AWS storage services provide scalable, durable, and secure data storage solutions. This includes object storage (S3), file systems (EFS, FSx), and storage utilities for content delivery and backup.
Simple Storage Service (S3) provides highly scalable object storage with industry-leading durability, availability, and performance.
/**
* S3 bucket for object storage
*/
class Bucket extends Resource implements IBucket {
constructor(scope: Construct, id: string, props?: BucketProps);
/**
* Import an existing bucket by name
*/
static fromBucketName(scope: Construct, id: string, bucketName: string): IBucket;
/**
* Import an existing bucket by ARN
*/
static fromBucketArn(scope: Construct, id: string, bucketArn: string): IBucket;
/**
* Import an existing bucket with attributes
*/
static fromBucketAttributes(scope: Construct, id: string, attrs: BucketAttributes): IBucket;
/**
* Add a lifecycle rule to the bucket
*/
addLifecycleRule(rule: LifecycleRule): void;
/**
* Add a CORS rule to the bucket
*/
addCorsRule(rule: CorsRule): void;
/**
* Add an event notification to the bucket
*/
addEventNotification(event: EventType, dest: IBucketNotificationDestination, ...filters: NotificationKeyFilter[]): void;
/**
* Add an object created event notification
*/
addObjectCreatedNotification(dest: IBucketNotificationDestination, ...filters: NotificationKeyFilter[]): void;
/**
* Add an object removed event notification
*/
addObjectRemovedNotification(dest: IBucketNotificationDestination, ...filters: NotificationKeyFilter[]): void;
/**
* Grant read permissions for this bucket and its contents to an IAM principal
*/
grantRead(identity: IGrantable, objectsKeyPattern?: any): Grant;
/**
* Grant write permissions to this bucket to an IAM principal
*/
grantWrite(identity: IGrantable, objectsKeyPattern?: any): Grant;
/**
* Grant read and write permissions for this bucket and its contents to an IAM principal
*/
grantReadWrite(identity: IGrantable, objectsKeyPattern?: any): Grant;
/**
* Grant delete permissions for this bucket and its contents to an IAM principal
*/
grantDelete(identity: IGrantable, objectsKeyPattern?: any): Grant;
/**
* Grant all permissions for this bucket and its contents to an IAM principal
*/
grantPublicAccess(): Grant;
/**
* Add a bucket policy to the bucket
*/
addToResourcePolicy(permission: PolicyStatement): AddToResourcePolicyResult;
/**
* Enable event bridge notifications on this bucket
*/
enableEventBridgeNotification(): void;
readonly bucketArn: string;
readonly bucketName: string;
readonly bucketDomainName: string;
readonly bucketDualStackDomainName: string;
readonly bucketRegionalDomainName: string;
readonly bucketWebsiteUrl: string;
readonly bucketWebsiteDomainName: string;
readonly encryptionKey?: IKey;
readonly isWebsite?: boolean;
readonly policy?: BucketPolicy;
}
/**
* S3 bucket notification construct
*/
class BucketNotification extends Construct {
constructor(scope: Construct, id: string, props: BucketNotificationProps);
/**
* Add a notification destination
*/
bind(bucket: IBucket): BucketNotificationConfig;
}
/**
* S3 bucket policy construct
*/
class BucketPolicy extends Resource {
constructor(scope: Construct, id: string, props: BucketPolicyProps);
/**
* Adds a statement to the policy document
*/
addStatements(...statement: PolicyStatement[]): void;
readonly document: PolicyDocument;
}Usage Examples:
import { Bucket, BucketEncryption, BlockPublicAccess, LifecycleRule, StorageClass } from "aws-cdk-lib/aws-s3";
import { RemovalPolicy, Duration } from "aws-cdk-lib";
// Simple bucket
const simpleBucket = new Bucket(this, "SimpleBucket");
// Bucket with configuration
const configuredBucket = new Bucket(this, "ConfiguredBucket", {
bucketName: "my-app-data",
encryption: BucketEncryption.S3_MANAGED,
blockPublicAccess: BlockPublicAccess.BLOCK_ALL,
versioned: true,
removalPolicy: RemovalPolicy.DESTROY,
lifecycleRules: [
{
id: "DeleteOldVersions",
enabled: true,
noncurrentVersionExpiration: Duration.days(30),
transitions: [
{
storageClass: StorageClass.INFREQUENT_ACCESS,
transitionAfter: Duration.days(30),
},
{
storageClass: StorageClass.GLACIER,
transitionAfter: Duration.days(90),
},
],
},
],
});
// Grant access to Lambda function
configuredBucket.grantRead(myLambdaFunction);
configuredBucket.grantWrite(myLambdaFunction, "uploads/*");
// Add event notification
configuredBucket.addEventNotification(
EventType.OBJECT_CREATED,
new destinations.LambdaDestination(myFunction),
{ prefix: "images/", suffix: ".jpg" }
);Elastic File System (EFS) provides scalable, elastic file storage for use with EC2 instances and Lambda functions.
