Bucket
s3.services.k8s.aws/v1alpha1
| Type | Link |
|---|---|
| GoDoc | s3-controller/apis/v1alpha1#Bucket |
Metadata
| Property | Value |
|---|---|
| Scope | Namespaced |
| Kind | Bucket |
| ListKind | BucketList |
| Plural | buckets |
| Singular | bucket |
In terms of implementation, a Bucket is a resource.
Spec
accelerate:
status: string
acl: string
analytics:
filter:
and:
prefix: string
tags:
- key: string
value: string
prefix: string
tag:
key: string
value: string
id: string
storageClassAnalysis:
dataExport:
destination:
s3BucketDestination:
bucket: string
bucketAccountID: string
format: string
prefix: string
outputSchemaVersion: string
cors:
corsRules:
allowedHeaders:
- string
allowedMethods:
- string
allowedOrigins:
- string
exposeHeaders:
- string
id: string
maxAgeSeconds: integer
createBucketConfiguration:
locationConstraint: string
encryption:
rules:
applyServerSideEncryptionByDefault:
kmsMasterKeyID: string
sseAlgorithm: string
bucketKeyEnabled: boolean
grantFullControl: string
grantRead: string
grantReadACP: string
grantWrite: string
grantWriteACP: string
intelligentTiering:
filter:
and:
prefix: string
tags:
- key: string
value: string
prefix: string
tag:
key: string
value: string
id: string
status: string
tierings:
- accessTier: string
days: integer
inventory:
destination:
s3BucketDestination:
accountID: string
bucket: string
encryption:
sseKMS:
keyID: string
format: string
prefix: string
filter:
prefix: string
id: string
includedObjectVersions: string
isEnabled: boolean
optionalFields:
- string
schedule:
frequency: string
lifecycle:
rules:
abortIncompleteMultipartUpload:
daysAfterInitiation: integer
expiration:
date: string
days: integer
expiredObjectDeleteMarker: boolean
filter:
and:
objectSizeGreaterThan: integer
objectSizeLessThan: integer
prefix: string
tags:
- key: string
value: string
objectSizeGreaterThan: integer
objectSizeLessThan: integer
prefix: string
tag:
key: string
value: string
id: string
noncurrentVersionExpiration:
newerNoncurrentVersions: integer
noncurrentDays: integer
noncurrentVersionTransitions:
- newerNoncurrentVersions: integer
noncurrentDays: integer
storageClass: string
prefix: string
status: string
transitions:
- date: string
days: integer
storageClass: string
logging:
loggingEnabled:
targetBucket: string
targetGrants:
grantee:
displayName: string
emailAddress: string
id: string
type_: string
uRI: string
permission: string
targetPrefix: string
metrics:
filter:
accessPointARN: string
and:
accessPointARN: string
prefix: string
tags:
- key: string
value: string
prefix: string
tag:
key: string
value: string
id: string
name: string
notification:
lambdaFunctionConfigurations:
events:
- string
filter:
key:
filterRules:
- name: string
value: string
id: string
lambdaFunctionARN: string
queueConfigurations:
events:
- string
filter:
key:
filterRules:
- name: string
value: string
id: string
queueARN: string
topicConfigurations:
events:
- string
filter:
key:
filterRules:
- name: string
value: string
id: string
topicARN: string
objectLockEnabledForBucket: boolean
objectOwnership: string
ownershipControls:
rules:
- objectOwnership: string
policy: string
publicAccessBlock:
blockPublicACLs: boolean
blockPublicPolicy: boolean
ignorePublicACLs: boolean
restrictPublicBuckets: boolean
replication:
role: string
rules:
deleteMarkerReplication:
status: string
destination:
accessControlTranslation:
owner: string
account: string
bucket: string
encryptionConfiguration:
replicaKMSKeyID: string
metrics:
eventThreshold:
minutes: integer
status: string
replicationTime:
status: string
time:
minutes: integer
storageClass: string
existingObjectReplication:
status: string
filter:
and:
prefix: string
tags:
- key: string
value: string
prefix: string
tag:
key: string
value: string
id: string
prefix: string
priority: integer
sourceSelectionCriteria:
replicaModifications:
status: string
sseKMSEncryptedObjects:
status: string
status: string
requestPayment:
payer: string
tagging:
tagSet:
- key: string
value: string
versioning:
status: string
website:
errorDocument:
key: string
indexDocument:
suffix: string
redirectAllRequestsTo:
hostName: string
protocol: string
routingRules:
condition:
httpErrorCodeReturnedEquals: string
keyPrefixEquals: string
redirect:
hostName: string
httpRedirectCode: string
protocol: string
replaceKeyPrefixWith: string
replaceKeyWith: string
| Field | Description |
|---|---|
| accelerate Optional | object Container for setting the transfer acceleration state. |
| accelerate.status Optional | string |
| acl Optional | string The canned ACL to apply to the bucket. This functionality is not supported for directory buckets. |
| analytics Optional | array |
| analytics.[] Required | object Specifies the configuration and any analyses for the analytics filter of |
| an Amazon S3 bucket. | |
| analytics.[].filter.and Optional | object A conjunction (logical AND) of predicates, which is used in evaluating a metrics filter. The operator must have at least two predicates in any combination, and an object must match all of the predicates for the filter to apply. |
| analytics.[].filter.and.prefix Optional | string |
| analytics.[].filter.and.tags Optional | array |
| analytics.[].filter.and.tags.[] Required | object A container of a key value name pair. |
| analytics.[].filter.and.tags.[].value Optional | string |
