SDK for PHP 3.x

Client: Aws\S3Control\S3ControlClient
Service ID: s3control
Version: 2018-08-20

This page describes the parameters and results for the operations of the AWS S3 Control (2018-08-20), and shows how to use the Aws\S3Control\S3ControlClient object to call the described operations. This documentation is specific to the 2018-08-20 API version of the service.

Operation Summary

Each of the following operations can be created from a client using $client->getCommand('CommandName'), where "CommandName" is the name of one of the following operations. Note: a command is a value that encapsulates an operation and the parameters used to create an HTTP request.

You can also create and send a command immediately using the magic methods available on a client object: $client->commandName(/* parameters */). You can send the command asynchronously (returning a promise) by appending the word "Async" to the operation name: $client->commandNameAsync(/* parameters */).

AssociateAccessGrantsIdentityCenter ( array $params = [] )
Associate your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance.
CreateAccessGrant ( array $params = [] )
Creates an access grant that gives a grantee access to your S3 data.
CreateAccessGrantsInstance ( array $params = [] )
Creates an S3 Access Grants instance, which serves as a logical grouping for access grants.
CreateAccessGrantsLocation ( array $params = [] )
The S3 data location that you would like to register in your S3 Access Grants instance.
CreateAccessPoint ( array $params = [] )
This operation is not supported by directory buckets.
CreateAccessPointForObjectLambda ( array $params = [] )
This operation is not supported by directory buckets.
CreateBucket ( array $params = [] )
This action creates an Amazon S3 on Outposts bucket.
CreateJob ( array $params = [] )
This operation creates an S3 Batch Operations job.
CreateMultiRegionAccessPoint ( array $params = [] )
This operation is not supported by directory buckets.
CreateStorageLensGroup ( array $params = [] )
Creates a new S3 Storage Lens group and associates it with the specified Amazon Web Services account ID.
DeleteAccessGrant ( array $params = [] )
Deletes the access grant from the S3 Access Grants instance.
DeleteAccessGrantsInstance ( array $params = [] )
Deletes your S3 Access Grants instance.
DeleteAccessGrantsInstanceResourcePolicy ( array $params = [] )
Deletes the resource policy of the S3 Access Grants instance.
DeleteAccessGrantsLocation ( array $params = [] )
Deregisters a location from your S3 Access Grants instance.
DeleteAccessPoint ( array $params = [] )
This operation is not supported by directory buckets.
DeleteAccessPointForObjectLambda ( array $params = [] )
This operation is not supported by directory buckets.
DeleteAccessPointPolicy ( array $params = [] )
This operation is not supported by directory buckets.
DeleteAccessPointPolicyForObjectLambda ( array $params = [] )
This operation is not supported by directory buckets.
DeleteBucket ( array $params = [] )
This action deletes an Amazon S3 on Outposts bucket.
DeleteBucketLifecycleConfiguration ( array $params = [] )
This action deletes an Amazon S3 on Outposts bucket's lifecycle configuration.
DeleteBucketPolicy ( array $params = [] )
This action deletes an Amazon S3 on Outposts bucket policy.
DeleteBucketReplication ( array $params = [] )
This operation deletes an Amazon S3 on Outposts bucket's replication configuration.
DeleteBucketTagging ( array $params = [] )
This action deletes an Amazon S3 on Outposts bucket's tags.
DeleteJobTagging ( array $params = [] )
Removes the entire tag set from the specified S3 Batch Operations job.
DeleteMultiRegionAccessPoint ( array $params = [] )
This operation is not supported by directory buckets.
DeletePublicAccessBlock ( array $params = [] )
This operation is not supported by directory buckets.
DeleteStorageLensConfiguration ( array $params = [] )
This operation is not supported by directory buckets.
DeleteStorageLensConfigurationTagging ( array $params = [] )
This operation is not supported by directory buckets.
DeleteStorageLensGroup ( array $params = [] )
Deletes an existing S3 Storage Lens group.
DescribeJob ( array $params = [] )
Retrieves the configuration parameters and status for a Batch Operations job.
DescribeMultiRegionAccessPointOperation ( array $params = [] )
This operation is not supported by directory buckets.
DissociateAccessGrantsIdentityCenter ( array $params = [] )
Dissociates the Amazon Web Services IAM Identity Center instance from the S3 Access Grants instance.
GetAccessGrant ( array $params = [] )
Get the details of an access grant from your S3 Access Grants instance.
GetAccessGrantsInstance ( array $params = [] )
Retrieves the S3 Access Grants instance for a Region in your account.
GetAccessGrantsInstanceForPrefix ( array $params = [] )
Retrieve the S3 Access Grants instance that contains a particular prefix.
GetAccessGrantsInstanceResourcePolicy ( array $params = [] )
Returns the resource policy of the S3 Access Grants instance.
GetAccessGrantsLocation ( array $params = [] )
Retrieves the details of a particular location registered in your S3 Access Grants instance.
GetAccessPoint ( array $params = [] )
This operation is not supported by directory buckets.
GetAccessPointConfigurationForObjectLambda ( array $params = [] )
This operation is not supported by directory buckets.
GetAccessPointForObjectLambda ( array $params = [] )
This operation is not supported by directory buckets.
GetAccessPointPolicy ( array $params = [] )
This operation is not supported by directory buckets.
GetAccessPointPolicyForObjectLambda ( array $params = [] )
This operation is not supported by directory buckets.
GetAccessPointPolicyStatus ( array $params = [] )
This operation is not supported by directory buckets.
GetAccessPointPolicyStatusForObjectLambda ( array $params = [] )
This operation is not supported by directory buckets.
GetBucket ( array $params = [] )
Gets an Amazon S3 on Outposts bucket.
GetBucketLifecycleConfiguration ( array $params = [] )
This action gets an Amazon S3 on Outposts bucket's lifecycle configuration.
GetBucketPolicy ( array $params = [] )
This action gets a bucket policy for an Amazon S3 on Outposts bucket.
GetBucketReplication ( array $params = [] )
This operation gets an Amazon S3 on Outposts bucket's replication configuration.
GetBucketTagging ( array $params = [] )
This action gets an Amazon S3 on Outposts bucket's tags.
GetBucketVersioning ( array $params = [] )
This operation returns the versioning state for S3 on Outposts buckets only.
GetDataAccess ( array $params = [] )
Returns a temporary access credential from S3 Access Grants to the grantee or client application.
GetJobTagging ( array $params = [] )
Returns the tags on an S3 Batch Operations job.
GetMultiRegionAccessPoint ( array $params = [] )
This operation is not supported by directory buckets.
GetMultiRegionAccessPointPolicy ( array $params = [] )
This operation is not supported by directory buckets.
GetMultiRegionAccessPointPolicyStatus ( array $params = [] )
This operation is not supported by directory buckets.
GetMultiRegionAccessPointRoutes ( array $params = [] )
This operation is not supported by directory buckets.
GetPublicAccessBlock ( array $params = [] )
This operation is not supported by directory buckets.
GetStorageLensConfiguration ( array $params = [] )
This operation is not supported by directory buckets.
GetStorageLensConfigurationTagging ( array $params = [] )
This operation is not supported by directory buckets.
GetStorageLensGroup ( array $params = [] )
Retrieves the Storage Lens group configuration details.
ListAccessGrants ( array $params = [] )
Returns the list of access grants in your S3 Access Grants instance.
ListAccessGrantsInstances ( array $params = [] )
Returns a list of S3 Access Grants instances.
ListAccessGrantsLocations ( array $params = [] )
Returns a list of the locations registered in your S3 Access Grants instance.
ListAccessPoints ( array $params = [] )
This operation is not supported by directory buckets.
ListAccessPointsForObjectLambda ( array $params = [] )
This operation is not supported by directory buckets.
ListCallerAccessGrants ( array $params = [] )
Use this API to list the access grants that grant the caller access to Amazon S3 data through S3 Access Grants.
ListJobs ( array $params = [] )
Lists current S3 Batch Operations jobs as well as the jobs that have ended within the last 90 days for the Amazon Web Services account making the request.
ListMultiRegionAccessPoints ( array $params = [] )
This operation is not supported by directory buckets.
ListRegionalBuckets ( array $params = [] )
This operation is not supported by directory buckets.
ListStorageLensConfigurations ( array $params = [] )
This operation is not supported by directory buckets.
ListStorageLensGroups ( array $params = [] )
Lists all the Storage Lens groups in the specified home Region.
ListTagsForResource ( array $params = [] )
This operation allows you to list all the Amazon Web Services resource tags for a specified resource.
PutAccessGrantsInstanceResourcePolicy ( array $params = [] )
Updates the resource policy of the S3 Access Grants instance.
PutAccessPointConfigurationForObjectLambda ( array $params = [] )
This operation is not supported by directory buckets.
PutAccessPointPolicy ( array $params = [] )
This operation is not supported by directory buckets.
PutAccessPointPolicyForObjectLambda ( array $params = [] )
This operation is not supported by directory buckets.
PutBucketLifecycleConfiguration ( array $params = [] )
This action puts a lifecycle configuration to an Amazon S3 on Outposts bucket.
PutBucketPolicy ( array $params = [] )
This action puts a bucket policy to an Amazon S3 on Outposts bucket.
PutBucketReplication ( array $params = [] )
This action creates an Amazon S3 on Outposts bucket's replication configuration.
PutBucketTagging ( array $params = [] )
This action puts tags on an Amazon S3 on Outposts bucket.
PutBucketVersioning ( array $params = [] )
This operation sets the versioning state for S3 on Outposts buckets only.
PutJobTagging ( array $params = [] )
Sets the supplied tag-set on an S3 Batch Operations job.
PutMultiRegionAccessPointPolicy ( array $params = [] )
This operation is not supported by directory buckets.
PutPublicAccessBlock ( array $params = [] )
This operation is not supported by directory buckets.
PutStorageLensConfiguration ( array $params = [] )
This operation is not supported by directory buckets.
PutStorageLensConfigurationTagging ( array $params = [] )
This operation is not supported by directory buckets.
SubmitMultiRegionAccessPointRoutes ( array $params = [] )
This operation is not supported by directory buckets.
TagResource ( array $params = [] )
Creates a new Amazon Web Services resource tag or updates an existing resource tag.
UntagResource ( array $params = [] )
This operation removes the specified Amazon Web Services resource tags from an S3 resource.
UpdateAccessGrantsLocation ( array $params = [] )
Updates the IAM role of a registered location in your S3 Access Grants instance.
UpdateJobPriority ( array $params = [] )
Updates an existing S3 Batch Operations job's priority.
UpdateJobStatus ( array $params = [] )
Updates the status for the specified job.
UpdateStorageLensGroup ( array $params = [] )
Updates the existing Storage Lens group.

Paginators

Paginators handle automatically iterating over paginated API results. Paginators are associated with specific API operations, and they accept the parameters that the corresponding API operation accepts. You can get a paginator from a client class using getPaginator($paginatorName, $operationParameters). This client supports the following paginators:

ListAccessGrants
ListAccessGrantsInstances
ListAccessGrantsLocations
ListAccessPoints
ListAccessPointsForObjectLambda
ListCallerAccessGrants
ListJobs
ListMultiRegionAccessPoints
ListRegionalBuckets
ListStorageLensConfigurations
ListStorageLensGroups

Operations

AssociateAccessGrantsIdentityCenter

$result = $client->associateAccessGrantsIdentityCenter([/* ... */]);
$promise = $client->associateAccessGrantsIdentityCenterAsync([/* ... */]);

Associate your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance. Use this action if you want to create access grants for users or groups from your corporate identity directory. First, you must add your corporate identity directory to Amazon Web Services IAM Identity Center. Then, you can associate this IAM Identity Center instance with your S3 Access Grants instance.

Permissions

You must have the s3:AssociateAccessGrantsIdentityCenter permission to use this operation.

Additional Permissions

You must also have the following permissions: sso:CreateApplication, sso:PutApplicationGrant, and sso:PutApplicationAuthenticationMethod.

Parameter Syntax

$result = $client->associateAccessGrantsIdentityCenter([
    'AccountId' => '<string>', // REQUIRED
    'IdentityCenterArn' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID of the S3 Access Grants instance.

IdentityCenterArn
Required: Yes
Type: string

The Amazon Resource Name (ARN) of the Amazon Web Services IAM Identity Center instance that you are associating with your S3 Access Grants instance. An IAM Identity Center instance is your corporate identity directory that you added to the IAM Identity Center. You can use the ListInstances API operation to retrieve a list of your Identity Center instances and their ARNs.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

CreateAccessGrant

$result = $client->createAccessGrant([/* ... */]);
$promise = $client->createAccessGrantAsync([/* ... */]);

Creates an access grant that gives a grantee access to your S3 data. The grantee can be an IAM user or role or a directory user, or group. Before you can create a grant, you must have an S3 Access Grants instance in the same Region as the S3 data. You can create an S3 Access Grants instance using the CreateAccessGrantsInstance. You must also have registered at least one S3 data location in your S3 Access Grants instance using CreateAccessGrantsLocation.

Permissions

You must have the s3:CreateAccessGrant permission to use this operation.

Additional Permissions

For any directory identity - sso:DescribeInstance and sso:DescribeApplication

For directory users - identitystore:DescribeUser

For directory groups - identitystore:DescribeGroup

Parameter Syntax

$result = $client->createAccessGrant([
    'AccessGrantsLocationConfiguration' => [
        'S3SubPrefix' => '<string>',
    ],
    'AccessGrantsLocationId' => '<string>', // REQUIRED
    'AccountId' => '<string>', // REQUIRED
    'ApplicationArn' => '<string>',
    'Grantee' => [ // REQUIRED
        'GranteeIdentifier' => '<string>',
        'GranteeType' => 'DIRECTORY_USER|DIRECTORY_GROUP|IAM',
    ],
    'Permission' => 'READ|WRITE|READWRITE', // REQUIRED
    'S3PrefixType' => 'Object',
    'Tags' => [
        [
            'Key' => '<string>', // REQUIRED
            'Value' => '<string>', // REQUIRED
        ],
        // ...
    ],
]);

Parameter Details

Members
AccessGrantsLocationConfiguration

The configuration options of the grant location. The grant location is the S3 path to the data to which you are granting access. It contains the S3SubPrefix field. The grant scope is the result of appending the subprefix to the location scope of the registered location.

AccessGrantsLocationId
Required: Yes
Type: string

The ID of the registered location to which you are granting access. S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID default to the default location s3:// and assigns an auto-generated ID to other locations that you register.

If you are passing the default location, you cannot create an access grant for the entire default location. You must also specify a bucket or a bucket and prefix in the Subprefix field.

AccountId
Required: Yes
Type: string

The Amazon Web Services account ID of the S3 Access Grants instance.

ApplicationArn
Type: string

The Amazon Resource Name (ARN) of an Amazon Web Services IAM Identity Center application associated with your Identity Center instance. If an application ARN is included in the request to create an access grant, the grantee can only access the S3 data through this application.

Grantee
Required: Yes
Type: Grantee structure

The user, group, or role to which you are granting access. You can grant access to an IAM user or role. If you have added your corporate directory to Amazon Web Services IAM Identity Center and associated your Identity Center instance with your S3 Access Grants instance, the grantee can also be a corporate directory user or group.

Permission
Required: Yes
Type: string

The type of access that you are granting to your S3 data, which can be set to one of the following values:

  • READ – Grant read-only access to the S3 data.

  • WRITE – Grant write-only access to the S3 data.

  • READWRITE – Grant both read and write access to the S3 data.

S3PrefixType
Type: string

The type of S3SubPrefix. The only possible value is Object. Pass this value if the access grant scope is an object. Do not pass this value if the access grant scope is a bucket or a bucket and a prefix.

Tags
Type: Array of Tag structures

The Amazon Web Services resource tags that you are adding to the access grant. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources.

Result Syntax

[
    'AccessGrantArn' => '<string>',
    'AccessGrantId' => '<string>',
    'AccessGrantsLocationConfiguration' => [
        'S3SubPrefix' => '<string>',
    ],
    'AccessGrantsLocationId' => '<string>',
    'ApplicationArn' => '<string>',
    'CreatedAt' => <DateTime>,
    'GrantScope' => '<string>',
    'Grantee' => [
        'GranteeIdentifier' => '<string>',
        'GranteeType' => 'DIRECTORY_USER|DIRECTORY_GROUP|IAM',
    ],
    'Permission' => 'READ|WRITE|READWRITE',
]

Result Details

Members
AccessGrantArn
Type: string

The Amazon Resource Name (ARN) of the access grant.

AccessGrantId
Type: string

The ID of the access grant. S3 Access Grants auto-generates this ID when you create the access grant.

AccessGrantsLocationConfiguration

The configuration options of the grant location. The grant location is the S3 path to the data to which you are granting access.

AccessGrantsLocationId
Type: string

The ID of the registered location to which you are granting access. S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID default to the default location s3:// and assigns an auto-generated ID to other locations that you register.

ApplicationArn
Type: string

The Amazon Resource Name (ARN) of an Amazon Web Services IAM Identity Center application associated with your Identity Center instance. If the grant includes an application ARN, the grantee can only access the S3 data through this application.

CreatedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time when you created the access grant.

GrantScope
Type: string

The S3 path of the data to which you are granting access. It is the result of appending the Subprefix to the location scope.

Grantee
Type: Grantee structure

The user, group, or role to which you are granting access. You can grant access to an IAM user or role. If you have added your corporate directory to Amazon Web Services IAM Identity Center and associated your Identity Center instance with your S3 Access Grants instance, the grantee can also be a corporate directory user or group.

Permission
Type: string

The type of access that you are granting to your S3 data, which can be set to one of the following values:

  • READ – Grant read-only access to the S3 data.

  • WRITE – Grant write-only access to the S3 data.

  • READWRITE – Grant both read and write access to the S3 data.

Errors

There are no errors described for this operation.

CreateAccessGrantsInstance

$result = $client->createAccessGrantsInstance([/* ... */]);
$promise = $client->createAccessGrantsInstanceAsync([/* ... */]);

Creates an S3 Access Grants instance, which serves as a logical grouping for access grants. You can create one S3 Access Grants instance per Region per account.

Permissions

You must have the s3:CreateAccessGrantsInstance permission to use this operation.

Additional Permissions

To associate an IAM Identity Center instance with your S3 Access Grants instance, you must also have the sso:DescribeInstance, sso:CreateApplication, sso:PutApplicationGrant, and sso:PutApplicationAuthenticationMethod permissions.

Parameter Syntax

$result = $client->createAccessGrantsInstance([
    'AccountId' => '<string>', // REQUIRED
    'IdentityCenterArn' => '<string>',
    'Tags' => [
        [
            'Key' => '<string>', // REQUIRED
            'Value' => '<string>', // REQUIRED
        ],
        // ...
    ],
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID of the S3 Access Grants instance.

IdentityCenterArn
Type: string

If you would like to associate your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance, use this field to pass the Amazon Resource Name (ARN) of the Amazon Web Services IAM Identity Center instance that you are associating with your S3 Access Grants instance. An IAM Identity Center instance is your corporate identity directory that you added to the IAM Identity Center. You can use the ListInstances API operation to retrieve a list of your Identity Center instances and their ARNs.

Tags
Type: Array of Tag structures

The Amazon Web Services resource tags that you are adding to the S3 Access Grants instance. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources.

Result Syntax

[
    'AccessGrantsInstanceArn' => '<string>',
    'AccessGrantsInstanceId' => '<string>',
    'CreatedAt' => <DateTime>,
    'IdentityCenterApplicationArn' => '<string>',
    'IdentityCenterArn' => '<string>',
    'IdentityCenterInstanceArn' => '<string>',
]

Result Details

Members
AccessGrantsInstanceArn
Type: string

The Amazon Resource Name (ARN) of the Amazon Web Services IAM Identity Center instance that you are associating with your S3 Access Grants instance. An IAM Identity Center instance is your corporate identity directory that you added to the IAM Identity Center. You can use the ListInstances API operation to retrieve a list of your Identity Center instances and their ARNs.

AccessGrantsInstanceId
Type: string

The ID of the S3 Access Grants instance. The ID is default. You can have one S3 Access Grants instance per Region per account.

CreatedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time when you created the S3 Access Grants instance.

IdentityCenterApplicationArn
Type: string

If you associated your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance, this field returns the Amazon Resource Name (ARN) of the IAM Identity Center instance application; a subresource of the original Identity Center instance. S3 Access Grants creates this Identity Center application for the specific S3 Access Grants instance.

IdentityCenterArn
Type: string

If you associated your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance, this field returns the Amazon Resource Name (ARN) of the IAM Identity Center instance application; a subresource of the original Identity Center instance. S3 Access Grants creates this Identity Center application for the specific S3 Access Grants instance.

IdentityCenterInstanceArn
Type: string

The Amazon Resource Name (ARN) of the Amazon Web Services IAM Identity Center instance that you are associating with your S3 Access Grants instance. An IAM Identity Center instance is your corporate identity directory that you added to the IAM Identity Center. You can use the ListInstances API operation to retrieve a list of your Identity Center instances and their ARNs.

Errors

There are no errors described for this operation.

CreateAccessGrantsLocation

$result = $client->createAccessGrantsLocation([/* ... */]);
$promise = $client->createAccessGrantsLocationAsync([/* ... */]);

The S3 data location that you would like to register in your S3 Access Grants instance. Your S3 data must be in the same Region as your S3 Access Grants instance. The location can be one of the following:

  • The default S3 location s3://

  • A bucket - S3://<bucket-name>

  • A bucket and prefix - S3://<bucket-name>/<prefix>

When you register a location, you must include the IAM role that has permission to manage the S3 location that you are registering. Give S3 Access Grants permission to assume this role using a policy. S3 Access Grants assumes this role to manage access to the location and to vend temporary credentials to grantees or client applications.

Permissions

You must have the s3:CreateAccessGrantsLocation permission to use this operation.

Additional Permissions

You must also have the following permission for the specified IAM role: iam:PassRole

Parameter Syntax

$result = $client->createAccessGrantsLocation([
    'AccountId' => '<string>', // REQUIRED
    'IAMRoleArn' => '<string>', // REQUIRED
    'LocationScope' => '<string>', // REQUIRED
    'Tags' => [
        [
            'Key' => '<string>', // REQUIRED
            'Value' => '<string>', // REQUIRED
        ],
        // ...
    ],
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID of the S3 Access Grants instance.

IAMRoleArn
Required: Yes
Type: string

The Amazon Resource Name (ARN) of the IAM role for the registered location. S3 Access Grants assumes this role to manage access to the registered location.

LocationScope
Required: Yes
Type: string

The S3 path to the location that you are registering. The location scope can be the default S3 location s3://, the S3 path to a bucket s3://<bucket>, or the S3 path to a bucket and prefix s3://<bucket>/<prefix>. A prefix in S3 is a string of characters at the beginning of an object key name used to organize the objects that you store in your S3 buckets. For example, object key names that start with the engineering/ prefix or object key names that start with the marketing/campaigns/ prefix.

Tags
Type: Array of Tag structures

The Amazon Web Services resource tags that you are adding to the S3 Access Grants location. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources.

Result Syntax

[
    'AccessGrantsLocationArn' => '<string>',
    'AccessGrantsLocationId' => '<string>',
    'CreatedAt' => <DateTime>,
    'IAMRoleArn' => '<string>',
    'LocationScope' => '<string>',
]

Result Details

Members
AccessGrantsLocationArn
Type: string

The Amazon Resource Name (ARN) of the location you are registering.

AccessGrantsLocationId
Type: string

The ID of the registered location to which you are granting access. S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID default to the default location s3:// and assigns an auto-generated ID to other locations that you register.

CreatedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time when you registered the location.

IAMRoleArn
Type: string

The Amazon Resource Name (ARN) of the IAM role for the registered location. S3 Access Grants assumes this role to manage access to the registered location.

LocationScope
Type: string

The S3 URI path to the location that you are registering. The location scope can be the default S3 location s3://, the S3 path to a bucket, or the S3 path to a bucket and prefix. A prefix in S3 is a string of characters at the beginning of an object key name used to organize the objects that you store in your S3 buckets. For example, object key names that start with the engineering/ prefix or object key names that start with the marketing/campaigns/ prefix.

Errors

There are no errors described for this operation.

CreateAccessPoint

$result = $client->createAccessPoint([/* ... */]);
$promise = $client->createAccessPointAsync([/* ... */]);

This operation is not supported by directory buckets.

Creates an access point and associates it with the specified bucket. For more information, see Managing Data Access with Amazon S3 Access Points in the Amazon S3 User Guide.

S3 on Outposts only supports VPC-style access points.

For more information, see Accessing Amazon S3 on Outposts using virtual private cloud (VPC) only access points in the Amazon S3 User Guide.

All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

The following actions are related to CreateAccessPoint:

Parameter Syntax

$result = $client->createAccessPoint([
    'AccountId' => '<string>', // REQUIRED
    'Bucket' => '<string>', // REQUIRED
    'BucketAccountId' => '<string>',
    'Name' => '<string>', // REQUIRED
    'PublicAccessBlockConfiguration' => [
        'BlockPublicAcls' => true || false,
        'BlockPublicPolicy' => true || false,
        'IgnorePublicAcls' => true || false,
        'RestrictPublicBuckets' => true || false,
    ],
    'VpcConfiguration' => [
        'VpcId' => '<string>', // REQUIRED
    ],
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID for the account that owns the specified access point.

Bucket
Required: Yes
Type: string

The name of the bucket that you want to associate this access point with.

For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.

BucketAccountId
Type: string

The Amazon Web Services account ID associated with the S3 bucket associated with this access point.

For same account access point when your bucket and access point belong to the same account owner, the BucketAccountId is not required. For cross-account access point when your bucket and access point are not in the same account, the BucketAccountId is required.

Name
Required: Yes
Type: string

The name you want to assign to this access point.

PublicAccessBlockConfiguration

The PublicAccessBlock configuration that you want to apply to the access point.

VpcConfiguration
Type: VpcConfiguration structure

If you include this field, Amazon S3 restricts access to this access point to requests from the specified virtual private cloud (VPC).

This is required for creating an access point for Amazon S3 on Outposts buckets.

Result Syntax

[
    'AccessPointArn' => '<string>',
    'Alias' => '<string>',
]

Result Details

Members
AccessPointArn
Type: string

The ARN of the access point.

This is only supported by Amazon S3 on Outposts.

Alias
Type: string

The name or alias of the access point.

Errors

There are no errors described for this operation.

CreateAccessPointForObjectLambda

$result = $client->createAccessPointForObjectLambda([/* ... */]);
$promise = $client->createAccessPointForObjectLambdaAsync([/* ... */]);

This operation is not supported by directory buckets.

Creates an Object Lambda Access Point. For more information, see Transforming objects with Object Lambda Access Points in the Amazon S3 User Guide.

The following actions are related to CreateAccessPointForObjectLambda:

Parameter Syntax

$result = $client->createAccessPointForObjectLambda([
    'AccountId' => '<string>', // REQUIRED
    'Configuration' => [ // REQUIRED
        'AllowedFeatures' => ['<string>', ...],
        'CloudWatchMetricsEnabled' => true || false,
        'SupportingAccessPoint' => '<string>', // REQUIRED
        'TransformationConfigurations' => [ // REQUIRED
            [
                'Actions' => ['<string>', ...], // REQUIRED
                'ContentTransformation' => [ // REQUIRED
                    'AwsLambda' => [
                        'FunctionArn' => '<string>', // REQUIRED
                        'FunctionPayload' => '<string>',
                    ],
                ],
            ],
            // ...
        ],
    ],
    'Name' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID for owner of the specified Object Lambda Access Point.

Configuration
Required: Yes
Type: ObjectLambdaConfiguration structure

Object Lambda Access Point configuration as a JSON document.

Name
Required: Yes
Type: string

The name you want to assign to this Object Lambda Access Point.

Result Syntax

[
    'Alias' => [
        'Status' => 'PROVISIONING|READY',
        'Value' => '<string>',
    ],
    'ObjectLambdaAccessPointArn' => '<string>',
]

Result Details

Members
Alias

The alias of the Object Lambda Access Point.

ObjectLambdaAccessPointArn
Type: string

Specifies the ARN for the Object Lambda Access Point.

Errors

There are no errors described for this operation.

CreateBucket

$result = $client->createBucket([/* ... */]);
$promise = $client->createBucketAsync([/* ... */]);

This action creates an Amazon S3 on Outposts bucket. To create an S3 bucket, see Create Bucket in the Amazon S3 API Reference.

Creates a new Outposts bucket. By creating the bucket, you become the bucket owner. To create an Outposts bucket, you must have S3 on Outposts. For more information, see Using Amazon S3 on Outposts in Amazon S3 User Guide.

Not every string is an acceptable bucket name. For information on bucket naming restrictions, see Working with Amazon S3 Buckets.

S3 on Outposts buckets support:

  • Tags

  • LifecycleConfigurations for deleting expired objects

For a complete list of restrictions and Amazon S3 feature limitations on S3 on Outposts, see Amazon S3 on Outposts Restrictions and Limitations.

For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and x-amz-outpost-id in your API request, see the Examples section.

The following actions are related to CreateBucket for Amazon S3 on Outposts:

Parameter Syntax

$result = $client->createBucket([
    'ACL' => 'private|public-read|public-read-write|authenticated-read',
    'Bucket' => '<string>', // REQUIRED
    'CreateBucketConfiguration' => [
        'LocationConstraint' => 'EU|eu-west-1|us-west-1|us-west-2|ap-south-1|ap-southeast-1|ap-southeast-2|ap-northeast-1|sa-east-1|cn-north-1|eu-central-1',
    ],
    'GrantFullControl' => '<string>',
    'GrantRead' => '<string>',
    'GrantReadACP' => '<string>',
    'GrantWrite' => '<string>',
    'GrantWriteACP' => '<string>',
    'ObjectLockEnabledForBucket' => true || false,
    'OutpostId' => '<string>',
]);

Parameter Details

Members
ACL
Type: string

The canned ACL to apply to the bucket.

This is not supported by Amazon S3 on Outposts buckets.

Bucket
Required: Yes
Type: string

The name of the bucket.

CreateBucketConfiguration
Type: CreateBucketConfiguration structure

The configuration information for the bucket.

This is not supported by Amazon S3 on Outposts buckets.

GrantFullControl
Type: string

Allows grantee the read, write, read ACP, and write ACP permissions on the bucket.

This is not supported by Amazon S3 on Outposts buckets.

GrantRead
Type: string

Allows grantee to list the objects in the bucket.

This is not supported by Amazon S3 on Outposts buckets.

GrantReadACP
Type: string

Allows grantee to read the bucket ACL.

This is not supported by Amazon S3 on Outposts buckets.

GrantWrite
Type: string

Allows grantee to create, overwrite, and delete any object in the bucket.

This is not supported by Amazon S3 on Outposts buckets.

GrantWriteACP
Type: string

Allows grantee to write the ACL for the applicable bucket.

This is not supported by Amazon S3 on Outposts buckets.

ObjectLockEnabledForBucket
Type: boolean

Specifies whether you want S3 Object Lock to be enabled for the new bucket.

This is not supported by Amazon S3 on Outposts buckets.

OutpostId
Type: string

The ID of the Outposts where the bucket is being created.

This ID is required by Amazon S3 on Outposts buckets.

Result Syntax

[
    'BucketArn' => '<string>',
    'Location' => '<string>',
]

Result Details

Members
BucketArn
Type: string

The Amazon Resource Name (ARN) of the bucket.

For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.

Location
Type: string

The location of the bucket.

Errors

BucketAlreadyExists:

The requested Outposts bucket name is not available. The bucket namespace is shared by all users of the Outposts in this Region. Select a different name and try again.

BucketAlreadyOwnedByYou:

The Outposts bucket you tried to create already exists, and you own it.

CreateJob

$result = $client->createJob([/* ... */]);
$promise = $client->createJobAsync([/* ... */]);

This operation creates an S3 Batch Operations job.

You can use S3 Batch Operations to perform large-scale batch actions on Amazon S3 objects. Batch Operations can run a single action on lists of Amazon S3 objects that you specify. For more information, see S3 Batch Operations in the Amazon S3 User Guide.

Permissions

For information about permissions required to use the Batch Operations, see Granting permissions for S3 Batch Operations in the Amazon S3 User Guide.