/**
* EFS file system construct
*/
class FileSystem extends Resource implements IFileSystem {
constructor(scope: Construct, id: string, props?: FileSystemProps);
/**
* Import an existing file system by ID
*/
static fromFileSystemAttributes(scope: Construct, id: string, attrs: FileSystemAttributes): IFileSystem;
/**
* Create an access point for this file system
*/
addAccessPoint(id: string, accessPointOptions?: AccessPointOptions): AccessPoint;
/**
* Grant read permissions on this file system to an IAM principal
*/
grantRead(grantee: IGrantable): Grant;
/**
* Grant write permissions on this file system to an IAM principal
*/
grantWrite(grantee: IGrantable): Grant;
/**
* Grant read and write permissions on this file system to an IAM principal
*/
grantReadWrite(grantee: IGrantable): Grant;
/**
* Grant root access permissions on this file system to an IAM principal
*/
grantRootAccess(grantee: IGrantable): Grant;
readonly fileSystemArn: string;
readonly fileSystemId: string;
readonly connections: Connections;
readonly mountTargetsAvailable: IDependable;
}
/**
* EFS access point construct
*/
class AccessPoint extends Resource implements IAccessPoint {
constructor(scope: Construct, id: string, props: AccessPointProps);
/**
* Import an existing access point by ID
*/
static fromAccessPointId(scope: Construct, id: string, accessPointId: string): IAccessPoint;
/**
* Import an existing access point by attributes
*/
static fromAccessPointAttributes(scope: Construct, id: string, attrs: AccessPointAttributes): IAccessPoint;
readonly accessPointArn: string;
readonly accessPointId: string;
readonly fileSystem: IFileSystem;
}Amazon FSx provides fully managed file systems optimized for high-performance workloads.
/**
* FSx for Lustre file system
*/
class LustreFileSystem extends Resource implements IFileSystem {
constructor(scope: Construct, id: string, props: LustreFileSystemProps);
/**
* Import an existing file system by attributes
*/
static fromLustreFileSystemAttributes(scope: Construct, id: string, attrs: FileSystemAttributes): IFileSystem;
readonly fileSystemId: string;
readonly connections: Connections;
readonly dnsName: string;
readonly mountName: string;
}
/**
* FSx for Windows File Server
*/
class WindowsFileSystem extends Resource implements IFileSystem {
constructor(scope: Construct, id: string, props: WindowsFileSystemProps);
/**
* Import an existing file system by attributes
*/
static fromWindowsFileSystemAttributes(scope: Construct, id: string, attrs: FileSystemAttributes): IFileSystem;
readonly fileSystemId: string;
readonly connections: Connections;
readonly dnsName: string;
}Utilities for managing assets (files, code) that need to be uploaded to S3 during deployment.
