agent-claw: automated task changes

2026-05-06 18:55:16 -05:00
parent 38905bb1e9
commit 732b00fb66
8494 changed files with 2018127 additions and 4 deletions
--- a/cdk/node_modules/aws-cdk-lib/aws-s3/.jsiirc.json
+++ b/cdk/node_modules/aws-cdk-lib/aws-s3/.jsiirc.json
@@ -0,0 +1,13 @@
+{
+  "targets": {
+    "java": {
+      "package": "software.amazon.awscdk.services.s3"
+    },
+    "dotnet": {
+      "namespace": "Amazon.CDK.AWS.S3"
+    },
+    "python": {
+      "module": "aws_cdk.aws_s3"
+    }
+  }
+}
--- a/cdk/node_modules/aws-cdk-lib/aws-s3/README.md
+++ b/cdk/node_modules/aws-cdk-lib/aws-s3/README.md
--- a/cdk/node_modules/aws-cdk-lib/aws-s3/index.d.ts
+++ b/cdk/node_modules/aws-cdk-lib/aws-s3/index.d.ts
@@ -0,0 +1 @@
+export * from './lib';
--- a/cdk/node_modules/aws-cdk-lib/aws-s3/index.js
+++ b/cdk/node_modules/aws-cdk-lib/aws-s3/index.js
--- a/cdk/node_modules/aws-cdk-lib/aws-s3/lib/bucket-grants.d.ts
+++ b/cdk/node_modules/aws-cdk-lib/aws-s3/lib/bucket-grants.d.ts
@@ -0,0 +1,139 @@
+import type { GrantReplicationPermissionProps } from './bucket';
+import type { IBucketRef } from './s3.generated';
+import type { IGrantable } from '../../aws-iam';
+import { Grant } from '../../aws-iam';
+import type * as iam from '../../aws-iam/lib/grant';
+/**
+ * Collection of grant methods for a Bucket
+ */
+export declare class BucketGrants {
+    private readonly bucket;
+    private readonly encryptedResource?;
+    private readonly policyResource?;
+    /**
+     * Creates grants for an IBucketRef
+     */
+    static fromBucket(bucket: IBucketRef): BucketGrants;
+    private constructor();
+    /**
+     * Grant read permissions for this bucket and its contents to an IAM
+     * principal (Role/Group/User).
+     *
+     * If encryption is used, permission to use the key to decrypt the contents
+     * of the bucket will also be granted to the same principal.
+     *
+     * @param identity The principal
+     * @param objectsKeyPattern Restrict the permission to a certain key pattern (default '*'). Parameter type is `any` but `string` should be passed in.
+     */
+    read(identity: IGrantable, objectsKeyPattern?: any): Grant;
+    /**
+     * Grant write permissions for this bucket and its contents to an IAM
+     * principal (Role/Group/User).
+     *
+     * If encryption is used, permission to use the key to decrypt the contents
+     * of the bucket will also be granted to the same principal.
+     *
+     * @param identity The principal
+     * @param objectsKeyPattern Restrict the permission to a certain key pattern (default '*'). Parameter type is `any` but `string` should be passed in.
+     */
+    write(identity: IGrantable, objectsKeyPattern?: any, allowedActionPatterns?: string[]): Grant;
+    /**
+     * Grants s3:DeleteObject* permission to an IAM principal for objects
+     * in this bucket.
+     *
+     * @param grantee The principal
+     * @param objectsKeyPattern Restrict the permission to a certain key pattern (default '*'). Parameter type is `any` but `string` should be passed in.
+     */
+    delete(grantee: IGrantable, objectsKeyPattern?: any): Grant;
+    /**
+     * Allows unrestricted access to objects from this bucket.
+     *
+     * IMPORTANT: This permission allows anyone to perform actions on S3 objects
+     * in this bucket, which is useful for when you configure your bucket as a
+     * website and want everyone to be able to read objects in the bucket without
+     * needing to authenticate.
+     *
+     * Without arguments, this method will grant read ("s3:GetObject") access to
+     * all objects ("*") in the bucket.
+     *
+     * The method returns the `iam.Grant` object, which can then be modified
+     * as needed. For example, you can add a condition that will restrict access only
+     * to an IPv4 range like this:
+     *
+     *     const grant = bucket.grantPublicAccess();
+     *     grant.resourceStatement!.addCondition(‘IpAddress’, { “aws:SourceIp”: “54.240.143.0/24” });
+     *
+     * Note that if this `IBucket` refers to an existing bucket, possibly not
+     * managed by CloudFormation, this method will have no effect, since it's
+     * impossible to modify the policy of an existing bucket.
+     *
+     * @param keyPrefix the prefix of S3 object keys (e.g. `home/*`). Default is "*".
+     * @param allowedActions the set of S3 actions to allow. Default is "s3:GetObject".
+     */
+    publicAccess(keyPrefix?: string, ...allowedActions: string[]): Grant;
+    /**
+     * Grants s3:PutObject* and s3:Abort* permissions for this bucket to an IAM principal.
+     *
+     * If encryption is used, permission to use the key to encrypt the contents
+     * of written files will also be granted to the same principal.
+     * @param identity The principal
+     * @param objectsKeyPattern Restrict the permission to a certain key pattern (default '*'). Parameter type is `any` but `string` should be passed in.
+     */
+    put(identity: IGrantable, objectsKeyPattern?: any): Grant;
+    /**
+     * Grants s3:PutObjectAcl and s3:PutObjectVersionAcl permissions for this bucket to an IAM principal.
+     *
+     * If encryption is used, permission to use the key to encrypt the contents
+     * of written files will also be granted to the same principal.
+     * @param identity The principal
+     * @param objectsKeyPattern Restrict the permission to a certain key pattern (default '*'). Parameter type is `any` but `string` should be passed in.
+     */
+    putAcl(identity: IGrantable, objectsKeyPattern?: string): Grant;
+    /**
+     * Grants the given actions on the bucket's objects to the given principal.
+     *
+     * KMS actions (prefixed with `kms:`) are automatically separated and granted on the encryption key.
+     *
+     * @param identity The principal to grant permissions to.
+     * @param objectsKeyPattern Restrict the permission to a certain key pattern (default '*').
+     * @param actions The S3 and/or KMS actions to grant.
+     */
+    actionsOnObjectKeys(identity: IGrantable, objectsKeyPattern?: string, ...actions: string[]): Grant;
+    /**
+     * Grants the given actions on both the bucket and the bucket's objects to the given principal.
+     *
+     * KMS actions (prefixed with `kms:`) are automatically separated and granted on the encryption key.
+     *
+     * @param identity The principal to grant permissions to.
+     * @param objectsKeyPattern Restrict the permission to a certain key pattern (default '*').
+     * @param actions The S3 and/or KMS actions to grant.
+     */
+    actionsOnBucketAndObjectKeys(identity: IGrantable, objectsKeyPattern?: string, ...actions: string[]): Grant;
+    /**
+     * Grant read and write permissions for this bucket and its contents to an IAM
+     * principal (Role/Group/User).
+     *
+     * If encryption is used, permission to use the key to decrypt the contents
+     * of the bucket will also be granted to the same principal.
+     *
+     * @param identity The principal
+     * @param objectsKeyPattern Restrict the permission to a certain key pattern (default '*'). Parameter type is `any` but `string` should be passed in.
+     */
+    readWrite(identity: IGrantable, objectsKeyPattern?: any): Grant;
+    private get putActions();
+    private get writeActions();
+    /**
+     * Grant replication permission to a principal.
+     * This method allows the principal to perform replication operations on this bucket.
+     *
+     * Note that when calling this function for source or destination buckets that support KMS encryption,
+     * you need to specify the KMS key for encryption and the KMS key for decryption, respectively.
+     *
+     * @param identity The principal to grant replication permission to.
+     * @param props The properties of the replication source and destination buckets.
+     */
+    replicationPermission(identity: IGrantable, props: GrantReplicationPermissionProps): iam.Grant;
+    private grantActions;
+    private grant;
+    private arnForObjects;
+}
--- a/cdk/node_modules/aws-cdk-lib/aws-s3/lib/bucket-grants.js
+++ b/cdk/node_modules/aws-cdk-lib/aws-s3/lib/bucket-grants.js
--- a/cdk/node_modules/aws-cdk-lib/aws-s3/lib/bucket-policy.d.ts
+++ b/cdk/node_modules/aws-cdk-lib/aws-s3/lib/bucket-policy.d.ts
@@ -0,0 +1,76 @@
+import type { Construct } from 'constructs';
+import type { IBucket } from './bucket';
+import type { BucketPolicyReference, IBucketPolicyRef } from './s3.generated';
+import { CfnBucketPolicy } from './s3.generated';
+import { PolicyDocument } from '../../aws-iam';
+import type { RemovalPolicy } from '../../core';
+import { Resource } from '../../core';
+export interface BucketPolicyProps {
+    /**
+     * The Amazon S3 bucket that the policy applies to.
+     */
+    readonly bucket: IBucket;
+    /**
+     * Policy to apply when the policy is removed from this stack.
+     *
+     * @default - RemovalPolicy.DESTROY.
+     */
+    readonly removalPolicy?: RemovalPolicy;
+    /**
+     * Policy document to apply to the bucket.
+     *
+     * @default - A new empty PolicyDocument will be created.
+     */
+    readonly document?: PolicyDocument;
+}
+/**
+ * The bucket policy for an Amazon S3 bucket
+ *
+ * Policies define the operations that are allowed on this resource.
+ *
+ * You almost never need to define this construct directly.
