AWS S3 Control 2018-08-20
- Client: Aws\S3Control\S3ControlClient
- Service ID: s3control
- Version: 2018-08-20
This page describes the parameters and results for the operations of the AWS S3 Control (2018-08-20), and shows how to use the Aws\S3Control\S3ControlClient object to call the described operations. This documentation is specific to the 2018-08-20 API version of the service.
Operation Summary
Each of the following operations can be created from a client using
$client->getCommand('CommandName')
, where "CommandName" is the
name of one of the following operations. Note: a command is a value that
encapsulates an operation and the parameters used to create an HTTP request.
You can also create and send a command immediately using the magic methods
available on a client object: $client->commandName(/* parameters */)
.
You can send the command asynchronously (returning a promise) by appending the
word "Async" to the operation name: $client->commandNameAsync(/* parameters */)
.
- AssociateAccessGrantsIdentityCenter ( array $params = [] )
- Associate your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance.
- CreateAccessGrant ( array $params = [] )
- Creates an access grant that gives a grantee access to your S3 data.
- CreateAccessGrantsInstance ( array $params = [] )
- Creates an S3 Access Grants instance, which serves as a logical grouping for access grants.
- CreateAccessGrantsLocation ( array $params = [] )
- The S3 data location that you would like to register in your S3 Access Grants instance.
- CreateAccessPoint ( array $params = [] )
- This operation is not supported by directory buckets.
- CreateAccessPointForObjectLambda ( array $params = [] )
- This operation is not supported by directory buckets.
- CreateBucket ( array $params = [] )
- This action creates an Amazon S3 on Outposts bucket.
- CreateJob ( array $params = [] )
- This operation creates an S3 Batch Operations job.
- CreateMultiRegionAccessPoint ( array $params = [] )
- This operation is not supported by directory buckets.
- CreateStorageLensGroup ( array $params = [] )
- Creates a new S3 Storage Lens group and associates it with the specified Amazon Web Services account ID.
- DeleteAccessGrant ( array $params = [] )
- Deletes the access grant from the S3 Access Grants instance.
- DeleteAccessGrantsInstance ( array $params = [] )
- Deletes your S3 Access Grants instance.
- DeleteAccessGrantsInstanceResourcePolicy ( array $params = [] )
- Deletes the resource policy of the S3 Access Grants instance.
- DeleteAccessGrantsLocation ( array $params = [] )
- Deregisters a location from your S3 Access Grants instance.
- DeleteAccessPoint ( array $params = [] )
- This operation is not supported by directory buckets.
- DeleteAccessPointForObjectLambda ( array $params = [] )
- This operation is not supported by directory buckets.
- DeleteAccessPointPolicy ( array $params = [] )
- This operation is not supported by directory buckets.
- DeleteAccessPointPolicyForObjectLambda ( array $params = [] )
- This operation is not supported by directory buckets.
- DeleteBucket ( array $params = [] )
- This action deletes an Amazon S3 on Outposts bucket.
- DeleteBucketLifecycleConfiguration ( array $params = [] )
- This action deletes an Amazon S3 on Outposts bucket's lifecycle configuration.
- DeleteBucketPolicy ( array $params = [] )
- This action deletes an Amazon S3 on Outposts bucket policy.
- DeleteBucketReplication ( array $params = [] )
- This operation deletes an Amazon S3 on Outposts bucket's replication configuration.
- DeleteBucketTagging ( array $params = [] )
- This action deletes an Amazon S3 on Outposts bucket's tags.
- DeleteJobTagging ( array $params = [] )
- Removes the entire tag set from the specified S3 Batch Operations job.
- DeleteMultiRegionAccessPoint ( array $params = [] )
- This operation is not supported by directory buckets.
- DeletePublicAccessBlock ( array $params = [] )
- This operation is not supported by directory buckets.
- DeleteStorageLensConfiguration ( array $params = [] )
- This operation is not supported by directory buckets.
- DeleteStorageLensConfigurationTagging ( array $params = [] )
- This operation is not supported by directory buckets.