/**
* Asset that represents a file or directory in S3
*/
class Asset extends Construct implements IAsset {
constructor(scope: Construct, id: string, props: AssetProps);
/**
* Adds CloudFormation template metadata to the specified resource with information that indicates which resource property is mapped to this local asset
*/
addResourceMetadata(resource: CfnResource, resourceProperty: string): void;
/**
* Grant read permissions for this asset to an IAM principal
*/
grantRead(grantee: IGrantable): Grant;
readonly assetHash: string;
readonly bucket: IBucket;
readonly httpUrl: string;
readonly s3BucketName: string;
readonly s3ObjectKey: string;
readonly s3ObjectUrl: string;
readonly s3Url: string;
}Utilities for deploying content to S3 buckets.
/**
* Populates an S3 bucket with content from local files or other S3 buckets
*/
class BucketDeployment extends Construct {
constructor(scope: Construct, id: string, props: BucketDeploymentProps);
/**
* Add additional sources after the initial construction
*/
addSource(source: ISource): void;
readonly deployedBucket: IBucket;
readonly objectKeys: string[];
}
/**
* Source for bucket deployments
*/
class Source {
/**
* Uses a local file or directory as the deployment source
*/
static asset(path: string, options?: AssetOptions): ISource;
/**
* Uses a .zip file stored in an S3 bucket as the deployment source
*/
static bucket(bucket: IBucket, zipObjectKey: string): ISource;
/**
* Deploy specific object keys from an S3 bucket
*/
static data(objectKey: string, data: string): ISource;
/**
* Uses a JSON object as the deployment source
*/
static jsonData(objectKey: string, obj: any): ISource;
/**
* Uses a YAML object as the deployment source
*/
static yamlData(objectKey: string, obj: any): ISource;
}interface BucketProps {
readonly autoDeleteObjects?: boolean;
readonly blockPublicAccess?: BlockPublicAccess;
readonly bucketKeyEnabled?: boolean;
readonly bucketName?: string;
readonly cors?: CorsRule[];
readonly encryption?: BucketEncryption;
readonly encryptionKey?: IKey;
readonly enforceSSL?: boolean;
readonly eventBridgeEnabled?: boolean;
readonly intelligentTieringConfigurations?: IntelligentTieringConfiguration[];
readonly inventories?: Inventory[];
readonly lifecycleRules?: LifecycleRule[];
readonly metrics?: BucketMetrics[];
readonly minimumTLSVersion?: number;
readonly notificationsHandlerRole?: IRole;
readonly objectLockDefaultRetention?: ObjectLockRetention;
readonly objectLockEnabled?: boolean;
readonly objectOwnership?: ObjectOwnership;
readonly publicReadAccess?: boolean;
readonly removalPolicy?: RemovalPolicy;
readonly serverAccessLogsBucket?: IBucket;
readonly serverAccessLogsPrefix?: string;
readonly transferAcceleration?: boolean;
readonly versioned?: boolean;
readonly websiteErrorDocument?: string;
readonly websiteIndexDocument?: string;
readonly websiteRedirect?: RedirectTarget;
readonly websiteRoutingRules?: RoutingRule[];
}
interface FileSystemProps {
readonly vpc: IVpc;
readonly allowAnonymousAccess?: boolean;
readonly enableBackupPolicy?: boolean;
readonly encrypted?: boolean;
readonly fileSystemName?: string;
readonly fileSystemPolicy?: PolicyDocument;
readonly kmsKey?: IKey;
readonly lifecyclePolicy?: LifecyclePolicy;
readonly outOfInfrequentAccessPolicy?: OutOfInfrequentAccessPolicy;
