Create an Amazon S3 bucket using AWS CDK

Monday, 05/09/2022

Tram Ho

s3-cdk

This tutorial will explain what is needed to create an Amazon S3 bucket using the AWS CDK Python. The source code provided here comes with all the steps needed to run and deploy the AWS CDK code on AWS Cloud.

First, you need [install the AWS CDK] and the IAM profile to be able to deploy the system using the AWS CLI. After learning how to aggregate code from the AWS CDK to create an Amazon S3 bucket construct, you can deploy it to the AWS Cloud and clean up resources using the AWS CDK destroy statement.

Here are the specific steps to install and deploy an Amazon S3 bucket using the AWS CDK:

Before building the Amazon S3 bucket construct, you need to complete the following steps to be able to run the AWS CDK with Python

Install AWS CDK and Python
Install AWS CLI and AWS profiles
Create an AWS CDK project with Python

If you have completed these steps, you can start from step 4

1. Install AWS CDK

Install AWS CDK using npm package manager with below command

<span class="token function">npm</span> <span class="token function">install</span> -g aws-cdk typescript
cdk version

npm install -g aws-cdk typescript

cdk version

You can also refer to the detailed article on installing AWS CDK

2. Install AWS CLI and install AWS profile

AWS CLI is a command line tool that allows you to interact with AWS services through your terminal. Depending on the operating system you are using, the installation method may be different

<span class="token comment"># macOS</span>
brew <span class="token function">install</span> awscli

<span class="token comment"># Windows</span>
<span class="token function">wget</span> https://awscli.amazonaws.com/AWSCLIV2.msi
msiexec.exe /i https://awscli.amazonaws.com/AWSCLIV2.msi

<span class="token comment"># Linux (Ubuntu)</span>
<span class="token function">sudo</span> <span class="token function">apt</span> <span class="token function">install</span> awscli

# macOS

brew install awscli

# Windows

wget https://awscli.amazonaws.com/AWSCLIV2.msi

msiexec.exe /i https://awscli.amazonaws.com/AWSCLIV2.msi

# Linux (Ubuntu)

sudo apt install awscli

To be able to access your AWS account from the AWS CLI, you need to set up an AWS Profile. There are 2 ways you can do that:

Access and secret key from IAM User
AWS Single Sign-on (SSO) user

In this article, to be able to quickly set up AWS Profile, we will choose method 1.

AWS Console Login
Go to IAM > Users

Select IAM user, click Security credentials and create a new credential

Save the access key and secret key (because this is the only and last time you will see it)
Install AWS profiles for AWS CLI

aws configure
AWS Access Key ID <span class="token punctuation">[</span> None <span class="token punctuation">]</span> : <span class="token operator">&lt;</span> insert_access_key <span class="token operator">&gt;</span>
AWS Secret Access Key <span class="token punctuation">[</span> None <span class="token punctuation">]</span> : <span class="token operator">&lt;</span> insert_secret_key <span class="token operator">&gt;</span>
Default region name <span class="token punctuation">[</span> None <span class="token punctuation">]</span> : <span class="token operator">&lt;</span> insert_aws_region <span class="token operator">&gt;</span>
Default output <span class="token function">format</span> <span class="token punctuation">[</span> json <span class="token punctuation">]</span> : json

aws configure

AWS Access Key ID [ None ] : < insert_access_key >

AWS Secret Access Key [ None ] : < insert_secret_key >

Default region name [ None ] : < insert_aws_region >

Default output format [ json ] : json

Your credential information will be saved at ~/.aws/credentials under the profile name [default], which you can confirm with the following command

aws sts get-caller-identity
<span class="token punctuation">{</span>
    <span class="token string">"UserId"</span> <span class="token builtin class-name">:</span> <span class="token string">"xxx"</span> ,
    <span class="token string">"Account"</span> <span class="token builtin class-name">:</span> <span class="token string">"012345678901"</span> ,
    <span class="token string">"Arn"</span> <span class="token builtin class-name">:</span> <span class="token string">"arn:aws:iam::012345678901:user/vntechies"</span>
<span class="token punctuation">}</span>

aws sts get-caller-identity

{

"UserId" : "xxx" ,

"Account" : "012345678901" ,

"Arn" : "arn:aws:iam::012345678901:user/vntechies"

}

3. Create an AWS CDK Python project

After installing the profile and packages, you start creating the AWS CDK python project to build the Amazon S3 bucket construct.

