{
			Key: jsii.String("key"),
			Value: jsii.String("value"),
		},
	},
}

type Inventory

type Inventory struct {
	// The destination of the inventory.
	Destination *InventoryDestination `field:"required" json:"destination" yaml:"destination"`
	// Whether the inventory is enabled or disabled.
	// Default: true.
	//
	Enabled *bool `field:"optional" json:"enabled" yaml:"enabled"`
	// The format of the inventory.
	// Default: InventoryFormat.CSV
	//
	Format InventoryFormat `field:"optional" json:"format" yaml:"format"`
	// Frequency at which the inventory should be generated.
	// Default: InventoryFrequency.WEEKLY
	//
	Frequency InventoryFrequency `field:"optional" json:"frequency" yaml:"frequency"`
	// If the inventory should contain all the object versions or only the current one.
	// Default: InventoryObjectVersion.ALL
	//
	IncludeObjectVersions InventoryObjectVersion `field:"optional" json:"includeObjectVersions" yaml:"includeObjectVersions"`
	// The inventory configuration ID.
	//
	// Should be limited to 64 characters and can only contain letters, numbers, periods, dashes, and underscores.
	// Default: - generated ID.
	//
	InventoryId *string `field:"optional" json:"inventoryId" yaml:"inventoryId"`
	// The inventory will only include objects that meet the prefix filter criteria.
	// Default: - No objects prefix.
	//
	ObjectsPrefix *string `field:"optional" json:"objectsPrefix" yaml:"objectsPrefix"`
	// A list of optional fields to be included in the inventory result.
	// Default: - No optional fields.
	//
	OptionalFields *[]*string `field:"optional" json:"optionalFields" yaml:"optionalFields"`
}

Specifies the inventory configuration of an S3 Bucket.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var bucket bucket

inventory := &Inventory{
	Destination: &InventoryDestination{
		Bucket: bucket,

		// the properties below are optional
		BucketOwner: jsii.String("bucketOwner"),
		Prefix: jsii.String("prefix"),
	},

	// the properties below are optional
	Enabled: jsii.Boolean(false),
	Format: awscdk.Aws_s3.InventoryFormat_CSV,
	Frequency: awscdk.*Aws_s3.InventoryFrequency_DAILY,
	IncludeObjectVersions: awscdk.*Aws_s3.InventoryObjectVersion_ALL,
	InventoryId: jsii.String("inventoryId"),
	ObjectsPrefix: jsii.String("objectsPrefix"),
	OptionalFields: []*string{
		jsii.String("optionalFields"),
	},
}

See: https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-inventory.html

type InventoryDestination

type InventoryDestination struct {
	// Bucket where all inventories will be saved in.
	Bucket IBucket `field:"required" json:"bucket" yaml:"bucket"`
	// The account ID that owns the destination S3 bucket.
	//
	// If no account ID is provided, the owner is not validated before exporting data.
	// It's recommended to set an account ID to prevent problems if the destination bucket ownership changes.
	// Default: - No account ID.
	//
	BucketOwner *string `field:"optional" json:"bucketOwner" yaml:"bucketOwner"`
	// The prefix to be used when saving the inventory.
	// Default: - No prefix.
	//
	Prefix *string `field:"optional" json:"prefix" yaml:"prefix"`
}

The destination of the inventory.

Example:

inventoryBucket := s3.NewBucket(this, jsii.String("InventoryBucket"))

dataBucket := s3.NewBucket(this, jsii.String("DataBucket"), &BucketProps{
	Inventories: []inventory{
		&inventory{
			Frequency: s3.InventoryFrequency_DAILY,
			IncludeObjectVersions: s3.InventoryObjectVersion_CURRENT,
			Destination: &InventoryDestination{
				Bucket: inventoryBucket,
			},
		},
		&inventory{
			Frequency: s3.InventoryFrequency_WEEKLY,
			IncludeObjectVersions: s3.InventoryObjectVersion_ALL,
			Destination: &InventoryDestination{
				Bucket: inventoryBucket,
				Prefix: jsii.String("with-all-versions"),
			},
		},
	},
})

type InventoryFormat

type InventoryFormat string

All supported inventory list formats.

const (
	// Generate the inventory list as CSV.
	InventoryFormat_CSV InventoryFormat = "CSV"
	// Generate the inventory list as Parquet.
	InventoryFormat_PARQUET InventoryFormat = "PARQUET"
	// Generate the inventory list as ORC.
	InventoryFormat_ORC InventoryFormat = "ORC"
)

type InventoryFrequency

type InventoryFrequency string

All supported inventory frequencies.