| analytics.[].filter.prefix Optional | string |
| analytics.[].filter.tag Optional | object A container of a key value name pair. |
| analytics.[].filter.tag.key Optional | string |
| analytics.[].filter.tag.value Optional | string |
| analytics.[].id Optional | string |
| analytics.[].storageClassAnalysis Optional | object Specifies data related to access patterns to be collected and made available to analyze the tradeoffs between different storage classes for an Amazon S3 bucket. |
| analytics.[].storageClassAnalysis.dataExport Optional | object Container for data related to the storage class analysis for an Amazon S3 bucket for export. |
| analytics.[].storageClassAnalysis.dataExport.destination Optional | object Where to publish the analytics results. |
| analytics.[].storageClassAnalysis.dataExport.destination.s3BucketDestination Optional | object Contains information about where to publish the analytics results. |
| analytics.[].storageClassAnalysis.dataExport.destination.s3BucketDestination.bucket Optional | string |
| analytics.[].storageClassAnalysis.dataExport.destination.s3BucketDestination.bucketAccountID Optional | string |
| analytics.[].storageClassAnalysis.dataExport.destination.s3BucketDestination.format Optional | string |
| analytics.[].storageClassAnalysis.dataExport.destination.s3BucketDestination.prefix Optional | string |
| analytics.[].storageClassAnalysis.dataExport.outputSchemaVersion Optional | string |
| cors Optional | object Describes the cross-origin access configuration for objects in an Amazon S3 bucket. For more information, see Enabling Cross-Origin Resource Sharing (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html) in the Amazon S3 User Guide. |
| cors.corsRules Optional | array |
| cors.corsRules.[] Required | object Specifies a cross-origin access rule for an Amazon S3 bucket. |
| cors.corsRules.[].allowedHeaders.[] Required | string |
| cors.corsRules.[].allowedMethods.[] Required | string |
| cors.corsRules.[].allowedOrigins.[] Required | string |
| cors.corsRules.[].exposeHeaders.[] Required | string |
| cors.corsRules.[].maxAgeSeconds Optional | integer |
| createBucketConfiguration Optional | object The configuration information for the bucket. |
| createBucketConfiguration.locationConstraint Optional | string |
| encryption Optional | object Specifies the default server-side-encryption configuration. |
| encryption.rules Optional | array |
| encryption.rules.[] Required | object Specifies the default server-side encryption configuration. |
General purpose buckets - If you’re specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that’s encrypted with a KMS key that belongs to the requester, and not the bucket owner.
Directory buckets - When you specify an KMS customer managed key (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn’t supported. || encryption.rules.[].applyServerSideEncryptionByDefault
Optional | object
Describes the default server-side encryption to apply to new objects in the
bucket. If a PUT Object request doesn’t specify any server-side encryption,
this default encryption will be applied. For more information, see PutBucketEncryption
(https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html).
* General purpose buckets - If you don’t specify a customer managed key
at configuration, Amazon S3 automatically creates an Amazon Web Services
KMS key (aws/s3) in your Amazon Web Services account the first time that
you add an object encrypted with SSE-KMS to a bucket. By default, Amazon
S3 uses this KMS key for SSE-KMS.
* Directory buckets - Your SSE-KMS configuration can only support 1 customer
managed key (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk)
per directory bucket for the lifetime of the bucket. The Amazon Web Services
managed key (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk)
(aws/s3) isn’t supported.
* Directory buckets - For directory buckets, there are only two supported
options for server-side encryption: SSE-S3 and SSE-KMS. | | encryption.rules.[].applyServerSideEncryptionByDefault.kmsMasterKeyID
Optional | string
| | encryption.rules.[].applyServerSideEncryptionByDefault.sseAlgorithm
Optional | string
| | encryption.rules.[].bucketKeyEnabled
Optional | boolean
| | grantFullControl
Optional | string
Allows grantee the read, write, read ACP, and write ACP permissions on the
bucket.
This functionality is not supported for directory buckets. | | grantRead
Optional | string
Allows grantee to list the objects in the bucket.
This functionality is not supported for directory buckets. | | grantReadACP
Optional | string
Allows grantee to read the bucket ACL.
This functionality is not supported for directory buckets. | | grantWrite
Optional | string
Allows grantee to create new objects in the bucket.
For the bucket and object owners of existing objects, also allows deletions
and overwrites of those objects.
This functionality is not supported for directory buckets. | | grantWriteACP
Optional | string
Allows grantee to write the ACL for the applicable bucket.
This functionality is not supported for directory buckets. | | intelligentTiering
Optional | array
| | intelligentTiering.[]
Required | object
Specifies the S3 Intelligent-Tiering configuration for an Amazon S3 bucket.