You can create an AWS CDK python project by running the following command in an empty directory

cdk init --language python

1 2	cdk init --language python

Run the following command to create a virtual environment and install the necessary packages for python

python3 -m venv .venv
<span class="token builtin class-name">source</span> .venv/bin/activate
pip <span class="token function">install</span> -r requirements.txt

python3 -m venv .venv

source .venv/bin/activate

pip install -r requirements.txt

4. Create an Amazon S3 Bucket construct with the AWS CDK

After init project, the files will be generated as follows

./
├── README.md
├── app.py
├── aws_cdk_python_s3
│   ├── __init__.py
│   └── aws_cdk_python_s3_stack.py
├── cdk.json
├── requirements-dev.txt
├── requirements.txt
├── source.bat
└── tests
    ├── __init__.py
    └── unit
        ├── __init__.py
        └── test_aws_cdk_python_s3_stack.py

├── README.md

├── app.py

├── aws_cdk_python_s3

│ ├── __init__.py

│ └── aws_cdk_python_s3_stack.py

├── cdk.json

├── requirements-dev.txt

├── requirements.txt

├── source.bat

└── tests

├── __init__.py

└── unit

├── __init__.py

└── test_aws_cdk_python_s3_stack.py

<span class="token keyword">from</span> constructs <span class="token keyword">import</span> Construct
<span class="token keyword">from</span> aws_cdk <span class="token keyword">import</span> <span class="token punctuation">(</span>
    Stack <span class="token punctuation">,</span>
    aws_iam <span class="token keyword">as</span> iam <span class="token punctuation">,</span>
    aws_s3 <span class="token keyword">as</span> s3 <span class="token punctuation">,</span>
    aws_kms <span class="token keyword">as</span> kms <span class="token punctuation">,</span>
<span class="token punctuation">)</span>


<span class="token keyword">class</span> <span class="token class-name">AwsCdkPythonS3Stack</span> <span class="token punctuation">(</span> Stack <span class="token punctuation">)</span> <span class="token punctuation">:</span>

    <span class="token keyword">def</span> <span class="token function">__init__</span> <span class="token punctuation">(</span> self <span class="token punctuation">,</span> scope <span class="token punctuation">:</span> Construct <span class="token punctuation">,</span> construct_id <span class="token punctuation">:</span> <span class="token builtin">str</span> <span class="token punctuation">,</span> <span class="token operator">**</span> kwargs <span class="token punctuation">)</span> <span class="token operator">-</span> <span class="token operator">&gt;</span> <span class="token boolean">None</span> <span class="token punctuation">:</span>
        <span class="token builtin">super</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span> <span class="token punctuation">.</span> __init__ <span class="token punctuation">(</span> scope <span class="token punctuation">,</span> construct_id <span class="token punctuation">,</span> <span class="token operator">**</span> kwargs <span class="token punctuation">)</span>

        bucket <span class="token operator">=</span> s3 <span class="token punctuation">.</span> Bucket <span class="token punctuation">(</span> self <span class="token punctuation">,</span> <span class="token string">"VNTechies-AWS-CDK-S3-demo-bucket"</span> <span class="token punctuation">,</span>
                           object_ownership <span class="token operator">=</span> s3 <span class="token punctuation">.</span> ObjectOwnership <span class="token punctuation">.</span> BUCKET_OWNER_ENFORCED <span class="token punctuation">,</span>
                           block_public_access <span class="token operator">=</span> s3 <span class="token punctuation">.</span> BlockPublicAccess <span class="token punctuation">.</span> BLOCK_ALL <span class="token punctuation">,</span>
                           encryption_key <span class="token operator">=</span> kms <span class="token punctuation">.</span> Key <span class="token punctuation">(</span> self <span class="token punctuation">,</span> <span class="token string">'VNTechies-AWS-CDK-S3-demo-bucket-key'</span> <span class="token punctuation">)</span> <span class="token punctuation">,</span> <span class="token punctuation">)</span>

        bucket <span class="token punctuation">.</span> grant_read <span class="token punctuation">(</span> iam <span class="token punctuation">.</span> AccountRootPrincipal <span class="token punctuation">(</span> <span class="token punctuation">)</span> <span class="token punctuation">)</span>

from constructs import Construct

from aws_cdk import (

Stack ,

aws_iam as iam ,

aws_s3 as s3 ,

aws_kms as kms ,

)

class AwsCdkPythonS3Stack ( Stack ) :

def __init__ ( self , scope : Construct , construct_id : str , ** kwargs ) - > None :

super ( ) . __init__ ( scope , construct_id , ** kwargs )

bucket = s3 . Bucket ( self , "VNTechies-AWS-CDK-S3-demo-bucket" ,

object_ownership = s3 . ObjectOwnership . BUCKET_OWNER_ENFORCED ,

block_public_access = s3 . BlockPublicAccess . BLOCK_ALL ,

encryption_key = kms . Key ( self , 'VNTechies-AWS-CDK-S3-demo-bucket-key' ) , )

bucket . grant_read ( iam . AccountRootPrincipal ( ) )

kms_key is the newly created AWS Key Management Service to encrypt data on s3
object_ownership helps you disable access control lists (ACLs) and the bucket owner will have all rights to all objects in this bucket. ACLs will no longer affect permission management, but the bucket will use policies to manage access. This simplifies the way you manage and access the objects stored in your bucket.
block_public_access new objects will default to private mode and will not allow public access
encryption_key allows the use of a Customer managed keys to encrypt objects stored in the s3 bucket.
bucket.grant_read() allows a user with root privileges of the AWS account to access the created bucket