Example:

inventoryBucket := s3.NewBucket(this, jsii.String("InventoryBucket"))

dataBucket := s3.NewBucket(this, jsii.String("DataBucket"), &BucketProps{
	Inventories: []inventory{
		&inventory{
			Frequency: s3.InventoryFrequency_DAILY,
			IncludeObjectVersions: s3.InventoryObjectVersion_CURRENT,
			Destination: &InventoryDestination{
				Bucket: inventoryBucket,
			},
		},
		&inventory{
			Frequency: s3.InventoryFrequency_WEEKLY,
			IncludeObjectVersions: s3.InventoryObjectVersion_ALL,
			Destination: &InventoryDestination{
				Bucket: inventoryBucket,
				Prefix: jsii.String("with-all-versions"),
			},
		},
	},
})
const (
	// A report is generated every day.
	InventoryFrequency_DAILY InventoryFrequency = "DAILY"
	// A report is generated every Sunday (UTC timezone) after the initial report.
	InventoryFrequency_WEEKLY InventoryFrequency = "WEEKLY"
)

type InventoryObjectVersion

type InventoryObjectVersion string

Inventory version support.

Example:

inventoryBucket := s3.NewBucket(this, jsii.String("InventoryBucket"))

dataBucket := s3.NewBucket(this, jsii.String("DataBucket"), &BucketProps{
	Inventories: []inventory{
		&inventory{
			Frequency: s3.InventoryFrequency_DAILY,
			IncludeObjectVersions: s3.InventoryObjectVersion_CURRENT,
			Destination: &InventoryDestination{
				Bucket: inventoryBucket,
			},
		},
		&inventory{
			Frequency: s3.InventoryFrequency_WEEKLY,
			IncludeObjectVersions: s3.InventoryObjectVersion_ALL,
			Destination: &InventoryDestination{
				Bucket: inventoryBucket,
				Prefix: jsii.String("with-all-versions"),
			},
		},
	},
})
const (
	// Includes all versions of each object in the report.
	InventoryObjectVersion_ALL InventoryObjectVersion = "ALL"
	// Includes only the current version of each object in the report.
	InventoryObjectVersion_CURRENT InventoryObjectVersion = "CURRENT"
)

type LifecycleRule

type LifecycleRule struct {
	// Specifies a lifecycle rule that aborts incomplete multipart uploads to an Amazon S3 bucket.
	//
	// The AbortIncompleteMultipartUpload property type creates a lifecycle
	// rule that aborts incomplete multipart uploads to an Amazon S3 bucket.
	// When Amazon S3 aborts a multipart upload, it deletes all parts
	// associated with the multipart upload.
	//
	// The underlying configuration is expressed in whole numbers of days. Providing a Duration that
	// does not represent a whole number of days will result in a runtime or deployment error.
	// Default: - Incomplete uploads are never aborted.
	//
	AbortIncompleteMultipartUploadAfter awscdk.Duration `field:"optional" json:"abortIncompleteMultipartUploadAfter" yaml:"abortIncompleteMultipartUploadAfter"`
	// Whether this rule is enabled.
	// Default: true.
	//
	Enabled *bool `field:"optional" json:"enabled" yaml:"enabled"`
	// Indicates the number of days after creation when objects are deleted from Amazon S3 and Amazon Glacier.
	//
	// If you specify an expiration and transition time, you must use the same
	// time unit for both properties (either in days or by date). The
	// expiration time must also be later than the transition time.
	//
	// The underlying configuration is expressed in whole numbers of days. Providing a Duration that
	// does not represent a whole number of days will result in a runtime or deployment error.
	// Default: - No expiration timeout.
	//
	Expiration awscdk.Duration `field:"optional" json:"expiration" yaml:"expiration"`
	// Indicates when objects are deleted from Amazon S3 and Amazon Glacier.
	//
	// The date value must be in ISO 8601 format. The time is always midnight UTC.
	//
	// If you specify an expiration and transition time, you must use the same
	// time unit for both properties (either in days or by date). The
	// expiration time must also be later than the transition time.
	// Default: - No expiration date.
	//
	ExpirationDate *time.Time `field:"optional" json:"expirationDate" yaml:"expirationDate"`
	// Indicates whether Amazon S3 will remove a delete marker with no noncurrent versions.
	//
	// If set to true, the delete marker will be expired.
	// Default: false.
	//
	ExpiredObjectDeleteMarker *bool `field:"optional" json:"expiredObjectDeleteMarker" yaml:"expiredObjectDeleteMarker"`
	// A unique identifier for this rule.
	//
	// The value cannot be more than 255 characters.
	Id *string `field:"optional" json:"id" yaml:"id"`
	// Time between when a new version of the object is uploaded to the bucket and when old versions of the object expire.
	//
	// For buckets with versioning enabled (or suspended), specifies the time,
	// in days, between when a new version of the object is uploaded to the
	// bucket and when old versions of the object expire. When object versions
	// expire, Amazon S3 permanently deletes them. If you specify a transition
	// and expiration time, the expiration time must be later than the
	// transition time.
	//
	// The underlying configuration is expressed in whole numbers of days. Providing a Duration that
	// does not represent a whole number of days will result in a runtime or deployment error.
	// Default: - No noncurrent version expiration.
	//
	NoncurrentVersionExpiration awscdk.Duration `field:"optional" json:"noncurrentVersionExpiration" yaml:"noncurrentVersionExpiration"`
	// Indicates a maximum number of noncurrent versions to retain.
	//
	// If there are this many more noncurrent versions,
	// Amazon S3 permanently deletes them.
	// Default: - No noncurrent versions to retain.
	//
	NoncurrentVersionsToRetain *float64 `field:"optional" json:"noncurrentVersionsToRetain" yaml:"noncurrentVersionsToRetain"`
	// One or more transition rules that specify when non-current objects transition to a specified storage class.
	//
	// Only for for buckets with versioning enabled (or suspended).
	//
	// If you specify a transition and expiration time, the expiration time
	// must be later than the transition time.
	NoncurrentVersionTransitions *[]*NoncurrentVersionTransition `field:"optional" json:"noncurrentVersionTransitions" yaml:"noncurrentVersionTransitions"`
	// Specifies the minimum object size in bytes for this rule to apply to.
	//
	// Objects must be larger than this value in bytes.
	// Default: - No rule.
	//
	ObjectSizeGreaterThan *float64 `field:"optional" json:"objectSizeGreaterThan" yaml:"objectSizeGreaterThan"`
	// Specifies the maximum object size in bytes for this rule to apply to.
	//
	// Objects must be smaller than this value in bytes.
	// Default: - No rule.
	//
	ObjectSizeLessThan *float64 `field:"optional" json:"objectSizeLessThan" yaml:"objectSizeLessThan"`
	// Object key prefix that identifies one or more objects to which this rule applies.
	// Default: - Rule applies to all objects.
	//
	Prefix *string `field:"optional" json:"prefix" yaml:"prefix"`
	// The TagFilter property type specifies tags to use to identify a subset of objects for an Amazon S3 bucket.
	// Default: - Rule applies to all objects.
	//
	TagFilters *map[string]interface{} `field:"optional" json:"tagFilters" yaml:"tagFilters"`
	// One or more transition rules that specify when an object transitions to a specified storage class.
	//
	// If you specify an expiration and transition time, you must use the same
	// time unit for both properties (either in days or by date). The
	// expiration time must also be later than the transition time.
	// Default: - No transition rules.
	//
	Transitions *[]*Transition `field:"optional" json:"transitions" yaml:"transitions"`
}