+ *
+ * All AWS resources that support resource policies have a method called
+ * `addToResourcePolicy()`, which will automatically create a new resource
+ * policy if one doesn't exist yet, otherwise it will add to the existing
+ * policy.
+ *
+ * The bucket policy method is implemented differently than `addToResourcePolicy()`
+ * as `BucketPolicy()` creates a new policy without knowing one earlier existed.
+ * e.g. if during Bucket creation, if `autoDeleteObject:true`, these policies are
+ * added to the bucket policy:
+ *    ["s3:DeleteObject*", "s3:GetBucket*", "s3:List*", "s3:PutBucketPolicy"],
+ * and when you add a new BucketPolicy with ["s3:GetObject", "s3:ListBucket"] on
+ * this existing bucket, invoking `BucketPolicy()` will create a new Policy
+ * without knowing one earlier exists already, so it creates a new one.
+ * In this case, the custom resource handler will not have access to
+ * `s3:GetBucketTagging` action which will cause failure during deletion of stack.
+ *
+ * Hence its strongly recommended to use `addToResourcePolicy()` method to add
+ * new permissions to existing policy.
+ *
+ */
+export declare class BucketPolicy extends Resource implements IBucketPolicyRef {
+    /** Uniquely identifies this class. */
+    static readonly PROPERTY_INJECTION_ID: string;
+    /**
+     * Create a mutable `BucketPolicy` from a `CfnBucketPolicy`.
+     */
+    static fromCfnBucketPolicy(cfnBucketPolicy: CfnBucketPolicy): BucketPolicy;
+    readonly bucketPolicyRef: BucketPolicyReference;
+    /**
+     * A policy document containing permissions to add to the specified bucket.
+     * For more information, see Access Policy Language Overview in the Amazon
+     * Simple Storage Service Developer Guide.
+     */
+    readonly document: PolicyDocument;
+    /** The Bucket this Policy applies to. */
+    readonly bucket: IBucket;
+    private resource;
+    constructor(scope: Construct, id: string, props: BucketPolicyProps);
+    /**
+     * Sets the removal policy for the BucketPolicy.
+     * @param removalPolicy the RemovalPolicy to set.
+     */
+    applyRemovalPolicy(removalPolicy: RemovalPolicy): void;
+}
--- a/cdk/node_modules/aws-cdk-lib/aws-s3/lib/bucket-policy.js
+++ b/cdk/node_modules/aws-cdk-lib/aws-s3/lib/bucket-policy.js
--- a/cdk/node_modules/aws-cdk-lib/aws-s3/lib/bucket-reflection.d.ts
+++ b/cdk/node_modules/aws-cdk-lib/aws-s3/lib/bucket-reflection.d.ts
@@ -0,0 +1,59 @@
+import type { CfnBucket, CfnBucketPolicy } from './s3.generated';
+import type { CfnKey } from '../../aws-kms';
+import type { IBucketRef } from '../../interfaces/generated/aws-s3-interfaces.generated';
+/**
+ * Provides read-only reflection on the configuration of an S3 Bucket's
+ * underlying CfnBucket resource.
+ *
+ * Use `BucketReflection.of()` to obtain an instance from any Bucket reference.
+ * All getters read directly from the L1 resource, providing a single source of
+ * truth regardless of whether the bucket was created as an L2, imported, or
+ * constructed directly as a CfnBucket.
+ */
+export declare class BucketReflection {
+    /**
+     * Creates a BucketReflection for the given bucket reference.
+     *
+     * Resolves the underlying CfnBucket from the construct tree.
+     *
+     * @param bucketRef - The bucket reference to reflect on.
+     * @throws If the underlying CfnBucket resource cannot be found.
+     */
+    static of(bucketRef: IBucketRef): BucketReflection;
+    /**
+     * The CfnBucket L1 resource that is reflected on.
+     *
+     * @throws If the underlying CfnBucket resource cannot be found.
+     */
+    get bucket(): CfnBucket;
+    private readonly ref;
+    private readonly _bucket;
+    private constructor();
+    /**
+     * The domain name of the static website endpoint.
+     *
+     * Derived from the bucket's website URL attribute.
+     */
+    get bucketWebsiteDomainName(): string;
+    /**
+     * Whether the bucket is configured for static website hosting.
+     */
+    get isWebsite(): boolean | undefined;
+    /**
+     * Whether the bucket's public access block configuration blocks public bucket policies.
+     */
+    get disallowPublicAccess(): boolean | undefined;
+    /**
+     * The bucket policy associated with this bucket, if any.
+     *
+     * Searches the construct tree for a CfnBucketPolicy that references this bucket.
+     */
+    get policy(): CfnBucketPolicy | undefined;
+    /**
+     * The KMS key used for server-side encryption, if any.
+     *
+     * Searches the construct tree for a CfnKey referenced by the bucket's
+     * encryption configuration.
+     */
+    get encryptionKey(): CfnKey | undefined;
+}
--- a/cdk/node_modules/aws-cdk-lib/aws-s3/lib/bucket-reflection.js
+++ b/cdk/node_modules/aws-cdk-lib/aws-s3/lib/bucket-reflection.js
@@ -0,0 +1 @@
+"use strict";var __runInitializers=exports&&exports.__runInitializers||function(thisArg,initializers,value){for(var useValue=arguments.length>2,i=0;i<initializers.length;i++)value=useValue?initializers[i].call(thisArg,value):initializers[i].call(thisArg);return useValue?value:void 0},__esDecorate=exports&&exports.__esDecorate||function(ctor,descriptorIn,decorators,contextIn,initializers,extraInitializers){function accept(f){if(f!==void 0&&typeof f!="function")throw new TypeError("Function expected");return f}for(var kind=contextIn.kind,key=kind==="getter"?"get":kind==="setter"?"set":"value",target=!descriptorIn&&ctor?contextIn.static?ctor:ctor.prototype:null,descriptor=descriptorIn||(target?Object.getOwnPropertyDescriptor(target,contextIn.name):{}),_,done=!1,i=decorators.length-1;i>=0;i--){var context={};for(var p in contextIn)context[p]=p==="access"?{}:contextIn[p];for(var p in contextIn.access)context.access[p]=contextIn.access[p];context.addInitializer=function(f){if(done)throw new TypeError("Cannot add initializers after decoration has completed");extraInitializers.push(accept(f||null))};var result=(0,decorators[i])(kind==="accessor"?{get:descriptor.get,set:descriptor.set}:descriptor[key],context);if(kind==="accessor"){if(result===void 0)continue;if(result===null||typeof result!="object")throw new TypeError("Object expected");(_=accept(result.get))&&(descriptor.get=_),(_=accept(result.set))&&(descriptor.set=_),(_=accept(result.init))&&initializers.unshift(_)}else(_=accept(result))&&(kind==="field"?initializers.unshift(_):descriptor[key]=_)}target&&Object.defineProperty(target,contextIn.name,descriptor),done=!0};Object.defineProperty(exports,"__esModule",{value:!0}),exports.BucketReflection=void 0;var cfn_key_matcher_1=()=>{var tmp=require("../../aws-kms/lib/private/cfn-key-matcher");return cfn_key_matcher_1=()=>tmp,tmp},core_1=()=>{var tmp=require("../../core");return core_1=()=>tmp,tmp},helpers_internal_1=()=>{var tmp=require("../../core/lib/helpers-internal");return helpers_internal_1=()=>tmp,tmp},literal_string_1=()=>{var tmp=require("../../core/lib/private/literal-string");return literal_string_1=()=>tmp,tmp};let BucketReflection=(()=>{let _instanceExtraInitializers=[],_get_bucketWebsiteDomainName_decorators;return class BucketReflection2{static{const _metadata=typeof Symbol=="function"&&Symbol.metadata?Object.create(null):void 0;_get_bucketWebsiteDomainName_decorators=[helpers_internal_1().memoizedGetter],__esDecorate(this,null,_get_bucketWebsiteDomainName_decorators,{kind:"getter",name:"bucketWebsiteDomainName",static:!1,private:!1,access:{has:obj=>"bucketWebsiteDomainName"in obj,get:obj=>obj.bucketWebsiteDomainName},metadata:_metadata},null,_instanceExtraInitializers),_metadata&&Object.defineProperty(this,Symbol.metadata,{enumerable:!0,configurable:!0,writable:!0,value:_metadata})}static of(bucketRef){return new BucketReflection2(bucketRef)}get bucket(){if(!this._bucket)throw new(core_1()).UnscopedValidationError((0,literal_string_1().lit)`CannotFindUnderlyingResource`,`Unable to find underlying resource for ${this.ref.node.path}. Please pass the resource construct directly.`);return this._bucket}ref=__runInitializers(this,_instanceExtraInitializers);_bucket;constructor(ref){this.ref=ref,this._bucket=helpers_internal_1().ConstructReflection.of(ref).findCfnResource({cfnResourceType:"AWS::S3::Bucket",matches:cfn=>ref.bucketRef==cfn.bucketRef})}get bucketWebsiteDomainName(){return core_1().Fn.select(2,core_1().Fn.split("/",this.bucket.attrWebsiteUrl))}get isWebsite(){return helpers_internal_1().PropertyReflection.of(this._bucket,"websiteConfiguration").exists()}get disallowPublicAccess(){return helpers_internal_1().PropertyReflection.of(this._bucket,"publicAccessBlockConfiguration.blockPublicPolicy").equals(!0)}get policy(){const resolved=this._bucket||this.ref;return helpers_internal_1().ConstructReflection.of(resolved).findRelatedCfnResource({cfnResourceType:"AWS::S3::BucketPolicy",matches:policy=>{const reversed=core_1().Tokenization.reverse(policy.bucket)||policy.bucket;return core_1().Reference.isReference(reversed)?resolved===reversed.target:new Set([resolved.ref,resolved.bucketRef?.bucketName,resolved.bucketRef?.bucketArn].filter(Boolean)).has(reversed)||String(reversed).includes(resolved.node.id)}})}get encryptionKey(){if(!this._bucket)return;const kmsMasterKeyId=helpers_internal_1().PropertyReflection.of(this._bucket,"bucketEncryption.serverSideEncryptionConfiguration.0.serverSideEncryptionByDefault.kmsMasterKeyId").get();if(kmsMasterKeyId)return helpers_internal_1().ConstructReflection.of(this._bucket).findRelatedCfnResource(new(cfn_key_matcher_1()).CfnKeyMatcher(kmsMasterKeyId))}}})();exports.BucketReflection=BucketReflection;
--- a/cdk/node_modules/aws-cdk-lib/aws-s3/lib/bucket.d.ts
+++ b/cdk/node_modules/aws-cdk-lib/aws-s3/lib/bucket.d.ts
--- a/cdk/node_modules/aws-cdk-lib/aws-s3/lib/bucket.js
+++ b/cdk/node_modules/aws-cdk-lib/aws-s3/lib/bucket.js
--- a/cdk/node_modules/aws-cdk-lib/aws-s3/lib/destination.d.ts
+++ b/cdk/node_modules/aws-cdk-lib/aws-s3/lib/destination.d.ts
@@ -0,0 +1,41 @@
+import type { Construct, IDependable } from 'constructs';
+import type { IBucketRef } from './s3.generated';
+/**
+ * Implemented by constructs that can be used as bucket notification destinations.