For information about the S3 Intelligent-Tiering storage class, see Storage
class for automatically optimizing frequently and infrequently accessed objects
(https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access). || intelligentTiering.[].filter
Optional | object
The Filter is used to identify objects that the S3 Intelligent-Tiering configuration
applies to. |
| intelligentTiering.[].filter.and
Optional | object
A container for specifying S3 Intelligent-Tiering filters. The filters determine
the subset of objects to which the rule applies. |
| intelligentTiering.[].filter.and.prefix
Optional | string
|
| intelligentTiering.[].filter.and.tags
Optional | array
|
| intelligentTiering.[].filter.and.tags.[]
Required | object
A container of a key value name pair. || intelligentTiering.[].filter.and.tags.[].key
Optional | string
|
| intelligentTiering.[].filter.and.tags.[].value
Optional | string
|
| intelligentTiering.[].filter.prefix
Optional | string
|
| intelligentTiering.[].filter.tag
Optional | object
A container of a key value name pair. |
| intelligentTiering.[].filter.tag.key
Optional | string
|
| intelligentTiering.[].filter.tag.value
Optional | string
|
| intelligentTiering.[].id
Optional | string
|
| intelligentTiering.[].status
Optional | string
|
| intelligentTiering.[].tierings
Optional | array
|
| intelligentTiering.[].tierings.[]
Required | object
The S3 Intelligent-Tiering storage class is designed to optimize storage
costs by automatically moving data to the most cost-effective storage access
tier, without additional operational overhead. || intelligentTiering.[].tierings.[].accessTier
Optional | string
|
| intelligentTiering.[].tierings.[].days
Optional | integer
|
| inventory
Optional | array
|
| inventory.[]
Required | object
Specifies the inventory configuration for an Amazon S3 bucket. For more information,
see GET Bucket inventory (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETInventoryConfig.html)
in the Amazon S3 API Reference. || inventory.[].destination
Optional | object
Specifies the inventory configuration for an Amazon S3 bucket. |
| inventory.[].destination.s3BucketDestination
Optional | object
Contains the bucket name, file format, bucket owner (optional), and prefix
(optional) where inventory results are published. |
| inventory.[].destination.s3BucketDestination.accountID
Optional | string
|
| inventory.[].destination.s3BucketDestination.bucket
Optional | string
|
| inventory.[].destination.s3BucketDestination.encryption
Optional | object
Contains the type of server-side encryption used to encrypt the inventory
results. |
| inventory.[].destination.s3BucketDestination.encryption.sseKMS
Optional | object
Specifies the use of SSE-KMS to encrypt delivered inventory reports. |
| inventory.[].destination.s3BucketDestination.encryption.sseKMS.keyID
Optional | string
|
| inventory.[].destination.s3BucketDestination.format
Optional | string
|
| inventory.[].destination.s3BucketDestination.prefix
Optional | string
|
| inventory.[].filter
Optional | object
Specifies an inventory filter. The inventory only includes objects that meet
the filter’s criteria. |
| inventory.[].filter.prefix
Optional | string
|
| inventory.[].id
Optional | string
|
| inventory.[].includedObjectVersions
Optional | string
|
| inventory.[].isEnabled
Optional | boolean
|
| inventory.[].optionalFields
Optional | array
|
| inventory.[].optionalFields.[]
Required | string
|| inventory.[].schedule
Optional | object
Specifies the schedule for generating inventory results. |
| inventory.[].schedule.frequency
Optional | string
|
| lifecycle
Optional | object
Container for lifecycle rules. You can add as many as 1,000 rules. |
| lifecycle.rules
Optional | array
|
| lifecycle.rules.[]
Required | object
A lifecycle rule for individual objects in an Amazon S3 bucket.
For more information see, Managing your storage lifecycle (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html)
in the Amazon S3 User Guide. || lifecycle.rules.[].abortIncompleteMultipartUpload
Optional | object
Specifies the days since the initiation of an incomplete multipart upload
that Amazon S3 will wait before permanently removing all parts of the upload.
For more information, see Aborting Incomplete Multipart Uploads Using a Bucket
Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config)
in the Amazon S3 User Guide. |
| lifecycle.rules.[].abortIncompleteMultipartUpload.daysAfterInitiation
Optional | integer
|
| lifecycle.rules.[].expiration
Optional | object
Container for the expiration for the lifecycle of the object.
For more information see, Managing your storage lifecycle (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html)
in the Amazon S3 User Guide. |
| lifecycle.rules.[].expiration.date
Optional | string
|
| lifecycle.rules.[].expiration.days
Optional | integer
|
| lifecycle.rules.[].expiration.expiredObjectDeleteMarker
Optional | boolean
|
| lifecycle.rules.[].filter
Optional | object
The Filter is used to identify objects that a Lifecycle Rule applies to.
A Filter can have exactly one of Prefix, Tag, ObjectSizeGreaterThan, ObjectSizeLessThan,
or And specified. If the Filter element is left empty, the Lifecycle Rule
applies to all objects in the bucket. |
| lifecycle.rules.[].filter.and
Optional | object
This is used in a Lifecycle Rule Filter to apply a logical AND to two or
more predicates. The Lifecycle Rule will apply to any object matching all
of the predicates configured inside the And operator. |
| lifecycle.rules.[].filter.and.objectSizeGreaterThan
Optional | integer
|
| lifecycle.rules.[].filter.and.objectSizeLessThan
Optional | integer
|
| lifecycle.rules.[].filter.and.prefix
Optional | string
|
| lifecycle.rules.[].filter.and.tags
Optional | array
|
| lifecycle.rules.[].filter.and.tags.[]
Required | object
A container of a key value name pair. || lifecycle.rules.[].filter.and.tags.[].key
Optional | string
|
| lifecycle.rules.[].filter.and.tags.[].value
Optional | string
|
| lifecycle.rules.[].filter.objectSizeGreaterThan
Optional | integer
|
| lifecycle.rules.[].filter.objectSizeLessThan
Optional | integer
|
| lifecycle.rules.[].filter.prefix
Optional | string
|
| lifecycle.rules.[].filter.tag
Optional | object
A container of a key value name pair. |
| lifecycle.rules.[].filter.tag.key
Optional | string
|
| lifecycle.rules.[].filter.tag.value
Optional | string
|
| lifecycle.rules.[].id
Optional | string
|
| lifecycle.rules.[].noncurrentVersionExpiration
Optional | object
Specifies when noncurrent object versions expire. Upon expiration, Amazon
S3 permanently deletes the noncurrent object versions. You set this lifecycle
configuration action on a bucket that has versioning enabled (or suspended)
to request that Amazon S3 delete noncurrent object versions at a specific
period in the object’s lifetime.
