import iam = require('@aws-cdk/aws-iam'); import kms = require('@aws-cdk/aws-kms'); import { IBucketNotificationDestination } from '@aws-cdk/aws-s3-notifications'; import cdk = require('@aws-cdk/cdk'); import { BucketPolicy } from './bucket-policy'; import { LifecycleRule } from './rule'; import { BucketArn, BucketDomainName, BucketDualStackDomainName } from './s3.generated'; /** * A reference to a bucket. The easiest way to instantiate is to call * `bucket.export()`. Then, the consumer can use `Bucket.import(this, ref)` and * get a `Bucket`. */ export interface BucketRefProps { /** * The ARN fo the bucket. At least one of bucketArn or bucketName must be * defined in order to initialize a bucket ref. */ bucketArn?: BucketArn; /** * The name of the bucket. If the underlying value of ARN is a string, the * name will be parsed from the ARN. Otherwise, the name is optional, but * some features that require the bucket name such as auto-creating a bucket * policy, won't work. */ bucketName?: BucketName; } /** * Represents an S3 Bucket. * * Buckets can be either defined within this stack: * * new Bucket(this, 'MyBucket', { props }); * * Or imported from an existing bucket: * * BucketRef.import(this, 'MyImportedBucket', { bucketArn: ... }); * * You can also export a bucket and import it into another stack: * * const ref = myBucket.export(); * BucketRef.import(this, 'MyImportedBucket', ref); * */ export declare abstract class BucketRef extends cdk.Construct { /** * Creates a Bucket construct that represents an external bucket. * * @param parent The parent creating construct (usually `this`). * @param name The construct's name. * @param ref A BucketRefProps object. Can be obtained from a call to * `bucket.export()`. */ static import(parent: cdk.Construct, name: string, props: BucketRefProps): BucketRef; /** * The ARN of the bucket. */ abstract readonly bucketArn: BucketArn; /** * The name of the bucket. */ abstract readonly bucketName: BucketName; /** * Optional KMS encryption key associated with this bucket. */ abstract readonly encryptionKey?: kms.EncryptionKeyRef; /** * The resource policy assoicated with this bucket. * * If `autoCreatePolicy` is true, a `BucketPolicy` will be created upon the * first call to addToResourcePolicy(s). */ protected abstract policy?: BucketPolicy; /** * Indicates if a bucket resource policy should automatically created upon * the first call to `addToResourcePolicy`. */ protected abstract autoCreatePolicy: boolean; /** * Exports this bucket from the stack. */ export(): BucketRefProps; /** * Adds a statement to the resource policy for a principal (i.e. * account/role/service) to perform actions on this bucket and/or it's * contents. Use `bucketArn` and `arnForObjects(keys)` to obtain ARNs for * this bucket or objects. */ addToResourcePolicy(permission: cdk.PolicyStatement): void; /** * The https:// URL of this bucket. * @example https://s3.us-west-1.amazonaws.com/onlybucket * Similar to calling `urlForObject` with no object key. */ readonly bucketUrl: S3Url; /** * The https URL of an S3 object. For example: * @example https://s3.us-west-1.amazonaws.com/onlybucket * @example https://s3.us-west-1.amazonaws.com/bucket/key * @example https://s3.cn-north-1.amazonaws.com.cn/china-bucket/mykey * @param key The S3 key of the object. If not specified, the URL of the * bucket is returned. * @returns an ObjectS3Url token */ urlForObject(key?: any): S3Url; /** * Returns an ARN that represents all objects within the bucket that match * the key pattern specified. To represent all keys, specify ``"*"``. * * If you specify multiple components for keyPattern, they will be concatenated:: * * arnForObjects('home/', team, '/', user, '/*') * */ arnForObjects(...keyPattern: any[]): cdk.Arn; /** * Temporary API for granting read permissions for this bucket and it's * contents to an IAM principal (Role/Group/User). * * If an encryption key is used, permission to ues the key to decrypt the * contents of the bucket will also be granted. */ grantRead(identity?: iam.IPrincipal, objectsKeyPattern?: any): void; /** * Grants read/write permissions for this bucket and it's contents to an IAM * principal (Role/Group/User). * * If an encryption key is used, permission to use the key for * encrypt/decrypt will also be granted. */ grantReadWrite(identity?: iam.IPrincipal, objectsKeyPattern?: any): void; private grant; } export interface BucketProps { /** * The kind of server-side encryption to apply to this bucket. * * If you choose KMS, you can specify a KMS key via `encryptionKey`. If * encryption key is not specified, a key will automatically be created. * * @default