Related actions include:

Parameter Syntax

$result = $client->createJob([
    'AccountId' => '<string>', // REQUIRED
    'ClientRequestToken' => '<string>', // REQUIRED
    'ConfirmationRequired' => true || false,
    'Description' => '<string>',
    'Manifest' => [
        'Location' => [ // REQUIRED
            'ETag' => '<string>', // REQUIRED
            'ObjectArn' => '<string>', // REQUIRED
            'ObjectVersionId' => '<string>',
        ],
        'Spec' => [ // REQUIRED
            'Fields' => ['<string>', ...],
            'Format' => 'S3BatchOperations_CSV_20180820|S3InventoryReport_CSV_20161130', // REQUIRED
        ],
    ],
    'ManifestGenerator' => [
        'S3JobManifestGenerator' => [
            'EnableManifestOutput' => true || false, // REQUIRED
            'ExpectedBucketOwner' => '<string>',
            'Filter' => [
                'CreatedAfter' => <integer || string || DateTime>,
                'CreatedBefore' => <integer || string || DateTime>,
                'EligibleForReplication' => true || false,
                'KeyNameConstraint' => [
                    'MatchAnyPrefix' => ['<string>', ...],
                    'MatchAnySubstring' => ['<string>', ...],
                    'MatchAnySuffix' => ['<string>', ...],
                ],
                'MatchAnyStorageClass' => ['<string>', ...],
                'ObjectReplicationStatuses' => ['<string>', ...],
                'ObjectSizeGreaterThanBytes' => <integer>,
                'ObjectSizeLessThanBytes' => <integer>,
            ],
            'ManifestOutputLocation' => [
                'Bucket' => '<string>', // REQUIRED
                'ExpectedManifestBucketOwner' => '<string>',
                'ManifestEncryption' => [
                    'SSEKMS' => [
                        'KeyId' => '<string>', // REQUIRED
                    ],
                    'SSES3' => [
                    ],
                ],
                'ManifestFormat' => 'S3InventoryReport_CSV_20211130', // REQUIRED
                'ManifestPrefix' => '<string>',
            ],
            'SourceBucket' => '<string>', // REQUIRED
        ],
    ],
    'Operation' => [ // REQUIRED
        'LambdaInvoke' => [
            'FunctionArn' => '<string>',
            'InvocationSchemaVersion' => '<string>',
            'UserArguments' => ['<string>', ...],
        ],
        'S3DeleteObjectTagging' => [
        ],
        'S3InitiateRestoreObject' => [
            'ExpirationInDays' => <integer>,
            'GlacierJobTier' => 'BULK|STANDARD',
        ],
        'S3PutObjectAcl' => [
            'AccessControlPolicy' => [
                'AccessControlList' => [
                    'Grants' => [
                        [
                            'Grantee' => [
                                'DisplayName' => '<string>',
                                'Identifier' => '<string>',
                                'TypeIdentifier' => 'id|emailAddress|uri',
                            ],
                            'Permission' => 'FULL_CONTROL|READ|WRITE|READ_ACP|WRITE_ACP',
                        ],
                        // ...
                    ],
                    'Owner' => [ // REQUIRED
                        'DisplayName' => '<string>',
                        'ID' => '<string>',
                    ],
                ],
                'CannedAccessControlList' => 'private|public-read|public-read-write|aws-exec-read|authenticated-read|bucket-owner-read|bucket-owner-full-control',
            ],
        ],
        'S3PutObjectCopy' => [
            'AccessControlGrants' => [
                [
                    'Grantee' => [
                        'DisplayName' => '<string>',
                        'Identifier' => '<string>',
                        'TypeIdentifier' => 'id|emailAddress|uri',
                    ],
                    'Permission' => 'FULL_CONTROL|READ|WRITE|READ_ACP|WRITE_ACP',
                ],
                // ...
            ],
            'BucketKeyEnabled' => true || false,
            'CannedAccessControlList' => 'private|public-read|public-read-write|aws-exec-read|authenticated-read|bucket-owner-read|bucket-owner-full-control',
            'ChecksumAlgorithm' => 'CRC32|CRC32C|SHA1|SHA256|CRC64NVME',
            'MetadataDirective' => 'COPY|REPLACE',
            'ModifiedSinceConstraint' => <integer || string || DateTime>,
            'NewObjectMetadata' => [
                'CacheControl' => '<string>',
                'ContentDisposition' => '<string>',
                'ContentEncoding' => '<string>',
                'ContentLanguage' => '<string>',
                'ContentLength' => <integer>,
                'ContentMD5' => '<string>',
                'ContentType' => '<string>',
                'HttpExpiresDate' => <integer || string || DateTime>,
                'RequesterCharged' => true || false,
                'SSEAlgorithm' => 'AES256|KMS',
                'UserMetadata' => ['<string>', ...],
            ],
            'NewObjectTagging' => [
                [
                    'Key' => '<string>', // REQUIRED
                    'Value' => '<string>', // REQUIRED
                ],
                // ...
            ],
            'ObjectLockLegalHoldStatus' => 'OFF|ON',
            'ObjectLockMode' => 'COMPLIANCE|GOVERNANCE',
            'ObjectLockRetainUntilDate' => <integer || string || DateTime>,
            'RedirectLocation' => '<string>',
            'RequesterPays' => true || false,
            'SSEAwsKmsKeyId' => '<string>',
            'StorageClass' => 'STANDARD|STANDARD_IA|ONEZONE_IA|GLACIER|INTELLIGENT_TIERING|DEEP_ARCHIVE|GLACIER_IR',
            'TargetKeyPrefix' => '<string>',
            'TargetResource' => '<string>',
            'UnModifiedSinceConstraint' => <integer || string || DateTime>,
        ],
        'S3PutObjectLegalHold' => [
            'LegalHold' => [ // REQUIRED
                'Status' => 'OFF|ON', // REQUIRED
            ],
        ],
        'S3PutObjectRetention' => [
            'BypassGovernanceRetention' => true || false,
            'Retention' => [ // REQUIRED
                'Mode' => 'COMPLIANCE|GOVERNANCE',
                'RetainUntilDate' => <integer || string || DateTime>,
            ],
        ],
        'S3PutObjectTagging' => [
            'TagSet' => [
                [
                    'Key' => '<string>', // REQUIRED
                    'Value' => '<string>', // REQUIRED
                ],
                // ...
            ],
        ],
        'S3ReplicateObject' => [
        ],
    ],
    'Priority' => <integer>, // REQUIRED
    'Report' => [ // REQUIRED
        'Bucket' => '<string>',
        'Enabled' => true || false, // REQUIRED
        'Format' => 'Report_CSV_20180820',
        'Prefix' => '<string>',
        'ReportScope' => 'AllTasks|FailedTasksOnly',
    ],
    'RoleArn' => '<string>', // REQUIRED
    'Tags' => [
        [
            'Key' => '<string>', // REQUIRED
            'Value' => '<string>', // REQUIRED
        ],
        // ...
    ],
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID that creates the job.

ClientRequestToken
Required: Yes
Type: string

An idempotency token to ensure that you don't accidentally submit the same request twice. You can use any string up to the maximum length.

ConfirmationRequired
Type: boolean

Indicates whether confirmation is required before Amazon S3 runs the job. Confirmation is only required for jobs created through the Amazon S3 console.

Description
Type: string

A description for this job. You can use any string within the permitted length. Descriptions don't need to be unique and can be used for multiple jobs.

Manifest
Type: JobManifest structure

Configuration parameters for the manifest.

ManifestGenerator
Type: JobManifestGenerator structure

The attribute container for the ManifestGenerator details. Jobs must be created with either a manifest file or a ManifestGenerator, but not both.

Operation
Required: Yes
Type: JobOperation structure

The action that you want this job to perform on every object listed in the manifest. For more information about the available actions, see Operations in the Amazon S3 User Guide.

Priority
Required: Yes
Type: int

The numerical priority for this job. Higher numbers indicate higher priority.

Report
Required: Yes
Type: JobReport structure

Configuration parameters for the optional job-completion report.

RoleArn
Required: Yes
Type: string

The Amazon Resource Name (ARN) for the Identity and Access Management (IAM) role that Batch Operations will use to run this job's action on every object in the manifest.

Tags
Type: Array of S3Tag structures

A set of tags to associate with the S3 Batch Operations job. This is an optional parameter.

Result Syntax

[
    'JobId' => '<string>',
]

Result Details

Members
JobId
Type: string

The ID for this job. Amazon S3 generates this ID automatically and returns it after a successful Create Job request.

Errors

TooManyRequestsException:

BadRequestException:

IdempotencyException:

InternalServiceException:

CreateMultiRegionAccessPoint

$result = $client->createMultiRegionAccessPoint([/* ... */]);
$promise = $client->createMultiRegionAccessPointAsync([/* ... */]);

This operation is not supported by directory buckets.

Creates a Multi-Region Access Point and associates it with the specified buckets. For more information about creating Multi-Region Access Points, see Creating Multi-Region Access Points in the Amazon S3 User Guide.

This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point restrictions and limitations in the Amazon S3 User Guide.

This request is asynchronous, meaning that you might receive a response before the command has completed. When this request provides a response, it provides a token that you can use to monitor the status of the request with DescribeMultiRegionAccessPointOperation.

The following actions are related to CreateMultiRegionAccessPoint:

Parameter Syntax

$result = $client->createMultiRegionAccessPoint([
    'AccountId' => '<string>', // REQUIRED
    'ClientToken' => '<string>', // REQUIRED
    'Details' => [ // REQUIRED
        'Name' => '<string>', // REQUIRED
        'PublicAccessBlock' => [
            'BlockPublicAcls' => true || false,
            'BlockPublicPolicy' => true || false,
            'IgnorePublicAcls' => true || false,
            'RestrictPublicBuckets' => true || false,
        ],
        'Regions' => [ // REQUIRED
            [
                'Bucket' => '<string>', // REQUIRED
                'BucketAccountId' => '<string>',
            ],
            // ...
        ],
    ],
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID for the owner of the Multi-Region Access Point. The owner of the Multi-Region Access Point also must own the underlying buckets.

ClientToken
Required: Yes
Type: string

An idempotency token used to identify the request and guarantee that requests are unique.

Details
Required: Yes
Type: CreateMultiRegionAccessPointInput structure

A container element containing details about the Multi-Region Access Point.

Result Syntax

[
    'RequestTokenARN' => '<string>',
]

Result Details

Members
RequestTokenARN
Type: string

The request token associated with the request. You can use this token with DescribeMultiRegionAccessPointOperation to determine the status of asynchronous requests.

Errors

There are no errors described for this operation.

CreateStorageLensGroup

$result = $client->createStorageLensGroup([/* ... */]);
$promise = $client->createStorageLensGroupAsync([/* ... */]);

Creates a new S3 Storage Lens group and associates it with the specified Amazon Web Services account ID. An S3 Storage Lens group is a custom grouping of objects based on prefix, suffix, object tags, object size, object age, or a combination of these filters. For each Storage Lens group that you’ve created, you can also optionally add Amazon Web Services resource tags. For more information about S3 Storage Lens groups, see Working with S3 Storage Lens groups.

To use this operation, you must have the permission to perform the s3:CreateStorageLensGroup action. If you’re trying to create a Storage Lens group with Amazon Web Services resource tags, you must also have permission to perform the s3:TagResource action. For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups.

For information about Storage Lens groups errors, see List of Amazon S3 Storage Lens error codes.

Parameter Syntax

$result = $client->createStorageLensGroup([
    'AccountId' => '<string>', // REQUIRED
    'StorageLensGroup' => [ // REQUIRED
        'Filter' => [ // REQUIRED
            'And' => [
                'MatchAnyPrefix' => ['<string>', ...],
                'MatchAnySuffix' => ['<string>', ...],
                'MatchAnyTag' => [
                    [
                        'Key' => '<string>', // REQUIRED
                        'Value' => '<string>', // REQUIRED
                    ],
                    // ...
                ],
                'MatchObjectAge' => [
                    'DaysGreaterThan' => <integer>,
                    'DaysLessThan' => <integer>,
                ],
                'MatchObjectSize' => [
                    'BytesGreaterThan' => <integer>,
                    'BytesLessThan' => <integer>,
                ],
            ],
            'MatchAnyPrefix' => ['<string>', ...],
            'MatchAnySuffix' => ['<string>', ...],
            'MatchAnyTag' => [
                [
                    'Key' => '<string>', // REQUIRED
                    'Value' => '<string>', // REQUIRED
                ],
                // ...
            ],
            'MatchObjectAge' => [
                'DaysGreaterThan' => <integer>,
                'DaysLessThan' => <integer>,
            ],
            'MatchObjectSize' => [
                'BytesGreaterThan' => <integer>,
                'BytesLessThan' => <integer>,
            ],
            'Or' => [
                'MatchAnyPrefix' => ['<string>', ...],
                'MatchAnySuffix' => ['<string>', ...],
                'MatchAnyTag' => [
                    [
                        'Key' => '<string>', // REQUIRED
                        'Value' => '<string>', // REQUIRED
                    ],
                    // ...
                ],
                'MatchObjectAge' => [
                    'DaysGreaterThan' => <integer>,
                    'DaysLessThan' => <integer>,
                ],
                'MatchObjectSize' => [
                    'BytesGreaterThan' => <integer>,
                    'BytesLessThan' => <integer>,
                ],
            ],
        ],
        'Name' => '<string>', // REQUIRED
        'StorageLensGroupArn' => '<string>',
    ],
    'Tags' => [
        [
            'Key' => '<string>', // REQUIRED
            'Value' => '<string>', // REQUIRED
        ],
        // ...
    ],
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID that the Storage Lens group is created from and associated with.

StorageLensGroup
Required: Yes
Type: StorageLensGroup structure

The Storage Lens group configuration.

Tags
Type: Array of Tag structures

The Amazon Web Services resource tags that you're adding to your Storage Lens group. This parameter is optional.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

DeleteAccessGrant

$result = $client->deleteAccessGrant([/* ... */]);
$promise = $client->deleteAccessGrantAsync([/* ... */]);

Deletes the access grant from the S3 Access Grants instance. You cannot undo an access grant deletion and the grantee will no longer have access to the S3 data.

Permissions

You must have the s3:DeleteAccessGrant permission to use this operation.

Parameter Syntax

$result = $client->deleteAccessGrant([
    'AccessGrantId' => '<string>', // REQUIRED
    'AccountId' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccessGrantId
Required: Yes
Type: string

The ID of the access grant. S3 Access Grants auto-generates this ID when you create the access grant.

AccountId
Required: Yes
Type: string

The Amazon Web Services account ID of the S3 Access Grants instance.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

DeleteAccessGrantsInstance

$result = $client->deleteAccessGrantsInstance([/* ... */]);
$promise = $client->deleteAccessGrantsInstanceAsync([/* ... */]);

Deletes your S3 Access Grants instance. You must first delete the access grants and locations before S3 Access Grants can delete the instance. See DeleteAccessGrant and DeleteAccessGrantsLocation. If you have associated an IAM Identity Center instance with your S3 Access Grants instance, you must first dissassociate the Identity Center instance from the S3 Access Grants instance before you can delete the S3 Access Grants instance. See AssociateAccessGrantsIdentityCenter and DissociateAccessGrantsIdentityCenter.

Permissions

You must have the s3:DeleteAccessGrantsInstance permission to use this operation.

Parameter Syntax

$result = $client->deleteAccessGrantsInstance([
    'AccountId' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID of the S3 Access Grants instance.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

DeleteAccessGrantsInstanceResourcePolicy

$result = $client->deleteAccessGrantsInstanceResourcePolicy([/* ... */]);
$promise = $client->deleteAccessGrantsInstanceResourcePolicyAsync([/* ... */]);

Deletes the resource policy of the S3 Access Grants instance. The resource policy is used to manage cross-account access to your S3 Access Grants instance. By deleting the resource policy, you delete any cross-account permissions to your S3 Access Grants instance.

Permissions

You must have the s3:DeleteAccessGrantsInstanceResourcePolicy permission to use this operation.

Parameter Syntax

$result = $client->deleteAccessGrantsInstanceResourcePolicy([
    'AccountId' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID of the S3 Access Grants instance.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

DeleteAccessGrantsLocation

$result = $client->deleteAccessGrantsLocation([/* ... */]);
$promise = $client->deleteAccessGrantsLocationAsync([/* ... */]);

Deregisters a location from your S3 Access Grants instance. You can only delete a location registration from an S3 Access Grants instance if there are no grants associated with this location. See Delete a grant for information on how to delete grants. You need to have at least one registered location in your S3 Access Grants instance in order to create access grants.

Permissions

You must have the s3:DeleteAccessGrantsLocation permission to use this operation.

Parameter Syntax

$result = $client->deleteAccessGrantsLocation([
    'AccessGrantsLocationId' => '<string>', // REQUIRED
    'AccountId' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccessGrantsLocationId
Required: Yes
Type: string

The ID of the registered location that you are deregistering from your S3 Access Grants instance. S3 Access Grants assigned this ID when you registered the location. S3 Access Grants assigns the ID default to the default location s3:// and assigns an auto-generated ID to other locations that you register.

AccountId
Required: Yes
Type: string

The Amazon Web Services account ID of the S3 Access Grants instance.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

DeleteAccessPoint

$result = $client->deleteAccessPoint([/* ... */]);
$promise = $client->deleteAccessPointAsync([/* ... */]);

This operation is not supported by directory buckets.

Deletes the specified access point.

All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

The following actions are related to DeleteAccessPoint:

Parameter Syntax

$result = $client->deleteAccessPoint([
    'AccountId' => '<string>', // REQUIRED
    'Name' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID for the account that owns the specified access point.

Name
Required: Yes
Type: string

The name of the access point you want to delete.

For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the access point accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/accesspoint/<my-accesspoint-name>. For example, to access the access point reports-ap through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap. The value must be URL encoded.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

DeleteAccessPointForObjectLambda

$result = $client->deleteAccessPointForObjectLambda([/* ... */]);
$promise = $client->deleteAccessPointForObjectLambdaAsync([/* ... */]);

This operation is not supported by directory buckets.

Deletes the specified Object Lambda Access Point.

The following actions are related to DeleteAccessPointForObjectLambda:

Parameter Syntax

$result = $client->deleteAccessPointForObjectLambda([
    'AccountId' => '<string>', // REQUIRED
    'Name' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The account ID for the account that owns the specified Object Lambda Access Point.

Name
Required: Yes
Type: string

The name of the access point you want to delete.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

DeleteAccessPointPolicy

$result = $client->deleteAccessPointPolicy([/* ... */]);
$promise = $client->deleteAccessPointPolicyAsync([/* ... */]);

This operation is not supported by directory buckets.

Deletes the access point policy for the specified access point.

All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

The following actions are related to DeleteAccessPointPolicy:

Parameter Syntax

$result = $client->deleteAccessPointPolicy([
    'AccountId' => '<string>', // REQUIRED
    'Name' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The account ID for the account that owns the specified access point.

Name
Required: Yes
Type: string

The name of the access point whose policy you want to delete.

For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the access point accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/accesspoint/<my-accesspoint-name>. For example, to access the access point reports-ap through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap. The value must be URL encoded.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

DeleteAccessPointPolicyForObjectLambda

$result = $client->deleteAccessPointPolicyForObjectLambda([/* ... */]);
$promise = $client->deleteAccessPointPolicyForObjectLambdaAsync([/* ... */]);

This operation is not supported by directory buckets.

Removes the resource policy for an Object Lambda Access Point.

The following actions are related to DeleteAccessPointPolicyForObjectLambda:

Parameter Syntax

$result = $client->deleteAccessPointPolicyForObjectLambda([
    'AccountId' => '<string>', // REQUIRED
    'Name' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The account ID for the account that owns the specified Object Lambda Access Point.

Name
Required: Yes
Type: string

The name of the Object Lambda Access Point you want to delete the policy for.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

DeleteBucket

$result = $client->deleteBucket([/* ... */]);
$promise = $client->deleteBucketAsync([/* ... */]);

This action deletes an Amazon S3 on Outposts bucket. To delete an S3 bucket, see DeleteBucket in the Amazon S3 API Reference.

Deletes the Amazon S3 on Outposts bucket. All objects (including all object versions and delete markers) in the bucket must be deleted before the bucket itself can be deleted. For more information, see Using Amazon S3 on Outposts in Amazon S3 User Guide.

All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

Related Resources

Parameter Syntax

$result = $client->deleteBucket([
    'AccountId' => '<string>', // REQUIRED
    'Bucket' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The account ID that owns the Outposts bucket.

Bucket
Required: Yes
Type: string

Specifies the bucket being deleted.

For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

DeleteBucketLifecycleConfiguration

$result = $client->deleteBucketLifecycleConfiguration([/* ... */]);
$promise = $client->deleteBucketLifecycleConfigurationAsync([/* ... */]);

This action deletes an Amazon S3 on Outposts bucket's lifecycle configuration. To delete an S3 bucket's lifecycle configuration, see DeleteBucketLifecycle in the Amazon S3 API Reference.

Deletes the lifecycle configuration from the specified Outposts bucket. Amazon S3 on Outposts removes all the lifecycle configuration rules in the lifecycle subresource associated with the bucket. Your objects never expire, and Amazon S3 on Outposts no longer automatically deletes any objects on the basis of rules contained in the deleted lifecycle configuration. For more information, see Using Amazon S3 on Outposts in Amazon S3 User Guide.

To use this operation, you must have permission to perform the s3-outposts:PutLifecycleConfiguration action. By default, the bucket owner has this permission and the Outposts bucket owner can grant this permission to others.

All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

For more information about object expiration, see Elements to Describe Lifecycle Actions.

Related actions include:

Parameter Syntax

$result = $client->deleteBucketLifecycleConfiguration([
    'AccountId' => '<string>', // REQUIRED
    'Bucket' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The account ID of the lifecycle configuration to delete.

Bucket
Required: Yes
Type: string

Specifies the bucket.

For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

DeleteBucketPolicy

$result = $client->deleteBucketPolicy([/* ... */]);
$promise = $client->deleteBucketPolicyAsync([/* ... */]);

This action deletes an Amazon S3 on Outposts bucket policy. To delete an S3 bucket policy, see DeleteBucketPolicy in the Amazon S3 API Reference.

This implementation of the DELETE action uses the policy subresource to delete the policy of a specified Amazon S3 on Outposts bucket. If you are using an identity other than the root user of the Amazon Web Services account that owns the bucket, the calling identity must have the s3-outposts:DeleteBucketPolicy permissions on the specified Outposts bucket and belong to the bucket owner's account to use this action. For more information, see Using Amazon S3 on Outposts in Amazon S3 User Guide.

If you don't have DeleteBucketPolicy permissions, Amazon S3 returns a 403 Access Denied error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 405 Method Not Allowed error.

As a security precaution, the root user of the Amazon Web Services account that owns a bucket can always use this action, even if the policy explicitly denies the root user the ability to perform this action.

For more information about bucket policies, see Using Bucket Policies and User Policies.

All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

The following actions are related to DeleteBucketPolicy:

Parameter Syntax

$result = $client->deleteBucketPolicy([
    'AccountId' => '<string>', // REQUIRED
    'Bucket' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The account ID of the Outposts bucket.

Bucket
Required: Yes
Type: string

Specifies the bucket.

For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

DeleteBucketReplication

$result = $client->deleteBucketReplication([/* ... */]);
$promise = $client->deleteBucketReplicationAsync([/* ... */]);

This operation deletes an Amazon S3 on Outposts bucket's replication configuration. To delete an S3 bucket's replication configuration, see DeleteBucketReplication in the Amazon S3 API Reference.

Deletes the replication configuration from the specified S3 on Outposts bucket.

To use this operation, you must have permissions to perform the s3-outposts:PutReplicationConfiguration action. The Outposts bucket owner has this permission by default and can grant it to others. For more information about permissions, see Setting up IAM with S3 on Outposts and Managing access to S3 on Outposts buckets in the Amazon S3 User Guide.

It can take a while to propagate PUT or DELETE requests for a replication configuration to all S3 on Outposts systems. Therefore, the replication configuration that's returned by a GET request soon after a PUT or DELETE request might return a more recent result than what's on the Outpost. If an Outpost is offline, the delay in updating the replication configuration on that Outpost can be significant.

All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

For information about S3 replication on Outposts configuration, see Replicating objects for S3 on Outposts in the Amazon S3 User Guide.

The following operations are related to DeleteBucketReplication:

Parameter Syntax

$result = $client->deleteBucketReplication([
    'AccountId' => '<string>', // REQUIRED
    'Bucket' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID of the Outposts bucket to delete the replication configuration for.

Bucket
Required: Yes
Type: string

Specifies the S3 on Outposts bucket to delete the replication configuration for.

For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

DeleteBucketTagging

$result = $client->deleteBucketTagging([/* ... */]);
$promise = $client->deleteBucketTaggingAsync([/* ... */]);

This action deletes an Amazon S3 on Outposts bucket's tags. To delete an S3 bucket tags, see DeleteBucketTagging in the Amazon S3 API Reference.

Deletes the tags from the Outposts bucket. For more information, see Using Amazon S3 on Outposts in Amazon S3 User Guide.

To use this action, you must have permission to perform the PutBucketTagging action. By default, the bucket owner has this permission and can grant this permission to others.

All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

The following actions are related to DeleteBucketTagging:

Parameter Syntax

$result = $client->deleteBucketTagging([
    'AccountId' => '<string>', // REQUIRED
    'Bucket' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID of the Outposts bucket tag set to be removed.

Bucket
Required: Yes
Type: string

The bucket ARN that has the tag set to be removed.

For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

DeleteJobTagging

$result = $client->deleteJobTagging([/* ... */]);
$promise = $client->deleteJobTaggingAsync([/* ... */]);

Removes the entire tag set from the specified S3 Batch Operations job.

Permissions

To use the DeleteJobTagging operation, you must have permission to perform the s3:DeleteJobTagging action. For more information, see Controlling access and labeling jobs using tags in the Amazon S3 User Guide.

Related actions include:

Parameter Syntax

$result = $client->deleteJobTagging([
    'AccountId' => '<string>', // REQUIRED
    'JobId' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID associated with the S3 Batch Operations job.

JobId
Required: Yes
Type: string

The ID for the S3 Batch Operations job whose tags you want to delete.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InternalServiceException:

TooManyRequestsException:

NotFoundException:

DeleteMultiRegionAccessPoint

$result = $client->deleteMultiRegionAccessPoint([/* ... */]);
$promise = $client->deleteMultiRegionAccessPointAsync([/* ... */]);

This operation is not supported by directory buckets.

Deletes a Multi-Region Access Point. This action does not delete the buckets associated with the Multi-Region Access Point, only the Multi-Region Access Point itself.

This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point restrictions and limitations in the Amazon S3 User Guide.

This request is asynchronous, meaning that you might receive a response before the command has completed. When this request provides a response, it provides a token that you can use to monitor the status of the request with DescribeMultiRegionAccessPointOperation.

The following actions are related to DeleteMultiRegionAccessPoint:

Parameter Syntax

$result = $client->deleteMultiRegionAccessPoint([
    'AccountId' => '<string>', // REQUIRED
    'ClientToken' => '<string>', // REQUIRED
    'Details' => [ // REQUIRED
        'Name' => '<string>', // REQUIRED
    ],
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID for the owner of the Multi-Region Access Point.

ClientToken
Required: Yes
Type: string

An idempotency token used to identify the request and guarantee that requests are unique.

Details
Required: Yes
Type: DeleteMultiRegionAccessPointInput structure

A container element containing details about the Multi-Region Access Point.

Result Syntax

[
    'RequestTokenARN' => '<string>',
]

Result Details

Members
RequestTokenARN
Type: string

The request token associated with the request. You can use this token with DescribeMultiRegionAccessPointOperation to determine the status of asynchronous requests.

Errors

There are no errors described for this operation.

DeletePublicAccessBlock

$result = $client->deletePublicAccessBlock([/* ... */]);
$promise = $client->deletePublicAccessBlockAsync([/* ... */]);

This operation is not supported by directory buckets.

Removes the PublicAccessBlock configuration for an Amazon Web Services account. For more information, see Using Amazon S3 block public access.

Related actions include:

Parameter Syntax

$result = $client->deletePublicAccessBlock([
    'AccountId' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The account ID for the Amazon Web Services account whose PublicAccessBlock configuration you want to remove.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

DeleteStorageLensConfiguration

$result = $client->deleteStorageLensConfiguration([/* ... */]);
$promise = $client->deleteStorageLensConfigurationAsync([/* ... */]);

This operation is not supported by directory buckets.

Deletes the Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon S3 User Guide.

To use this action, you must have permission to perform the s3:DeleteStorageLensConfiguration action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide.

Parameter Syntax

$result = $client->deleteStorageLensConfiguration([
    'AccountId' => '<string>', // REQUIRED
    'ConfigId' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The account ID of the requester.

ConfigId
Required: Yes
Type: string

The ID of the S3 Storage Lens configuration.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

DeleteStorageLensConfigurationTagging

$result = $client->deleteStorageLensConfigurationTagging([/* ... */]);
$promise = $client->deleteStorageLensConfigurationTaggingAsync([/* ... */]);

This operation is not supported by directory buckets.

Deletes the Amazon S3 Storage Lens configuration tags. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon S3 User Guide.

To use this action, you must have permission to perform the s3:DeleteStorageLensConfigurationTagging action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide.

Parameter Syntax

$result = $client->deleteStorageLensConfigurationTagging([
    'AccountId' => '<string>', // REQUIRED
    'ConfigId' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The account ID of the requester.

ConfigId
Required: Yes
Type: string

The ID of the S3 Storage Lens configuration.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

DeleteStorageLensGroup

$result = $client->deleteStorageLensGroup([/* ... */]);
$promise = $client->deleteStorageLensGroupAsync([/* ... */]);

Deletes an existing S3 Storage Lens group.

To use this operation, you must have the permission to perform the s3:DeleteStorageLensGroup action. For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups.

For information about Storage Lens groups errors, see List of Amazon S3 Storage Lens error codes.

Parameter Syntax

$result = $client->deleteStorageLensGroup([
    'AccountId' => '<string>', // REQUIRED
    'Name' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID used to create the Storage Lens group that you're trying to delete.

Name
Required: Yes
Type: string

The name of the Storage Lens group that you're trying to delete.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

DescribeJob

$result = $client->describeJob([/* ... */]);
$promise = $client->describeJobAsync([/* ... */]);

Retrieves the configuration parameters and status for a Batch Operations job. For more information, see S3 Batch Operations in the Amazon S3 User Guide.

Permissions

To use the DescribeJob operation, you must have permission to perform the s3:DescribeJob action.

Related actions include:

Parameter Syntax

$result = $client->describeJob([
    'AccountId' => '<string>', // REQUIRED
    'JobId' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID associated with the S3 Batch Operations job.

JobId
Required: Yes
Type: string

The ID for the job whose information you want to retrieve.

Result Syntax

[
    'Job' => [
        'ConfirmationRequired' => true || false,
        'CreationTime' => <DateTime>,
        'Description' => '<string>',
        'FailureReasons' => [
            [
                'FailureCode' => '<string>',
                'FailureReason' => '<string>',
            ],
            // ...
        ],
        'GeneratedManifestDescriptor' => [
            'Format' => 'S3InventoryReport_CSV_20211130',
            'Location' => [
                'ETag' => '<string>',
                'ObjectArn' => '<string>',
                'ObjectVersionId' => '<string>',
            ],
        ],
        'JobArn' => '<string>',
        'JobId' => '<string>',
        'Manifest' => [
            'Location' => [
                'ETag' => '<string>',
                'ObjectArn' => '<string>',
                'ObjectVersionId' => '<string>',
            ],
            'Spec' => [
                'Fields' => ['<string>', ...],
                'Format' => 'S3BatchOperations_CSV_20180820|S3InventoryReport_CSV_20161130',
            ],
        ],
        'ManifestGenerator' => [
            'S3JobManifestGenerator' => [
                'EnableManifestOutput' => true || false,
                'ExpectedBucketOwner' => '<string>',
                'Filter' => [
                    'CreatedAfter' => <DateTime>,
                    'CreatedBefore' => <DateTime>,
                    'EligibleForReplication' => true || false,
                    'KeyNameConstraint' => [
                        'MatchAnyPrefix' => ['<string>', ...],
                        'MatchAnySubstring' => ['<string>', ...],
                        'MatchAnySuffix' => ['<string>', ...],
                    ],
                    'MatchAnyStorageClass' => ['<string>', ...],
                    'ObjectReplicationStatuses' => ['<string>', ...],
                    'ObjectSizeGreaterThanBytes' => <integer>,
                    'ObjectSizeLessThanBytes' => <integer>,
                ],
                'ManifestOutputLocation' => [
                    'Bucket' => '<string>',
                    'ExpectedManifestBucketOwner' => '<string>',
                    'ManifestEncryption' => [
                        'SSEKMS' => [
                            'KeyId' => '<string>',
                        ],
                        'SSES3' => [
                        ],
                    ],
                    'ManifestFormat' => 'S3InventoryReport_CSV_20211130',
                    'ManifestPrefix' => '<string>',
                ],
                'SourceBucket' => '<string>',
            ],
        ],
        'Operation' => [
            'LambdaInvoke' => [
                'FunctionArn' => '<string>',
                'InvocationSchemaVersion' => '<string>',
                'UserArguments' => ['<string>', ...],
            ],
            'S3DeleteObjectTagging' => [
            ],
            'S3InitiateRestoreObject' => [
                'ExpirationInDays' => <integer>,
                'GlacierJobTier' => 'BULK|STANDARD',
            ],
            'S3PutObjectAcl' => [
                'AccessControlPolicy' => [
                    'AccessControlList' => [
                        'Grants' => [
                            [
                                'Grantee' => [
                                    'DisplayName' => '<string>',
                                    'Identifier' => '<string>',
                                    'TypeIdentifier' => 'id|emailAddress|uri',
                                ],
                                'Permission' => 'FULL_CONTROL|READ|WRITE|READ_ACP|WRITE_ACP',
                            ],
                            // ...
                        ],
                        'Owner' => [
                            'DisplayName' => '<string>',
                            'ID' => '<string>',
                        ],
                    ],
                    'CannedAccessControlList' => 'private|public-read|public-read-write|aws-exec-read|authenticated-read|bucket-owner-read|bucket-owner-full-control',
                ],
            ],
            'S3PutObjectCopy' => [
                'AccessControlGrants' => [
                    [
                        'Grantee' => [
                            'DisplayName' => '<string>',
                            'Identifier' => '<string>',
                            'TypeIdentifier' => 'id|emailAddress|uri',
                        ],
                        'Permission' => 'FULL_CONTROL|READ|WRITE|READ_ACP|WRITE_ACP',
                    ],
                    // ...
                ],
                'BucketKeyEnabled' => true || false,
                'CannedAccessControlList' => 'private|public-read|public-read-write|aws-exec-read|authenticated-read|bucket-owner-read|bucket-owner-full-control',
                'ChecksumAlgorithm' => 'CRC32|CRC32C|SHA1|SHA256|CRC64NVME',
                'MetadataDirective' => 'COPY|REPLACE',
                'ModifiedSinceConstraint' => <DateTime>,
                'NewObjectMetadata' => [
                    'CacheControl' => '<string>',
                    'ContentDisposition' => '<string>',
                    'ContentEncoding' => '<string>',
                    'ContentLanguage' => '<string>',
                    'ContentLength' => <integer>,
                    'ContentMD5' => '<string>',
                    'ContentType' => '<string>',
                    'HttpExpiresDate' => <DateTime>,
                    'RequesterCharged' => true || false,
                    'SSEAlgorithm' => 'AES256|KMS',
                    'UserMetadata' => ['<string>', ...],
                ],
                'NewObjectTagging' => [
                    [
                        'Key' => '<string>',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ObjectLockLegalHoldStatus' => 'OFF|ON',
                'ObjectLockMode' => 'COMPLIANCE|GOVERNANCE',
                'ObjectLockRetainUntilDate' => <DateTime>,
                'RedirectLocation' => '<string>',
                'RequesterPays' => true || false,
                'SSEAwsKmsKeyId' => '<string>',
                'StorageClass' => 'STANDARD|STANDARD_IA|ONEZONE_IA|GLACIER|INTELLIGENT_TIERING|DEEP_ARCHIVE|GLACIER_IR',
                'TargetKeyPrefix' => '<string>',
                'TargetResource' => '<string>',
                'UnModifiedSinceConstraint' => <DateTime>,
            ],
            'S3PutObjectLegalHold' => [
                'LegalHold' => [
                    'Status' => 'OFF|ON',
                ],
            ],
            'S3PutObjectRetention' => [
                'BypassGovernanceRetention' => true || false,
                'Retention' => [
                    'Mode' => 'COMPLIANCE|GOVERNANCE',
                    'RetainUntilDate' => <DateTime>,
                ],
            ],
            'S3PutObjectTagging' => [
                'TagSet' => [
                    [
                        'Key' => '<string>',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
            ],
            'S3ReplicateObject' => [
            ],
        ],
        'Priority' => <integer>,
        'ProgressSummary' => [
            'NumberOfTasksFailed' => <integer>,
            'NumberOfTasksSucceeded' => <integer>,
            'Timers' => [
                'ElapsedTimeInActiveSeconds' => <integer>,
            ],
            'TotalNumberOfTasks' => <integer>,
        ],
        'Report' => [
            'Bucket' => '<string>',
            'Enabled' => true || false,
            'Format' => 'Report_CSV_20180820',
            'Prefix' => '<string>',
            'ReportScope' => 'AllTasks|FailedTasksOnly',
        ],
        'RoleArn' => '<string>',
        'Status' => 'Active|Cancelled|Cancelling|Complete|Completing|Failed|Failing|New|Paused|Pausing|Preparing|Ready|Suspended',
        'StatusUpdateReason' => '<string>',
        'SuspendedCause' => '<string>',
        'SuspendedDate' => <DateTime>,
        'TerminationDate' => <DateTime>,
    ],
]

Result Details

Members
Job
Type: JobDescriptor structure

Contains the configuration parameters and status for the job specified in the Describe Job request.