+ */
+export interface IBucketNotificationDestination {
+    /**
+     * Registers this resource to receive notifications for the specified
+     * bucket. This method will only be called once for each destination/bucket
+     * pair and the result will be cached, so there is no need to implement
+     * idempotency in each destination.
+     * @param bucket The bucket object to bind to
+     */
+    bind(scope: Construct, bucket: IBucketRef): BucketNotificationDestinationConfig;
+}
+/**
+ * Represents the properties of a notification destination.
+ */
+export interface BucketNotificationDestinationConfig {
+    /**
+     * The notification type.
+     */
+    readonly type: BucketNotificationDestinationType;
+    /**
+     * The ARN of the destination (i.e. Lambda, SNS, SQS).
+     */
+    readonly arn: string;
+    /**
+     * Any additional dependencies that should be resolved before the bucket notification
+     * can be configured (for example, the SNS Topic Policy resource).
+     */
+    readonly dependencies?: IDependable[];
+}
+/**
+ * Supported types of notification destinations.
+ */
+export declare enum BucketNotificationDestinationType {
+    LAMBDA = 0,
+    QUEUE = 1,
+    TOPIC = 2
+}
--- a/cdk/node_modules/aws-cdk-lib/aws-s3/lib/destination.js
+++ b/cdk/node_modules/aws-cdk-lib/aws-s3/lib/destination.js
@@ -0,0 +1 @@
+"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.BucketNotificationDestinationType=void 0;var BucketNotificationDestinationType;(function(BucketNotificationDestinationType2){BucketNotificationDestinationType2[BucketNotificationDestinationType2.LAMBDA=0]="LAMBDA",BucketNotificationDestinationType2[BucketNotificationDestinationType2.QUEUE=1]="QUEUE",BucketNotificationDestinationType2[BucketNotificationDestinationType2.TOPIC=2]="TOPIC"})(BucketNotificationDestinationType||(exports.BucketNotificationDestinationType=BucketNotificationDestinationType={}));
--- a/cdk/node_modules/aws-cdk-lib/aws-s3/lib/index.d.ts
+++ b/cdk/node_modules/aws-cdk-lib/aws-s3/lib/index.d.ts
@@ -0,0 +1,9 @@
+import './private/default-traits';
+export * from './bucket';
+export * from './bucket-grants';
+export * from './bucket-policy';
+export * from './destination';
+export * from './location';
+export * as mixins from './mixins';
+export * from './rule';
+export * from './s3.generated';
--- a/cdk/node_modules/aws-cdk-lib/aws-s3/lib/index.js
+++ b/cdk/node_modules/aws-cdk-lib/aws-s3/lib/index.js
--- a/cdk/node_modules/aws-cdk-lib/aws-s3/lib/location.d.ts
+++ b/cdk/node_modules/aws-cdk-lib/aws-s3/lib/location.d.ts
@@ -0,0 +1,17 @@
+/**
+ * An interface that represents the location of a specific object in an S3 Bucket.
+ */
+export interface Location {
+    /**
+     * The name of the S3 Bucket the object is in.
+     */
+    readonly bucketName: string;
+    /**
+     * The path inside the Bucket where the object is located at.
+     */
+    readonly objectKey: string;
+    /**
+     * The S3 object version.
+     */
+    readonly objectVersion?: string;
+}
--- a/cdk/node_modules/aws-cdk-lib/aws-s3/lib/location.js
+++ b/cdk/node_modules/aws-cdk-lib/aws-s3/lib/location.js
@@ -0,0 +1 @@
+"use strict";Object.defineProperty(exports,"__esModule",{value:!0});
--- a/cdk/node_modules/aws-cdk-lib/aws-s3/lib/mixins/.jsiirc.json
+++ b/cdk/node_modules/aws-cdk-lib/aws-s3/lib/mixins/.jsiirc.json
@@ -0,0 +1,16 @@
+{
+  "targets": {
+    "java": {
+      "package": "software.amazon.awscdk.services.s3.mixins"
+    },
+    "dotnet": {
+      "namespace": "Amazon.CDK.AWS.S3.Mixins"
+    },
+    "python": {
+      "module": "aws_cdk.aws_s3.mixins"
+    },
+    "go": {
+      "packageName": "awss3mixins"
+    }
+  }
+}
--- a/cdk/node_modules/aws-cdk-lib/aws-s3/lib/mixins/bucket-policy.d.ts
+++ b/cdk/node_modules/aws-cdk-lib/aws-s3/lib/mixins/bucket-policy.d.ts
@@ -0,0 +1,18 @@
+import type { IConstruct } from 'constructs';
+import type { PolicyStatement } from '../../../aws-iam';
+import { Mixin } from '../../../core/lib/mixins';
+import { CfnBucketPolicy } from '../s3.generated';
+/**
+ * Adds statements to a bucket policy.
+ */
+export declare class BucketPolicyStatements extends Mixin {
+    private readonly statements;
+    constructor(statements: PolicyStatement[]);
+    supports(construct: IConstruct): construct is CfnBucketPolicy;
+    applyTo(policy: IConstruct): void;
+    /**
+     * CfnBucketPolicy.policyDocument sometimes is a PolicyDocument object
+     * and sometimes is a plain object. We need to handle both cases.
+     */
+    private getPolicyDocument;
+}
--- a/cdk/node_modules/aws-cdk-lib/aws-s3/lib/mixins/bucket-policy.js
+++ b/cdk/node_modules/aws-cdk-lib/aws-s3/lib/mixins/bucket-policy.js
@@ -0,0 +1 @@
+"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.BucketPolicyStatements=void 0;const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var aws_iam_1=()=>{var tmp=require("../../../aws-iam");return aws_iam_1=()=>tmp,tmp},mixins_1=()=>{var tmp=require("../../../core/lib/mixins");return mixins_1=()=>tmp,tmp},s3_generated_1=()=>{var tmp=require("../s3.generated");return s3_generated_1=()=>tmp,tmp};class BucketPolicyStatements extends mixins_1().Mixin{static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_s3.mixins.BucketPolicyStatements",version:"2.252.0"};statements;constructor(statements){super(),this.statements=statements}supports(construct){return s3_generated_1().CfnBucketPolicy.isCfnBucketPolicy(construct)}applyTo(policy){if(!this.supports(policy))return;const policyDocument=this.getPolicyDocument(policy);policyDocument.addStatements(...this.statements),policy.policyDocument=policyDocument}getPolicyDocument(policy){return policy.policyDocument instanceof aws_iam_1().PolicyDocument?policy.policyDocument:aws_iam_1().PolicyDocument.fromJson(policy.policyDocument)}}exports.BucketPolicyStatements=BucketPolicyStatements;
--- a/cdk/node_modules/aws-cdk-lib/aws-s3/lib/mixins/bucket.d.ts
+++ b/cdk/node_modules/aws-cdk-lib/aws-s3/lib/mixins/bucket.d.ts
@@ -0,0 +1,39 @@
+import type { IConstruct } from 'constructs';
+import { Mixin } from '../../../core/lib/mixins';
+import { BlockPublicAccess } from '../bucket';
+import { CfnBucket } from '../s3.generated';
+/**
+ * S3-specific Mixin to automatically delete all objects from a bucket
+ * when the bucket is removed from the stack or when the stack is deleted.
+ *
+ * Requires the `removalPolicy` to be set to `RemovalPolicy.DESTROY`.
+ *
+ * Apply this mixin to a bucket will add `s3:PutBucketPolicy` to the
+ * bucket policy. This is because during bucket deletion, the custom resource provider
+ * needs to update the bucket policy by adding a deny policy for `s3:PutObject` to
+ * prevent race conditions with external bucket writers.