5. Synthesize Amazon S3 Bucket with AWS CDK

Amazon S3 bucket construct has already been created in the stack of the AWS CDK app, the next step will be to aggregate it into a CloudFormation template by running the statement for AWS CDK Synthesize

cdk synth

cdk synth

<span class="token key atrule">Resources</span> <span class="token punctuation">:</span>
  <span class="token key atrule">VNTechiesAWSCDKS3demobucketkey2DF32451</span> <span class="token punctuation">:</span>
    <span class="token key atrule">Type</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> KMS <span class="token punctuation">:</span> <span class="token punctuation">:</span> Key
    <span class="token key atrule">Properties</span> <span class="token punctuation">:</span>
      <span class="token key atrule">KeyPolicy</span> <span class="token punctuation">:</span>
        <span class="token key atrule">Statement</span> <span class="token punctuation">:</span>
          <span class="token punctuation">-</span> <span class="token key atrule">Action</span> <span class="token punctuation">:</span> kms <span class="token punctuation">:</span> *
            <span class="token key atrule">Effect</span> <span class="token punctuation">:</span> Allow
            <span class="token key atrule">Principal</span> <span class="token punctuation">:</span>
              <span class="token key atrule">AWS</span> <span class="token punctuation">:</span>
                <span class="token key atrule">Fn::Join</span> <span class="token punctuation">:</span>
                  <span class="token punctuation">-</span> <span class="token string">""</span>
                  <span class="token punctuation">-</span> <span class="token punctuation">-</span> <span class="token string">"arn:"</span>
                    <span class="token punctuation">-</span> <span class="token key atrule">Ref</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> Partition
                    <span class="token punctuation">-</span> <span class="token string">":iam::"</span>
                    <span class="token punctuation">-</span> <span class="token key atrule">Ref</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> AccountId
                    <span class="token punctuation">-</span> <span class="token punctuation">:</span> root
            <span class="token key atrule">Resource</span> <span class="token punctuation">:</span> <span class="token string">"*"</span>
          <span class="token punctuation">-</span> <span class="token key atrule">Action</span> <span class="token punctuation">:</span>
              <span class="token punctuation">-</span> kms <span class="token punctuation">:</span> Decrypt
              <span class="token punctuation">-</span> kms <span class="token punctuation">:</span> DescribeKey
            <span class="token key atrule">Effect</span> <span class="token punctuation">:</span> Allow
            <span class="token key atrule">Principal</span> <span class="token punctuation">:</span>
              <span class="token key atrule">AWS</span> <span class="token punctuation">:</span>
                <span class="token key atrule">Fn::Join</span> <span class="token punctuation">:</span>
                  <span class="token punctuation">-</span> <span class="token string">""</span>
                  <span class="token punctuation">-</span> <span class="token punctuation">-</span> <span class="token string">"arn:"</span>
                    <span class="token punctuation">-</span> <span class="token key atrule">Ref</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> Partition
                    <span class="token punctuation">-</span> <span class="token string">":iam::"</span>
                    <span class="token punctuation">-</span> <span class="token key atrule">Ref</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> AccountId
                    <span class="token punctuation">-</span> <span class="token punctuation">:</span> root
            <span class="token key atrule">Resource</span> <span class="token punctuation">:</span> <span class="token string">"*"</span>
        <span class="token key atrule">Version</span> <span class="token punctuation">:</span> <span class="token string">"2012-10-17"</span>
    <span class="token key atrule">UpdateReplacePolicy</span> <span class="token punctuation">:</span> Retain
    <span class="token key atrule">DeletionPolicy</span> <span class="token punctuation">:</span> Retain
    <span class="token key atrule">Metadata</span> <span class="token punctuation">:</span>
      <span class="token key atrule">aws:cdk:path</span> <span class="token punctuation">:</span> aws <span class="token punctuation">-</span> cdk <span class="token punctuation">-</span> python <span class="token punctuation">-</span> s3/VNTechies <span class="token punctuation">-</span> AWS <span class="token punctuation">-</span> CDK <span class="token punctuation">-</span> S3 <span class="token punctuation">-</span> demo <span class="token punctuation">-</span> bucket <span class="token punctuation">-</span> key/Resource
  <span class="token key atrule">VNTechiesAWSCDKS3demobucketB20DE88B</span> <span class="token punctuation">:</span>
    <span class="token key atrule">Type</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> S3 <span class="token punctuation">:</span> <span class="token punctuation">:</span> Bucket
    <span class="token key atrule">Properties</span> <span class="token punctuation">:</span>
      <span class="token key atrule">BucketEncryption</span> <span class="token punctuation">:</span>
        <span class="token key atrule">ServerSideEncryptionConfiguration</span> <span class="token punctuation">:</span>
          <span class="token punctuation">-</span> <span class="token key atrule">ServerSideEncryptionByDefault</span> <span class="token punctuation">:</span>
              <span class="token key atrule">KMSMasterKeyID</span> <span class="token punctuation">:</span>
                <span class="token key atrule">Fn::GetAtt</span> <span class="token punctuation">:</span>
                  <span class="token punctuation">-</span> VNTechiesAWSCDKS3demobucketkey2DF32451
                  <span class="token punctuation">-</span> Arn
              <span class="token key atrule">SSEAlgorithm</span> <span class="token punctuation">:</span> aws <span class="token punctuation">:</span> kms
      <span class="token key atrule">OwnershipControls</span> <span class="token punctuation">:</span>
        <span class="token key atrule">Rules</span> <span class="token punctuation">:</span>
          <span class="token punctuation">-</span> <span class="token key atrule">ObjectOwnership</span> <span class="token punctuation">:</span> BucketOwnerEnforced
      <span class="token key atrule">PublicAccessBlockConfiguration</span> <span class="token punctuation">:</span>