Errors

BadRequestException:

TooManyRequestsException:

NotFoundException:

InternalServiceException:

DescribeMultiRegionAccessPointOperation

$result = $client->describeMultiRegionAccessPointOperation([/* ... */]);
$promise = $client->describeMultiRegionAccessPointOperationAsync([/* ... */]);

This operation is not supported by directory buckets.

Retrieves the status of an asynchronous request to manage a Multi-Region Access Point. For more information about managing Multi-Region Access Points and how asynchronous requests work, see Using Multi-Region Access Points in the Amazon S3 User Guide.

The following actions are related to GetMultiRegionAccessPoint:

Parameter Syntax

$result = $client->describeMultiRegionAccessPointOperation([
    'AccountId' => '<string>', // REQUIRED
    'RequestTokenARN' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID for the owner of the Multi-Region Access Point.

RequestTokenARN
Required: Yes
Type: string

The request token associated with the request you want to know about. This request token is returned as part of the response when you make an asynchronous request. You provide this token to query about the status of the asynchronous action.

Result Syntax

[
    'AsyncOperation' => [
        'CreationTime' => <DateTime>,
        'Operation' => 'CreateMultiRegionAccessPoint|DeleteMultiRegionAccessPoint|PutMultiRegionAccessPointPolicy',
        'RequestParameters' => [
            'CreateMultiRegionAccessPointRequest' => [
                'Name' => '<string>',
                'PublicAccessBlock' => [
                    'BlockPublicAcls' => true || false,
                    'BlockPublicPolicy' => true || false,
                    'IgnorePublicAcls' => true || false,
                    'RestrictPublicBuckets' => true || false,
                ],
                'Regions' => [
                    [
                        'Bucket' => '<string>',
                        'BucketAccountId' => '<string>',
                    ],
                    // ...
                ],
            ],
            'DeleteMultiRegionAccessPointRequest' => [
                'Name' => '<string>',
            ],
            'PutMultiRegionAccessPointPolicyRequest' => [
                'Name' => '<string>',
                'Policy' => '<string>',
            ],
        ],
        'RequestStatus' => '<string>',
        'RequestTokenARN' => '<string>',
        'ResponseDetails' => [
            'ErrorDetails' => [
                'Code' => '<string>',
                'Message' => '<string>',
                'RequestId' => '<string>',
                'Resource' => '<string>',
            ],
            'MultiRegionAccessPointDetails' => [
                'Regions' => [
                    [
                        'Name' => '<string>',
                        'RequestStatus' => '<string>',
                    ],
                    // ...
                ],
            ],
        ],
    ],
]

Result Details

Members
AsyncOperation
Type: AsyncOperation structure

A container element containing the details of the asynchronous operation.

Errors

There are no errors described for this operation.

DissociateAccessGrantsIdentityCenter

$result = $client->dissociateAccessGrantsIdentityCenter([/* ... */]);
$promise = $client->dissociateAccessGrantsIdentityCenterAsync([/* ... */]);

Dissociates the Amazon Web Services IAM Identity Center instance from the S3 Access Grants instance.

Permissions

You must have the s3:DissociateAccessGrantsIdentityCenter permission to use this operation.

Additional Permissions

You must have the sso:DeleteApplication permission to use this operation.

Parameter Syntax

$result = $client->dissociateAccessGrantsIdentityCenter([
    'AccountId' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID of the S3 Access Grants instance.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

GetAccessGrant

$result = $client->getAccessGrant([/* ... */]);
$promise = $client->getAccessGrantAsync([/* ... */]);

Get the details of an access grant from your S3 Access Grants instance.

Permissions

You must have the s3:GetAccessGrant permission to use this operation.

Parameter Syntax

$result = $client->getAccessGrant([
    'AccessGrantId' => '<string>', // REQUIRED
    'AccountId' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccessGrantId
Required: Yes
Type: string

The ID of the access grant. S3 Access Grants auto-generates this ID when you create the access grant.

AccountId
Required: Yes
Type: string

The Amazon Web Services account ID of the S3 Access Grants instance.

Result Syntax

[
    'AccessGrantArn' => '<string>',
    'AccessGrantId' => '<string>',
    'AccessGrantsLocationConfiguration' => [
        'S3SubPrefix' => '<string>',
    ],
    'AccessGrantsLocationId' => '<string>',
    'ApplicationArn' => '<string>',
    'CreatedAt' => <DateTime>,
    'GrantScope' => '<string>',
    'Grantee' => [
        'GranteeIdentifier' => '<string>',
        'GranteeType' => 'DIRECTORY_USER|DIRECTORY_GROUP|IAM',
    ],
    'Permission' => 'READ|WRITE|READWRITE',
]

Result Details

Members
AccessGrantArn
Type: string

The Amazon Resource Name (ARN) of the access grant.

AccessGrantId
Type: string

The ID of the access grant. S3 Access Grants auto-generates this ID when you create the access grant.

AccessGrantsLocationConfiguration

The configuration options of the grant location. The grant location is the S3 path to the data to which you are granting access.

AccessGrantsLocationId
Type: string

The ID of the registered location to which you are granting access. S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID default to the default location s3:// and assigns an auto-generated ID to other locations that you register.

ApplicationArn
Type: string

The Amazon Resource Name (ARN) of an Amazon Web Services IAM Identity Center application associated with your Identity Center instance. If the grant includes an application ARN, the grantee can only access the S3 data through this application.

CreatedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time when you created the access grant.

GrantScope
Type: string

The S3 path of the data to which you are granting access. It is the result of appending the Subprefix to the location scope.

Grantee
Type: Grantee structure

The user, group, or role to which you are granting access. You can grant access to an IAM user or role. If you have added a corporate directory to Amazon Web Services IAM Identity Center and associated this Identity Center instance with the S3 Access Grants instance, the grantee can also be a corporate directory user or group.

Permission
Type: string

The type of permission that was granted in the access grant. Can be one of the following values:

  • READ – Grant read-only access to the S3 data.

  • WRITE – Grant write-only access to the S3 data.

  • READWRITE – Grant both read and write access to the S3 data.

Errors

There are no errors described for this operation.

GetAccessGrantsInstance

$result = $client->getAccessGrantsInstance([/* ... */]);
$promise = $client->getAccessGrantsInstanceAsync([/* ... */]);

Retrieves the S3 Access Grants instance for a Region in your account.

Permissions

You must have the s3:GetAccessGrantsInstance permission to use this operation.

GetAccessGrantsInstance is not supported for cross-account access. You can only call the API from the account that owns the S3 Access Grants instance.

Parameter Syntax

$result = $client->getAccessGrantsInstance([
    'AccountId' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID of the S3 Access Grants instance.

Result Syntax

[
    'AccessGrantsInstanceArn' => '<string>',
    'AccessGrantsInstanceId' => '<string>',
    'CreatedAt' => <DateTime>,
    'IdentityCenterApplicationArn' => '<string>',
    'IdentityCenterArn' => '<string>',
    'IdentityCenterInstanceArn' => '<string>',
]

Result Details

Members
AccessGrantsInstanceArn
Type: string

The Amazon Resource Name (ARN) of the S3 Access Grants instance.

AccessGrantsInstanceId
Type: string

The ID of the S3 Access Grants instance. The ID is default. You can have one S3 Access Grants instance per Region per account.

CreatedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time when you created the S3 Access Grants instance.

IdentityCenterApplicationArn
Type: string

If you associated your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance, this field returns the Amazon Resource Name (ARN) of the IAM Identity Center instance application; a subresource of the original Identity Center instance. S3 Access Grants creates this Identity Center application for the specific S3 Access Grants instance.

IdentityCenterArn
Type: string

If you associated your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance, this field returns the Amazon Resource Name (ARN) of the IAM Identity Center instance application; a subresource of the original Identity Center instance. S3 Access Grants creates this Identity Center application for the specific S3 Access Grants instance.

IdentityCenterInstanceArn
Type: string

The Amazon Resource Name (ARN) of the Amazon Web Services IAM Identity Center instance that you are associating with your S3 Access Grants instance. An IAM Identity Center instance is your corporate identity directory that you added to the IAM Identity Center. You can use the ListInstances API operation to retrieve a list of your Identity Center instances and their ARNs.

Errors

There are no errors described for this operation.

GetAccessGrantsInstanceForPrefix

$result = $client->getAccessGrantsInstanceForPrefix([/* ... */]);
$promise = $client->getAccessGrantsInstanceForPrefixAsync([/* ... */]);

Retrieve the S3 Access Grants instance that contains a particular prefix.

Permissions

You must have the s3:GetAccessGrantsInstanceForPrefix permission for the caller account to use this operation.

Additional Permissions

The prefix owner account must grant you the following permissions to their S3 Access Grants instance: s3:GetAccessGrantsInstanceForPrefix.

Parameter Syntax

$result = $client->getAccessGrantsInstanceForPrefix([
    'AccountId' => '<string>', // REQUIRED
    'S3Prefix' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The ID of the Amazon Web Services account that is making this request.

S3Prefix
Required: Yes
Type: string

The S3 prefix of the access grants that you would like to retrieve.

Result Syntax

[
    'AccessGrantsInstanceArn' => '<string>',
    'AccessGrantsInstanceId' => '<string>',
]

Result Details

Members
AccessGrantsInstanceArn
Type: string

The Amazon Resource Name (ARN) of the S3 Access Grants instance.

AccessGrantsInstanceId
Type: string

The ID of the S3 Access Grants instance. The ID is default. You can have one S3 Access Grants instance per Region per account.

Errors

There are no errors described for this operation.

GetAccessGrantsInstanceResourcePolicy

$result = $client->getAccessGrantsInstanceResourcePolicy([/* ... */]);
$promise = $client->getAccessGrantsInstanceResourcePolicyAsync([/* ... */]);

Returns the resource policy of the S3 Access Grants instance.

Permissions

You must have the s3:GetAccessGrantsInstanceResourcePolicy permission to use this operation.

Parameter Syntax

$result = $client->getAccessGrantsInstanceResourcePolicy([
    'AccountId' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID of the S3 Access Grants instance.

Result Syntax

[
    'CreatedAt' => <DateTime>,
    'Organization' => '<string>',
    'Policy' => '<string>',
]

Result Details

Members
CreatedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time when you created the S3 Access Grants instance resource policy.

Organization
Type: string

The Organization of the resource policy of the S3 Access Grants instance.

Policy
Type: string

The resource policy of the S3 Access Grants instance.

Errors

There are no errors described for this operation.

GetAccessGrantsLocation

$result = $client->getAccessGrantsLocation([/* ... */]);
$promise = $client->getAccessGrantsLocationAsync([/* ... */]);

Retrieves the details of a particular location registered in your S3 Access Grants instance.

Permissions

You must have the s3:GetAccessGrantsLocation permission to use this operation.

Parameter Syntax

$result = $client->getAccessGrantsLocation([
    'AccessGrantsLocationId' => '<string>', // REQUIRED
    'AccountId' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccessGrantsLocationId
Required: Yes
Type: string

The ID of the registered location that you are retrieving. S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID default to the default location s3:// and assigns an auto-generated ID to other locations that you register.

AccountId
Required: Yes
Type: string

The Amazon Web Services account ID of the S3 Access Grants instance.

Result Syntax

[
    'AccessGrantsLocationArn' => '<string>',
    'AccessGrantsLocationId' => '<string>',
    'CreatedAt' => <DateTime>,
    'IAMRoleArn' => '<string>',
    'LocationScope' => '<string>',
]

Result Details

Members
AccessGrantsLocationArn
Type: string

The Amazon Resource Name (ARN) of the registered location.

AccessGrantsLocationId
Type: string

The ID of the registered location to which you are granting access. S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID default to the default location s3:// and assigns an auto-generated ID to other locations that you register.

CreatedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time when you registered the location.

IAMRoleArn
Type: string

The Amazon Resource Name (ARN) of the IAM role for the registered location. S3 Access Grants assumes this role to manage access to the registered location.

LocationScope
Type: string

The S3 URI path to the registered location. The location scope can be the default S3 location s3://, the S3 path to a bucket, or the S3 path to a bucket and prefix. A prefix in S3 is a string of characters at the beginning of an object key name used to organize the objects that you store in your S3 buckets. For example, object key names that start with the engineering/ prefix or object key names that start with the marketing/campaigns/ prefix.

Errors

There are no errors described for this operation.

GetAccessPoint

$result = $client->getAccessPoint([/* ... */]);
$promise = $client->getAccessPointAsync([/* ... */]);

This operation is not supported by directory buckets.

Returns configuration information about the specified access point.

All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

The following actions are related to GetAccessPoint:

Parameter Syntax

$result = $client->getAccessPoint([
    'AccountId' => '<string>', // REQUIRED
    'Name' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID for the account that owns the specified access point.

Name
Required: Yes
Type: string

The name of the access point whose configuration information you want to retrieve.

For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the access point accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/accesspoint/<my-accesspoint-name>. For example, to access the access point reports-ap through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap. The value must be URL encoded.

Result Syntax

[
    'AccessPointArn' => '<string>',
    'Alias' => '<string>',
    'Bucket' => '<string>',
    'BucketAccountId' => '<string>',
    'CreationDate' => <DateTime>,
    'Endpoints' => ['<string>', ...],
    'Name' => '<string>',
    'NetworkOrigin' => 'Internet|VPC',
    'PublicAccessBlockConfiguration' => [
        'BlockPublicAcls' => true || false,
        'BlockPublicPolicy' => true || false,
        'IgnorePublicAcls' => true || false,
        'RestrictPublicBuckets' => true || false,
    ],
    'VpcConfiguration' => [
        'VpcId' => '<string>',
    ],
]

Result Details

Members
AccessPointArn
Type: string

The ARN of the access point.

Alias
Type: string

The name or alias of the access point.

Bucket
Type: string

The name of the bucket associated with the specified access point.

BucketAccountId
Type: string

The Amazon Web Services account ID associated with the S3 bucket associated with this access point.

CreationDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time when the specified access point was created.

Endpoints
Type: Associative array of custom strings keys (NonEmptyMaxLength64String) to strings

The VPC endpoint for the access point.

Name
Type: string

The name of the specified access point.

NetworkOrigin
Type: string

Indicates whether this access point allows access from the public internet. If VpcConfiguration is specified for this access point, then NetworkOrigin is VPC, and the access point doesn't allow access from the public internet. Otherwise, NetworkOrigin is Internet, and the access point allows access from the public internet, subject to the access point and bucket access policies.

This will always be true for an Amazon S3 on Outposts access point

PublicAccessBlockConfiguration

The PublicAccessBlock configuration that you want to apply to this Amazon S3 account. You can enable the configuration options in any combination. For more information about when Amazon S3 considers a bucket or object public, see The Meaning of "Public" in the Amazon S3 User Guide.

This data type is not supported for Amazon S3 on Outposts.

VpcConfiguration
Type: VpcConfiguration structure

Contains the virtual private cloud (VPC) configuration for the specified access point.

This element is empty if this access point is an Amazon S3 on Outposts access point that is used by other Amazon Web Services services.

Errors

There are no errors described for this operation.

GetAccessPointConfigurationForObjectLambda

$result = $client->getAccessPointConfigurationForObjectLambda([/* ... */]);
$promise = $client->getAccessPointConfigurationForObjectLambdaAsync([/* ... */]);

This operation is not supported by directory buckets.

Returns configuration for an Object Lambda Access Point.

The following actions are related to GetAccessPointConfigurationForObjectLambda:

Parameter Syntax

$result = $client->getAccessPointConfigurationForObjectLambda([
    'AccountId' => '<string>', // REQUIRED
    'Name' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The account ID for the account that owns the specified Object Lambda Access Point.

Name
Required: Yes
Type: string

The name of the Object Lambda Access Point you want to return the configuration for.

Result Syntax

[
    'Configuration' => [
        'AllowedFeatures' => ['<string>', ...],
        'CloudWatchMetricsEnabled' => true || false,
        'SupportingAccessPoint' => '<string>',
        'TransformationConfigurations' => [
            [
                'Actions' => ['<string>', ...],
                'ContentTransformation' => [
                    'AwsLambda' => [
                        'FunctionArn' => '<string>',
                        'FunctionPayload' => '<string>',
                    ],
                ],
            ],
            // ...
        ],
    ],
]

Result Details

Members
Configuration
Type: ObjectLambdaConfiguration structure

Object Lambda Access Point configuration document.

Errors

There are no errors described for this operation.

GetAccessPointForObjectLambda

$result = $client->getAccessPointForObjectLambda([/* ... */]);
$promise = $client->getAccessPointForObjectLambdaAsync([/* ... */]);

This operation is not supported by directory buckets.

Returns configuration information about the specified Object Lambda Access Point

The following actions are related to GetAccessPointForObjectLambda:

Parameter Syntax

$result = $client->getAccessPointForObjectLambda([
    'AccountId' => '<string>', // REQUIRED
    'Name' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The account ID for the account that owns the specified Object Lambda Access Point.

Name
Required: Yes
Type: string

The name of the Object Lambda Access Point.

Result Syntax

[
    'Alias' => [
        'Status' => 'PROVISIONING|READY',
        'Value' => '<string>',
    ],
    'CreationDate' => <DateTime>,
    'Name' => '<string>',
    'PublicAccessBlockConfiguration' => [
        'BlockPublicAcls' => true || false,
        'BlockPublicPolicy' => true || false,
        'IgnorePublicAcls' => true || false,
        'RestrictPublicBuckets' => true || false,
    ],
]

Result Details

Members
Alias

The alias of the Object Lambda Access Point.

CreationDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time when the specified Object Lambda Access Point was created.

Name
Type: string

The name of the Object Lambda Access Point.

PublicAccessBlockConfiguration

Configuration to block all public access. This setting is turned on and can not be edited.

Errors

There are no errors described for this operation.

GetAccessPointPolicy

$result = $client->getAccessPointPolicy([/* ... */]);
$promise = $client->getAccessPointPolicyAsync([/* ... */]);

This operation is not supported by directory buckets.

Returns the access point policy associated with the specified access point.

The following actions are related to GetAccessPointPolicy:

Parameter Syntax

$result = $client->getAccessPointPolicy([
    'AccountId' => '<string>', // REQUIRED
    'Name' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The account ID for the account that owns the specified access point.

Name
Required: Yes
Type: string

The name of the access point whose policy you want to retrieve.

For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the access point accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/accesspoint/<my-accesspoint-name>. For example, to access the access point reports-ap through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap. The value must be URL encoded.

Result Syntax

[
    'Policy' => '<string>',
]

Result Details

Members
Policy
Type: string

The access point policy associated with the specified access point.

Errors

There are no errors described for this operation.

GetAccessPointPolicyForObjectLambda

$result = $client->getAccessPointPolicyForObjectLambda([/* ... */]);
$promise = $client->getAccessPointPolicyForObjectLambdaAsync([/* ... */]);

This operation is not supported by directory buckets.

Returns the resource policy for an Object Lambda Access Point.

The following actions are related to GetAccessPointPolicyForObjectLambda:

Parameter Syntax

$result = $client->getAccessPointPolicyForObjectLambda([
    'AccountId' => '<string>', // REQUIRED
    'Name' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The account ID for the account that owns the specified Object Lambda Access Point.

Name
Required: Yes
Type: string

The name of the Object Lambda Access Point.

Result Syntax

[
    'Policy' => '<string>',
]

Result Details

Members
Policy
Type: string

Object Lambda Access Point resource policy document.

Errors

There are no errors described for this operation.

GetAccessPointPolicyStatus

$result = $client->getAccessPointPolicyStatus([/* ... */]);
$promise = $client->getAccessPointPolicyStatusAsync([/* ... */]);

This operation is not supported by directory buckets.

Indicates whether the specified access point currently has a policy that allows public access. For more information about public access through access points, see Managing Data Access with Amazon S3 access points in the Amazon S3 User Guide.

Parameter Syntax

$result = $client->getAccessPointPolicyStatus([
    'AccountId' => '<string>', // REQUIRED
    'Name' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The account ID for the account that owns the specified access point.

Name
Required: Yes
Type: string

The name of the access point whose policy status you want to retrieve.

Result Syntax

[
    'PolicyStatus' => [
        'IsPublic' => true || false,
    ],
]

Result Details

Members
PolicyStatus
Type: PolicyStatus structure

Indicates the current policy status of the specified access point.

Errors

There are no errors described for this operation.

GetAccessPointPolicyStatusForObjectLambda

$result = $client->getAccessPointPolicyStatusForObjectLambda([/* ... */]);
$promise = $client->getAccessPointPolicyStatusForObjectLambdaAsync([/* ... */]);

This operation is not supported by directory buckets.

Returns the status of the resource policy associated with an Object Lambda Access Point.

Parameter Syntax

$result = $client->getAccessPointPolicyStatusForObjectLambda([
    'AccountId' => '<string>', // REQUIRED
    'Name' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The account ID for the account that owns the specified Object Lambda Access Point.

Name
Required: Yes
Type: string

The name of the Object Lambda Access Point.

Result Syntax

[
    'PolicyStatus' => [
        'IsPublic' => true || false,
    ],
]

Result Details

Members
PolicyStatus
Type: PolicyStatus structure

Indicates whether this access point policy is public. For more information about how Amazon S3 evaluates policies to determine whether they are public, see The Meaning of "Public" in the Amazon S3 User Guide.

Errors

There are no errors described for this operation.

GetBucket

$result = $client->getBucket([/* ... */]);
$promise = $client->getBucketAsync([/* ... */]);

Gets an Amazon S3 on Outposts bucket. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.

If you are using an identity other than the root user of the Amazon Web Services account that owns the Outposts bucket, the calling identity must have the s3-outposts:GetBucket permissions on the specified Outposts bucket and belong to the Outposts bucket owner's account in order to use this action. Only users from Outposts bucket owner account with the right permissions can perform actions on an Outposts bucket.

If you don't have s3-outposts:GetBucket permissions or you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 403 Access Denied error.

The following actions are related to GetBucket for Amazon S3 on Outposts:

All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

Parameter Syntax

$result = $client->getBucket([
    'AccountId' => '<string>', // REQUIRED
    'Bucket' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID of the Outposts bucket.

Bucket
Required: Yes
Type: string

Specifies the bucket.

For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.

Result Syntax

[
    'Bucket' => '<string>',
    'CreationDate' => <DateTime>,
    'PublicAccessBlockEnabled' => true || false,
]

Result Details

Members
Bucket
Type: string

The Outposts bucket requested.

CreationDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

The creation date of the Outposts bucket.

PublicAccessBlockEnabled
Type: boolean

Errors

There are no errors described for this operation.

GetBucketLifecycleConfiguration

$result = $client->getBucketLifecycleConfiguration([/* ... */]);
$promise = $client->getBucketLifecycleConfigurationAsync([/* ... */]);

This action gets an Amazon S3 on Outposts bucket's lifecycle configuration. To get an S3 bucket's lifecycle configuration, see GetBucketLifecycleConfiguration in the Amazon S3 API Reference.

Returns the lifecycle configuration information set on the Outposts bucket. For more information, see Using Amazon S3 on Outposts and for information about lifecycle configuration, see Object Lifecycle Management in Amazon S3 User Guide.

To use this action, you must have permission to perform the s3-outposts:GetLifecycleConfiguration action. The Outposts bucket owner has this permission, by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.

All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

GetBucketLifecycleConfiguration has the following special error:

  • Error code: NoSuchLifecycleConfiguration

    • Description: The lifecycle configuration does not exist.

    • HTTP Status Code: 404 Not Found

    • SOAP Fault Code Prefix: Client

The following actions are related to GetBucketLifecycleConfiguration:

Parameter Syntax

$result = $client->getBucketLifecycleConfiguration([
    'AccountId' => '<string>', // REQUIRED
    'Bucket' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID of the Outposts bucket.

Bucket
Required: Yes
Type: string

The Amazon Resource Name (ARN) of the bucket.

For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.

Result Syntax

[
    'Rules' => [
        [
            'AbortIncompleteMultipartUpload' => [
                'DaysAfterInitiation' => <integer>,
            ],
            'Expiration' => [
                'Date' => <DateTime>,
                'Days' => <integer>,
                'ExpiredObjectDeleteMarker' => true || false,
            ],
            'Filter' => [
                'And' => [
                    'ObjectSizeGreaterThan' => <integer>,
                    'ObjectSizeLessThan' => <integer>,
                    'Prefix' => '<string>',
                    'Tags' => [
                        [
                            'Key' => '<string>',
                            'Value' => '<string>',
                        ],
                        // ...
                    ],
                ],
                'ObjectSizeGreaterThan' => <integer>,
                'ObjectSizeLessThan' => <integer>,
                'Prefix' => '<string>',
                'Tag' => [
                    'Key' => '<string>',
                    'Value' => '<string>',
                ],
            ],
            'ID' => '<string>',
            'NoncurrentVersionExpiration' => [
                'NewerNoncurrentVersions' => <integer>,
                'NoncurrentDays' => <integer>,
            ],
            'NoncurrentVersionTransitions' => [
                [
                    'NoncurrentDays' => <integer>,
                    'StorageClass' => 'GLACIER|STANDARD_IA|ONEZONE_IA|INTELLIGENT_TIERING|DEEP_ARCHIVE',
                ],
                // ...
            ],
            'Status' => 'Enabled|Disabled',
            'Transitions' => [
                [
                    'Date' => <DateTime>,
                    'Days' => <integer>,
                    'StorageClass' => 'GLACIER|STANDARD_IA|ONEZONE_IA|INTELLIGENT_TIERING|DEEP_ARCHIVE',
                ],
                // ...
            ],
        ],
        // ...
    ],
]

Result Details

Members
Rules
Type: Array of LifecycleRule structures

Container for the lifecycle rule of the Outposts bucket.

Errors

There are no errors described for this operation.

GetBucketPolicy

$result = $client->getBucketPolicy([/* ... */]);
$promise = $client->getBucketPolicyAsync([/* ... */]);

This action gets a bucket policy for an Amazon S3 on Outposts bucket. To get a policy for an S3 bucket, see GetBucketPolicy in the Amazon S3 API Reference.

Returns the policy of a specified Outposts bucket. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.

If you are using an identity other than the root user of the Amazon Web Services account that owns the bucket, the calling identity must have the GetBucketPolicy permissions on the specified bucket and belong to the bucket owner's account in order to use this action.

Only users from Outposts bucket owner account with the right permissions can perform actions on an Outposts bucket. If you don't have s3-outposts:GetBucketPolicy permissions or you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 403 Access Denied error.

As a security precaution, the root user of the Amazon Web Services account that owns a bucket can always use this action, even if the policy explicitly denies the root user the ability to perform this action.

For more information about bucket policies, see Using Bucket Policies and User Policies.

All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

The following actions are related to GetBucketPolicy:

Parameter Syntax

$result = $client->getBucketPolicy([
    'AccountId' => '<string>', // REQUIRED
    'Bucket' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID of the Outposts bucket.

Bucket
Required: Yes
Type: string

Specifies the bucket.

For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.

Result Syntax

[
    'Policy' => '<string>',
]

Result Details

Members
Policy
Type: string

The policy of the Outposts bucket.

Errors

There are no errors described for this operation.

GetBucketReplication

$result = $client->getBucketReplication([/* ... */]);
$promise = $client->getBucketReplicationAsync([/* ... */]);

This operation gets an Amazon S3 on Outposts bucket's replication configuration. To get an S3 bucket's replication configuration, see GetBucketReplication in the Amazon S3 API Reference.

Returns the replication configuration of an S3 on Outposts bucket. For more information about S3 on Outposts, see Using Amazon S3 on Outposts in the Amazon S3 User Guide. For information about S3 replication on Outposts configuration, see Replicating objects for S3 on Outposts in the Amazon S3 User Guide.

It can take a while to propagate PUT or DELETE requests for a replication configuration to all S3 on Outposts systems. Therefore, the replication configuration that's returned by a GET request soon after a PUT or DELETE request might return a more recent result than what's on the Outpost. If an Outpost is offline, the delay in updating the replication configuration on that Outpost can be significant.

This action requires permissions for the s3-outposts:GetReplicationConfiguration action. The Outposts bucket owner has this permission by default and can grant it to others. For more information about permissions, see Setting up IAM with S3 on Outposts and Managing access to S3 on Outposts bucket in the Amazon S3 User Guide.

All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

If you include the Filter element in a replication configuration, you must also include the DeleteMarkerReplication, Status, and Priority elements. The response also returns those elements.

For information about S3 on Outposts replication failure reasons, see Replication failure reasons in the Amazon S3 User Guide.

The following operations are related to GetBucketReplication:

Parameter Syntax

$result = $client->getBucketReplication([
    'AccountId' => '<string>', // REQUIRED
    'Bucket' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID of the Outposts bucket.

Bucket
Required: Yes
Type: string

Specifies the bucket to get the replication information for.

For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.

Result Syntax

[
    'ReplicationConfiguration' => [
        'Role' => '<string>',
        'Rules' => [
            [
                'Bucket' => '<string>',
                'DeleteMarkerReplication' => [
                    'Status' => 'Enabled|Disabled',
                ],
                'Destination' => [
                    'AccessControlTranslation' => [
                        'Owner' => 'Destination',
                    ],
                    'Account' => '<string>',
                    'Bucket' => '<string>',
                    'EncryptionConfiguration' => [
                        'ReplicaKmsKeyID' => '<string>',
                    ],
                    'Metrics' => [
                        'EventThreshold' => [
                            'Minutes' => <integer>,
                        ],
                        'Status' => 'Enabled|Disabled',
                    ],
                    'ReplicationTime' => [
                        'Status' => 'Enabled|Disabled',
                        'Time' => [
                            'Minutes' => <integer>,
                        ],
                    ],
                    'StorageClass' => 'STANDARD|REDUCED_REDUNDANCY|STANDARD_IA|ONEZONE_IA|INTELLIGENT_TIERING|GLACIER|DEEP_ARCHIVE|OUTPOSTS|GLACIER_IR',
                ],
                'ExistingObjectReplication' => [
                    'Status' => 'Enabled|Disabled',
                ],
                'Filter' => [
                    'And' => [
                        'Prefix' => '<string>',
                        'Tags' => [
                            [
                                'Key' => '<string>',
                                'Value' => '<string>',
                            ],
                            // ...
                        ],
                    ],
                    'Prefix' => '<string>',
                    'Tag' => [
                        'Key' => '<string>',
                        'Value' => '<string>',
                    ],
                ],
                'ID' => '<string>',
                'Prefix' => '<string>',
                'Priority' => <integer>,
                'SourceSelectionCriteria' => [
                    'ReplicaModifications' => [
                        'Status' => 'Enabled|Disabled',
                    ],
                    'SseKmsEncryptedObjects' => [
                        'Status' => 'Enabled|Disabled',
                    ],
                ],
                'Status' => 'Enabled|Disabled',
            ],
            // ...
        ],
    ],
]

Result Details

Members
ReplicationConfiguration
Type: ReplicationConfiguration structure

A container for one or more replication rules. A replication configuration must have at least one rule and you can add up to 100 rules. The maximum size of a replication configuration is 128 KB.

Errors

There are no errors described for this operation.

GetBucketTagging

$result = $client->getBucketTagging([/* ... */]);
$promise = $client->getBucketTaggingAsync([/* ... */]);

This action gets an Amazon S3 on Outposts bucket's tags. To get an S3 bucket tags, see GetBucketTagging in the Amazon S3 API Reference.

Returns the tag set associated with the Outposts bucket. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.

To use this action, you must have permission to perform the GetBucketTagging action. By default, the bucket owner has this permission and can grant this permission to others.

GetBucketTagging has the following special error:

  • Error code: NoSuchTagSetError

    • Description: There is no tag set associated with the bucket.

All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

The following actions are related to GetBucketTagging:

Parameter Syntax

$result = $client->getBucketTagging([
    'AccountId' => '<string>', // REQUIRED
    'Bucket' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID of the Outposts bucket.

Bucket
Required: Yes
Type: string

Specifies the bucket.

For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.

Result Syntax

[
    'TagSet' => [
        [
            'Key' => '<string>',
            'Value' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
TagSet
Required: Yes
Type: Array of S3Tag structures

The tags set of the Outposts bucket.

Errors

There are no errors described for this operation.

GetBucketVersioning

$result = $client->getBucketVersioning([/* ... */]);
$promise = $client->getBucketVersioningAsync([/* ... */]);

This operation returns the versioning state for S3 on Outposts buckets only. To return the versioning state for an S3 bucket, see GetBucketVersioning in the Amazon S3 API Reference.

Returns the versioning state for an S3 on Outposts bucket. With S3 Versioning, you can save multiple distinct copies of your objects and recover from unintended user actions and application failures.

If you've never set versioning on your bucket, it has no versioning state. In that case, the GetBucketVersioning request does not return a versioning state value.