+ */
+export declare class BucketAutoDeleteObjects extends Mixin {
+    private static AUTO_DELETE_OBJECTS_RESOURCE_TYPE;
+    private static AUTO_DELETE_OBJECTS_TAG;
+    supports(construct: IConstruct): construct is CfnBucket;
+    applyTo(construct: IConstruct): void;
+}
+/**
+ * S3-specific mixin for enabling versioning.
+ */
+export declare class BucketVersioning extends Mixin {
+    private readonly enabled;
+    constructor(enabled?: boolean);
+    supports(construct: IConstruct): construct is CfnBucket;
+    applyTo(construct: IConstruct): void;
+}
+/**
+ * S3-specific mixin for blocking public-access.
+ */
+export declare class BucketBlockPublicAccess extends Mixin {
+    private readonly configOptions;
+    constructor(publicAccessConfig?: BlockPublicAccess);
+    supports(construct: IConstruct): construct is CfnBucket;
+    applyTo(construct: IConstruct): void;
+}
--- a/cdk/node_modules/aws-cdk-lib/aws-s3/lib/mixins/bucket.js
+++ b/cdk/node_modules/aws-cdk-lib/aws-s3/lib/mixins/bucket.js
@@ -0,0 +1 @@
+"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.BucketBlockPublicAccess=exports.BucketVersioning=exports.BucketAutoDeleteObjects=void 0;var jsiiDeprecationWarnings=()=>{var tmp=require("../../../.warnings.jsii.js");return jsiiDeprecationWarnings=()=>tmp,tmp};const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var iam=()=>{var tmp=require("../../../aws-iam");return iam=()=>tmp,tmp},core_1=()=>{var tmp=require("../../../core");return core_1=()=>tmp,tmp},helpers_internal_1=()=>{var tmp=require("../../../core/lib/helpers-internal");return helpers_internal_1=()=>tmp,tmp},mixins_1=()=>{var tmp=require("../../../core/lib/mixins");return mixins_1=()=>tmp,tmp},auto_delete_objects_provider_generated_1=()=>{var tmp=require("../../../custom-resource-handlers/dist/aws-s3/auto-delete-objects-provider.generated");return auto_delete_objects_provider_generated_1=()=>tmp,tmp},bucket_1=()=>{var tmp=require("../bucket");return bucket_1=()=>tmp,tmp},perms=()=>{var tmp=require("../perms");return perms=()=>tmp,tmp},s3_generated_1=()=>{var tmp=require("../s3.generated");return s3_generated_1=()=>tmp,tmp};class BucketAutoDeleteObjects extends mixins_1().Mixin{static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_s3.mixins.BucketAutoDeleteObjects",version:"2.252.0"};static AUTO_DELETE_OBJECTS_RESOURCE_TYPE="Custom::S3AutoDeleteObjects";static AUTO_DELETE_OBJECTS_TAG="aws-cdk:auto-delete-objects";supports(construct){return s3_generated_1().CfnBucket.isCfnBucket(construct)}applyTo(construct){if(!this.supports(construct))return;construct.node.addValidation({validate:()=>{const errors=new Array;return construct.cfnOptions.deletionPolicy!==core_1().CfnDeletionPolicy.DELETE&&errors.push("Cannot use 'AutoDeleteObjects' on a Bucket without setting removal policy to 'DESTROY'."),errors}});const bucketRef=construct.bucketRef,scope=helpers_internal_1().ConstructReflection.of(construct).defaultChildOwner??construct,provider=auto_delete_objects_provider_generated_1().AutoDeleteObjectsProvider.getOrCreateProvider(scope,BucketAutoDeleteObjects.AUTO_DELETE_OBJECTS_RESOURCE_TYPE,{useCfnResponseWrapper:!1,description:`Lambda function for auto-deleting objects in ${bucketRef.bucketName} S3 bucket.`}),policyResult=iam().ResourceWithPolicies.of(construct)?.addToResourcePolicy(new(iam()).PolicyStatement({actions:[...perms().BUCKET_PUT_POLICY_ACTIONS,...perms().BUCKET_READ_METADATA_ACTIONS,...perms().BUCKET_DELETE_ACTIONS],resources:[bucketRef.bucketArn,perms().arnForObjects(bucketRef.bucketArn,"*")],principals:[new(iam()).ArnPrincipal(provider.roleArn)]})),customResource=new(core_1()).CustomResource(scope,"AutoDeleteObjectsCustomResource",{resourceType:BucketAutoDeleteObjects.AUTO_DELETE_OBJECTS_RESOURCE_TYPE,serviceToken:provider.serviceToken,properties:{BucketName:bucketRef.bucketName}});policyResult?.policyDependable&&customResource.node.addDependency(policyResult.policyDependable),core_1().Tags.of(construct).add(BucketAutoDeleteObjects.AUTO_DELETE_OBJECTS_TAG,"true")}}exports.BucketAutoDeleteObjects=BucketAutoDeleteObjects;class BucketVersioning extends mixins_1().Mixin{enabled;static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_s3.mixins.BucketVersioning",version:"2.252.0"};constructor(enabled=!0){super(),this.enabled=enabled}supports(construct){return s3_generated_1().CfnBucket.isCfnBucket(construct)}applyTo(construct){this.supports(construct)&&(construct.versioningConfiguration={status:this.enabled?"Enabled":"Suspended"})}}exports.BucketVersioning=BucketVersioning;class BucketBlockPublicAccess extends mixins_1().Mixin{static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_s3.mixins.BucketBlockPublicAccess",version:"2.252.0"};configOptions;constructor(publicAccessConfig=bucket_1().BlockPublicAccess.BLOCK_ALL){super();try{jsiiDeprecationWarnings().aws_cdk_lib_aws_s3_BlockPublicAccess(publicAccessConfig)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,BucketBlockPublicAccess),error}this.configOptions={blockPublicAcls:publicAccessConfig.blockPublicAcls,blockPublicPolicy:publicAccessConfig.blockPublicPolicy,ignorePublicAcls:publicAccessConfig.ignorePublicAcls,restrictPublicBuckets:publicAccessConfig.restrictPublicBuckets}}supports(construct){return s3_generated_1().CfnBucket.isCfnBucket(construct)}applyTo(construct){this.supports(construct)&&(construct.publicAccessBlockConfiguration={blockPublicAcls:this.configOptions.blockPublicAcls??!0,blockPublicPolicy:this.configOptions.blockPublicPolicy??!0,ignorePublicAcls:this.configOptions.ignorePublicAcls??!0,restrictPublicBuckets:this.configOptions.restrictPublicBuckets??!0})}}exports.BucketBlockPublicAccess=BucketBlockPublicAccess;
--- a/cdk/node_modules/aws-cdk-lib/aws-s3/lib/mixins/index.d.ts
+++ b/cdk/node_modules/aws-cdk-lib/aws-s3/lib/mixins/index.d.ts
@@ -0,0 +1,2 @@
+export * from './bucket';
+export * from './bucket-policy';
--- a/cdk/node_modules/aws-cdk-lib/aws-s3/lib/mixins/index.js
+++ b/cdk/node_modules/aws-cdk-lib/aws-s3/lib/mixins/index.js
@@ -0,0 +1 @@
+"use strict";var __createBinding=exports&&exports.__createBinding||(Object.create?(function(o,m,k,k2){k2===void 0&&(k2=k);var desc=Object.getOwnPropertyDescriptor(m,k);(!desc||("get"in desc?!m.__esModule:desc.writable||desc.configurable))&&(desc={enumerable:!0,get:function(){return m[k]}}),Object.defineProperty(o,k2,desc)}):(function(o,m,k,k2){k2===void 0&&(k2=k),o[k2]=m[k]})),__exportStar=exports&&exports.__exportStar||function(m,exports2){for(var p in m)p!=="default"&&!Object.prototype.hasOwnProperty.call(exports2,p)&&__createBinding(exports2,m,p)};Object.defineProperty(exports,"__esModule",{value:!0});var _noFold;exports.BucketAutoDeleteObjects=void 0,Object.defineProperty(exports,_noFold="BucketAutoDeleteObjects",{enumerable:!0,configurable:!0,get:()=>{var value=require("./bucket").BucketAutoDeleteObjects;return Object.defineProperty(exports,_noFold="BucketAutoDeleteObjects",{enumerable:!0,configurable:!0,value}),value}}),exports.BucketVersioning=void 0,Object.defineProperty(exports,_noFold="BucketVersioning",{enumerable:!0,configurable:!0,get:()=>{var value=require("./bucket").BucketVersioning;return Object.defineProperty(exports,_noFold="BucketVersioning",{enumerable:!0,configurable:!0,value}),value}}),exports.BucketBlockPublicAccess=void 0,Object.defineProperty(exports,_noFold="BucketBlockPublicAccess",{enumerable:!0,configurable:!0,get:()=>{var value=require("./bucket").BucketBlockPublicAccess;return Object.defineProperty(exports,_noFold="BucketBlockPublicAccess",{enumerable:!0,configurable:!0,value}),value}}),exports.BucketPolicyStatements=void 0,Object.defineProperty(exports,_noFold="BucketPolicyStatements",{enumerable:!0,configurable:!0,get:()=>{var value=require("./bucket-policy").BucketPolicyStatements;return Object.defineProperty(exports,_noFold="BucketPolicyStatements",{enumerable:!0,configurable:!0,value}),value}});
--- a/cdk/node_modules/aws-cdk-lib/aws-s3/lib/notifications-resource/index.d.ts
+++ b/cdk/node_modules/aws-cdk-lib/aws-s3/lib/notifications-resource/index.d.ts
@@ -0,0 +1 @@
+export * from './notifications-resource';
--- a/cdk/node_modules/aws-cdk-lib/aws-s3/lib/notifications-resource/index.js
+++ b/cdk/node_modules/aws-cdk-lib/aws-s3/lib/notifications-resource/index.js
@@ -0,0 +1 @@
+"use strict";var __createBinding=exports&&exports.__createBinding||(Object.create?(function(o,m,k,k2){k2===void 0&&(k2=k);var desc=Object.getOwnPropertyDescriptor(m,k);(!desc||("get"in desc?!m.__esModule:desc.writable||desc.configurable))&&(desc={enumerable:!0,get:function(){return m[k]}}),Object.defineProperty(o,k2,desc)}):(function(o,m,k,k2){k2===void 0&&(k2=k),o[k2]=m[k]})),__exportStar=exports&&exports.__exportStar||function(m,exports2){for(var p in m)p!=="default"&&!Object.prototype.hasOwnProperty.call(exports2,p)&&__createBinding(exports2,m,p)};Object.defineProperty(exports,"__esModule",{value:!0});var _noFold;exports.BucketNotifications=void 0,Object.defineProperty(exports,_noFold="BucketNotifications",{enumerable:!0,configurable:!0,get:()=>{var value=require("./notifications-resource").BucketNotifications;return Object.defineProperty(exports,_noFold="BucketNotifications",{enumerable:!0,configurable:!0,value}),value}});
--- a/cdk/node_modules/aws-cdk-lib/aws-s3/lib/notifications-resource/notifications-resource-handler.d.ts
+++ b/cdk/node_modules/aws-cdk-lib/aws-s3/lib/notifications-resource/notifications-resource-handler.d.ts
@@ -0,0 +1,42 @@
+import { Construct } from 'constructs';
+import * as iam from '../../../aws-iam';
+export declare class NotificationsResourceHandlerProps {
+    role?: iam.IRole;
+}
+/**
+ * A Lambda-based custom resource handler that provisions S3 bucket
+ * notifications for a bucket.