        <span class="token key atrule">BlockPublicAcls</span> <span class="token punctuation">:</span> <span class="token boolean important">true</span>
        <span class="token key atrule">BlockPublicPolicy</span> <span class="token punctuation">:</span> <span class="token boolean important">true</span>
        <span class="token key atrule">IgnorePublicAcls</span> <span class="token punctuation">:</span> <span class="token boolean important">true</span>
        <span class="token key atrule">RestrictPublicBuckets</span> <span class="token punctuation">:</span> <span class="token boolean important">true</span>
    <span class="token key atrule">UpdateReplacePolicy</span> <span class="token punctuation">:</span> Retain
    <span class="token key atrule">DeletionPolicy</span> <span class="token punctuation">:</span> Retain
    <span class="token key atrule">Metadata</span> <span class="token punctuation">:</span>
      <span class="token key atrule">aws:cdk:path</span> <span class="token punctuation">:</span> aws <span class="token punctuation">-</span> cdk <span class="token punctuation">-</span> python <span class="token punctuation">-</span> s3/VNTechies <span class="token punctuation">-</span> AWS <span class="token punctuation">-</span> CDK <span class="token punctuation">-</span> S3 <span class="token punctuation">-</span> demo <span class="token punctuation">-</span> bucket/Resource
  <span class="token key atrule">VNTechiesAWSCDKS3demobucketPolicy2584B1E9</span> <span class="token punctuation">:</span>
    <span class="token key atrule">Type</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> S3 <span class="token punctuation">:</span> <span class="token punctuation">:</span> BucketPolicy
    <span class="token key atrule">Properties</span> <span class="token punctuation">:</span>
      <span class="token key atrule">Bucket</span> <span class="token punctuation">:</span>
        <span class="token key atrule">Ref</span> <span class="token punctuation">:</span> VNTechiesAWSCDKS3demobucketB20DE88B
      <span class="token key atrule">PolicyDocument</span> <span class="token punctuation">:</span>
        <span class="token key atrule">Statement</span> <span class="token punctuation">:</span>
          <span class="token punctuation">-</span> <span class="token key atrule">Action</span> <span class="token punctuation">:</span>
              <span class="token punctuation">-</span> s3 <span class="token punctuation">:</span> GetBucket*
              <span class="token punctuation">-</span> s3 <span class="token punctuation">:</span> GetObject*
              <span class="token punctuation">-</span> s3 <span class="token punctuation">:</span> List*
            <span class="token key atrule">Effect</span> <span class="token punctuation">:</span> Allow
            <span class="token key atrule">Principal</span> <span class="token punctuation">:</span>
              <span class="token key atrule">AWS</span> <span class="token punctuation">:</span>
                <span class="token key atrule">Fn::Join</span> <span class="token punctuation">:</span>
                  <span class="token punctuation">-</span> <span class="token string">""</span>
                  <span class="token punctuation">-</span> <span class="token punctuation">-</span> <span class="token string">"arn:"</span>
                    <span class="token punctuation">-</span> <span class="token key atrule">Ref</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> Partition
                    <span class="token punctuation">-</span> <span class="token string">":iam::"</span>
                    <span class="token punctuation">-</span> <span class="token key atrule">Ref</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> AccountId
                    <span class="token punctuation">-</span> <span class="token punctuation">:</span> root
            <span class="token key atrule">Resource</span> <span class="token punctuation">:</span>
              <span class="token punctuation">-</span> <span class="token key atrule">Fn::GetAtt</span> <span class="token punctuation">:</span>
                  <span class="token punctuation">-</span> VNTechiesAWSCDKS3demobucketB20DE88B
                  <span class="token punctuation">-</span> Arn
              <span class="token punctuation">-</span> <span class="token key atrule">Fn::Join</span> <span class="token punctuation">:</span>
                  <span class="token punctuation">-</span> <span class="token string">""</span>
                  <span class="token punctuation">-</span> <span class="token punctuation">-</span> <span class="token key atrule">Fn::GetAtt</span> <span class="token punctuation">:</span>
                        <span class="token punctuation">-</span> VNTechiesAWSCDKS3demobucketB20DE88B
                        <span class="token punctuation">-</span> Arn
                    <span class="token punctuation">-</span> /*
        <span class="token key atrule">Version</span> <span class="token punctuation">:</span> <span class="token string">"2012-10-17"</span>
    <span class="token key atrule">Metadata</span> <span class="token punctuation">:</span>
      <span class="token key atrule">aws:cdk:path</span> <span class="token punctuation">:</span> aws <span class="token punctuation">-</span> cdk <span class="token punctuation">-</span> python <span class="token punctuation">-</span> s3/VNTechies <span class="token punctuation">-</span> AWS <span class="token punctuation">-</span> CDK <span class="token punctuation">-</span> S3 <span class="token punctuation">-</span> demo <span class="token punctuation">-</span> bucket/Policy/Resource
  <span class="token key atrule">CDKMetadata</span> <span class="token punctuation">:</span>
    <span class="token key atrule">Type</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> CDK <span class="token punctuation">:</span> <span class="token punctuation">:</span> Metadata
    <span class="token key atrule">Properties</span> <span class="token punctuation">:</span>
      <span class="token key atrule">Analytics</span> <span class="token punctuation">:</span> v2 <span class="token punctuation">:</span> deflate64 <span class="token punctuation">:</span> H4sIAAAAAAAA/0XIQQrCMBCF4bN0n4zWgLi2SzelPYDUacQxbQKdBAkhd7chgqv/ve8E6gJtM31Y4mzkQg9Io5/QiJ3uyawM6aaj6J52TxasIF0DGu0L/VZN7xbC+Of6cy4yaHZhQ1125+xMnpzNoo/+5exBQXuEc/NmIrkF62nVMNR+AXbnt16gAAAA
    <span class="token key atrule">Metadata</span> <span class="token punctuation">:</span>
      <span class="token key atrule">aws:cdk:path</span> <span class="token punctuation">:</span> aws <span class="token punctuation">-</span> cdk <span class="token punctuation">-</span> python <span class="token punctuation">-</span> s3/CDKMetadata/Default
    <span class="token key atrule">Condition</span> <span class="token punctuation">:</span> CDKMetadataAvailable
