This blog will teach us how to create an S3 bucket using CDK. AWS S3 (simple storage service) is a durable, petabyte-scale, and affordable cloud object storage. S3 buckets are containers for your data. Before storing any data in S3, we must create a bucket. I have written a blog on how to create an S3 bucket using python and AWS CLI. This blog will teach you how to do it using CDK.
S3 Bucket using CDK
The code below creates an S3 bucket. We do not need to pass any parameters to the S3 construct, and it will create an S3 bucket with all default values.
import {RemovalPolicy, Stack, StackProps} from 'aws-cdk-lib';
import {Construct} from 'constructs';
import * as s3 from 'aws-cdk-lib/aws-s3';
export class AwsS3Stack extends Stack {
constructor(scope: Construct, id: string, props?: StackProps) {
super(scope, id, props);
new s3.Bucket(this, "SimpleBucketFromCDK");
}
}
In this code, we are just calling the S3 construct. When we deploy our stack, we can see that the S3 bucket has been created in AWS.
Giving S3 bucket name
When creating an S3 bucket, we can also set the name of our choice to an S3 bucket. This name should follow S3 bucket naming rules and should be unique.
// previous code
new s3.Bucket(this, "BucketFromCDK", {
bucketName: "test-bucket-from-cdk-12",
});
In this code, we pass `bucketName` to a value of our choice. Let us deploy our stack.
It worked! We have a bucket with a name that we passed.
Setting Up Bucket policies using CDK
By default, all buckets created in S3 are private. Therefore, users will not be able to upload or read files from the bucket. We can set these permissions when we create an S3 bucket.
import {Stack, StackProps} from 'aws-cdk-lib';
import {Construct} from 'constructs';
import * as s3 from 'aws-cdk-lib/aws-s3';
export class AwsS3Stack extends Stack {
constructor(scope: Construct, id: string, props?: StackProps) {
super(scope, id, props);
// ... previous code
new s3.Bucket(this, "BucketWithPublicReadAccess", {
accessControl: s3.BucketAccessControl.PUBLIC_READ
})
}
}
In code, we are passing `accessControl` param. It accepts BucketAccessControl enum. As we set up the PUBLIC_READ property for this bucket, everyone will be able to read files from this bucket.
BucketAccessControl enum has the below values.
- PRIVATE
- PUBLIC_READ
- PUBLIC_READ_WRITE
- AUTHENTICATED_READ
- LOG_DELIVERY_WRITE
- BUCKET_OWNER_READ
- BUCKET_OWNER_FULL_CONTROL
- AWS_EXEC_READ
If we want to set the PUBLIC_READ policy for the bucket, there is another more straightforward way. We can set `publicReadAccess` to true.
new s3.Bucket(this, "BucketWithPublicReadAccess", {
// accessControl: s3.BucketAccessControl.PUBLIC_READ,
publicReadAccess: true //same as setting s3.BucketAccessControl.PUBLIC_READ
})
Deleting S3 Bucket on CDK destroy
Now let us clean up our mess by running cdk destroy.
We can see that our stack has been successfully deleted. Let us check if it has deleted our buckets or not.
Ohh! our buckets are not yet deleted. Why so? Once the stack is deleted, shouldn’t it also delete all resources belonging to that stack?
Well, you are right. In most cases, once the stack is deleted, resources are deleted with it. But for a few resources, there is execution. CDK does not want us to lose any data we may have stored in the S3 bucket. Hence even after we run cdk destroy and the stack is deleted, our S3 buckets are not been deleted.
If we are sure that we do not want those buckets for later use, we can change this behavior. Let us go through the below code.
import {RemovalPolicy, Stack, StackProps} from 'aws-cdk-lib';
import {Construct} from 'constructs';
import * as s3 from 'aws-cdk-lib/aws-s3';
export class AwsS3Stack extends Stack {
constructor(scope: Construct, id: string, props?: StackProps) {
super(scope, id, props);
new s3.Bucket(this, "BucketFromCDK", {
bucketName: "test-bucket-from-cdk-12",
removalPolicy: RemovalPolicy.DESTROY
});
}
}
We are passing `removalPolicy` param. It accepts RemovalPolicy enum when has been imported from aws-cdk-lib. The default removal policy is RETAIN for S3 buckets. When we change that to DESTROY, our S3 bucket should be deleted once we delete the stack.
S3 construct parameters
The below table shows the most common parameters accepted by the S3 CDK construct. There are a few parameters that we have not discussed here. Let me know if you want to explain how those parameters work.
| Name | Type | Description | Default Value |
|---|---|---|---|
| accessControl | BucketAccessControl enum | Sets Access Control List (ACL) policy for the bucket | PRIVATE |
| bucketName | string | Name of the bucket | |
| encryption | BucketEncryption Enum | Sets which type of server-side encryption should be applied to bucket | UNENCRYPTED |
| lifecycleRules | LifecycleRule [] | Sets up lifecycle rules for objects in an S3 bucket | No rules |
| publicReadAccess | boolean | Sets public read access for objects in an s3 bucket | false |
| removalPolicy | RemovalPolicy enum | Decides on what happens to bucket when stack is deleted | RETAIN |
| versioned | boolean | sets if versioning should be enabled for s3 bucket or not | false |
Conclusion
So we have created S3 buckets using CDK and learned about different ways to configure that bucket. I hope you have found this useful. See you in the next blog.