+ *
+ * The resource property schema is:
+ *
+ * {
+ *   BucketName: string, NotificationConfiguration: { see
+ *   PutBucketNotificationConfiguration }
+ * }
+ *
+ * For 'Delete' operations, we send an empty NotificationConfiguration as
+ * required. We propagate errors and results as-is.
+ *
+ * Sadly, we can't use aws-cdk-lib/aws-lambda as it will introduce a dependency
+ * cycle, so this uses raw `cdk.Resource`s.
+ */
+export declare class NotificationsResourceHandler extends Construct {
+    /**
+     * Defines a stack-singleton lambda function with the logic for a CloudFormation custom
+     * resource that provisions bucket notification configuration for a bucket.
+     *
+     * @returns The ARN of the custom resource lambda function.
+     */
+    static singleton(context: Construct, props?: NotificationsResourceHandlerProps): NotificationsResourceHandler;
+    /**
+     * The ARN of the handler's lambda function. Used as a service token in the
+     * custom resource.
+     */
+    readonly functionArn: string;
+    /**
+     * The role of the handler's lambda function.
+     */
+    readonly role: iam.IRole;
+    constructor(scope: Construct, id: string, props?: NotificationsResourceHandlerProps);
+    addToRolePolicy(statement: iam.PolicyStatement): void;
+}
--- a/cdk/node_modules/aws-cdk-lib/aws-s3/lib/notifications-resource/notifications-resource-handler.js
+++ b/cdk/node_modules/aws-cdk-lib/aws-s3/lib/notifications-resource/notifications-resource-handler.js
@@ -0,0 +1 @@
+"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.NotificationsResourceHandler=exports.NotificationsResourceHandlerProps=void 0;var fs=()=>{var tmp=require("fs");return fs=()=>tmp,tmp},path=()=>{var tmp=require("path");return path=()=>tmp,tmp},constructs_1=()=>{var tmp=require("constructs");return constructs_1=()=>tmp,tmp},iam=()=>{var tmp=require("../../../aws-iam");return iam=()=>tmp,tmp},runtime_1=()=>{var tmp=require("../../../aws-lambda/lib/runtime");return runtime_1=()=>tmp,tmp},cdk=()=>{var tmp=require("../../../core");return cdk=()=>tmp,tmp};class NotificationsResourceHandlerProps{role}exports.NotificationsResourceHandlerProps=NotificationsResourceHandlerProps;class NotificationsResourceHandler extends constructs_1().Construct{static singleton(context,props={}){const root=cdk().Stack.of(context),logicalId="BucketNotificationsHandler050a0587b7544547bf325f094a3db834";let lambda=root.node.tryFindChild(logicalId);return lambda||(lambda=new NotificationsResourceHandler(root,logicalId,props)),lambda}functionArn;role;constructor(scope,id,props={}){super(scope,id),this.role=props.role??new(iam()).Role(this,"Role",{assumedBy:new(iam()).ServicePrincipal("lambda.amazonaws.com")}),this.role.addManagedPolicy(iam().ManagedPolicy.fromAwsManagedPolicyName("service-role/AWSLambdaBasicExecutionRole"));const resourceType="AWS::Lambda::Function";class InLineLambda extends cdk().CfnResource{tags=new(cdk()).TagManager(cdk().TagType.STANDARD,resourceType);renderProperties(properties){return properties.Tags=cdk().listMapper(cdk().cfnTagToCloudFormation)(this.tags.renderTags()),delete properties.tags,properties}}const handlerSourceWithoutComments=fs().readFileSync(path().join(__dirname,"..","..","..","custom-resource-handlers","dist","aws-s3","notifications-resource-handler","index.py"),"utf8").replace(/^ *#.*\n?/gm,""),resource=new InLineLambda(this,"Resource",{type:resourceType,properties:{Description:'AWS CloudFormation handler for "Custom::S3BucketNotifications" resources (@aws-cdk/aws-s3)',Code:{ZipFile:handlerSourceWithoutComments},Handler:"index.handler",Role:this.role.roleArn,Runtime:runtime_1().Runtime.determineLatestPythonRuntime(this).name,Timeout:300}});resource.node.addDependency(this.role),this.functionArn=resource.getAtt("Arn").toString()}addToRolePolicy(statement){this.role.addToPrincipalPolicy(statement)}}exports.NotificationsResourceHandler=NotificationsResourceHandler;
--- a/cdk/node_modules/aws-cdk-lib/aws-s3/lib/notifications-resource/notifications-resource.d.ts
+++ b/cdk/node_modules/aws-cdk-lib/aws-s3/lib/notifications-resource/notifications-resource.d.ts
@@ -0,0 +1,73 @@
+import { Construct } from 'constructs';
+import * as iam from '../../../aws-iam';
+import type { IBucket, EventType, NotificationKeyFilter } from '../bucket';
+import type { IBucketNotificationDestination } from '../destination';
+interface NotificationsProps {
+    /**
+     * The bucket to manage notifications for.
+     */
+    bucket: IBucket;
+    /**
+     * The role to be used by the lambda handler
+     */
+    handlerRole?: iam.IRole;
+    /**
+     * Skips notification validation of Amazon SQS, Amazon SNS, and Lambda destinations.
+     */
+    skipDestinationValidation: boolean;
+}
+/**
+ * A custom CloudFormation resource that updates bucket notifications for a
+ * bucket. The reason we need it is because the AWS::S3::Bucket notification
+ * configuration is defined on the bucket itself, which makes it impossible to
+ * provision notifications at the same time as the target (since
+ * PutBucketNotifications validates the targets).
+ *
+ * Since only a single BucketNotifications resource is allowed for each Bucket,
+ * this construct is not exported in the public API of this module. Instead, it
+ * is created just-in-time by `s3.Bucket.onEvent`, so a 1:1 relationship is
+ * ensured.
+ *
+ * @see
+ * https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-notificationconfig.html
+ */
+export declare class BucketNotifications extends Construct {
+    private eventBridgeEnabled;
+    private readonly lambdaNotifications;
+    private readonly queueNotifications;
+    private readonly topicNotifications;
+    private resource?;
+    private readonly bucket;
+    private readonly handlerRole?;
+    private readonly skipDestinationValidation;
+    constructor(scope: Construct, id: string, props: NotificationsProps);
+    /**
+     * Adds a notification subscription for this bucket.
+     * If this is the first notification, a BucketNotification resource is added to the stack.
+     *
+     * @param event The type of event
+     * @param target The target construct
+     * @param filters A set of S3 key filters
+     */
+    addNotification(event: EventType, target: IBucketNotificationDestination, ...filters: NotificationKeyFilter[]): void;
+    enableEventBridgeNotification(): void;
+    private renderNotificationConfiguration;
+    /**
+     * Defines the bucket notifications resources in the stack only once.
+     * This is called lazily as we add notifications, so that if notifications are not added,
+     * there is no notifications resource.
+     */
+    private createResourceOnce;
+    /**
+     * Add scoped permissions for managing bucket notifications to the handler's role.
+     *
+     * Grants specific IAM permissions to the bucket ARN instead of using wildcard permissions.
+     * This implements the principle of least privilege by limiting the handler's access to only
+     * the buckets it needs to manage.
