@horietakehiro/aws-cdk-utul 0.41.4 → 0.41.6

package/lib/types/cfn-resource-types/aws-s3-bucket.d.ts

@@ -49,6 +49,7 @@ export interface _AWS_S3_BUCKET {
      */
     MetricsConfigurations?: MetricsConfiguration[];
     MetadataTableConfiguration?: MetadataTableConfiguration;
+    MetadataConfiguration?: MetadataConfiguration;
     NotificationConfiguration?: NotificationConfiguration;
     ObjectLockConfiguration?: ObjectLockConfiguration;
     /**
@@ -142,7 +143,7 @@ export interface Destination {
     BucketAccountId?: string;
     /**
      * Specifies the file format used when exporting data to Amazon S3.
-     *   *Allowed values*: ``CSV`` | ``ORC`` | ``Parquet``
+     *  *Allowed values*: ``CSV`` | ``ORC`` | ``Parquet``
      */
     Format: ("CSV" | "ORC" | "Parquet");
     /**
@@ -161,8 +162,8 @@ export interface BucketEncryption {
 }
 /**
  * Specifies the default server-side encryption configuration.
- *    +   *General purpose buckets* - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner.
- *   +   *Directory buckets* - When you specify an [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported.
+ *    +  *General purpose buckets* - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner.
+ *   +  *Directory buckets* - When you specify an [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported.
  */
 export interface ServerSideEncryptionRule {
     /**
@@ -178,8 +179,8 @@ export interface ServerSideEncryptionRule {
 export interface ServerSideEncryptionByDefault {
     /**
      * AWS Key Management Service (KMS) customer managed key ID to use for the default encryption.
-     *    +   *General purpose buckets* - This parameter is allowed if and only if ``SSEAlgorithm`` is set to ``aws:kms`` or ``aws:kms:dsse``.
-     *   +   *Directory buckets* - This parameter is allowed if and only if ``SSEAlgorithm`` is set to ``aws:kms``.
+     *    +  *General purpose buckets* - This parameter is allowed if and only if ``SSEAlgorithm`` is set to ``aws:kms`` or ``aws:kms:dsse``.
+     *   +  *Directory buckets* - This parameter is allowed if and only if ``SSEAlgorithm`` is set to ``aws:kms``.
      *
      *   You can specify the key ID, key alias, or the Amazon Resource Name (ARN) of the KMS key.
      *   +  Key ID: ``1234abcd-12ab-34cd-56ef-1234567890ab``
@@ -187,8 +188,8 @@ export interface ServerSideEncryptionByDefault {
      *   +  Key Alias: ``alias/alias-name``
      *
      *  If you are using encryption with cross-account or AWS service operations, you must use a fully qualified KMS key ARN. For more information, see [Using encryption for cross-account operations](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy).
-     *    +   *General purpose buckets* - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. Also, if you use a key ID, you can run into a LogDestination undeliverable error when creating a VPC flow log.
-     *   +   *Directory buckets* - When you specify an [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported.
+     *    +  *General purpose buckets* - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. Also, if you use a key ID, you can run into a LogDestination undeliverable error when creating a VPC flow log.
+     *   +  *Directory buckets* - When you specify an [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported.
      *
      *    Amazon S3 only supports symmetric encryption KMS keys. For more information, see [Asymmetric keys in KMS](https://docs.aws.amazon.com//kms/latest/developerguide/symmetric-asymmetric.html) in the *Key Management Service Developer Guide*.
      */
@@ -218,7 +219,7 @@ export interface CorsRule {
     AllowedHeaders?: string[];
     /**
      * An HTTP method that you allow the origin to run.
-     *   *Allowed values*: ``GET`` | ``PUT`` | ``HEAD`` | ``POST`` | ``DELETE``
+     *  *Allowed values*: ``GET`` | ``PUT`` | ``HEAD`` | ``POST`` | ``DELETE``
      */
     AllowedMethods: ("GET" | "PUT" | "HEAD" | "POST" | "DELETE")[];
     /**
@@ -323,7 +324,7 @@ export interface Destination1 {
     BucketAccountId?: string;
     /**
      * Specifies the file format used when exporting data to Amazon S3.
