Class CfnBucketPolicyProps
Properties for defining a CfnBucketPolicy.
Implements
Inherited Members
Namespace: Amazon.CDK.AWS.S3
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public class CfnBucketPolicyProps : ICfnBucketPolicyPropsSyntax (vb)
Public Class CfnBucketPolicyProps Implements ICfnBucketPolicyPropsRemarks
See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-bucketpolicy.html
ExampleMetadata: infused
Examples
var bucketName = "amzn-s3-demo-bucket";
var accessLogsBucket = new Bucket(this, "AccessLogsBucket", new BucketProps {
ObjectOwnership = ObjectOwnership.BUCKET_OWNER_ENFORCED,
BucketName = bucketName
});
// Creating a bucket policy using L1
var bucketPolicy = new CfnBucketPolicy(this, "BucketPolicy", new CfnBucketPolicyProps {
Bucket = bucketName,
PolicyDocument = new Dictionary<string, object> {
{ "Statement", new [] { new Struct {
Action = "s3:*",
Effect = "Deny",
Principal = new Struct {
AWS = "*"
},
Resource = new [] { accessLogsBucket.BucketArn, $"{accessLogsBucket.bucketArn}/*" }
} } },
{ "Version", "2012-10-17" }
}
});
// 'serverAccessLogsBucket' will create a new L2 bucket policy
// to allow log delivery and overwrite the L1 bucket policy.
var bucket = new Bucket(this, "MyBucket", new BucketProps {
ServerAccessLogsBucket = accessLogsBucket,
ServerAccessLogsPrefix = "logs"
});Synopsis
Constructors
| CfnBucketPolicyProps() | Properties for defining a |
Properties
| Bucket | The name of the Amazon S3 bucket to which the policy applies. |
| PolicyDocument | A policy document containing permissions to add to the specified bucket. |
Constructors
CfnBucketPolicyProps()
Properties for defining a CfnBucketPolicy.
public CfnBucketPolicyProps()Remarks
See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-bucketpolicy.html
ExampleMetadata: infused
Examples
var bucketName = "amzn-s3-demo-bucket";
var accessLogsBucket = new Bucket(this, "AccessLogsBucket", new BucketProps {
ObjectOwnership = ObjectOwnership.BUCKET_OWNER_ENFORCED,
BucketName = bucketName
});
// Creating a bucket policy using L1
var bucketPolicy = new CfnBucketPolicy(this, "BucketPolicy", new CfnBucketPolicyProps {
Bucket = bucketName,
PolicyDocument = new Dictionary<string, object> {
{ "Statement", new [] { new Struct {
Action = "s3:*",
Effect = "Deny",
Principal = new Struct {
AWS = "*"
},
Resource = new [] { accessLogsBucket.BucketArn, $"{accessLogsBucket.bucketArn}/*" }
} } },
{ "Version", "2012-10-17" }
}
});
// 'serverAccessLogsBucket' will create a new L2 bucket policy
// to allow log delivery and overwrite the L1 bucket policy.
var bucket = new Bucket(this, "MyBucket", new BucketProps {
ServerAccessLogsBucket = accessLogsBucket,
ServerAccessLogsPrefix = "logs"
});Properties
Bucket
The name of the Amazon S3 bucket to which the policy applies.
public string Bucket { get; set; }Property Value
Remarks
PolicyDocument
A policy document containing permissions to add to the specified bucket.
public object PolicyDocument { get; set; }Property Value
Remarks
In IAM, you must provide policy documents in JSON format. However, in CloudFormation you can provide the policy in JSON or YAML format because CloudFormation converts YAML to JSON before submitting it to IAM. For more information, see the AWS::IAM::Policy PolicyDocument resource description in this guide and Access Policy Language Overview in the Amazon S3 User Guide .