Declaration of a Life cycle rule.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
import "github.com/aws/aws-cdk-go/awscdk"

var storageClass storageClass
var tagFilters interface{}

lifecycleRule := &LifecycleRule{
	AbortIncompleteMultipartUploadAfter: cdk.Duration_Minutes(jsii.Number(30)),
	Enabled: jsii.Boolean(false),
	Expiration: cdk.Duration_*Minutes(jsii.Number(30)),
	ExpirationDate: NewDate(),
	ExpiredObjectDeleteMarker: jsii.Boolean(false),
	Id: jsii.String("id"),
	NoncurrentVersionExpiration: cdk.Duration_*Minutes(jsii.Number(30)),
	NoncurrentVersionsToRetain: jsii.Number(123),
	NoncurrentVersionTransitions: []noncurrentVersionTransition{
		&noncurrentVersionTransition{
			StorageClass: storageClass,
			TransitionAfter: cdk.Duration_*Minutes(jsii.Number(30)),

			// the properties below are optional
			NoncurrentVersionsToRetain: jsii.Number(123),
		},
	},
	ObjectSizeGreaterThan: jsii.Number(123),
	ObjectSizeLessThan: jsii.Number(123),
	Prefix: jsii.String("prefix"),
	TagFilters: map[string]interface{}{
		"tagFiltersKey": tagFilters,
	},
	Transitions: []transition{
		&transition{
			StorageClass: storageClass,

			// the properties below are optional
			TransitionAfter: cdk.Duration_*Minutes(jsii.Number(30)),
			TransitionDate: NewDate(),
		},
	},
}

type Location

type Location struct {
	// The name of the S3 Bucket the object is in.
	BucketName *string `field:"required" json:"bucketName" yaml:"bucketName"`
	// The path inside the Bucket where the object is located at.
	ObjectKey *string `field:"required" json:"objectKey" yaml:"objectKey"`
	// The S3 object version.
	ObjectVersion *string `field:"optional" json:"objectVersion" yaml:"objectVersion"`
}

An interface that represents the location of a specific object in an S3 Bucket.

