@cloudcomponents/cdk-s3-antivirus
@cloudcomponents/cdk-s3-antivirus / ClamavLayer
Clamav Lambda layer.
-
LayerVersion
↳
ClamavLayer
- _enableCrossEnvironment
- addPermission
- applyRemovalPolicy
- generatePhysicalName
- getResourceArnAttribute
- getResourceNameAttribute
- onPrepare
- onSynthesize
- onValidate
- prepare
- synthesize
- toString
- validate
- fromLayerVersionArn
- fromLayerVersionAttributes
- isConstruct
- isResource
• new ClamavLayer(scope
, id
)
Name | Type |
---|---|
scope |
Construct |
id |
string |
lambda.LayerVersion.constructor
• Optional
Readonly
compatibleRuntimes: Runtime
[]
The runtimes compatible with this Layer.
stability
stable
lambda.LayerVersion.compatibleRuntimes
• Readonly
env: ResourceEnvironment
The environment this resource belongs to.
For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.
stability
stable
lambda.LayerVersion.env
• Readonly
layerVersionArn: string
The ARN of the Lambda Layer version that this Layer defines.
stability
stable
lambda.LayerVersion.layerVersionArn
• Readonly
node: ConstructNode
The construct tree node associated with this construct.
stability
stable
lambda.LayerVersion.node
• Protected
Readonly
physicalName: string
Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
This value will resolve to one of the following:
- a concrete value (e.g.
"my-awesome-bucket"
) undefined
, when a name should be generated by CloudFormation- a concrete name generated automatically during synthesis, in cross-environment scenarios.
stability
stable
lambda.LayerVersion.physicalName
• Readonly
stack: Stack
The stack in which this resource is defined.
stability
stable
lambda.LayerVersion.stack
▸ _enableCrossEnvironment(): void
Called when this resource is referenced across environments (account/region) to order to request that a physical name will be generated for this resource during synthesis, so the resource can be referenced through it's absolute name/arn.
internal
void
lambda.LayerVersion._enableCrossEnvironment
▸ addPermission(id
, permission
): void
Add permission for this layer version to specific entities.
Usage within
the same account where the layer is defined is always allowed and does not
require calling this method. Note that the principal that creates the
Lambda function using the layer (for example, a CloudFormation changeset
execution role) also needs to have the lambda:GetLayerVersion
permission on the layer version.
stability
stable
Name | Type |
---|---|
id |
string |
permission |
LayerVersionPermission |
void
lambda.LayerVersion.addPermission
▸ applyRemovalPolicy(policy
): void
Apply the given removal policy to this resource.
The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.
The resource can be deleted (RemovalPolicy.DESTROY
), or left in your AWS
account for data recovery and cleanup later (RemovalPolicy.RETAIN
).
stability
stable
Name | Type |
---|---|
policy |
RemovalPolicy |
void
lambda.LayerVersion.applyRemovalPolicy
▸ Protected
generatePhysicalName(): string
stability
stable
string
lambda.LayerVersion.generatePhysicalName
▸ Protected
getResourceArnAttribute(arnAttr
, arnComponents
): string
Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. bucket.bucketArn
).
Normally, this token will resolve to arnAttr
, but if the resource is
referenced across environments, arnComponents
will be used to synthesize
a concrete ARN with the resource's physical name. Make sure to reference
this.physicalName
in arnComponents
.
stability
stable
Name | Type | Description |
---|---|---|
arnAttr |
string |
The CFN attribute which resolves to the ARN of the resource. |
arnComponents |
ArnComponents |
The format of the ARN of this resource. |
string
lambda.LayerVersion.getResourceArnAttribute
▸ Protected
getResourceNameAttribute(nameAttr
): string
Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. bucket.bucketName
).
Normally, this token will resolve to nameAttr
, but if the resource is
referenced across environments, it will be resolved to this.physicalName
,
which will be a concrete name.
stability
stable
Name | Type | Description |
---|---|---|
nameAttr |
string |
The CFN attribute which resolves to the resource's name. |
string
lambda.LayerVersion.getResourceNameAttribute
▸ Protected
onPrepare(): void
Perform final modifications before synthesis.
This method can be implemented by derived constructs in order to perform final changes before synthesis. prepare() will be called after child constructs have been prepared.
This is an advanced framework feature. Only use this if you understand the implications.
stability
stable
void
lambda.LayerVersion.onPrepare
▸ Protected
onSynthesize(session
): void
Allows this construct to emit artifacts into the cloud assembly during synthesis.
This method is usually implemented by framework-level constructs such as Stack
and Asset
as they participate in synthesizing the cloud assembly.
stability
stable
Name | Type | Description |
---|---|---|
session |
ISynthesisSession |
The synthesis session. |
void
lambda.LayerVersion.onSynthesize
▸ Protected
onValidate(): string
[]
Validate the current construct.