<span class="token key atrule">Conditions</span> <span class="token punctuation">:</span>
  <span class="token key atrule">CDKMetadataAvailable</span> <span class="token punctuation">:</span>
    <span class="token key atrule">Fn::Or</span> <span class="token punctuation">:</span>
      <span class="token punctuation">-</span> <span class="token key atrule">Fn::Or</span> <span class="token punctuation">:</span>
          <span class="token punctuation">-</span> <span class="token key atrule">Fn::Equals</span> <span class="token punctuation">:</span>
              <span class="token punctuation">-</span> <span class="token key atrule">Ref</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> Region
              <span class="token punctuation">-</span> af <span class="token punctuation">-</span> south <span class="token punctuation">-</span> <span class="token number">1</span>
          <span class="token punctuation">-</span> <span class="token key atrule">Fn::Equals</span> <span class="token punctuation">:</span>
              <span class="token punctuation">-</span> <span class="token key atrule">Ref</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> Region
              <span class="token punctuation">-</span> ap <span class="token punctuation">-</span> east <span class="token punctuation">-</span> <span class="token number">1</span>
          <span class="token punctuation">-</span> <span class="token key atrule">Fn::Equals</span> <span class="token punctuation">:</span>
              <span class="token punctuation">-</span> <span class="token key atrule">Ref</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> Region
              <span class="token punctuation">-</span> ap <span class="token punctuation">-</span> northeast <span class="token punctuation">-</span> <span class="token number">1</span>
          <span class="token punctuation">-</span> <span class="token key atrule">Fn::Equals</span> <span class="token punctuation">:</span>
              <span class="token punctuation">-</span> <span class="token key atrule">Ref</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> Region
              <span class="token punctuation">-</span> ap <span class="token punctuation">-</span> northeast <span class="token punctuation">-</span> <span class="token number">2</span>
          <span class="token punctuation">-</span> <span class="token key atrule">Fn::Equals</span> <span class="token punctuation">:</span>
              <span class="token punctuation">-</span> <span class="token key atrule">Ref</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> Region
              <span class="token punctuation">-</span> ap <span class="token punctuation">-</span> south <span class="token punctuation">-</span> <span class="token number">1</span>
          <span class="token punctuation">-</span> <span class="token key atrule">Fn::Equals</span> <span class="token punctuation">:</span>
              <span class="token punctuation">-</span> <span class="token key atrule">Ref</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> Region
              <span class="token punctuation">-</span> ap <span class="token punctuation">-</span> southeast <span class="token punctuation">-</span> <span class="token number">1</span>
          <span class="token punctuation">-</span> <span class="token key atrule">Fn::Equals</span> <span class="token punctuation">:</span>
              <span class="token punctuation">-</span> <span class="token key atrule">Ref</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> Region
              <span class="token punctuation">-</span> ap <span class="token punctuation">-</span> southeast <span class="token punctuation">-</span> <span class="token number">2</span>
          <span class="token punctuation">-</span> <span class="token key atrule">Fn::Equals</span> <span class="token punctuation">:</span>
              <span class="token punctuation">-</span> <span class="token key atrule">Ref</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> Region
              <span class="token punctuation">-</span> ca <span class="token punctuation">-</span> central <span class="token punctuation">-</span> <span class="token number">1</span>
          <span class="token punctuation">-</span> <span class="token key atrule">Fn::Equals</span> <span class="token punctuation">:</span>
              <span class="token punctuation">-</span> <span class="token key atrule">Ref</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> Region
              <span class="token punctuation">-</span> cn <span class="token punctuation">-</span> north <span class="token punctuation">-</span> <span class="token number">1</span>
          <span class="token punctuation">-</span> <span class="token key atrule">Fn::Equals</span> <span class="token punctuation">:</span>
              <span class="token punctuation">-</span> <span class="token key atrule">Ref</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> Region
              <span class="token punctuation">-</span> cn <span class="token punctuation">-</span> northwest <span class="token punctuation">-</span> <span class="token number">1</span>
      <span class="token punctuation">-</span> <span class="token key atrule">Fn::Or</span> <span class="token punctuation">:</span>
          <span class="token punctuation">-</span> <span class="token key atrule">Fn::Equals</span> <span class="token punctuation">:</span>
              <span class="token punctuation">-</span> <span class="token key atrule">Ref</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> Region
              <span class="token punctuation">-</span> eu <span class="token punctuation">-</span> central <span class="token punctuation">-</span> <span class="token number">1</span>
          <span class="token punctuation">-</span> <span class="token key atrule">Fn::Equals</span> <span class="token punctuation">:</span>
              <span class="token punctuation">-</span> <span class="token key atrule">Ref</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> Region
              <span class="token punctuation">-</span> eu <span class="token punctuation">-</span> north <span class="token punctuation">-</span> <span class="token number">1</span>
          <span class="token punctuation">-</span> <span class="token key atrule">Fn::Equals</span> <span class="token punctuation">:</span>
              <span class="token punctuation">-</span> <span class="token key atrule">Ref</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> Region
              <span class="token punctuation">-</span> eu <span class="token punctuation">-</span> south <span class="token punctuation">-</span> <span class="token number">1</span>
          <span class="token punctuation">-</span> <span class="token key atrule">Fn::Equals</span> <span class="token punctuation">:</span>