Example:

startQueryExecutionJob := tasks.NewAthenaStartQueryExecution(this, jsii.String("Start Athena Query"), &AthenaStartQueryExecutionProps{
	QueryString: sfn.JsonPath_StringAt(jsii.String("$.queryString")),
	QueryExecutionContext: &QueryExecutionContext{
		DatabaseName: jsii.String("mydatabase"),
	},
	ResultConfiguration: &ResultConfiguration{
		EncryptionConfiguration: &EncryptionConfiguration{
			EncryptionOption: tasks.EncryptionOption_S3_MANAGED,
		},
		OutputLocation: &Location{
			BucketName: jsii.String("query-results-bucket"),
			ObjectKey: jsii.String("folder"),
		},
	},
	ExecutionParameters: []*string{
		jsii.String("param1"),
		jsii.String("param2"),
	},
	ResultReuseConfigurationMaxAge: awscdk.Duration_Minutes(jsii.Number(100)),
})

type NoncurrentVersionTransition

type NoncurrentVersionTransition struct {
	// The storage class to which you want the object to transition.
	StorageClass StorageClass `field:"required" json:"storageClass" yaml:"storageClass"`
	// Indicates the number of days after creation when objects are transitioned to the specified storage class.
	// Default: - No transition count.
	//
	TransitionAfter awscdk.Duration `field:"required" json:"transitionAfter" yaml:"transitionAfter"`
	// Indicates the number of noncurrent version objects to be retained.
	//
	// Can be up to 100 noncurrent versions retained.
	// Default: - No noncurrent version retained.
	//
	NoncurrentVersionsToRetain *float64 `field:"optional" json:"noncurrentVersionsToRetain" yaml:"noncurrentVersionsToRetain"`
}

Describes when noncurrent versions transition to a specified storage class.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import cdk "github.com/aws/aws-cdk-go/awscdk"
import "github.com/aws/aws-cdk-go/awscdk"

var storageClass storageClass

noncurrentVersionTransition := &NoncurrentVersionTransition{
	StorageClass: storageClass,
	TransitionAfter: cdk.Duration_Minutes(jsii.Number(30)),

	// the properties below are optional
	NoncurrentVersionsToRetain: jsii.Number(123),
}

type NotificationKeyFilter

type NotificationKeyFilter struct {
	// S3 keys must have the specified prefix.
	Prefix *string `field:"optional" json:"prefix" yaml:"prefix"`
	// S3 keys must have the specified suffix.
	Suffix *string `field:"optional" json:"suffix" yaml:"suffix"`
}

Example:

var myQueue queue

bucket := s3.NewBucket(this, jsii.String("MyBucket"))
bucket.AddEventNotification(s3.EventType_OBJECT_REMOVED, s3n.NewSqsDestination(myQueue), &NotificationKeyFilter{
	Prefix: jsii.String("foo/"),
	Suffix: jsii.String(".jpg"),
})

type ObjectLockMode added in v2.64.0

type ObjectLockMode string

Modes in which S3 Object Lock retention can be configured. See: https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-overview.html#object-lock-retention-modes

const (
	// The Governance retention mode.
	//
	// With governance mode, you protect objects against being deleted by most users, but you can
	// still grant some users permission to alter the retention settings or delete the object if
	// necessary. You can also use governance mode to test retention-period settings before
	// creating a compliance-mode retention period.
	ObjectLockMode_GOVERNANCE ObjectLockMode = "GOVERNANCE"
	// The Compliance retention mode.
	//
	// When an object is locked in compliance mode, its retention mode can't be changed, and
	// its retention period can't be shortened. Compliance mode helps ensure that an object
	// version can't be overwritten or deleted for the duration of the retention period.
	ObjectLockMode_COMPLIANCE ObjectLockMode = "COMPLIANCE"
)

type ObjectLockRetention added in v2.64.0

type ObjectLockRetention interface {
	// The default period for which objects should be retained.
	Duration() awscdk.Duration
	// The retention mode to use for the object lock configuration.
	// See: https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-overview.html#object-lock-retention-modes
	//
	Mode() ObjectLockMode
}

The default retention settings for an S3 Object Lock configuration.

Example:

// Configure for governance mode with a duration of 7 years
// Configure for governance mode with a duration of 7 years
s3.NewBucket(this, jsii.String("Bucket1"), &BucketProps{
	ObjectLockDefaultRetention: s3.ObjectLockRetention_Governance(awscdk.Duration_Days(jsii.Number(7 * 365))),
})

// Configure for compliance mode with a duration of 1 year
// Configure for compliance mode with a duration of 1 year
s3.NewBucket(this, jsii.String("Bucket2"), &BucketProps{
	ObjectLockDefaultRetention: s3.ObjectLockRetention_Compliance(awscdk.Duration_*Days(jsii.Number(365))),
})

See: https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-overview.html

func ObjectLockRetention_Compliance added in v2.64.0

func ObjectLockRetention_Compliance(duration awscdk.Duration) ObjectLockRetention

Configure for Compliance retention for a specified duration.

When an object is locked in compliance mode, its retention mode can't be changed, and its retention period can't be shortened. Compliance mode helps ensure that an object version can't be overwritten or deleted for the duration of the retention period.

Returns: the ObjectLockRetention configuration.

func ObjectLockRetention_Governance added in v2.64.0

func ObjectLockRetention_Governance(duration awscdk.Duration) ObjectLockRetention

Configure for Governance retention for a specified duration.

With governance mode, you protect objects against being deleted by most users, but you can still grant some users permission to alter the retention settings or delete the object if necessary. You can also use governance mode to test retention-period settings before creating a compliance-mode retention period.