This parameter applies to general purpose buckets only. It is not supported
for directory bucket lifecycle configurations. |
| lifecycle.rules.[].noncurrentVersionExpiration.newerNoncurrentVersions
Optional | integer
|
| lifecycle.rules.[].noncurrentVersionExpiration.noncurrentDays
Optional | integer
|
| lifecycle.rules.[].noncurrentVersionTransitions
Optional | array
|
| lifecycle.rules.[].noncurrentVersionTransitions.[]
Required | object
Container for the transition rule that describes when noncurrent objects
transition to the STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER_IR,
GLACIER, or DEEP_ARCHIVE storage class. If your bucket is versioning-enabled
(or versioning is suspended), you can set this action to request that Amazon
S3 transition noncurrent object versions to the STANDARD_IA, ONEZONE_IA,
INTELLIGENT_TIERING, GLACIER_IR, GLACIER, or DEEP_ARCHIVE storage class at
a specific period in the object’s lifetime. || lifecycle.rules.[].noncurrentVersionTransitions.[].newerNoncurrentVersions
Optional | integer
|
| lifecycle.rules.[].noncurrentVersionTransitions.[].noncurrentDays
Optional | integer
|
| lifecycle.rules.[].noncurrentVersionTransitions.[].storageClass
Optional | string
|
| lifecycle.rules.[].prefix
Optional | string
|
| lifecycle.rules.[].status
Optional | string
|
| lifecycle.rules.[].transitions
Optional | array
|
| lifecycle.rules.[].transitions.[]
Required | object
Specifies when an object transitions to a specified storage class. For more
information about Amazon S3 lifecycle configuration rules, see Transitioning
Objects Using Amazon S3 Lifecycle (https://docs.aws.amazon.com/AmazonS3/latest/dev/lifecycle-transition-general-considerations.html)
in the Amazon S3 User Guide. || lifecycle.rules.[].transitions.[].date
Optional | string
|
| lifecycle.rules.[].transitions.[].days
Optional | integer
|
| lifecycle.rules.[].transitions.[].storageClass
Optional | string
|
| logging
Optional | object
Container for logging status information. |
| logging.loggingEnabled
Optional | object
Describes where logs are stored and the prefix that Amazon S3 assigns to
all log object keys for a bucket. For more information, see PUT Bucket logging
(https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTlogging.html)
in the Amazon S3 API Reference. |
| logging.loggingEnabled.targetBucket
Optional | string
|
| logging.loggingEnabled.targetGrants
Optional | array
|
| logging.loggingEnabled.targetGrants.[]
Required | object
Container for granting information.
Buckets that use the bucket owner enforced setting for Object Ownership don’t
support target grants. For more information, see Permissions server access
log delivery (https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-server-access-logging.html#grant-log-delivery-permissions-general)
in the Amazon S3 User Guide. || logging.loggingEnabled.targetGrants.[].grantee
Optional | object
Container for the person being granted permissions. |
| logging.loggingEnabled.targetGrants.[].grantee.displayName
Optional | string
|
| logging.loggingEnabled.targetGrants.[].grantee.emailAddress
Optional | string
|
| logging.loggingEnabled.targetGrants.[].grantee.id
Optional | string
|
| **logging.loggingEnabled.targetGrants.[].grantee.type_**
Optional | **string**
|
| **logging.loggingEnabled.targetGrants.[].grantee.uRI**
Optional | **string**
|
| **logging.loggingEnabled.targetGrants.[].permission**
Optional | **string**
|
| **logging.loggingEnabled.targetPrefix**
Optional | **string**
|
| **metrics**
Optional | **array**
|
| **metrics.[]**
Required | **object**
Specifies a metrics configuration for the CloudWatch request metrics (specified
by the metrics configuration ID) from an Amazon S3 bucket. If you’re updating
an existing metrics configuration, note that this is a full replacement of
the existing metrics configuration. If you don’t include the elements you
want to keep, they are erased. For more information, see PutBucketMetricsConfiguration
(https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTMetricConfiguration.html). || **metrics.[].filter**
Optional | **object**
Specifies a metrics configuration filter. The metrics configuration only
includes objects that meet the filter’s criteria. A filter must be a prefix,
an object tag, an access point ARN, or a conjunction (MetricsAndOperator).
