View Source aws_s3_control (aws v1.0.4)
Summary
Functions
Associate your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance.
Creates an access grant that gives a grantee access to your S3 data.
Creates an S3 Access Grants instance, which serves as a logical grouping for access grants.
The S3 data location that you would like to register in your S3 Access Grants instance.
This operation is not supported by directory buckets.
This operation is not supported by directory buckets.
This action creates an Amazon S3 on Outposts bucket.
This operation creates an S3 Batch Operations job.
This operation is not supported by directory buckets.
Creates a new S3 Storage Lens group and associates it with the specified Amazon Web Services account ID.
Deletes the access grant from the S3 Access Grants instance.
Deletes your S3 Access Grants instance.
Deletes the resource policy of the S3 Access Grants instance.
Deregisters a location from your S3 Access Grants instance.
This operation is not supported by directory buckets.
This operation is not supported by directory buckets.
This operation is not supported by directory buckets.
This operation is not supported by directory buckets.
This action deletes an Amazon S3 on Outposts bucket.
This action deletes an Amazon S3 on Outposts bucket's lifecycle configuration.
This action deletes an Amazon S3 on Outposts bucket policy.
This operation deletes an Amazon S3 on Outposts bucket's replication configuration.
This action deletes an Amazon S3 on Outposts bucket's tags.
Removes the entire tag set from the specified S3 Batch Operations job.
This operation is not supported by directory buckets.
This operation is not supported by directory buckets.
This operation is not supported by directory buckets.
This operation is not supported by directory buckets.
Deletes an existing S3 Storage Lens group.
Retrieves the configuration parameters and status for a Batch Operations job.
This operation is not supported by directory buckets.
Dissociates the Amazon Web Services IAM Identity Center instance from the S3 Access Grants instance.
Get the details of an access grant from your S3 Access Grants instance.
Retrieves the S3 Access Grants instance for a Region in your account.
Retrieve the S3 Access Grants instance that contains a particular prefix.
Returns the resource policy of the S3 Access Grants instance.
Retrieves the details of a particular location registered in your S3 Access Grants instance.
This operation is not supported by directory buckets.
This operation is not supported by directory buckets.
This operation is not supported by directory buckets.
This operation is not supported by directory buckets.
This operation is not supported by directory buckets.
This operation is not supported by directory buckets.
This operation is not supported by directory buckets.
Gets an Amazon S3 on Outposts bucket.
This action gets an Amazon S3 on Outposts bucket's lifecycle configuration.
This action gets a bucket policy for an Amazon S3 on Outposts bucket.
This operation gets an Amazon S3 on Outposts bucket's replication configuration.
This action gets an Amazon S3 on Outposts bucket's tags.
This operation returns the versioning state for S3 on Outposts buckets only.
Returns a temporary access credential from S3 Access Grants to the grantee or client application.
Returns the tags on an S3 Batch Operations job.
This operation is not supported by directory buckets.
This operation is not supported by directory buckets.
This operation is not supported by directory buckets.
This operation is not supported by directory buckets.
This operation is not supported by directory buckets.
This operation is not supported by directory buckets.
This operation is not supported by directory buckets.
Retrieves the Storage Lens group configuration details.
Returns the list of access grants in your S3 Access Grants instance.
Returns a list of S3 Access Grants instances.
Returns a list of the locations registered in your S3 Access Grants instance.
This operation is not supported by directory buckets.
This operation is not supported by directory buckets.
Lists current S3 Batch Operations jobs as well as the jobs that have ended within the last 30 days for the Amazon Web Services account making the request.
This operation is not supported by directory buckets.
This operation is not supported by directory buckets.
This operation is not supported by directory buckets.
Lists all the Storage Lens groups in the specified home Region.
This operation allows you to list all the Amazon Web Services resource tags for a specified resource.
Updates the resource policy of the S3 Access Grants instance.
This operation is not supported by directory buckets.
This operation is not supported by directory buckets.
This operation is not supported by directory buckets.
This action puts a lifecycle configuration to an Amazon S3 on Outposts bucket.
This action puts a bucket policy to an Amazon S3 on Outposts bucket.
This action creates an Amazon S3 on Outposts bucket's replication configuration.
This action puts tags on an Amazon S3 on Outposts bucket.
This operation sets the versioning state for S3 on Outposts buckets only.
Sets the supplied tag-set on an S3 Batch Operations job.
This operation is not supported by directory buckets.
This operation is not supported by directory buckets.
This operation is not supported by directory buckets.
This operation is not supported by directory buckets.
This operation is not supported by directory buckets.
Creates a new Amazon Web Services resource tag or updates an existing resource tag.
This operation removes the specified Amazon Web Services resource tags from an S3 resource.
Updates the IAM role of a registered location in your S3 Access Grants instance.
Updates an existing S3 Batch Operations job's priority.
Updates the status for the specified job.
Updates the existing Storage Lens group.
Functions
Associate your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance.
Use this action if you want to create access grants for users or groups from your corporate identity directory. First, you must add your corporate identity directory to Amazon Web Services IAM Identity Center. Then, you can associate this IAM Identity Center instance with your S3 Access Grants instance.
- Permissions
You must have the
s3:AssociateAccessGrantsIdentityCenter
permission to use this operation.- Additional Permissions
You must also have the following permissions:
sso:CreateApplication
,sso:PutApplicationGrant
, andsso:PutApplicationAuthenticationMethod
.
Creates an access grant that gives a grantee access to your S3 data.
The grantee can be an IAM user or role or a directory user, or group. Before you can create a grant, you must have an S3 Access Grants instance in the same Region as the S3 data. You can create an S3 Access Grants instance using the CreateAccessGrantsInstance: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateAccessGrantsInstance.html. You must also have registered at least one S3 data location in your S3 Access Grants instance using CreateAccessGrantsLocation: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateAccessGrantsLocation.html.
- Permissions
You must have the
s3:CreateAccessGrant
permission to use this operation.- Additional Permissions
For any directory identity -
sso:DescribeInstance
andsso:DescribeApplication
For directory users -
identitystore:DescribeUser
For directory groups -
identitystore:DescribeGroup
Creates an S3 Access Grants instance, which serves as a logical grouping for access grants.
You can create one S3 Access Grants instance per Region per account.
- Permissions
You must have the
s3:CreateAccessGrantsInstance
permission to use this operation.- Additional Permissions
To associate an IAM Identity Center instance with your S3 Access Grants instance, you must also have the
sso:DescribeInstance
,sso:CreateApplication
,sso:PutApplicationGrant
, andsso:PutApplicationAuthenticationMethod
permissions.
The S3 data location that you would like to register in your S3 Access Grants instance.
Your S3 data must be in the same Region as your S3 Access Grants instance. The location can be one of the following:
The default S3 location
s3://
A bucket -
S3://<bucket-name>
A bucket and prefix -
S3://<bucket-name>/<prefix>
When you register a location, you must include the IAM role that has permission to manage the S3 location that you are registering. Give S3 Access Grants permission to assume this role using a policy: https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-grants-location.html. S3 Access Grants assumes this role to manage access to the location and to vend temporary credentials to grantees or client applications.
- Permissions
You must have the
s3:CreateAccessGrantsLocation
permission to use this operation.- Additional Permissions
You must also have the following permission for the specified IAM role:
iam:PassRole
This operation is not supported by directory buckets.
Creates an access point and associates it with the specified bucket. For more information, see Managing Data Access with Amazon S3 Access Points: https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points.html in the Amazon S3 User Guide.
S3 on Outposts only supports VPC-style access points.
For more information, see Accessing Amazon S3 on Outposts using virtual private cloud (VPC) only access points: https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html in the Amazon S3 User Guide.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateAccessPoint.html#API_control_CreateAccessPoint_Examples section.
The following actions are related to CreateAccessPoint
:
GetAccessPoint: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetAccessPoint.html
DeleteAccessPoint: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteAccessPoint.html
ListAccessPoints: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_ListAccessPoints.html
This operation is not supported by directory buckets.
Creates an Object Lambda Access Point. For more information, see Transforming objects with Object Lambda Access Points: https://docs.aws.amazon.com/AmazonS3/latest/userguide/transforming-objects.html in the Amazon S3 User Guide.
The following actions are related to CreateAccessPointForObjectLambda
:
DeleteAccessPointForObjectLambda: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteAccessPointForObjectLambda.html
GetAccessPointForObjectLambda: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetAccessPointForObjectLambda.html
ListAccessPointsForObjectLambda: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_ListAccessPointsForObjectLambda.html
create_access_point_for_object_lambda(Client, Name, Input0, Options0)
View SourceThis action creates an Amazon S3 on Outposts bucket.
To create an S3 bucket, see Create Bucket: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html in the Amazon S3 API Reference.
Creates a new Outposts bucket. By creating the bucket, you become the bucket owner. To create an Outposts bucket, you must have S3 on Outposts. For more information, see Using Amazon S3 on Outposts: https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html in Amazon S3 User Guide.
Not every string is an acceptable bucket name. For information on bucket naming restrictions, see Working with Amazon S3 Buckets: https://docs.aws.amazon.com/AmazonS3/latest/userguide/BucketRestrictions.html#bucketnamingrules.