+     *
+     * @param handler The notifications resource handler
+     * @param managed Whether this is a managed (CDK-created) bucket
+     */
+    private addHandlerPermissions;
+}
+export {};
--- a/cdk/node_modules/aws-cdk-lib/aws-s3/lib/notifications-resource/notifications-resource.js
+++ b/cdk/node_modules/aws-cdk-lib/aws-s3/lib/notifications-resource/notifications-resource.js
--- a/cdk/node_modules/aws-cdk-lib/aws-s3/lib/perms.d.ts
+++ b/cdk/node_modules/aws-cdk-lib/aws-s3/lib/perms.d.ts
@@ -0,0 +1,16 @@
+/**
+ * Returns an ARN that represents all objects within the bucket that match
+ * the key pattern specified. To represent all keys, specify ``"*"``.
+ *
+ * Default implementation used in various places.
+ */
+export declare function arnForObjects(bucketArn: string, key: string): string;
+export declare const BUCKET_READ_ACTIONS: string[];
+export declare const BUCKET_READ_METADATA_ACTIONS: string[];
+export declare const LEGACY_BUCKET_PUT_ACTIONS: string[];
+export declare const BUCKET_PUT_ACTIONS: string[];
+export declare const BUCKET_PUT_ACL_ACTIONS: string[];
+export declare const BUCKET_PUT_POLICY_ACTIONS: string[];
+export declare const BUCKET_DELETE_ACTIONS: string[];
+export declare const KEY_READ_ACTIONS: string[];
+export declare const KEY_WRITE_ACTIONS: string[];
--- a/cdk/node_modules/aws-cdk-lib/aws-s3/lib/perms.js
+++ b/cdk/node_modules/aws-cdk-lib/aws-s3/lib/perms.js
@@ -0,0 +1 @@
+"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.KEY_WRITE_ACTIONS=exports.KEY_READ_ACTIONS=exports.BUCKET_DELETE_ACTIONS=exports.BUCKET_PUT_POLICY_ACTIONS=exports.BUCKET_PUT_ACL_ACTIONS=exports.BUCKET_PUT_ACTIONS=exports.LEGACY_BUCKET_PUT_ACTIONS=exports.BUCKET_READ_METADATA_ACTIONS=exports.BUCKET_READ_ACTIONS=void 0,exports.arnForObjects=arnForObjects;function arnForObjects(bucketArn,key){return`${bucketArn}/${key}`}exports.BUCKET_READ_ACTIONS=["s3:GetObject*","s3:GetBucket*","s3:List*"],exports.BUCKET_READ_METADATA_ACTIONS=["s3:GetBucket*","s3:List*"],exports.LEGACY_BUCKET_PUT_ACTIONS=["s3:PutObject*","s3:Abort*"],exports.BUCKET_PUT_ACTIONS=["s3:PutObject","s3:PutObjectLegalHold","s3:PutObjectRetention","s3:PutObjectTagging","s3:PutObjectVersionTagging","s3:Abort*"],exports.BUCKET_PUT_ACL_ACTIONS=["s3:PutObjectAcl","s3:PutObjectVersionAcl"],exports.BUCKET_PUT_POLICY_ACTIONS=["s3:PutBucketPolicy"],exports.BUCKET_DELETE_ACTIONS=["s3:DeleteObject*"],exports.KEY_READ_ACTIONS=["kms:Decrypt","kms:DescribeKey"],exports.KEY_WRITE_ACTIONS=["kms:Encrypt","kms:ReEncrypt*","kms:GenerateDataKey*","kms:Decrypt"];
--- a/cdk/node_modules/aws-cdk-lib/aws-s3/lib/private/default-traits.d.ts
+++ b/cdk/node_modules/aws-cdk-lib/aws-s3/lib/private/default-traits.d.ts
@@ -0,0 +1 @@
+export {};
--- a/cdk/node_modules/aws-cdk-lib/aws-s3/lib/private/default-traits.js
+++ b/cdk/node_modules/aws-cdk-lib/aws-s3/lib/private/default-traits.js
@@ -0,0 +1 @@
+"use strict";Object.defineProperty(exports,"__esModule",{value:!0});var aws_iam_1=()=>{var tmp=require("../../../aws-iam");return aws_iam_1=()=>tmp,tmp},aws_kms_1=()=>{var tmp=require("../../../aws-kms");return aws_kms_1=()=>tmp,tmp},core_1=()=>{var tmp=require("../../../core");return core_1=()=>tmp,tmp},literal_string_1=()=>{var tmp=require("../../../core/lib/private/literal-string");return literal_string_1=()=>tmp,tmp},bucket_reflection_1=()=>{var tmp=require("../bucket-reflection");return bucket_reflection_1=()=>tmp,tmp},bucket_policy_1=()=>{var tmp=require("../mixins/bucket-policy");return bucket_policy_1=()=>tmp,tmp},s3_generated_1=()=>{var tmp=require("../s3.generated");return s3_generated_1=()=>tmp,tmp};class EncryptedBucketFactory{forResource(resource){return ifCfnBucket(resource,r=>new EncryptedCfnBucket(r))}}class EncryptedCfnBucket{bucket;env;constructor(bucket){this.bucket=bucket,this.env=bucket.env}grantOnKey(grantee,...actions){const key=bucket_reflection_1().BucketReflection.of(this.bucket).encryptionKey;return{grant:key?aws_kms_1().KeyGrants.fromKey(key).actions(grantee,...actions):void 0}}}class BucketWithPolicyFactory{forResource(resource){return ifCfnBucket(resource,r=>new CfnBucketWithPolicy(r))}}class CfnBucketWithPolicy{bucket;env;policy;constructor(bucket){this.bucket=bucket,this.env=bucket.env}addToResourcePolicy(statement){return this.policy||(this.policy=bucket_reflection_1().BucketReflection.of(this.bucket)?.policy??new(s3_generated_1()).CfnBucketPolicy(this.bucket,"S3BucketPolicy",{bucket:this.bucket.ref,policyDocument:{Statement:[]}})),this.policy.with(new(bucket_policy_1()).BucketPolicyStatements([statement])),{statementAdded:!0,policyDependable:this.policy}}}function ifCfnBucket(resource,factory){if(!s3_generated_1().CfnBucket.isCfnBucket(resource))throw new(core_1()).ValidationError((0,literal_string_1().lit)`Construct`,`Construct ${resource.node.path} is not of type CfnBucket`,resource);return factory(resource)}aws_iam_1().DefaultEncryptedResourceFactories.set("AWS::S3::Bucket",new EncryptedBucketFactory),aws_iam_1().DefaultPolicyFactories.set("AWS::S3::Bucket",new BucketWithPolicyFactory);
--- a/cdk/node_modules/aws-cdk-lib/aws-s3/lib/rule.d.ts
+++ b/cdk/node_modules/aws-cdk-lib/aws-s3/lib/rule.d.ts
@@ -0,0 +1,240 @@
+import type { Duration } from '../../core';
+/**
+ * Declaration of a Life cycle rule
+ */
+export interface LifecycleRule {
+    /**
+     * A unique identifier for this rule. The value cannot be more than 255 characters.
+     */
+    readonly id?: string;
+    /**
+     * Whether this rule is enabled.
+     *
+     * @default true
+     */
+    readonly enabled?: boolean;
+    /**
+     * Specifies a lifecycle rule that aborts incomplete multipart uploads to an Amazon S3 bucket.
+     *
+     * The AbortIncompleteMultipartUpload property type creates a lifecycle
+     * rule that aborts incomplete multipart uploads to an Amazon S3 bucket.
+     * When Amazon S3 aborts a multipart upload, it deletes all parts
+     * associated with the multipart upload.
+     *
+     * The underlying configuration is expressed in whole numbers of days. Providing a Duration that
+     * does not represent a whole number of days will result in a runtime or deployment error.
+     *
+     * @default - Incomplete uploads are never aborted
+     */
+    readonly abortIncompleteMultipartUploadAfter?: Duration;
+    /**
+     * Indicates when objects are deleted from Amazon S3 and Amazon Glacier.
+     *
+     * The date value must be in ISO 8601 format. The time is always midnight UTC.
+     *
+     * If you specify an expiration and transition time, you must use the same
+     * time unit for both properties (either in days or by date). The
+     * expiration time must also be later than the transition time.
+     *
+     * @default - No expiration date
+     */
+    readonly expirationDate?: Date;
+    /**
+     * Indicates the number of days after creation when objects are deleted from Amazon S3 and Amazon Glacier.
+     *
+     * If you specify an expiration and transition time, you must use the same
+     * time unit for both properties (either in days or by date). The
+     * expiration time must also be later than the transition time.
+     *
+     * The underlying configuration is expressed in whole numbers of days. Providing a Duration that
+     * does not represent a whole number of days will result in a runtime or deployment error.
+     *
+     * @default - No expiration timeout
+     */
+    readonly expiration?: Duration;
+    /**
+     * Time between when a new version of the object is uploaded to the bucket and when old versions of the object expire.
+     *
+     * For buckets with versioning enabled (or suspended), specifies the time,
+     * in days, between when a new version of the object is uploaded to the
+     * bucket and when old versions of the object expire. When object versions
+     * expire, Amazon S3 permanently deletes them. If you specify a transition
+     * and expiration time, the expiration time must be later than the
+     * transition time.
+     *
+     * The underlying configuration is expressed in whole numbers of days. Providing a Duration that
+     * does not represent a whole number of days will result in a runtime or deployment error.
+     *
+     * @default - No noncurrent version expiration
+     */
+    readonly noncurrentVersionExpiration?: Duration;
+    /**
+     * Indicates a maximum number of noncurrent versions to retain.
+     *
+     * If there are this many more noncurrent versions,
+     * Amazon S3 permanently deletes them.
+     *
+     * @default - No noncurrent versions to retain
+     */
+    readonly noncurrentVersionsToRetain?: number;
+    /**
+     * One or more transition rules that specify when non-current objects transition to a specified storage class.