Unencrypted */ encryption?: BucketEncryption; /** * External KMS key to use for bucket encryption. * * The 'encryption' property must be either not specified or set to "Kms". * An error will be emitted if encryption is set to "Unencrypted" or * "Managed". * * @default If encryption is set to "Kms" and this property is undefined, a * new KMS key will be created and associated with this bucket. */ encryptionKey?: kms.EncryptionKeyRef; /** * Physical name of this bucket. * * @default Assigned by CloudFormation (recommended) */ bucketName?: string; /** * Policy to apply when the bucket is removed from this stack. * * @default By default, the bucket will be destroyed if it is removed from the stack. */ removalPolicy?: cdk.RemovalPolicy; /** * The bucket policy associated with this bucket. * * @default A bucket policy will be created automatically in the first call * to addToPolicy. */ policy?: BucketPolicy; /** * Whether this bucket should have versioning turned on or not. * * @default false */ versioned?: boolean; /** * Rules that define how Amazon S3 manages objects during their lifetime. * * @default No lifecycle rules */ lifecycleRules?: LifecycleRule[]; } /** * An S3 bucket with associated policy objects * * This bucket does not yet have all features that exposed by the underlying * BucketResource. */ export declare class Bucket extends BucketRef { readonly bucketArn: BucketArn; readonly bucketName: BucketName; readonly domainName: BucketDomainName; readonly dualstackDomainName: BucketDualStackDomainName; readonly encryptionKey?: kms.EncryptionKeyRef; protected policy?: BucketPolicy; protected autoCreatePolicy: boolean; private readonly lifecycleRules; private readonly versioned?; private readonly notifications; constructor(parent: cdk.Construct, name: string, props?: BucketProps); /** * Add a lifecycle rule to the bucket * * @param rule The rule to add */ addLifecycleRule(rule: LifecycleRule): void; /** * Adds a bucket notification event destination. * @param event The event to trigger the notification * @param dest The notification destination (Lambda, SNS Topic or SQS Queue) * * @param filters S3 object key filter rules to determine which objects * trigger this event. Each filter must include a `prefix` and/or `suffix` * that will be matched against the s3 object key. Refer to the S3 Developer Guide * for details about allowed filter rules. * * @see https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html#notification-how-to-filtering * * @example * * bucket.onEvent(EventType.OnObjectCreated, myLambda, 'home/myusername/*') * * @see * https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html */ onEvent(event: EventType, dest: IBucketNotificationDestination, ...filters: NotificationKeyFilter[]): void; /** * Subscribes a destination to receive notificatins when an object is * created in the bucket. This is identical to calling * `onEvent(EventType.ObjectCreated)`. * * @param dest The notification destination (see onEvent) * @param filters Filters (see onEvent) */ onObjectCreated(dest: IBucketNotificationDestination, ...filters: NotificationKeyFilter[]): void; /** * Subscribes a destination to receive notificatins when an object is * removed from the bucket. This is identical to calling * `onEvent(EventType.ObjectRemoved)`. * * @param dest The notification destination (see onEvent) * @param filters Filters (see onEvent) */ onObjectRemoved(dest: IBucketNotificationDestination, ...filters: NotificationKeyFilter[]): void; /** * Set up key properties and return the Bucket encryption property from the * user's configuration. */ private parseEncryption; /** * Parse the lifecycle configuration out of the uucket props * @param props Par */ private parseLifecycleConfiguration; } /** * What kind of server-side encryption to apply to this bucket */ export declare enum BucketEncryption { /** * Objects in the bucket are not encrypted. */ Unencrypted = "NONE", /** * Server-side KMS encryption with a master key managed by KMS. */ KmsManaged = "MANAGED", /** * Server-side encryption with a master key managed by S3. */ S3Managed = "S3MANAGED", /** * Server-side encryption with a KMS key managed by the user. * If `encryptionKey` is specified, this key will be used, otherwise, one will be defined. */ Kms = "KMS" } /** * The name of the bucket. */ export declare class BucketName extends cdk.Token { } /** * A key to an S3 object. */ export declare class ObjectKey extends cdk.Token { } /** * The web URL (https://s3.us-west-1.amazonaws.com/bucket/key) of an S3 object. */ export declare class S3Url extends cdk.Token { } /** * Notification event types. */ export