For more information, see PutBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketMetricsConfiguration.html). |
| **metrics.[].filter.accessPointARN**
Optional | **string**
|
| **metrics.[].filter.and**
Optional | **object**
A conjunction (logical AND) of predicates, which is used in evaluating a
metrics filter. The operator must have at least two predicates, and an object
must match all of the predicates in order for the filter to apply. |
| **metrics.[].filter.and.accessPointARN**
Optional | **string**
|
| **metrics.[].filter.and.prefix**
Optional | **string**
|
| **metrics.[].filter.and.tags**
Optional | **array**
|
| **metrics.[].filter.and.tags.[]**
Required | **object**
A container of a key value name pair. || **metrics.[].filter.and.tags.[].key**
Optional | **string**
|
| **metrics.[].filter.and.tags.[].value**
Optional | **string**
|
| **metrics.[].filter.prefix**
Optional | **string**
|
| **metrics.[].filter.tag**
Optional | **object**
A container of a key value name pair. |
| **metrics.[].filter.tag.key**
Optional | **string**
|
| **metrics.[].filter.tag.value**
Optional | **string**
|
| **metrics.[].id**
Optional | **string**
|
| **name**
Required | **string**
The name of the bucket to create.
General purpose buckets - For information about bucket naming restrictions,
see Bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html)
in the Amazon S3 User Guide.
Directory buckets - When you use this operation with a directory bucket,
you must use path-style requests in the format https://s3express-control.region-code.amazonaws.com/bucket-name
. Virtual-hosted-style requests aren’t supported. Directory bucket names
must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket
names must also follow the format bucket-base-name–zone-id–x-s3 (for example,
DOC-EXAMPLE-BUCKET–usw2-az1–x-s3). For information about bucket naming
restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html)
in the Amazon S3 User Guide |
| **notification**
Optional | **object**
A container for specifying the notification configuration of the bucket.
If this element is empty, notifications are turned off for the bucket. |
| **notification.lambdaFunctionConfigurations**
Optional | **array**
|
| **notification.lambdaFunctionConfigurations.[]**
Required | **object**
A container for specifying the configuration for Lambda notifications. || **notification.lambdaFunctionConfigurations.[].events**
Optional | **array**
|
| **notification.lambdaFunctionConfigurations.[].events.[]**
Required | **string**
|| **notification.lambdaFunctionConfigurations.[].filter**
Optional | **object**
Specifies object key name filtering rules. For information about key name
filtering, see Configuring event notifications using object key name filtering
(https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-filtering.html)
in the Amazon S3 User Guide. |
| **notification.lambdaFunctionConfigurations.[].filter.key**
Optional | **object**
A container for object key name prefix and suffix filtering rules. |
| **notification.lambdaFunctionConfigurations.[].filter.key.filterRules**
Optional | **array**
A list of containers for the key-value pair that defines the criteria for
the filter rule. |
| **notification.lambdaFunctionConfigurations.[].filter.key.filterRules.[]**
Required | **object**
Specifies the Amazon S3 object key name to filter on. An object key name
is the name assigned to an object in your Amazon S3 bucket. You specify whether
to filter on the suffix or prefix of the object key name. A prefix is a specific
string of characters at the beginning of an object key name, which you can
use to organize objects. For example, you can start the key names of related
objects with a prefix, such as 2023- or engineering/. Then, you can use FilterRule
to find objects in a bucket with key names that have the same prefix. A suffix
is similar to a prefix, but it is at the end of the object key name instead
of at the beginning. || **notification.lambdaFunctionConfigurations.[].filter.key.filterRules.[].name**
Optional | **string**
|
| **notification.lambdaFunctionConfigurations.[].filter.key.filterRules.[].value**
Optional | **string**
|
| **notification.lambdaFunctionConfigurations.[].id**
Optional | **string**
An optional unique identifier for configurations in a notification configuration.
If you don’t provide one, Amazon S3 will assign an ID. |
| **notification.lambdaFunctionConfigurations.[].lambdaFunctionARN**
Optional | **string**
|
| **notification.queueConfigurations**
Optional | **array**
|
| **notification.queueConfigurations.[]**
Required | **object**
Specifies the configuration for publishing messages to an Amazon Simple Queue
Service (Amazon SQS) queue when Amazon S3 detects specified events. || **notification.queueConfigurations.[].events**
Optional | **array**
|
| **notification.queueConfigurations.[].events.[]**
Required | **string**
|| **notification.queueConfigurations.[].filter**
Optional | **object**
Specifies object key name filtering rules. For information about key name
filtering, see Configuring event notifications using object key name filtering
(https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-filtering.html)
in the Amazon S3 User Guide. |
| **notification.queueConfigurations.[].filter.key**
Optional | **object**
A container for object key name prefix and suffix filtering rules. |
| **notification.queueConfigurations.[].filter.key.filterRules**
Optional | **array**
A list of containers for the key-value pair that defines the criteria for
the filter rule. |
| **notification.queueConfigurations.[].filter.key.filterRules.[]**
Required | **object**
Specifies the Amazon S3 object key name to filter on. An object key name
is the name assigned to an object in your Amazon S3 bucket. You specify whether
to filter on the suffix or prefix of the object key name. A prefix is a specific
string of characters at the beginning of an object key name, which you can
use to organize objects. For example, you can start the key names of related
objects with a prefix, such as 2023- or engineering/. Then, you can use FilterRule
to find objects in a bucket with key names that have the same prefix. A suffix
is similar to a prefix, but it is at the end of the object key name instead
of at the beginning. || **notification.queueConfigurations.[].filter.key.filterRules.[].name**
Optional | **string**
|
| **notification.queueConfigurations.[].filter.key.filterRules.[].value**
Optional | **string**
|
| **notification.queueConfigurations.[].id**
Optional | **string**
An optional unique identifier for configurations in a notification configuration.