For more information about versioning, see Versioning in the Amazon S3 User Guide.

All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

The following operations are related to GetBucketVersioning for S3 on Outposts.

Parameter Syntax

$result = $client->getBucketVersioning([
    'AccountId' => '<string>', // REQUIRED
    'Bucket' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID of the S3 on Outposts bucket.

Bucket
Required: Yes
Type: string

The S3 on Outposts bucket to return the versioning state for.

Result Syntax

[
    'MFADelete' => 'Enabled|Disabled',
    'Status' => 'Enabled|Suspended',
]

Result Details

Members
MFADelete
Type: string

Specifies whether MFA delete is enabled in the bucket versioning configuration. This element is returned only if the bucket has been configured with MFA delete. If MFA delete has never been configured for the bucket, this element is not returned.

Status
Type: string

The versioning state of the S3 on Outposts bucket.

Errors

There are no errors described for this operation.

GetDataAccess

$result = $client->getDataAccess([/* ... */]);
$promise = $client->getDataAccessAsync([/* ... */]);

Returns a temporary access credential from S3 Access Grants to the grantee or client application. The temporary credential is an Amazon Web Services STS token that grants them access to the S3 data.

Permissions

You must have the s3:GetDataAccess permission to use this operation.

Additional Permissions

The IAM role that S3 Access Grants assumes must have the following permissions specified in the trust policy when registering the location: sts:AssumeRole, for directory users or groups sts:SetContext, and for IAM users or roles sts:SetSourceIdentity.

Parameter Syntax

$result = $client->getDataAccess([
    'AccountId' => '<string>', // REQUIRED
    'DurationSeconds' => <integer>,
    'Permission' => 'READ|WRITE|READWRITE', // REQUIRED
    'Privilege' => 'Minimal|Default',
    'Target' => '<string>', // REQUIRED
    'TargetType' => 'Object',
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID of the S3 Access Grants instance.

DurationSeconds
Type: int

The session duration, in seconds, of the temporary access credential that S3 Access Grants vends to the grantee or client application. The default value is 1 hour, but the grantee can specify a range from 900 seconds (15 minutes) up to 43200 seconds (12 hours). If the grantee requests a value higher than this maximum, the operation fails.

Permission
Required: Yes
Type: string

The type of permission granted to your S3 data, which can be set to one of the following values:

  • READ – Grant read-only access to the S3 data.

  • WRITE – Grant write-only access to the S3 data.

  • READWRITE – Grant both read and write access to the S3 data.

Privilege
Type: string

The scope of the temporary access credential that S3 Access Grants vends to the grantee or client application.

  • Default – The scope of the returned temporary access token is the scope of the grant that is closest to the target scope.

  • Minimal – The scope of the returned temporary access token is the same as the requested target scope as long as the requested scope is the same as or a subset of the grant scope.

Target
Required: Yes
Type: string

The S3 URI path of the data to which you are requesting temporary access credentials. If the requesting account has an access grant for this data, S3 Access Grants vends temporary access credentials in the response.

TargetType
Type: string

The type of Target. The only possible value is Object. Pass this value if the target data that you would like to access is a path to an object. Do not pass this value if the target data is a bucket or a bucket and a prefix.

Result Syntax

[
    'Credentials' => [
        'AccessKeyId' => '<string>',
        'Expiration' => <DateTime>,
        'SecretAccessKey' => '<string>',
        'SessionToken' => '<string>',
    ],
    'MatchedGrantTarget' => '<string>',
]

Result Details

Members
Credentials
Type: Credentials structure

The temporary credential token that S3 Access Grants vends.

MatchedGrantTarget
Type: string

The S3 URI path of the data to which you are being granted temporary access credentials.

Errors

There are no errors described for this operation.

GetJobTagging

$result = $client->getJobTagging([/* ... */]);
$promise = $client->getJobTaggingAsync([/* ... */]);

Returns the tags on an S3 Batch Operations job.

Permissions

To use the GetJobTagging operation, you must have permission to perform the s3:GetJobTagging action. For more information, see Controlling access and labeling jobs using tags in the Amazon S3 User Guide.

Related actions include:

Parameter Syntax

$result = $client->getJobTagging([
    'AccountId' => '<string>', // REQUIRED
    'JobId' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID associated with the S3 Batch Operations job.

JobId
Required: Yes
Type: string

The ID for the S3 Batch Operations job whose tags you want to retrieve.

Result Syntax

[
    'Tags' => [
        [
            'Key' => '<string>',
            'Value' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
Tags
Type: Array of S3Tag structures

The set of tags associated with the S3 Batch Operations job.

Errors

InternalServiceException:

TooManyRequestsException:

NotFoundException:

GetMultiRegionAccessPoint

$result = $client->getMultiRegionAccessPoint([/* ... */]);
$promise = $client->getMultiRegionAccessPointAsync([/* ... */]);

This operation is not supported by directory buckets.

Returns configuration information about the specified Multi-Region Access Point.

This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point restrictions and limitations in the Amazon S3 User Guide.

The following actions are related to GetMultiRegionAccessPoint:

Parameter Syntax

$result = $client->getMultiRegionAccessPoint([
    'AccountId' => '<string>', // REQUIRED
    'Name' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID for the owner of the Multi-Region Access Point.

Name
Required: Yes
Type: string

The name of the Multi-Region Access Point whose configuration information you want to receive. The name of the Multi-Region Access Point is different from the alias. For more information about the distinction between the name and the alias of an Multi-Region Access Point, see Rules for naming Amazon S3 Multi-Region Access Points in the Amazon S3 User Guide.

Result Syntax

[
    'AccessPoint' => [
        'Alias' => '<string>',
        'CreatedAt' => <DateTime>,
        'Name' => '<string>',
        'PublicAccessBlock' => [
            'BlockPublicAcls' => true || false,
            'BlockPublicPolicy' => true || false,
            'IgnorePublicAcls' => true || false,
            'RestrictPublicBuckets' => true || false,
        ],
        'Regions' => [
            [
                'Bucket' => '<string>',
                'BucketAccountId' => '<string>',
                'Region' => '<string>',
            ],
            // ...
        ],
        'Status' => 'READY|INCONSISTENT_ACROSS_REGIONS|CREATING|PARTIALLY_CREATED|PARTIALLY_DELETED|DELETING',
    ],
]

Result Details

Members
AccessPoint

A container element containing the details of the requested Multi-Region Access Point.

Errors

There are no errors described for this operation.

GetMultiRegionAccessPointPolicy

$result = $client->getMultiRegionAccessPointPolicy([/* ... */]);
$promise = $client->getMultiRegionAccessPointPolicyAsync([/* ... */]);

This operation is not supported by directory buckets.

Returns the access control policy of the specified Multi-Region Access Point.

This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point restrictions and limitations in the Amazon S3 User Guide.

The following actions are related to GetMultiRegionAccessPointPolicy:

Parameter Syntax

$result = $client->getMultiRegionAccessPointPolicy([
    'AccountId' => '<string>', // REQUIRED
    'Name' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID for the owner of the Multi-Region Access Point.

Name
Required: Yes
Type: string

Specifies the Multi-Region Access Point. The name of the Multi-Region Access Point is different from the alias. For more information about the distinction between the name and the alias of an Multi-Region Access Point, see Rules for naming Amazon S3 Multi-Region Access Points in the Amazon S3 User Guide.

Result Syntax

[
    'Policy' => [
        'Established' => [
            'Policy' => '<string>',
        ],
        'Proposed' => [
            'Policy' => '<string>',
        ],
    ],
]

Result Details

Members
Policy

The policy associated with the specified Multi-Region Access Point.

Errors

There are no errors described for this operation.

GetMultiRegionAccessPointPolicyStatus

$result = $client->getMultiRegionAccessPointPolicyStatus([/* ... */]);
$promise = $client->getMultiRegionAccessPointPolicyStatusAsync([/* ... */]);

This operation is not supported by directory buckets.

Indicates whether the specified Multi-Region Access Point has an access control policy that allows public access.

This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point restrictions and limitations in the Amazon S3 User Guide.

The following actions are related to GetMultiRegionAccessPointPolicyStatus:

Parameter Syntax

$result = $client->getMultiRegionAccessPointPolicyStatus([
    'AccountId' => '<string>', // REQUIRED
    'Name' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID for the owner of the Multi-Region Access Point.

Name
Required: Yes
Type: string

Specifies the Multi-Region Access Point. The name of the Multi-Region Access Point is different from the alias. For more information about the distinction between the name and the alias of an Multi-Region Access Point, see Rules for naming Amazon S3 Multi-Region Access Points in the Amazon S3 User Guide.

Result Syntax

[
    'Established' => [
        'IsPublic' => true || false,
    ],
]

Result Details

Members
Established
Type: PolicyStatus structure

Indicates whether this access point policy is public. For more information about how Amazon S3 evaluates policies to determine whether they are public, see The Meaning of "Public" in the Amazon S3 User Guide.

Errors

There are no errors described for this operation.

GetMultiRegionAccessPointRoutes

$result = $client->getMultiRegionAccessPointRoutes([/* ... */]);
$promise = $client->getMultiRegionAccessPointRoutesAsync([/* ... */]);

This operation is not supported by directory buckets.

Returns the routing configuration for a Multi-Region Access Point, indicating which Regions are active or passive.

To obtain routing control changes and failover requests, use the Amazon S3 failover control infrastructure endpoints in these five Amazon Web Services Regions:

  • us-east-1

  • us-west-2

  • ap-southeast-2

  • ap-northeast-1

  • eu-west-1

Parameter Syntax

$result = $client->getMultiRegionAccessPointRoutes([
    'AccountId' => '<string>', // REQUIRED
    'Mrap' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID for the owner of the Multi-Region Access Point.

Mrap
Required: Yes
Type: string

The Multi-Region Access Point ARN.

Result Syntax

[
    'Mrap' => '<string>',
    'Routes' => [
        [
            'Bucket' => '<string>',
            'Region' => '<string>',
            'TrafficDialPercentage' => <integer>,
        ],
        // ...
    ],
]

Result Details

Members
Mrap
Type: string

The Multi-Region Access Point ARN.

Routes
Type: Array of MultiRegionAccessPointRoute structures

The different routes that make up the route configuration. Active routes return a value of 100, and passive routes return a value of 0.

Errors

There are no errors described for this operation.

GetPublicAccessBlock

$result = $client->getPublicAccessBlock([/* ... */]);
$promise = $client->getPublicAccessBlockAsync([/* ... */]);

This operation is not supported by directory buckets.

Retrieves the PublicAccessBlock configuration for an Amazon Web Services account. For more information, see Using Amazon S3 block public access.

Related actions include:

Parameter Syntax

$result = $client->getPublicAccessBlock([
    'AccountId' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The account ID for the Amazon Web Services account whose PublicAccessBlock configuration you want to retrieve.

Result Syntax

[
    'PublicAccessBlockConfiguration' => [
        'BlockPublicAcls' => true || false,
        'BlockPublicPolicy' => true || false,
        'IgnorePublicAcls' => true || false,
        'RestrictPublicBuckets' => true || false,
    ],
]

Result Details

Members
PublicAccessBlockConfiguration

The PublicAccessBlock configuration currently in effect for this Amazon Web Services account.

Errors

NoSuchPublicAccessBlockConfiguration:

Amazon S3 throws this exception if you make a GetPublicAccessBlock request against an account that doesn't have a PublicAccessBlockConfiguration set.

GetStorageLensConfiguration

$result = $client->getStorageLensConfiguration([/* ... */]);
$promise = $client->getStorageLensConfigurationAsync([/* ... */]);

This operation is not supported by directory buckets.

Gets the Amazon S3 Storage Lens configuration. For more information, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon S3 User Guide. For a complete list of S3 Storage Lens metrics, see S3 Storage Lens metrics glossary in the Amazon S3 User Guide.

To use this action, you must have permission to perform the s3:GetStorageLensConfiguration action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide.

Parameter Syntax

$result = $client->getStorageLensConfiguration([
    'AccountId' => '<string>', // REQUIRED
    'ConfigId' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The account ID of the requester.

ConfigId
Required: Yes
Type: string

The ID of the Amazon S3 Storage Lens configuration.

Result Syntax

[
    'StorageLensConfiguration' => [
        'AccountLevel' => [
            'ActivityMetrics' => [
                'IsEnabled' => true || false,
            ],
            'AdvancedCostOptimizationMetrics' => [
                'IsEnabled' => true || false,
            ],
            'AdvancedDataProtectionMetrics' => [
                'IsEnabled' => true || false,
            ],
            'BucketLevel' => [
                'ActivityMetrics' => [
                    'IsEnabled' => true || false,
                ],
                'AdvancedCostOptimizationMetrics' => [
                    'IsEnabled' => true || false,
                ],
                'AdvancedDataProtectionMetrics' => [
                    'IsEnabled' => true || false,
                ],
                'DetailedStatusCodesMetrics' => [
                    'IsEnabled' => true || false,
                ],
                'PrefixLevel' => [
                    'StorageMetrics' => [
                        'IsEnabled' => true || false,
                        'SelectionCriteria' => [
                            'Delimiter' => '<string>',
                            'MaxDepth' => <integer>,
                            'MinStorageBytesPercentage' => <float>,
                        ],
                    ],
                ],
            ],
            'DetailedStatusCodesMetrics' => [
                'IsEnabled' => true || false,
            ],
            'StorageLensGroupLevel' => [
                'SelectionCriteria' => [
                    'Exclude' => ['<string>', ...],
                    'Include' => ['<string>', ...],
                ],
            ],
        ],
        'AwsOrg' => [
            'Arn' => '<string>',
        ],
        'DataExport' => [
            'CloudWatchMetrics' => [
                'IsEnabled' => true || false,
            ],
            'S3BucketDestination' => [
                'AccountId' => '<string>',
                'Arn' => '<string>',
                'Encryption' => [
                    'SSEKMS' => [
                        'KeyId' => '<string>',
                    ],
                    'SSES3' => [
                    ],
                ],
                'Format' => 'CSV|Parquet',
                'OutputSchemaVersion' => 'V_1',
                'Prefix' => '<string>',
            ],
        ],
        'Exclude' => [
            'Buckets' => ['<string>', ...],
            'Regions' => ['<string>', ...],
        ],
        'Id' => '<string>',
        'Include' => [
            'Buckets' => ['<string>', ...],
            'Regions' => ['<string>', ...],
        ],
        'IsEnabled' => true || false,
        'StorageLensArn' => '<string>',
    ],
]

Result Details

Members
StorageLensConfiguration
Type: StorageLensConfiguration structure

The S3 Storage Lens configuration requested.

Errors

There are no errors described for this operation.

GetStorageLensConfigurationTagging

$result = $client->getStorageLensConfigurationTagging([/* ... */]);
$promise = $client->getStorageLensConfigurationTaggingAsync([/* ... */]);

This operation is not supported by directory buckets.

Gets the tags of Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon S3 User Guide.

To use this action, you must have permission to perform the s3:GetStorageLensConfigurationTagging action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide.

Parameter Syntax

$result = $client->getStorageLensConfigurationTagging([
    'AccountId' => '<string>', // REQUIRED
    'ConfigId' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The account ID of the requester.

ConfigId
Required: Yes
Type: string

The ID of the Amazon S3 Storage Lens configuration.

Result Syntax

[
    'Tags' => [
        [
            'Key' => '<string>',
            'Value' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
Tags
Type: Array of StorageLensTag structures

The tags of S3 Storage Lens configuration requested.

Errors

There are no errors described for this operation.

GetStorageLensGroup

$result = $client->getStorageLensGroup([/* ... */]);
$promise = $client->getStorageLensGroupAsync([/* ... */]);

Retrieves the Storage Lens group configuration details.

To use this operation, you must have the permission to perform the s3:GetStorageLensGroup action. For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups.

For information about Storage Lens groups errors, see List of Amazon S3 Storage Lens error codes.

Parameter Syntax

$result = $client->getStorageLensGroup([
    'AccountId' => '<string>', // REQUIRED
    'Name' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID associated with the Storage Lens group that you're trying to retrieve the details for.

Name
Required: Yes
Type: string

The name of the Storage Lens group that you're trying to retrieve the configuration details for.

Result Syntax

[
    'StorageLensGroup' => [
        'Filter' => [
            'And' => [
                'MatchAnyPrefix' => ['<string>', ...],
                'MatchAnySuffix' => ['<string>', ...],
                'MatchAnyTag' => [
                    [
                        'Key' => '<string>',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'MatchObjectAge' => [
                    'DaysGreaterThan' => <integer>,
                    'DaysLessThan' => <integer>,
                ],
                'MatchObjectSize' => [
                    'BytesGreaterThan' => <integer>,
                    'BytesLessThan' => <integer>,
                ],
            ],
            'MatchAnyPrefix' => ['<string>', ...],
            'MatchAnySuffix' => ['<string>', ...],
            'MatchAnyTag' => [
                [
                    'Key' => '<string>',
                    'Value' => '<string>',
                ],
                // ...
            ],
            'MatchObjectAge' => [
                'DaysGreaterThan' => <integer>,
                'DaysLessThan' => <integer>,
            ],
            'MatchObjectSize' => [
                'BytesGreaterThan' => <integer>,
                'BytesLessThan' => <integer>,
            ],
            'Or' => [
                'MatchAnyPrefix' => ['<string>', ...],
                'MatchAnySuffix' => ['<string>', ...],
                'MatchAnyTag' => [
                    [
                        'Key' => '<string>',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'MatchObjectAge' => [
                    'DaysGreaterThan' => <integer>,
                    'DaysLessThan' => <integer>,
                ],
                'MatchObjectSize' => [
                    'BytesGreaterThan' => <integer>,
                    'BytesLessThan' => <integer>,
                ],
            ],
        ],
        'Name' => '<string>',
        'StorageLensGroupArn' => '<string>',
    ],
]

Result Details

Members
StorageLensGroup
Type: StorageLensGroup structure

The name of the Storage Lens group that you're trying to retrieve the configuration details for.

Errors

There are no errors described for this operation.

ListAccessGrants

$result = $client->listAccessGrants([/* ... */]);
$promise = $client->listAccessGrantsAsync([/* ... */]);

Returns the list of access grants in your S3 Access Grants instance.

Permissions

You must have the s3:ListAccessGrants permission to use this operation.

Parameter Syntax

$result = $client->listAccessGrants([
    'AccountId' => '<string>', // REQUIRED
    'ApplicationArn' => '<string>',
    'GrantScope' => '<string>',
    'GranteeIdentifier' => '<string>',
    'GranteeType' => 'DIRECTORY_USER|DIRECTORY_GROUP|IAM',
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'Permission' => 'READ|WRITE|READWRITE',
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID of the S3 Access Grants instance.

ApplicationArn
Type: string

The Amazon Resource Name (ARN) of an Amazon Web Services IAM Identity Center application associated with your Identity Center instance. If the grant includes an application ARN, the grantee can only access the S3 data through this application.

GrantScope
Type: string

The S3 path of the data to which you are granting access. It is the result of appending the Subprefix to the location scope.

GranteeIdentifier
Type: string

The unique identifer of the Grantee. If the grantee type is IAM, the identifier is the IAM Amazon Resource Name (ARN) of the user or role. If the grantee type is a directory user or group, the identifier is 128-bit universally unique identifier (UUID) in the format a1b2c3d4-5678-90ab-cdef-EXAMPLE11111. You can obtain this UUID from your Amazon Web Services IAM Identity Center instance.

GranteeType
Type: string

The type of the grantee to which access has been granted. It can be one of the following values:

  • IAM - An IAM user or role.

  • DIRECTORY_USER - Your corporate directory user. You can use this option if you have added your corporate identity directory to IAM Identity Center and associated the IAM Identity Center instance with your S3 Access Grants instance.

  • DIRECTORY_GROUP - Your corporate directory group. You can use this option if you have added your corporate identity directory to IAM Identity Center and associated the IAM Identity Center instance with your S3 Access Grants instance.

MaxResults
Type: int

The maximum number of access grants that you would like returned in the List Access Grants response. If the results include the pagination token NextToken, make another call using the NextToken to determine if there are more results.

NextToken
Type: string

A pagination token to request the next page of results. Pass this value into a subsequent List Access Grants request in order to retrieve the next page of results.

Permission
Type: string

The type of permission granted to your S3 data, which can be set to one of the following values:

  • READ – Grant read-only access to the S3 data.

  • WRITE – Grant write-only access to the S3 data.

  • READWRITE – Grant both read and write access to the S3 data.

Result Syntax

[
    'AccessGrantsList' => [
        [
            'AccessGrantArn' => '<string>',
            'AccessGrantId' => '<string>',
            'AccessGrantsLocationConfiguration' => [
                'S3SubPrefix' => '<string>',
            ],
            'AccessGrantsLocationId' => '<string>',
            'ApplicationArn' => '<string>',
            'CreatedAt' => <DateTime>,
            'GrantScope' => '<string>',
            'Grantee' => [
                'GranteeIdentifier' => '<string>',
                'GranteeType' => 'DIRECTORY_USER|DIRECTORY_GROUP|IAM',
            ],
            'Permission' => 'READ|WRITE|READWRITE',
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members
AccessGrantsList
Type: Array of ListAccessGrantEntry structures

A container for a list of grants in an S3 Access Grants instance.

NextToken
Type: string

A pagination token to request the next page of results. Pass this value into a subsequent List Access Grants request in order to retrieve the next page of results.

Errors

There are no errors described for this operation.

ListAccessGrantsInstances

$result = $client->listAccessGrantsInstances([/* ... */]);
$promise = $client->listAccessGrantsInstancesAsync([/* ... */]);

Returns a list of S3 Access Grants instances. An S3 Access Grants instance serves as a logical grouping for your individual access grants. You can only have one S3 Access Grants instance per Region per account.

Permissions

You must have the s3:ListAccessGrantsInstances permission to use this operation.

Parameter Syntax

$result = $client->listAccessGrantsInstances([
    'AccountId' => '<string>', // REQUIRED
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID of the S3 Access Grants instance.

MaxResults
Type: int

The maximum number of access grants that you would like returned in the List Access Grants response. If the results include the pagination token NextToken, make another call using the NextToken to determine if there are more results.

NextToken
Type: string

A pagination token to request the next page of results. Pass this value into a subsequent List Access Grants Instances request in order to retrieve the next page of results.

Result Syntax

[
    'AccessGrantsInstancesList' => [
        [
            'AccessGrantsInstanceArn' => '<string>',
            'AccessGrantsInstanceId' => '<string>',
            'CreatedAt' => <DateTime>,
            'IdentityCenterApplicationArn' => '<string>',
            'IdentityCenterArn' => '<string>',
            'IdentityCenterInstanceArn' => '<string>',
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members
AccessGrantsInstancesList
Type: Array of ListAccessGrantsInstanceEntry structures

A container for a list of S3 Access Grants instances.

NextToken
Type: string

A pagination token to request the next page of results. Pass this value into a subsequent List Access Grants Instances request in order to retrieve the next page of results.

Errors

There are no errors described for this operation.

ListAccessGrantsLocations

$result = $client->listAccessGrantsLocations([/* ... */]);
$promise = $client->listAccessGrantsLocationsAsync([/* ... */]);

Returns a list of the locations registered in your S3 Access Grants instance.

Permissions

You must have the s3:ListAccessGrantsLocations permission to use this operation.

Parameter Syntax

$result = $client->listAccessGrantsLocations([
    'AccountId' => '<string>', // REQUIRED
    'LocationScope' => '<string>',
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID of the S3 Access Grants instance.

LocationScope
Type: string

The S3 path to the location that you are registering. The location scope can be the default S3 location s3://, the S3 path to a bucket s3://<bucket>, or the S3 path to a bucket and prefix s3://<bucket>/<prefix>. A prefix in S3 is a string of characters at the beginning of an object key name used to organize the objects that you store in your S3 buckets. For example, object key names that start with the engineering/ prefix or object key names that start with the marketing/campaigns/ prefix.

MaxResults
Type: int

The maximum number of access grants that you would like returned in the List Access Grants response. If the results include the pagination token NextToken, make another call using the NextToken to determine if there are more results.

NextToken
Type: string

A pagination token to request the next page of results. Pass this value into a subsequent List Access Grants Locations request in order to retrieve the next page of results.

Result Syntax

[
    'AccessGrantsLocationsList' => [
        [
            'AccessGrantsLocationArn' => '<string>',
            'AccessGrantsLocationId' => '<string>',
            'CreatedAt' => <DateTime>,
            'IAMRoleArn' => '<string>',
            'LocationScope' => '<string>',
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members
AccessGrantsLocationsList
Type: Array of ListAccessGrantsLocationsEntry structures

A container for a list of registered locations in an S3 Access Grants instance.

NextToken
Type: string

A pagination token to request the next page of results. Pass this value into a subsequent List Access Grants Locations request in order to retrieve the next page of results.

Errors

There are no errors described for this operation.

ListAccessPoints

$result = $client->listAccessPoints([/* ... */]);
$promise = $client->listAccessPointsAsync([/* ... */]);

This operation is not supported by directory buckets.

Returns a list of the access points that are owned by the current account that's associated with the specified bucket. You can retrieve up to 1000 access points per call. If the specified bucket has more than 1,000 access points (or the number specified in maxResults, whichever is less), the response will include a continuation token that you can use to list the additional access points.

All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

The following actions are related to ListAccessPoints:

Parameter Syntax

$result = $client->listAccessPoints([
    'AccountId' => '<string>', // REQUIRED
    'Bucket' => '<string>',
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID for the account that owns the specified access points.

Bucket
Type: string

The name of the bucket whose associated access points you want to list.

For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.

MaxResults
Type: int

The maximum number of access points that you want to include in the list. If the specified bucket has more than this number of access points, then the response will include a continuation token in the NextToken field that you can use to retrieve the next page of access points.

NextToken
Type: string

A continuation token. If a previous call to ListAccessPoints returned a continuation token in the NextToken field, then providing that value here causes Amazon S3 to retrieve the next page of results.

Result Syntax

[
    'AccessPointList' => [
        [
            'AccessPointArn' => '<string>',
            'Alias' => '<string>',
            'Bucket' => '<string>',
            'BucketAccountId' => '<string>',
            'Name' => '<string>',
            'NetworkOrigin' => 'Internet|VPC',
            'VpcConfiguration' => [
                'VpcId' => '<string>',
            ],
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members
AccessPointList
Type: Array of AccessPoint structures

Contains identification and configuration information for one or more access points associated with the specified bucket.

NextToken
Type: string

If the specified bucket has more access points than can be returned in one call to this API, this field contains a continuation token that you can provide in subsequent calls to this API to retrieve additional access points.

Errors

There are no errors described for this operation.

ListAccessPointsForObjectLambda

$result = $client->listAccessPointsForObjectLambda([/* ... */]);
$promise = $client->listAccessPointsForObjectLambdaAsync([/* ... */]);

This operation is not supported by directory buckets.

Returns some or all (up to 1,000) access points associated with the Object Lambda Access Point per call. If there are more access points than what can be returned in one call, the response will include a continuation token that you can use to list the additional access points.

The following actions are related to ListAccessPointsForObjectLambda:

Parameter Syntax

$result = $client->listAccessPointsForObjectLambda([
    'AccountId' => '<string>', // REQUIRED
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The account ID for the account that owns the specified Object Lambda Access Point.

MaxResults
Type: int

The maximum number of access points that you want to include in the list. The response may contain fewer access points but will never contain more. If there are more than this number of access points, then the response will include a continuation token in the NextToken field that you can use to retrieve the next page of access points.

NextToken
Type: string

If the list has more access points than can be returned in one call to this API, this field contains a continuation token that you can provide in subsequent calls to this API to retrieve additional access points.

Result Syntax

[
    'NextToken' => '<string>',
    'ObjectLambdaAccessPointList' => [
        [
            'Alias' => [
                'Status' => 'PROVISIONING|READY',
                'Value' => '<string>',
            ],
            'Name' => '<string>',
            'ObjectLambdaAccessPointArn' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
NextToken
Type: string

If the list has more access points than can be returned in one call to this API, this field contains a continuation token that you can provide in subsequent calls to this API to retrieve additional access points.

ObjectLambdaAccessPointList
Type: Array of ObjectLambdaAccessPoint structures

Returns list of Object Lambda Access Points.

Errors

There are no errors described for this operation.

ListCallerAccessGrants

$result = $client->listCallerAccessGrants([/* ... */]);
$promise = $client->listCallerAccessGrantsAsync([/* ... */]);

Use this API to list the access grants that grant the caller access to Amazon S3 data through S3 Access Grants. The caller (grantee) can be an Identity and Access Management (IAM) identity or Amazon Web Services Identity Center corporate directory identity. You must pass the Amazon Web Services account of the S3 data owner (grantor) in the request. You can, optionally, narrow the results by GrantScope, using a fragment of the data's S3 path, and S3 Access Grants will return only the grants with a path that contains the path fragment. You can also pass the AllowedByApplication filter in the request, which returns only the grants authorized for applications, whether the application is the caller's Identity Center application or any other application (ALL). For more information, see List the caller's access grants in the Amazon S3 User Guide.

Permissions

You must have the s3:ListCallerAccessGrants permission to use this operation.

Parameter Syntax

$result = $client->listCallerAccessGrants([
    'AccountId' => '<string>', // REQUIRED
    'AllowedByApplication' => true || false,
    'GrantScope' => '<string>',
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID of the S3 Access Grants instance.

AllowedByApplication
Type: boolean

If this optional parameter is passed in the request, a filter is applied to the results. The results will include only the access grants for the caller's Identity Center application or for any other applications (ALL).

GrantScope
Type: string

The S3 path of the data that you would like to access. Must start with s3://. You can optionally pass only the beginning characters of a path, and S3 Access Grants will search for all applicable grants for the path fragment.

MaxResults
Type: int

The maximum number of access grants that you would like returned in the List Caller Access Grants response. If the results include the pagination token NextToken, make another call using the NextToken to determine if there are more results.

NextToken
Type: string

A pagination token to request the next page of results. Pass this value into a subsequent List Caller Access Grants request in order to retrieve the next page of results.

Result Syntax

[
    'CallerAccessGrantsList' => [
        [
            'ApplicationArn' => '<string>',
            'GrantScope' => '<string>',
            'Permission' => 'READ|WRITE|READWRITE',
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members
CallerAccessGrantsList
Type: Array of ListCallerAccessGrantsEntry structures

A list of the caller's access grants that were created using S3 Access Grants and that grant the caller access to the S3 data of the Amazon Web Services account ID that was specified in the request.

NextToken
Type: string

A pagination token that you can use to request the next page of results. Pass this value into a subsequent List Caller Access Grants request in order to retrieve the next page of results.

Errors

There are no errors described for this operation.

ListJobs

$result = $client->listJobs([/* ... */]);
$promise = $client->listJobsAsync([/* ... */]);

Lists current S3 Batch Operations jobs as well as the jobs that have ended within the last 90 days for the Amazon Web Services account making the request. For more information, see S3 Batch Operations in the Amazon S3 User Guide.

Permissions

To use the ListJobs operation, you must have permission to perform the s3:ListJobs action.

Related actions include:

Parameter Syntax

$result = $client->listJobs([
    'AccountId' => '<string>', // REQUIRED
    'JobStatuses' => ['<string>', ...],
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID associated with the S3 Batch Operations job.

JobStatuses
Type: Array of strings

The List Jobs request returns jobs that match the statuses listed in this element.

MaxResults
Type: int

The maximum number of jobs that Amazon S3 will include in the List Jobs response. If there are more jobs than this number, the response will include a pagination token in the NextToken field to enable you to retrieve the next page of results.

NextToken
Type: string

A pagination token to request the next page of results. Use the token that Amazon S3 returned in the NextToken element of the ListJobsResult from the previous List Jobs request.

Result Syntax

[
    'Jobs' => [
        [
            'CreationTime' => <DateTime>,
            'Description' => '<string>',
            'JobId' => '<string>',
            'Operation' => 'LambdaInvoke|S3PutObjectCopy|S3PutObjectAcl|S3PutObjectTagging|S3DeleteObjectTagging|S3InitiateRestoreObject|S3PutObjectLegalHold|S3PutObjectRetention|S3ReplicateObject',
            'Priority' => <integer>,
            'ProgressSummary' => [
                'NumberOfTasksFailed' => <integer>,
                'NumberOfTasksSucceeded' => <integer>,
                'Timers' => [
                    'ElapsedTimeInActiveSeconds' => <integer>,
                ],
                'TotalNumberOfTasks' => <integer>,
            ],
            'Status' => 'Active|Cancelled|Cancelling|Complete|Completing|Failed|Failing|New|Paused|Pausing|Preparing|Ready|Suspended',
            'TerminationDate' => <DateTime>,
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members
Jobs
Type: Array of JobListDescriptor structures

The list of current jobs and jobs that have ended within the last 30 days.

NextToken
Type: string

If the List Jobs request produced more than the maximum number of results, you can pass this value into a subsequent List Jobs request in order to retrieve the next page of results.

Errors

InvalidRequestException:

InternalServiceException:

InvalidNextTokenException:

ListMultiRegionAccessPoints

$result = $client->listMultiRegionAccessPoints([/* ... */]);
$promise = $client->listMultiRegionAccessPointsAsync([/* ... */]);

This operation is not supported by directory buckets.

Returns a list of the Multi-Region Access Points currently associated with the specified Amazon Web Services account. Each call can return up to 100 Multi-Region Access Points, the maximum number of Multi-Region Access Points that can be associated with a single account.

This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point restrictions and limitations in the Amazon S3 User Guide.

The following actions are related to ListMultiRegionAccessPoint:

Parameter Syntax

$result = $client->listMultiRegionAccessPoints([
    'AccountId' => '<string>', // REQUIRED
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID for the owner of the Multi-Region Access Point.

MaxResults
Type: int

Not currently used. Do not use this parameter.

NextToken
Type: string

Not currently used. Do not use this parameter.

Result Syntax

[
    'AccessPoints' => [
        [
            'Alias' => '<string>',
            'CreatedAt' => <DateTime>,
            'Name' => '<string>',
            'PublicAccessBlock' => [
                'BlockPublicAcls' => true || false,
                'BlockPublicPolicy' => true || false,
                'IgnorePublicAcls' => true || false,
                'RestrictPublicBuckets' => true || false,
            ],
            'Regions' => [
                [
                    'Bucket' => '<string>',
                    'BucketAccountId' => '<string>',
                    'Region' => '<string>',
                ],
                // ...
            ],
            'Status' => 'READY|INCONSISTENT_ACROSS_REGIONS|CREATING|PARTIALLY_CREATED|PARTIALLY_DELETED|DELETING',
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members
AccessPoints
Type: Array of MultiRegionAccessPointReport structures

The list of Multi-Region Access Points associated with the user.