- DeleteStorageLensGroup ( array $params = [] )
- Deletes an existing S3 Storage Lens group.
- DescribeJob ( array $params = [] )
- Retrieves the configuration parameters and status for a Batch Operations job.
- DescribeMultiRegionAccessPointOperation ( array $params = [] )
- This operation is not supported by directory buckets.
- DissociateAccessGrantsIdentityCenter ( array $params = [] )
- Dissociates the Amazon Web Services IAM Identity Center instance from the S3 Access Grants instance.
- GetAccessGrant ( array $params = [] )
- Get the details of an access grant from your S3 Access Grants instance.
- GetAccessGrantsInstance ( array $params = [] )
- Retrieves the S3 Access Grants instance for a Region in your account.
- GetAccessGrantsInstanceForPrefix ( array $params = [] )
- Retrieve the S3 Access Grants instance that contains a particular prefix.
- GetAccessGrantsInstanceResourcePolicy ( array $params = [] )
- Returns the resource policy of the S3 Access Grants instance.
- GetAccessGrantsLocation ( array $params = [] )
- Retrieves the details of a particular location registered in your S3 Access Grants instance.
- GetAccessPoint ( array $params = [] )
- This operation is not supported by directory buckets.
- GetAccessPointConfigurationForObjectLambda ( array $params = [] )
- This operation is not supported by directory buckets.
- GetAccessPointForObjectLambda ( array $params = [] )
- This operation is not supported by directory buckets.
- GetAccessPointPolicy ( array $params = [] )
- This operation is not supported by directory buckets.
- GetAccessPointPolicyForObjectLambda ( array $params = [] )
- This operation is not supported by directory buckets.
- GetAccessPointPolicyStatus ( array $params = [] )
- This operation is not supported by directory buckets.
- GetAccessPointPolicyStatusForObjectLambda ( array $params = [] )
- This operation is not supported by directory buckets.
- GetBucket ( array $params = [] )
- Gets an Amazon S3 on Outposts bucket.
- GetBucketLifecycleConfiguration ( array $params = [] )
- This action gets an Amazon S3 on Outposts bucket's lifecycle configuration.
- GetBucketPolicy ( array $params = [] )
- This action gets a bucket policy for an Amazon S3 on Outposts bucket.
- GetBucketReplication ( array $params = [] )
- This operation gets an Amazon S3 on Outposts bucket's replication configuration.
- GetBucketTagging ( array $params = [] )
- This action gets an Amazon S3 on Outposts bucket's tags.
- GetBucketVersioning ( array $params = [] )
- This operation returns the versioning state for S3 on Outposts buckets only.
- GetDataAccess ( array $params = [] )
- Returns a temporary access credential from S3 Access Grants to the grantee or client application.
- GetJobTagging ( array $params = [] )
- Returns the tags on an S3 Batch Operations job.
- GetMultiRegionAccessPoint ( array $params = [] )
- This operation is not supported by directory buckets.
- GetMultiRegionAccessPointPolicy ( array $params = [] )
- This operation is not supported by directory buckets.
- GetMultiRegionAccessPointPolicyStatus ( array $params = [] )
- This operation is not supported by directory buckets.
- GetMultiRegionAccessPointRoutes ( array $params = [] )
- This operation is not supported by directory buckets.
- GetPublicAccessBlock ( array $params = [] )
- This operation is not supported by directory buckets.
- GetStorageLensConfiguration ( array $params = [] )
- This operation is not supported by directory buckets.
- GetStorageLensConfigurationTagging ( array $params = [] )
- This operation is not supported by directory buckets.
- GetStorageLensGroup ( array $params = [] )
- Retrieves the Storage Lens group configuration details.
- ListAccessGrants ( array $params = [] )
- Returns the list of access grants in your S3 Access Grants instance.
- ListAccessGrantsInstances ( array $params = [] )
- Returns a list of S3 Access Grants instances.
- ListAccessGrantsLocations ( array $params = [] )
- Returns a list of the locations registered in your S3 Access Grants instance.
- ListAccessPoints ( array $params = [] )
- This operation is not supported by directory buckets.