S3 on Outposts buckets support:
Tags
LifecycleConfigurations for deleting expired objects
For a complete list of restrictions and Amazon S3 feature limitations on S3 on Outposts, see Amazon S3 on Outposts Restrictions and Limitations: https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3OnOutpostsRestrictionsLimitations.html.
For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and x-amz-outpost-id
in your API request, see the Examples: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateBucket.html#API_control_CreateBucket_Examples section.
The following actions are related to CreateBucket
for Amazon S3 on Outposts:
PutObject: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html
GetBucket: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetBucket.html
DeleteBucket: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteBucket.html
CreateAccessPoint: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateAccessPoint.html
PutAccessPointPolicy: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutAccessPointPolicy.html
This operation creates an S3 Batch Operations job.
You can use S3 Batch Operations to perform large-scale batch actions on Amazon S3 objects. Batch Operations can run a single action on lists of Amazon S3 objects that you specify. For more information, see S3 Batch Operations: https://docs.aws.amazon.com/AmazonS3/latest/userguide/batch-ops.html in the Amazon S3 User Guide.
- Permissions
For information about permissions required to use the Batch Operations, see Granting permissions for S3 Batch Operations: https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html in the Amazon S3 User Guide.
Related actions include:
DescribeJob: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DescribeJob.html
ListJobs: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_ListJobs.html
UpdateJobPriority: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_UpdateJobPriority.html
UpdateJobStatus: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_UpdateJobStatus.html
JobOperation: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_JobOperation.html
This operation is not supported by directory buckets.
Creates a Multi-Region Access Point and associates it with the specified buckets. For more information about creating Multi-Region Access Points, see Creating Multi-Region Access Points: https://docs.aws.amazon.com/AmazonS3/latest/userguide/CreatingMultiRegionAccessPoints.html in the Amazon S3 User Guide.
This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around managing Multi-Region Access Points, see Managing Multi-Region Access Points: https://docs.aws.amazon.com/AmazonS3/latest/userguide/ManagingMultiRegionAccessPoints.html in the Amazon S3 User Guide.
This request is asynchronous, meaning that you might receive a response before the command has completed. When this request provides a response, it provides a token that you can use to monitor the status of the request with DescribeMultiRegionAccessPointOperation
.
The following actions are related to CreateMultiRegionAccessPoint
:
DeleteMultiRegionAccessPoint: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteMultiRegionAccessPoint.html
DescribeMultiRegionAccessPointOperation: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DescribeMultiRegionAccessPointOperation.html
GetMultiRegionAccessPoint: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetMultiRegionAccessPoint.html
ListMultiRegionAccessPoints: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_ListMultiRegionAccessPoints.html
Creates a new S3 Storage Lens group and associates it with the specified Amazon Web Services account ID.
An S3 Storage Lens group is a custom grouping of objects based on prefix, suffix, object tags, object size, object age, or a combination of these filters. For each Storage Lens group that you’ve created, you can also optionally add Amazon Web Services resource tags. For more information about S3 Storage Lens groups, see Working with S3 Storage Lens groups: https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage-lens-groups-overview.html.
To use this operation, you must have the permission to perform the s3:CreateStorageLensGroup
action. If you’re trying to create a Storage Lens group with Amazon Web Services resource tags, you must also have permission to perform the s3:TagResource
action. For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups: https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage_lens_iam_permissions.html#storage_lens_groups_permissions.
Deletes the access grant from the S3 Access Grants instance.
You cannot undo an access grant deletion and the grantee will no longer have access to the S3 data.
- Permissions
You must have the
s3:DeleteAccessGrant
permission to use this operation.
Deletes your S3 Access Grants instance.
You must first delete the access grants and locations before S3 Access Grants can delete the instance. See DeleteAccessGrant: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteAccessGrant.html and DeleteAccessGrantsLocation: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteAccessGrantsLocation.html. If you have associated an IAM Identity Center instance with your S3 Access Grants instance, you must first dissassociate the Identity Center instance from the S3 Access Grants instance before you can delete the S3 Access Grants instance. See AssociateAccessGrantsIdentityCenter: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_AssociateAccessGrantsIdentityCenter.html and DissociateAccessGrantsIdentityCenter: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DissociateAccessGrantsIdentityCenter.html.
- Permissions
You must have the
s3:DeleteAccessGrantsInstance
permission to use this operation.
Deletes the resource policy of the S3 Access Grants instance.
The resource policy is used to manage cross-account access to your S3 Access Grants instance. By deleting the resource policy, you delete any cross-account permissions to your S3 Access Grants instance.
- Permissions
You must have the
s3:DeleteAccessGrantsInstanceResourcePolicy
permission to use this operation.
delete_access_grants_instance_resource_policy(Client, Input0, Options0)
View Sourcedelete_access_grants_location(Client, AccessGrantsLocationId, Input)
View SourceDeregisters a location from your S3 Access Grants instance.
You can only delete a location registration from an S3 Access Grants instance if there are no grants associated with this location. See Delete a grant: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteAccessGrant.html for information on how to delete grants. You need to have at least one registered location in your S3 Access Grants instance in order to create access grants.
- Permissions
You must have the
s3:DeleteAccessGrantsLocation
permission to use this operation.
delete_access_grants_location(Client, AccessGrantsLocationId, Input0, Options0)
View SourceThis operation is not supported by directory buckets.
Deletes the specified access point.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteAccessPoint.html#API_control_DeleteAccessPoint_Examples section.
The following actions are related to DeleteAccessPoint
:
CreateAccessPoint: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateAccessPoint.html
GetAccessPoint: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetAccessPoint.html
ListAccessPoints: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_ListAccessPoints.html
This operation is not supported by directory buckets.
Deletes the specified Object Lambda Access Point.
The following actions are related to DeleteAccessPointForObjectLambda
:
CreateAccessPointForObjectLambda: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateAccessPointForObjectLambda.html
GetAccessPointForObjectLambda: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetAccessPointForObjectLambda.html
ListAccessPointsForObjectLambda: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_ListAccessPointsForObjectLambda.html
delete_access_point_for_object_lambda(Client, Name, Input0, Options0)
View SourceThis operation is not supported by directory buckets.
Deletes the access point policy for the specified access point.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteAccessPointPolicy.html#API_control_DeleteAccessPointPolicy_Examples section.
The following actions are related to DeleteAccessPointPolicy
:
PutAccessPointPolicy: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutAccessPointPolicy.html
GetAccessPointPolicy: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetAccessPointPolicy.html
This operation is not supported by directory buckets.
Removes the resource policy for an Object Lambda Access Point.
The following actions are related to DeleteAccessPointPolicyForObjectLambda
:
GetAccessPointPolicyForObjectLambda: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetAccessPointPolicyForObjectLambda.html
PutAccessPointPolicyForObjectLambda: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutAccessPointPolicyForObjectLambda.html
delete_access_point_policy_for_object_lambda(Client, Name, Input0, Options0)
View SourceThis action deletes an Amazon S3 on Outposts bucket.
To delete an S3 bucket, see DeleteBucket: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html in the Amazon S3 API Reference.
Deletes the Amazon S3 on Outposts bucket. All objects (including all object versions and delete markers) in the bucket must be deleted before the bucket itself can be deleted. For more information, see Using Amazon S3 on Outposts: https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html in Amazon S3 User Guide.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteBucket.html#API_control_DeleteBucket_Examples section.
Related Resources
CreateBucket: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateBucket.html
GetBucket: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetBucket.html
DeleteObject: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html
This action deletes an Amazon S3 on Outposts bucket's lifecycle configuration.
To delete an S3 bucket's lifecycle configuration, see DeleteBucketLifecycle: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketLifecycle.html in the Amazon S3 API Reference.
Deletes the lifecycle configuration from the specified Outposts bucket. Amazon S3 on Outposts removes all the lifecycle configuration rules in the lifecycle subresource associated with the bucket. Your objects never expire, and Amazon S3 on Outposts no longer automatically deletes any objects on the basis of rules contained in the deleted lifecycle configuration. For more information, see Using Amazon S3 on Outposts: https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html in Amazon S3 User Guide.
To use this operation, you must have permission to perform the s3-outposts:PutLifecycleConfiguration
action. By default, the bucket owner has this permission and the Outposts bucket owner can grant this permission to others.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteBucketLifecycleConfiguration.html#API_control_DeleteBucketLifecycleConfiguration_Examples section.
For more information about object expiration, see Elements to Describe Lifecycle Actions: https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html#intro-lifecycle-rules-actions.
Related actions include:
PutBucketLifecycleConfiguration: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutBucketLifecycleConfiguration.html
GetBucketLifecycleConfiguration: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetBucketLifecycleConfiguration.html
delete_bucket_lifecycle_configuration(Client, Bucket, Input0, Options0)
View SourceThis action deletes an Amazon S3 on Outposts bucket policy.
To delete an S3 bucket policy, see DeleteBucketPolicy: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketPolicy.html in the Amazon S3 API Reference.