+     *
+     * Only for buckets with versioning enabled (or suspended).
+     *
+     * If you specify a transition and expiration time, the expiration time
+     * must be later than the transition time.
+     */
+    readonly noncurrentVersionTransitions?: NoncurrentVersionTransition[];
+    /**
+     * One or more transition rules that specify when an object transitions to a specified storage class.
+     *
+     * If you specify an expiration and transition time, you must use the same
+     * time unit for both properties (either in days or by date). The
+     * expiration time must also be later than the transition time.
+     *
+     * @default - No transition rules
+     */
+    readonly transitions?: Transition[];
+    /**
+     * Object key prefix that identifies one or more objects to which this rule applies.
+     *
+     * @default - Rule applies to all objects
+     */
+    readonly prefix?: string;
+    /**
+     * The TagFilter property type specifies tags to use to identify a subset of objects for an Amazon S3 bucket.
+     *
+     * @default - Rule applies to all objects
+     */
+    readonly tagFilters?: {
+        [tag: string]: any;
+    };
+    /**
+     * Indicates whether Amazon S3 will remove a delete marker with no noncurrent versions.
+     * If set to true, the delete marker will be expired.
+     *
+     * @default false
+     */
+    readonly expiredObjectDeleteMarker?: boolean;
+    /**
+     * Specifies the maximum object size in bytes for this rule to apply to.
+     * Objects must be smaller than this value in bytes.
+     *
+     * @default - No rule
+     */
+    readonly objectSizeLessThan?: number;
+    /**
+     * Specifies the minimum object size in bytes for this rule to apply to.
+     * Objects must be larger than this value in bytes.
+     *
+     * @default - No rule
+     */
+    readonly objectSizeGreaterThan?: number;
+}
+/**
+ * Describes when an object transitions to a specified storage class.
+ */
+export interface Transition {
+    /**
+     * The storage class to which you want the object to transition.
+     */
+    readonly storageClass: StorageClass;
+    /**
+     * Indicates when objects are transitioned to the specified storage class.
+     *
+     * The date value must be in ISO 8601 format. The time is always midnight UTC.
+     *
+     * @default - No transition date.
+     */
+    readonly transitionDate?: Date;
+    /**
+     * Indicates the number of days after creation when objects are transitioned to the specified storage class.
+     *
+     * @default - No transition count.
+     */
+    readonly transitionAfter?: Duration;
+}
+/**
+ * Describes when noncurrent versions transition to a specified storage class.
+ */
+export interface NoncurrentVersionTransition {
+    /**
+     * The storage class to which you want the object to transition.
+     */
+    readonly storageClass: StorageClass;
+    /**
+     * Indicates the number of days after creation when objects are transitioned to the specified storage class.
+     *
+     * @default - No transition count.
+     */
+    readonly transitionAfter: Duration;
+    /**
+     * Indicates the number of noncurrent version objects to be retained. Can be up to 100 noncurrent versions retained.
+     *
+     * @default - No noncurrent version retained.
+     */
+    readonly noncurrentVersionsToRetain?: number;
+}
+/**
+ * Storage class to move an object to
+ */
+export declare class StorageClass {
+    readonly value: string;
+    /**
+     * Storage class for data that is accessed less frequently, but requires rapid
+     * access when needed.
+     *
+     * Has lower availability than Standard storage.
+     */
+    static readonly INFREQUENT_ACCESS: StorageClass;
+    /**
+     * Infrequent Access that's only stored in one availability zone.
+     *
+     * Has lower availability than standard InfrequentAccess.
+     */
+    static readonly ONE_ZONE_INFREQUENT_ACCESS: StorageClass;
+    /**
+     * Storage class for long-term archival that can take between minutes and
+     * hours to access.
+     *
+     * Use for archives where portions of the data might need to be retrieved in
+     * minutes. Data stored in the GLACIER storage class has a minimum storage
+     * duration period of 90 days and can be accessed in as little as 1-5 minutes
+     * using expedited retrieval. If you delete an object before the 90-day
+     * minimum, you are charged for 90 days.
+     */
+    static readonly GLACIER: StorageClass;
+    /**
+     * Storage class for long-term archival that can be accessed in a few milliseconds.
+     *
+     * It is ideal for data that is accessed once or twice per quarter, and
+     * that requires immediate access. Data stored in the GLACIER_IR storage class
+     * has a minimum storage duration period of 90 days and can be accessed in
+     * as milliseconds. If you delete an object before the 90-day minimum,
+     * you are charged for 90 days.
+     */
+    static readonly GLACIER_INSTANT_RETRIEVAL: StorageClass;
+    /**
+     * Use for archiving data that rarely needs to be accessed. Data stored in the
+     * DEEP_ARCHIVE storage class has a minimum storage duration period of 180
+     * days and a default retrieval time of 12 hours. If you delete an object
+     * before the 180-day minimum, you are charged for 180 days. For pricing
+     * information, see Amazon S3 Pricing.
+     */
+    static readonly DEEP_ARCHIVE: StorageClass;
+    /**
+     * The INTELLIGENT_TIERING storage class is designed to optimize storage costs
+     * by automatically moving data to the most cost-effective storage access
+     * tier, without performance impact or operational overhead.
+     * INTELLIGENT_TIERING delivers automatic cost savings by moving data on a
+     * granular object level between two access tiers, a frequent access tier and
+     * a lower-cost infrequent access tier, when access patterns change. The
+     * INTELLIGENT_TIERING storage class is ideal if you want to optimize storage
+     * costs automatically for long-lived data when access patterns are unknown or
+     * unpredictable.
+     */
+    static readonly INTELLIGENT_TIERING: StorageClass;
+    constructor(value: string);
+    toString(): string;
+}
--- a/cdk/node_modules/aws-cdk-lib/aws-s3/lib/rule.js
+++ b/cdk/node_modules/aws-cdk-lib/aws-s3/lib/rule.js
@@ -0,0 +1 @@
+"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.StorageClass=void 0;const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");class StorageClass{value;static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_s3.StorageClass",version:"2.252.0"};static INFREQUENT_ACCESS=new StorageClass("STANDARD_IA");static ONE_ZONE_INFREQUENT_ACCESS=new StorageClass("ONEZONE_IA");static GLACIER=new StorageClass("GLACIER");static GLACIER_INSTANT_RETRIEVAL=new StorageClass("GLACIER_IR");static DEEP_ARCHIVE=new StorageClass("DEEP_ARCHIVE");static INTELLIGENT_TIERING=new StorageClass("INTELLIGENT_TIERING");constructor(value){this.value=value}toString(){return this.value}}exports.StorageClass=StorageClass;
--- a/cdk/node_modules/aws-cdk-lib/aws-s3/lib/s3-canned-metrics.generated.d.ts
+++ b/cdk/node_modules/aws-cdk-lib/aws-s3/lib/s3-canned-metrics.generated.d.ts
@@ -0,0 +1,22 @@
+export interface MetricWithDims<D> {
+    readonly namespace: string;
+    readonly metricName: string;
+    readonly statistic: string;
+    readonly dimensionsMap: D;
+}
+export declare class S3Metrics {
+    static bucketSizeBytesAverage(this: void, dimensions: {
+        BucketName: string;
+        StorageType: string;
+    }): MetricWithDims<{
+        BucketName: string;
+        StorageType: string;
+    }>;
+    static numberOfObjectsAverage(this: void, dimensions: {
+        BucketName: string;
+        StorageType: string;
+    }): MetricWithDims<{
+        BucketName: string;
+        StorageType: string;
+    }>;
+}
--- a/cdk/node_modules/aws-cdk-lib/aws-s3/lib/s3-canned-metrics.generated.js
+++ b/cdk/node_modules/aws-cdk-lib/aws-s3/lib/s3-canned-metrics.generated.js
@@ -0,0 +1 @@
+"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.S3Metrics=void 0;class S3Metrics{static bucketSizeBytesAverage(dimensions){return{namespace:"AWS/S3",metricName:"BucketSizeBytes",dimensionsMap:dimensions,statistic:"Average"}}static numberOfObjectsAverage(dimensions){return{namespace:"AWS/S3",metricName:"NumberOfObjects",dimensionsMap:dimensions,statistic:"Average"}}}exports.S3Metrics=S3Metrics;
--- a/cdk/node_modules/aws-cdk-lib/aws-s3/lib/s3.generated.d.ts
+++ b/cdk/node_modules/aws-cdk-lib/aws-s3/lib/s3.generated.d.ts
--- a/cdk/node_modules/aws-cdk-lib/aws-s3/lib/s3.generated.js
+++ b/cdk/node_modules/aws-cdk-lib/aws-s3/lib/s3.generated.js
--- a/cdk/node_modules/aws-cdk-lib/aws-s3/lib/util.d.ts
+++ b/cdk/node_modules/aws-cdk-lib/aws-s3/lib/util.d.ts
