Class BucketGrants
- All Implemented Interfaces:
software.amazon.jsii.JsiiSerializable
-
Nested Class Summary
Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject
software.amazon.jsii.JsiiObject.InitializationMode -
Constructor Summary
ConstructorsModifierConstructorDescriptionprotectedBucketGrants(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) protectedBucketGrants(software.amazon.jsii.JsiiObjectRef objRef) -
Method Summary
Modifier and TypeMethodDescriptiondelete(IGrantable grantee) Grants s3:DeleteObject* permission to an IAM principal for objects in this bucket.delete(IGrantable grantee, Object objectsKeyPattern) Grants s3:DeleteObject* permission to an IAM principal for objects in this bucket.publicAccess(String keyPrefix, String... allowedActions) Allows unrestricted access to objects from this bucket.put(IGrantable identity) Grants s3:PutObject* and s3:Abort* permissions for this bucket to an IAM principal.put(IGrantable identity, Object objectsKeyPattern) Grants s3:PutObject* and s3:Abort* permissions for this bucket to an IAM principal.putAcl(IGrantable identity) Grants s3:PutObjectAcl and s3:PutObjectVersionAcl permissions for this bucket to an IAM principal.putAcl(IGrantable identity, String objectsKeyPattern) Grants s3:PutObjectAcl and s3:PutObjectVersionAcl permissions for this bucket to an IAM principal.read(IGrantable identity) Grant read permissions for this bucket and it's contents to an IAM principal (Role/Group/User).read(IGrantable identity, Object objectsKeyPattern) Grant read permissions for this bucket and it's contents to an IAM principal (Role/Group/User).readWrite(IGrantable identity) Grant read and write permissions for this bucket and it's contents to an IAM principal (Role/Group/User).readWrite(IGrantable identity, Object objectsKeyPattern) Grant read and write permissions for this bucket and it's contents to an IAM principal (Role/Group/User).replicationPermission(IGrantable identity, GrantReplicationPermissionProps props) Grant replication permission to a principal.write(IGrantable identity) Grant write permissions for this bucket and it's contents to an IAM principal (Role/Group/User).write(IGrantable identity, Object objectsKeyPattern) Grant write permissions for this bucket and it's contents to an IAM principal (Role/Group/User).write(IGrantable identity, Object objectsKeyPattern, List<String> allowedActionPatterns) Grant write permissions for this bucket and it's contents to an IAM principal (Role/Group/User).Methods inherited from class software.amazon.jsii.JsiiObject
jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSetMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Constructor Details
-
BucketGrants
protected BucketGrants(software.amazon.jsii.JsiiObjectRef objRef) -
BucketGrants
protected BucketGrants(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
-
-
Method Details
-
delete
@Stability(Stable) @NotNull public Grant delete(@NotNull IGrantable grantee, @Nullable Object objectsKeyPattern) Grants s3:DeleteObject* permission to an IAM principal for objects in this bucket.- Parameters:
grantee- The principal. This parameter is required.objectsKeyPattern- Restrict the permission to a certain key pattern (default '*').
-
delete
Grants s3:DeleteObject* permission to an IAM principal for objects in this bucket.- Parameters:
grantee- The principal. This parameter is required.
-
publicAccess
@Stability(Stable) @NotNull public Grant publicAccess(@Nullable String keyPrefix, @NotNull String... allowedActions) Allows unrestricted access to objects from this bucket.IMPORTANT: This permission allows anyone to perform actions on S3 objects in this bucket, which is useful for when you configure your bucket as a website and want everyone to be able to read objects in the bucket without needing to authenticate.
Without arguments, this method will grant read ("s3:GetObject") access to all objects ("*") in the bucket.
The method returns the
iam.Grantobject, which can then be modified as needed. For example, you can add a condition that will restrict access only to an IPv4 range like this:const grant = bucket.grantPublicAccess(); grant.resourceStatement!.addCondition(‘IpAddress’, { “aws:SourceIp”: “54.240.143.0/24” });Note that if this
IBucketrefers to an existing bucket, possibly not managed by CloudFormation, this method will have no effect, since it's impossible to modify the policy of an existing bucket.- Parameters:
keyPrefix- the prefix of S3 object keys (e.g.home/*). Default is "*".allowedActions- the set of S3 actions to allow. This parameter is required.