              <span class="token punctuation">-</span> <span class="token key atrule">Ref</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> Region
              <span class="token punctuation">-</span> eu <span class="token punctuation">-</span> west <span class="token punctuation">-</span> <span class="token number">1</span>
          <span class="token punctuation">-</span> <span class="token key atrule">Fn::Equals</span> <span class="token punctuation">:</span>
              <span class="token punctuation">-</span> <span class="token key atrule">Ref</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> Region
              <span class="token punctuation">-</span> eu <span class="token punctuation">-</span> west <span class="token punctuation">-</span> <span class="token number">2</span>
          <span class="token punctuation">-</span> <span class="token key atrule">Fn::Equals</span> <span class="token punctuation">:</span>
              <span class="token punctuation">-</span> <span class="token key atrule">Ref</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> Region
              <span class="token punctuation">-</span> eu <span class="token punctuation">-</span> west <span class="token punctuation">-</span> <span class="token number">3</span>
          <span class="token punctuation">-</span> <span class="token key atrule">Fn::Equals</span> <span class="token punctuation">:</span>
              <span class="token punctuation">-</span> <span class="token key atrule">Ref</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> Region
              <span class="token punctuation">-</span> me <span class="token punctuation">-</span> south <span class="token punctuation">-</span> <span class="token number">1</span>
          <span class="token punctuation">-</span> <span class="token key atrule">Fn::Equals</span> <span class="token punctuation">:</span>
              <span class="token punctuation">-</span> <span class="token key atrule">Ref</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> Region
              <span class="token punctuation">-</span> sa <span class="token punctuation">-</span> east <span class="token punctuation">-</span> <span class="token number">1</span>
          <span class="token punctuation">-</span> <span class="token key atrule">Fn::Equals</span> <span class="token punctuation">:</span>
              <span class="token punctuation">-</span> <span class="token key atrule">Ref</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> Region
              <span class="token punctuation">-</span> us <span class="token punctuation">-</span> east <span class="token punctuation">-</span> <span class="token number">1</span>
          <span class="token punctuation">-</span> <span class="token key atrule">Fn::Equals</span> <span class="token punctuation">:</span>
              <span class="token punctuation">-</span> <span class="token key atrule">Ref</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> Region
              <span class="token punctuation">-</span> us <span class="token punctuation">-</span> east <span class="token punctuation">-</span> <span class="token number">2</span>
      <span class="token punctuation">-</span> <span class="token key atrule">Fn::Or</span> <span class="token punctuation">:</span>
          <span class="token punctuation">-</span> <span class="token key atrule">Fn::Equals</span> <span class="token punctuation">:</span>
              <span class="token punctuation">-</span> <span class="token key atrule">Ref</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> Region
              <span class="token punctuation">-</span> us <span class="token punctuation">-</span> west <span class="token punctuation">-</span> <span class="token number">1</span>
          <span class="token punctuation">-</span> <span class="token key atrule">Fn::Equals</span> <span class="token punctuation">:</span>
              <span class="token punctuation">-</span> <span class="token key atrule">Ref</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> Region
              <span class="token punctuation">-</span> us <span class="token punctuation">-</span> west <span class="token punctuation">-</span> <span class="token number">2</span>
<span class="token key atrule">Parameters</span> <span class="token punctuation">:</span>
  <span class="token key atrule">BootstrapVersion</span> <span class="token punctuation">:</span>
    <span class="token key atrule">Type</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> SSM <span class="token punctuation">:</span> <span class="token punctuation">:</span> Parameter <span class="token punctuation">:</span> <span class="token punctuation">:</span> Value&lt;String <span class="token punctuation">&gt;</span>
    <span class="token key atrule">Default</span> <span class="token punctuation">:</span> /cdk <span class="token punctuation">-</span> bootstrap/hnb659fds/version
    <span class="token key atrule">Description</span> <span class="token punctuation">:</span> Version of the CDK Bootstrap resources in this environment <span class="token punctuation">,</span> automatically retrieved from SSM Parameter Store. <span class="token punctuation">[</span> cdk <span class="token punctuation">:</span> skip <span class="token punctuation">]</span>
<span class="token key atrule">Rules</span> <span class="token punctuation">:</span>
  <span class="token key atrule">CheckBootstrapVersion</span> <span class="token punctuation">:</span>
    <span class="token key atrule">Assertions</span> <span class="token punctuation">:</span>
      <span class="token punctuation">-</span> <span class="token key atrule">Assert</span> <span class="token punctuation">:</span>
          <span class="token key atrule">Fn::Not</span> <span class="token punctuation">:</span>
            <span class="token punctuation">-</span> <span class="token key atrule">Fn::Contains</span> <span class="token punctuation">:</span>
                <span class="token punctuation">-</span> <span class="token punctuation">-</span> <span class="token string">"1"</span>
                  <span class="token punctuation">-</span> <span class="token string">"2"</span>
                  <span class="token punctuation">-</span> <span class="token string">"3"</span>
                  <span class="token punctuation">-</span> <span class="token string">"4"</span>
                  <span class="token punctuation">-</span> <span class="token string">"5"</span>
                <span class="token punctuation">-</span> <span class="token key atrule">Ref</span> <span class="token punctuation">:</span> BootstrapVersion
        <span class="token key atrule">AssertDescription</span> <span class="token punctuation">:</span> CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

