Package software.amazon.awscdk.services.s3

Interface CfnBucketPolicyProps

All Superinterfaces:

software.amazon.jsii.JsiiSerializable

All Known Implementing Classes:

CfnBucketPolicyProps.Jsii$Proxy

@Generated(value="jsii-pacmak/1.121.0 (build d7af9b9)",
           date="2025-12-18T18:20:17.123Z")
@Stability(Stable)
public interface CfnBucketPolicyProps
extends software.amazon.jsii.JsiiSerializable

Properties for defining a CfnBucketPolicy.

Example:

 String bucketName = "amzn-s3-demo-bucket";
 Bucket accessLogsBucket = Bucket.Builder.create(this, "AccessLogsBucket")
         .objectOwnership(ObjectOwnership.BUCKET_OWNER_ENFORCED)
         .bucketName(bucketName)
         .build();
 // Creating a bucket policy using L1
 CfnBucketPolicy bucketPolicy = CfnBucketPolicy.Builder.create(this, "BucketPolicy")
         .bucket(bucketName)
         .policyDocument(Map.of(
                 "Statement", List.of(Map.of(
                         "Action", "s3:*",
                         "Effect", "Deny",
                         "Principal", Map.of(
                                 "AWS", "*"),
                         "Resource", List.of(accessLogsBucket.getBucketArn(), String.format("%s/*", accessLogsBucket.getBucketArn())))),
                 "Version", "2012-10-17"))
         .build();
 // 'serverAccessLogsBucket' will create a new L2 bucket policy
 // to allow log delivery and overwrite the L1 bucket policy.
 Bucket bucket = Bucket.Builder.create(this, "MyBucket")
         .serverAccessLogsBucket(accessLogsBucket)
         .serverAccessLogsPrefix("logs")
         .build();
 

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-bucketpolicy.html

Nested Class Summary

Nested Classes

Modifier and Type	Interface	Description
static final class	CfnBucketPolicyProps.Builder	A builder for CfnBucketPolicyProps
static final class	CfnBucketPolicyProps.Jsii$Proxy	An implementation for CfnBucketPolicyProps

Method Summary

Modifier and Type	Method	Description
static CfnBucketPolicyProps.Builder	builder()
Object	getBucket()	The name of the Amazon S3 bucket to which the policy applies.
Object	getPolicyDocument()	A policy document containing permissions to add to the specified bucket.

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Method Details

getBucket

@Stability(Stable)
@NotNull
Object getBucket()

The name of the Amazon S3 bucket to which the policy applies.

Returns union: either String or IBucketRef

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-bucketpolicy.html#cfn-s3-bucketpolicy-bucket

getPolicyDocument

@Stability(Stable)
@NotNull
Object getPolicyDocument()

A policy document containing permissions to add to the specified bucket.

In IAM, you must provide policy documents in JSON format. However, in CloudFormation you can provide the policy in JSON or YAML format because CloudFormation converts YAML to JSON before submitting it to IAM. For more information, see the AWS::IAM::Policy PolicyDocument resource description in this guide and Access Policy Language Overview in the Amazon S3 User Guide .

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-bucketpolicy.html#cfn-s3-bucketpolicy-policydocument

builder

@Stability(Stable)
static CfnBucketPolicyProps.Builder builder()

Returns:

a CfnBucketPolicyProps.Builder of CfnBucketPolicyProps