This is the new CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the AWS CloudFormation User Guide.
AWS::S3::Bucket AnnotationTableConfiguration
The annotation table configuration for an S3 Metadata configuration. The annotation table tracks all annotations on objects in your bucket so that you can query annotation data at scale.
Note
If you've disabled your annotation table configuration and now want to re-enable it, you must first manually delete the old annotation table from your AWS managed table bucket. Otherwise, the newly re-enabled annotation table configuration will enter a failed state because the annotation table already exists in the table bucket.
Syntax
To declare this entity in your CloudFormation template, use the following syntax:
JSON
{ "ConfigurationState" :String, "EncryptionConfiguration" :MetadataTableEncryptionConfiguration, "Role" :String, "TableArn" :String, "TableName" :String}
YAML
ConfigurationState:StringEncryptionConfiguration:MetadataTableEncryptionConfigurationRole:StringTableArn:StringTableName:String
Properties
ConfigurationState-
Specifies whether the annotation table configuration is enabled or disabled.
Required: Yes
Type: String
Allowed values:
ENABLED | DISABLEDUpdate requires: No interruption
EncryptionConfiguration-
The encryption configuration for the annotation table. To encrypt your annotation table with server-side encryption using AWS Key Management Service (AWS KMS) keys (SSE-KMS), set
SseAlgorithmtoaws:kms. You must also setKmsKeyArnto the ARN of a customer managed KMS key in the same Region where your general purpose bucket is located.Required: No
Type: MetadataTableEncryptionConfiguration
Update requires: No interruption
Role-
The ARN of the IAM role that grants Amazon S3 Metadata permission to read annotations from your bucket.
Required: No
Type: String
Update requires: No interruption
TableArn-
The Amazon Resource Name (ARN) for the annotation table.
Required: No
Type: String
Update requires: No interruption
TableName-
The name of the annotation table.
Required: No
Type: String
Update requires: No interruption
Examples
Enable an annotation table with SSE-KMS encryption
The following example enables an annotation table configuration with server-side encryption using AWS KMS keys (SSE-KMS) for a bucket that already has a metadata configuration.
JSON
{ "Resources": { "S3Bucket": { "Type": "AWS::S3::Bucket", "DeletionPolicy": "Retain", "Properties": { "BucketName": "amzn-s3-demo-bucket1", "MetadataConfiguration": { "AnnotationTableConfiguration": { "ConfigurationState": "ENABLED", "EncryptionConfiguration": { "SseAlgorithm": "aws:kms", "KmsKeyArn": "arn:aws:kms:us-east-2:123456789012:key/1234abcd-12ab-34cd-56ef-1234567890ab" }, "Role": "arn:aws:iam::123456789012:role/my-annotation-role" } } } } } }
YAML
Resources: S3Bucket: Type: AWS::S3::Bucket DeletionPolicy: Retain Properties: BucketName: amzn-s3-demo-bucket1 MetadataConfiguration: AnnotationTableConfiguration: ConfigurationState: ENABLED EncryptionConfiguration: SseAlgorithm: 'aws:kms' KmsKeyArn: arn:aws:kms:us-east-2:123456789012:key/1234abcd-12ab-34cd-56ef-1234567890ab Role: arn:aws:iam::123456789012:role/my-annotation-role
Disable an annotation table
The following example disables an annotation table configuration. Disabling the annotation table doesn't delete it. The annotation table is retained for your records until you decide to delete it.
JSON
{ "Resources": { "S3Bucket": { "Type": "AWS::S3::Bucket", "DeletionPolicy": "Retain", "Properties": { "BucketName": "amzn-s3-demo-bucket1", "MetadataConfiguration": { "AnnotationTableConfiguration": { "ConfigurationState": "DISABLED" } } } } } }
YAML
Resources: S3Bucket: Type: AWS::S3::Bucket DeletionPolicy: Retain Properties: BucketName: amzn-s3-demo-bucket1 MetadataConfiguration: AnnotationTableConfiguration: ConfigurationState: DISABLED