Returns: the ObjectLockRetention configuration.

type ObjectOwnership

type ObjectOwnership string

The ObjectOwnership of the bucket.

Example:

accessLogsBucket := s3.NewBucket(this, jsii.String("AccessLogsBucket"), &BucketProps{
	ObjectOwnership: s3.ObjectOwnership_BUCKET_OWNER_ENFORCED,
})

accessLogsBucket.AddToResourcePolicy(
iam.NewPolicyStatement(&PolicyStatementProps{
	Actions: []*string{
		jsii.String("s3:*"),
	},
	Resources: []*string{
		accessLogsBucket.BucketArn,
		accessLogsBucket.ArnForObjects(jsii.String("*")),
	},
	Principals: []iPrincipal{
		iam.NewAnyPrincipal(),
	},
}))

bucket := s3.NewBucket(this, jsii.String("MyBucket"), &BucketProps{
	ServerAccessLogsBucket: accessLogsBucket,
	ServerAccessLogsPrefix: jsii.String("logs"),
})

See: https://docs.aws.amazon.com/AmazonS3/latest/dev/about-object-ownership.html

const (
	// ACLs are disabled, and the bucket owner automatically owns and has full control over every object in the bucket.
	//
	// ACLs no longer affect permissions to data in the S3 bucket.
	// The bucket uses policies to define access control.
	ObjectOwnership_BUCKET_OWNER_ENFORCED ObjectOwnership = "BUCKET_OWNER_ENFORCED"
	// The bucket owner will own the object if the object is uploaded with the bucket-owner-full-control canned ACL.
	//
	// Without this setting and
	// canned ACL, the object is uploaded and remains owned by the uploading account.
	ObjectOwnership_BUCKET_OWNER_PREFERRED ObjectOwnership = "BUCKET_OWNER_PREFERRED"
	// The uploading account will own the object.
	ObjectOwnership_OBJECT_WRITER ObjectOwnership = "OBJECT_WRITER"
)

type OnCloudTrailBucketEventOptions

type OnCloudTrailBucketEventOptions struct {
	// The scope to use if the source of the rule and its target are in different Stacks (but in the same account & region).
	//
	// This helps dealing with cycles that often arise in these situations.
	// Default: - none (the main scope will be used, even for cross-stack Events).
	//
	CrossStackScope constructs.Construct `field:"optional" json:"crossStackScope" yaml:"crossStackScope"`
	// A description of the rule's purpose.
	// Default: - No description.
	//
	Description *string `field:"optional" json:"description" yaml:"description"`
	// Additional restrictions for the event to route to the specified target.
	//
	// The method that generates the rule probably imposes some type of event
	// filtering. The filtering implied by what you pass here is added
	// on top of that filtering.
	// See: https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html
	//
	// Default: - No additional filtering based on an event pattern.
	//
	EventPattern *awsevents.EventPattern `field:"optional" json:"eventPattern" yaml:"eventPattern"`
	// A name for the rule.
	// Default: AWS CloudFormation generates a unique physical ID.
	//
	RuleName *string `field:"optional" json:"ruleName" yaml:"ruleName"`
	// The target to register for the event.
	// Default: - No target is added to the rule. Use `addTarget()` to add a target.
	//
	Target awsevents.IRuleTarget `field:"optional" json:"target" yaml:"target"`
	// Only watch changes to these object paths.
	// Default: - Watch changes to all objects.
	//
	Paths *[]*string `field:"optional" json:"paths" yaml:"paths"`
}

Options for the onCloudTrailPutObject method.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
import "github.com/aws/aws-cdk-go/awscdk"
import constructs "github.com/aws/constructs-go/constructs"

var construct construct
var detail interface{}
var ruleTarget iRuleTarget

onCloudTrailBucketEventOptions := &OnCloudTrailBucketEventOptions{
	CrossStackScope: construct,
	Description: jsii.String("description"),
	EventPattern: &EventPattern{
		Account: []*string{
			jsii.String("account"),
		},
		Detail: map[string]interface{}{
			"detailKey": detail,
		},
		DetailType: []*string{
			jsii.String("detailType"),
		},
		Id: []*string{
			jsii.String("id"),
		},
		Region: []*string{
			jsii.String("region"),
		},
		Resources: []*string{
			jsii.String("resources"),
		},
		Source: []*string{
			jsii.String("source"),
		},
		Time: []*string{
			jsii.String("time"),
		},
		Version: []*string{
			jsii.String("version"),
		},
	},
	Paths: []*string{
		jsii.String("paths"),
	},
	RuleName: jsii.String("ruleName"),
	Target: ruleTarget,
}

type PartitionDateSource added in v2.124.0

type PartitionDateSource string

The date source for the partitioned prefix.