This implementation of the DELETE action uses the policy subresource to delete the policy of a specified Amazon S3 on Outposts bucket. If you are using an identity other than the root user of the Amazon Web Services account that owns the bucket, the calling identity must have the s3-outposts:DeleteBucketPolicy
permissions on the specified Outposts bucket and belong to the bucket owner's account to use this action. For more information, see Using Amazon S3 on Outposts: https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html in Amazon S3 User Guide.
If you don't have DeleteBucketPolicy
permissions, Amazon S3 returns a 403 Access Denied
error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 405 Method Not Allowed
error.
As a security precaution, the root user of the Amazon Web Services account that owns a bucket can always use this action, even if the policy explicitly denies the root user the ability to perform this action.
For more information about bucket policies, see Using Bucket Policies and User Policies: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteBucketPolicy.html#API_control_DeleteBucketPolicy_Examples section.
The following actions are related to DeleteBucketPolicy
:
GetBucketPolicy: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetBucketPolicy.html
PutBucketPolicy: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutBucketPolicy.html
This operation deletes an Amazon S3 on Outposts bucket's replication configuration.
To delete an S3 bucket's replication configuration, see DeleteBucketReplication: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketReplication.html in the Amazon S3 API Reference.
Deletes the replication configuration from the specified S3 on Outposts bucket.
To use this operation, you must have permissions to perform the s3-outposts:PutReplicationConfiguration
action. The Outposts bucket owner has this permission by default and can grant it to others. For more information about permissions, see Setting up IAM with S3 on Outposts: https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3OutpostsIAM.html and Managing access to S3 on Outposts buckets: https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3OutpostsBucketPolicy.html in the Amazon S3 User Guide.
It can take a while to propagate PUT
or DELETE
requests for a replication configuration to all S3 on Outposts systems. Therefore, the replication configuration that's returned by a GET
request soon after a PUT
or DELETE
request might return a more recent result than what's on the Outpost. If an Outpost is offline, the delay in updating the replication configuration on that Outpost can be significant.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteBucketReplication.html#API_control_DeleteBucketReplication_Examples section.
For information about S3 replication on Outposts configuration, see Replicating objects for S3 on Outposts: https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3OutpostsReplication.html in the Amazon S3 User Guide.
The following operations are related to DeleteBucketReplication
:
PutBucketReplication: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutBucketReplication.html
GetBucketReplication: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetBucketReplication.html
This action deletes an Amazon S3 on Outposts bucket's tags.
To delete an S3 bucket tags, see DeleteBucketTagging: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketTagging.html in the Amazon S3 API Reference.
Deletes the tags from the Outposts bucket. For more information, see Using Amazon S3 on Outposts: https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html in Amazon S3 User Guide.
To use this action, you must have permission to perform the PutBucketTagging
action. By default, the bucket owner has this permission and can grant this permission to others.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteBucketTagging.html#API_control_DeleteBucketTagging_Examples section.
The following actions are related to DeleteBucketTagging
:
GetBucketTagging: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetBucketTagging.html
PutBucketTagging: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutBucketTagging.html
Removes the entire tag set from the specified S3 Batch Operations job.
- Permissions
To use the
DeleteJobTagging
operation, you must have permission to perform thes3:DeleteJobTagging
action. For more information, see Controlling access and labeling jobs using tags: https://docs.aws.amazon.com/AmazonS3/latest/dev/batch-ops-managing-jobs.html#batch-ops-job-tags in the Amazon S3 User Guide.
Related actions include:
CreateJob: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateJob.html
GetJobTagging: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetJobTagging.html
PutJobTagging: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutJobTagging.html
This operation is not supported by directory buckets.
Deletes a Multi-Region Access Point. This action does not delete the buckets associated with the Multi-Region Access Point, only the Multi-Region Access Point itself.
This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around managing Multi-Region Access Points, see Managing Multi-Region Access Points: https://docs.aws.amazon.com/AmazonS3/latest/userguide/ManagingMultiRegionAccessPoints.html in the Amazon S3 User Guide.
This request is asynchronous, meaning that you might receive a response before the command has completed. When this request provides a response, it provides a token that you can use to monitor the status of the request with DescribeMultiRegionAccessPointOperation
.
The following actions are related to DeleteMultiRegionAccessPoint
:
CreateMultiRegionAccessPoint: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateMultiRegionAccessPoint.html
DescribeMultiRegionAccessPointOperation: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DescribeMultiRegionAccessPointOperation.html
GetMultiRegionAccessPoint: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetMultiRegionAccessPoint.html
ListMultiRegionAccessPoints: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_ListMultiRegionAccessPoints.html
This operation is not supported by directory buckets.
Removes the PublicAccessBlock
configuration for an Amazon Web Services account. For more information, see Using Amazon S3 block public access: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html.
Related actions include:
GetPublicAccessBlock: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetPublicAccessBlock.html
PutPublicAccessBlock: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutPublicAccessBlock.html
This operation is not supported by directory buckets.
Deletes the Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens : https://docs.aws.amazon.com/AmazonS3/latest/dev/storage_lens.html in the Amazon S3 User Guide.
To use this action, you must have permission to perform thes3:DeleteStorageLensConfiguration
action. For more information, see Setting permissions to use Amazon S3 Storage Lens: https://docs.aws.amazon.com/AmazonS3/latest/dev/storage_lens_iam_permissions.html in the Amazon S3 User Guide.
delete_storage_lens_configuration(Client, ConfigId, Input0, Options0)
View Sourcedelete_storage_lens_configuration_tagging(Client, ConfigId, Input)
View SourceThis operation is not supported by directory buckets.
Deletes the Amazon S3 Storage Lens configuration tags. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens : https://docs.aws.amazon.com/AmazonS3/latest/dev/storage_lens.html in the Amazon S3 User Guide.
To use this action, you must have permission to perform thes3:DeleteStorageLensConfigurationTagging
action. For more information, see Setting permissions to use Amazon S3 Storage Lens: https://docs.aws.amazon.com/AmazonS3/latest/dev/storage_lens_iam_permissions.html in the Amazon S3 User Guide.
delete_storage_lens_configuration_tagging(Client, ConfigId, Input0, Options0)
View SourceDeletes an existing S3 Storage Lens group.
To use this operation, you must have the permission to perform the s3:DeleteStorageLensGroup
action. For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups: https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage_lens_iam_permissions.html#storage_lens_groups_permissions.
Retrieves the configuration parameters and status for a Batch Operations job.
For more information, see S3 Batch Operations: https://docs.aws.amazon.com/AmazonS3/latest/userguide/batch-ops.html in the Amazon S3 User Guide.
- Permissions
To use the
DescribeJob
operation, you must have permission to perform thes3:DescribeJob
action.
Related actions include:
CreateJob: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateJob.html
ListJobs: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_ListJobs.html
UpdateJobPriority: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_UpdateJobPriority.html
UpdateJobStatus: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_UpdateJobStatus.html
describe_job(Client, JobId, AccountId, QueryMap, HeadersMap, Options0)
View Sourcedescribe_multi_region_access_point_operation(Client, RequestTokenARN, AccountId)
View SourceThis operation is not supported by directory buckets.
Retrieves the status of an asynchronous request to manage a Multi-Region Access Point. For more information about managing Multi-Region Access Points and how asynchronous requests work, see Managing Multi-Region Access Points: https://docs.aws.amazon.com/AmazonS3/latest/userguide/ManagingMultiRegionAccessPoints.html in the Amazon S3 User Guide.
The following actions are related to GetMultiRegionAccessPoint
:
CreateMultiRegionAccessPoint: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateMultiRegionAccessPoint.html
DeleteMultiRegionAccessPoint: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteMultiRegionAccessPoint.html
GetMultiRegionAccessPoint: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetMultiRegionAccessPoint.html
ListMultiRegionAccessPoints: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_ListMultiRegionAccessPoints.html
describe_multi_region_access_point_operation(Client, RequestTokenARN, AccountId, QueryMap, HeadersMap)
View Sourcedescribe_multi_region_access_point_operation(Client, RequestTokenARN, AccountId, QueryMap, HeadersMap, Options0)
View SourceDissociates the Amazon Web Services IAM Identity Center instance from the S3 Access Grants instance.
- Permissions
You must have the
s3:DissociateAccessGrantsIdentityCenter
permission to use this operation.- Additional Permissions
You must have the
sso:DeleteApplication
permission to use this operation.
dissociate_access_grants_identity_center(Client, Input0, Options0)
View SourceGet the details of an access grant from your S3 Access Grants instance.
- Permissions
You must have the
s3:GetAccessGrant
permission to use this operation.
get_access_grant(Client, AccessGrantId, AccountId, QueryMap, HeadersMap)
View Sourceget_access_grant(Client, AccessGrantId, AccountId, QueryMap, HeadersMap, Options0)
View SourceRetrieves the S3 Access Grants instance for a Region in your account.
- Permissions
You must have the
s3:GetAccessGrantsInstance
permission to use this operation.
get_access_grants_instance(Client, AccountId, QueryMap, HeadersMap)
View Sourceget_access_grants_instance(Client, AccountId, QueryMap, HeadersMap, Options0)
View Sourceget_access_grants_instance_for_prefix(Client, S3Prefix, AccountId)
View SourceRetrieve the S3 Access Grants instance that contains a particular prefix.
