How to use the @aws-cdk/aws-s3.BucketEncryption function in @aws-cdk/aws-s3
To help you get started, we’ve selected a few @aws-cdk/aws-s3 examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
aws / aws-cdk / packages / @aws-cdk / aws-glue / lib / table.ts View on Github 
if (columns.length === 0) {
throw new Error('you must specify at least one column for the table');
}
// Check there is at least one column and no duplicated column names or partition keys.
const names = new Set();
(columns.concat(partitionKeys || [])).forEach(column => {
if (names.has(column.name)) {
throw new Error(`column names and partition keys must be unique, but 'p1' is duplicated`);
}
names.add(column.name);
});
}
// map TableEncryption to bucket's SSE configuration (s3.BucketEncryption)
const encryptionMappings = {
[TableEncryption.S3_MANAGED]: s3.BucketEncryption.S3_MANAGED,
[TableEncryption.KMS_MANAGED]: s3.BucketEncryption.KMS_MANAGED,
[TableEncryption.KMS]: s3.BucketEncryption.KMS,
[TableEncryption.CLIENT_SIDE_KMS]: s3.BucketEncryption.UNENCRYPTED,
[TableEncryption.UNENCRYPTED]: s3.BucketEncryption.UNENCRYPTED,
};
// create the bucket to store a table's data depending on the `encryption` and `encryptionKey` properties.
function createBucket(table: Table, props: TableProps) {
const encryption = props.encryption || TableEncryption.UNENCRYPTED;
let bucket = props.bucket;
if (bucket && (encryption !== TableEncryption.UNENCRYPTED && encryption !== TableEncryption.CLIENT_SIDE_KMS)) {
throw new Error('you can not specify encryption settings if you also provide a bucket');
}
let encryptionKey: kms.IKey | undefined;}
// Check there is at least one column and no duplicated column names or partition keys.
const names = new Set();
(columns.concat(partitionKeys || [])).forEach(column => {
if (names.has(column.name)) {
throw new Error(`column names and partition keys must be unique, but 'p1' is duplicated`);
}
names.add(column.name);
});
}
// map TableEncryption to bucket's SSE configuration (s3.BucketEncryption)
const encryptionMappings = {
[TableEncryption.S3_MANAGED]: s3.BucketEncryption.S3_MANAGED,
[TableEncryption.KMS_MANAGED]: s3.BucketEncryption.KMS_MANAGED,
[TableEncryption.KMS]: s3.BucketEncryption.KMS,
[TableEncryption.CLIENT_SIDE_KMS]: s3.BucketEncryption.UNENCRYPTED,
[TableEncryption.UNENCRYPTED]: s3.BucketEncryption.UNENCRYPTED,
};
// create the bucket to store a table's data depending on the `encryption` and `encryptionKey` properties.
function createBucket(table: Table, props: TableProps) {
const encryption = props.encryption || TableEncryption.UNENCRYPTED;
let bucket = props.bucket;
if (bucket && (encryption !== TableEncryption.UNENCRYPTED && encryption !== TableEncryption.CLIENT_SIDE_KMS)) {
throw new Error('you can not specify encryption settings if you also provide a bucket');
}
let encryptionKey: kms.IKey | undefined;
if (encryption === TableEncryption.CLIENT_SIDE_KMS && props.encryptionKey === undefined) {
// CSE-KMS should behave the same as SSE-KMS - use the provided key or create one automaticallyconstructor(scope: Construct, id: string, props: TrailProps = {}) {
super(scope, id, {
physicalName: props.trailName,
});
const cloudTrailPrincipal = new iam.ServicePrincipal("cloudtrail.amazonaws.com");
this.s3bucket = props.bucket || new s3.Bucket(this, 'S3', {encryption: s3.BucketEncryption.UNENCRYPTED});
this.s3bucket.addToResourcePolicy(new iam.PolicyStatement({
resources: [this.s3bucket.bucketArn],
actions: ['s3:GetBucketAcl'],
principals: [cloudTrailPrincipal],
}));
this.s3bucket.addToResourcePolicy(new iam.PolicyStatement({
resources: [this.s3bucket.arnForObjects(`AWSLogs/${Stack.of(this).account}/*`)],
actions: ["s3:PutObject"],
principals: [cloudTrailPrincipal],
conditions: {
StringEquals: {'s3:x-amz-acl': "bucket-owner-full-control"}
}
}));@aws-cdk/aws-s3
The CDK Construct Library for AWS::S3
