Class CcBucket

CloudKitect S3 Bucket component that uses S3_MANAGED encryption, enforces ssl, denies public access.

Default Configuration

Encryption: S3 Managed Versioned: True Removal Policy: Retain in Production

Default Alarms

None

Note that the default alarm uses the CcAlarm construct, which sets up an alarm action to notify the SNS Topic AlarmEventsTopic by default.

Examples

Default Usage

new CcBucket(this, "LogicalId", {
    ccAccessLogsBucket: accessLogs
});

Custom Configuration

new CcBucket(this, "LogicalId", {
   ccAccessLogsBucket: accessLogs,
   enforceSSL: false
});

Compliance

It addresses the following compliance requirements

  1. Blocks public access
    • Risk Level: Medium
    • Compliance: PCI, HIPAA, GDPR, APRA, MAS, NIST4
    • Well Architected Pillar: Security
  2. S3 Bucket Logging Enabled
    • Risk Level: Medium
    • Compliance: PCI, HIPAA, GDPR, APRA, MAS, NIST4
    • Well Architected Pillar: Security
  3. Bucket versioning enabled in Production Environment
    • Risk Level: Low
    • Compliance: PCI, APRA, MAS, NIST4
    • Well Architected Pillar: Reliability
  4. Block S3 Bucket Public 'READ' Access
    • Risk Level: Very High
    • Compliance: PCI, GDPR, ARPA, MAS, NIST4
    • Well Architected Pillar: Security
  5. S3 Bucket should have Retain Policy in Production Environment
    • Risk Level: High
    • Compliance: NA
    • Well Architected Pillar: Reliability
  6. Only allow secure transport protocols
    • Risk Level: High
    • Compliance: PCI, APRA, MAS, NIST4
    • Well Architected Pillar: Security
  7. Server side encryption
    • Risk Level: High
    • Compliance: PCI, HIPAA, GDPR, APRA, MAS, NIST4
    • Well Architected Pillar: Security
  8. S3 Bucket Block ACLs
    • Risk Level: Very High
    • Compliance: PCI, APRA, MAS, NIST4
    • Well Architected Pillar: Security
  9. Centralized Backup
    • Risk Level: High
    • Compliance: FedRamp
    • Well Architected Pillar: Security, Reliability

Compliance Check Report

Hierarchy

  • Bucket
    • CcBucket

Constructors

constructor

Properties

notificationQueue?

Methods

getAccessLogsBucket getBucketEncryptionKey getBucketEncryptionType getLifecycleRules

Constructors

constructor

  • new CcBucket(scope, id, props): CcBucket

  • Parameters

    Returns CcBucket

Properties

Optional Readonly notificationQueue

notificationQueue?: IQueue

Methods

Static Private getAccessLogsBucket

  • getAccessLogsBucket(props): undefined | IBucket

  • Parameters

    Returns undefined | IBucket

Static Private getBucketEncryptionKey

  • getBucketEncryptionKey(scope, id, props): undefined | IKey

  • Parameters

    Returns undefined | IKey

Static Private getBucketEncryptionType

  • getBucketEncryptionType(props): S3_MANAGED | KMS

  • Parameters

    Returns S3_MANAGED | KMS

Static Private getLifecycleRules

  • getLifecycleRules(): LifecycleRule[]

  • Returns LifecycleRule[]

Settings

Member Visibility

Theme

On This Page

Generated using TypeDoc