Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs(s3): updated docstring for BucketPolicy() #31395

Merged
merged 8 commits into from
Sep 17, 2024
17 changes: 15 additions & 2 deletions packages/aws-cdk-lib/aws-s3/lib/bucket-policy.ts
Original file line number Diff line number Diff line change
Expand Up @@ -25,13 +25,26 @@ export interface BucketPolicyProps {
* Policies define the operations that are allowed on this resource.
*
* You almost never need to define this construct directly.
*
*
kaizencc marked this conversation as resolved.
Show resolved Hide resolved
* All AWS resources that support resource policies have a method called
* `addToResourcePolicy()`, which will automatically create a new resource
* policy if one doesn't exist yet, otherwise it will add to the existing
* policy.
*
* The bucket policy method is implemented differently than `addToResourcePolicy()`
* as `BucketPolicy()` creates a new policy without knowing one earlier existed.
* e.g. if during Bucket creation, if `autoDeleteObject:true`, these policies are
* added to the bucket policy:
* ["s3:DeleteObject*", "s3:GetBucket*", "s3:List*", "s3:PutBucketPolicy"],
* and when you add a new BucketPolicy with ["s3:GetObject", "s3:ListBucket"] on
* this existing bucket, invoking `BucketPolicy()` will create a new Policy
* without knowing one earlier exists already, so it creates a new one.
* In this case, the custom resource handler will not have access to
* `s3:GetBucketTagging` action which will cause failure during deletion of stack.
*
* Hence its strongly recommended to use `addToResourcePolicy()` method to add
* new permissions to existing policy.
kaizencc marked this conversation as resolved.
Show resolved Hide resolved
*
* Prefer to use `addToResourcePolicy()` instead.
*/
export class BucketPolicy extends Resource {
/**
Expand Down
Loading