CreateAccessGrantsInstance
Creates an S3 Access Grants instance, which serves as a logical grouping for access grants. You can create one S3 Access Grants instance per Region per account.
- Permissions
-
You must have the
s3:CreateAccessGrantsInstancepermission to use this operation. - Additional Permissions
-
To associate an IAM Identity Center instance with your S3 Access Grants instance, you must also have the
sso:DescribeInstance,sso:CreateApplication,sso:PutApplicationGrant, andsso:PutApplicationAuthenticationMethodpermissions.
Request Syntax
POST /v20180820/accessgrantsinstance HTTP/1.1
Host: s3-control.amazonaws.com
x-amz-account-id: AccountId
<?xml version="1.0" encoding="UTF-8"?>
<CreateAccessGrantsInstanceRequest xmlns="http://awss3control.amazonaws.com/doc/2018-08-20/">
<IdentityCenterArn>string</IdentityCenterArn>
<Tags>
<Tag>
<Key>string</Key>
<Value>string</Value>
</Tag>
</Tags>
</CreateAccessGrantsInstanceRequest>URI Request Parameters
The request uses the following URI parameters.
- x-amz-account-id
-
The AWS account ID of the S3 Access Grants instance.
Length Constraints: Maximum length of 64.
Pattern:
^\d{12}$Required: Yes
Request Body
The request accepts the following data in XML format.
- CreateAccessGrantsInstanceRequest
-
Root level tag for the CreateAccessGrantsInstanceRequest parameters.
Required: Yes
- IdentityCenterArn
-
If you would like to associate your S3 Access Grants instance with an AWS IAM Identity Center instance, use this field to pass the Amazon Resource Name (ARN) of the AWS IAM Identity Center instance that you are associating with your S3 Access Grants instance. An IAM Identity Center instance is your corporate identity directory that you added to the IAM Identity Center. You can use the ListInstances API operation to retrieve a list of your Identity Center instances and their ARNs.
Type: String
Length Constraints: Minimum length of 10. Maximum length of 1224.
Pattern:
arn:[^:]+:sso::(\d{12}){0,1}:instance/.*$Required: No
- Tags
-
The AWS resource tags that you are adding to the S3 Access Grants instance. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources.
Type: Array of Tag data types
Array Members: Minimum number of 0 items. Maximum number of 50 items.
Required: No
Response Syntax
HTTP/1.1 200
<?xml version="1.0" encoding="UTF-8"?>
<CreateAccessGrantsInstanceResult>
<CreatedAt>timestamp</CreatedAt>
<AccessGrantsInstanceId>string</AccessGrantsInstanceId>
<AccessGrantsInstanceArn>string</AccessGrantsInstanceArn>
<IdentityCenterArn>string</IdentityCenterArn>
<IdentityCenterInstanceArn>string</IdentityCenterInstanceArn>
<IdentityCenterApplicationArn>string</IdentityCenterApplicationArn>
</CreateAccessGrantsInstanceResult>Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in XML format by the service.
- CreateAccessGrantsInstanceResult
-
Root level tag for the CreateAccessGrantsInstanceResult parameters.
Required: Yes
- AccessGrantsInstanceArn
-
The Amazon Resource Name (ARN) of the AWS IAM Identity Center instance that you are associating with your S3 Access Grants instance. An IAM Identity Center instance is your corporate identity directory that you added to the IAM Identity Center. You can use the ListInstances API operation to retrieve a list of your Identity Center instances and their ARNs.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 2048.
Pattern:
arn:[a-z\-]+:s3:[a-z0-9\-]+:\d{12}:access\-grants\/[a-zA-Z0-9\-]+ - AccessGrantsInstanceId
-
The ID of the S3 Access Grants instance. The ID is
default. You can have one S3 Access Grants instance per Region per account.Type: String
Length Constraints: Minimum length of 1. Maximum length of 64.
Pattern:
[a-zA-Z0-9\-]+ - CreatedAt
-
The date and time when you created the S3 Access Grants instance.
Type: Timestamp
- IdentityCenterApplicationArn
-
If you associated your S3 Access Grants instance with an AWS IAM Identity Center instance, this field returns the Amazon Resource Name (ARN) of the IAM Identity Center instance application; a subresource of the original Identity Center instance. S3 Access Grants creates this Identity Center application for the specific S3 Access Grants instance.
Type: String
Length Constraints: Minimum length of 10. Maximum length of 1224.
Pattern:
arn:[^:]+:sso::\d{12}:application/.*$ - IdentityCenterArn
-
This parameter has been deprecated.
If you associated your S3 Access Grants instance with an AWS IAM Identity Center instance, this field returns the Amazon Resource Name (ARN) of the IAM Identity Center instance application; a subresource of the original Identity Center instance. S3 Access Grants creates this Identity Center application for the specific S3 Access Grants instance.
Type: String
Length Constraints: Minimum length of 10. Maximum length of 1224.
Pattern:
arn:[^:]+:sso::(\d{12}){0,1}:instance/.*$ - IdentityCenterInstanceArn
-
The Amazon Resource Name (ARN) of the AWS IAM Identity Center instance that you are associating with your S3 Access Grants instance. An IAM Identity Center instance is your corporate identity directory that you added to the IAM Identity Center. You can use the ListInstances API operation to retrieve a list of your Identity Center instances and their ARNs.
Type: String
Length Constraints: Minimum length of 10. Maximum length of 1224.
Pattern:
arn:[^:]+:sso::(\d{12}){0,1}:instance/.*$
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