NextToken
Type: string

If the specified bucket has more Multi-Region Access Points than can be returned in one call to this action, this field contains a continuation token. You can use this token tin subsequent calls to this action to retrieve additional Multi-Region Access Points.

Errors

There are no errors described for this operation.

ListRegionalBuckets

$result = $client->listRegionalBuckets([/* ... */]);
$promise = $client->listRegionalBucketsAsync([/* ... */]);

This operation is not supported by directory buckets.

Returns a list of all Outposts buckets in an Outpost that are owned by the authenticated sender of the request. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.

For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and x-amz-outpost-id in your request, see the Examples section.

Parameter Syntax

$result = $client->listRegionalBuckets([
    'AccountId' => '<string>', // REQUIRED
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'OutpostId' => '<string>',
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID of the Outposts bucket.

MaxResults
Type: int

NextToken
Type: string

OutpostId
Type: string

The ID of the Outposts resource.

This ID is required by Amazon S3 on Outposts buckets.

Result Syntax

[
    'NextToken' => '<string>',
    'RegionalBucketList' => [
        [
            'Bucket' => '<string>',
            'BucketArn' => '<string>',
            'CreationDate' => <DateTime>,
            'OutpostId' => '<string>',
            'PublicAccessBlockEnabled' => true || false,
        ],
        // ...
    ],
]

Result Details

Members
NextToken
Type: string

NextToken is sent when isTruncated is true, which means there are more buckets that can be listed. The next list requests to Amazon S3 can be continued with this NextToken. NextToken is obfuscated and is not a real key.

RegionalBucketList
Type: Array of RegionalBucket structures

Errors

There are no errors described for this operation.

ListStorageLensConfigurations

$result = $client->listStorageLensConfigurations([/* ... */]);
$promise = $client->listStorageLensConfigurationsAsync([/* ... */]);

This operation is not supported by directory buckets.

Gets a list of Amazon S3 Storage Lens configurations. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon S3 User Guide.

To use this action, you must have permission to perform the s3:ListStorageLensConfigurations action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide.

Parameter Syntax

$result = $client->listStorageLensConfigurations([
    'AccountId' => '<string>', // REQUIRED
    'NextToken' => '<string>',
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The account ID of the requester.

NextToken
Type: string

A pagination token to request the next page of results.

Result Syntax

[
    'NextToken' => '<string>',
    'StorageLensConfigurationList' => [
        [
            'HomeRegion' => '<string>',
            'Id' => '<string>',
            'IsEnabled' => true || false,
            'StorageLensArn' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
NextToken
Type: string

If the request produced more than the maximum number of S3 Storage Lens configuration results, you can pass this value into a subsequent request to retrieve the next page of results.

StorageLensConfigurationList
Type: Array of ListStorageLensConfigurationEntry structures

A list of S3 Storage Lens configurations.

Errors

There are no errors described for this operation.

ListStorageLensGroups

$result = $client->listStorageLensGroups([/* ... */]);
$promise = $client->listStorageLensGroupsAsync([/* ... */]);

Lists all the Storage Lens groups in the specified home Region.

To use this operation, you must have the permission to perform the s3:ListStorageLensGroups action. For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups.

For information about Storage Lens groups errors, see List of Amazon S3 Storage Lens error codes.

Parameter Syntax

$result = $client->listStorageLensGroups([
    'AccountId' => '<string>', // REQUIRED
    'NextToken' => '<string>',
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID that owns the Storage Lens groups.

NextToken
Type: string

The token for the next set of results, or null if there are no more results.

Result Syntax

[
    'NextToken' => '<string>',
    'StorageLensGroupList' => [
        [
            'HomeRegion' => '<string>',
            'Name' => '<string>',
            'StorageLensGroupArn' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
NextToken
Type: string

If NextToken is returned, there are more Storage Lens groups results available. The value of NextToken is a unique pagination token for each page. Make the call again using the returned token to retrieve the next page. Keep all other arguments unchanged. Each pagination token expires after 24 hours.

StorageLensGroupList
Type: Array of ListStorageLensGroupEntry structures

The list of Storage Lens groups that exist in the specified home Region.

Errors

There are no errors described for this operation.

ListTagsForResource

$result = $client->listTagsForResource([/* ... */]);
$promise = $client->listTagsForResourceAsync([/* ... */]);

This operation allows you to list all the Amazon Web Services resource tags for a specified resource. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources.

Permissions

You must have the s3:ListTagsForResource permission to use this operation.

This operation is only supported for S3 Storage Lens groups and for S3 Access Grants. The tagged resource can be an S3 Storage Lens group or S3 Access Grants instance, registered location, or grant.

For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups.

For information about S3 Tagging errors, see List of Amazon S3 Tagging error codes.

Parameter Syntax

$result = $client->listTagsForResource([
    'AccountId' => '<string>', // REQUIRED
    'ResourceArn' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID of the resource owner.

ResourceArn
Required: Yes
Type: string

The Amazon Resource Name (ARN) of the S3 resource that you want to list the tags for. The tagged resource can be an S3 Storage Lens group or S3 Access Grants instance, registered location, or grant.

Result Syntax

[
    'Tags' => [
        [
            'Key' => '<string>',
            'Value' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
Tags
Type: Array of Tag structures

The Amazon Web Services resource tags that are associated with the resource.

Errors

There are no errors described for this operation.

PutAccessGrantsInstanceResourcePolicy

$result = $client->putAccessGrantsInstanceResourcePolicy([/* ... */]);
$promise = $client->putAccessGrantsInstanceResourcePolicyAsync([/* ... */]);

Updates the resource policy of the S3 Access Grants instance.

Permissions

You must have the s3:PutAccessGrantsInstanceResourcePolicy permission to use this operation.

Parameter Syntax

$result = $client->putAccessGrantsInstanceResourcePolicy([
    'AccountId' => '<string>', // REQUIRED
    'Organization' => '<string>',
    'Policy' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID of the S3 Access Grants instance.

Organization
Type: string

The Organization of the resource policy of the S3 Access Grants instance.

Policy
Required: Yes
Type: string

The resource policy of the S3 Access Grants instance that you are updating.

Result Syntax

[
    'CreatedAt' => <DateTime>,
    'Organization' => '<string>',
    'Policy' => '<string>',
]

Result Details

Members
CreatedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time when you created the S3 Access Grants instance resource policy.

Organization
Type: string

The Organization of the resource policy of the S3 Access Grants instance.

Policy
Type: string

The updated resource policy of the S3 Access Grants instance.

Errors

There are no errors described for this operation.

PutAccessPointConfigurationForObjectLambda

$result = $client->putAccessPointConfigurationForObjectLambda([/* ... */]);
$promise = $client->putAccessPointConfigurationForObjectLambdaAsync([/* ... */]);

This operation is not supported by directory buckets.

Replaces configuration for an Object Lambda Access Point.

The following actions are related to PutAccessPointConfigurationForObjectLambda:

Parameter Syntax

$result = $client->putAccessPointConfigurationForObjectLambda([
    'AccountId' => '<string>', // REQUIRED
    'Configuration' => [ // REQUIRED
        'AllowedFeatures' => ['<string>', ...],
        'CloudWatchMetricsEnabled' => true || false,
        'SupportingAccessPoint' => '<string>', // REQUIRED
        'TransformationConfigurations' => [ // REQUIRED
            [
                'Actions' => ['<string>', ...], // REQUIRED
                'ContentTransformation' => [ // REQUIRED
                    'AwsLambda' => [
                        'FunctionArn' => '<string>', // REQUIRED
                        'FunctionPayload' => '<string>',
                    ],
                ],
            ],
            // ...
        ],
    ],
    'Name' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The account ID for the account that owns the specified Object Lambda Access Point.

Configuration
Required: Yes
Type: ObjectLambdaConfiguration structure

Object Lambda Access Point configuration document.

Name
Required: Yes
Type: string

The name of the Object Lambda Access Point.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

PutAccessPointPolicy

$result = $client->putAccessPointPolicy([/* ... */]);
$promise = $client->putAccessPointPolicyAsync([/* ... */]);

This operation is not supported by directory buckets.

Associates an access policy with the specified access point. Each access point can have only one policy, so a request made to this API replaces any existing policy associated with the specified access point.

All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

The following actions are related to PutAccessPointPolicy:

Parameter Syntax

$result = $client->putAccessPointPolicy([
    'AccountId' => '<string>', // REQUIRED
    'Name' => '<string>', // REQUIRED
    'Policy' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID for owner of the bucket associated with the specified access point.

Name
Required: Yes
Type: string

The name of the access point that you want to associate with the specified policy.

For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the access point accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/accesspoint/<my-accesspoint-name>. For example, to access the access point reports-ap through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap. The value must be URL encoded.

Policy
Required: Yes
Type: string

The policy that you want to apply to the specified access point. For more information about access point policies, see Managing data access with Amazon S3 access points in the Amazon S3 User Guide.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

PutAccessPointPolicyForObjectLambda

$result = $client->putAccessPointPolicyForObjectLambda([/* ... */]);
$promise = $client->putAccessPointPolicyForObjectLambdaAsync([/* ... */]);

This operation is not supported by directory buckets.

Creates or replaces resource policy for an Object Lambda Access Point. For an example policy, see Creating Object Lambda Access Points in the Amazon S3 User Guide.

The following actions are related to PutAccessPointPolicyForObjectLambda:

Parameter Syntax

$result = $client->putAccessPointPolicyForObjectLambda([
    'AccountId' => '<string>', // REQUIRED
    'Name' => '<string>', // REQUIRED
    'Policy' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The account ID for the account that owns the specified Object Lambda Access Point.

Name
Required: Yes
Type: string

The name of the Object Lambda Access Point.

Policy
Required: Yes
Type: string

Object Lambda Access Point resource policy document.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

PutBucketLifecycleConfiguration

$result = $client->putBucketLifecycleConfiguration([/* ... */]);
$promise = $client->putBucketLifecycleConfigurationAsync([/* ... */]);

This action puts a lifecycle configuration to an Amazon S3 on Outposts bucket. To put a lifecycle configuration to an S3 bucket, see PutBucketLifecycleConfiguration in the Amazon S3 API Reference.

Creates a new lifecycle configuration for the S3 on Outposts bucket or replaces an existing lifecycle configuration. Outposts buckets only support lifecycle configurations that delete/expire objects after a certain period of time and abort incomplete multipart uploads.

All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

The following actions are related to PutBucketLifecycleConfiguration:

Parameter Syntax

$result = $client->putBucketLifecycleConfiguration([
    'AccountId' => '<string>', // REQUIRED
    'Bucket' => '<string>', // REQUIRED
    'LifecycleConfiguration' => [
        'Rules' => [
            [
                'AbortIncompleteMultipartUpload' => [
                    'DaysAfterInitiation' => <integer>,
                ],
                'Expiration' => [
                    'Date' => <integer || string || DateTime>,
                    'Days' => <integer>,
                    'ExpiredObjectDeleteMarker' => true || false,
                ],
                'Filter' => [
                    'And' => [
                        'ObjectSizeGreaterThan' => <integer>,
                        'ObjectSizeLessThan' => <integer>,
                        'Prefix' => '<string>',
                        'Tags' => [
                            [
                                'Key' => '<string>', // REQUIRED
                                'Value' => '<string>', // REQUIRED
                            ],
                            // ...
                        ],
                    ],
                    'ObjectSizeGreaterThan' => <integer>,
                    'ObjectSizeLessThan' => <integer>,
                    'Prefix' => '<string>',
                    'Tag' => [
                        'Key' => '<string>', // REQUIRED
                        'Value' => '<string>', // REQUIRED
                    ],
                ],
                'ID' => '<string>',
                'NoncurrentVersionExpiration' => [
                    'NewerNoncurrentVersions' => <integer>,
                    'NoncurrentDays' => <integer>,
                ],
                'NoncurrentVersionTransitions' => [
                    [
                        'NoncurrentDays' => <integer>,
                        'StorageClass' => 'GLACIER|STANDARD_IA|ONEZONE_IA|INTELLIGENT_TIERING|DEEP_ARCHIVE',
                    ],
                    // ...
                ],
                'Status' => 'Enabled|Disabled', // REQUIRED
                'Transitions' => [
                    [
                        'Date' => <integer || string || DateTime>,
                        'Days' => <integer>,
                        'StorageClass' => 'GLACIER|STANDARD_IA|ONEZONE_IA|INTELLIGENT_TIERING|DEEP_ARCHIVE',
                    ],
                    // ...
                ],
            ],
            // ...
        ],
    ],
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID of the Outposts bucket.

Bucket
Required: Yes
Type: string

The name of the bucket for which to set the configuration.

LifecycleConfiguration
Type: LifecycleConfiguration structure

Container for lifecycle rules. You can add as many as 1,000 rules.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

PutBucketPolicy

$result = $client->putBucketPolicy([/* ... */]);
$promise = $client->putBucketPolicyAsync([/* ... */]);

This action puts a bucket policy to an Amazon S3 on Outposts bucket. To put a policy on an S3 bucket, see PutBucketPolicy in the Amazon S3 API Reference.

Applies an Amazon S3 bucket policy to an Outposts bucket. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.

If you are using an identity other than the root user of the Amazon Web Services account that owns the Outposts bucket, the calling identity must have the PutBucketPolicy permissions on the specified Outposts bucket and belong to the bucket owner's account in order to use this action.

If you don't have PutBucketPolicy permissions, Amazon S3 returns a 403 Access Denied error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 405 Method Not Allowed error.

As a security precaution, the root user of the Amazon Web Services account that owns a bucket can always use this action, even if the policy explicitly denies the root user the ability to perform this action.

For more information about bucket policies, see Using Bucket Policies and User Policies.

All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

The following actions are related to PutBucketPolicy:

Parameter Syntax

$result = $client->putBucketPolicy([
    'AccountId' => '<string>', // REQUIRED
    'Bucket' => '<string>', // REQUIRED
    'ConfirmRemoveSelfBucketAccess' => true || false,
    'Policy' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID of the Outposts bucket.

Bucket
Required: Yes
Type: string

Specifies the bucket.

For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.

ConfirmRemoveSelfBucketAccess
Type: boolean

Set this parameter to true to confirm that you want to remove your permissions to change this bucket policy in the future.

This is not supported by Amazon S3 on Outposts buckets.

Policy
Required: Yes
Type: string

The bucket policy as a JSON document.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

PutBucketReplication

$result = $client->putBucketReplication([/* ... */]);
$promise = $client->putBucketReplicationAsync([/* ... */]);

This action creates an Amazon S3 on Outposts bucket's replication configuration. To create an S3 bucket's replication configuration, see PutBucketReplication in the Amazon S3 API Reference.

Creates a replication configuration or replaces an existing one. For information about S3 replication on Outposts configuration, see Replicating objects for S3 on Outposts in the Amazon S3 User Guide.

It can take a while to propagate PUT or DELETE requests for a replication configuration to all S3 on Outposts systems. Therefore, the replication configuration that's returned by a GET request soon after a PUT or DELETE request might return a more recent result than what's on the Outpost. If an Outpost is offline, the delay in updating the replication configuration on that Outpost can be significant.

Specify the replication configuration in the request body. In the replication configuration, you provide the following information:

  • The name of the destination bucket or buckets where you want S3 on Outposts to replicate objects

  • The Identity and Access Management (IAM) role that S3 on Outposts can assume to replicate objects on your behalf

  • Other relevant information, such as replication rules

A replication configuration must include at least one rule and can contain a maximum of 100. Each rule identifies a subset of objects to replicate by filtering the objects in the source Outposts bucket. To choose additional subsets of objects to replicate, add a rule for each subset.

To specify a subset of the objects in the source Outposts bucket to apply a replication rule to, add the Filter element as a child of the Rule element. You can filter objects based on an object key prefix, one or more object tags, or both. When you add the Filter element in the configuration, you must also add the following elements: DeleteMarkerReplication, Status, and Priority.

Using PutBucketReplication on Outposts requires that both the source and destination buckets must have versioning enabled. For information about enabling versioning on a bucket, see Managing S3 Versioning for your S3 on Outposts bucket.

For information about S3 on Outposts replication failure reasons, see Replication failure reasons in the Amazon S3 User Guide.

Handling Replication of Encrypted Objects

Outposts buckets are encrypted at all times. All the objects in the source Outposts bucket are encrypted and can be replicated. Also, all the replicas in the destination Outposts bucket are encrypted with the same encryption key as the objects in the source Outposts bucket.

Permissions

To create a PutBucketReplication request, you must have s3-outposts:PutReplicationConfiguration permissions for the bucket. The Outposts bucket owner has this permission by default and can grant it to others. For more information about permissions, see Setting up IAM with S3 on Outposts and Managing access to S3 on Outposts buckets.

To perform this operation, the user or role must also have the iam:CreateRole and iam:PassRole permissions. For more information, see Granting a user permissions to pass a role to an Amazon Web Services service.

All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

The following operations are related to PutBucketReplication:

Parameter Syntax

$result = $client->putBucketReplication([
    'AccountId' => '<string>', // REQUIRED
    'Bucket' => '<string>', // REQUIRED
    'ReplicationConfiguration' => [ // REQUIRED
        'Role' => '<string>', // REQUIRED
        'Rules' => [ // REQUIRED
            [
                'Bucket' => '<string>', // REQUIRED
                'DeleteMarkerReplication' => [
                    'Status' => 'Enabled|Disabled', // REQUIRED
                ],
                'Destination' => [ // REQUIRED
                    'AccessControlTranslation' => [
                        'Owner' => 'Destination', // REQUIRED
                    ],
                    'Account' => '<string>',
                    'Bucket' => '<string>', // REQUIRED
                    'EncryptionConfiguration' => [
                        'ReplicaKmsKeyID' => '<string>',
                    ],
                    'Metrics' => [
                        'EventThreshold' => [
                            'Minutes' => <integer>,
                        ],
                        'Status' => 'Enabled|Disabled', // REQUIRED
                    ],
                    'ReplicationTime' => [
                        'Status' => 'Enabled|Disabled', // REQUIRED
                        'Time' => [ // REQUIRED
                            'Minutes' => <integer>,
                        ],
                    ],
                    'StorageClass' => 'STANDARD|REDUCED_REDUNDANCY|STANDARD_IA|ONEZONE_IA|INTELLIGENT_TIERING|GLACIER|DEEP_ARCHIVE|OUTPOSTS|GLACIER_IR',
                ],
                'ExistingObjectReplication' => [
                    'Status' => 'Enabled|Disabled', // REQUIRED
                ],
                'Filter' => [
                    'And' => [
                        'Prefix' => '<string>',
                        'Tags' => [
                            [
                                'Key' => '<string>', // REQUIRED
                                'Value' => '<string>', // REQUIRED
                            ],
                            // ...
                        ],
                    ],
                    'Prefix' => '<string>',
                    'Tag' => [
                        'Key' => '<string>', // REQUIRED
                        'Value' => '<string>', // REQUIRED
                    ],
                ],
                'ID' => '<string>',
                'Prefix' => '<string>',
                'Priority' => <integer>,
                'SourceSelectionCriteria' => [
                    'ReplicaModifications' => [
                        'Status' => 'Enabled|Disabled', // REQUIRED
                    ],
                    'SseKmsEncryptedObjects' => [
                        'Status' => 'Enabled|Disabled', // REQUIRED
                    ],
                ],
                'Status' => 'Enabled|Disabled', // REQUIRED
            ],
            // ...
        ],
    ],
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID of the Outposts bucket.

Bucket
Required: Yes
Type: string

Specifies the S3 on Outposts bucket to set the configuration for.

For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.

ReplicationConfiguration
Required: Yes
Type: ReplicationConfiguration structure

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

PutBucketTagging

$result = $client->putBucketTagging([/* ... */]);
$promise = $client->putBucketTaggingAsync([/* ... */]);

This action puts tags on an Amazon S3 on Outposts bucket. To put tags on an S3 bucket, see PutBucketTagging in the Amazon S3 API Reference.

Sets the tags for an S3 on Outposts bucket. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.

Use tags to organize your Amazon Web Services bill to reflect your own cost structure. To do this, sign up to get your Amazon Web Services account bill with tag key values included. Then, to see the cost of combined resources, organize your billing information according to resources with the same tag key values. For example, you can tag several resources with a specific application name, and then organize your billing information to see the total cost of that application across several services. For more information, see Cost allocation and tagging.

Within a bucket, if you add a tag that has the same key as an existing tag, the new value overwrites the old value. For more information, see Using cost allocation in Amazon S3 bucket tags.

To use this action, you must have permissions to perform the s3-outposts:PutBucketTagging action. The Outposts bucket owner has this permission by default and can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing access permissions to your Amazon S3 resources.

PutBucketTagging has the following special errors:

  • Error code: InvalidTagError

  • Error code: MalformedXMLError

    • Description: The XML provided does not match the schema.

  • Error code: OperationAbortedError

    • Description: A conflicting conditional action is currently in progress against this resource. Try again.

  • Error code: InternalError

    • Description: The service was unable to apply the provided tag to the bucket.

All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

The following actions are related to PutBucketTagging:

Parameter Syntax

$result = $client->putBucketTagging([
    'AccountId' => '<string>', // REQUIRED
    'Bucket' => '<string>', // REQUIRED
    'Tagging' => [ // REQUIRED
        'TagSet' => [ // REQUIRED
            [
                'Key' => '<string>', // REQUIRED
                'Value' => '<string>', // REQUIRED
            ],
            // ...
        ],
    ],
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID of the Outposts bucket.

Bucket
Required: Yes
Type: string

The Amazon Resource Name (ARN) of the bucket.

For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.

Tagging
Required: Yes
Type: Tagging structure

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

PutBucketVersioning

$result = $client->putBucketVersioning([/* ... */]);
$promise = $client->putBucketVersioningAsync([/* ... */]);

This operation sets the versioning state for S3 on Outposts buckets only. To set the versioning state for an S3 bucket, see PutBucketVersioning in the Amazon S3 API Reference.

Sets the versioning state for an S3 on Outposts bucket. With S3 Versioning, you can save multiple distinct copies of your objects and recover from unintended user actions and application failures.

You can set the versioning state to one of the following:

  • Enabled - Enables versioning for the objects in the bucket. All objects added to the bucket receive a unique version ID.

  • Suspended - Suspends versioning for the objects in the bucket. All objects added to the bucket receive the version ID null.

If you've never set versioning on your bucket, it has no versioning state. In that case, a GetBucketVersioning request does not return a versioning state value.

When you enable S3 Versioning, for each object in your bucket, you have a current version and zero or more noncurrent versions. You can configure your bucket S3 Lifecycle rules to expire noncurrent versions after a specified time period. For more information, see Creating and managing a lifecycle configuration for your S3 on Outposts bucket in the Amazon S3 User Guide.

If you have an object expiration lifecycle configuration in your non-versioned bucket and you want to maintain the same permanent delete behavior when you enable versioning, you must add a noncurrent expiration policy. The noncurrent expiration lifecycle configuration will manage the deletes of the noncurrent object versions in the version-enabled bucket. For more information, see Versioning in the Amazon S3 User Guide.

All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

The following operations are related to PutBucketVersioning for S3 on Outposts.

Parameter Syntax

$result = $client->putBucketVersioning([
    'AccountId' => '<string>', // REQUIRED
    'Bucket' => '<string>', // REQUIRED
    'MFA' => '<string>',
    'VersioningConfiguration' => [ // REQUIRED
        'MFADelete' => 'Enabled|Disabled',
        'Status' => 'Enabled|Suspended',
    ],
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID of the S3 on Outposts bucket.

Bucket
Required: Yes
Type: string

The S3 on Outposts bucket to set the versioning state for.

MFA
Type: string

The concatenation of the authentication device's serial number, a space, and the value that is displayed on your authentication device.

VersioningConfiguration
Required: Yes
Type: VersioningConfiguration structure

The root-level tag for the VersioningConfiguration parameters.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

PutJobTagging

$result = $client->putJobTagging([/* ... */]);
$promise = $client->putJobTaggingAsync([/* ... */]);

Sets the supplied tag-set on an S3 Batch Operations job.

A tag is a key-value pair. You can associate S3 Batch Operations tags with any job by sending a PUT request against the tagging subresource that is associated with the job. To modify the existing tag set, you can either replace the existing tag set entirely, or make changes within the existing tag set by retrieving the existing tag set using GetJobTagging, modify that tag set, and use this operation to replace the tag set with the one you modified. For more information, see Controlling access and labeling jobs using tags in the Amazon S3 User Guide.

  • If you send this request with an empty tag set, Amazon S3 deletes the existing tag set on the Batch Operations job. If you use this method, you are charged for a Tier 1 Request (PUT). For more information, see Amazon S3 pricing.

  • For deleting existing tags for your Batch Operations job, a DeleteJobTagging request is preferred because it achieves the same result without incurring charges.

  • A few things to consider about using tags:

    • Amazon S3 limits the maximum number of tags to 50 tags per job.

    • You can associate up to 50 tags with a job as long as they have unique tag keys.

    • A tag key can be up to 128 Unicode characters in length, and tag values can be up to 256 Unicode characters in length.

    • The key and values are case sensitive.

    • For tagging-related restrictions related to characters and encodings, see User-Defined Tag Restrictions in the Billing and Cost Management User Guide.

Permissions

To use the PutJobTagging operation, you must have permission to perform the s3:PutJobTagging action.

Related actions include:

Parameter Syntax

$result = $client->putJobTagging([
    'AccountId' => '<string>', // REQUIRED
    'JobId' => '<string>', // REQUIRED
    'Tags' => [ // REQUIRED
        [
            'Key' => '<string>', // REQUIRED
            'Value' => '<string>', // REQUIRED
        ],
        // ...
    ],
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID associated with the S3 Batch Operations job.

JobId
Required: Yes
Type: string

The ID for the S3 Batch Operations job whose tags you want to replace.

Tags
Required: Yes
Type: Array of S3Tag structures

The set of tags to associate with the S3 Batch Operations job.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InternalServiceException:

TooManyRequestsException:

NotFoundException:

TooManyTagsException:

Amazon S3 throws this exception if you have too many tags in your tag set.

PutMultiRegionAccessPointPolicy

$result = $client->putMultiRegionAccessPointPolicy([/* ... */]);
$promise = $client->putMultiRegionAccessPointPolicyAsync([/* ... */]);

This operation is not supported by directory buckets.

Associates an access control policy with the specified Multi-Region Access Point. Each Multi-Region Access Point can have only one policy, so a request made to this action replaces any existing policy that is associated with the specified Multi-Region Access Point.

This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point restrictions and limitations in the Amazon S3 User Guide.

The following actions are related to PutMultiRegionAccessPointPolicy:

Parameter Syntax

$result = $client->putMultiRegionAccessPointPolicy([
    'AccountId' => '<string>', // REQUIRED
    'ClientToken' => '<string>', // REQUIRED
    'Details' => [ // REQUIRED
        'Name' => '<string>', // REQUIRED
        'Policy' => '<string>', // REQUIRED
    ],
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID for the owner of the Multi-Region Access Point.

ClientToken
Required: Yes
Type: string

An idempotency token used to identify the request and guarantee that requests are unique.

Details
Required: Yes
Type: PutMultiRegionAccessPointPolicyInput structure

A container element containing the details of the policy for the Multi-Region Access Point.

Result Syntax

[
    'RequestTokenARN' => '<string>',
]

Result Details

Members
RequestTokenARN
Type: string

The request token associated with the request. You can use this token with DescribeMultiRegionAccessPointOperation to determine the status of asynchronous requests.

Errors

There are no errors described for this operation.

PutPublicAccessBlock

$result = $client->putPublicAccessBlock([/* ... */]);
$promise = $client->putPublicAccessBlockAsync([/* ... */]);

This operation is not supported by directory buckets.

Creates or modifies the PublicAccessBlock configuration for an Amazon Web Services account. For this operation, users must have the s3:PutAccountPublicAccessBlock permission. For more information, see Using Amazon S3 block public access.

Related actions include:

Parameter Syntax

$result = $client->putPublicAccessBlock([
    'AccountId' => '<string>', // REQUIRED
    'PublicAccessBlockConfiguration' => [ // REQUIRED
        'BlockPublicAcls' => true || false,
        'BlockPublicPolicy' => true || false,
        'IgnorePublicAcls' => true || false,
        'RestrictPublicBuckets' => true || false,
    ],
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The account ID for the Amazon Web Services account whose PublicAccessBlock configuration you want to set.

PublicAccessBlockConfiguration
Required: Yes
Type: PublicAccessBlockConfiguration structure

The PublicAccessBlock configuration that you want to apply to the specified Amazon Web Services account.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

PutStorageLensConfiguration

$result = $client->putStorageLensConfiguration([/* ... */]);
$promise = $client->putStorageLensConfigurationAsync([/* ... */]);

This operation is not supported by directory buckets.

Puts an Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Working with Amazon S3 Storage Lens in the Amazon S3 User Guide. For a complete list of S3 Storage Lens metrics, see S3 Storage Lens metrics glossary in the Amazon S3 User Guide.

To use this action, you must have permission to perform the s3:PutStorageLensConfiguration action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide.

Parameter Syntax

$result = $client->putStorageLensConfiguration([
    'AccountId' => '<string>', // REQUIRED
    'ConfigId' => '<string>', // REQUIRED
    'StorageLensConfiguration' => [ // REQUIRED
        'AccountLevel' => [ // REQUIRED
            'ActivityMetrics' => [
                'IsEnabled' => true || false,
            ],
            'AdvancedCostOptimizationMetrics' => [
                'IsEnabled' => true || false,
            ],
            'AdvancedDataProtectionMetrics' => [
                'IsEnabled' => true || false,
            ],
            'BucketLevel' => [ // REQUIRED
                'ActivityMetrics' => [
                    'IsEnabled' => true || false,
                ],
                'AdvancedCostOptimizationMetrics' => [
                    'IsEnabled' => true || false,
                ],
                'AdvancedDataProtectionMetrics' => [
                    'IsEnabled' => true || false,
                ],
                'DetailedStatusCodesMetrics' => [
                    'IsEnabled' => true || false,
                ],
                'PrefixLevel' => [
                    'StorageMetrics' => [ // REQUIRED
                        'IsEnabled' => true || false,
                        'SelectionCriteria' => [
                            'Delimiter' => '<string>',
                            'MaxDepth' => <integer>,
                            'MinStorageBytesPercentage' => <float>,
                        ],
                    ],
                ],
            ],
            'DetailedStatusCodesMetrics' => [
                'IsEnabled' => true || false,
            ],
            'StorageLensGroupLevel' => [
                'SelectionCriteria' => [
                    'Exclude' => ['<string>', ...],
                    'Include' => ['<string>', ...],
                ],
            ],
        ],
        'AwsOrg' => [
            'Arn' => '<string>', // REQUIRED
        ],
        'DataExport' => [
            'CloudWatchMetrics' => [
                'IsEnabled' => true || false, // REQUIRED
            ],
            'S3BucketDestination' => [
                'AccountId' => '<string>', // REQUIRED
                'Arn' => '<string>', // REQUIRED
                'Encryption' => [
                    'SSEKMS' => [
                        'KeyId' => '<string>', // REQUIRED
                    ],
                    'SSES3' => [
                    ],
                ],
                'Format' => 'CSV|Parquet', // REQUIRED
                'OutputSchemaVersion' => 'V_1', // REQUIRED
                'Prefix' => '<string>',
            ],
        ],
        'Exclude' => [
            'Buckets' => ['<string>', ...],
            'Regions' => ['<string>', ...],
        ],
        'Id' => '<string>', // REQUIRED
        'Include' => [
            'Buckets' => ['<string>', ...],
            'Regions' => ['<string>', ...],
        ],
        'IsEnabled' => true || false, // REQUIRED
        'StorageLensArn' => '<string>',
    ],
    'Tags' => [
        [
            'Key' => '<string>', // REQUIRED
            'Value' => '<string>', // REQUIRED
        ],
        // ...
    ],
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The account ID of the requester.

ConfigId
Required: Yes
Type: string

The ID of the S3 Storage Lens configuration.

StorageLensConfiguration
Required: Yes
Type: StorageLensConfiguration structure

The S3 Storage Lens configuration.

Tags
Type: Array of StorageLensTag structures

The tag set of the S3 Storage Lens configuration.

You can set up to a maximum of 50 tags.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

PutStorageLensConfigurationTagging

$result = $client->putStorageLensConfigurationTagging([/* ... */]);
$promise = $client->putStorageLensConfigurationTaggingAsync([/* ... */]);

This operation is not supported by directory buckets.

Put or replace tags on an existing Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon S3 User Guide.

To use this action, you must have permission to perform the s3:PutStorageLensConfigurationTagging action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide.

Parameter Syntax

$result = $client->putStorageLensConfigurationTagging([
    'AccountId' => '<string>', // REQUIRED
    'ConfigId' => '<string>', // REQUIRED
    'Tags' => [ // REQUIRED
        [
            'Key' => '<string>', // REQUIRED
            'Value' => '<string>', // REQUIRED
        ],
        // ...
    ],
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The account ID of the requester.

ConfigId
Required: Yes
Type: string

The ID of the S3 Storage Lens configuration.

Tags
Required: Yes
Type: Array of StorageLensTag structures

The tag set of the S3 Storage Lens configuration.

You can set up to a maximum of 50 tags.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

SubmitMultiRegionAccessPointRoutes

$result = $client->submitMultiRegionAccessPointRoutes([/* ... */]);
$promise = $client->submitMultiRegionAccessPointRoutesAsync([/* ... */]);

This operation is not supported by directory buckets.

Submits an updated route configuration for a Multi-Region Access Point. This API operation updates the routing status for the specified Regions from active to passive, or from passive to active. A value of 0 indicates a passive status, which means that traffic won't be routed to the specified Region. A value of 100 indicates an active status, which means that traffic will be routed to the specified Region. At least one Region must be active at all times.

When the routing configuration is changed, any in-progress operations (uploads, copies, deletes, and so on) to formerly active Regions will continue to run to their final completion state (success or failure). The routing configurations of any Regions that aren’t specified remain unchanged.

