aws-cdk-lib.aws_s3.BucketAccessControl

enum BucketAccessControl

LanguageType name
.NETAmazon.CDK.AWS.S3.BucketAccessControl
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awss3#BucketAccessControl
Javasoftware.amazon.awscdk.services.s3.BucketAccessControl
Pythonaws_cdk.aws_s3.BucketAccessControl
TypeScript (source)aws-cdk-lib » aws_s3 » BucketAccessControl

Default bucket access control types.

See also: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html

Example

const websiteBucket = new s3.Bucket(this, 'WebsiteBucket', {
  websiteIndexDocument: 'index.html',
  publicReadAccess: true,
});

new s3deploy.BucketDeployment(this, 'DeployWebsite', {
  sources: [s3deploy.Source.asset('./website-dist')],
  destinationBucket: websiteBucket,
  destinationKeyPrefix: 'web/static', // optional prefix in destination bucket
  metadata: { A: "1", b: "2" }, // user-defined metadata

  // system-defined metadata
  contentType: "text/html",
  contentLanguage: "en",
  storageClass: s3deploy.StorageClass.INTELLIGENT_TIERING,
  serverSideEncryption: s3deploy.ServerSideEncryption.AES_256,
  cacheControl: [
    s3deploy.CacheControl.setPublic(),
    s3deploy.CacheControl.maxAge(Duration.hours(1)),
  ],
  accessControl: s3.BucketAccessControl.BUCKET_OWNER_FULL_CONTROL,
});

Members

NameDescription
PRIVATEOwner gets FULL_CONTROL.
PUBLIC_READOwner gets FULL_CONTROL.
PUBLIC_READ_WRITEOwner gets FULL_CONTROL.
AUTHENTICATED_READOwner gets FULL_CONTROL.
LOG_DELIVERY_WRITEThe LogDelivery group gets WRITE and READ_ACP permissions on the bucket.
BUCKET_OWNER_READObject owner gets FULL_CONTROL.
BUCKET_OWNER_FULL_CONTROLBoth the object owner and the bucket owner get FULL_CONTROL over the object.
AWS_EXEC_READOwner gets FULL_CONTROL.

PRIVATE

Owner gets FULL_CONTROL.

No one else has access rights.


PUBLIC_READ

Owner gets FULL_CONTROL.

The AllUsers group gets READ access.


PUBLIC_READ_WRITE

Owner gets FULL_CONTROL.

The AllUsers group gets READ and WRITE access. Granting this on a bucket is generally not recommended.


AUTHENTICATED_READ

Owner gets FULL_CONTROL.

The AuthenticatedUsers group gets READ access.


LOG_DELIVERY_WRITE

The LogDelivery group gets WRITE and READ_ACP permissions on the bucket.

See also: https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerLogs.html


BUCKET_OWNER_READ

Object owner gets FULL_CONTROL.

Bucket owner gets READ access. If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.


BUCKET_OWNER_FULL_CONTROL

Both the object owner and the bucket owner get FULL_CONTROL over the object.

If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.


AWS_EXEC_READ

Owner gets FULL_CONTROL.

Amazon EC2 gets READ access to GET an Amazon Machine Image (AMI) bundle from Amazon S3.