readonly performanceMode?: PerformanceMode;
readonly provisionedThroughputPerSecond?: Size;
readonly removalPolicy?: RemovalPolicy;
readonly replicationConfiguration?: ReplicationConfiguration;
readonly securityGroup?: ISecurityGroup;
readonly throughputMode?: ThroughputMode;
readonly vpcSubnets?: SubnetSelection;
}
interface AccessPointProps {
readonly fileSystem: IFileSystem;
readonly accessPointName?: string;
readonly createAcl?: Acl;
readonly path?: string;
readonly posixUser?: PosixUser;
}
interface LifecycleRule {
readonly id?: string;
readonly enabled?: boolean;
readonly prefix?: string;
readonly tagFilters?: { [tag: string]: any };
readonly objectSizeGreaterThan?: number;
readonly objectSizeLessThan?: number;
readonly expiration?: Duration;
readonly expirationDate?: Date;
readonly expiredObjectDeleteMarker?: boolean;
readonly noncurrentVersionExpiration?: Duration;
readonly noncurrentVersionsToRetain?: number;
readonly transitions?: Transition[];
readonly noncurrentVersionTransitions?: NoncurrentVersionTransition[];
readonly abortIncompleteMultipartUploadAfter?: Duration;
}
interface CorsRule {
readonly allowedMethods: HttpMethods[];
readonly allowedOrigins: string[];
readonly id?: string;
readonly allowedHeaders?: string[];
readonly exposedHeaders?: string[];
readonly maxAge?: number;
}
enum BucketEncryption {
UNENCRYPTED = 0,
KMS_MANAGED = 1,
S3_MANAGED = 2,
KMS = 3
}
enum StorageClass {
STANDARD = "STANDARD",
REDUCED_REDUNDANCY = "REDUCED_REDUNDANCY",
STANDARD_IA = "STANDARD_IA",
ONEZONE_IA = "ONEZONE_IA",
INTELLIGENT_TIERING = "INTELLIGENT_TIERING",
GLACIER = "GLACIER",
DEEP_ARCHIVE = "DEEP_ARCHIVE",
GLACIER_INSTANT_RETRIEVAL = "GLACIER_IR"
}
enum EventType {
OBJECT_CREATED = "s3:ObjectCreated:*",
OBJECT_CREATED_PUT = "s3:ObjectCreated:Put",
OBJECT_CREATED_POST = "s3:ObjectCreated:Post",
OBJECT_CREATED_COPY = "s3:ObjectCreated:Copy",
OBJECT_CREATED_COMPLETE_MULTIPART_UPLOAD = "s3:ObjectCreated:CompleteMultipartUpload",
OBJECT_REMOVED = "s3:ObjectRemoved:*",
OBJECT_REMOVED_DELETE = "s3:ObjectRemoved:Delete",
OBJECT_REMOVED_DELETE_MARKER_CREATED = "s3:ObjectRemoved:DeleteMarkerCreated",
OBJECT_RESTORE_POST = "s3:ObjectRestore:Post",
OBJECT_RESTORE_COMPLETED = "s3:ObjectRestore:Completed",
OBJECT_RESTORE_DELETE = "s3:ObjectRestore:Delete",
REDUCED_REDUNDANCY_LOST_OBJECT = "s3:ReducedRedundancyLostObject",
REPLICATION_OPERATION_FAILED_REPLICATION = "s3:Replication:OperationFailedReplication",
REPLICATION_OPERATION_MISSED_THRESHOLD = "s3:Replication:OperationMissedThreshold",
REPLICATION_OPERATION_REPLICATED_AFTER_THRESHOLD = "s3:Replication:OperationReplicatedAfterThreshold",
REPLICATION_OPERATION_NOT_TRACKED = "s3:Replication:OperationNotTracked"
}
enum HttpMethods {
GET = "GET",
PUT = "PUT",
HEAD = "HEAD",
POST = "POST",
DELETE = "DELETE"
}
enum PerformanceMode {
GENERAL_PURPOSE = "generalPurpose",
MAX_IO = "maxIO"
}
enum ThroughputMode {
BURSTING = "bursting",
PROVISIONED = "provisioned"
}
enum LifecyclePolicy {
AFTER_7_DAYS = "AFTER_7_DAYS",
AFTER_14_DAYS = "AFTER_14_DAYS",
AFTER_30_DAYS = "AFTER_30_DAYS",
AFTER_60_DAYS = "AFTER_60_DAYS",
AFTER_90_DAYS = "AFTER_90_DAYS"
}
enum ObjectOwnership {
BUCKET_OWNER_ENFORCED = "BucketOwnerEnforced",
BUCKET_OWNER_PREFERRED = "BucketOwnerPreferred",
OBJECT_WRITER = "ObjectWriter"
}