- ListAccessPointsForObjectLambda ( array $params = [] )
- This operation is not supported by directory buckets.
- ListCallerAccessGrants ( array $params = [] )
- Use this API to list the access grants that grant the caller access to Amazon S3 data through S3 Access Grants.
- ListJobs ( array $params = [] )
- Lists current S3 Batch Operations jobs as well as the jobs that have ended within the last 90 days for the Amazon Web Services account making the request.
- ListMultiRegionAccessPoints ( array $params = [] )
- This operation is not supported by directory buckets.
- ListRegionalBuckets ( array $params = [] )
- This operation is not supported by directory buckets.
- ListStorageLensConfigurations ( array $params = [] )
- This operation is not supported by directory buckets.
- ListStorageLensGroups ( array $params = [] )
- Lists all the Storage Lens groups in the specified home Region.
- ListTagsForResource ( array $params = [] )
- This operation allows you to list all the Amazon Web Services resource tags for a specified resource.
- PutAccessGrantsInstanceResourcePolicy ( array $params = [] )
- Updates the resource policy of the S3 Access Grants instance.
- PutAccessPointConfigurationForObjectLambda ( array $params = [] )
- This operation is not supported by directory buckets.
- PutAccessPointPolicy ( array $params = [] )
- This operation is not supported by directory buckets.
- PutAccessPointPolicyForObjectLambda ( array $params = [] )
- This operation is not supported by directory buckets.
- PutBucketLifecycleConfiguration ( array $params = [] )
- This action puts a lifecycle configuration to an Amazon S3 on Outposts bucket.
- PutBucketPolicy ( array $params = [] )
- This action puts a bucket policy to an Amazon S3 on Outposts bucket.
- PutBucketReplication ( array $params = [] )
- This action creates an Amazon S3 on Outposts bucket's replication configuration.
- PutBucketTagging ( array $params = [] )
- This action puts tags on an Amazon S3 on Outposts bucket.
- PutBucketVersioning ( array $params = [] )
- This operation sets the versioning state for S3 on Outposts buckets only.
- PutJobTagging ( array $params = [] )
- Sets the supplied tag-set on an S3 Batch Operations job.
- PutMultiRegionAccessPointPolicy ( array $params = [] )
- This operation is not supported by directory buckets.
- PutPublicAccessBlock ( array $params = [] )
- This operation is not supported by directory buckets.
- PutStorageLensConfiguration ( array $params = [] )
- This operation is not supported by directory buckets.
- PutStorageLensConfigurationTagging ( array $params = [] )
- This operation is not supported by directory buckets.
- SubmitMultiRegionAccessPointRoutes ( array $params = [] )
- This operation is not supported by directory buckets.
- TagResource ( array $params = [] )
- Creates a new Amazon Web Services resource tag or updates an existing resource tag.
- UntagResource ( array $params = [] )
- This operation removes the specified Amazon Web Services resource tags from an S3 resource.
- UpdateAccessGrantsLocation ( array $params = [] )
- Updates the IAM role of a registered location in your S3 Access Grants instance.
- UpdateJobPriority ( array $params = [] )
- Updates an existing S3 Batch Operations job's priority.
- UpdateJobStatus ( array $params = [] )
- Updates the status for the specified job.
- UpdateStorageLensGroup ( array $params = [] )
- Updates the existing Storage Lens group.
Paginators
Paginators handle automatically iterating over paginated API results. Paginators are associated with specific API operations, and they accept the parameters that the corresponding API operation accepts. You can get a paginator from a client class using getPaginator($paginatorName, $operationParameters). This client supports the following paginators:
- ListAccessGrants
- ListAccessGrantsInstances
- ListAccessGrantsLocations
- ListAccessPoints
- ListAccessPointsForObjectLambda
- ListCallerAccessGrants
- ListJobs
- ListMultiRegionAccessPoints
- ListRegionalBuckets
- ListStorageLensConfigurations
- ListStorageLensGroups
Operations
AssociateAccessGrantsIdentityCenter
$result = $client->associateAccessGrantsIdentityCenter
([/* ... */]); $promise = $client->associateAccessGrantsIdentityCenterAsync
([/* ... */]);
Associate your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance. Use this action if you want to create access grants for users or groups from your corporate identity directory. First, you must add your corporate identity directory to Amazon Web Services IAM Identity Center. Then, you can associate this IAM Identity Center instance with your S3 Access Grants instance.
