Skip to main content

buckets

Creates, updates, deletes or gets a bucket resource or lists buckets in a region

Overview

Namebuckets
TypeResource
Description
The AWS::S3::Bucket resource creates an Amazon S3 bucket in the same AWS Region where you create the AWS CloudFormation stack.To control how AWS CloudFormation handles the bucket when the stack is deleted, you can set a deletion policy for your bucket. You can choose to retain the bucket or to delete the bucket. For more information, see DeletionPolicy Attribute.
You can only delete empty buckets. Deletion fails for buckets that have contents.
Idawscc.s3.buckets

Fields

NameDatatypeDescription
accelerate_configurationobjectConfigures the transfer acceleration state for an Amazon S3 bucket. For more information, see Amazon S3 Transfer Acceleration in the Amazon S3 User Guide.
access_controlstring
This is a legacy property, and it is not recommended for most use cases. A majority of modern use cases in Amazon S3 no longer require the use of ACLs, and we recommend that you keep ACLs disabled. For more information, see Controlling object ownership in the Amazon S3 User Guide.A canned access control list (ACL) that grants predefined permissions to the bucket. For more information about canned ACLs, see Canned ACL in the Amazon S3 User Guide.
S3 buckets are created with ACLs disabled by default. Therefore, unless you explicitly set the AWS::S3::OwnershipControls property to enable ACLs, your resource will fail to deploy with any value other than Private. Use cases requiring ACLs are uncommon.
The majority of access control configurations can be successfully and more easily achieved with bucket policies. For more information, see AWS::S3::BucketPolicy. For examples of common policy configurations, including S3 Server Access Logs buckets and more, see Bucket policy examples in the Amazon S3 User Guide.
analytics_configurationsarraySpecifies the configuration and any analyses for the analytics filter of an Amazon S3 bucket.
bucket_encryptionobjectSpecifies default encryption for a bucket using server-side encryption with Amazon S3-managed keys (SSE-S3), AWS KMS-managed keys (SSE-KMS), or dual-layer server-side encryption with KMS-managed keys (DSSE-KMS). For information about the Amazon S3 default encryption feature, see Amazon S3 Default Encryption for S3 Buckets in the Amazon S3 User Guide.
bucket_namestring
A name for the bucket. If you don't specify a name, AWS CloudFormation generates a unique ID and uses that ID for the bucket name. The bucket name must contain only lowercase letters, numbers, periods (.), and dashes (-) and must follow Amazon S3 bucket restrictions and limitations. For more information, see Rules for naming Amazon S3 buckets in the Amazon S3 User Guide.If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you need to replace the resource, specify a new name.
cors_configurationobjectDescribes the cross-origin access configuration for objects in an Amazon S3 bucket. For more information, see Enabling Cross-Origin Resource Sharing in the Amazon S3 User Guide.
intelligent_tiering_configurationsarrayDefines how Amazon S3 handles Intelligent-Tiering storage.
inventory_configurationsarraySpecifies the inventory configuration for an Amazon S3 bucket. For more information, see GET Bucket inventory in the Amazon S3 API Reference.
lifecycle_configurationobjectSpecifies the lifecycle configuration for objects in an Amazon S3 bucket. For more information, see Object Lifecycle Management in the Amazon S3 User Guide.
logging_configurationobjectSettings that define where logs are stored.
metrics_configurationsarraySpecifies a metrics configuration for the CloudWatch request metrics (specified by the metrics configuration ID) from an Amazon S3 bucket. If you're updating an existing metrics configuration, note that this is a full replacement of the existing metrics configuration. If you don't include the elements you want to keep, they are erased. For more information, see PutBucketMetricsConfiguration.
metadata_table_configurationobjectThe metadata table configuration of an S3 general purpose bucket.
metadata_configurationobject
notification_configurationobjectConfiguration that defines how Amazon S3 handles bucket notifications.
object_lock_configurationobject
This operation is not supported for directory buckets.Places an Object Lock configuration on the specified bucket. The rule specified in the Object Lock configuration will be applied by default to every new object placed in the specified bucket. For more information, see Locking Objects.
+ The DefaultRetention settings require both a mode and a period.
+ The DefaultRetention period can be either Days or Years but you must select one. You cannot specify Days and Years at the same time.
+ You can enable Object Lock for new or existing buckets. For more information, see Configuring Object Lock.
object_lock_enabledbooleanIndicates whether this bucket has an Object Lock configuration enabled. Enable ObjectLockEnabled when you apply ObjectLockConfiguration to a bucket.
ownership_controlsobjectConfiguration that defines how Amazon S3 handles Object Ownership rules.
public_access_block_configurationobjectConfiguration that defines how Amazon S3 handles public access.
replication_configurationobject
Configuration for replicating objects in an S3 bucket. To enable replication, you must also enable versioning by using the VersioningConfiguration property.Amazon S3 can store replicated objects in a single destination bucket or multiple destination buckets. The destination bucket or buckets must already exist.
tagsarrayAn arbitrary set of tags (key-value pairs) for this S3 bucket.
versioning_configurationobject
Enables multiple versions of all objects in this bucket. You might enable versioning to prevent objects from being deleted or overwritten by mistake or to archive objects so that you can retrieve previous versions of them.When you enable versioning on a bucket for the first time, it might take a short amount of time for the change to be fully propagated. We recommend that you wait for 15 minutes after enabling versioning before issuing write operations (PUT or DELETE) on objects in the bucket.
website_configurationobjectInformation used to configure the bucket as a static website. For more information, see Hosting Websites on Amazon S3.
arnstringThe Amazon Resource Name (ARN) of the specified resource.
domain_namestring
dual_stack_domain_namestring
regional_domain_namestring
website_urlstring
regionstringAWS region.