Example:

accessLogsBucket := s3.NewBucket(this, jsii.String("AccessLogsBucket"))

bucket := s3.NewBucket(this, jsii.String("MyBucket"), &BucketProps{
	ServerAccessLogsBucket: accessLogsBucket,
	ServerAccessLogsPrefix: jsii.String("logs"),
	TargetObjectKeyFormat: s3.TargetObjectKeyFormat_PartitionedPrefix(s3.PartitionDateSource_EVENT_TIME),
})
const (
	// The year, month, and day will be based on the timestamp of the S3 event in the file that's been delivered.
	PartitionDateSource_EVENT_TIME PartitionDateSource = "EVENT_TIME"
	// The year, month, and day will be based on the time when the log file was delivered to S3.
	PartitionDateSource_DELIVERY_TIME PartitionDateSource = "DELIVERY_TIME"
)

type RedirectProtocol

type RedirectProtocol string

All http request methods.

Example:

bucket := s3.NewBucket(this, jsii.String("MyRedirectedBucket"), &BucketProps{
	WebsiteRoutingRules: []routingRule{
		&routingRule{
			HostName: jsii.String("www.example.com"),
			HttpRedirectCode: jsii.String("302"),
			Protocol: s3.RedirectProtocol_HTTPS,
			ReplaceKey: s3.ReplaceKey_PrefixWith(jsii.String("test/")),
			Condition: &RoutingRuleCondition{
				HttpErrorCodeReturnedEquals: jsii.String("200"),
				KeyPrefixEquals: jsii.String("prefix"),
			},
		},
	},
})
const (
	RedirectProtocol_HTTP  RedirectProtocol = "HTTP"
	RedirectProtocol_HTTPS RedirectProtocol = "HTTPS"
)

type RedirectTarget

type RedirectTarget struct {
	// Name of the host where requests are redirected.
	HostName *string `field:"required" json:"hostName" yaml:"hostName"`
	// Protocol to use when redirecting requests.
	// Default: - The protocol used in the original request.
	//
	Protocol RedirectProtocol `field:"optional" json:"protocol" yaml:"protocol"`
}

Specifies a redirect behavior of all requests to a website endpoint of a bucket.

Example:

bucket := s3.NewBucket(this, jsii.String("MyRedirectedBucket"), &BucketProps{
	WebsiteRedirect: &RedirectTarget{
		HostName: jsii.String("www.example.com"),
	},
})

type ReplaceKey

type ReplaceKey interface {
	PrefixWithKey() *string
	WithKey() *string
}

Example:

bucket := s3.NewBucket(this, jsii.String("MyRedirectedBucket"), &BucketProps{
	WebsiteRoutingRules: []routingRule{
		&routingRule{
			HostName: jsii.String("www.example.com"),
			HttpRedirectCode: jsii.String("302"),
			Protocol: s3.RedirectProtocol_HTTPS,
			ReplaceKey: s3.ReplaceKey_PrefixWith(jsii.String("test/")),
			Condition: &RoutingRuleCondition{
				HttpErrorCodeReturnedEquals: jsii.String("200"),
				KeyPrefixEquals: jsii.String("prefix"),
			},
		},
	},
})

func ReplaceKey_PrefixWith

func ReplaceKey_PrefixWith(keyReplacement *string) ReplaceKey

The object key prefix to use in the redirect request.

func ReplaceKey_With

func ReplaceKey_With(keyReplacement *string) ReplaceKey

The specific object key to use in the redirect request.

type RoutingRule

type RoutingRule struct {
	// Specifies a condition that must be met for the specified redirect to apply.
	// Default: - No condition.
	//
	Condition *RoutingRuleCondition `field:"optional" json:"condition" yaml:"condition"`
	// The host name to use in the redirect request.
	// Default: - The host name used in the original request.
	//
	HostName *string `field:"optional" json:"hostName" yaml:"hostName"`
	// The HTTP redirect code to use on the response.
	// Default: "301" - Moved Permanently.
	//
	HttpRedirectCode *string `field:"optional" json:"httpRedirectCode" yaml:"httpRedirectCode"`
	// Protocol to use when redirecting requests.
	// Default: - The protocol used in the original request.
	//
	Protocol RedirectProtocol `field:"optional" json:"protocol" yaml:"protocol"`
	// Specifies the object key prefix to use in the redirect request.
	// Default: - The key will not be replaced.
	//
	ReplaceKey ReplaceKey `field:"optional" json:"replaceKey" yaml:"replaceKey"`
}

Rule that define when a redirect is applied and the redirect behavior.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var replaceKey replaceKey

routingRule := &RoutingRule{
	Condition: &RoutingRuleCondition{
		HttpErrorCodeReturnedEquals: jsii.String("httpErrorCodeReturnedEquals"),
		KeyPrefixEquals: jsii.String("keyPrefixEquals"),
	},
	HostName: jsii.String("hostName"),
	HttpRedirectCode: jsii.String("httpRedirectCode"),
	Protocol: awscdk.Aws_s3.RedirectProtocol_HTTP,
	ReplaceKey: replaceKey,
}