-     *   *Allowed values*: ``CSV`` | ``ORC`` | ``Parquet``
+     *  *Allowed values*: ``CSV`` | ``ORC`` | ``Parquet``
      */
     Format: ("CSV" | "ORC" | "Parquet");
     /**
@@ -342,8 +343,8 @@ export interface LifecycleConfiguration {
     /**
      * Indicates which default minimum object size behavior is applied to the lifecycle configuration.
      *   This parameter applies to general purpose buckets only. It isn't supported for directory bucket lifecycle configurations.
-     *    +   ``all_storage_classes_128K`` - Objects smaller than 128 KB will not transition to any storage class by default.
-     *   +   ``varies_by_storage_class`` - Objects smaller than 128 KB will transition to Glacier Flexible Retrieval or Glacier Deep Archive storage classes. By default, all other storage classes will prevent transitions smaller than 128 KB.
+     *    +  ``all_storage_classes_128K`` - Objects smaller than 128 KB will not transition to any storage class by default.
+     *   +  ``varies_by_storage_class`` - Objects smaller than 128 KB will transition to Glacier Flexible Retrieval or Glacier Deep Archive storage classes. By default, all other storage classes will prevent transitions smaller than 128 KB.
      *
      *  To customize the minimum object size for any transition you can add a filter that specifies a custom ``ObjectSizeGreaterThan`` or ``ObjectSizeLessThan`` in the body of your transition rule. Custom filters always take precedence over the default transition behavior.
      */
@@ -547,7 +548,7 @@ export interface MetricsConfiguration {
     TagFilters?: TagFilter[];
 }
 /**
- * The metadata table configuration of an S3 general purpose bucket. For more information, see [Accelerating data discovery with S3 Metadata](https://docs.aws.amazon.com/AmazonS3/latest/userguide/metadata-tables-overview.html) and [Setting up permissions for configuring metadata tables](https://docs.aws.amazon.com/AmazonS3/latest/userguide/metadata-tables-permissions.html).
+ * The metadata table configuration of an S3 general purpose bucket.
  */
 export interface MetadataTableConfiguration {
     S3TablesDestination: S3TablesDestination;
@@ -573,6 +574,97 @@ export interface S3TablesDestination {
      */
     TableArn?: string;
 }
+export interface MetadataConfiguration {
+    Destination?: MetadataDestination;
+    JournalTableConfiguration: JournalTableConfiguration;
+    InventoryTableConfiguration?: InventoryTableConfiguration;
+}
+/**
+ * The destination information for the metadata configuration.
+ */
+export interface MetadataDestination {
+    /**
+     * The type of the table bucket.
+     */
+    TableBucketType: ("aws" | "customer");
+    /**
+     * The ARN of the table bucket.
+     */
+    TableBucketArn?: string;
+    /**
+     * The namespace of the table.
+     */
+    TableNamespace?: string;
+}
+/**
+ * The configuration for the journal table.
+ */
+export interface JournalTableConfiguration {
+    /**
+     * The name of the journal table.
+     */
+    TableName?: string;
+    /**
+     * The ARN of the journal table.
+     */
+    TableArn?: string;
+    RecordExpiration: RecordExpiration;
+    EncryptionConfiguration?: MetadataTableEncryptionConfiguration;
+}
+export interface RecordExpiration {
+    /**
+     * Specifies whether record expiration is enabled or disabled.
+     */
+    Expiration: ("ENABLED" | "DISABLED");
+    /**
+     * The number of days after which records expire. Required if Expiration is ENABLED.
+     */
+    Days?: number;
+}
+/**
+ * The encryption configuration for the journal table.
+ */
+export interface MetadataTableEncryptionConfiguration {
+    /**
+     * Specifies the server-side encryption algorithm to use for encrypting tables.
