/AWS1/CL_MA2S3BUCKET¶
Provides information about the S3 bucket that a finding applies to. If a quota prevented Amazon Macie from retrieving and processing all the bucket's information prior to generating the finding, the following values are UNKNOWN or null: allowsUnencryptedObjectUploads, defaultServerSideEncryption, publicAccess, and tags.
CONSTRUCTOR¶
IMPORTING¶
Optional arguments:¶
iv_allowsunencobjectuploads TYPE /AWS1/MA2ALLOWSUNENCOBJUPLOADS /AWS1/MA2ALLOWSUNENCOBJUPLOADS¶
Specifies whether the bucket policy for the bucket requires server-side encryption of objects when objects are added to the bucket. Possible values are:
FALSE - The bucket policy requires server-side encryption of new objects. PutObject requests must include a valid server-side encryption header.
TRUE - The bucket doesn't have a bucket policy or it has a bucket policy that doesn't require server-side encryption of new objects. If a bucket policy exists, it doesn't require PutObject requests to include a valid server-side encryption header.
UNKNOWN - Amazon Macie can't determine whether the bucket policy requires server-side encryption of new objects.
Valid server-side encryption headers are: x-amz-server-side-encryption with a value of AES256 or aws:kms, and x-amz-server-side-encryption-customer-algorithm with a value of AES256.
iv_arn TYPE /AWS1/MA2__STRING /AWS1/MA2__STRING¶
The Amazon Resource Name (ARN) of the bucket.
iv_createdat TYPE /AWS1/MA2__TIMESTAMPISO8601 /AWS1/MA2__TIMESTAMPISO8601¶
The date and time, in UTC and extended ISO 8601 format, when the bucket was created. This value can also indicate when changes such as edits to the bucket's policy were most recently made to the bucket, relative to when the finding was created or last updated.
io_defaultserversideenc TYPE REF TO /AWS1/CL_MA2SERVERSIDEENC /AWS1/CL_MA2SERVERSIDEENC¶
The default server-side encryption settings for the bucket.
iv_name TYPE /AWS1/MA2__STRING /AWS1/MA2__STRING¶
The name of the bucket.
io_owner TYPE REF TO /AWS1/CL_MA2S3BUCKETOWNER /AWS1/CL_MA2S3BUCKETOWNER¶
The display name and canonical user ID for the Amazon Web Services account that owns the bucket.
io_publicaccess TYPE REF TO /AWS1/CL_MA2BUCKETPUBLICACCESS /AWS1/CL_MA2BUCKETPUBLICACCESS¶
The permissions settings that determine whether the bucket is publicly accessible.
it_tags TYPE /AWS1/CL_MA2KEYVALUEPAIR=>TT_KEYVALUEPAIRLIST TT_KEYVALUEPAIRLIST¶
The tags that are associated with the bucket.
Queryable Attributes¶
allowsUnencryptedObjectUploads¶
Specifies whether the bucket policy for the bucket requires server-side encryption of objects when objects are added to the bucket. Possible values are:
FALSE - The bucket policy requires server-side encryption of new objects. PutObject requests must include a valid server-side encryption header.
TRUE - The bucket doesn't have a bucket policy or it has a bucket policy that doesn't require server-side encryption of new objects. If a bucket policy exists, it doesn't require PutObject requests to include a valid server-side encryption header.
UNKNOWN - Amazon Macie can't determine whether the bucket policy requires server-side encryption of new objects.
Valid server-side encryption headers are: x-amz-server-side-encryption with a value of AES256 or aws:kms, and x-amz-server-side-encryption-customer-algorithm with a value of AES256.
Accessible with the following methods¶
| Method | Description |
|---|---|
GET_ALLOWSUNENCOBJECTUPLOADS() |
Getter for ALLOWSUNENCOBJECTUPLOADS, with configurable defau |
ASK_ALLOWSUNENCOBJECTUPLOADS() |
Getter for ALLOWSUNENCOBJECTUPLOADS w/ exceptions if field h |
HAS_ALLOWSUNENCOBJECTUPLOADS() |
Determine if ALLOWSUNENCOBJECTUPLOADS has a value |
arn¶
The Amazon Resource Name (ARN) of the bucket.
Accessible with the following methods¶
| Method | Description |
|---|---|
GET_ARN() |
Getter for ARN, with configurable default |
ASK_ARN() |
Getter for ARN w/ exceptions if field has no value |
HAS_ARN() |
Determine if ARN has a value |
createdAt¶
The date and time, in UTC and extended ISO 8601 format, when the bucket was created. This value can also indicate when changes such as edits to the bucket's policy were most recently made to the bucket, relative to when the finding was created or last updated.
Accessible with the following methods¶
| Method | Description |
|---|---|
GET_CREATEDAT() |
Getter for CREATEDAT, with configurable default |
ASK_CREATEDAT() |
Getter for CREATEDAT w/ exceptions if field has no value |
HAS_CREATEDAT() |
Determine if CREATEDAT has a value |
defaultServerSideEncryption¶
The default server-side encryption settings for the bucket.
Accessible with the following methods¶
| Method | Description |
|---|---|
GET_DEFAULTSERVERSIDEENC() |
Getter for DEFAULTSERVERSIDEENCRYPTION |
name¶
The name of the bucket.
Accessible with the following methods¶
| Method | Description |
|---|---|
GET_NAME() |
Getter for NAME, with configurable default |
ASK_NAME() |
Getter for NAME w/ exceptions if field has no value |
HAS_NAME() |
Determine if NAME has a value |
owner¶
The display name and canonical user ID for the Amazon Web Services account that owns the bucket.
Accessible with the following methods¶
| Method | Description |
|---|---|
GET_OWNER() |
Getter for OWNER |
publicAccess¶
The permissions settings that determine whether the bucket is publicly accessible.
Accessible with the following methods¶
| Method | Description |
|---|---|
GET_PUBLICACCESS() |
Getter for PUBLICACCESS |
tags¶
The tags that are associated with the bucket.
Accessible with the following methods¶
| Method | Description |
|---|---|
GET_TAGS() |
Getter for TAGS, with configurable default |
ASK_TAGS() |
Getter for TAGS w/ exceptions if field has no value |
HAS_TAGS() |
Determine if TAGS has a value |