See: https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html

type RoutingRuleCondition

type RoutingRuleCondition struct {
	// The HTTP error code when the redirect is applied.
	//
	// In the event of an error, if the error code equals this value, then the specified redirect is applied.
	//
	// If both condition properties are specified, both must be true for the redirect to be applied.
	// Default: - The HTTP error code will not be verified.
	//
	HttpErrorCodeReturnedEquals *string `field:"optional" json:"httpErrorCodeReturnedEquals" yaml:"httpErrorCodeReturnedEquals"`
	// The object key name prefix when the redirect is applied.
	//
	// If both condition properties are specified, both must be true for the redirect to be applied.
	// Default: - The object key name will not be verified.
	//
	KeyPrefixEquals *string `field:"optional" json:"keyPrefixEquals" yaml:"keyPrefixEquals"`
}

Example:

bucket := s3.NewBucket(this, jsii.String("MyRedirectedBucket"), &BucketProps{
	WebsiteRoutingRules: []routingRule{
		&routingRule{
			HostName: jsii.String("www.example.com"),
			HttpRedirectCode: jsii.String("302"),
			Protocol: s3.RedirectProtocol_HTTPS,
			ReplaceKey: s3.ReplaceKey_PrefixWith(jsii.String("test/")),
			Condition: &RoutingRuleCondition{
				HttpErrorCodeReturnedEquals: jsii.String("200"),
				KeyPrefixEquals: jsii.String("prefix"),
			},
		},
	},
})

type StorageClass

type StorageClass interface {
	Value() *string
	ToString() *string
}

Storage class to move an object to.

Example:

bucket := s3.NewBucket(this, jsii.String("MyBucket"), &BucketProps{
	LifecycleRules: []lifecycleRule{
		&lifecycleRule{
			AbortIncompleteMultipartUploadAfter: awscdk.Duration_Minutes(jsii.Number(30)),
			Enabled: jsii.Boolean(false),
			Expiration: awscdk.Duration_Days(jsii.Number(30)),
			ExpirationDate: NewDate(),
			ExpiredObjectDeleteMarker: jsii.Boolean(false),
			Id: jsii.String("id"),
			NoncurrentVersionExpiration: awscdk.Duration_*Days(jsii.Number(30)),

			// the properties below are optional
			NoncurrentVersionsToRetain: jsii.Number(123),
			NoncurrentVersionTransitions: []noncurrentVersionTransition{
				&noncurrentVersionTransition{
					StorageClass: s3.StorageClass_GLACIER(),
					TransitionAfter: awscdk.Duration_*Days(jsii.Number(30)),

					// the properties below are optional
					NoncurrentVersionsToRetain: jsii.Number(123),
				},
			},
			ObjectSizeGreaterThan: jsii.Number(500),
			Prefix: jsii.String("prefix"),
			ObjectSizeLessThan: jsii.Number(10000),
			Transitions: []transition{
				&transition{
					StorageClass: s3.StorageClass_GLACIER(),

					// the properties below are optional
					TransitionAfter: awscdk.Duration_*Days(jsii.Number(30)),
					TransitionDate: NewDate(),
				},
			},
		},
	},
})

func NewStorageClass

func NewStorageClass(value *string) StorageClass

func StorageClass_DEEP_ARCHIVE

func StorageClass_DEEP_ARCHIVE() StorageClass

func StorageClass_GLACIER

func StorageClass_GLACIER() StorageClass

func StorageClass_GLACIER_INSTANT_RETRIEVAL added in v2.1.0

func StorageClass_GLACIER_INSTANT_RETRIEVAL() StorageClass

func StorageClass_INFREQUENT_ACCESS

func StorageClass_INFREQUENT_ACCESS() StorageClass

func StorageClass_INTELLIGENT_TIERING

func StorageClass_INTELLIGENT_TIERING() StorageClass

func StorageClass_ONE_ZONE_INFREQUENT_ACCESS

func StorageClass_ONE_ZONE_INFREQUENT_ACCESS() StorageClass

type Tag added in v2.4.0

type Tag struct {
	// key to e tagged.
	Key *string `field:"required" json:"key" yaml:"key"`
	// additional value.
	Value *string `field:"required" json:"value" yaml:"value"`
}

Tag.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

tag := &Tag{
	Key: jsii.String("key"),
	Value: jsii.String("value"),
}

type TargetObjectKeyFormat added in v2.124.0

type TargetObjectKeyFormat interface {
}

The key format for the log object.

Example:

accessLogsBucket := s3.NewBucket(this, jsii.String("AccessLogsBucket"))

bucket := s3.NewBucket(this, jsii.String("MyBucket"), &BucketProps{
	ServerAccessLogsBucket: accessLogsBucket,
	ServerAccessLogsPrefix: jsii.String("logs"),
	// You can use a simple prefix with `TargetObjectKeyFormat.simplePrefix()`, but it is the same even if you do not specify `targetObjectKeyFormat` property.
	TargetObjectKeyFormat: s3.TargetObjectKeyFormat_SimplePrefix(),
})

func TargetObjectKeyFormat_PartitionedPrefix added in v2.124.0

func TargetObjectKeyFormat_PartitionedPrefix(dateSource PartitionDateSource) TargetObjectKeyFormat

Use partitioned prefix for log objects. If you do not specify the dateSource argument, the default is EventTime.