For more information, see AWS::S3::Bucket.

Methods

NameResourceAccessible byRequired Params
create_resourcebucketsINSERTBucketName, region
delete_resourcebucketsDELETEIdentifier, region
update_resourcebucketsUPDATEIdentifier, PatchDocument, region
list_resourcesbuckets_list_onlySELECTregion
get_resourcebucketsSELECTIdentifier, region

SELECT examples

Gets all properties from an individual bucket.

SELECT
  region,
  accelerate_configuration,
  access_control,
  analytics_configurations,
  bucket_encryption,
  bucket_name,
  cors_configuration,
  intelligent_tiering_configurations,
  inventory_configurations,
  lifecycle_configuration,
  logging_configuration,
  metrics_configurations,
  metadata_table_configuration,
  metadata_configuration,
  notification_configuration,
  object_lock_configuration,
  object_lock_enabled,
  ownership_controls,
  public_access_block_configuration,
  replication_configuration,
  tags,
  versioning_configuration,
  website_configuration,
  arn,
  domain_name,
  dual_stack_domain_name,
  regional_domain_name,
  website_url
FROM awscc.s3.buckets
WHERE
  region = '{{ region }}' AND
  Identifier = '{{ bucket_name }}';

INSERT example

Use the following StackQL query and manifest file to create a new bucket resource, using stack-deploy.

/*+ create */
INSERT INTO awscc.s3.buckets (
  BucketName,
  region
)
SELECT
  '{{ bucket_name }}',
  '{{ region }}'
RETURNING
  ErrorCode,
  EventTime,
  Identifier,
  Operation,
  OperationStatus,
  RequestToken,
  ResourceModel,
  RetryAfter,
  StatusMessage,
  TypeName
;

UPDATE example

Use the following StackQL query and manifest file to update a bucket resource, using stack-deploy.

/*+ update */
UPDATE awscc.s3.buckets
SET PatchDocument = string('{{ {
    "AccelerateConfiguration": accelerate_configuration,
    "AccessControl": access_control,
    "AnalyticsConfigurations": analytics_configurations,
    "BucketEncryption": bucket_encryption,
    "CorsConfiguration": cors_configuration,
    "IntelligentTieringConfigurations": intelligent_tiering_configurations,
    "InventoryConfigurations": inventory_configurations,
    "LifecycleConfiguration": lifecycle_configuration,
    "LoggingConfiguration": logging_configuration,
    "MetricsConfigurations": metrics_configurations,
    "NotificationConfiguration": notification_configuration,
    "ObjectLockConfiguration": object_lock_configuration,
    "ObjectLockEnabled": object_lock_enabled,
    "OwnershipControls": ownership_controls,
    "PublicAccessBlockConfiguration": public_access_block_configuration,
    "ReplicationConfiguration": replication_configuration,
    "Tags": tags,
    "VersioningConfiguration": versioning_configuration,
    "WebsiteConfiguration": website_configuration
} | generate_patch_document }}')
WHERE
  region = '{{ region }}' AND
  Identifier = '{{ bucket_name }}'
RETURNING
  ErrorCode,
  EventTime,
  Identifier,
  Operation,
  OperationStatus,
  RequestToken,
  ResourceModel,
  RetryAfter,
  StatusMessage,
  TypeName
;

DELETE example

/*+ delete */
DELETE FROM awscc.s3.buckets
WHERE
  Identifier = '{{ bucket_name }}' AND
  region = '{{ region }}'
RETURNING
  ErrorCode,
  EventTime,
  Identifier,
  Operation,
  OperationStatus,
  RequestToken,
  ResourceModel,
  RetryAfter,
  StatusMessage,
  TypeName
;

Additional Parameters

Mutable resources in the Cloud Control provider support additional optional parameters which can be supplied with INSERT, UPDATE, or DELETE operations. These include:

ParameterDescription
ClientToken
A unique identifier to ensure the idempotency of the resource request.This allows the provider to accurately distinguish between retries and new requests.
A client token is valid for 36 hours once used.
After that, a resource request with the same client token is treated as a new request.
If you do not specify a client token, one is generated for inclusion in the request.
RoleArn
The ARN of the IAM role used to perform this resource operation.The role specified must have the permissions required for this operation.
If you do not specify a role, a temporary session is created using your AWS user credentials.
TypeVersionId
For private resource types, the type version to use in this resource operation.If you do not specify a resource version, the default version is used.

Permissions

To operate on the buckets resource, the following permissions are required:

s3:CreateBucket,
s3:PutBucketTagging,
s3:PutAnalyticsConfiguration,
s3:PutEncryptionConfiguration,
s3:PutBucketCORS,
s3:PutInventoryConfiguration,
s3:PutLifecycleConfiguration,
s3:PutMetricsConfiguration,
s3:PutBucketNotification,
s3:PutBucketReplication,
s3:PutBucketWebsite,
s3:PutAccelerateConfiguration,
s3:PutBucketPublicAccessBlock,
s3:PutReplicationConfiguration,
s3:PutObjectAcl,
s3:PutBucketObjectLockConfiguration,
s3:GetBucketAcl,
s3:ListBucket,
iam:PassRole,
s3:DeleteObject,
s3:PutBucketLogging,
s3:PutBucketVersioning,
s3:PutObjectLockConfiguration,
s3:PutBucketOwnershipControls,
s3:PutIntelligentTieringConfiguration,
s3:GetBucketMetadataTableConfiguration,
s3:CreateBucketMetadataTableConfiguration,
s3tables:CreateNamespace,
s3tables:CreateTable,
s3tables:CreateTableBucket,
s3tables:GetTable,
s3tables:PutTableEncryption,
s3tables:PutTablePolicy,
s3tables:GetTableMetadataLocation,
s3tables:UpdateTableMetadataLocation