- Permissions
You must have the
s3:GetAccessGrantsInstanceForPrefix
permission for the caller account to use this operation.- Additional Permissions
The prefix owner account must grant you the following permissions to their S3 Access Grants instance:
s3:GetAccessGrantsInstanceForPrefix
.
get_access_grants_instance_for_prefix(Client, S3Prefix, AccountId, QueryMap, HeadersMap)
View Sourceget_access_grants_instance_for_prefix(Client, S3Prefix, AccountId, QueryMap, HeadersMap, Options0)
View SourceReturns the resource policy of the S3 Access Grants instance.
- Permissions
You must have the
s3:GetAccessGrantsInstanceResourcePolicy
permission to use this operation.
get_access_grants_instance_resource_policy(Client, AccountId, QueryMap, HeadersMap)
View Sourceget_access_grants_instance_resource_policy(Client, AccountId, QueryMap, HeadersMap, Options0)
View Sourceget_access_grants_location(Client, AccessGrantsLocationId, AccountId)
View SourceRetrieves the details of a particular location registered in your S3 Access Grants instance.
- Permissions
You must have the
s3:GetAccessGrantsLocation
permission to use this operation.
get_access_grants_location(Client, AccessGrantsLocationId, AccountId, QueryMap, HeadersMap)
View Sourceget_access_grants_location(Client, AccessGrantsLocationId, AccountId, QueryMap, HeadersMap, Options0)
View SourceThis operation is not supported by directory buckets.
Returns configuration information about the specified access point.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetAccessPoint.html#API_control_GetAccessPoint_Examples section.
The following actions are related to GetAccessPoint
:
CreateAccessPoint: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateAccessPoint.html
DeleteAccessPoint: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteAccessPoint.html
ListAccessPoints: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_ListAccessPoints.html
get_access_point(Client, Name, AccountId, QueryMap, HeadersMap, Options0)
View Sourceget_access_point_configuration_for_object_lambda(Client, Name, AccountId)
View SourceThis operation is not supported by directory buckets.
Returns configuration for an Object Lambda Access Point.
The following actions are related to GetAccessPointConfigurationForObjectLambda
:
PutAccessPointConfigurationForObjectLambda: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutAccessPointConfigurationForObjectLambda.html
get_access_point_configuration_for_object_lambda(Client, Name, AccountId, QueryMap, HeadersMap)
View Sourceget_access_point_configuration_for_object_lambda(Client, Name, AccountId, QueryMap, HeadersMap, Options0)
View SourceThis operation is not supported by directory buckets.
Returns configuration information about the specified Object Lambda Access Point
The following actions are related to GetAccessPointForObjectLambda
:
CreateAccessPointForObjectLambda: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateAccessPointForObjectLambda.html
DeleteAccessPointForObjectLambda: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteAccessPointForObjectLambda.html
ListAccessPointsForObjectLambda: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_ListAccessPointsForObjectLambda.html
get_access_point_for_object_lambda(Client, Name, AccountId, QueryMap, HeadersMap)
View Sourceget_access_point_for_object_lambda(Client, Name, AccountId, QueryMap, HeadersMap, Options0)
View SourceThis operation is not supported by directory buckets.
Returns the access point policy associated with the specified access point.
The following actions are related to GetAccessPointPolicy
:
PutAccessPointPolicy: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutAccessPointPolicy.html
DeleteAccessPointPolicy: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteAccessPointPolicy.html
get_access_point_policy(Client, Name, AccountId, QueryMap, HeadersMap)
View Sourceget_access_point_policy(Client, Name, AccountId, QueryMap, HeadersMap, Options0)
View Sourceget_access_point_policy_for_object_lambda(Client, Name, AccountId)
View SourceThis operation is not supported by directory buckets.
Returns the resource policy for an Object Lambda Access Point.
The following actions are related to GetAccessPointPolicyForObjectLambda
:
DeleteAccessPointPolicyForObjectLambda: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteAccessPointPolicyForObjectLambda.html
PutAccessPointPolicyForObjectLambda: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutAccessPointPolicyForObjectLambda.html
get_access_point_policy_for_object_lambda(Client, Name, AccountId, QueryMap, HeadersMap)
View Sourceget_access_point_policy_for_object_lambda(Client, Name, AccountId, QueryMap, HeadersMap, Options0)
View SourceThis operation is not supported by directory buckets.
Indicates whether the specified access point currently has a policy that allows public access. For more information about public access through access points, see Managing Data Access with Amazon S3 access points: https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points.html in the Amazon S3 User Guide.get_access_point_policy_status(Client, Name, AccountId, QueryMap, HeadersMap)
View Sourceget_access_point_policy_status(Client, Name, AccountId, QueryMap, HeadersMap, Options0)
View Sourceget_access_point_policy_status_for_object_lambda(Client, Name, AccountId)
View SourceThis operation is not supported by directory buckets.
Returns the status of the resource policy associated with an Object Lambda Access Point.get_access_point_policy_status_for_object_lambda(Client, Name, AccountId, QueryMap, HeadersMap)
View Sourceget_access_point_policy_status_for_object_lambda(Client, Name, AccountId, QueryMap, HeadersMap, Options0)
View SourceGets an Amazon S3 on Outposts bucket.
For more information, see Using Amazon S3 on Outposts: https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html in the Amazon S3 User Guide.
If you are using an identity other than the root user of the Amazon Web Services account that owns the Outposts bucket, the calling identity must have the s3-outposts:GetBucket
permissions on the specified Outposts bucket and belong to the Outposts bucket owner's account in order to use this action. Only users from Outposts bucket owner account with the right permissions can perform actions on an Outposts bucket.
If you don't have s3-outposts:GetBucket
permissions or you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 403 Access Denied
error.
The following actions are related to GetBucket
for Amazon S3 on Outposts:
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetBucket.html#API_control_GetBucket_Examples section.
PutObject: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html
CreateBucket: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateBucket.html
DeleteBucket: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteBucket.html
get_bucket(Client, Bucket, AccountId, QueryMap, HeadersMap, Options0)
View SourceThis action gets an Amazon S3 on Outposts bucket's lifecycle configuration.
To get an S3 bucket's lifecycle configuration, see GetBucketLifecycleConfiguration: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycleConfiguration.html in the Amazon S3 API Reference.
Returns the lifecycle configuration information set on the Outposts bucket. For more information, see Using Amazon S3 on Outposts: https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html and for information about lifecycle configuration, see Object Lifecycle Management: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html in Amazon S3 User Guide.
To use this action, you must have permission to perform the s3-outposts:GetLifecycleConfiguration
action. The Outposts bucket owner has this permission, by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations: https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources and Managing Access Permissions to Your Amazon S3 Resources: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetBucketLifecycleConfiguration.html#API_control_GetBucketLifecycleConfiguration_Examples section.
GetBucketLifecycleConfiguration
has the following special error:
Error code:
NoSuchLifecycleConfiguration
Description: The lifecycle configuration does not exist.
HTTP Status Code: 404 Not Found
SOAP Fault Code Prefix: Client
The following actions are related to GetBucketLifecycleConfiguration
:
PutBucketLifecycleConfiguration: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutBucketLifecycleConfiguration.html
DeleteBucketLifecycleConfiguration: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteBucketLifecycleConfiguration.html
get_bucket_lifecycle_configuration(Client, Bucket, AccountId, QueryMap, HeadersMap)
View Sourceget_bucket_lifecycle_configuration(Client, Bucket, AccountId, QueryMap, HeadersMap, Options0)
View SourceThis action gets a bucket policy for an Amazon S3 on Outposts bucket.
To get a policy for an S3 bucket, see GetBucketPolicy: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketPolicy.html in the Amazon S3 API Reference.
Returns the policy of a specified Outposts bucket. For more information, see Using Amazon S3 on Outposts: https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html in the Amazon S3 User Guide.
If you are using an identity other than the root user of the Amazon Web Services account that owns the bucket, the calling identity must have the GetBucketPolicy
permissions on the specified bucket and belong to the bucket owner's account in order to use this action.
Only users from Outposts bucket owner account with the right permissions can perform actions on an Outposts bucket. If you don't have s3-outposts:GetBucketPolicy
permissions or you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 403 Access Denied
error.
As a security precaution, the root user of the Amazon Web Services account that owns a bucket can always use this action, even if the policy explicitly denies the root user the ability to perform this action.
For more information about bucket policies, see Using Bucket Policies and User Policies: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetBucketPolicy.html#API_control_GetBucketPolicy_Examples section.
The following actions are related to GetBucketPolicy
:
GetObject: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html
PutBucketPolicy: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutBucketPolicy.html
DeleteBucketPolicy: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteBucketPolicy.html
get_bucket_policy(Client, Bucket, AccountId, QueryMap, HeadersMap)
View Sourceget_bucket_policy(Client, Bucket, AccountId, QueryMap, HeadersMap, Options0)
View SourceThis operation gets an Amazon S3 on Outposts bucket's replication configuration.
To get an S3 bucket's replication configuration, see GetBucketReplication: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketReplication.html in the Amazon S3 API Reference.
