Documentation

Provides information about the S3 bucket that a finding applies to.

See: newS3Bucket smart constructor.

Create a value of S3Bucket with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:arn:S3Bucket', s3Bucket_arn - The Amazon Resource Name (ARN) of the bucket.

$sel:createdAt:S3Bucket', s3Bucket_createdAt - The date and time, in UTC and extended ISO 8601 format, when the bucket was created.

$sel:owner:S3Bucket', s3Bucket_owner - The display name and canonical user ID for the Amazon Web Services account that owns the bucket.

$sel:name:S3Bucket', s3Bucket_name - The name of the bucket.

$sel:defaultServerSideEncryption:S3Bucket', s3Bucket_defaultServerSideEncryption - The type of server-side encryption that's used by default to encrypt objects in the bucket.

$sel:allowsUnencryptedObjectUploads:S3Bucket', s3Bucket_allowsUnencryptedObjectUploads - Specifies whether the bucket policy for the bucket requires server-side encryption of objects when objects are uploaded to the bucket. Possible values are:

• FALSE - The bucket policy requires server-side encryption of new objects. PutObject requests must include the x-amz-server-side-encryption header and the value for that header must be AES256 or aws:kms.
• TRUE - The bucket doesn't have a bucket policy or it has a bucket policy that doesn't require server-side encryption of new objects. If a bucket policy exists, it doesn't require PutObject requests to include the x-amz-server-side-encryption header and it doesn't require the value for that header to be AES256 or aws:kms.
• UNKNOWN - Amazon Macie can't determine whether the bucket policy requires server-side encryption of objects.

$sel:publicAccess:S3Bucket', s3Bucket_publicAccess - The permissions settings that determine whether the bucket is publicly accessible.

$sel:tags:S3Bucket', s3Bucket_tags - The tags that are associated with the bucket.

The Amazon Resource Name (ARN) of the bucket.

The date and time, in UTC and extended ISO 8601 format, when the bucket was created.

The display name and canonical user ID for the Amazon Web Services account that owns the bucket.

The name of the bucket.

The type of server-side encryption that's used by default to encrypt objects in the bucket.

Specifies whether the bucket policy for the bucket requires server-side encryption of objects when objects are uploaded to the bucket. Possible values are:

• FALSE - The bucket policy requires server-side encryption of new objects. PutObject requests must include the x-amz-server-side-encryption header and the value for that header must be AES256 or aws:kms.
• TRUE - The bucket doesn't have a bucket policy or it has a bucket policy that doesn't require server-side encryption of new objects. If a bucket policy exists, it doesn't require PutObject requests to include the x-amz-server-side-encryption header and it doesn't require the value for that header to be AES256 or aws:kms.
• UNKNOWN - Amazon Macie can't determine whether the bucket policy requires server-side encryption of objects.

The permissions settings that determine whether the bucket is publicly accessible.

The tags that are associated with the bucket.