+     */
+    SseAlgorithm: ("aws:kms" | "AES256");
+    /**
+     * The ARN of the KMS key. Required if SseAlgorithm is aws:kms.
+     */
+    KmsKeyArn?: string;
+}
+/**
+ * The configuration for the inventory table.
+ */
+export interface InventoryTableConfiguration {
+    /**
+     * The name of the inventory table.
+     */
+    TableName?: string;
+    /**
+     * The ARN of the inventory table.
+     */
+    TableArn?: string;
+    /**
+     * Specifies whether inventory table configuration is enabled or disabled.
+     */
+    ConfigurationState: ("ENABLED" | "DISABLED");
+    EncryptionConfiguration?: MetadataTableEncryptionConfiguration1;
+}
+/**
+ * The encryption configuration for the inventory table.
+ */
+export interface MetadataTableEncryptionConfiguration1 {
+    /**
+     * Specifies the server-side encryption algorithm to use for encrypting tables.
+     */
+    SseAlgorithm: ("aws:kms" | "AES256");
+    /**
+     * The ARN of the KMS key. Required if SseAlgorithm is aws:kms.
+     */
+    KmsKeyArn?: string;
+}
 /**
  * Configuration that defines how Amazon S3 handles bucket notifications.
  */
@@ -809,7 +901,7 @@ export interface ReplicationRule {
     Status: ("Disabled" | "Enabled");
 }
 /**
- * Specifies whether Amazon S3 replicates delete markers. If you specify a ``Filter`` in your replication configuration, you must also include a ``DeleteMarkerReplication`` element. If your ``Filter`` includes a ``Tag`` element, the ``DeleteMarkerReplication`` ``Status`` must be set to Disabled, because Amazon S3 does not support replicating delete markers for tag-based rules. For an example configuration, see [Basic Rule Configuration](https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-config-min-rule-config).
+ * Specifies whether Amazon S3 replicates delete markers. If you specify a ``Filter`` in your replication configuration, you must also include a ``DeleteMarkerReplication`` element. If your ``Filter`` includes a ``Tag`` element, the ``DeleteMarkerReplication````Status`` must be set to Disabled, because Amazon S3 does not support replicating delete markers for tag-based rules. For an example configuration, see [Basic Rule Configuration](https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-config-min-rule-config).
  *  For more information about delete marker replication, see [Basic Rule Configuration](https://docs.aws.amazon.com/AmazonS3/latest/dev/delete-marker-replication.html).
  *   If you are using an earlier version of the replication configuration, Amazon S3 handles replication of delete markers differently. For more information, see [Backward Compatibility](https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-backward-compat-considerations).
  */
@@ -954,7 +1046,7 @@ export interface SourceSelectionCriteria {
 export interface ReplicaModifications {
     /**
      * Specifies whether Amazon S3 replicates modifications on replicas.
-     *   *Allowed values*: ``Enabled`` | ``Disabled``
+     *  *Allowed values*: ``Enabled`` | ``Disabled``
      */
     Status: ("Enabled" | "Disabled");
 }
@@ -1047,7 +1139,7 @@ export interface RedirectRule {
  */
 export interface RoutingRuleCondition {
     /**
-     * The object key name prefix when the redirect is applied. For example, to redirect requests for ``ExamplePage.html``, the key prefix will be ``ExamplePage.html``. To redirect request for all pages with the prefix ``docs/``, the key prefix will be ``/docs``, which identifies all objects in the docs/ folder.
+     * The object key name prefix when the redirect is applied. For example, to redirect requests for ``ExamplePage.html``, the key prefix will be ``ExamplePage.html``. To redirect request for all pages with the prefix ``docs/``, the key prefix will be ``docs/``, which identifies all objects in the docs/ folder.
      *  Required when the parent element ``Condition`` is specified and sibling ``HttpErrorCodeReturnedEquals`` is not specified. If both conditions are specified, both must be true for the redirect to be applied.
      */
     KeyPrefixEquals?: string;