Returns the replication configuration of an S3 on Outposts bucket. For more information about S3 on Outposts, see Using Amazon S3 on Outposts: https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html in the Amazon S3 User Guide. For information about S3 replication on Outposts configuration, see Replicating objects for S3 on Outposts: https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3OutpostsReplication.html in the Amazon S3 User Guide.
It can take a while to propagate PUT
or DELETE
requests for a replication configuration to all S3 on Outposts systems. Therefore, the replication configuration that's returned by a GET
request soon after a PUT
or DELETE
request might return a more recent result than what's on the Outpost. If an Outpost is offline, the delay in updating the replication configuration on that Outpost can be significant.
This action requires permissions for the s3-outposts:GetReplicationConfiguration
action. The Outposts bucket owner has this permission by default and can grant it to others. For more information about permissions, see Setting up IAM with S3 on Outposts: https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3OutpostsIAM.html and Managing access to S3 on Outposts bucket: https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3OutpostsBucketPolicy.html in the Amazon S3 User Guide.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetBucketReplication.html#API_control_GetBucketReplication_Examples section.
If you include the Filter
element in a replication configuration, you must also include the DeleteMarkerReplication
, Status
, and Priority
elements. The response also returns those elements.
For information about S3 on Outposts replication failure reasons, see Replication failure reasons: https://docs.aws.amazon.com/AmazonS3/latest/userguide/outposts-replication-eventbridge.html#outposts-replication-failure-codes in the Amazon S3 User Guide.
The following operations are related to GetBucketReplication
:
PutBucketReplication: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutBucketReplication.html
DeleteBucketReplication: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteBucketReplication.html
get_bucket_replication(Client, Bucket, AccountId, QueryMap, HeadersMap)
View Sourceget_bucket_replication(Client, Bucket, AccountId, QueryMap, HeadersMap, Options0)
View SourceThis action gets an Amazon S3 on Outposts bucket's tags.
To get an S3 bucket tags, see GetBucketTagging: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketTagging.html in the Amazon S3 API Reference.
Returns the tag set associated with the Outposts bucket. For more information, see Using Amazon S3 on Outposts: https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html in the Amazon S3 User Guide.
To use this action, you must have permission to perform the GetBucketTagging
action. By default, the bucket owner has this permission and can grant this permission to others.
GetBucketTagging
has the following special error:
Error code:
NoSuchTagSetError
Description: There is no tag set associated with the bucket.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetBucketTagging.html#API_control_GetBucketTagging_Examples section.
The following actions are related to GetBucketTagging
:
PutBucketTagging: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutBucketTagging.html
DeleteBucketTagging: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteBucketTagging.html
get_bucket_tagging(Client, Bucket, AccountId, QueryMap, HeadersMap)
View Sourceget_bucket_tagging(Client, Bucket, AccountId, QueryMap, HeadersMap, Options0)
View SourceThis operation returns the versioning state for S3 on Outposts buckets only.
To return the versioning state for an S3 bucket, see GetBucketVersioning: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketVersioning.html in the Amazon S3 API Reference.
Returns the versioning state for an S3 on Outposts bucket. With S3 Versioning, you can save multiple distinct copies of your objects and recover from unintended user actions and application failures.
If you've never set versioning on your bucket, it has no versioning state. In that case, the GetBucketVersioning
request does not return a versioning state value.
For more information about versioning, see Versioning: https://docs.aws.amazon.com/AmazonS3/latest/userguide/Versioning.html in the Amazon S3 User Guide.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetBucketVersioning.html#API_control_GetBucketVersioning_Examples section.
The following operations are related to GetBucketVersioning
for S3 on Outposts.
PutBucketVersioning: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutBucketVersioning.html
PutBucketLifecycleConfiguration: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutBucketLifecycleConfiguration.html
GetBucketLifecycleConfiguration: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetBucketLifecycleConfiguration.html
get_bucket_versioning(Client, Bucket, AccountId, QueryMap, HeadersMap)
View Sourceget_bucket_versioning(Client, Bucket, AccountId, QueryMap, HeadersMap, Options0)
View SourceReturns a temporary access credential from S3 Access Grants to the grantee or client application.
The temporary credential: https://docs.aws.amazon.com/STS/latest/APIReference/API_Credentials.html is an Amazon Web Services STS token that grants them access to the S3 data.
- Permissions
You must have the
s3:GetDataAccess
permission to use this operation.- Additional Permissions
The IAM role that S3 Access Grants assumes must have the following permissions specified in the trust policy when registering the location:
sts:AssumeRole
, for directory users or groupssts:SetContext
, and for IAM users or rolessts:SourceIdentity
.
get_data_access(Client, Permission, Target, AccountId, QueryMap, HeadersMap)
View Sourceget_data_access(Client, Permission, Target, AccountId, QueryMap, HeadersMap, Options0)
View SourceReturns the tags on an S3 Batch Operations job.
- Permissions
To use the
GetJobTagging
operation, you must have permission to perform thes3:GetJobTagging
action. For more information, see Controlling access and labeling jobs using tags: https://docs.aws.amazon.com/AmazonS3/latest/dev/batch-ops-managing-jobs.html#batch-ops-job-tags in the Amazon S3 User Guide.
Related actions include:
CreateJob: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateJob.html
PutJobTagging: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutJobTagging.html
DeleteJobTagging: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteJobTagging.html
get_job_tagging(Client, JobId, AccountId, QueryMap, HeadersMap, Options0)
View SourceThis operation is not supported by directory buckets.
Returns configuration information about the specified Multi-Region Access Point.
This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around managing Multi-Region Access Points, see Managing Multi-Region Access Points: https://docs.aws.amazon.com/AmazonS3/latest/userguide/ManagingMultiRegionAccessPoints.html in the Amazon S3 User Guide.
The following actions are related to GetMultiRegionAccessPoint
:
CreateMultiRegionAccessPoint: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateMultiRegionAccessPoint.html
DeleteMultiRegionAccessPoint: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteMultiRegionAccessPoint.html
DescribeMultiRegionAccessPointOperation: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DescribeMultiRegionAccessPointOperation.html
ListMultiRegionAccessPoints: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_ListMultiRegionAccessPoints.html
get_multi_region_access_point(Client, Name, AccountId, QueryMap, HeadersMap)
View Sourceget_multi_region_access_point(Client, Name, AccountId, QueryMap, HeadersMap, Options0)
View SourceThis operation is not supported by directory buckets.
Returns the access control policy of the specified Multi-Region Access Point.
This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around managing Multi-Region Access Points, see Managing Multi-Region Access Points: https://docs.aws.amazon.com/AmazonS3/latest/userguide/ManagingMultiRegionAccessPoints.html in the Amazon S3 User Guide.
The following actions are related to GetMultiRegionAccessPointPolicy
:
GetMultiRegionAccessPointPolicyStatus: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetMultiRegionAccessPointPolicyStatus.html
PutMultiRegionAccessPointPolicy: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutMultiRegionAccessPointPolicy.html
get_multi_region_access_point_policy(Client, Name, AccountId, QueryMap, HeadersMap)
View Sourceget_multi_region_access_point_policy(Client, Name, AccountId, QueryMap, HeadersMap, Options0)
View Sourceget_multi_region_access_point_policy_status(Client, Name, AccountId)
View SourceThis operation is not supported by directory buckets.
Indicates whether the specified Multi-Region Access Point has an access control policy that allows public access.
This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around managing Multi-Region Access Points, see Managing Multi-Region Access Points: https://docs.aws.amazon.com/AmazonS3/latest/userguide/ManagingMultiRegionAccessPoints.html in the Amazon S3 User Guide.
The following actions are related to GetMultiRegionAccessPointPolicyStatus
:
GetMultiRegionAccessPointPolicy: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetMultiRegionAccessPointPolicy.html
PutMultiRegionAccessPointPolicy: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutMultiRegionAccessPointPolicy.html
get_multi_region_access_point_policy_status(Client, Name, AccountId, QueryMap, HeadersMap)
View Sourceget_multi_region_access_point_policy_status(Client, Name, AccountId, QueryMap, HeadersMap, Options0)
View SourceThis operation is not supported by directory buckets.
Returns the routing configuration for a Multi-Region Access Point, indicating which Regions are active or passive.
To obtain routing control changes and failover requests, use the Amazon S3 failover control infrastructure endpoints in these five Amazon Web Services Regions:
us-east-1
us-west-2
ap-southeast-2
ap-northeast-1
eu-west-1
get_multi_region_access_point_routes(Client, Mrap, AccountId, QueryMap, HeadersMap)
View Sourceget_multi_region_access_point_routes(Client, Mrap, AccountId, QueryMap, HeadersMap, Options0)
View SourceThis operation is not supported by directory buckets.
Retrieves the PublicAccessBlock
configuration for an Amazon Web Services account. For more information, see Using Amazon S3 block public access: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html.
Related actions include:
DeletePublicAccessBlock: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeletePublicAccessBlock.html
PutPublicAccessBlock: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutPublicAccessBlock.html
get_public_access_block(Client, AccountId, QueryMap, HeadersMap, Options0)
View SourceThis operation is not supported by directory buckets.