If you don’t provide one, Amazon S3 will assign an ID. |
| **notification.queueConfigurations.[].queueARN**
Optional | **string**
|
| **notification.topicConfigurations**
Optional | **array**
|
| **notification.topicConfigurations.[]**
Required | **object**
A container for specifying the configuration for publication of messages
to an Amazon Simple Notification Service (Amazon SNS) topic when Amazon S3
detects specified events. || **notification.topicConfigurations.[].events**
Optional | **array**
|
| **notification.topicConfigurations.[].events.[]**
Required | **string**
|| **notification.topicConfigurations.[].filter**
Optional | **object**
Specifies object key name filtering rules. For information about key name
filtering, see Configuring event notifications using object key name filtering
(https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-filtering.html)
in the Amazon S3 User Guide. |
| **notification.topicConfigurations.[].filter.key**
Optional | **object**
A container for object key name prefix and suffix filtering rules. |
| **notification.topicConfigurations.[].filter.key.filterRules**
Optional | **array**
A list of containers for the key-value pair that defines the criteria for
the filter rule. |
| **notification.topicConfigurations.[].filter.key.filterRules.[]**
Required | **object**
Specifies the Amazon S3 object key name to filter on. An object key name
is the name assigned to an object in your Amazon S3 bucket. You specify whether
to filter on the suffix or prefix of the object key name. A prefix is a specific
string of characters at the beginning of an object key name, which you can
use to organize objects. For example, you can start the key names of related
objects with a prefix, such as 2023- or engineering/. Then, you can use FilterRule
to find objects in a bucket with key names that have the same prefix. A suffix
is similar to a prefix, but it is at the end of the object key name instead
of at the beginning. || **notification.topicConfigurations.[].filter.key.filterRules.[].name**
Optional | **string**
|
| **notification.topicConfigurations.[].filter.key.filterRules.[].value**
Optional | **string**
|
| **notification.topicConfigurations.[].id**
Optional | **string**
An optional unique identifier for configurations in a notification configuration.
If you don’t provide one, Amazon S3 will assign an ID. |
| **notification.topicConfigurations.[].topicARN**
Optional | **string**
|
| **objectLockEnabledForBucket**
Optional | **boolean**
Specifies whether you want S3 Object Lock to be enabled for the new bucket.
This functionality is not supported for directory buckets. |
| **objectOwnership**
Optional | **string**
|
| **ownershipControls**
Optional | **object**
The OwnershipControls (BucketOwnerEnforced, BucketOwnerPreferred, or ObjectWriter)
that you want to apply to this Amazon S3 bucket. |
| **ownershipControls.rules**
Optional | **array**
|
| **ownershipControls.rules.[]**
Required | **object**
The container element for an ownership control rule. || **ownershipControls.rules.[].objectOwnership**
Optional | **string**
The container element for object ownership for a bucket’s ownership controls.
BucketOwnerPreferred - Objects uploaded to the bucket change ownership to
the bucket owner if the objects are uploaded with the bucket-owner-full-control
canned ACL.
ObjectWriter - The uploading account will own the object if the object is
uploaded with the bucket-owner-full-control canned ACL.
BucketOwnerEnforced - Access control lists (ACLs) are disabled and no longer
affect permissions. The bucket owner automatically owns and has full control
over every object in the bucket. The bucket only accepts PUT requests that
don’t specify an ACL or specify bucket owner full control ACLs (such as the
predefined bucket-owner-full-control canned ACL or a custom ACL in XML format
that grants the same permissions).
By default, ObjectOwnership is set to BucketOwnerEnforced and ACLs are disabled.
We recommend keeping ACLs disabled, except in uncommon use cases where you
must control access for each object individually. For more information about
S3 Object Ownership, see Controlling ownership of objects and disabling ACLs
for your bucket (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html)
in the Amazon S3 User Guide.
This functionality is not supported for directory buckets. Directory buckets
use the bucket owner enforced setting for S3 Object Ownership. |
| **policy**
Optional | **string**
The bucket policy as a JSON document.
For directory buckets, the only IAM action supported in the bucket policy
is s3express:CreateSession. |
| **publicAccessBlock**
Optional | **object**
The PublicAccessBlock configuration that you want to apply to this Amazon
S3 bucket. You can enable the configuration options in any combination. For
more information about when Amazon S3 considers a bucket or object public,
see The Meaning of “Public” (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status)
in the Amazon S3 User Guide. |
| **publicAccessBlock.blockPublicACLs**
Optional | **boolean**
|
| **publicAccessBlock.blockPublicPolicy**
Optional | **boolean**
|
| **publicAccessBlock.ignorePublicACLs**
Optional | **boolean**
|
| **publicAccessBlock.restrictPublicBuckets**
Optional | **boolean**
|
| **replication**
Optional | **object**
A container for replication rules. You can add up to 1,000 rules. The maximum
size of a replication configuration is 2 MB. |
| **replication.role**
Optional | **string**
|
| **replication.rules**
Optional | **array**
|
| **replication.rules.[]**
Required | **object**
Specifies which Amazon S3 objects to replicate and where to store the replicas. || **replication.rules.[].deleteMarkerReplication**
Optional | **object**
Specifies whether Amazon S3 replicates delete markers. If you specify a Filter
in your replication configuration, you must also include a DeleteMarkerReplication
element. If your Filter includes a Tag element, the DeleteMarkerReplication
Status must be set to Disabled, because Amazon S3 does not support replicating
delete markers for tag-based rules. For an example configuration, see Basic
Rule Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-config-min-rule-config).