Updated routing configurations might not be immediately applied. It can take up to 2 minutes for your changes to take effect.

To submit routing control changes and failover requests, use the Amazon S3 failover control infrastructure endpoints in these five Amazon Web Services Regions:

  • us-east-1

  • us-west-2

  • ap-southeast-2

  • ap-northeast-1

  • eu-west-1

Parameter Syntax

$result = $client->submitMultiRegionAccessPointRoutes([
    'AccountId' => '<string>', // REQUIRED
    'Mrap' => '<string>', // REQUIRED
    'RouteUpdates' => [ // REQUIRED
        [
            'Bucket' => '<string>',
            'Region' => '<string>',
            'TrafficDialPercentage' => <integer>, // REQUIRED
        ],
        // ...
    ],
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID for the owner of the Multi-Region Access Point.

Mrap
Required: Yes
Type: string

The Multi-Region Access Point ARN.

RouteUpdates
Required: Yes
Type: Array of MultiRegionAccessPointRoute structures

The different routes that make up the new route configuration. Active routes return a value of 100, and passive routes return a value of 0.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

TagResource

$result = $client->tagResource([/* ... */]);
$promise = $client->tagResourceAsync([/* ... */]);

Creates a new Amazon Web Services resource tag or updates an existing resource tag. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources. You can add up to 50 Amazon Web Services resource tags for each S3 resource.

This operation is only supported for S3 Storage Lens groups and for S3 Access Grants. The tagged resource can be an S3 Storage Lens group or S3 Access Grants instance, registered location, or grant.

Permissions

You must have the s3:TagResource permission to use this operation.

For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups.

For information about S3 Tagging errors, see List of Amazon S3 Tagging error codes.

Parameter Syntax

$result = $client->tagResource([
    'AccountId' => '<string>', // REQUIRED
    'ResourceArn' => '<string>', // REQUIRED
    'Tags' => [ // REQUIRED
        [
            'Key' => '<string>', // REQUIRED
            'Value' => '<string>', // REQUIRED
        ],
        // ...
    ],
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID that created the S3 resource that you're trying to add tags to or the requester's account ID.

ResourceArn
Required: Yes
Type: string

The Amazon Resource Name (ARN) of the S3 resource that you're trying to add tags to. The tagged resource can be an S3 Storage Lens group or S3 Access Grants instance, registered location, or grant.

Tags
Required: Yes
Type: Array of Tag structures

The Amazon Web Services resource tags that you want to add to the specified S3 resource.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

UntagResource

$result = $client->untagResource([/* ... */]);
$promise = $client->untagResourceAsync([/* ... */]);

This operation removes the specified Amazon Web Services resource tags from an S3 resource. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources.

This operation is only supported for S3 Storage Lens groups and for S3 Access Grants. The tagged resource can be an S3 Storage Lens group or S3 Access Grants instance, registered location, or grant.

Permissions

You must have the s3:UntagResource permission to use this operation.

For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups.

For information about S3 Tagging errors, see List of Amazon S3 Tagging error codes.

Parameter Syntax

$result = $client->untagResource([
    'AccountId' => '<string>', // REQUIRED
    'ResourceArn' => '<string>', // REQUIRED
    'TagKeys' => ['<string>', ...], // REQUIRED
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID that owns the resource that you're trying to remove the tags from.

ResourceArn
Required: Yes
Type: string

The Amazon Resource Name (ARN) of the S3 resource that you're trying to remove the tags from.

TagKeys
Required: Yes
Type: Array of strings

The array of tag key-value pairs that you're trying to remove from of the S3 resource.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

UpdateAccessGrantsLocation

$result = $client->updateAccessGrantsLocation([/* ... */]);
$promise = $client->updateAccessGrantsLocationAsync([/* ... */]);

Updates the IAM role of a registered location in your S3 Access Grants instance.

Permissions

You must have the s3:UpdateAccessGrantsLocation permission to use this operation.

Additional Permissions

You must also have the following permission: iam:PassRole

Parameter Syntax

$result = $client->updateAccessGrantsLocation([
    'AccessGrantsLocationId' => '<string>', // REQUIRED
    'AccountId' => '<string>', // REQUIRED
    'IAMRoleArn' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccessGrantsLocationId
Required: Yes
Type: string

The ID of the registered location that you are updating. S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID default to the default location s3:// and assigns an auto-generated ID to other locations that you register.

The ID of the registered location to which you are granting access. S3 Access Grants assigned this ID when you registered the location. S3 Access Grants assigns the ID default to the default location s3:// and assigns an auto-generated ID to other locations that you register.

If you are passing the default location, you cannot create an access grant for the entire default location. You must also specify a bucket or a bucket and prefix in the Subprefix field.

AccountId
Required: Yes
Type: string

The Amazon Web Services account ID of the S3 Access Grants instance.

IAMRoleArn
Required: Yes
Type: string

The Amazon Resource Name (ARN) of the IAM role for the registered location. S3 Access Grants assumes this role to manage access to the registered location.

Result Syntax

[
    'AccessGrantsLocationArn' => '<string>',
    'AccessGrantsLocationId' => '<string>',
    'CreatedAt' => <DateTime>,
    'IAMRoleArn' => '<string>',
    'LocationScope' => '<string>',
]

Result Details

Members
AccessGrantsLocationArn
Type: string

The Amazon Resource Name (ARN) of the registered location that you are updating.

AccessGrantsLocationId
Type: string

The ID of the registered location to which you are granting access. S3 Access Grants assigned this ID when you registered the location. S3 Access Grants assigns the ID default to the default location s3:// and assigns an auto-generated ID to other locations that you register.

CreatedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time when you registered the location.

IAMRoleArn
Type: string

The Amazon Resource Name (ARN) of the IAM role of the registered location. S3 Access Grants assumes this role to manage access to the registered location.

LocationScope
Type: string

The S3 URI path of the location that you are updating. You cannot update the scope of the registered location. The location scope can be the default S3 location s3://, the S3 path to a bucket s3://<bucket>, or the S3 path to a bucket and prefix s3://<bucket>/<prefix>.

Errors

There are no errors described for this operation.

UpdateJobPriority

$result = $client->updateJobPriority([/* ... */]);
$promise = $client->updateJobPriorityAsync([/* ... */]);

Updates an existing S3 Batch Operations job's priority. For more information, see S3 Batch Operations in the Amazon S3 User Guide.

Permissions

To use the UpdateJobPriority operation, you must have permission to perform the s3:UpdateJobPriority action.

Related actions include:

Parameter Syntax

$result = $client->updateJobPriority([
    'AccountId' => '<string>', // REQUIRED
    'JobId' => '<string>', // REQUIRED
    'Priority' => <integer>, // REQUIRED
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID associated with the S3 Batch Operations job.

JobId
Required: Yes
Type: string

The ID for the job whose priority you want to update.

Priority
Required: Yes
Type: int

The priority you want to assign to this job.

Result Syntax

[
    'JobId' => '<string>',
    'Priority' => <integer>,
]

Result Details

Members
JobId
Required: Yes
Type: string

The ID for the job whose priority Amazon S3 updated.

Priority
Required: Yes
Type: int

The new priority assigned to the specified job.

Errors

BadRequestException:

TooManyRequestsException:

NotFoundException:

InternalServiceException:

UpdateJobStatus

$result = $client->updateJobStatus([/* ... */]);
$promise = $client->updateJobStatusAsync([/* ... */]);

Updates the status for the specified job. Use this operation to confirm that you want to run a job or to cancel an existing job. For more information, see S3 Batch Operations in the Amazon S3 User Guide.

Permissions

To use the UpdateJobStatus operation, you must have permission to perform the s3:UpdateJobStatus action.

Related actions include:

Parameter Syntax

$result = $client->updateJobStatus([
    'AccountId' => '<string>', // REQUIRED
    'JobId' => '<string>', // REQUIRED
    'RequestedJobStatus' => 'Cancelled|Ready', // REQUIRED
    'StatusUpdateReason' => '<string>',
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID associated with the S3 Batch Operations job.

JobId
Required: Yes
Type: string

The ID of the job whose status you want to update.

RequestedJobStatus
Required: Yes
Type: string

The status that you want to move the specified job to.

StatusUpdateReason
Type: string

A description of the reason why you want to change the specified job's status. This field can be any string up to the maximum length.

Result Syntax

[
    'JobId' => '<string>',
    'Status' => 'Active|Cancelled|Cancelling|Complete|Completing|Failed|Failing|New|Paused|Pausing|Preparing|Ready|Suspended',
    'StatusUpdateReason' => '<string>',
]

Result Details

Members
JobId
Type: string

The ID for the job whose status was updated.

Status
Type: string

The current status for the specified job.

StatusUpdateReason
Type: string

The reason that the specified job's status was updated.

Errors

BadRequestException:

TooManyRequestsException:

NotFoundException:

JobStatusException:

InternalServiceException:

UpdateStorageLensGroup

$result = $client->updateStorageLensGroup([/* ... */]);
$promise = $client->updateStorageLensGroupAsync([/* ... */]);

Updates the existing Storage Lens group.

To use this operation, you must have the permission to perform the s3:UpdateStorageLensGroup action. For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups.

For information about Storage Lens groups errors, see List of Amazon S3 Storage Lens error codes.

Parameter Syntax

$result = $client->updateStorageLensGroup([
    'AccountId' => '<string>', // REQUIRED
    'Name' => '<string>', // REQUIRED
    'StorageLensGroup' => [ // REQUIRED
        'Filter' => [ // REQUIRED
            'And' => [
                'MatchAnyPrefix' => ['<string>', ...],
                'MatchAnySuffix' => ['<string>', ...],
                'MatchAnyTag' => [
                    [
                        'Key' => '<string>', // REQUIRED
                        'Value' => '<string>', // REQUIRED
                    ],
                    // ...
                ],
                'MatchObjectAge' => [
                    'DaysGreaterThan' => <integer>,
                    'DaysLessThan' => <integer>,
                ],
                'MatchObjectSize' => [
                    'BytesGreaterThan' => <integer>,
                    'BytesLessThan' => <integer>,
                ],
            ],
            'MatchAnyPrefix' => ['<string>', ...],
            'MatchAnySuffix' => ['<string>', ...],
            'MatchAnyTag' => [
                [
                    'Key' => '<string>', // REQUIRED
                    'Value' => '<string>', // REQUIRED
                ],
                // ...
            ],
            'MatchObjectAge' => [
                'DaysGreaterThan' => <integer>,
                'DaysLessThan' => <integer>,
            ],
            'MatchObjectSize' => [
                'BytesGreaterThan' => <integer>,
                'BytesLessThan' => <integer>,
            ],
            'Or' => [
                'MatchAnyPrefix' => ['<string>', ...],
                'MatchAnySuffix' => ['<string>', ...],
                'MatchAnyTag' => [
                    [
                        'Key' => '<string>', // REQUIRED
                        'Value' => '<string>', // REQUIRED
                    ],
                    // ...
                ],
                'MatchObjectAge' => [
                    'DaysGreaterThan' => <integer>,
                    'DaysLessThan' => <integer>,
                ],
                'MatchObjectSize' => [
                    'BytesGreaterThan' => <integer>,
                    'BytesLessThan' => <integer>,
                ],
            ],
        ],
        'Name' => '<string>', // REQUIRED
        'StorageLensGroupArn' => '<string>',
    ],
]);

Parameter Details

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID of the Storage Lens group owner.

Name
Required: Yes
Type: string

The name of the Storage Lens group that you want to update.

StorageLensGroup
Required: Yes
Type: StorageLensGroup structure

The JSON file that contains the Storage Lens group configuration.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

Shapes

AbortIncompleteMultipartUpload

Description

The container for abort incomplete multipart upload

Members
DaysAfterInitiation
Type: int

Specifies the number of days after which Amazon S3 aborts an incomplete multipart upload to the Outposts bucket.

AccessControlTranslation

Description

A container for information about access control for replicas.

This is not supported by Amazon S3 on Outposts buckets.

Members
Owner
Required: Yes
Type: string

Specifies the replica ownership.

AccessGrantsLocationConfiguration

Description

The configuration options of the S3 Access Grants location. It contains the S3SubPrefix field. The grant scope, the data to which you are granting access, is the result of appending the Subprefix field to the scope of the registered location.

Members
S3SubPrefix
Type: string

The S3SubPrefix is appended to the location scope creating the grant scope. Use this field to narrow the scope of the grant to a subset of the location scope. This field is required if the location scope is the default location s3:// because you cannot create a grant for all of your S3 data in the Region and must narrow the scope. For example, if the location scope is the default location s3://, the S3SubPrefx can be a <bucket-name>/*, so the full grant scope path would be s3://<bucket-name>/*. Or the S3SubPrefx can be <bucket-name>/<prefix-name>*, so the full grant scope path would be or s3://<bucket-name>/<prefix-name>*.

If the S3SubPrefix includes a prefix, append the wildcard character * after the prefix to indicate that you want to include all object key names in the bucket that start with that prefix.

AccessPoint

Description

An access point used to access a bucket.

Members
AccessPointArn
Type: string

The ARN for the access point.

Alias
Type: string

The name or alias of the access point.

Bucket
Required: Yes
Type: string

The name of the bucket associated with this access point.

BucketAccountId
Type: string

The Amazon Web Services account ID associated with the S3 bucket associated with this access point.

Name
Required: Yes
Type: string

The name of this access point.

NetworkOrigin
Required: Yes
Type: string

Indicates whether this access point allows access from the public internet. If VpcConfiguration is specified for this access point, then NetworkOrigin is VPC, and the access point doesn't allow access from the public internet. Otherwise, NetworkOrigin is Internet, and the access point allows access from the public internet, subject to the access point and bucket access policies.

VpcConfiguration
Type: VpcConfiguration structure

The virtual private cloud (VPC) configuration for this access point, if one exists.

This element is empty if this access point is an Amazon S3 on Outposts access point that is used by other Amazon Web Services services.

AccountLevel

Description

A container element for the account-level Amazon S3 Storage Lens configuration.

For more information about S3 Storage Lens, see Assessing your storage activity and usage with S3 Storage Lens in the Amazon S3 User Guide. For a complete list of S3 Storage Lens metrics, see S3 Storage Lens metrics glossary in the Amazon S3 User Guide.

Members
ActivityMetrics
Type: ActivityMetrics structure

A container element for S3 Storage Lens activity metrics.

AdvancedCostOptimizationMetrics

A container element for S3 Storage Lens advanced cost-optimization metrics.

AdvancedDataProtectionMetrics

A container element for S3 Storage Lens advanced data-protection metrics.

BucketLevel
Required: Yes
Type: BucketLevel structure

A container element for the S3 Storage Lens bucket-level configuration.

DetailedStatusCodesMetrics
Type: DetailedStatusCodesMetrics structure

A container element for detailed status code metrics.

StorageLensGroupLevel
Type: StorageLensGroupLevel structure

A container element for S3 Storage Lens groups metrics.

ActivityMetrics

Description

The container element for Amazon S3 Storage Lens activity metrics. Activity metrics show details about how your storage is requested, such as requests (for example, All requests, Get requests, Put requests), bytes uploaded or downloaded, and errors.

For more information about S3 Storage Lens, see Assessing your storage activity and usage with S3 Storage Lens in the Amazon S3 User Guide. For a complete list of S3 Storage Lens metrics, see S3 Storage Lens metrics glossary in the Amazon S3 User Guide.

Members
IsEnabled
Type: boolean

A container that indicates whether activity metrics are enabled.

AdvancedCostOptimizationMetrics

Description

The container element for Amazon S3 Storage Lens advanced cost-optimization metrics. Advanced cost-optimization metrics provide insights that you can use to manage and optimize your storage costs, for example, lifecycle rule counts for transitions, expirations, and incomplete multipart uploads.

For more information about S3 Storage Lens, see Assessing your storage activity and usage with S3 Storage Lens in the Amazon S3 User Guide. For a complete list of S3 Storage Lens metrics, see S3 Storage Lens metrics glossary in the Amazon S3 User Guide.

Members
IsEnabled
Type: boolean

A container that indicates whether advanced cost-optimization metrics are enabled.

AdvancedDataProtectionMetrics

Description

The container element for Amazon S3 Storage Lens advanced data-protection metrics. Advanced data-protection metrics provide insights that you can use to perform audits and protect your data, for example replication rule counts within and across Regions.

For more information about S3 Storage Lens, see Assessing your storage activity and usage with S3 Storage Lens in the Amazon S3 User Guide. For a complete list of S3 Storage Lens metrics, see S3 Storage Lens metrics glossary in the Amazon S3 User Guide.

Members
IsEnabled
Type: boolean

A container that indicates whether advanced data-protection metrics are enabled.

AssociateAccessGrantsIdentityCenterRequest

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID of the S3 Access Grants instance.

IdentityCenterArn
Required: Yes
Type: string

The Amazon Resource Name (ARN) of the Amazon Web Services IAM Identity Center instance that you are associating with your S3 Access Grants instance. An IAM Identity Center instance is your corporate identity directory that you added to the IAM Identity Center. You can use the ListInstances API operation to retrieve a list of your Identity Center instances and their ARNs.

AsyncErrorDetails

Description

Error details for the failed asynchronous operation.

Members
Code
Type: string

A string that uniquely identifies the error condition.

Message
Type: string

A generic description of the error condition in English.

RequestId
Type: string

The ID of the request associated with the error.

Resource
Type: string

The identifier of the resource associated with the error.

AsyncOperation

Description

A container for the information about an asynchronous operation.

Members
CreationTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time that the request was sent to the service.

Operation
Type: string

The specific operation for the asynchronous request.

RequestParameters
Type: AsyncRequestParameters structure

The parameters associated with the request.

RequestStatus
Type: string

The current status of the request.

RequestTokenARN
Type: string

The request token associated with the request.

ResponseDetails
Type: AsyncResponseDetails structure

The details of the response.

AsyncRequestParameters

Description

A container for the request parameters associated with an asynchronous request.

Members
CreateMultiRegionAccessPointRequest

A container of the parameters for a CreateMultiRegionAccessPoint request.

DeleteMultiRegionAccessPointRequest

A container of the parameters for a DeleteMultiRegionAccessPoint request.

PutMultiRegionAccessPointPolicyRequest

A container of the parameters for a PutMultiRegionAccessPoint request.

AsyncResponseDetails

Description

A container for the response details that are returned when querying about an asynchronous request.

Members
ErrorDetails
Type: AsyncErrorDetails structure

Error details for an asynchronous request.

MultiRegionAccessPointDetails

The details for the Multi-Region Access Point.

AwsLambdaTransformation

Description

Lambda function used to transform objects through an Object Lambda Access Point.

Members
FunctionArn
Required: Yes
Type: string

The Amazon Resource Name (ARN) of the Lambda function.

FunctionPayload
Type: string

Additional JSON that provides supplemental data to the Lambda function used to transform objects.

BadRequestException

Description

Members
Message
Type: string

BucketAlreadyExists

Description

The requested Outposts bucket name is not available. The bucket namespace is shared by all users of the Outposts in this Region. Select a different name and try again.

Members

BucketAlreadyOwnedByYou

Description

The Outposts bucket you tried to create already exists, and you own it.

Members

BucketLevel

Description

A container for the bucket-level configuration for Amazon S3 Storage Lens.

For more information about S3 Storage Lens, see Assessing your storage activity and usage with S3 Storage Lens in the Amazon S3 User Guide.

Members
ActivityMetrics
Type: ActivityMetrics structure

A container for the bucket-level activity metrics for S3 Storage Lens.

AdvancedCostOptimizationMetrics

A container for bucket-level advanced cost-optimization metrics for S3 Storage Lens.

AdvancedDataProtectionMetrics

A container for bucket-level advanced data-protection metrics for S3 Storage Lens.

DetailedStatusCodesMetrics
Type: DetailedStatusCodesMetrics structure

A container for bucket-level detailed status code metrics for S3 Storage Lens.

PrefixLevel
Type: PrefixLevel structure

A container for the prefix-level metrics for S3 Storage Lens.

CloudWatchMetrics

Description

A container for enabling Amazon CloudWatch publishing for S3 Storage Lens metrics.

For more information about publishing S3 Storage Lens metrics to CloudWatch, see Monitor S3 Storage Lens metrics in CloudWatch in the Amazon S3 User Guide.

Members
IsEnabled
Required: Yes
Type: boolean

A container that indicates whether CloudWatch publishing for S3 Storage Lens metrics is enabled. A value of true indicates that CloudWatch publishing for S3 Storage Lens metrics is enabled.

CreateAccessGrantRequest

Members
AccessGrantsLocationConfiguration

The configuration options of the grant location. The grant location is the S3 path to the data to which you are granting access. It contains the S3SubPrefix field. The grant scope is the result of appending the subprefix to the location scope of the registered location.

AccessGrantsLocationId
Required: Yes
Type: string

The ID of the registered location to which you are granting access. S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID default to the default location s3:// and assigns an auto-generated ID to other locations that you register.

If you are passing the default location, you cannot create an access grant for the entire default location. You must also specify a bucket or a bucket and prefix in the Subprefix field.

AccountId
Required: Yes
Type: string

The Amazon Web Services account ID of the S3 Access Grants instance.

ApplicationArn
Type: string

The Amazon Resource Name (ARN) of an Amazon Web Services IAM Identity Center application associated with your Identity Center instance. If an application ARN is included in the request to create an access grant, the grantee can only access the S3 data through this application.

Grantee
Required: Yes
Type: Grantee structure

The user, group, or role to which you are granting access. You can grant access to an IAM user or role. If you have added your corporate directory to Amazon Web Services IAM Identity Center and associated your Identity Center instance with your S3 Access Grants instance, the grantee can also be a corporate directory user or group.

Permission
Required: Yes
Type: string

The type of access that you are granting to your S3 data, which can be set to one of the following values:

  • READ – Grant read-only access to the S3 data.

  • WRITE – Grant write-only access to the S3 data.

  • READWRITE – Grant both read and write access to the S3 data.

S3PrefixType
Type: string

The type of S3SubPrefix. The only possible value is Object. Pass this value if the access grant scope is an object. Do not pass this value if the access grant scope is a bucket or a bucket and a prefix.

Tags
Type: Array of Tag structures

The Amazon Web Services resource tags that you are adding to the access grant. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources.

CreateAccessGrantsInstanceRequest

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID of the S3 Access Grants instance.

IdentityCenterArn
Type: string

If you would like to associate your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance, use this field to pass the Amazon Resource Name (ARN) of the Amazon Web Services IAM Identity Center instance that you are associating with your S3 Access Grants instance. An IAM Identity Center instance is your corporate identity directory that you added to the IAM Identity Center. You can use the ListInstances API operation to retrieve a list of your Identity Center instances and their ARNs.

Tags
Type: Array of Tag structures

The Amazon Web Services resource tags that you are adding to the S3 Access Grants instance. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources.

CreateAccessGrantsLocationRequest

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID of the S3 Access Grants instance.

IAMRoleArn
Required: Yes
Type: string

The Amazon Resource Name (ARN) of the IAM role for the registered location. S3 Access Grants assumes this role to manage access to the registered location.

LocationScope
Required: Yes
Type: string

The S3 path to the location that you are registering. The location scope can be the default S3 location s3://, the S3 path to a bucket s3://<bucket>, or the S3 path to a bucket and prefix s3://<bucket>/<prefix>. A prefix in S3 is a string of characters at the beginning of an object key name used to organize the objects that you store in your S3 buckets. For example, object key names that start with the engineering/ prefix or object key names that start with the marketing/campaigns/ prefix.

Tags
Type: Array of Tag structures

The Amazon Web Services resource tags that you are adding to the S3 Access Grants location. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources.

CreateAccessPointForObjectLambdaRequest

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID for owner of the specified Object Lambda Access Point.

Configuration
Required: Yes
Type: ObjectLambdaConfiguration structure

Object Lambda Access Point configuration as a JSON document.

Name
Required: Yes
Type: string

The name you want to assign to this Object Lambda Access Point.

CreateAccessPointRequest

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID for the account that owns the specified access point.

Bucket
Required: Yes
Type: string

The name of the bucket that you want to associate this access point with.

For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.

BucketAccountId
Type: string

The Amazon Web Services account ID associated with the S3 bucket associated with this access point.

For same account access point when your bucket and access point belong to the same account owner, the BucketAccountId is not required. For cross-account access point when your bucket and access point are not in the same account, the BucketAccountId is required.

Name
Required: Yes
Type: string

The name you want to assign to this access point.

PublicAccessBlockConfiguration

The PublicAccessBlock configuration that you want to apply to the access point.

VpcConfiguration
Type: VpcConfiguration structure

If you include this field, Amazon S3 restricts access to this access point to requests from the specified virtual private cloud (VPC).

This is required for creating an access point for Amazon S3 on Outposts buckets.

CreateBucketConfiguration

Description

The container for the bucket configuration.

This is not supported by Amazon S3 on Outposts buckets.

Members
LocationConstraint
Type: string

Specifies the Region where the bucket will be created. If you are creating a bucket on the US East (N. Virginia) Region (us-east-1), you do not need to specify the location.

This is not supported by Amazon S3 on Outposts buckets.

CreateJobRequest

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID that creates the job.

ClientRequestToken
Required: Yes
Type: string

An idempotency token to ensure that you don't accidentally submit the same request twice. You can use any string up to the maximum length.

ConfirmationRequired
Type: boolean

Indicates whether confirmation is required before Amazon S3 runs the job. Confirmation is only required for jobs created through the Amazon S3 console.

Description
Type: string

A description for this job. You can use any string within the permitted length. Descriptions don't need to be unique and can be used for multiple jobs.

Manifest
Type: JobManifest structure

Configuration parameters for the manifest.

ManifestGenerator
Type: JobManifestGenerator structure

The attribute container for the ManifestGenerator details. Jobs must be created with either a manifest file or a ManifestGenerator, but not both.

Operation
Required: Yes
Type: JobOperation structure

The action that you want this job to perform on every object listed in the manifest. For more information about the available actions, see Operations in the Amazon S3 User Guide.

Priority
Required: Yes
Type: int

The numerical priority for this job. Higher numbers indicate higher priority.

Report
Required: Yes
Type: JobReport structure

Configuration parameters for the optional job-completion report.

RoleArn
Required: Yes
Type: string

The Amazon Resource Name (ARN) for the Identity and Access Management (IAM) role that Batch Operations will use to run this job's action on every object in the manifest.

Tags
Type: Array of S3Tag structures

A set of tags to associate with the S3 Batch Operations job. This is an optional parameter.

CreateMultiRegionAccessPointInput

Description

A container for the information associated with a CreateMultiRegionAccessPoint request.

Members
Name
Required: Yes
Type: string

The name of the Multi-Region Access Point associated with this request.

PublicAccessBlock

The PublicAccessBlock configuration that you want to apply to this Amazon S3 account. You can enable the configuration options in any combination. For more information about when Amazon S3 considers a bucket or object public, see The Meaning of "Public" in the Amazon S3 User Guide.

This data type is not supported for Amazon S3 on Outposts.

Regions
Required: Yes
Type: Array of Region structures

The buckets in different Regions that are associated with the Multi-Region Access Point.

CreateMultiRegionAccessPointRequest

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID for the owner of the Multi-Region Access Point. The owner of the Multi-Region Access Point also must own the underlying buckets.

ClientToken
Required: Yes
Type: string

An idempotency token used to identify the request and guarantee that requests are unique.

Details
Required: Yes
Type: CreateMultiRegionAccessPointInput structure

A container element containing details about the Multi-Region Access Point.

CreateStorageLensGroupRequest

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID that the Storage Lens group is created from and associated with.

StorageLensGroup
Required: Yes
Type: StorageLensGroup structure

The Storage Lens group configuration.

Tags
Type: Array of Tag structures

The Amazon Web Services resource tags that you're adding to your Storage Lens group. This parameter is optional.

Credentials

Description

The Amazon Web Services Security Token Service temporary credential that S3 Access Grants vends to grantees and client applications.

Members
AccessKeyId
Type: string

The unique access key ID of the Amazon Web Services STS temporary credential that S3 Access Grants vends to grantees and client applications.

Expiration
Type: timestamp (string|DateTime or anything parsable by strtotime)

The expiration date and time of the temporary credential that S3 Access Grants vends to grantees and client applications.

SecretAccessKey
Type: string

The secret access key of the Amazon Web Services STS temporary credential that S3 Access Grants vends to grantees and client applications.

SessionToken
Type: string

The Amazon Web Services STS temporary credential that S3 Access Grants vends to grantees and client applications.

DeleteMarkerReplication

Description

Specifies whether S3 on Outposts replicates delete markers. If you specify a Filter element in your replication configuration, you must also include a DeleteMarkerReplication element. If your Filter includes a Tag element, the DeleteMarkerReplication element's Status child element must be set to Disabled, because S3 on Outposts does not support replicating delete markers for tag-based rules.

For more information about delete marker replication, see How delete operations affect replication in the Amazon S3 User Guide.

Members
Status
Required: Yes
Type: string

Indicates whether to replicate delete markers.

DeleteMultiRegionAccessPointInput

Description

A container for the information associated with a DeleteMultiRegionAccessPoint request.

Members
Name
Required: Yes
Type: string

The name of the Multi-Region Access Point associated with this request.

DeleteMultiRegionAccessPointRequest

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID for the owner of the Multi-Region Access Point.

ClientToken
Required: Yes
Type: string

An idempotency token used to identify the request and guarantee that requests are unique.

Details
Required: Yes
Type: DeleteMultiRegionAccessPointInput structure

A container element containing details about the Multi-Region Access Point.

Destination

Description

Specifies information about the replication destination bucket and its settings for an S3 on Outposts replication configuration.

Members
AccessControlTranslation
Type: AccessControlTranslation structure

Specify this property only in a cross-account scenario (where the source and destination bucket owners are not the same), and you want to change replica ownership to the Amazon Web Services account that owns the destination bucket. If this property is not specified in the replication configuration, the replicas are owned by same Amazon Web Services account that owns the source object.

This is not supported by Amazon S3 on Outposts buckets.

Account
Type: string

The destination bucket owner's account ID.

Bucket
Required: Yes
Type: string

The Amazon Resource Name (ARN) of the access point for the destination bucket where you want S3 on Outposts to store the replication results.

EncryptionConfiguration
Type: EncryptionConfiguration structure

A container that provides information about encryption. If SourceSelectionCriteria is specified, you must specify this element.

This is not supported by Amazon S3 on Outposts buckets.

Metrics
Type: Metrics structure

A container that specifies replication metrics-related settings.

ReplicationTime
Type: ReplicationTime structure

A container that specifies S3 Replication Time Control (S3 RTC) settings, including whether S3 RTC is enabled and the time when all objects and operations on objects must be replicated. Must be specified together with a Metrics block.

This is not supported by Amazon S3 on Outposts buckets.

StorageClass
Type: string

The storage class to use when replicating objects. All objects stored on S3 on Outposts are stored in the OUTPOSTS storage class. S3 on Outposts uses the OUTPOSTS storage class to create the object replicas.

Values other than OUTPOSTS aren't supported by Amazon S3 on Outposts.

DetailedStatusCodesMetrics

Description

The container element for Amazon S3 Storage Lens detailed status code metrics. Detailed status code metrics generate metrics for HTTP status codes, such as 200 OK, 403 Forbidden, 503 Service Unavailable and others.

For more information about S3 Storage Lens, see Assessing your storage activity and usage with S3 Storage Lens in the Amazon S3 User Guide. For a complete list of S3 Storage Lens metrics, see S3 Storage Lens metrics glossary in the Amazon S3 User Guide.

Members
IsEnabled
Type: boolean

A container that indicates whether detailed status code metrics are enabled.

EncryptionConfiguration

Description

Specifies encryption-related information for an Amazon S3 bucket that is a destination for replicated objects. If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner.

This is not supported by Amazon S3 on Outposts buckets.

Members
ReplicaKmsKeyID
Type: string

Specifies the ID of the customer managed KMS key that's stored in Key Management Service (KMS) for the destination bucket. This ID is either the Amazon Resource Name (ARN) for the KMS key or the alias ARN for the KMS key. Amazon S3 uses this KMS key to encrypt replica objects. Amazon S3 supports only symmetric encryption KMS keys. For more information, see Symmetric encryption KMS keys in the Amazon Web Services Key Management Service Developer Guide.

EstablishedMultiRegionAccessPointPolicy

Description

The last established access control policy for a Multi-Region Access Point.

When you update the policy, the update is first listed as the proposed policy. After the update is finished and all Regions have been updated, the proposed policy is listed as the established policy. If both policies have the same version number, the proposed policy is the established policy.

Members
Policy
Type: string

The details of the last established policy.

Exclude

Description

A container for what Amazon S3 Storage Lens will exclude.

Members
Buckets
Type: Array of strings

A container for the S3 Storage Lens bucket excludes.

Regions
Type: Array of strings

A container for the S3 Storage Lens Region excludes.

ExistingObjectReplication

Description

An optional configuration to replicate existing source bucket objects.

This is not supported by Amazon S3 on Outposts buckets.

Members
Status
Required: Yes
Type: string

Specifies whether Amazon S3 replicates existing source bucket objects.

GeneratedManifestEncryption

Description

The encryption configuration to use when storing the generated manifest.

Members
SSEKMS
Type: SSEKMSEncryption structure

Configuration details on how SSE-KMS is used to encrypt generated manifest objects.

SSES3
Type: SSES3Encryption structure

Specifies the use of SSE-S3 to encrypt generated manifest objects.

Grantee

Description

The user, group, or role to which you are granting access. You can grant access to an IAM user or role. If you have added your corporate directory to Amazon Web Services IAM Identity Center and associated your Identity Center instance with your S3 Access Grants instance, the grantee can also be a corporate directory user or group.

Members
GranteeIdentifier
Type: string

The unique identifier of the Grantee. If the grantee type is IAM, the identifier is the IAM Amazon Resource Name (ARN) of the user or role. If the grantee type is a directory user or group, the identifier is 128-bit universally unique identifier (UUID) in the format a1b2c3d4-5678-90ab-cdef-EXAMPLE11111. You can obtain this UUID from your Amazon Web Services IAM Identity Center instance.

GranteeType
Type: string

The type of the grantee to which access has been granted. It can be one of the following values:

  • IAM - An IAM user or role.