Resources :

VNTechiesAWSCDKS3demobucketkey2DF32451 :

Properties :

KeyPolicy :

Statement :

- Action : kms : *

Effect : Allow

Principal :

AWS :

Fn::Join :

- ""

- - "arn:"

- Ref : AWS : : Partition

- ":iam::"

- : root

Resource : "*"

- Action :

- kms : Decrypt

- kms : DescribeKey

Effect : Allow

Principal :

AWS :

Fn::Join :

- ""

- - "arn:"

- ":iam::"

- : root

Resource : "*"

Version : "2012-10-17"

UpdateReplacePolicy : Retain

DeletionPolicy : Retain

Metadata :

aws:cdk:path : aws - cdk - python - s3/VNTechies - AWS - CDK - S3 - demo - bucket - key/Resource

VNTechiesAWSCDKS3demobucketB20DE88B :

Properties :

BucketEncryption :

ServerSideEncryptionConfiguration :

- ServerSideEncryptionByDefault :

KMSMasterKeyID :

Fn::GetAtt :

- VNTechiesAWSCDKS3demobucketkey2DF32451

- Arn

SSEAlgorithm : aws : kms

OwnershipControls :

Rules :

- ObjectOwnership : BucketOwnerEnforced

PublicAccessBlockConfiguration :

BlockPublicAcls : true

BlockPublicPolicy : true

IgnorePublicAcls : true

RestrictPublicBuckets : true

UpdateReplacePolicy : Retain

DeletionPolicy : Retain

Metadata :

VNTechiesAWSCDKS3demobucketPolicy2584B1E9 :

Properties :

Bucket :

Ref : VNTechiesAWSCDKS3demobucketB20DE88B

PolicyDocument :

Statement :

- Action :

- s3 : GetBucket*

- s3 : GetObject*

- s3 : List*

Effect : Allow

Principal :

AWS :

Fn::Join :

- ""

- - "arn:"

- ":iam::"

- : root

Resource :

- Fn::GetAtt :

- VNTechiesAWSCDKS3demobucketB20DE88B

- Arn

- Fn::Join :

- ""

- - Fn::GetAtt :

- VNTechiesAWSCDKS3demobucketB20DE88B

- Arn

- /*

Version : "2012-10-17"

Metadata :

CDKMetadata :

Properties :

Analytics : v2 : deflate64 : H4sIAAAAAAAA/0XIQQrCMBCF4bN0n4zWgLi2SzelPYDUacQxbQKdBAkhd7chgqv/ve8E6gJtM31Y4mzkQg9Io5/QiJ3uyawM6aaj6J52TxasIF0DGu0L/VZN7xbC+Of6cy4yaHZhQ1125+xMnpzNoo/+5exBQXuEc/NmIrkF62nVMNR+AXbnt16gAAAA

Metadata :

Condition : CDKMetadataAvailable

Conditions :

CDKMetadataAvailable :

Fn::Or :

- Fn::Or :

- Fn::Equals :

- af - south - 1

- Fn::Equals :

- ap - east - 1

- Fn::Equals :

- ap - northeast - 1

- Fn::Equals :

- ap - northeast - 2

- Fn::Equals :

- ap - south - 1

- Fn::Equals :

- ap - southeast - 1

- Fn::Equals :

- ap - southeast - 2

- Fn::Equals :