For more information about delete marker replication, see Basic Rule Configuration
(https://docs.aws.amazon.com/AmazonS3/latest/dev/delete-marker-replication.html).
If you are using an earlier version of the replication configuration, Amazon
S3 handles replication of delete markers differently. For more information,
see Backward Compatibility (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-backward-compat-considerations). |
| **replication.rules.[].deleteMarkerReplication.status**
Optional | **string**
|
| **replication.rules.[].destination**
Optional | **object**
Specifies information about where to publish analysis or configuration results
for an Amazon S3 bucket and S3 Replication Time Control (S3 RTC). |
| **replication.rules.[].destination.accessControlTranslation**
Optional | **object**
A container for information about access control for replicas. |
| **replication.rules.[].destination.accessControlTranslation.owner**
Optional | **string**
|
| **replication.rules.[].destination.account**
Optional | **string**
|
| **replication.rules.[].destination.bucket**
Optional | **string**
|
| **replication.rules.[].destination.encryptionConfiguration**
Optional | **object**
Specifies encryption-related information for an Amazon S3 bucket that is
a destination for replicated objects.
If you’re specifying a customer managed KMS key, we recommend using a fully
qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves
the key within the requester’s account. This behavior can result in data
that’s encrypted with a KMS key that belongs to the requester, and not the
bucket owner. |
| **replication.rules.[].destination.encryptionConfiguration.replicaKMSKeyID**
Optional | **string**
|
| **replication.rules.[].destination.metrics**
Optional | **object**
A container specifying replication metrics-related settings enabling replication
metrics and events. |
| **replication.rules.[].destination.metrics.eventThreshold**
Optional | **object**
A container specifying the time value for S3 Replication Time Control (S3
RTC) and replication metrics EventThreshold. |
| **replication.rules.[].destination.metrics.eventThreshold.minutes**
Optional | **integer**
|
| **replication.rules.[].destination.metrics.status**
Optional | **string**
|
| **replication.rules.[].destination.replicationTime**
Optional | **object**
A container specifying S3 Replication Time Control (S3 RTC) related information,
including whether S3 RTC is enabled and the time when all objects and operations
on objects must be replicated. Must be specified together with a Metrics
block. |
| **replication.rules.[].destination.replicationTime.status**
Optional | **string**
|
| **replication.rules.[].destination.replicationTime.time**
Optional | **object**
A container specifying the time value for S3 Replication Time Control (S3
RTC) and replication metrics EventThreshold. |
| **replication.rules.[].destination.replicationTime.time.minutes**
Optional | **integer**
|
| **replication.rules.[].destination.storageClass**
Optional | **string**
|
| **replication.rules.[].existingObjectReplication**
Optional | **object**
Optional configuration to replicate existing source bucket objects.
This parameter is no longer supported. To replicate existing objects, see
Replicating existing objects with S3 Batch Replication (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-batch-replication-batch.html)
in the Amazon S3 User Guide. |
| **replication.rules.[].existingObjectReplication.status**
Optional | **string**
|
| **replication.rules.[].filter**
Optional | **object**
A filter that identifies the subset of objects to which the replication rule
applies. A Filter must specify exactly one Prefix, Tag, or an And child element. |
| **replication.rules.[].filter.and**
Optional | **object**
A container for specifying rule filters. The filters determine the subset
of objects to which the rule applies. This element is required only if you
specify more than one filter.
For example:
* If you specify both a Prefix and a Tag filter, wrap these filters in
an And tag.
* If you specify a filter based on multiple tags, wrap the Tag elements
in an And tag. |
| **replication.rules.[].filter.and.prefix**
Optional | **string**
|
| **replication.rules.[].filter.and.tags**
Optional | **array**
|
| **replication.rules.[].filter.and.tags.[]**
Required | **object**
A container of a key value name pair. || **replication.rules.[].filter.and.tags.[].key**
Optional | **string**
|
| **replication.rules.[].filter.and.tags.[].value**
Optional | **string**
|
| **replication.rules.[].filter.prefix**
Optional | **string**
|
| **replication.rules.[].filter.tag**
Optional | **object**
A container of a key value name pair. |
| **replication.rules.[].filter.tag.key**
Optional | **string**
|
| **replication.rules.[].filter.tag.value**
Optional | **string**
|
| **replication.rules.[].id**
Optional | **string**
|
| **replication.rules.[].prefix**
Optional | **string**
|
| **replication.rules.[].priority**
Optional | **integer**
|
| **replication.rules.[].sourceSelectionCriteria**
Optional | **object**
A container that describes additional filters for identifying the source
objects that you want to replicate. You can choose to enable or disable the
replication of these objects. Currently, Amazon S3 supports only the filter
that you can specify for objects created with server-side encryption using
a customer managed key stored in Amazon Web Services Key Management Service
(SSE-KMS). |
| **replication.rules.[].sourceSelectionCriteria.replicaModifications**
Optional | **object**
A filter that you can specify for selection for modifications on replicas.
