BucketPolicy
The bucket policy for an Amazon S3 bucket. Policies define the operations that are allowed on this resource. You almost never need to define this construct directly. All AWS resources that support resource policies have a method called `addToResourcePolicy()`, which will automatically create a new resource policy if one doesn't exist yet, otherwise it will add to the existing policy. The bucket policy method is implemented differently than `addToResourcePolicy()` as `BucketPolicy()` creates a new policy without knowing one earlier existed. e.g. if during Bucket creation, if `autoDeleteObject:true`, these policies are added to the bucket policy: ["s3:DeleteObject*", "s3:GetBucket*", "s3:List*", "s3:PutBucketPolicy"], and when you add a new BucketPolicy with ["s3:GetObject", "s3:ListBucket"] on this existing bucket, invoking `BucketPolicy()` will create a new Policy without knowing one earlier exists already, so it creates a new one. In this case, the custom resource handler will not have access to `s3:GetBucketTagging` action which will cause failure during deletion of stack. Hence its strongly recommended to use `addToResourcePolicy()` method to add new permissions to existing policy.
Import
import { BucketPolicy } from 'aws-cdk-lib/aws-s3';Or use the module namespace:
import * as s3 from 'aws-cdk-lib/aws-s3';
// s3.BucketPolicyProperties
Configuration passed to the constructor as BucketPolicyProps.
bucketRequiredIBucketThe Amazon S3 bucket that the policy applies to.
documentOptionalPolicyDocumentPolicy document to apply to the bucket.
Default: - A new empty PolicyDocument will be created.
removalPolicyOptionalRemovalPolicyPolicy to apply when the policy is removed from this stack.
Default: - RemovalPolicy.DESTROY.
Get the Amazon S3 Cheat Sheet
Everything you need to know about Amazon S3 on one page. HD quality, print-friendly.
Download Free InfographicQuick Facts
aws-s3