Gets the Amazon S3 Storage Lens configuration. For more information, see Assessing your storage activity and usage with Amazon S3 Storage Lens : https://docs.aws.amazon.com/AmazonS3/latest/dev/storage_lens.html in the Amazon S3 User Guide. For a complete list of S3 Storage Lens metrics, see S3 Storage Lens metrics glossary: https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage_lens_metrics_glossary.html in the Amazon S3 User Guide.
To use this action, you must have permission to perform thes3:GetStorageLensConfiguration
action. For more information, see Setting permissions to use Amazon S3 Storage Lens: https://docs.aws.amazon.com/AmazonS3/latest/dev/storage_lens_iam_permissions.html in the Amazon S3 User Guide.
get_storage_lens_configuration(Client, ConfigId, AccountId, QueryMap, HeadersMap)
View Sourceget_storage_lens_configuration(Client, ConfigId, AccountId, QueryMap, HeadersMap, Options0)
View Sourceget_storage_lens_configuration_tagging(Client, ConfigId, AccountId)
View SourceThis operation is not supported by directory buckets.
Gets the tags of Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens : https://docs.aws.amazon.com/AmazonS3/latest/dev/storage_lens.html in the Amazon S3 User Guide.
To use this action, you must have permission to perform thes3:GetStorageLensConfigurationTagging
action. For more information, see Setting permissions to use Amazon S3 Storage Lens: https://docs.aws.amazon.com/AmazonS3/latest/dev/storage_lens_iam_permissions.html in the Amazon S3 User Guide.
get_storage_lens_configuration_tagging(Client, ConfigId, AccountId, QueryMap, HeadersMap)
View Sourceget_storage_lens_configuration_tagging(Client, ConfigId, AccountId, QueryMap, HeadersMap, Options0)
View SourceRetrieves the Storage Lens group configuration details.
To use this operation, you must have the permission to perform the s3:GetStorageLensGroup
action. For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups: https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage_lens_iam_permissions.html#storage_lens_groups_permissions.
get_storage_lens_group(Client, Name, AccountId, QueryMap, HeadersMap)
View Sourceget_storage_lens_group(Client, Name, AccountId, QueryMap, HeadersMap, Options0)
View SourceReturns the list of access grants in your S3 Access Grants instance.
- Permissions
You must have the
s3:ListAccessGrants
permission to use this operation.
list_access_grants(Client, AccountId, QueryMap, HeadersMap, Options0)
View SourceReturns a list of S3 Access Grants instances.
An S3 Access Grants instance serves as a logical grouping for your individual access grants. You can only have one S3 Access Grants instance per Region per account.
- Permissions
You must have the
s3:ListAccessGrantsInstances
permission to use this operation.
list_access_grants_instances(Client, AccountId, QueryMap, HeadersMap)
View Sourcelist_access_grants_instances(Client, AccountId, QueryMap, HeadersMap, Options0)
View SourceReturns a list of the locations registered in your S3 Access Grants instance.
- Permissions
You must have the
s3:ListAccessGrantsLocations
permission to use this operation.
list_access_grants_locations(Client, AccountId, QueryMap, HeadersMap)
View Sourcelist_access_grants_locations(Client, AccountId, QueryMap, HeadersMap, Options0)
View SourceThis operation is not supported by directory buckets.
Returns a list of the access points that are owned by the current account that's associated with the specified bucket. You can retrieve up to 1000 access points per call. If the specified bucket has more than 1,000 access points (or the number specified in maxResults
, whichever is less), the response will include a continuation token that you can use to list the additional access points.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetAccessPoint.html#API_control_GetAccessPoint_Examples section.
The following actions are related to ListAccessPoints
:
CreateAccessPoint: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateAccessPoint.html
DeleteAccessPoint: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteAccessPoint.html
GetAccessPoint: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetAccessPoint.html
list_access_points(Client, AccountId, QueryMap, HeadersMap, Options0)
View SourceThis operation is not supported by directory buckets.
Returns some or all (up to 1,000) access points associated with the Object Lambda Access Point per call. If there are more access points than what can be returned in one call, the response will include a continuation token that you can use to list the additional access points.
The following actions are related to ListAccessPointsForObjectLambda
:
CreateAccessPointForObjectLambda: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateAccessPointForObjectLambda.html
DeleteAccessPointForObjectLambda: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteAccessPointForObjectLambda.html
GetAccessPointForObjectLambda: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetAccessPointForObjectLambda.html
list_access_points_for_object_lambda(Client, AccountId, QueryMap, HeadersMap)
View Sourcelist_access_points_for_object_lambda(Client, AccountId, QueryMap, HeadersMap, Options0)
View SourceLists current S3 Batch Operations jobs as well as the jobs that have ended within the last 30 days for the Amazon Web Services account making the request.
For more information, see S3 Batch Operations: https://docs.aws.amazon.com/AmazonS3/latest/userguide/batch-ops.html in the Amazon S3 User Guide.
- Permissions
To use the
ListJobs
operation, you must have permission to perform thes3:ListJobs
action.
Related actions include:
CreateJob: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateJob.html
DescribeJob: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DescribeJob.html
UpdateJobPriority: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_UpdateJobPriority.html
UpdateJobStatus: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_UpdateJobStatus.html
This operation is not supported by directory buckets.
Returns a list of the Multi-Region Access Points currently associated with the specified Amazon Web Services account. Each call can return up to 100 Multi-Region Access Points, the maximum number of Multi-Region Access Points that can be associated with a single account.
This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around managing Multi-Region Access Points, see Managing Multi-Region Access Points: https://docs.aws.amazon.com/AmazonS3/latest/userguide/ManagingMultiRegionAccessPoints.html in the Amazon S3 User Guide.
The following actions are related to ListMultiRegionAccessPoint
:
CreateMultiRegionAccessPoint: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateMultiRegionAccessPoint.html
DeleteMultiRegionAccessPoint: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteMultiRegionAccessPoint.html
DescribeMultiRegionAccessPointOperation: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DescribeMultiRegionAccessPointOperation.html
GetMultiRegionAccessPoint: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetMultiRegionAccessPoint.html
list_multi_region_access_points(Client, AccountId, QueryMap, HeadersMap)
View Sourcelist_multi_region_access_points(Client, AccountId, QueryMap, HeadersMap, Options0)
View SourceThis operation is not supported by directory buckets.
Returns a list of all Outposts buckets in an Outpost that are owned by the authenticated sender of the request. For more information, see Using Amazon S3 on Outposts: https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html in the Amazon S3 User Guide.
For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix andx-amz-outpost-id
in your request, see the Examples: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_ListRegionalBuckets.html#API_control_ListRegionalBuckets_Examples section.
list_regional_buckets(Client, AccountId, QueryMap, HeadersMap, Options0)
View SourceThis operation is not supported by directory buckets.
Gets a list of Amazon S3 Storage Lens configurations. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens : https://docs.aws.amazon.com/AmazonS3/latest/dev/storage_lens.html in the Amazon S3 User Guide.
To use this action, you must have permission to perform thes3:ListStorageLensConfigurations
action. For more information, see Setting permissions to use Amazon S3 Storage Lens: https://docs.aws.amazon.com/AmazonS3/latest/dev/storage_lens_iam_permissions.html in the Amazon S3 User Guide.
list_storage_lens_configurations(Client, AccountId, QueryMap, HeadersMap)
View Sourcelist_storage_lens_configurations(Client, AccountId, QueryMap, HeadersMap, Options0)
View SourceLists all the Storage Lens groups in the specified home Region.
To use this operation, you must have the permission to perform the s3:ListStorageLensGroups
action. For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups: https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage_lens_iam_permissions.html#storage_lens_groups_permissions.
list_storage_lens_groups(Client, AccountId, QueryMap, HeadersMap, Options0)
View SourceThis operation allows you to list all the Amazon Web Services resource tags for a specified resource.
Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources.
- Permissions
You must have the
s3:ListTagsForResource
permission to use this operation.
This operation is only supported for S3 Storage Lens groups: https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage-lens-groups.html and for S3 Access Grants: https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-grants-tagging.html. The tagged resource can be an S3 Storage Lens group or S3 Access Grants instance, registered location, or grant.
For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups: https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage_lens_iam_permissions.html#storage_lens_groups_permissions.
For information about S3 Tagging errors, see List of Amazon S3 Tagging error codes: https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#S3TaggingErrorCodeList.list_tags_for_resource(Client, ResourceArn, AccountId, QueryMap, HeadersMap)
View Sourcelist_tags_for_resource(Client, ResourceArn, AccountId, QueryMap, HeadersMap, Options0)
View SourceUpdates the resource policy of the S3 Access Grants instance.
- Permissions
You must have the
s3:PutAccessGrantsInstanceResourcePolicy
permission to use this operation.
put_access_grants_instance_resource_policy(Client, Input0, Options0)
View Sourceput_access_point_configuration_for_object_lambda(Client, Name, Input)
View SourceThis operation is not supported by directory buckets.
Replaces configuration for an Object Lambda Access Point.