  • DIRECTORY_USER - Your corporate directory user. You can use this option if you have added your corporate identity directory to IAM Identity Center and associated the IAM Identity Center instance with your S3 Access Grants instance.

  • DIRECTORY_GROUP - Your corporate directory group. You can use this option if you have added your corporate identity directory to IAM Identity Center and associated the IAM Identity Center instance with your S3 Access Grants instance.

IdempotencyException

Description

Members
Message
Type: string

Include

Description

A container for what Amazon S3 Storage Lens configuration includes.

Members
Buckets
Type: Array of strings

A container for the S3 Storage Lens bucket includes.

Regions
Type: Array of strings

A container for the S3 Storage Lens Region includes.

InternalServiceException

Description

Members
Message
Type: string

InvalidNextTokenException

Description

Members
Message
Type: string

InvalidRequestException

Description

Members
Message
Type: string

JobDescriptor

Description

A container element for the job configuration and status information returned by a Describe Job request.

Members
ConfirmationRequired
Type: boolean

Indicates whether confirmation is required before Amazon S3 begins running the specified job. Confirmation is required only for jobs created through the Amazon S3 console.

CreationTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

A timestamp indicating when this job was created.

Description
Type: string

The description for this job, if one was provided in this job's Create Job request.

FailureReasons
Type: Array of JobFailure structures

If the specified job failed, this field contains information describing the failure.

GeneratedManifestDescriptor

The attribute of the JobDescriptor containing details about the job's generated manifest.

JobArn
Type: string

The Amazon Resource Name (ARN) for this job.

JobId
Type: string

The ID for the specified job.

Manifest
Type: JobManifest structure

The configuration information for the specified job's manifest object.

ManifestGenerator
Type: JobManifestGenerator structure

The manifest generator that was used to generate a job manifest for this job.

Operation
Type: JobOperation structure

The operation that the specified job is configured to run on the objects listed in the manifest.

Priority
Type: int

The priority of the specified job.

ProgressSummary
Type: JobProgressSummary structure

Describes the total number of tasks that the specified job has run, the number of tasks that succeeded, and the number of tasks that failed.

Report
Type: JobReport structure

Contains the configuration information for the job-completion report if you requested one in the Create Job request.

RoleArn
Type: string

The Amazon Resource Name (ARN) for the Identity and Access Management (IAM) role assigned to run the tasks for this job.

Status
Type: string

The current status of the specified job.

StatusUpdateReason
Type: string

The reason for updating the job.

SuspendedCause
Type: string

The reason why the specified job was suspended. A job is only suspended if you create it through the Amazon S3 console. When you create the job, it enters the Suspended state to await confirmation before running. After you confirm the job, it automatically exits the Suspended state.

SuspendedDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

The timestamp when this job was suspended, if it has been suspended.

TerminationDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

A timestamp indicating when this job terminated. A job's termination date is the date and time when it succeeded, failed, or was canceled.

JobFailure

Description

If this job failed, this element indicates why the job failed.

Members
FailureCode
Type: string

The failure code, if any, for the specified job.

FailureReason
Type: string

The failure reason, if any, for the specified job.

JobListDescriptor

Description

Contains the configuration and status information for a single job retrieved as part of a job list.

Members
CreationTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

A timestamp indicating when the specified job was created.

Description
Type: string

The user-specified description that was included in the specified job's Create Job request.

JobId
Type: string

The ID for the specified job.

Operation
Type: string

The operation that the specified job is configured to run on every object listed in the manifest.

Priority
Type: int

The current priority for the specified job.

ProgressSummary
Type: JobProgressSummary structure

Describes the total number of tasks that the specified job has run, the number of tasks that succeeded, and the number of tasks that failed.

Status
Type: string

The specified job's current status.

TerminationDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

A timestamp indicating when the specified job terminated. A job's termination date is the date and time when it succeeded, failed, or was canceled.

JobManifest

Description

Contains the configuration information for a job's manifest.

Members
Location
Required: Yes
Type: JobManifestLocation structure

Contains the information required to locate the specified job's manifest. Manifests can't be imported from directory buckets. For more information, see Directory buckets.

Spec
Required: Yes
Type: JobManifestSpec structure

Describes the format of the specified job's manifest. If the manifest is in CSV format, also describes the columns contained within the manifest.

JobManifestGenerator

Description

Configures the type of the job's ManifestGenerator.

Members
S3JobManifestGenerator
Type: S3JobManifestGenerator structure

The S3 job ManifestGenerator's configuration details.

JobManifestGeneratorFilter

Description

The filter used to describe a set of objects for the job's manifest.

Members
CreatedAfter
Type: timestamp (string|DateTime or anything parsable by strtotime)

If provided, the generated manifest includes only source bucket objects that were created after this time.

CreatedBefore
Type: timestamp (string|DateTime or anything parsable by strtotime)

If provided, the generated manifest includes only source bucket objects that were created before this time.

EligibleForReplication
Type: boolean

Include objects in the generated manifest only if they are eligible for replication according to the Replication configuration on the source bucket.

KeyNameConstraint
Type: KeyNameConstraint structure

If provided, the generated manifest includes only source bucket objects whose object keys match the string constraints specified for MatchAnyPrefix, MatchAnySuffix, and MatchAnySubstring.

MatchAnyStorageClass
Type: Array of strings

If provided, the generated manifest includes only source bucket objects that are stored with the specified storage class.

ObjectReplicationStatuses
Type: Array of strings

If provided, the generated manifest includes only source bucket objects that have one of the specified Replication statuses.

ObjectSizeGreaterThanBytes
Type: long (int|float)

If provided, the generated manifest includes only source bucket objects whose file size is greater than the specified number of bytes.

ObjectSizeLessThanBytes
Type: long (int|float)

If provided, the generated manifest includes only source bucket objects whose file size is less than the specified number of bytes.

JobManifestLocation

Description

Contains the information required to locate a manifest object. Manifests can't be imported from directory buckets. For more information, see Directory buckets.

Members
ETag
Required: Yes
Type: string

The ETag for the specified manifest object.

ObjectArn
Required: Yes
Type: string

The Amazon Resource Name (ARN) for a manifest object.

When you're using XML requests, you must replace special characters (such as carriage returns) in object keys with their equivalent XML entity codes. For more information, see XML-related object key constraints in the Amazon S3 User Guide.

ObjectVersionId
Type: string

The optional version ID to identify a specific version of the manifest object.

JobManifestSpec

Description

Describes the format of a manifest. If the manifest is in CSV format, also describes the columns contained within the manifest.

Members
Fields
Type: Array of strings

If the specified manifest object is in the S3BatchOperations_CSV_20180820 format, this element describes which columns contain the required data.

Format
Required: Yes
Type: string

Indicates which of the available formats the specified manifest uses.

JobOperation

Description

The operation that you want this job to perform on every object listed in the manifest. For more information about the available operations, see Operations in the Amazon S3 User Guide.

Members
LambdaInvoke
Type: LambdaInvokeOperation structure

Directs the specified job to invoke an Lambda function on every object in the manifest.

S3DeleteObjectTagging

Directs the specified job to execute a DELETE Object tagging call on every object in the manifest.

This functionality is not supported by directory buckets.

S3InitiateRestoreObject

Directs the specified job to initiate restore requests for every archived object in the manifest.

This functionality is not supported by directory buckets.

S3PutObjectAcl
Type: S3SetObjectAclOperation structure

Directs the specified job to run a PutObjectAcl call on every object in the manifest.

This functionality is not supported by directory buckets.

S3PutObjectCopy
Type: S3CopyObjectOperation structure

Directs the specified job to run a PUT Copy object call on every object in the manifest.

S3PutObjectLegalHold

Contains the configuration for an S3 Object Lock legal hold operation that an S3 Batch Operations job passes to every object to the underlying PutObjectLegalHold API operation. For more information, see Using S3 Object Lock legal hold with S3 Batch Operations in the Amazon S3 User Guide.

This functionality is not supported by directory buckets.

S3PutObjectRetention

Contains the configuration parameters for the Object Lock retention action for an S3 Batch Operations job. Batch Operations passes every object to the underlying PutObjectRetention API operation. For more information, see Using S3 Object Lock retention with S3 Batch Operations in the Amazon S3 User Guide.

This functionality is not supported by directory buckets.

S3PutObjectTagging
Type: S3SetObjectTaggingOperation structure

Directs the specified job to run a PUT Object tagging call on every object in the manifest.

This functionality is not supported by directory buckets.

S3ReplicateObject
Type: S3ReplicateObjectOperation structure

Directs the specified job to invoke ReplicateObject on every object in the job's manifest.

This functionality is not supported by directory buckets.

JobProgressSummary

Description

Describes the total number of tasks that the specified job has started, the number of tasks that succeeded, and the number of tasks that failed.

Members
NumberOfTasksFailed
Type: long (int|float)

NumberOfTasksSucceeded
Type: long (int|float)

Timers
Type: JobTimers structure

The JobTimers attribute of a job's progress summary.

TotalNumberOfTasks
Type: long (int|float)

JobReport

Description

Contains the configuration parameters for a job-completion report.

Members
Bucket
Type: string

The Amazon Resource Name (ARN) for the bucket where specified job-completion report will be stored.

Directory buckets - Directory buckets aren't supported as a location for Batch Operations to store job completion reports.

Enabled
Required: Yes
Type: boolean

Indicates whether the specified job will generate a job-completion report.

Format
Type: string

The format of the specified job-completion report.

Prefix
Type: string

An optional prefix to describe where in the specified bucket the job-completion report will be stored. Amazon S3 stores the job-completion report at <prefix>/job-<job-id>/report.json.

ReportScope
Type: string

Indicates whether the job-completion report will include details of all tasks or only failed tasks.

JobStatusException

Description

Members
Message
Type: string

JobTimers

Description

Provides timing details for the job.

Members
ElapsedTimeInActiveSeconds
Type: long (int|float)

Indicates the elapsed time in seconds the job has been in the Active job state.

KeyNameConstraint

Description

If provided, the generated manifest includes only source bucket objects whose object keys match the string constraints specified for MatchAnyPrefix, MatchAnySuffix, and MatchAnySubstring.

Members
MatchAnyPrefix
Type: Array of strings

If provided, the generated manifest includes objects where the specified string appears at the start of the object key string. Each KeyNameConstraint filter accepts an array of strings with a length of 1 string.

MatchAnySubstring
Type: Array of strings

If provided, the generated manifest includes objects where the specified string appears anywhere within the object key string. Each KeyNameConstraint filter accepts an array of strings with a length of 1 string.

MatchAnySuffix
Type: Array of strings

If provided, the generated manifest includes objects where the specified string appears at the end of the object key string. Each KeyNameConstraint filter accepts an array of strings with a length of 1 string.

LambdaInvokeOperation

Description

Contains the configuration parameters for a Lambda Invoke operation.

Members
FunctionArn
Type: string

The Amazon Resource Name (ARN) for the Lambda function that the specified job will invoke on every object in the manifest.

InvocationSchemaVersion
Type: string

Specifies the schema version for the payload that Batch Operations sends when invoking an Lambda function. Version 1.0 is the default. Version 2.0 is required when you use Batch Operations to invoke Lambda functions that act on directory buckets, or if you need to specify UserArguments. For more information, see Automate object processing in Amazon S3 directory buckets with S3 Batch Operations and Lambda in the Amazon Web Services Storage Blog.

Ensure that your Lambda function code expects InvocationSchemaVersion 2.0 and uses bucket name rather than bucket ARN. If the InvocationSchemaVersion does not match what your Lambda function expects, your function might not work as expected.

Directory buckets - To initiate Amazon Web Services Lambda function to perform custom actions on objects in directory buckets, you must specify 2.0.

UserArguments
Type: Associative array of custom strings keys (NonEmptyMaxLength64String) to strings

Key-value pairs that are passed in the payload that Batch Operations sends when invoking an Lambda function. You must specify InvocationSchemaVersion 2.0 for LambdaInvoke operations that include UserArguments. For more information, see Automate object processing in Amazon S3 directory buckets with S3 Batch Operations and Lambda in the Amazon Web Services Storage Blog.

LifecycleConfiguration

Description

The container for the Outposts bucket lifecycle configuration.

Members
Rules
Type: Array of LifecycleRule structures

A lifecycle rule for individual objects in an Outposts bucket.

LifecycleExpiration

Description

The container of the Outposts bucket lifecycle expiration.

Members
Date
Type: timestamp (string|DateTime or anything parsable by strtotime)

Indicates at what date the object is to be deleted. Should be in GMT ISO 8601 format.

Days
Type: int

Indicates the lifetime, in days, of the objects that are subject to the rule. The value must be a non-zero positive integer.

ExpiredObjectDeleteMarker
Type: boolean

Indicates whether Amazon S3 will remove a delete marker with no noncurrent versions. If set to true, the delete marker will be expired. If set to false, the policy takes no action. This cannot be specified with Days or Date in a Lifecycle Expiration Policy.

LifecycleRule

Description

The container for the Outposts bucket lifecycle rule.

Members
AbortIncompleteMultipartUpload

Specifies the days since the initiation of an incomplete multipart upload that Amazon S3 waits before permanently removing all parts of the upload. For more information, see Aborting Incomplete Multipart Uploads Using a Bucket Lifecycle Configuration in the Amazon S3 User Guide.

Expiration
Type: LifecycleExpiration structure

Specifies the expiration for the lifecycle of the object in the form of date, days and, whether the object has a delete marker.

Filter
Type: LifecycleRuleFilter structure

The container for the filter of lifecycle rule.

ID
Type: string

Unique identifier for the rule. The value cannot be longer than 255 characters.

NoncurrentVersionExpiration
Type: NoncurrentVersionExpiration structure

The noncurrent version expiration of the lifecycle rule.

NoncurrentVersionTransitions
Type: Array of NoncurrentVersionTransition structures

Specifies the transition rule for the lifecycle rule that describes when noncurrent objects transition to a specific storage class. If your bucket is versioning-enabled (or versioning is suspended), you can set this action to request that Amazon S3 transition noncurrent object versions to a specific storage class at a set period in the object's lifetime.

This is not supported by Amazon S3 on Outposts buckets.

Status
Required: Yes
Type: string

If 'Enabled', the rule is currently being applied. If 'Disabled', the rule is not currently being applied.

Transitions
Type: Array of Transition structures

Specifies when an Amazon S3 object transitions to a specified storage class.

This is not supported by Amazon S3 on Outposts buckets.

LifecycleRuleAndOperator

Description

The container for the Outposts bucket lifecycle rule and operator.

Members
ObjectSizeGreaterThan
Type: long (int|float)

The non-inclusive minimum object size for the lifecycle rule. Setting this property to 7 means the rule applies to objects with a size that is greater than 7.

ObjectSizeLessThan
Type: long (int|float)

The non-inclusive maximum object size for the lifecycle rule. Setting this property to 77 means the rule applies to objects with a size that is less than 77.

Prefix
Type: string

Prefix identifying one or more objects to which the rule applies.

Tags
Type: Array of S3Tag structures

All of these tags must exist in the object's tag set in order for the rule to apply.

LifecycleRuleFilter

Description

The container for the filter of the lifecycle rule.

Members
And
Type: LifecycleRuleAndOperator structure

The container for the AND condition for the lifecycle rule.

ObjectSizeGreaterThan
Type: long (int|float)

Minimum object size to which the rule applies.

ObjectSizeLessThan
Type: long (int|float)

Maximum object size to which the rule applies.

Prefix
Type: string

Prefix identifying one or more objects to which the rule applies.

When you're using XML requests, you must replace special characters (such as carriage returns) in object keys with their equivalent XML entity codes. For more information, see XML-related object key constraints in the Amazon S3 User Guide.

Tag
Type: S3Tag structure

A container for a key-value name pair.

ListAccessGrantEntry

Description

Information about the access grant.

Members
AccessGrantArn
Type: string

The Amazon Resource Name (ARN) of the access grant.

AccessGrantId
Type: string

The ID of the access grant. S3 Access Grants auto-generates this ID when you create the access grant.

AccessGrantsLocationConfiguration

The configuration options of the grant location. The grant location is the S3 path to the data to which you are granting access.

AccessGrantsLocationId
Type: string

The ID of the registered location to which you are granting access. S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID default to the default location s3:// and assigns an auto-generated ID to other locations that you register.

ApplicationArn
Type: string

The Amazon Resource Name (ARN) of an Amazon Web Services IAM Identity Center application associated with your Identity Center instance. If the grant includes an application ARN, the grantee can only access the S3 data through this application.

CreatedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time when you created the S3 Access Grants instance.

GrantScope
Type: string

The S3 path of the data to which you are granting access. It is the result of appending the Subprefix to the location scope.

Grantee
Type: Grantee structure

The user, group, or role to which you are granting access. You can grant access to an IAM user or role. If you have added your corporate directory to Amazon Web Services IAM Identity Center and associated your Identity Center instance with your S3 Access Grants instance, the grantee can also be a corporate directory user or group.

Permission
Type: string

The type of access granted to your S3 data, which can be set to one of the following values:

  • READ – Grant read-only access to the S3 data.

  • WRITE – Grant write-only access to the S3 data.

  • READWRITE – Grant both read and write access to the S3 data.

ListAccessGrantsInstanceEntry

Description

Information about the S3 Access Grants instance.

Members
AccessGrantsInstanceArn
Type: string

The Amazon Resource Name (ARN) of the S3 Access Grants instance.

AccessGrantsInstanceId
Type: string

The ID of the S3 Access Grants instance. The ID is default. You can have one S3 Access Grants instance per Region per account.

CreatedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time when you created the S3 Access Grants instance.

IdentityCenterApplicationArn
Type: string

If you associated your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance, this field returns the Amazon Resource Name (ARN) of the IAM Identity Center instance application; a subresource of the original Identity Center instance. S3 Access Grants creates this Identity Center application for the specific S3 Access Grants instance.

IdentityCenterArn
Type: string

If you associated your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance, this field returns the Amazon Resource Name (ARN) of the IAM Identity Center instance application; a subresource of the original Identity Center instance. S3 Access Grants creates this Identity Center application for the specific S3 Access Grants instance.

IdentityCenterInstanceArn
Type: string

The Amazon Resource Name (ARN) of the Amazon Web Services IAM Identity Center instance that you are associating with your S3 Access Grants instance. An IAM Identity Center instance is your corporate identity directory that you added to the IAM Identity Center. You can use the ListInstances API operation to retrieve a list of your Identity Center instances and their ARNs.

ListAccessGrantsLocationsEntry

Description

A container for information about the registered location.

Members
AccessGrantsLocationArn
Type: string

The Amazon Resource Name (ARN) of the registered location.

AccessGrantsLocationId
Type: string

The ID of the registered location to which you are granting access. S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID default to the default location s3:// and assigns an auto-generated ID to other locations that you register.

CreatedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time when you registered the location.

IAMRoleArn
Type: string

The Amazon Resource Name (ARN) of the IAM role for the registered location. S3 Access Grants assumes this role to manage access to the registered location.

LocationScope
Type: string

The S3 path to the location that you are registering. The location scope can be the default S3 location s3://, the S3 path to a bucket s3://<bucket>, or the S3 path to a bucket and prefix s3://<bucket>/<prefix>. A prefix in S3 is a string of characters at the beginning of an object key name used to organize the objects that you store in your S3 buckets. For example, object key names that start with the engineering/ prefix or object key names that start with the marketing/campaigns/ prefix.

ListCallerAccessGrantsEntry

Description

Part of ListCallerAccessGrantsResult. Each entry includes the permission level (READ, WRITE, or READWRITE) and the grant scope of the access grant. If the grant also includes an application ARN, the grantee can only access the S3 data through this application.

Members
ApplicationArn
Type: string

The Amazon Resource Name (ARN) of an Amazon Web Services IAM Identity Center application associated with your Identity Center instance. If the grant includes an application ARN, the grantee can only access the S3 data through this application.

GrantScope
Type: string

The S3 path of the data to which you have been granted access.

Permission
Type: string

The type of permission granted, which can be one of the following values:

  • READ - Grants read-only access to the S3 data.

  • WRITE - Grants write-only access to the S3 data.

  • READWRITE - Grants both read and write access to the S3 data.

ListStorageLensConfigurationEntry

Description

Part of ListStorageLensConfigurationResult. Each entry includes the description of the S3 Storage Lens configuration, its home Region, whether it is enabled, its Amazon Resource Name (ARN), and config ID.

Members
HomeRegion
Required: Yes
Type: string

A container for the S3 Storage Lens home Region. Your metrics data is stored and retained in your designated S3 Storage Lens home Region.

Id
Required: Yes
Type: string

A container for the S3 Storage Lens configuration ID.

IsEnabled
Type: boolean

A container for whether the S3 Storage Lens configuration is enabled. This property is required.

StorageLensArn
Required: Yes
Type: string

The ARN of the S3 Storage Lens configuration. This property is read-only.

ListStorageLensGroupEntry

Description

Each entry contains a Storage Lens group that exists in the specified home Region.

Members
HomeRegion
Required: Yes
Type: string

Contains the Amazon Web Services Region where the Storage Lens group was created.

Name
Required: Yes
Type: string

Contains the name of the Storage Lens group that exists in the specified home Region.

StorageLensGroupArn
Required: Yes
Type: string

Contains the Amazon Resource Name (ARN) of the Storage Lens group. This property is read-only.

MatchObjectAge

Description

A filter condition that specifies the object age range of included objects in days. Only integers are supported.

Members
DaysGreaterThan
Type: int

Specifies the maximum object age in days. Must be a positive whole number, greater than the minimum object age and less than or equal to 2,147,483,647.

DaysLessThan
Type: int

Specifies the minimum object age in days. The value must be a positive whole number, greater than 0 and less than or equal to 2,147,483,647.

MatchObjectSize

Description

A filter condition that specifies the object size range of included objects in bytes. Only integers are supported.

Members
BytesGreaterThan
Type: long (int|float)

Specifies the minimum object size in Bytes. The value must be a positive number, greater than 0 and less than 5 TB.

BytesLessThan
Type: long (int|float)

Specifies the maximum object size in Bytes. The value must be a positive number, greater than the minimum object size and less than 5 TB.

Metrics

Description

A container that specifies replication metrics-related settings.

Members
EventThreshold
Type: ReplicationTimeValue structure

A container that specifies the time threshold for emitting the s3:Replication:OperationMissedThreshold event.

This is not supported by Amazon S3 on Outposts buckets.

Status
Required: Yes
Type: string

Specifies whether replication metrics are enabled.

MultiRegionAccessPointPolicyDocument

Description

The Multi-Region Access Point access control policy.

When you update the policy, the update is first listed as the proposed policy. After the update is finished and all Regions have been updated, the proposed policy is listed as the established policy. If both policies have the same version number, the proposed policy is the established policy.

Members
Established

The last established policy for the Multi-Region Access Point.

Proposed

The proposed policy for the Multi-Region Access Point.

MultiRegionAccessPointRegionalResponse

Description

Status information for a single Multi-Region Access Point Region.

Members
Name
Type: string

The name of the Region in the Multi-Region Access Point.

RequestStatus
Type: string

The current status of the Multi-Region Access Point in this Region.

MultiRegionAccessPointReport

Description

A collection of statuses for a Multi-Region Access Point in the various Regions it supports.

Members
Alias
Type: string

The alias for the Multi-Region Access Point. For more information about the distinction between the name and the alias of an Multi-Region Access Point, see Rules for naming Amazon S3 Multi-Region Access Points.

CreatedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

When the Multi-Region Access Point create request was received.

Name
Type: string

The name of the Multi-Region Access Point.

PublicAccessBlock

The PublicAccessBlock configuration that you want to apply to this Amazon S3 account. You can enable the configuration options in any combination. For more information about when Amazon S3 considers a bucket or object public, see The Meaning of "Public" in the Amazon S3 User Guide.

This data type is not supported for Amazon S3 on Outposts.

Regions
Type: Array of RegionReport structures

A collection of the Regions and buckets associated with the Multi-Region Access Point.

Status
Type: string

The current status of the Multi-Region Access Point.

CREATING and DELETING are temporary states that exist while the request is propagating and being completed. If a Multi-Region Access Point has a status of PARTIALLY_CREATED, you can retry creation or send a request to delete the Multi-Region Access Point. If a Multi-Region Access Point has a status of PARTIALLY_DELETED, you can retry a delete request to finish the deletion of the Multi-Region Access Point.

MultiRegionAccessPointRoute

Description

A structure for a Multi-Region Access Point that indicates where Amazon S3 traffic can be routed. Routes can be either active or passive. Active routes can process Amazon S3 requests through the Multi-Region Access Point, but passive routes are not eligible to process Amazon S3 requests.

Each route contains the Amazon S3 bucket name and the Amazon Web Services Region that the bucket is located in. The route also includes the TrafficDialPercentage value, which shows whether the bucket and Region are active (indicated by a value of 100) or passive (indicated by a value of 0).

Members
Bucket
Type: string

The name of the Amazon S3 bucket for which you'll submit a routing configuration change. Either the Bucket or the Region value must be provided. If both are provided, the bucket must be in the specified Region.

Region
Type: string

The Amazon Web Services Region to which you'll be submitting a routing configuration change. Either the Bucket or the Region value must be provided. If both are provided, the bucket must be in the specified Region.

TrafficDialPercentage
Required: Yes
Type: int

The traffic state for the specified bucket or Amazon Web Services Region.

A value of 0 indicates a passive state, which means that no new traffic will be routed to the Region.

A value of 100 indicates an active state, which means that traffic will be routed to the specified Region.

When the routing configuration for a Region is changed from active to passive, any in-progress operations (uploads, copies, deletes, and so on) to the formerly active Region will continue to run to until a final success or failure status is reached.

If all Regions in the routing configuration are designated as passive, you'll receive an InvalidRequest error.

MultiRegionAccessPointsAsyncResponse

Description

The Multi-Region Access Point details that are returned when querying about an asynchronous request.

Members
Regions
Type: Array of MultiRegionAccessPointRegionalResponse structures

A collection of status information for the different Regions that a Multi-Region Access Point supports.

NoSuchPublicAccessBlockConfiguration

Description

Amazon S3 throws this exception if you make a GetPublicAccessBlock request against an account that doesn't have a PublicAccessBlockConfiguration set.

Members
Message
Type: string

NoncurrentVersionExpiration

Description

The container of the noncurrent version expiration.

Members
NewerNoncurrentVersions
Type: int

Specifies how many noncurrent versions S3 on Outposts will retain. If there are this many more recent noncurrent versions, S3 on Outposts will take the associated action. For more information about noncurrent versions, see Lifecycle configuration elements in the Amazon S3 User Guide.

NoncurrentDays
Type: int

Specifies the number of days an object is noncurrent before Amazon S3 can perform the associated action. For information about the noncurrent days calculations, see How Amazon S3 Calculates When an Object Became Noncurrent in the Amazon S3 User Guide.

NoncurrentVersionTransition

Description

The container for the noncurrent version transition.

Members
NoncurrentDays
Type: int

Specifies the number of days an object is noncurrent before Amazon S3 can perform the associated action. For information about the noncurrent days calculations, see How Amazon S3 Calculates How Long an Object Has Been Noncurrent in the Amazon S3 User Guide.

StorageClass
Type: string

The class of storage used to store the object.

NotFoundException

Description

Members
Message
Type: string

ObjectLambdaAccessPoint

Description

An access point with an attached Lambda function used to access transformed data from an Amazon S3 bucket.

Members
Alias

The alias of the Object Lambda Access Point.

Name
Required: Yes
Type: string

The name of the Object Lambda Access Point.

ObjectLambdaAccessPointArn
Type: string

Specifies the ARN for the Object Lambda Access Point.

ObjectLambdaAccessPointAlias

Description

The alias of an Object Lambda Access Point. For more information, see How to use a bucket-style alias for your S3 bucket Object Lambda Access Point.

Members
Status
Type: string

The status of the Object Lambda Access Point alias. If the status is PROVISIONING, the Object Lambda Access Point is provisioning the alias and the alias is not ready for use yet. If the status is READY, the Object Lambda Access Point alias is successfully provisioned and ready for use.

Value
Type: string

The alias value of the Object Lambda Access Point.

ObjectLambdaConfiguration

Description

A configuration used when creating an Object Lambda Access Point.

Members
AllowedFeatures
Type: Array of strings

A container for allowed features. Valid inputs are GetObject-Range, GetObject-PartNumber, HeadObject-Range, and HeadObject-PartNumber.

CloudWatchMetricsEnabled
Type: boolean

A container for whether the CloudWatch metrics configuration is enabled.

SupportingAccessPoint
Required: Yes
Type: string

Standard access point associated with the Object Lambda Access Point.

TransformationConfigurations
Required: Yes
Type: Array of ObjectLambdaTransformationConfiguration structures

A container for transformation configurations for an Object Lambda Access Point.

ObjectLambdaContentTransformation

Description

A container for AwsLambdaTransformation.

Members
AwsLambda
Type: AwsLambdaTransformation structure

A container for an Lambda function.

ObjectLambdaTransformationConfiguration

Description

A configuration used when creating an Object Lambda Access Point transformation.

Members
Actions
Required: Yes
Type: Array of strings

A container for the action of an Object Lambda Access Point configuration. Valid inputs are GetObject, ListObjects, HeadObject, and ListObjectsV2.

ContentTransformation
Required: Yes
Type: ObjectLambdaContentTransformation structure

A container for the content transformation of an Object Lambda Access Point configuration.

PolicyStatus

Description

Indicates whether this access point policy is public. For more information about how Amazon S3 evaluates policies to determine whether they are public, see The Meaning of "Public" in the Amazon S3 User Guide.

Members
IsPublic
Type: boolean

PrefixLevel

Description

A container for the prefix-level configuration.

Members
StorageMetrics
Required: Yes
Type: PrefixLevelStorageMetrics structure

A container for the prefix-level storage metrics for S3 Storage Lens.

PrefixLevelStorageMetrics

Description

A container for the prefix-level storage metrics for S3 Storage Lens.

Members
IsEnabled
Type: boolean

A container for whether prefix-level storage metrics are enabled.

SelectionCriteria
Type: SelectionCriteria structure

ProposedMultiRegionAccessPointPolicy

Description

The proposed access control policy for the Multi-Region Access Point.

When you update the policy, the update is first listed as the proposed policy. After the update is finished and all Regions have been updated, the proposed policy is listed as the established policy. If both policies have the same version number, the proposed policy is the established policy.

Members
Policy
Type: string

The details of the proposed policy.

PublicAccessBlockConfiguration

Description

The PublicAccessBlock configuration that you want to apply to this Amazon S3 account. You can enable the configuration options in any combination. For more information about when Amazon S3 considers a bucket or object public, see The Meaning of "Public" in the Amazon S3 User Guide.

This data type is not supported for Amazon S3 on Outposts.

Members
BlockPublicAcls
Type: boolean

Specifies whether Amazon S3 should block public access control lists (ACLs) for buckets in this account. Setting this element to TRUE causes the following behavior:

  • PutBucketAcl and PutObjectAcl calls fail if the specified ACL is public.

  • PUT Object calls fail if the request includes a public ACL.

  • PUT Bucket calls fail if the request includes a public ACL.

Enabling this setting doesn't affect existing policies or ACLs.

This property is not supported for Amazon S3 on Outposts.

BlockPublicPolicy
Type: boolean

Specifies whether Amazon S3 should block public bucket policies for buckets in this account. Setting this element to TRUE causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access.

Enabling this setting doesn't affect existing bucket policies.

This property is not supported for Amazon S3 on Outposts.

IgnorePublicAcls
Type: boolean

Specifies whether Amazon S3 should ignore public ACLs for buckets in this account. Setting this element to TRUE causes Amazon S3 to ignore all public ACLs on buckets in this account and any objects that they contain.

Enabling this setting doesn't affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set.

This property is not supported for Amazon S3 on Outposts.

RestrictPublicBuckets
Type: boolean

Specifies whether Amazon S3 should restrict public bucket policies for buckets in this account. Setting this element to TRUE restricts access to buckets with public policies to only Amazon Web Services service principals and authorized users within this account.

Enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked.

This property is not supported for Amazon S3 on Outposts.

PutAccessGrantsInstanceResourcePolicyRequest

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID of the S3 Access Grants instance.

Organization
Type: string

The Organization of the resource policy of the S3 Access Grants instance.

Policy
Required: Yes
Type: string

The resource policy of the S3 Access Grants instance that you are updating.

PutAccessPointConfigurationForObjectLambdaRequest

Members
AccountId
Required: Yes
Type: string

The account ID for the account that owns the specified Object Lambda Access Point.

Configuration
Required: Yes
Type: ObjectLambdaConfiguration structure

Object Lambda Access Point configuration document.

Name
Required: Yes
Type: string

The name of the Object Lambda Access Point.

PutAccessPointPolicyForObjectLambdaRequest

Members
AccountId
Required: Yes
Type: string

The account ID for the account that owns the specified Object Lambda Access Point.

Name
Required: Yes
Type: string

The name of the Object Lambda Access Point.

Policy
Required: Yes
Type: string

Object Lambda Access Point resource policy document.

PutAccessPointPolicyRequest

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID for owner of the bucket associated with the specified access point.

Name
Required: Yes
Type: string

The name of the access point that you want to associate with the specified policy.

For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the access point accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/accesspoint/<my-accesspoint-name>. For example, to access the access point reports-ap through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap. The value must be URL encoded.

Policy
Required: Yes
Type: string

The policy that you want to apply to the specified access point. For more information about access point policies, see Managing data access with Amazon S3 access points in the Amazon S3 User Guide.

PutBucketPolicyRequest

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID of the Outposts bucket.

Bucket
Required: Yes
Type: string

Specifies the bucket.

For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.

ConfirmRemoveSelfBucketAccess
Type: boolean

Set this parameter to true to confirm that you want to remove your permissions to change this bucket policy in the future.

This is not supported by Amazon S3 on Outposts buckets.

Policy
Required: Yes
Type: string

The bucket policy as a JSON document.

PutJobTaggingRequest

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID associated with the S3 Batch Operations job.

JobId
Required: Yes
Type: string

The ID for the S3 Batch Operations job whose tags you want to replace.

Tags
Required: Yes
Type: Array of S3Tag structures

The set of tags to associate with the S3 Batch Operations job.

PutMultiRegionAccessPointPolicyInput

Description

A container for the information associated with a PutMultiRegionAccessPoint request.