-
put
@Stability(Stable) @NotNull public Grant put(@NotNull IGrantable identity, @Nullable Object objectsKeyPattern) Grants s3:PutObject* and s3:Abort* permissions for this bucket to an IAM principal.If encryption is used, permission to use the key to encrypt the contents of written files will also be granted to the same principal.
- Parameters:
identity- The principal. This parameter is required.objectsKeyPattern- Restrict the permission to a certain key pattern (default '*').
-
put
Grants s3:PutObject* and s3:Abort* permissions for this bucket to an IAM principal.If encryption is used, permission to use the key to encrypt the contents of written files will also be granted to the same principal.
- Parameters:
identity- The principal. This parameter is required.
-
putAcl
@Stability(Stable) @NotNull public Grant putAcl(@NotNull IGrantable identity, @Nullable String objectsKeyPattern) Grants s3:PutObjectAcl and s3:PutObjectVersionAcl permissions for this bucket to an IAM principal.If encryption is used, permission to use the key to encrypt the contents of written files will also be granted to the same principal.
- Parameters:
identity- The principal. This parameter is required.objectsKeyPattern- Restrict the permission to a certain key pattern (default '*').
-
putAcl
Grants s3:PutObjectAcl and s3:PutObjectVersionAcl permissions for this bucket to an IAM principal.If encryption is used, permission to use the key to encrypt the contents of written files will also be granted to the same principal.
- Parameters:
identity- The principal. This parameter is required.
-
read
@Stability(Stable) @NotNull public Grant read(@NotNull IGrantable identity, @Nullable Object objectsKeyPattern) Grant read permissions for this bucket and it's contents to an IAM principal (Role/Group/User).If encryption is used, permission to use the key to decrypt the contents of the bucket will also be granted to the same principal.
- Parameters:
identity- The principal. This parameter is required.objectsKeyPattern- Restrict the permission to a certain key pattern (default '*').
-
read
Grant read permissions for this bucket and it's contents to an IAM principal (Role/Group/User).If encryption is used, permission to use the key to decrypt the contents of the bucket will also be granted to the same principal.
- Parameters:
identity- The principal. This parameter is required.
-
readWrite
@Stability(Stable) @NotNull public Grant readWrite(@NotNull IGrantable identity, @Nullable Object objectsKeyPattern) Grant read and write permissions for this bucket and it's contents to an IAM principal (Role/Group/User).If encryption is used, permission to use the key to decrypt the contents of the bucket will also be granted to the same principal.
- Parameters:
identity- The principal. This parameter is required.objectsKeyPattern- Restrict the permission to a certain key pattern (default '*').
-
readWrite
Grant read and write permissions for this bucket and it's contents to an IAM principal (Role/Group/User).If encryption is used, permission to use the key to decrypt the contents of the bucket will also be granted to the same principal.
- Parameters:
identity- The principal. This parameter is required.
-
replicationPermission
@Stability(Stable) @NotNull public Grant replicationPermission(@NotNull IGrantable identity, @NotNull GrantReplicationPermissionProps props) Grant replication permission to a principal. This method allows the principal to perform replication operations on this bucket.Note that when calling this function for source or destination buckets that support KMS encryption, you need to specify the KMS key for encryption and the KMS key for decryption, respectively.
- Parameters:
identity- The principal to grant replication permission to. This parameter is required.props- The properties of the replication source and destination buckets. This parameter is required.
-
write
@Stability(Stable) @NotNull public Grant write(@NotNull IGrantable identity, @Nullable Object objectsKeyPattern, @Nullable List<String> allowedActionPatterns) Grant write permissions for this bucket and it's contents to an IAM principal (Role/Group/User).If encryption is used, permission to use the key to decrypt the contents of the bucket will also be granted to the same principal.
- Parameters:
identity- The principal. This parameter is required.objectsKeyPattern- Restrict the permission to a certain key pattern (default '*').allowedActionPatterns-
-
write
@Stability(Stable) @NotNull public Grant write(@NotNull IGrantable identity, @Nullable Object objectsKeyPattern) Grant write permissions for this bucket and it's contents to an IAM principal (Role/Group/User).If encryption is used, permission to use the key to decrypt the contents of the bucket will also be granted to the same principal.
- Parameters:
identity- The principal. This parameter is required.objectsKeyPattern- Restrict the permission to a certain key pattern (default '*').
-
write
Grant write permissions for this bucket and it's contents to an IAM principal (Role/Group/User).If encryption is used, permission to use the key to decrypt the contents of the bucket will also be granted to the same principal.
- Parameters:
identity- The principal. This parameter is required.
-