Amazon S3 doesn’t replicate replica modifications by default. In the latest
version of replication configuration (when Filter is specified), you can
specify this element and set the status to Enabled to replicate modifications
on replicas.
If you don’t specify the Filter element, Amazon S3 assumes that the replication
configuration is the earlier version, V1. In the earlier version, this element
is not allowed. |
| **replication.rules.[].sourceSelectionCriteria.replicaModifications.status**
Optional | **string**
|
| **replication.rules.[].sourceSelectionCriteria.sseKMSEncryptedObjects**
Optional | **object**
A container for filter information for the selection of S3 objects encrypted
with Amazon Web Services KMS. |
| **replication.rules.[].sourceSelectionCriteria.sseKMSEncryptedObjects.status**
Optional | **string**
|
| **replication.rules.[].status**
Optional | **string**
|
| **requestPayment**
Optional | **object**
Container for Payer. |
| **requestPayment.payer**
Optional | **string**
|
| **tagging**
Optional | **object**
Container for the TagSet and Tag elements. |
| **tagging.tagSet**
Optional | **array**
|
| **tagging.tagSet.[]**
Required | **object**
A container of a key value name pair. || **tagging.tagSet.[].key**
Optional | **string**
|
| **tagging.tagSet.[].value**
Optional | **string**
|
| **versioning**
Optional | **object**
Container for setting the versioning state. |
| **versioning.status**
Optional | **string**
|
| **website**
Optional | **object**
Container for the request. |
| **website.errorDocument**
Optional | **object**
The error information. |
| **website.errorDocument.key**
Optional | **string**
|
| **website.indexDocument**
Optional | **object**
Container for the Suffix element. |
| **website.indexDocument.suffix**
Optional | **string**
|
| **website.redirectAllRequestsTo**
Optional | **object**
Specifies the redirect behavior of all requests to a website endpoint of
an Amazon S3 bucket. |
| **website.redirectAllRequestsTo.hostName**
Optional | **string**
|
| **website.redirectAllRequestsTo.protocol**
Optional | **string**
|
| **website.routingRules**
Optional | **array**
|
| **website.routingRules.[]**
Required | **object**
Specifies the redirect behavior and when a redirect is applied. For more
information about routing rules, see Configuring advanced conditional redirects
(https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html#advanced-conditional-redirects)
in the Amazon S3 User Guide. || **website.routingRules.[].condition**
Optional | **object**
A container for describing a condition that must be met for the specified
redirect to apply. For example, 1. If request is for pages in the /docs folder,
redirect to the /documents folder. 2. If request results in HTTP error 4xx,
redirect request to another host where you might process the error. |
| **website.routingRules.[].condition.httpErrorCodeReturnedEquals**
Optional | **string**
|
| **website.routingRules.[].condition.keyPrefixEquals**
Optional | **string**
|
| **website.routingRules.[].redirect**
Optional | **object**
Specifies how requests are redirected. In the event of an error, you can
specify a different error code to return. |
| **website.routingRules.[].redirect.hostName**
Optional | **string**
|
| **website.routingRules.[].redirect.httpRedirectCode**
Optional | **string**
|
| **website.routingRules.[].redirect.protocol**
Optional | **string**
|
| **website.routingRules.[].redirect.replaceKeyPrefixWith**
Optional | **string**
|
| **website.routingRules.[].redirect.replaceKeyWith**
Optional | **string**
|
Status
ackResourceMetadata:
arn: string
ownerAccountID: string
region: string
conditions:
- lastTransitionTime: string
message: string
reason: string
status: string
type: string
location: string
| Field | Description |
|---|---|
| ackResourceMetadata Optional | object All CRs managed by ACK have a common Status.ACKResourceMetadata memberthat is used to contain resource sync state, account ownership, constructed ARN for the resource |
| ackResourceMetadata.arn Optional | string ARN is the Amazon Resource Name for the resource. This is a globally-unique identifier and is set only by the ACK service controller once the controller has orchestrated the creation of the resource OR when it has verified that an “adopted” resource (a resource where the ARN annotation was set by the Kubernetes user on the CR) exists and matches the supplied CR’s Spec field values. https://github.com/aws/aws-controllers-k8s/issues/270 |
| ackResourceMetadata.ownerAccountID Required | string OwnerAccountID is the AWS Account ID of the account that owns the backend AWS service API resource. |
| ackResourceMetadata.region Required | string Region is the AWS region in which the resource exists or will exist. |
| conditions Optional | array All CRs managed by ACK have a common Status.Conditions member thatcontains a collection of ackv1alpha1.Condition objects that describethe various terminal states of the CR and its backend AWS service API resource |
| conditions.[] Required | object Condition is the common struct used by all CRDs managed by ACK service |
| controllers to indicate terminal states of the CR and its backend AWS | |
| service API resource | |
| conditions.[].message Optional | string A human readable message indicating details about the transition. |
| conditions.[].reason Optional | string The reason for the condition’s last transition. |
| conditions.[].status Optional | string Status of the condition, one of True, False, Unknown. |
| conditions.[].type Optional | string Type is the type of the Condition |
| location Optional | string A forward slash followed by the name of the bucket. |