View a markdown version of this page

AWS::S3::Bucket AnnotationTableConfiguration - AWS CloudFormation

This is the new CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the AWS CloudFormation User Guide.

AWS::S3::Bucket AnnotationTableConfiguration

The annotation table configuration for an S3 Metadata configuration. The annotation table tracks all annotations on objects in your bucket so that you can query annotation data at scale.

Note

If you've disabled your annotation table configuration and now want to re-enable it, you must first manually delete the old annotation table from your AWS managed table bucket. Otherwise, the newly re-enabled annotation table configuration will enter a failed state because the annotation table already exists in the table bucket.

Syntax

To declare this entity in your CloudFormation template, use the following syntax:

JSON

{ "ConfigurationState" : String, "EncryptionConfiguration" : MetadataTableEncryptionConfiguration, "Role" : String, "TableArn" : String, "TableName" : String }

Properties

ConfigurationState

Specifies whether the annotation table configuration is enabled or disabled.

Required: Yes

Type: String

Allowed values: ENABLED | DISABLED

Update requires: No interruption

EncryptionConfiguration

The encryption configuration for the annotation table. To encrypt your annotation table with server-side encryption using AWS Key Management Service (AWS KMS) keys (SSE-KMS), set SseAlgorithm to aws:kms. You must also set KmsKeyArn to the ARN of a customer managed KMS key in the same Region where your general purpose bucket is located.

Required: No

Type: MetadataTableEncryptionConfiguration

Update requires: No interruption

Role

The ARN of the IAM role that grants Amazon S3 Metadata permission to read annotations from your bucket.

Required: No

Type: String

Update requires: No interruption

TableArn

The Amazon Resource Name (ARN) for the annotation table.

Required: No

Type: String

Update requires: No interruption

TableName

The name of the annotation table.

Required: No

Type: String

Update requires: No interruption

Examples

Enable an annotation table with SSE-KMS encryption

The following example enables an annotation table configuration with server-side encryption using AWS KMS keys (SSE-KMS) for a bucket that already has a metadata configuration.

JSON

{ "Resources": { "S3Bucket": { "Type": "AWS::S3::Bucket", "DeletionPolicy": "Retain", "Properties": { "BucketName": "amzn-s3-demo-bucket1", "MetadataConfiguration": { "AnnotationTableConfiguration": { "ConfigurationState": "ENABLED", "EncryptionConfiguration": { "SseAlgorithm": "aws:kms", "KmsKeyArn": "arn:aws:kms:us-east-2:123456789012:key/1234abcd-12ab-34cd-56ef-1234567890ab" }, "Role": "arn:aws:iam::123456789012:role/my-annotation-role" } } } } } }

YAML

Resources: S3Bucket: Type: AWS::S3::Bucket DeletionPolicy: Retain Properties: BucketName: amzn-s3-demo-bucket1 MetadataConfiguration: AnnotationTableConfiguration: ConfigurationState: ENABLED EncryptionConfiguration: SseAlgorithm: 'aws:kms' KmsKeyArn: arn:aws:kms:us-east-2:123456789012:key/1234abcd-12ab-34cd-56ef-1234567890ab Role: arn:aws:iam::123456789012:role/my-annotation-role

Disable an annotation table

The following example disables an annotation table configuration. Disabling the annotation table doesn't delete it. The annotation table is retained for your records until you decide to delete it.

JSON

{ "Resources": { "S3Bucket": { "Type": "AWS::S3::Bucket", "DeletionPolicy": "Retain", "Properties": { "BucketName": "amzn-s3-demo-bucket1", "MetadataConfiguration": { "AnnotationTableConfiguration": { "ConfigurationState": "DISABLED" } } } } } }

YAML

Resources: S3Bucket: Type: AWS::S3::Bucket DeletionPolicy: Retain Properties: BucketName: amzn-s3-demo-bucket1 MetadataConfiguration: AnnotationTableConfiguration: ConfigurationState: DISABLED