This method can be implemented by derived constructs in order to perform validation logic. It is called on all constructs before synthesis.
stability
stable
string
[]
An array of validation error messages, or an empty array if the construct is valid.
lambda.LayerVersion.onValidate
▸ Protected
prepare(): void
Perform final modifications before synthesis.
This method can be implemented by derived constructs in order to perform final changes before synthesis. prepare() will be called after child constructs have been prepared.
This is an advanced framework feature. Only use this if you understand the implications.
stability
stable
void
lambda.LayerVersion.prepare
▸ Protected
synthesize(session
): void
Allows this construct to emit artifacts into the cloud assembly during synthesis.
This method is usually implemented by framework-level constructs such as Stack
and Asset
as they participate in synthesizing the cloud assembly.
stability
stable
Name | Type | Description |
---|---|---|
session |
ISynthesisSession |
The synthesis session. |
void
lambda.LayerVersion.synthesize
▸ toString(): string
Returns a string representation of this construct.
stability
stable
string
lambda.LayerVersion.toString
▸ Protected
validate(): string
[]
Validate the current construct.
This method can be implemented by derived constructs in order to perform validation logic. It is called on all constructs before synthesis.
stability
stable
string
[]
An array of validation error messages, or an empty array if the construct is valid.
lambda.LayerVersion.validate
▸ Static
fromLayerVersionArn(scope
, id
, layerVersionArn
): ILayerVersion
Imports a layer version by ARN.
Assumes it is compatible with all Lambda runtimes.
stability
stable
Name | Type |
---|---|
scope |
Construct |
id |
string |
layerVersionArn |
string |
ILayerVersion
lambda.LayerVersion.fromLayerVersionArn
▸ Static
fromLayerVersionAttributes(scope
, id
, attrs
): ILayerVersion
Imports a Layer that has been defined externally.
stability
stable
Name | Type | Description |
---|---|---|
scope |
Construct |
the parent Construct that will use the imported layer. |
id |
string |
the id of the imported layer in the construct tree. |
attrs |
LayerVersionAttributes |
the properties of the imported layer. |
ILayerVersion
lambda.LayerVersion.fromLayerVersionAttributes
▸ Static
isConstruct(x
): x is Construct
Return whether the given object is a Construct.
stability
stable
Name | Type |
---|---|
x |
any |
x is Construct
lambda.LayerVersion.isConstruct
▸ Static
isResource(construct
): construct is CfnResource
Check whether the given construct is a Resource.
stability
stable
Name | Type |
---|---|
construct |
IConstruct |
construct is CfnResource
lambda.LayerVersion.isResource
@cloudcomponents/cdk-s3-antivirus / DefinitionBucket
-
Bucket
↳
DefinitionBucket
- autoCreatePolicy
- bucketArn
- bucketDomainName
- bucketDualStackDomainName
- bucketName
- bucketRegionalDomainName
- bucketWebsiteDomainName
- bucketWebsiteUrl
- disallowPublicAccess
- encryptionKey
- env
- isWebsite
- node
- physicalName
- policy
- stack
- _enableCrossEnvironment
- addCorsRule
- addEventNotification
- addInventory
- addLifecycleRule
- addMetric
- addObjectCreatedNotification
- addObjectRemovedNotification
- addToResourcePolicy
- applyRemovalPolicy
- arnForObjects
- generatePhysicalName
- getResourceArnAttribute
- getResourceNameAttribute
- grantDelete
- grantPublicAccess
- grantPut
- grantPutAcl
- grantRead
- grantReadWrite
- grantWrite
- onCloudTrailEvent
- onCloudTrailPutObject
- onCloudTrailWriteObject
- onPrepare
- onSynthesize
- onValidate
- prepare
- s3UrlForObject
- synthesize
- toString
- transferAccelerationUrlForObject
- urlForObject
- validate
- virtualHostedUrlForObject
- fromBucketArn
- fromBucketAttributes
- fromBucketName
- isConstruct
- isResource
- validateBucketName
• new DefinitionBucket(scope
, id
, props
)
Name | Type |
---|---|
scope |
Construct |
id |
string |
props |
DefinitionBucketProps |
Bucket.constructor
• Protected
autoCreatePolicy: boolean
Indicates if a bucket resource policy should automatically created upon the first call to addToResourcePolicy
.
stability
stable
Bucket.autoCreatePolicy
• Readonly
bucketArn: string
The ARN of the bucket.
stability
stable
Bucket.bucketArn
• Readonly
bucketDomainName: string
The IPv4 DNS name of the specified bucket.
stability
stable
Bucket.bucketDomainName
• Readonly
bucketDualStackDomainName: string
The IPv6 DNS name of the specified bucket.
stability
stable
Bucket.bucketDualStackDomainName
• Readonly
bucketName: string
The name of the bucket.
stability
stable
Bucket.bucketName
• Readonly
bucketRegionalDomainName: string
The regional domain name of the specified bucket.
stability
stable
Bucket.bucketRegionalDomainName
• Readonly
bucketWebsiteDomainName: string
The Domain name of the static website.
stability
stable
Bucket.bucketWebsiteDomainName
• Readonly
bucketWebsiteUrl: string
The URL of the static website.
stability
stable
Bucket.bucketWebsiteUrl
• Protected
Optional
disallowPublicAccess: boolean
Whether to disallow public access.
stability
stable
Bucket.disallowPublicAccess
• Optional
Readonly
encryptionKey: IKey
Optional KMS encryption key associated with this bucket.
stability
stable
Bucket.encryptionKey
• Readonly
env: ResourceEnvironment
The environment this resource belongs to.
For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.
stability
stable
Bucket.env
• Optional
Readonly
isWebsite: boolean
If this bucket has been configured for static website hosting.
stability
stable
Bucket.isWebsite
• Readonly
node: ConstructNode
The construct tree node associated with this construct.
stability
stable
Bucket.node
• Protected
Readonly
physicalName: string
Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
This value will resolve to one of the following:
- a concrete value (e.g.
"my-awesome-bucket"
) undefined
, when a name should be generated by CloudFormation- a concrete name generated automatically during synthesis, in cross-environment scenarios.
stability
stable
Bucket.physicalName
• Optional
policy: BucketPolicy
The resource policy associated with this bucket.
If autoCreatePolicy
is true, a BucketPolicy
will be created upon the
first call to addToResourcePolicy(s).
stability
stable
Bucket.policy
• Readonly
stack: Stack
The stack in which this resource is defined.
stability
stable
Bucket.stack
• Private
get
putActions(): any
any
Bucket.putActions
• Private
get
writeActions(): any
any
Bucket.writeActions
▸ _enableCrossEnvironment(): void
Called when this resource is referenced across environments (account/region) to order to request that a physical name will be generated for this resource during synthesis, so the resource can be referenced through it's absolute name/arn.
internal
void
Bucket._enableCrossEnvironment
▸ addCorsRule(rule
): void
Adds a cross-origin access configuration for objects in an Amazon S3 bucket.
stability
stable
Name | Type | Description |
---|---|---|
rule |
CorsRule |
The CORS configuration rule to add. |
void
Bucket.addCorsRule
▸ addEventNotification(event
, dest
, ...filters
): void
Adds a bucket notification event destination.
see
https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html
stability
stable
example
declare const myLambda: lambda.Function; const bucket = new s3.Bucket(this, 'MyBucket'); bucket.addEventNotification(s3.EventType.OBJECT_CREATED, new s3n.LambdaDestination(myLambda), {prefix: 'home/myusername/*'});
Name | Type | Description |
---|---|---|
event |
EventType |
The event to trigger the notification. |
dest |
IBucketNotificationDestination |
The notification destination (Lambda, SNS Topic or SQS Queue). |
...filters |
NotificationKeyFilter [] |
S3 object key filter rules to determine which objects trigger this event. |
void
Bucket.addEventNotification
▸ addInventory(inventory
): void
Add an inventory configuration.
stability
stable
Name | Type | Description |
---|---|---|
inventory |
Inventory |
configuration to add. |
void
Bucket.addInventory
▸ addLifecycleRule(rule
): void
Add a lifecycle rule to the bucket.
stability
stable
Name | Type | Description |
---|---|---|
rule |
LifecycleRule |
The rule to add. |
void
Bucket.addLifecycleRule
▸ addMetric(metric
): void
Adds a metrics configuration for the CloudWatch request metrics from the bucket.
stability
stable
Name | Type | Description |
---|---|---|
metric |
BucketMetrics |
The metric configuration to add. |
void
Bucket.addMetric
▸ addObjectCreatedNotification(dest
, ...filters
): void
Subscribes a destination to receive notifications when an object is created in the bucket.
This is identical to calling
onEvent(EventType.OBJECT_CREATED)
.
stability
stable
Name | Type | Description |
---|---|---|
dest |
IBucketNotificationDestination |
The notification destination (see onEvent). |
...filters |
NotificationKeyFilter [] |
Filters (see onEvent). |
void
Bucket.addObjectCreatedNotification
▸ addObjectRemovedNotification(dest
, ...filters
): void
Subscribes a destination to receive notifications when an object is removed from the bucket.
This is identical to calling
onEvent(EventType.OBJECT_REMOVED)
.
stability
stable
Name | Type | Description |
---|---|---|
dest |
IBucketNotificationDestination |
The notification destination (see onEvent). |
...filters |
NotificationKeyFilter [] |
Filters (see onEvent). |
void
Bucket.addObjectRemovedNotification
▸ addToResourcePolicy(permission
): AddToResourcePolicyResult
Adds a statement to the resource policy for a principal (i.e. account/role/service) to perform actions on this bucket and/or its contents. Use bucketArn
and arnForObjects(keys)
to obtain ARNs for this bucket or objects.
Note that the policy statement may or may not be added to the policy.
For example, when an IBucket
is created from an existing bucket,
it's not possible to tell whether the bucket already has a policy
attached, let alone to re-use that policy to add more statements to it.
So it's safest to do nothing in these cases.
stability
stable
Name | Type | Description |
---|---|---|
permission |
PolicyStatement |
the policy statement to be added to the bucket's policy. |
AddToResourcePolicyResult
metadata about the execution of this method. If the policy
was not added, the value of statementAdded
will be false
. You
should always check this value to make sure that the operation was
actually carried out. Otherwise, synthesis and deploy will terminate
silently, which may be confusing.
Bucket.addToResourcePolicy
▸ applyRemovalPolicy(policy
): void
Apply the given removal policy to this resource.
The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.
The resource can be deleted (RemovalPolicy.DESTROY
), or left in your AWS
account for data recovery and cleanup later (RemovalPolicy.RETAIN
).
stability
stable
Name | Type |
---|---|
policy |
RemovalPolicy |
void
Bucket.applyRemovalPolicy
▸ arnForObjects(keyPattern
): string
Returns an ARN that represents all objects within the bucket that match the key pattern specified.
To represent all keys, specify "*"
.
If you need to specify a keyPattern with multiple components, concatenate them into a single string, e.g.:
arnForObjects(home/${team}/${user}/*
)
stability
stable
Name | Type |
---|---|
keyPattern |
string |
string
Bucket.arnForObjects
▸ Protected
generatePhysicalName(): string
stability
stable
string
Bucket.generatePhysicalName
▸ Protected
getResourceArnAttribute(arnAttr
, arnComponents
): string
Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. bucket.bucketArn
).
Normally, this token will resolve to arnAttr
, but if the resource is
referenced across environments, arnComponents
will be used to synthesize
a concrete ARN with the resource's physical name. Make sure to reference
this.physicalName
in arnComponents
.
stability
stable
Name | Type | Description |
---|---|---|
arnAttr |
string |
The CFN attribute which resolves to the ARN of the resource. |
arnComponents |
ArnComponents |
The format of the ARN of this resource. |
string
Bucket.getResourceArnAttribute
▸ Protected
getResourceNameAttribute(nameAttr
): string
Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. bucket.bucketName
).
Normally, this token will resolve to nameAttr
, but if the resource is
referenced across environments, it will be resolved to this.physicalName
,
which will be a concrete name.
stability
stable
Name | Type | Description |
---|---|---|
nameAttr |
string |
The CFN attribute which resolves to the resource's name. |
string
Bucket.getResourceNameAttribute
▸ grantDelete(identity
, objectsKeyPattern?
): Grant
Grants s3:DeleteObject* permission to an IAM principal for objects in this bucket.
stability
stable
Name | Type | Description |
---|---|---|
identity |
IGrantable |
The principal. |
objectsKeyPattern? |
any |
Restrict the permission to a certain key pattern (default '*'). |
Grant
Bucket.grantDelete
▸ grantPublicAccess(keyPrefix?
, ...allowedActions
): Grant
Allows unrestricted access to objects from this bucket.
IMPORTANT: This permission allows anyone to perform actions on S3 objects in this bucket, which is useful for when you configure your bucket as a website and want everyone to be able to read objects in the bucket without needing to authenticate.
Without arguments, this method will grant read ("s3:GetObject") access to all objects ("*") in the bucket.
The method returns the iam.Grant
object, which can then be modified
as needed. For example, you can add a condition that will restrict access only
to an IPv4 range like this:
const grant = bucket.grantPublicAccess();
grant.resourceStatement!.addCondition(‘IpAddress’, { “aws:SourceIp”: “54.240.143.0/24” });
Note that if this IBucket
refers to an existing bucket, possibly not
managed by CloudFormation, this method will have no effect, since it's
impossible to modify the policy of an existing bucket.
stability
stable
Name | Type | Description |
---|---|---|
keyPrefix? |
string |
the prefix of S3 object keys (e.g. home/* ). Default is "*". |
...allowedActions |
string [] |
the set of S3 actions to allow. |
Grant
Bucket.grantPublicAccess
▸ grantPut(identity
, objectsKeyPattern?
): Grant
Grants s3:PutObject* and s3:Abort* permissions for this bucket to an IAM principal.
If encryption is used, permission to use the key to encrypt the contents of written files will also be granted to the same principal.
stability
stable
Name | Type | Description |
---|---|---|
identity |
IGrantable |
The principal. |
objectsKeyPattern? |
any |
Restrict the permission to a certain key pattern (default '*'). |
Grant
Bucket.grantPut
▸ grantPutAcl(identity
, objectsKeyPattern?
): Grant
Grant the given IAM identity permissions to modify the ACLs of objects in the given Bucket.
If your application has the '@aws-cdk/aws-s3:grantWriteWithoutAcl' feature flag set, calling grantWrite or grantReadWrite no longer grants permissions to modify the ACLs of the objects; in this case, if you need to modify object ACLs, call this method explicitly.
stability
stable
Name | Type |
---|---|
identity |
IGrantable |
objectsKeyPattern? |
string |
Grant
Bucket.grantPutAcl
▸ grantRead(identity
, objectsKeyPattern?
): Grant
Grant read permissions for this bucket and it's contents to an IAM principal (Role/Group/User).
If encryption is used, permission to use the key to decrypt the contents of the bucket will also be granted to the same principal.
stability
stable
Name | Type | Description |
---|---|---|
identity |
IGrantable |
The principal. |
objectsKeyPattern? |
any |
Restrict the permission to a certain key pattern (default '*'). |
Grant
Bucket.grantRead
▸ grantReadWrite(identity
, objectsKeyPattern?
): Grant
Grants read/write permissions for this bucket and it's contents to an IAM principal (Role/Group/User).
If an encryption key is used, permission to use the key for encrypt/decrypt will also be granted.
Before CDK version 1.85.0, this method granted the s3:PutObject*
permission that included s3:PutObjectAcl
,
which could be used to grant read/write object access to IAM principals in other accounts.
If you want to get rid of that behavior, update your CDK version to 1.85.0 or later,
and make sure the @aws-cdk/aws-s3:grantWriteWithoutAcl
feature flag is set to true
in the context
key of your cdk.json file.
If you've already updated, but still need the principal to have permissions to modify the ACLs,
use the grantPutAcl method.
stability
stable
Name | Type |
---|---|
identity |
IGrantable |
objectsKeyPattern? |
any |
Grant
Bucket.grantReadWrite
▸ grantWrite(identity
, objectsKeyPattern?
): Grant
Grant write permissions to this bucket to an IAM principal.
If encryption is used, permission to use the key to encrypt the contents of written files will also be granted to the same principal.
Before CDK version 1.85.0, this method granted the s3:PutObject*
permission that included s3:PutObjectAcl
,
which could be used to grant read/write object access to IAM principals in other accounts.
If you want to get rid of that behavior, update your CDK version to 1.85.0 or later,
and make sure the @aws-cdk/aws-s3:grantWriteWithoutAcl
feature flag is set to true
in the context
key of your cdk.json file.
If you've already updated, but still need the principal to have permissions to modify the ACLs,
use the grantPutAcl method.
stability
stable
Name | Type |
---|---|
identity |
IGrantable |
objectsKeyPattern? |
any |
Grant
Bucket.grantWrite
▸ onCloudTrailEvent(id
, options?
): Rule
Define a CloudWatch event that triggers when something happens to this repository.
Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail.
stability
stable
Name | Type | Description |
---|---|---|
id |
string |
The id of the rule. |
options? |
OnCloudTrailBucketEventOptions |
Options for adding the rule. |
Rule
Bucket.onCloudTrailEvent
▸ onCloudTrailPutObject(id
, options?
): Rule
Defines an AWS CloudWatch event that triggers when an object is uploaded to the specified paths (keys) in this bucket using the PutObject API call.
Note that some tools like aws s3 cp
will automatically use either
PutObject or the multipart upload API depending on the file size,
so using onCloudTrailWriteObject
may be preferable.
Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail.
stability
stable
Name | Type | Description |
---|---|---|
id |
string |
The id of the rule. |
options? |
OnCloudTrailBucketEventOptions |
Options for adding the rule. |
Rule
Bucket.onCloudTrailPutObject
▸ onCloudTrailWriteObject(id
, options?
): Rule
Defines an AWS CloudWatch event that triggers when an object at the specified paths (keys) in this bucket are written to.
This includes the events PutObject, CopyObject, and CompleteMultipartUpload.
Note that some tools like aws s3 cp
will automatically use either
PutObject or the multipart upload API depending on the file size,
so using this method may be preferable to onCloudTrailPutObject
.
Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail.
stability
stable
Name | Type | Description |
---|---|---|
id |
string |
The id of the rule. |
options? |
OnCloudTrailBucketEventOptions |
Options for adding the rule. |
Rule
Bucket.onCloudTrailWriteObject
▸ Protected
onPrepare(): void
Perform final modifications before synthesis.
This method can be implemented by derived constructs in order to perform final changes before synthesis. prepare() will be called after child constructs have been prepared.
This is an advanced framework feature. Only use this if you understand the implications.
stability
stable
void
Bucket.onPrepare
▸ Protected
onSynthesize(session
): void
Allows this construct to emit artifacts into the cloud assembly during synthesis.
This method is usually implemented by framework-level constructs such as Stack
and Asset
as they participate in synthesizing the cloud assembly.
stability
stable
Name | Type | Description |
---|---|---|
session |
ISynthesisSession |
The synthesis session. |
void
Bucket.onSynthesize
▸ Protected
onValidate(): string
[]
Validate the current construct.
This method can be implemented by derived constructs in order to perform validation logic. It is called on all constructs before synthesis.
stability
stable
string
[]
An array of validation error messages, or an empty array if the construct is valid.
Bucket.onValidate
▸ Protected
prepare(): void
Perform final modifications before synthesis.
This method can be implemented by derived constructs in order to perform final changes before synthesis. prepare() will be called after child constructs have been prepared.
This is an advanced framework feature. Only use this if you understand the implications.
stability
stable
void
Bucket.prepare
▸ s3UrlForObject(key?
): string
The S3 URL of an S3 object. For example:.
s3://onlybucket
s3://bucket/key
stability
stable
Name | Type | Description |
---|---|---|
key? |
string |
The S3 key of the object. |
string
an ObjectS3Url token
Bucket.s3UrlForObject
▸ Protected
synthesize(session
): void
Allows this construct to emit artifacts into the cloud assembly during synthesis.
This method is usually implemented by framework-level constructs such as Stack
and Asset
as they participate in synthesizing the cloud assembly.
stability
stable
Name | Type | Description |
---|---|---|
session |
ISynthesisSession |
The synthesis session. |
void
Bucket.synthesize
▸ toString(): string
Returns a string representation of this construct.
stability
stable
string
Bucket.toString
▸ transferAccelerationUrlForObject(key?
, options?
): string
The https Transfer Acceleration URL of an S3 object.
Specify dualStack: true
at the options
for dual-stack endpoint (connect to the bucket over IPv6). For example:
https://bucket.s3-accelerate.amazonaws.com
https://bucket.s3-accelerate.amazonaws.com/key
stability
stable
Name | Type | Description |
---|---|---|
key? |
string |
The S3 key of the object. |
options? |
TransferAccelerationUrlOptions |
Options for generating URL. |
string
an TransferAccelerationUrl token
Bucket.transferAccelerationUrlForObject
▸ urlForObject(key?
): string
The https URL of an S3 object. Specify regional: false
at the options for non-regional URLs. For example:.
https://s3.us-west-1.amazonaws.com/onlybucket
https://s3.us-west-1.amazonaws.com/bucket/key
https://s3.cn-north-1.amazonaws.com.cn/china-bucket/mykey
stability
stable
Name | Type | Description |
---|---|---|
key? |
string |
The S3 key of the object. |
string
an ObjectS3Url token
Bucket.urlForObject
▸ Protected
validate(): string
[]
Validate the current construct.
This method can be implemented by derived constructs in order to perform validation logic. It is called on all constructs before synthesis.
stability
stable
string
[]
Bucket.validate
▸ virtualHostedUrlForObject(key?
, options?
): string
The virtual hosted-style URL of an S3 object. Specify regional: false
at the options for non-regional URL. For example:.
https://only-bucket.s3.us-west-1.amazonaws.com
https://bucket.s3.us-west-1.amazonaws.com/key
https://bucket.s3.amazonaws.com/key
https://china-bucket.s3.cn-north-1.amazonaws.com.cn/mykey
stability
stable
Name | Type | Description |
---|---|---|
key? |
string |
The S3 key of the object. |
options? |
VirtualHostedStyleUrlOptions |
Options for generating URL. |
string
an ObjectS3Url token
Bucket.virtualHostedUrlForObject
▸ Static
fromBucketArn(scope
, id
, bucketArn
): IBucket
stability
stable
Name | Type |
---|---|
scope |
Construct |
id |
string |
bucketArn |
string |
IBucket
Bucket.fromBucketArn
▸ Static
fromBucketAttributes(scope
, id
, attrs
): IBucket
Creates a Bucket construct that represents an external bucket.
stability
stable
Name | Type | Description |
---|---|---|
scope |
Construct |
The parent creating construct (usually this ). |
id |
string |
The construct's name. |
attrs |
BucketAttributes |
A BucketAttributes object. |
IBucket
Bucket.fromBucketAttributes
▸ Static
fromBucketName(scope
, id
, bucketName
): IBucket
stability
stable
Name | Type |
---|---|
scope |
Construct |
id |
string |
bucketName |
string |
IBucket
Bucket.fromBucketName
▸ Static
isConstruct(x
): x is Construct
Return whether the given object is a Construct.
stability
stable
Name | Type |
---|---|
x |
any |
x is Construct
Bucket.isConstruct
▸ Static
isResource(construct
): construct is CfnResource
Check whether the given construct is a Resource.
stability
stable
Name | Type |
---|---|
construct |
IConstruct |
construct is CfnResource
Bucket.isResource
▸ Static
validateBucketName(physicalName
): void
Thrown an exception if the given bucket name is not valid.
stability
stable
Name | Type | Description |
---|---|---|
physicalName |
string |
name of the bucket. |
void
Bucket.validateBucketName
@cloudcomponents/cdk-s3-antivirus / DefinitionInitializer
-
Construct
↳
DefinitionInitializer
• new DefinitionInitializer(scope
, id
, props
)
Name | Type |
---|---|
scope |
Construct |
id |
string |
props |
DefinitionInitializerProps |
Construct.constructor
• Readonly
node: ConstructNode
The construct tree node associated with this construct.
stability
stable
Construct.node
▸ Protected
onPrepare(): void
Perform final modifications before synthesis.
This method can be implemented by derived constructs in order to perform final changes before synthesis. prepare() will be called after child constructs have been prepared.
This is an advanced framework feature. Only use this if you understand the implications.
stability
stable
void
Construct.onPrepare
▸ Protected
onSynthesize(session
): void
Allows this construct to emit artifacts into the cloud assembly during synthesis.
This method is usually implemented by framework-level constructs such as Stack
and Asset
as they participate in synthesizing the cloud assembly.
stability
stable
Name | Type | Description |
---|---|---|
session |
ISynthesisSession |
The synthesis session. |
void
Construct.onSynthesize
▸ Protected
onValidate(): string
[]
Validate the current construct.
This method can be implemented by derived constructs in order to perform validation logic. It is called on all constructs before synthesis.
stability
stable
string
[]
An array of validation error messages, or an empty array if the construct is valid.
Construct.onValidate
▸ Protected
prepare(): void
Perform final modifications before synthesis.
This method can be implemented by derived constructs in order to perform final changes before synthesis. prepare() will be called after child constructs have been prepared.
This is an advanced framework feature. Only use this if you understand the implications.
stability
stable
void
Construct.prepare
▸ Protected
synthesize(session
): void
Allows this construct to emit artifacts into the cloud assembly during synthesis.
This method is usually implemented by framework-level constructs such as Stack
and Asset
as they participate in synthesizing the cloud assembly.
stability
stable
Name | Type | Description |
---|---|---|
session |
ISynthesisSession |
The synthesis session. |
void
Construct.synthesize
▸ toString(): string
Returns a string representation of this construct.
stability
stable
string
Construct.toString
▸ Protected
validate(): string
[]
Validate the current construct.
This method can be implemented by derived constructs in order to perform validation logic. It is called on all constructs before synthesis.
stability
stable
string
[]
An array of validation error messages, or an empty array if the construct is valid.
Construct.validate
▸ Static
isConstruct(x
): x is Construct
Return whether the given object is a Construct.
stability
stable
Name | Type |
---|---|
x |
any |
x is Construct
Construct.isConstruct
@cloudcomponents/cdk-s3-antivirus / Sandbox
-
Construct
↳
Sandbox
- addToS3EnpointPolicy
- onPrepare
- onSynthesize
- onValidate
- prepare
- synthesize
- toString
- validate
- isConstruct
• new Sandbox(scope
, id
, props?
)
Name | Type |
---|---|
scope |
Construct |
id |
string |
props |
SandboxProps |
Construct.constructor
• Readonly
definitionBucket: DefinitionBucket
• Readonly
lambdaAccessPoint: IAccessPoint
• Readonly
node: ConstructNode
The construct tree node associated with this construct.
stability
stable
Construct.node
• Readonly
s3Endpoint: GatewayVpcEndpoint
• Readonly
vpc: IVpc
▸ addToS3EnpointPolicy(statement
): void
Name | Type |
---|---|
statement |
PolicyStatement |
void
▸ Protected
onPrepare(): void
Perform final modifications before synthesis.
This method can be implemented by derived constructs in order to perform final changes before synthesis. prepare() will be called after child constructs have been prepared.
This is an advanced framework feature. Only use this if you understand the implications.
stability
stable
void
Construct.onPrepare
▸ Protected
onSynthesize(session
): void
Allows this construct to emit artifacts into the cloud assembly during synthesis.
This method is usually implemented by framework-level constructs such as Stack
and Asset
as they participate in synthesizing the cloud assembly.
stability
stable
Name | Type | Description |
---|---|---|
session |
ISynthesisSession |
The synthesis session. |
void
Construct.onSynthesize
▸ Protected
onValidate(): string
[]
Validate the current construct.
This method can be implemented by derived constructs in order to perform validation logic. It is called on all constructs before synthesis.
stability
stable
string
[]
An array of validation error messages, or an empty array if the construct is valid.
Construct.onValidate
▸ Protected
prepare(): void
Perform final modifications before synthesis.
This method can be implemented by derived constructs in order to perform final changes before synthesis. prepare() will be called after child constructs have been prepared.
This is an advanced framework feature. Only use this if you understand the implications.
stability
stable
void
Construct.prepare
▸ Protected
synthesize(session
): void
Allows this construct to emit artifacts into the cloud assembly during synthesis.
This method is usually implemented by framework-level constructs such as Stack
and Asset
as they participate in synthesizing the cloud assembly.
stability
stable
Name | Type | Description |
---|---|---|
session |
ISynthesisSession |
The synthesis session. |
void
Construct.synthesize
▸ toString(): string
Returns a string representation of this construct.
stability
stable
string
Construct.toString
▸ Protected
validate(): string
[]
Validate the current construct.
This method can be implemented by derived constructs in order to perform validation logic. It is called on all constructs before synthesis.
stability
stable
string
[]
An array of validation error messages, or an empty array if the construct is valid.
Construct.validate
▸ Static
isConstruct(x
): x is Construct
Return whether the given object is a Construct.
stability
stable
Name | Type |
---|---|
x |
any |
x is Construct
Construct.isConstruct
@cloudcomponents/cdk-s3-antivirus / Scanner
-
Construct
↳
Scanner
• new Scanner(scope
, id
, props?
)
Name | Type |
---|---|
scope |
Construct |
id |
string |
props |
ScannerProps |
Construct.constructor
• Readonly
node: ConstructNode
The construct tree node associated with this construct.
stability
stable
Construct.node
• Readonly
sandbox: Sandbox
• Readonly
scanFunction: IFunction
• Readonly
scanStatusTagName: string
• Readonly
updateFunction: IFunction
▸ addSourceBucket(bucket
): void
Name | Type |
---|---|
bucket |
Bucket |
void
▸ Protected
onPrepare(): void
Perform final modifications before synthesis.
This method can be implemented by derived constructs in order to perform final changes before synthesis. prepare() will be called after child constructs have been prepared.
This is an advanced framework feature. Only use this if you understand the implications.
stability
stable
void
Construct.onPrepare
▸ Protected
onSynthesize(session
): void
Allows this construct to emit artifacts into the cloud assembly during synthesis.
This method is usually implemented by framework-level constructs such as Stack
and Asset
as they participate in synthesizing the cloud assembly.
stability
stable
Name | Type | Description |
---|---|---|
session |
ISynthesisSession |
The synthesis session. |
void
Construct.onSynthesize
▸ Protected
onValidate(): string
[]
Validate the current construct.
This method can be implemented by derived constructs in order to perform validation logic. It is called on all constructs before synthesis.
stability
stable
string
[]
An array of validation error messages, or an empty array if the construct is valid.
Construct.onValidate
▸ Protected
prepare(): void
Perform final modifications before synthesis.
This method can be implemented by derived constructs in order to perform final changes before synthesis. prepare() will be called after child constructs have been prepared.
This is an advanced framework feature. Only use this if you understand the implications.
stability
stable
void
Construct.prepare
▸ Protected
synthesize(session
): void
Allows this construct to emit artifacts into the cloud assembly during synthesis.
This method is usually implemented by framework-level constructs such as Stack
and Asset
as they participate in synthesizing the cloud assembly.
stability
stable
Name | Type | Description |
---|---|---|
session |
ISynthesisSession |
The synthesis session. |
void
Construct.synthesize
▸ toString(): string
Returns a string representation of this construct.
stability
stable
string
Construct.toString
▸ Protected
validate(): string
[]
Validate the current construct.
This method can be implemented by derived constructs in order to perform validation logic. It is called on all constructs before synthesis.
stability
stable
string
[]
An array of validation error messages, or an empty array if the construct is valid.
Construct.validate
▸ Static
isConstruct(x
): x is Construct
Return whether the given object is a Construct.
stability
stable
Name | Type |
---|---|
x |
any |
x is Construct
Construct.isConstruct
@cloudcomponents/cdk-s3-antivirus / DefinitionBucketProps
• Optional
Readonly
bucketName: string
• Readonly
vpcEndpoint: string
@cloudcomponents/cdk-s3-antivirus / DefinitionInitializerProps
• Readonly
fn: IFunction
@cloudcomponents/cdk-s3-antivirus / SandboxProps
• Optional
Readonly
encryptedFileSystem: boolean
@cloudcomponents/cdk-s3-antivirus / ScannerProps
• Optional
Readonly
buckets: Bucket
[]
• Optional
Readonly
onError: IDestination
• Optional
Readonly
onResult: IDestination
• Optional
Readonly
scanStatusTagName: string
default
cc:scan-status
• Optional
Readonly
updateSchedule: Schedule