@@ -0,0 +1,4 @@
+import type { IConstruct } from 'constructs';
+import type { BucketAttributes } from './bucket';
+export declare function parseBucketArn(construct: IConstruct, props: BucketAttributes): string;
+export declare function parseBucketName(construct: IConstruct, props: BucketAttributes): string | undefined;
--- a/cdk/node_modules/aws-cdk-lib/aws-s3/lib/util.js
+++ b/cdk/node_modules/aws-cdk-lib/aws-s3/lib/util.js
@@ -0,0 +1 @@
+"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.parseBucketArn=parseBucketArn,exports.parseBucketName=parseBucketName;var cdk=()=>{var tmp=require("../../core");return cdk=()=>tmp,tmp},errors_1=()=>{var tmp=require("../../core/lib/errors");return errors_1=()=>tmp,tmp},literal_string_1=()=>{var tmp=require("../../core/lib/private/literal-string");return literal_string_1=()=>tmp,tmp};function parseBucketArn(construct,props){if(props.bucketArn)return props.bucketArn;if(props.bucketName)return cdk().Stack.of(construct).formatArn({region:"",account:"",service:"s3",resource:props.bucketName});throw new(errors_1()).ValidationError((0,literal_string_1().lit)`CannotDetermineBucketLeastBucket`,"Cannot determine bucket ARN. At least `bucketArn` or `bucketName` is needed",construct)}function parseBucketName(construct,props){if(props.bucketName)return props.bucketName;if(props.bucketArn)return cdk().Stack.of(construct).splitArn(props.bucketArn,cdk().ArnFormat.SLASH_RESOURCE_NAME).resource}
				`@@ -0,0 +1 @@`
				"use strict";var __runInitializers=exports&&exports.__runInitializers\|\|function(thisArg,initializers,value){for(var useValue=arguments.length>2,i=0;i<initializers.length;i++)value=useValue?initializers[i].call(thisArg,value):initializers[i].call(thisArg);return useValue?value:void 0},__esDecorate=exports&&exports.__esDecorate\|\|function(ctor,descriptorIn,decorators,contextIn,initializers,extraInitializers){function accept(f){if(f!==void 0&&typeof f!="function")throw new TypeError("Function expected");return f}for(var kind=contextIn.kind,key=kind==="getter"?"get":kind==="setter"?"set":"value",target=!descriptorIn&&ctor?contextIn.static?ctor:ctor.prototype:null,descriptor=descriptorIn\|\|(target?Object.getOwnPropertyDescriptor(target,contextIn.name):{}),_,done=!1,i=decorators.length-1;i>=0;i--){var context={};for(var p in contextIn)context[p]=p==="access"?{}:contextIn[p];for(var p in contextIn.access)context.access[p]=contextIn.access[p];context.addInitializer=function(f){if(done)throw new TypeError("Cannot add initializers after decoration has completed");extraInitializers.push(accept(f\|\|null))};var result=(0,decorators[i])(kind==="accessor"?{get:descriptor.get,set:descriptor.set}:descriptor[key],context);if(kind==="accessor"){if(result===void 0)continue;if(result===null\|\|typeof result!="object")throw new TypeError("Object expected");(_=accept(result.get))&&(descriptor.get=_),(_=accept(result.set))&&(descriptor.set=_),(_=accept(result.init))&&initializers.unshift(_)}else(_=accept(result))&&(kind==="field"?initializers.unshift(_):descriptor[key]=_)}target&&Object.defineProperty(target,contextIn.name,descriptor),done=!0};Object.defineProperty(exports,"__esModule",{value:!0}),exports.BucketReflection=void 0;var cfn_key_matcher_1=()=>{var tmp=require("../../aws-kms/lib/private/cfn-key-matcher");return cfn_key_matcher_1=()=>tmp,tmp},core_1=()=>{var tmp=require("../../core");return core_1=()=>tmp,tmp},helpers_internal_1=()=>{var tmp=require("../../core/lib/helpers-internal");return helpers_internal_1=()=>tmp,tmp},literal_string_1=()=>{var tmp=require("../../core/lib/private/literal-string");return literal_string_1=()=>tmp,tmp};let BucketReflection=(()=>{let _instanceExtraInitializers=[],_get_bucketWebsiteDomainName_decorators;return class BucketReflection2{static{const _metadata=typeof Symbol=="function"&&Symbol.metadata?Object.create(null):void 0;_get_bucketWebsiteDomainName_decorators=[helpers_internal_1().memoizedGetter],__esDecorate(this,null,_get_bucketWebsiteDomainName_decorators,{kind:"getter",name:"bucketWebsiteDomainName",static:!1,private:!1,access:{has:obj=>"bucketWebsiteDomainName"in obj,get:obj=>obj.bucketWebsiteDomainName},metadata:_metadata},null,_instanceExtraInitializers),_metadata&&Object.defineProperty(this,Symbol.metadata,{enumerable:!0,configurable:!0,writable:!0,value:_metadata})}static of(bucketRef){return new BucketReflection2(bucketRef)}get bucket(){if(!this._bucket)throw new(core_1()).UnscopedValidationError((0,literal_string_1().lit)`CannotFindUnderlyingResource`,`Unable to find underlying resource for ${this.ref.node.path}. Please pass the resource construct directly.`);return this._bucket}ref=__runInitializers(this,_instanceExtraInitializers);_bucket;constructor(ref){this.ref=ref,this._bucket=helpers_internal_1().ConstructReflection.of(ref).findCfnResource({cfnResourceType:"AWS::S3::Bucket",matches:cfn=>ref.bucketRef==cfn.bucketRef})}get bucketWebsiteDomainName(){return core_1().Fn.select(2,core_1().Fn.split("/",this.bucket.attrWebsiteUrl))}get isWebsite(){return helpers_internal_1().PropertyReflection.of(this._bucket,"websiteConfiguration").exists()}get disallowPublicAccess(){return helpers_internal_1().PropertyReflection.of(this._bucket,"publicAccessBlockConfiguration.blockPublicPolicy").equals(!0)}get policy(){const resolved=this._bucket\|\|this.ref;return helpers_internal_1().ConstructReflection.of(resolved).findRelatedCfnResource({cfnResourceType:"AWS::S3::BucketPolicy",matches:policy=>{const reversed=core_1().Tokenization.reverse(policy.bucket)\|\|policy.bucket;return core_1().Reference.isReference(reversed)?resolved===reversed.target:new Set([resolved.ref,resolved.bucketRef?.bucketName,resolved.bucketRef?.bucketArn].filter(Boolean)).has(reversed)\|\|String(reversed).includes(resolved.node.id)}})}get encryptionKey(){if(!this._bucket)return;const kmsMasterKeyId=helpers_internal_1().PropertyReflection.of(this._bucket,"bucketEncryption.serverSideEncryptionConfiguration.0.serverSideEncryptionByDefault.kmsMasterKeyId").get();if(kmsMasterKeyId)return helpers_internal_1().ConstructReflection.of(this._bucket).findRelatedCfnResource(new(cfn_key_matcher_1()).CfnKeyMatcher(kmsMasterKeyId))}}})();exports.BucketReflection=BucketReflection;
				`@@ -0,0 +1 @@`
				"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.BucketNotificationDestinationType=void 0;var BucketNotificationDestinationType;(function(BucketNotificationDestinationType2){BucketNotificationDestinationType2[BucketNotificationDestinationType2.LAMBDA=0]="LAMBDA",BucketNotificationDestinationType2[BucketNotificationDestinationType2.QUEUE=1]="QUEUE",BucketNotificationDestinationType2[BucketNotificationDestinationType2.TOPIC=2]="TOPIC"})(BucketNotificationDestinationType\|\|(exports.BucketNotificationDestinationType=BucketNotificationDestinationType={}));
				`@@ -0,0 +1 @@`
				`"use strict";Object.defineProperty(exports,"__esModule",{value:!0});`
				`@@ -0,0 +1 @@`
				"use strict";var __createBinding=exports&&exports.__createBinding\|\|(Object.create?(function(o,m,k,k2){k2===void 0&&(k2=k);var desc=Object.getOwnPropertyDescriptor(m,k);(!desc\|\|("get"in desc?!m.__esModule:desc.writable\|\|desc.configurable))&&(desc={enumerable:!0,get:function(){return m[k]}}),Object.defineProperty(o,k2,desc)}):(function(o,m,k,k2){k2===void 0&&(k2=k),o[k2]=m[k]})),__exportStar=exports&&exports.__exportStar\|\|function(m,exports2){for(var p in m)p!=="default"&&!Object.prototype.hasOwnProperty.call(exports2,p)&&__createBinding(exports2,m,p)};Object.defineProperty(exports,"__esModule",{value:!0});var _noFold;exports.BucketAutoDeleteObjects=void 0,Object.defineProperty(exports,_noFold="BucketAutoDeleteObjects",{enumerable:!0,configurable:!0,get:()=>{var value=require("./bucket").BucketAutoDeleteObjects;return Object.defineProperty(exports,_noFold="BucketAutoDeleteObjects",{enumerable:!0,configurable:!0,value}),value}}),exports.BucketVersioning=void 0,Object.defineProperty(exports,_noFold="BucketVersioning",{enumerable:!0,configurable:!0,get:()=>{var value=require("./bucket").BucketVersioning;return Object.defineProperty(exports,_noFold="BucketVersioning",{enumerable:!0,configurable:!0,value}),value}}),exports.BucketBlockPublicAccess=void 0,Object.defineProperty(exports,_noFold="BucketBlockPublicAccess",{enumerable:!0,configurable:!0,get:()=>{var value=require("./bucket").BucketBlockPublicAccess;return Object.defineProperty(exports,_noFold="BucketBlockPublicAccess",{enumerable:!0,configurable:!0,value}),value}}),exports.BucketPolicyStatements=void 0,Object.defineProperty(exports,_noFold="BucketPolicyStatements",{enumerable:!0,configurable:!0,get:()=>{var value=require("./bucket-policy").BucketPolicyStatements;return Object.defineProperty(exports,_noFold="BucketPolicyStatements",{enumerable:!0,configurable:!0,value}),value}});