declare enum EventType { /** * Amazon S3 APIs such as PUT, POST, and COPY can create an object. Using * these event types, you can enable notification when an object is created * using a specific API, or you can use the s3:ObjectCreated:* event type to * request notification regardless of the API that was used to create an * object. */ ObjectCreated = "s3:ObjectCreated:*", /** * Amazon S3 APIs such as PUT, POST, and COPY can create an object. Using * these event types, you can enable notification when an object is created * using a specific API, or you can use the s3:ObjectCreated:* event type to * request notification regardless of the API that was used to create an * object. */ ObjectCreatedPut = "s3:ObjectCreated:Put", /** * Amazon S3 APIs such as PUT, POST, and COPY can create an object. Using * these event types, you can enable notification when an object is created * using a specific API, or you can use the s3:ObjectCreated:* event type to * request notification regardless of the API that was used to create an * object. */ ObjectCreatedPost = "s3:ObjectCreated:Post", /** * Amazon S3 APIs such as PUT, POST, and COPY can create an object. Using * these event types, you can enable notification when an object is created * using a specific API, or you can use the s3:ObjectCreated:* event type to * request notification regardless of the API that was used to create an * object. */ ObjectCreatedCopy = "s3:ObjectCreated:Copy", /** * Amazon S3 APIs such as PUT, POST, and COPY can create an object. Using * these event types, you can enable notification when an object is created * using a specific API, or you can use the s3:ObjectCreated:* event type to * request notification regardless of the API that was used to create an * object. */ ObjectCreatedCompleteMultipartUpload = "s3:ObjectCreated:CompleteMultipartUpload", /** * By using the ObjectRemoved event types, you can enable notification when * an object or a batch of objects is removed from a bucket. * * You can request notification when an object is deleted or a versioned * object is permanently deleted by using the s3:ObjectRemoved:Delete event * type. Or you can request notification when a delete marker is created for * a versioned object by using s3:ObjectRemoved:DeleteMarkerCreated. For * information about deleting versioned objects, see Deleting Object * Versions. You can also use a wildcard s3:ObjectRemoved:* to request * notification anytime an object is deleted. * * You will not receive event notifications from automatic deletes from * lifecycle policies or from failed operations. */ ObjectRemoved = "s3:ObjectRemoved:*", /** * By using the ObjectRemoved event types, you can enable notification when * an object or a batch of objects is removed from a bucket. * * You can request notification when an object is deleted or a versioned * object is permanently deleted by using the s3:ObjectRemoved:Delete event * type. Or you can request notification when a delete marker is created for * a versioned object by using s3:ObjectRemoved:DeleteMarkerCreated. For * information about deleting versioned objects, see Deleting Object * Versions. You can also use a wildcard s3:ObjectRemoved:* to request * notification anytime an object is deleted. * * You will not receive event notifications from automatic deletes from * lifecycle policies or from failed operations. */ ObjectRemovedDelete = "s3:ObjectRemoved:Delete", /** * By using the ObjectRemoved event types, you can enable notification when * an object or a batch of objects is removed from a bucket. * * You can request notification when an object is deleted or a versioned * object is permanently deleted by using the s3:ObjectRemoved:Delete event * type. Or you can request notification when a delete marker is created for * a versioned object by using s3:ObjectRemoved:DeleteMarkerCreated. For * information about deleting versioned objects, see Deleting Object * Versions. You can also use a wildcard s3:ObjectRemoved:* to request * notification anytime an object is deleted. * * You will not receive event notifications from automatic deletes from * lifecycle policies or from failed operations. */ ObjectRemovedDeleteMarkerCreated = "s3:ObjectRemoved:DeleteMarkerCreated", /** * You can use this event type to request Amazon S3 to send a notification * message when Amazon S3 detects that an object of the RRS storage class is * lost. */ ReducedRedundancyLostObject = "s3:ReducedRedundancyLostObject" } export interface NotificationKeyFilter { /** * S3 keys must have the specified prefix. */ prefix?: string; /** * S3 keys must have the specified suffix. */ suffix?: string; }