The following actions are related to PutAccessPointConfigurationForObjectLambda
:
GetAccessPointConfigurationForObjectLambda: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetAccessPointConfigurationForObjectLambda.html
put_access_point_configuration_for_object_lambda(Client, Name, Input0, Options0)
View SourceThis operation is not supported by directory buckets.
Associates an access policy with the specified access point. Each access point can have only one policy, so a request made to this API replaces any existing policy associated with the specified access point.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutAccessPointPolicy.html#API_control_PutAccessPointPolicy_Examples section.
The following actions are related to PutAccessPointPolicy
:
GetAccessPointPolicy: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetAccessPointPolicy.html
DeleteAccessPointPolicy: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteAccessPointPolicy.html
This operation is not supported by directory buckets.
Creates or replaces resource policy for an Object Lambda Access Point. For an example policy, see Creating Object Lambda Access Points: https://docs.aws.amazon.com/AmazonS3/latest/userguide/olap-create.html#olap-create-cli in the Amazon S3 User Guide.
The following actions are related to PutAccessPointPolicyForObjectLambda
:
DeleteAccessPointPolicyForObjectLambda: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteAccessPointPolicyForObjectLambda.html
GetAccessPointPolicyForObjectLambda: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetAccessPointPolicyForObjectLambda.html
put_access_point_policy_for_object_lambda(Client, Name, Input0, Options0)
View SourceThis action puts a lifecycle configuration to an Amazon S3 on Outposts bucket.
To put a lifecycle configuration to an S3 bucket, see PutBucketLifecycleConfiguration: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html in the Amazon S3 API Reference.
Creates a new lifecycle configuration for the S3 on Outposts bucket or replaces an existing lifecycle configuration. Outposts buckets only support lifecycle configurations that delete/expire objects after a certain period of time and abort incomplete multipart uploads.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutBucketLifecycleConfiguration.html#API_control_PutBucketLifecycleConfiguration_Examples section.
The following actions are related to PutBucketLifecycleConfiguration
:
GetBucketLifecycleConfiguration: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetBucketLifecycleConfiguration.html
DeleteBucketLifecycleConfiguration: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteBucketLifecycleConfiguration.html
put_bucket_lifecycle_configuration(Client, Bucket, Input0, Options0)
View SourceThis action puts a bucket policy to an Amazon S3 on Outposts bucket.
To put a policy on an S3 bucket, see PutBucketPolicy: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketPolicy.html in the Amazon S3 API Reference.
Applies an Amazon S3 bucket policy to an Outposts bucket. For more information, see Using Amazon S3 on Outposts: https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html in the Amazon S3 User Guide.
If you are using an identity other than the root user of the Amazon Web Services account that owns the Outposts bucket, the calling identity must have the PutBucketPolicy
permissions on the specified Outposts bucket and belong to the bucket owner's account in order to use this action.
If you don't have PutBucketPolicy
permissions, Amazon S3 returns a 403 Access Denied
error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 405 Method Not Allowed
error.
As a security precaution, the root user of the Amazon Web Services account that owns a bucket can always use this action, even if the policy explicitly denies the root user the ability to perform this action.
For more information about bucket policies, see Using Bucket Policies and User Policies: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutBucketPolicy.html#API_control_PutBucketPolicy_Examples section.
The following actions are related to PutBucketPolicy
:
GetBucketPolicy: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetBucketPolicy.html
DeleteBucketPolicy: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteBucketPolicy.html
This action creates an Amazon S3 on Outposts bucket's replication configuration.
To create an S3 bucket's replication configuration, see PutBucketReplication: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketReplication.html in the Amazon S3 API Reference.
Creates a replication configuration or replaces an existing one. For information about S3 replication on Outposts configuration, see Replicating objects for S3 on Outposts: https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3OutpostsReplication.html in the Amazon S3 User Guide.
It can take a while to propagate PUT
or DELETE
requests for a replication configuration to all S3 on Outposts systems. Therefore, the replication configuration that's returned by a GET
request soon after a PUT
or DELETE
request might return a more recent result than what's on the Outpost. If an Outpost is offline, the delay in updating the replication configuration on that Outpost can be significant.
Specify the replication configuration in the request body. In the replication configuration, you provide the following information:
The name of the destination bucket or buckets where you want S3 on Outposts to replicate objects
The Identity and Access Management (IAM) role that S3 on Outposts can assume to replicate objects on your behalf
Other relevant information, such as replication rules
A replication configuration must include at least one rule and can contain a maximum of 100. Each rule identifies a subset of objects to replicate by filtering the objects in the source Outposts bucket. To choose additional subsets of objects to replicate, add a rule for each subset.
To specify a subset of the objects in the source Outposts bucket to apply a replication rule to, add the Filter
element as a child of the Rule
element. You can filter objects based on an object key prefix, one or more object tags, or both. When you add the Filter
element in the configuration, you must also add the following elements: DeleteMarkerReplication
, Status
, and Priority
.
Using PutBucketReplication
on Outposts requires that both the source and destination buckets must have versioning enabled. For information about enabling versioning on a bucket, see Managing S3 Versioning for your S3 on Outposts bucket: https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3OutpostsManagingVersioning.html.
For information about S3 on Outposts replication failure reasons, see Replication failure reasons: https://docs.aws.amazon.com/AmazonS3/latest/userguide/outposts-replication-eventbridge.html#outposts-replication-failure-codes in the Amazon S3 User Guide.
Handling Replication of Encrypted Objects
Outposts buckets are encrypted at all times. All the objects in the source Outposts bucket are encrypted and can be replicated. Also, all the replicas in the destination Outposts bucket are encrypted with the same encryption key as the objects in the source Outposts bucket.
Permissions
To create a PutBucketReplication
request, you must have s3-outposts:PutReplicationConfiguration
permissions for the bucket. The Outposts bucket owner has this permission by default and can grant it to others. For more information about permissions, see Setting up IAM with S3 on Outposts: https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3OutpostsIAM.html and Managing access to S3 on Outposts buckets: https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3OutpostsBucketPolicy.html.
To perform this operation, the user or role must also have the iam:CreateRole
and iam:PassRole
permissions. For more information, see Granting a user permissions to pass a role to an Amazon Web Services service: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_passrole.html.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutBucketReplication.html#API_control_PutBucketReplication_Examples section.
The following operations are related to PutBucketReplication
:
GetBucketReplication: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetBucketReplication.html
DeleteBucketReplication: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteBucketReplication.html
This action puts tags on an Amazon S3 on Outposts bucket.
To put tags on an S3 bucket, see PutBucketTagging: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketTagging.html in the Amazon S3 API Reference.
Sets the tags for an S3 on Outposts bucket. For more information, see Using Amazon S3 on Outposts: https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html in the Amazon S3 User Guide.
Use tags to organize your Amazon Web Services bill to reflect your own cost structure. To do this, sign up to get your Amazon Web Services account bill with tag key values included. Then, to see the cost of combined resources, organize your billing information according to resources with the same tag key values. For example, you can tag several resources with a specific application name, and then organize your billing information to see the total cost of that application across several services. For more information, see Cost allocation and tagging: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloc-tags.html.
Within a bucket, if you add a tag that has the same key as an existing tag, the new value overwrites the old value. For more information, see Using cost allocation in Amazon S3 bucket tags: https://docs.aws.amazon.com/AmazonS3/latest/userguide/CostAllocTagging.html.
To use this action, you must have permissions to perform the s3-outposts:PutBucketTagging
action. The Outposts bucket owner has this permission by default and can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations: https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources and Managing access permissions to your Amazon S3 resources: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html.
PutBucketTagging
has the following special errors:
Error code:
InvalidTagError
Description: The tag provided was not a valid tag. This error can occur if the tag did not pass input validation. For information about tag restrictions, see User-Defined Tag Restrictions: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/allocation-tag-restrictions.html and Amazon Web Services-Generated Cost Allocation Tag Restrictions: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/aws-tag-restrictions.html.
Error code:
MalformedXMLError
Description: The XML provided does not match the schema.
Error code:
OperationAbortedError
Description: A conflicting conditional action is currently in progress against this resource. Try again.
Error code:
InternalError
Description: The service was unable to apply the provided tag to the bucket.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutBucketTagging.html#API_control_PutBucketTagging_Examples section.
The following actions are related to PutBucketTagging
:
GetBucketTagging: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetBucketTagging.html
DeleteBucketTagging: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteBucketTagging.html
This operation sets the versioning state for S3 on Outposts buckets only.
To set the versioning state for an S3 bucket, see PutBucketVersioning: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketVersioning.html in the Amazon S3 API Reference.
Sets the versioning state for an S3 on Outposts bucket. With S3 Versioning, you can save multiple distinct copies of your objects and recover from unintended user actions and application failures.
You can set the versioning state to one of the following:
Enabled - Enables versioning for the objects in the bucket. All objects added to the bucket receive a unique version ID.
Suspended - Suspends versioning for the objects in the bucket. All objects added to the bucket receive the version ID
null
.
If you've never set versioning on your bucket, it has no versioning state. In that case, a GetBucketVersioning: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetBucketVersioning.html request does not return a versioning state value.