Members
Name
Required: Yes
Type: string

The name of the Multi-Region Access Point associated with the request.

Policy
Required: Yes
Type: string

The policy details for the PutMultiRegionAccessPoint request.

PutMultiRegionAccessPointPolicyRequest

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID for the owner of the Multi-Region Access Point.

ClientToken
Required: Yes
Type: string

An idempotency token used to identify the request and guarantee that requests are unique.

Details
Required: Yes
Type: PutMultiRegionAccessPointPolicyInput structure

A container element containing the details of the policy for the Multi-Region Access Point.

PutStorageLensConfigurationRequest

Members
AccountId
Required: Yes
Type: string

The account ID of the requester.

ConfigId
Required: Yes
Type: string

The ID of the S3 Storage Lens configuration.

StorageLensConfiguration
Required: Yes
Type: StorageLensConfiguration structure

The S3 Storage Lens configuration.

Tags
Type: Array of StorageLensTag structures

The tag set of the S3 Storage Lens configuration.

You can set up to a maximum of 50 tags.

PutStorageLensConfigurationTaggingRequest

Members
AccountId
Required: Yes
Type: string

The account ID of the requester.

ConfigId
Required: Yes
Type: string

The ID of the S3 Storage Lens configuration.

Tags
Required: Yes
Type: Array of StorageLensTag structures

The tag set of the S3 Storage Lens configuration.

You can set up to a maximum of 50 tags.

Region

Description

A Region that supports a Multi-Region Access Point as well as the associated bucket for the Region.

Members
Bucket
Required: Yes
Type: string

The name of the associated bucket for the Region.

BucketAccountId
Type: string

The Amazon Web Services account ID that owns the Amazon S3 bucket that's associated with this Multi-Region Access Point.

RegionReport

Description

A combination of a bucket and Region that's part of a Multi-Region Access Point.

Members
Bucket
Type: string

The name of the bucket.

BucketAccountId
Type: string

The Amazon Web Services account ID that owns the Amazon S3 bucket that's associated with this Multi-Region Access Point.

Region
Type: string

The name of the Region.

RegionalBucket

Description

The container for the regional bucket.

Members
Bucket
Required: Yes
Type: string

BucketArn
Type: string

The Amazon Resource Name (ARN) for the regional bucket.

CreationDate
Required: Yes
Type: timestamp (string|DateTime or anything parsable by strtotime)

The creation date of the regional bucket

OutpostId
Type: string

The Outposts ID of the regional bucket.

PublicAccessBlockEnabled
Required: Yes
Type: boolean

ReplicaModifications

Description

A filter that you can use to specify whether replica modification sync is enabled. S3 on Outposts replica modification sync can help you keep object metadata synchronized between replicas and source objects. By default, S3 on Outposts replicates metadata from the source objects to the replicas only. When replica modification sync is enabled, S3 on Outposts replicates metadata changes made to the replica copies back to the source object, making the replication bidirectional.

To replicate object metadata modifications on replicas, you can specify this element and set the Status of this element to Enabled.

You must enable replica modification sync on the source and destination buckets to replicate replica metadata changes between the source and the replicas.

Members
Status
Required: Yes
Type: string

Specifies whether S3 on Outposts replicates modifications to object metadata on replicas.

ReplicationConfiguration

Description

A container for one or more replication rules. A replication configuration must have at least one rule and you can add up to 100 rules. The maximum size of a replication configuration is 128 KB.

Members
Role
Required: Yes
Type: string

The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that S3 on Outposts assumes when replicating objects. For information about S3 replication on Outposts configuration, see Setting up replication in the Amazon S3 User Guide.

Rules
Required: Yes
Type: Array of ReplicationRule structures

A container for one or more replication rules. A replication configuration must have at least one rule and can contain an array of 100 rules at the most.

ReplicationRule

Description

Specifies which S3 on Outposts objects to replicate and where to store the replicas.

Members
Bucket
Required: Yes
Type: string

The Amazon Resource Name (ARN) of the access point for the source Outposts bucket that you want S3 on Outposts to replicate the objects from.

DeleteMarkerReplication
Type: DeleteMarkerReplication structure

Specifies whether S3 on Outposts replicates delete markers. If you specify a Filter element in your replication configuration, you must also include a DeleteMarkerReplication element. If your Filter includes a Tag element, the DeleteMarkerReplication element's Status child element must be set to Disabled, because S3 on Outposts doesn't support replicating delete markers for tag-based rules.

For more information about delete marker replication, see How delete operations affect replication in the Amazon S3 User Guide.

Destination
Required: Yes
Type: Destination structure

A container for information about the replication destination and its configurations.

ExistingObjectReplication
Type: ExistingObjectReplication structure

An optional configuration to replicate existing source bucket objects.

This is not supported by Amazon S3 on Outposts buckets.

Filter
Type: ReplicationRuleFilter structure

A filter that identifies the subset of objects to which the replication rule applies. A Filter element must specify exactly one Prefix, Tag, or And child element.

ID
Type: string

A unique identifier for the rule. The maximum value is 255 characters.

Prefix
Type: string

An object key name prefix that identifies the object or objects to which the rule applies. The maximum prefix length is 1,024 characters. To include all objects in an Outposts bucket, specify an empty string.

When you're using XML requests, you must replace special characters (such as carriage returns) in object keys with their equivalent XML entity codes. For more information, see XML-related object key constraints in the Amazon S3 User Guide.

Priority
Type: int

The priority indicates which rule has precedence whenever two or more replication rules conflict. S3 on Outposts attempts to replicate objects according to all replication rules. However, if there are two or more rules with the same destination Outposts bucket, then objects will be replicated according to the rule with the highest priority. The higher the number, the higher the priority.

For more information, see Creating replication rules on Outposts in the Amazon S3 User Guide.

SourceSelectionCriteria
Type: SourceSelectionCriteria structure

A container that describes additional filters for identifying the source Outposts objects that you want to replicate. You can choose to enable or disable the replication of these objects.

Status
Required: Yes
Type: string

Specifies whether the rule is enabled.

ReplicationRuleAndOperator

Description

A container for specifying rule filters. The filters determine the subset of objects to which the rule applies. This element is required only if you specify more than one filter.

For example:

  • If you specify both a Prefix and a Tag filter, wrap these filters in an And element.

  • If you specify a filter based on multiple tags, wrap the Tag elements in an And element.

Members
Prefix
Type: string

An object key name prefix that identifies the subset of objects that the rule applies to.

Tags
Type: Array of S3Tag structures

An array of tags that contain key and value pairs.

ReplicationRuleFilter

Description

A filter that identifies the subset of objects to which the replication rule applies. A Filter element must specify exactly one Prefix, Tag, or And child element.

Members
And
Type: ReplicationRuleAndOperator structure

A container for specifying rule filters. The filters determine the subset of objects that the rule applies to. This element is required only if you specify more than one filter. For example:

  • If you specify both a Prefix and a Tag filter, wrap these filters in an And element.

  • If you specify a filter based on multiple tags, wrap the Tag elements in an And element.

Prefix
Type: string

An object key name prefix that identifies the subset of objects that the rule applies to.

When you're using XML requests, you must replace special characters (such as carriage returns) in object keys with their equivalent XML entity codes. For more information, see XML-related object key constraints in the Amazon S3 User Guide.

Tag
Type: S3Tag structure

A container for a key-value name pair.

ReplicationTime

Description

A container that specifies S3 Replication Time Control (S3 RTC) related information, including whether S3 RTC is enabled and the time when all objects and operations on objects must be replicated.

This is not supported by Amazon S3 on Outposts buckets.

Members
Status
Required: Yes
Type: string

Specifies whether S3 Replication Time Control (S3 RTC) is enabled.

Time
Required: Yes
Type: ReplicationTimeValue structure

A container that specifies the time by which replication should be complete for all objects and operations on objects.

ReplicationTimeValue

Description

A container that specifies the time value for S3 Replication Time Control (S3 RTC). This value is also used for the replication metrics EventThreshold element.

This is not supported by Amazon S3 on Outposts buckets.

Members
Minutes
Type: int

Contains an integer that specifies the time period in minutes.

Valid value: 15

S3AccessControlList

Description

Members
Grants
Type: Array of S3Grant structures

Owner
Required: Yes
Type: S3ObjectOwner structure

S3AccessControlPolicy

Description

Members
AccessControlList
Type: S3AccessControlList structure

CannedAccessControlList
Type: string

S3BucketDestination

Description

A container for the bucket where the Amazon S3 Storage Lens metrics export files are located.

Members
AccountId
Required: Yes
Type: string

The account ID of the owner of the S3 Storage Lens metrics export bucket.

Arn
Required: Yes
Type: string

The Amazon Resource Name (ARN) of the bucket. This property is read-only and follows the following format: arn:aws:s3:us-east-1:example-account-id:bucket/your-destination-bucket-name

Encryption

The container for the type encryption of the metrics exports in this bucket.

Format
Required: Yes
Type: string

OutputSchemaVersion
Required: Yes
Type: string

The schema version of the export file.

Prefix
Type: string

The prefix of the destination bucket where the metrics export will be delivered.

S3CopyObjectOperation

Description

Contains the configuration parameters for a PUT Copy object operation. S3 Batch Operations passes every object to the underlying CopyObject API operation. For more information about the parameters for this operation, see CopyObject.

Members
AccessControlGrants
Type: Array of S3Grant structures

This functionality is not supported by directory buckets.

BucketKeyEnabled
Type: boolean

Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption with server-side encryption using Amazon Web Services KMS (SSE-KMS). Setting this header to true causes Amazon S3 to use an S3 Bucket Key for object encryption with SSE-KMS.

Specifying this header with an Copy action doesn’t affect bucket-level settings for S3 Bucket Key.

Directory buckets - S3 Bucket Keys aren't supported, when you copy SSE-KMS encrypted objects from general purpose buckets to directory buckets, from directory buckets to general purpose buckets, or between directory buckets, through the Copy operation in Batch Operations. In this case, Amazon S3 makes a call to KMS every time a copy request is made for a KMS-encrypted object.

CannedAccessControlList
Type: string

This functionality is not supported by directory buckets.

ChecksumAlgorithm
Type: string

Indicates the algorithm that you want Amazon S3 to use to create the checksum. For more information, see Checking object integrity in the Amazon S3 User Guide.

MetadataDirective
Type: string

ModifiedSinceConstraint
Type: timestamp (string|DateTime or anything parsable by strtotime)

NewObjectMetadata
Type: S3ObjectMetadata structure

If you don't provide this parameter, Amazon S3 copies all the metadata from the original objects. If you specify an empty set, the new objects will have no tags. Otherwise, Amazon S3 assigns the supplied tags to the new objects.

NewObjectTagging
Type: Array of S3Tag structures

Specifies a list of tags to add to the destination objects after they are copied. If NewObjectTagging is not specified, the tags of the source objects are copied to destination objects by default.

Directory buckets - Tags aren't supported by directory buckets. If your source objects have tags and your destination bucket is a directory bucket, specify an empty tag set in the NewObjectTagging field to prevent copying the source object tags to the directory bucket.

ObjectLockLegalHoldStatus
Type: string

The legal hold status to be applied to all objects in the Batch Operations job.

This functionality is not supported by directory buckets.

ObjectLockMode
Type: string

The retention mode to be applied to all objects in the Batch Operations job.

This functionality is not supported by directory buckets.

ObjectLockRetainUntilDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date when the applied object retention configuration expires on all objects in the Batch Operations job.

This functionality is not supported by directory buckets.

RedirectLocation
Type: string

If the destination bucket is configured as a website, specifies an optional metadata property for website redirects, x-amz-website-redirect-location. Allows webpage redirects if the object copy is accessed through a website endpoint.

This functionality is not supported by directory buckets.

RequesterPays
Type: boolean

This functionality is not supported by directory buckets.

SSEAwsKmsKeyId
Type: string

Specifies the KMS key ID (Key ID, Key ARN, or Key Alias) to use for object encryption. If the KMS key doesn't exist in the same account that's issuing the command, you must use the full Key ARN not the Key ID.

Directory buckets - If you specify SSEAlgorithm with KMS, you must specify the SSEAwsKmsKeyId parameter with the ID (Key ID or Key ARN) of the KMS symmetric encryption customer managed key to use. Otherwise, you get an HTTP 400 Bad Request error. The key alias format of the KMS key isn't supported. To encrypt new object copies in a directory bucket with SSE-KMS, you must specify SSE-KMS as the directory bucket's default encryption configuration with a KMS key (specifically, a customer managed key). The Amazon Web Services managed key (aws/s3) isn't supported. Your SSE-KMS configuration can only support 1 customer managed key per directory bucket for the lifetime of the bucket. After you specify a customer managed key for SSE-KMS as the bucket default encryption, you can't override the customer managed key for the bucket's SSE-KMS configuration. Then, when you specify server-side encryption settings for new object copies with SSE-KMS, you must make sure the encryption key is the same customer managed key that you specified for the directory bucket's default encryption configuration.

StorageClass
Type: string

Specify the storage class for the destination objects in a Copy operation.

Directory buckets - This functionality is not supported by directory buckets.

TargetKeyPrefix
Type: string

Specifies the folder prefix that you want the objects to be copied into. For example, to copy objects into a folder named Folder1 in the destination bucket, set the TargetKeyPrefix property to Folder1.

TargetResource
Type: string

Specifies the destination bucket Amazon Resource Name (ARN) for the batch copy operation.

  • General purpose buckets - For example, to copy objects to a general purpose bucket named destinationBucket, set the TargetResource property to arn:aws:s3:::destinationBucket.

  • Directory buckets - For example, to copy objects to a directory bucket named destinationBucket in the Availability Zone; identified by the AZ ID usw2-az1, set the TargetResource property to arn:aws:s3express:region:account_id:/bucket/destination_bucket_base_name--usw2-az1--x-s3.

UnModifiedSinceConstraint
Type: timestamp (string|DateTime or anything parsable by strtotime)

S3DeleteObjectTaggingOperation

Description

Contains no configuration parameters because the DELETE Object tagging (DeleteObjectTagging) API operation accepts only the bucket name and key name as parameters, which are defined in the job's manifest.

Members

S3GeneratedManifestDescriptor

Description

Describes the specified job's generated manifest. Batch Operations jobs created with a ManifestGenerator populate details of this descriptor after execution of the ManifestGenerator.

Members
Format
Type: string

The format of the generated manifest.

Location
Type: JobManifestLocation structure

Contains the information required to locate a manifest object. Manifests can't be imported from directory buckets. For more information, see Directory buckets.

S3Grant

Description

Members
Grantee
Type: S3Grantee structure

Permission
Type: string

S3Grantee

Description

Members
DisplayName
Type: string

Identifier
Type: string

TypeIdentifier
Type: string

S3InitiateRestoreObjectOperation

Description

Contains the configuration parameters for a POST Object restore job. S3 Batch Operations passes every object to the underlying RestoreObject API operation. For more information about the parameters for this operation, see RestoreObject.

Members
ExpirationInDays
Type: int

This argument specifies how long the S3 Glacier or S3 Glacier Deep Archive object remains available in Amazon S3. S3 Initiate Restore Object jobs that target S3 Glacier and S3 Glacier Deep Archive objects require ExpirationInDays set to 1 or greater.

Conversely, do not set ExpirationInDays when creating S3 Initiate Restore Object jobs that target S3 Intelligent-Tiering Archive Access and Deep Archive Access tier objects. Objects in S3 Intelligent-Tiering archive access tiers are not subject to restore expiry, so specifying ExpirationInDays results in restore request failure.

S3 Batch Operations jobs can operate either on S3 Glacier and S3 Glacier Deep Archive storage class objects or on S3 Intelligent-Tiering Archive Access and Deep Archive Access storage tier objects, but not both types in the same job. If you need to restore objects of both types you must create separate Batch Operations jobs.

GlacierJobTier
Type: string

S3 Batch Operations supports STANDARD and BULK retrieval tiers, but not the EXPEDITED retrieval tier.

S3JobManifestGenerator

Description

The container for the service that will create the S3 manifest.

Members
EnableManifestOutput
Required: Yes
Type: boolean

Determines whether or not to write the job's generated manifest to a bucket.

ExpectedBucketOwner
Type: string

The Amazon Web Services account ID that owns the bucket the generated manifest is written to. If provided the generated manifest bucket's owner Amazon Web Services account ID must match this value, else the job fails.

Filter
Type: JobManifestGeneratorFilter structure

Specifies rules the S3JobManifestGenerator should use to decide whether an object in the source bucket should or should not be included in the generated job manifest.

ManifestOutputLocation
Type: S3ManifestOutputLocation structure

Specifies the location the generated manifest will be written to. Manifests can't be written to directory buckets. For more information, see Directory buckets.

SourceBucket
Required: Yes
Type: string

The ARN of the source bucket used by the ManifestGenerator.

Directory buckets - Directory buckets aren't supported as the source buckets used by S3JobManifestGenerator to generate the job manifest.

S3ManifestOutputLocation

Description

Location details for where the generated manifest should be written.

Members
Bucket
Required: Yes
Type: string

The bucket ARN the generated manifest should be written to.

Directory buckets - Directory buckets aren't supported as the buckets to store the generated manifest.

ExpectedManifestBucketOwner
Type: string

The Account ID that owns the bucket the generated manifest is written to.

ManifestEncryption
Type: GeneratedManifestEncryption structure

Specifies what encryption should be used when the generated manifest objects are written.

ManifestFormat
Required: Yes
Type: string

The format of the generated manifest.

ManifestPrefix
Type: string

Prefix identifying one or more objects to which the manifest applies.

S3ObjectLockLegalHold

Description

Whether S3 Object Lock legal hold will be applied to objects in an S3 Batch Operations job.

Members
Status
Required: Yes
Type: string

The Object Lock legal hold status to be applied to all objects in the Batch Operations job.

S3ObjectMetadata

Description

Members
CacheControl
Type: string

ContentDisposition
Type: string

ContentEncoding
Type: string

ContentLanguage
Type: string

ContentLength
Type: long (int|float)

This member has been deprecated.

ContentMD5
Type: string

This member has been deprecated.

ContentType
Type: string

HttpExpiresDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

RequesterCharged
Type: boolean

This member has been deprecated.

SSEAlgorithm
Type: string

The server-side encryption algorithm used when storing objects in Amazon S3.

Directory buckets - For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) and server-side encryption with KMS keys (SSE-KMS) (KMS). For more information, see Protecting data with server-side encryption in the Amazon S3 User Guide. For the Copy operation in Batch Operations, see S3CopyObjectOperation.

UserMetadata
Type: Associative array of custom strings keys (NonEmptyMaxLength1024String) to strings

S3ObjectOwner

Description

Members
DisplayName
Type: string

ID
Type: string

S3ReplicateObjectOperation

Description

Directs the specified job to invoke ReplicateObject on every object in the job's manifest.

Members

S3Retention

Description

Contains the S3 Object Lock retention mode to be applied to all objects in the S3 Batch Operations job. If you don't provide Mode and RetainUntilDate data types in your operation, you will remove the retention from your objects. For more information, see Using S3 Object Lock retention with S3 Batch Operations in the Amazon S3 User Guide.

Members
Mode
Type: string

The Object Lock retention mode to be applied to all objects in the Batch Operations job.

RetainUntilDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date when the applied Object Lock retention will expire on all objects set by the Batch Operations job.

S3SetObjectAclOperation

Description

Contains the configuration parameters for a PUT Object ACL operation. S3 Batch Operations passes every object to the underlying PutObjectAcl API operation. For more information about the parameters for this operation, see PutObjectAcl.

Members
AccessControlPolicy
Type: S3AccessControlPolicy structure

S3SetObjectLegalHoldOperation

Description

Contains the configuration for an S3 Object Lock legal hold operation that an S3 Batch Operations job passes to every object to the underlying PutObjectLegalHold API operation. For more information, see Using S3 Object Lock legal hold with S3 Batch Operations in the Amazon S3 User Guide.

This functionality is not supported by directory buckets.

Members
LegalHold
Required: Yes
Type: S3ObjectLockLegalHold structure

Contains the Object Lock legal hold status to be applied to all objects in the Batch Operations job.

S3SetObjectRetentionOperation

Description

Contains the configuration parameters for the Object Lock retention action for an S3 Batch Operations job. Batch Operations passes every object to the underlying PutObjectRetention API operation. For more information, see Using S3 Object Lock retention with S3 Batch Operations in the Amazon S3 User Guide.

This functionality is not supported by directory buckets.

Members
BypassGovernanceRetention
Type: boolean

Indicates if the action should be applied to objects in the Batch Operations job even if they have Object Lock GOVERNANCE type in place.

Retention
Required: Yes
Type: S3Retention structure

Contains the Object Lock retention mode to be applied to all objects in the Batch Operations job. For more information, see Using S3 Object Lock retention with S3 Batch Operations in the Amazon S3 User Guide.

S3SetObjectTaggingOperation

Description

Contains the configuration parameters for a PUT Object Tagging operation. S3 Batch Operations passes every object to the underlying PutObjectTagging API operation. For more information about the parameters for this operation, see PutObjectTagging.

Members
TagSet
Type: Array of S3Tag structures

S3Tag

Description

A container for a key-value name pair.

Members
Key
Required: Yes
Type: string

Key of the tag

Value
Required: Yes
Type: string

Value of the tag

SSEKMS

Description

Members
KeyId
Required: Yes
Type: string

A container for the ARN of the SSE-KMS encryption. This property is read-only and follows the following format: arn:aws:kms:us-east-1:example-account-id:key/example-9a73-4afc-8d29-8f5900cef44e

SSEKMSEncryption

Description

Configuration for the use of SSE-KMS to encrypt generated manifest objects.

Members
KeyId
Required: Yes
Type: string

Specifies the ID of the Amazon Web Services Key Management Service (Amazon Web Services KMS) symmetric encryption customer managed key to use for encrypting generated manifest objects.

SSES3

Description

Members

SSES3Encryption

Description

Configuration for the use of SSE-S3 to encrypt generated manifest objects.

Members

SelectionCriteria

Description

Members
Delimiter
Type: string

A container for the delimiter of the selection criteria being used.

MaxDepth
Type: int

The max depth of the selection criteria

MinStorageBytesPercentage
Type: double

The minimum number of storage bytes percentage whose metrics will be selected.

You must choose a value greater than or equal to 1.0.

SourceSelectionCriteria

Description

A container that describes additional filters for identifying the source objects that you want to replicate. You can choose to enable or disable the replication of these objects.

Members
ReplicaModifications
Type: ReplicaModifications structure

A filter that you can use to specify whether replica modification sync is enabled. S3 on Outposts replica modification sync can help you keep object metadata synchronized between replicas and source objects. By default, S3 on Outposts replicates metadata from the source objects to the replicas only. When replica modification sync is enabled, S3 on Outposts replicates metadata changes made to the replica copies back to the source object, making the replication bidirectional.

To replicate object metadata modifications on replicas, you can specify this element and set the Status of this element to Enabled.

You must enable replica modification sync on the source and destination buckets to replicate replica metadata changes between the source and the replicas.

SseKmsEncryptedObjects
Type: SseKmsEncryptedObjects structure

A filter that you can use to select Amazon S3 objects that are encrypted with server-side encryption by using Key Management Service (KMS) keys. If you include SourceSelectionCriteria in the replication configuration, this element is required.

This is not supported by Amazon S3 on Outposts buckets.

SseKmsEncryptedObjects

Description

A container for filter information that you can use to select S3 objects that are encrypted with Key Management Service (KMS).

This is not supported by Amazon S3 on Outposts buckets.

Members
Status
Required: Yes
Type: string

Specifies whether Amazon S3 replicates objects that are created with server-side encryption by using an KMS key stored in Key Management Service.

StorageLensAwsOrg

Description

The Amazon Web Services organization for your S3 Storage Lens.

Members
Arn
Required: Yes
Type: string

A container for the Amazon Resource Name (ARN) of the Amazon Web Services organization. This property is read-only and follows the following format: arn:aws:organizations:us-east-1:example-account-id:organization/o-ex2l495dck

StorageLensConfiguration

Description

A container for the Amazon S3 Storage Lens configuration.

Members
AccountLevel
Required: Yes
Type: AccountLevel structure

A container for all the account-level configurations of your S3 Storage Lens configuration.

AwsOrg
Type: StorageLensAwsOrg structure

A container for the Amazon Web Services organization for this S3 Storage Lens configuration.

DataExport
Type: StorageLensDataExport structure

A container to specify the properties of your S3 Storage Lens metrics export including, the destination, schema and format.

Exclude
Type: Exclude structure

A container for what is excluded in this configuration. This container can only be valid if there is no Include container submitted, and it's not empty.

Id
Required: Yes
Type: string

A container for the Amazon S3 Storage Lens configuration ID.

Include
Type: Include structure

A container for what is included in this configuration. This container can only be valid if there is no Exclude container submitted, and it's not empty.

IsEnabled
Required: Yes
Type: boolean

A container for whether the S3 Storage Lens configuration is enabled.

StorageLensArn
Type: string

The Amazon Resource Name (ARN) of the S3 Storage Lens configuration. This property is read-only and follows the following format: arn:aws:s3:us-east-1:example-account-id:storage-lens/your-dashboard-name

StorageLensDataExport

Description

A container to specify the properties of your S3 Storage Lens metrics export, including the destination, schema, and format.

Members
CloudWatchMetrics
Type: CloudWatchMetrics structure

A container for enabling Amazon CloudWatch publishing for S3 Storage Lens metrics.

S3BucketDestination
Type: S3BucketDestination structure

A container for the bucket where the S3 Storage Lens metrics export will be located.

This bucket must be located in the same Region as the storage lens configuration.

StorageLensDataExportEncryption

Description

A container for the encryption of the S3 Storage Lens metrics exports.

Members
SSEKMS
Type: SSEKMS structure

SSES3
Type: SSES3 structure

StorageLensGroup

Description

A custom grouping of objects that include filters for prefixes, suffixes, object tags, object size, or object age. You can create an S3 Storage Lens group that includes a single filter or multiple filter conditions. To specify multiple filter conditions, you use AND or OR logical operators.

Members
Filter
Required: Yes
Type: StorageLensGroupFilter structure

Sets the criteria for the Storage Lens group data that is displayed. For multiple filter conditions, the AND or OR logical operator is used.

Name
Required: Yes
Type: string

Contains the name of the Storage Lens group.

StorageLensGroupArn
Type: string

Contains the Amazon Resource Name (ARN) of the Storage Lens group. This property is read-only.

StorageLensGroupAndOperator

Description

A logical operator that allows multiple filter conditions to be joined for more complex comparisons of Storage Lens group data.

Members
MatchAnyPrefix
Type: Array of strings

Contains a list of prefixes. At least one prefix must be specified. Up to 10 prefixes are allowed.

MatchAnySuffix
Type: Array of strings

Contains a list of suffixes. At least one suffix must be specified. Up to 10 suffixes are allowed.

MatchAnyTag
Type: Array of S3Tag structures

Contains the list of object tags. At least one object tag must be specified. Up to 10 object tags are allowed.

MatchObjectAge
Type: MatchObjectAge structure

Contains DaysGreaterThan and DaysLessThan to define the object age range (minimum and maximum number of days).

MatchObjectSize
Type: MatchObjectSize structure

Contains BytesGreaterThan and BytesLessThan to define the object size range (minimum and maximum number of Bytes).

StorageLensGroupFilter

Description

The filter element sets the criteria for the Storage Lens group data that is displayed. For multiple filter conditions, the AND or OR logical operator is used.

Members
And
Type: StorageLensGroupAndOperator structure

A logical operator that allows multiple filter conditions to be joined for more complex comparisons of Storage Lens group data. Objects must match all of the listed filter conditions that are joined by the And logical operator. Only one of each filter condition is allowed.

MatchAnyPrefix
Type: Array of strings

Contains a list of prefixes. At least one prefix must be specified. Up to 10 prefixes are allowed.

MatchAnySuffix
Type: Array of strings

Contains a list of suffixes. At least one suffix must be specified. Up to 10 suffixes are allowed.

MatchAnyTag
Type: Array of S3Tag structures

Contains the list of S3 object tags. At least one object tag must be specified. Up to 10 object tags are allowed.

MatchObjectAge
Type: MatchObjectAge structure

Contains DaysGreaterThan and DaysLessThan to define the object age range (minimum and maximum number of days).

MatchObjectSize
Type: MatchObjectSize structure

Contains BytesGreaterThan and BytesLessThan to define the object size range (minimum and maximum number of Bytes).

Or
Type: StorageLensGroupOrOperator structure

A single logical operator that allows multiple filter conditions to be joined. Objects can match any of the listed filter conditions, which are joined by the Or logical operator. Only one of each filter condition is allowed.

StorageLensGroupLevel

Description

Specifies the Storage Lens groups to include in the Storage Lens group aggregation.

Members
SelectionCriteria

Indicates which Storage Lens group ARNs to include or exclude in the Storage Lens group aggregation. If this value is left null, then all Storage Lens groups are selected.

StorageLensGroupLevelSelectionCriteria

Description

Indicates which Storage Lens group ARNs to include or exclude in the Storage Lens group aggregation. You can only attach Storage Lens groups to your Storage Lens dashboard if they're included in your Storage Lens group aggregation. If this value is left null, then all Storage Lens groups are selected.

Members
Exclude
Type: Array of strings

Indicates which Storage Lens group ARNs to exclude from the Storage Lens group aggregation.

Include
Type: Array of strings

Indicates which Storage Lens group ARNs to include in the Storage Lens group aggregation.

StorageLensGroupOrOperator

Description

A container element for specifying Or rule conditions. The rule conditions determine the subset of objects to which the Or rule applies. Objects can match any of the listed filter conditions, which are joined by the Or logical operator. Only one of each filter condition is allowed.

Members
MatchAnyPrefix
Type: Array of strings

Filters objects that match any of the specified prefixes.

MatchAnySuffix
Type: Array of strings

Filters objects that match any of the specified suffixes.

MatchAnyTag
Type: Array of S3Tag structures

Filters objects that match any of the specified S3 object tags.

MatchObjectAge
Type: MatchObjectAge structure

Filters objects that match the specified object age range.

MatchObjectSize
Type: MatchObjectSize structure

Filters objects that match the specified object size range.

StorageLensTag

Description

Members
Key
Required: Yes
Type: string

Value
Required: Yes
Type: string

SubmitMultiRegionAccessPointRoutesRequest

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID for the owner of the Multi-Region Access Point.

Mrap
Required: Yes
Type: string

The Multi-Region Access Point ARN.

RouteUpdates
Required: Yes
Type: Array of MultiRegionAccessPointRoute structures

The different routes that make up the new route configuration. Active routes return a value of 100, and passive routes return a value of 0.

Tag

Description

An Amazon Web Services resource tag that's associated with your S3 resource. You can add tags to new objects when you upload them, or you can add object tags to existing objects.

This operation is only supported for S3 Storage Lens groups and for S3 Access Grants. The tagged resource can be an S3 Storage Lens group or S3 Access Grants instance, registered location, or grant.

Members
Key
Required: Yes
Type: string

The key of the key-value pair of a tag added to your Amazon Web Services resource. A tag key can be up to 128 Unicode characters in length and is case-sensitive. System created tags that begin with aws: aren’t supported.

Value
Required: Yes
Type: string

The value of the key-value pair of a tag added to your Amazon Web Services resource. A tag value can be up to 256 Unicode characters in length and is case-sensitive.

TagResourceRequest

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID that created the S3 resource that you're trying to add tags to or the requester's account ID.

ResourceArn
Required: Yes
Type: string

The Amazon Resource Name (ARN) of the S3 resource that you're trying to add tags to. The tagged resource can be an S3 Storage Lens group or S3 Access Grants instance, registered location, or grant.

Tags
Required: Yes
Type: Array of Tag structures

The Amazon Web Services resource tags that you want to add to the specified S3 resource.

Tagging

Description

Members
TagSet
Required: Yes
Type: Array of S3Tag structures

A collection for a set of tags.

TooManyRequestsException

Description

Members
Message
Type: string

TooManyTagsException

Description

Amazon S3 throws this exception if you have too many tags in your tag set.

Members
Message
Type: string

Transition

Description

Specifies when an object transitions to a specified storage class. For more information about Amazon S3 Lifecycle configuration rules, see Transitioning objects using Amazon S3 Lifecycle in the Amazon S3 User Guide.

Members
Date
Type: timestamp (string|DateTime or anything parsable by strtotime)

Indicates when objects are transitioned to the specified storage class. The date value must be in ISO 8601 format. The time is always midnight UTC.

Days
Type: int

Indicates the number of days after creation when objects are transitioned to the specified storage class. The value must be a positive integer.

StorageClass
Type: string

The storage class to which you want the object to transition.

UpdateAccessGrantsLocationRequest

Members
AccessGrantsLocationId
Required: Yes
Type: string

The ID of the registered location that you are updating. S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID default to the default location s3:// and assigns an auto-generated ID to other locations that you register.

The ID of the registered location to which you are granting access. S3 Access Grants assigned this ID when you registered the location. S3 Access Grants assigns the ID default to the default location s3:// and assigns an auto-generated ID to other locations that you register.

If you are passing the default location, you cannot create an access grant for the entire default location. You must also specify a bucket or a bucket and prefix in the Subprefix field.

AccountId
Required: Yes
Type: string

The Amazon Web Services account ID of the S3 Access Grants instance.

IAMRoleArn
Required: Yes
Type: string

The Amazon Resource Name (ARN) of the IAM role for the registered location. S3 Access Grants assumes this role to manage access to the registered location.

UpdateStorageLensGroupRequest

Members
AccountId
Required: Yes
Type: string

The Amazon Web Services account ID of the Storage Lens group owner.

Name
Required: Yes
Type: string

The name of the Storage Lens group that you want to update.

StorageLensGroup
Required: Yes
Type: StorageLensGroup structure

The JSON file that contains the Storage Lens group configuration.

VersioningConfiguration

Description

Describes the versioning state of an Amazon S3 on Outposts bucket. For more information, see PutBucketVersioning.

Members
MFADelete
Type: string

Specifies whether MFA delete is enabled or disabled in the bucket versioning configuration for the S3 on Outposts bucket.

Status
Type: string

Sets the versioning state of the S3 on Outposts bucket.

VpcConfiguration

Description

The virtual private cloud (VPC) configuration for an access point.

Members
VpcId
Required: Yes
Type: string

If this field is specified, this access point will only allow connections from the specified VPC ID.