The partitioned prefix format as follow: [DestinationPrefix][SourceAccountId]/​[SourceRegion]/​[SourceBucket]/​[YYYY]/​[MM]/​[DD]/​[YYYY]-[MM]-[DD]-[hh]-[mm]-[ss]-[UniqueString].

func TargetObjectKeyFormat_SimplePrefix added in v2.124.0

func TargetObjectKeyFormat_SimplePrefix() TargetObjectKeyFormat

Use the simple prefix for log objects.

The simple prefix format as follow: [DestinationPrefix][YYYY]-[MM]-[DD]-[hh]-[mm]-[ss]-[UniqueString].

type TransferAccelerationUrlOptions added in v2.1.0

type TransferAccelerationUrlOptions struct {
	// Dual-stack support to connect to the bucket over IPv6.
	// Default: - false.
	//
	DualStack *bool `field:"optional" json:"dualStack" yaml:"dualStack"`
}

Options for creating a Transfer Acceleration URL.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

transferAccelerationUrlOptions := &TransferAccelerationUrlOptions{
	DualStack: jsii.Boolean(false),
}

type Transition

type Transition struct {
	// The storage class to which you want the object to transition.
	StorageClass StorageClass `field:"required" json:"storageClass" yaml:"storageClass"`
	// Indicates the number of days after creation when objects are transitioned to the specified storage class.
	// Default: - No transition count.
	//
	TransitionAfter awscdk.Duration `field:"optional" json:"transitionAfter" yaml:"transitionAfter"`
	// Indicates when objects are transitioned to the specified storage class.
	//
	// The date value must be in ISO 8601 format. The time is always midnight UTC.
	// Default: - No transition date.
	//
	TransitionDate *time.Time `field:"optional" json:"transitionDate" yaml:"transitionDate"`
}

Describes when an object transitions to a specified storage class.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import cdk "github.com/aws/aws-cdk-go/awscdk"
import "github.com/aws/aws-cdk-go/awscdk"

var storageClass storageClass

transition := &Transition{
	StorageClass: storageClass,

	// the properties below are optional
	TransitionAfter: cdk.Duration_Minutes(jsii.Number(30)),
	TransitionDate: NewDate(),
}

type TransitionDefaultMinimumObjectSize added in v2.163.0

type TransitionDefaultMinimumObjectSize string

The transition default minimum object size for lifecycle.

Example:

s3.NewBucket(this, jsii.String("MyBucket"), &BucketProps{
	TransitionDefaultMinimumObjectSize: s3.TransitionDefaultMinimumObjectSize_VARIES_BY_STORAGE_CLASS,
	LifecycleRules: []lifecycleRule{
		&lifecycleRule{
			Transitions: []transition{
				&transition{
					StorageClass: s3.StorageClass_DEEP_ARCHIVE(),
					TransitionAfter: awscdk.Duration_Days(jsii.Number(30)),
				},
			},
		},
		&lifecycleRule{
			ObjectSizeLessThan: jsii.Number(300000),
			ObjectSizeGreaterThan: jsii.Number(200000),
			Transitions: []*transition{
				&transition{
					StorageClass: s3.StorageClass_ONE_ZONE_INFREQUENT_ACCESS(),
					TransitionAfter: awscdk.Duration_*Days(jsii.Number(30)),
				},
			},
		},
	},
})
const (
	// Objects smaller than 128 KB will not transition to any storage class by default.
	TransitionDefaultMinimumObjectSize_ALL_STORAGE_CLASSES_128_K TransitionDefaultMinimumObjectSize = "ALL_STORAGE_CLASSES_128_K"
	// Objects smaller than 128 KB will transition to Glacier Flexible Retrieval or Glacier Deep Archive storage classes.
	//
	// By default, all other storage classes will prevent transitions smaller than 128 KB.
	TransitionDefaultMinimumObjectSize_VARIES_BY_STORAGE_CLASS TransitionDefaultMinimumObjectSize = "VARIES_BY_STORAGE_CLASS"
)

type VirtualHostedStyleUrlOptions

type VirtualHostedStyleUrlOptions struct {
	// Specifies the URL includes the region.
	// Default: - true.
	//
	Regional *bool `field:"optional" json:"regional" yaml:"regional"`
}

Options for creating Virtual-Hosted style URL.

Example:

bucket := s3.NewBucket(this, jsii.String("MyBucket"))
bucket.UrlForObject(jsii.String("objectname")) // Path-Style URL
bucket.VirtualHostedUrlForObject(jsii.String("objectname")) // Virtual Hosted-Style URL
bucket.VirtualHostedUrlForObject(jsii.String("objectname"), &VirtualHostedStyleUrlOptions{
	Regional: jsii.Boolean(false),
})

Source Files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL