This blog will teach us how to create an S3 bucket using CDK. AWS S3 (simple storage service) is a durable, petabyte-scale, and affordable cloud object storage. S3 buckets are containers for your data. Before storing any data in S3, we must create a bucket. I have written a blog on how to create an S3 bucket using Python and AWS CLI. This blog will teach you how to do it using CDK.
Table of contents
Open Table of contents
S3 Bucket using CDK
The code below creates an S3 bucket. We do not need to pass any parameters to the S3 construct, and it will create an S3 bucket with all default values.
import { RemovalPolicy, Stack, StackProps } from "aws-cdk-lib";
import { Construct } from "constructs";
import * as s3 from "aws-cdk-lib/aws-s3";
export class AwsS3Stack extends Stack {
constructor(scope: Construct, id: string, props?: StackProps) {
super(scope, id, props);
new s3.Bucket(this, "SimpleBucketFromCDK");
}
}
In this code, we are just calling the S3 construct. When we deploy our stack, we see that the S3 bucket has been created in AWS.
Giving S3 bucket name
When creating an S3 bucket, we can also set the name of our choice to an S3 bucket. This name should follow S3 bucket naming rules and should be unique.
// previous code
new s3.Bucket(this, "BucketFromCDK", {
bucketName: "test-bucket-from-cdk-12",
});
In this code, we pass bucketName
to a value of our choice. Let us deploy our stack.
It worked! We have a bucket with a name that we passed.
Setting Up Bucket policies using CDK
By default, all buckets created in S3 are private. Therefore, users cannot upload or read files from the bucket. We can set these permissions when we create an S3 bucket.
import { Stack, StackProps } from "aws-cdk-lib";
import { Construct } from "constructs";
import * as s3 from "aws-cdk-lib/aws-s3";
export class AwsS3Stack extends Stack {
constructor(scope: Construct, id: string, props?: StackProps) {
super(scope, id, props);
// ... previous code
new s3.Bucket(this, "BucketWithPublicReadAccess", {
accessControl: s3.BucketAccessControl.PUBLIC_READ,
});
}
}
In code, we are passing accessControl
param. It accepts the BucketAccessControl enum. As we set up the PUBLIC_READ property for this bucket, everyone will be able to read files from this bucket.
BucketAccessControl enum has the below values.
- PRIVATE
- PUBLIC_READ
- PUBLIC_READ_WRITE
- AUTHENTICATED_READ
- LOG_DELIVERY_WRITE
- BUCKET_OWNER_READ
- BUCKET_OWNER_FULL_CONTROL
- AWS_EXEC_READ
If we want to set the PUBLIC_READ policy for the bucket, there is another more straightforward way. We can set publicReadAccess
to true.
new s3.Bucket(this, "BucketWithPublicReadAccess", {
// accessControl: s3.BucketAccessControl.PUBLIC_READ,
publicReadAccess: true,
//same as setting s3.BucketAccessControl.PUBLIC_READ
});
Deleting S3 Bucket on CDK destroy
Now, let us clean up our mess by running cdk destroy
.
We can see that our stack has been successfully deleted. Let us check if it has deleted our buckets or not.
Ohh! Our buckets have not yet been deleted. Why so? Once the stack is deleted, shouldn’t it also delete all resources belonging to that stack?
Well, you are right. In most cases, once the stack is deleted, resources are deleted with it. But for a few resources, there is execution. CDK does not want us to lose any data we may have stored in the S3 bucket. Hence, even after we run cdk destroy
and the stack is deleted, our S3 buckets are not been deleted.
We can change this behavior if we are sure that we do not want those buckets for later use. Let us go through the below code.
import { RemovalPolicy, Stack, StackProps } from "aws-cdk-lib";
import { Construct } from "constructs";
import * as s3 from "aws-cdk-lib/aws-s3";
export class AwsS3Stack extends Stack {
constructor(scope: Construct, id: string, props?: StackProps) {
super(scope, id, props);
new s3.Bucket(this, "BucketFromCDK", {
bucketName: "test-bucket-from-cdk-12",
removalPolicy: RemovalPolicy.DESTROY,
});
}
}
We are passing removalPolicy
param. It accepts the RemovalPolicy enum, which has been imported from aws-cdk-lib. The default removal policy is RETAIN for S3 buckets. When we change that to DESTROY, our S3 bucket should be deleted once we delete the stack.
S3 construct parameters
The table below shows the most common parameters the S3 CDK construct accepts. There are a few parameters we have not discussed here. Let me know if you want to explain how those parameters work.
Name | Type | Description | Default Value |
---|---|---|---|
removalPolicy | RemovalPolicy enum | Decides on what happens to the bucket when the stack is deleted | RETAIN |
bucketName | string | Name of the bucket | |
accessControl | BucketAccessControl enum | Sets Access Control List (ACL) policy for the bucket | PRIVATE |
versioned | boolean | sets if versioning should be enabled for the s3 bucket or not | false |
publicReadAccess | boolean | Sets public read access for objects in an s3 bucket | false |
lifecycleRules | LifecycleRule [] | Sets up lifecycle rules for objects in an S3 bucket | |
encryption | BucketEncryption Enum | Sets which type of server-side encryption should be applied to the bucket | UNENCRYPTED |
Conclusion
So, we have created S3 buckets using CDK and learned different ways to configure those buckets. I hope you have found this helpful. See you in the next blog.