- ca - central - 1

- Fn::Equals :

- cn - north - 1

- Fn::Equals :

- cn - northwest - 1

- Fn::Or :

- Fn::Equals :

- eu - central - 1

- Fn::Equals :

- eu - north - 1

- Fn::Equals :

- eu - south - 1

- Fn::Equals :

- eu - west - 1

- Fn::Equals :

- eu - west - 2

- Fn::Equals :

- eu - west - 3

- Fn::Equals :

- me - south - 1

- Fn::Equals :

- sa - east - 1

- Fn::Equals :

- us - east - 1

- Fn::Equals :

- us - east - 2

- Fn::Or :

- Fn::Equals :

- us - west - 1

- Fn::Equals :

- us - west - 2

Parameters :

BootstrapVersion :

Type : AWS : : SSM : : Parameter : : Value<String >

Default : /cdk - bootstrap/hnb659fds/version

Description : Version of the CDK Bootstrap resources in this environment , automatically retrieved from SSM Parameter Store. [ cdk : skip ]

Rules :

CheckBootstrapVersion :

Assertions :

- Assert :

Fn::Not :

- Fn::Contains :

- - "1"

- "2"

- "3"

- "4"

- "5"

- Ref : BootstrapVersion

AssertDescription : CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.

After running the above command, a CloudFormation in YAML format will be printed to stdout. In addition, the directory cdk.out is also created with template files in JSON format so that it can be deployed on AWS Cloud through CloudFormation.

├── README.md
├── app.py
├── aws_cdk_python_s3
│   ├── __init__.py
│   ├── __pycache__
│   │   ├── __init__.cpython-310.pyc
│   │   └── aws_cdk_python_s3_stack.cpython-310.pyc
│   └── aws_cdk_python_s3_stack.py
├── cdk.json
├── cdk.out
│   ├── aws-cdk-python-s3.assets.json
│   ├── aws-cdk-python-s3.template.json
│   ├── cdk.out
│   ├── manifest.json
│   └── tree.json
├── requirements-dev.txt
├── requirements.txt
├── source.bat
└── tests
    ├── __init__.py
    └── unit
        ├── __init__.py
        └── test_aws_cdk_python_s3_stack.py

├── README.md

├── app.py

├── aws_cdk_python_s3

│ ├── __init__.py

│ ├── __pycache__

│ │ ├── __init__.cpython-310.pyc

│ │ └── aws_cdk_python_s3_stack.cpython-310.pyc

│ └── aws_cdk_python_s3_stack.py

├── cdk.json

├── cdk.out

│ ├── aws-cdk-python-s3.assets.json

│ ├── aws-cdk-python-s3.template.json

│ ├── cdk.out

│ ├── manifest.json

│ └── tree.json

├── requirements-dev.txt

├── requirements.txt

├── source.bat

└── tests

├── __init__.py

└── unit

├── __init__.py

└── test_aws_cdk_python_s3_stack.py

6. Deploy Amazon S3 Bucket to AWS Cloud Using AWS CDK

If this is your first time running the deploy command, you will need to bootstrap your AWS CDK application before it can be deployed to AWS[^1], which will help create the resources needed for the CDK toolkit to deploy your application. friends, they include: S3 bucket, IAM roles, SSM Parameter,…

cdk bootstrap

1 2	cdk bootstrap

To deploy the S3 bucket on AWS, we run the following command

cdk deploy

1 2	cdk deploy

You can check the generated KMS key and S3 on the AWS console

7. Clean up resources

To clean up the created resource, use destroy command

cdk destroy

<span class="token comment"># output</span>
Are you sure you want to delete: aws-cdk-python-s3 <span class="token punctuation">(</span> y/n <span class="token punctuation">)</span> ? y
aws-cdk-python-s3: destroying <span class="token punctuation">..</span> .

 ✅  aws-cdk-python-s3: destroyed

cdk destroy

# output

Are you sure you want to delete: aws-cdk-python-s3 ( y/n ) ? y

aws-cdk-python-s3: destroying .. .

✅ aws-cdk-python-s3: destroyed

summary

We have successfully created an Amazon S3 Bucket using the AWS CDK with Python with some attributes that increase the security of the bucket. You can refer to the articles and tutorials about AWS CDK in this series

Original article on VNTechies Dev Blog

https://dev.vntechies.com/blog/aws/cdk/tao-s3-bucket-voi-aws-cdk

References

Share the news now

Source : Viblo

Create an Amazon S3 bucket using AWS CDK

1. Install AWS CDK

2. Install AWS CLI and install AWS profile

3. Create an AWS CDK Python project

4. Create an Amazon S3 Bucket construct with the AWS CDK

5. Synthesize Amazon S3 Bucket with AWS CDK

6. Deploy Amazon S3 Bucket to AWS Cloud Using AWS CDK

7. Clean up resources

summary

Original article on VNTechies Dev Blog

References

TikTok becomes the second largest social platform in South Africa

The fastest depreciating after 9 months of launch, iPhone 14 Pro Max continues to break the bottom in Vietnam

Beginner's guide to R: Introduction

10 essential SublimeText plugins for JavaScript developers