When you enable S3 Versioning, for each object in your bucket, you have a current version and zero or more noncurrent versions. You can configure your bucket S3 Lifecycle rules to expire noncurrent versions after a specified time period. For more information, see Creating and managing a lifecycle configuration for your S3 on Outposts bucket: https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3OutpostsLifecycleManaging.html in the Amazon S3 User Guide.
If you have an object expiration lifecycle configuration in your non-versioned bucket and you want to maintain the same permanent delete behavior when you enable versioning, you must add a noncurrent expiration policy. The noncurrent expiration lifecycle configuration will manage the deletes of the noncurrent object versions in the version-enabled bucket. For more information, see Versioning: https://docs.aws.amazon.com/AmazonS3/latest/userguide/Versioning.html in the Amazon S3 User Guide.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutBucketVersioning.html#API_control_PutBucketVersioning_Examples section.
The following operations are related to PutBucketVersioning
for S3 on Outposts.
GetBucketVersioning: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetBucketVersioning.html
PutBucketLifecycleConfiguration: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutBucketLifecycleConfiguration.html
GetBucketLifecycleConfiguration: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetBucketLifecycleConfiguration.html
Sets the supplied tag-set on an S3 Batch Operations job.
A tag is a key-value pair. You can associate S3 Batch Operations tags with any job by sending a PUT request against the tagging subresource that is associated with the job. To modify the existing tag set, you can either replace the existing tag set entirely, or make changes within the existing tag set by retrieving the existing tag set using GetJobTagging: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetJobTagging.html, modify that tag set, and use this operation to replace the tag set with the one you modified. For more information, see Controlling access and labeling jobs using tags: https://docs.aws.amazon.com/AmazonS3/latest/dev/batch-ops-managing-jobs.html#batch-ops-job-tags in the Amazon S3 User Guide.
If you send this request with an empty tag set, Amazon S3 deletes the existing tag set on the Batch Operations job. If you use this method, you are charged for a Tier 1 Request (PUT). For more information, see Amazon S3 pricing: http://aws.amazon.com/s3/pricing/.
For deleting existing tags for your Batch Operations job, a DeleteJobTagging: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteJobTagging.html request is preferred because it achieves the same result without incurring charges.
A few things to consider about using tags:
Amazon S3 limits the maximum number of tags to 50 tags per job.
You can associate up to 50 tags with a job as long as they have unique tag keys.
A tag key can be up to 128 Unicode characters in length, and tag values can be up to 256 Unicode characters in length.
The key and values are case sensitive.
For tagging-related restrictions related to characters and encodings, see User-Defined Tag Restrictions: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/allocation-tag-restrictions.html in the Billing and Cost Management User Guide.
- Permissions
To use the
PutJobTagging
operation, you must have permission to perform thes3:PutJobTagging
action.
Related actions include:
CreateJob: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateJob.html
GetJobTagging: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetJobTagging.html
DeleteJobTagging: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteJobTagging.html
This operation is not supported by directory buckets.
Associates an access control policy with the specified Multi-Region Access Point. Each Multi-Region Access Point can have only one policy, so a request made to this action replaces any existing policy that is associated with the specified Multi-Region Access Point.
This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around managing Multi-Region Access Points, see Managing Multi-Region Access Points: https://docs.aws.amazon.com/AmazonS3/latest/userguide/ManagingMultiRegionAccessPoints.html in the Amazon S3 User Guide.
The following actions are related to PutMultiRegionAccessPointPolicy
:
GetMultiRegionAccessPointPolicy: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetMultiRegionAccessPointPolicy.html
GetMultiRegionAccessPointPolicyStatus: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetMultiRegionAccessPointPolicyStatus.html
This operation is not supported by directory buckets.
Creates or modifies the PublicAccessBlock
configuration for an Amazon Web Services account. For this operation, users must have the s3:PutAccountPublicAccessBlock
permission. For more information, see Using Amazon S3 block public access: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html.
Related actions include:
GetPublicAccessBlock: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetPublicAccessBlock.html
DeletePublicAccessBlock: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeletePublicAccessBlock.html
This operation is not supported by directory buckets.
Puts an Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Working with Amazon S3 Storage Lens: https://docs.aws.amazon.com/AmazonS3/latest/dev/storage_lens.html in the Amazon S3 User Guide. For a complete list of S3 Storage Lens metrics, see S3 Storage Lens metrics glossary: https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage_lens_metrics_glossary.html in the Amazon S3 User Guide.
To use this action, you must have permission to perform thes3:PutStorageLensConfiguration
action. For more information, see Setting permissions to use Amazon S3 Storage Lens: https://docs.aws.amazon.com/AmazonS3/latest/dev/storage_lens_iam_permissions.html in the Amazon S3 User Guide.
put_storage_lens_configuration(Client, ConfigId, Input0, Options0)
View SourceThis operation is not supported by directory buckets.
Put or replace tags on an existing Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens : https://docs.aws.amazon.com/AmazonS3/latest/dev/storage_lens.html in the Amazon S3 User Guide.
To use this action, you must have permission to perform thes3:PutStorageLensConfigurationTagging
action. For more information, see Setting permissions to use Amazon S3 Storage Lens: https://docs.aws.amazon.com/AmazonS3/latest/dev/storage_lens_iam_permissions.html in the Amazon S3 User Guide.
put_storage_lens_configuration_tagging(Client, ConfigId, Input0, Options0)
View SourceThis operation is not supported by directory buckets.
Submits an updated route configuration for a Multi-Region Access Point. This API operation updates the routing status for the specified Regions from active to passive, or from passive to active. A value of 0
indicates a passive status, which means that traffic won't be routed to the specified Region. A value of 100
indicates an active status, which means that traffic will be routed to the specified Region. At least one Region must be active at all times.
When the routing configuration is changed, any in-progress operations (uploads, copies, deletes, and so on) to formerly active Regions will continue to run to their final completion state (success or failure). The routing configurations of any Regions that aren’t specified remain unchanged.
Updated routing configurations might not be immediately applied. It can take up to 2 minutes for your changes to take effect.
To submit routing control changes and failover requests, use the Amazon S3 failover control infrastructure endpoints in these five Amazon Web Services Regions:
us-east-1
us-west-2
ap-southeast-2
ap-northeast-1
eu-west-1
submit_multi_region_access_point_routes(Client, Mrap, Input0, Options0)
View SourceCreates a new Amazon Web Services resource tag or updates an existing resource tag.
Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources. You can add up to 50 Amazon Web Services resource tags for each S3 resource.
This operation is only supported for S3 Storage Lens groups: https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage-lens-groups.html and for S3 Access Grants: https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-grants-tagging.html. The tagged resource can be an S3 Storage Lens group or S3 Access Grants instance, registered location, or grant.
- Permissions
You must have the
s3:TagResource
permission to use this operation.
For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups: https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage_lens_iam_permissions.html#storage_lens_groups_permissions.
For information about S3 Tagging errors, see List of Amazon S3 Tagging error codes: https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#S3TaggingErrorCodeList.This operation removes the specified Amazon Web Services resource tags from an S3 resource.
Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources.
This operation is only supported for S3 Storage Lens groups: https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage-lens-groups.html and for S3 Access Grants: https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-grants-tagging.html. The tagged resource can be an S3 Storage Lens group or S3 Access Grants instance, registered location, or grant.
- Permissions
You must have the
s3:UntagResource
permission to use this operation.
For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups: https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage_lens_iam_permissions.html#storage_lens_groups_permissions.
For information about S3 Tagging errors, see List of Amazon S3 Tagging error codes: https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#S3TaggingErrorCodeList.update_access_grants_location(Client, AccessGrantsLocationId, Input)
View SourceUpdates the IAM role of a registered location in your S3 Access Grants instance.
- Permissions
You must have the
s3:UpdateAccessGrantsLocation
permission to use this operation.- Additional Permissions
You must also have the following permission:
iam:PassRole
update_access_grants_location(Client, AccessGrantsLocationId, Input0, Options0)
View SourceUpdates an existing S3 Batch Operations job's priority.
For more information, see S3 Batch Operations: https://docs.aws.amazon.com/AmazonS3/latest/userguide/batch-ops.html in the Amazon S3 User Guide.
- Permissions
To use the
UpdateJobPriority
operation, you must have permission to perform thes3:UpdateJobPriority
action.
Related actions include:
CreateJob: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateJob.html
ListJobs: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_ListJobs.html
DescribeJob: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DescribeJob.html
UpdateJobStatus: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_UpdateJobStatus.html
Updates the status for the specified job.
Use this operation to confirm that you want to run a job or to cancel an existing job. For more information, see S3 Batch Operations: https://docs.aws.amazon.com/AmazonS3/latest/userguide/batch-ops.html in the Amazon S3 User Guide.
- Permissions
To use the
UpdateJobStatus
operation, you must have permission to perform thes3:UpdateJobStatus
action.
Related actions include:
CreateJob: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateJob.html
ListJobs: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_ListJobs.html
DescribeJob: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DescribeJob.html
UpdateJobStatus: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_UpdateJobStatus.html
Updates the existing Storage Lens group.
To use this operation, you must have the permission to perform the s3:UpdateStorageLensGroup
action. For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups: https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage_lens_iam_permissions.html#storage_lens_groups_permissions.