- Permissions
-
You must have the
s3:AssociateAccessGrantsIdentityCenter
permission to use this operation. - Additional Permissions
-
You must also have the following permissions:
sso:CreateApplication
,sso:PutApplicationGrant
, andsso:PutApplicationAuthenticationMethod
.
Parameter Syntax
$result = $client->associateAccessGrantsIdentityCenter([ 'AccountId' => '<string>', // REQUIRED 'IdentityCenterArn' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the S3 Access Grants instance.
- IdentityCenterArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the Amazon Web Services IAM Identity Center instance that you are associating with your S3 Access Grants instance. An IAM Identity Center instance is your corporate identity directory that you added to the IAM Identity Center. You can use the ListInstances API operation to retrieve a list of your Identity Center instances and their ARNs.
Result Syntax
[]
Result Details
Errors
There are no errors described for this operation.
CreateAccessGrant
$result = $client->createAccessGrant
([/* ... */]); $promise = $client->createAccessGrantAsync
([/* ... */]);
Creates an access grant that gives a grantee access to your S3 data. The grantee can be an IAM user or role or a directory user, or group. Before you can create a grant, you must have an S3 Access Grants instance in the same Region as the S3 data. You can create an S3 Access Grants instance using the CreateAccessGrantsInstance. You must also have registered at least one S3 data location in your S3 Access Grants instance using CreateAccessGrantsLocation.
- Permissions
-
You must have the
s3:CreateAccessGrant
permission to use this operation. - Additional Permissions
-
For any directory identity -
sso:DescribeInstance
andsso:DescribeApplication
For directory users -
identitystore:DescribeUser
For directory groups -
identitystore:DescribeGroup
Parameter Syntax
$result = $client->createAccessGrant([ 'AccessGrantsLocationConfiguration' => [ 'S3SubPrefix' => '<string>', ], 'AccessGrantsLocationId' => '<string>', // REQUIRED 'AccountId' => '<string>', // REQUIRED 'ApplicationArn' => '<string>', 'Grantee' => [ // REQUIRED 'GranteeIdentifier' => '<string>', 'GranteeType' => 'DIRECTORY_USER|DIRECTORY_GROUP|IAM', ], 'Permission' => 'READ|WRITE|READWRITE', // REQUIRED 'S3PrefixType' => 'Object', 'Tags' => [ [ 'Key' => '<string>', // REQUIRED 'Value' => '<string>', // REQUIRED ], // ... ], ]);
Parameter Details
Members
- AccessGrantsLocationConfiguration
-
- Type: AccessGrantsLocationConfiguration structure
The configuration options of the grant location. The grant location is the S3 path to the data to which you are granting access. It contains the
S3SubPrefix
field. The grant scope is the result of appending the subprefix to the location scope of the registered location. - AccessGrantsLocationId
-
- Required: Yes
- Type: string
The ID of the registered location to which you are granting access. S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID
default
to the default locations3://
and assigns an auto-generated ID to other locations that you register.If you are passing the
default
location, you cannot create an access grant for the entire default location. You must also specify a bucket or a bucket and prefix in theSubprefix
field. - AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the S3 Access Grants instance.
- ApplicationArn
-
- Type: string
The Amazon Resource Name (ARN) of an Amazon Web Services IAM Identity Center application associated with your Identity Center instance. If an application ARN is included in the request to create an access grant, the grantee can only access the S3 data through this application.
- Grantee
-
- Required: Yes
- Type: Grantee structure
The user, group, or role to which you are granting access. You can grant access to an IAM user or role. If you have added your corporate directory to Amazon Web Services IAM Identity Center and associated your Identity Center instance with your S3 Access Grants instance, the grantee can also be a corporate directory user or group.
- Permission
-
- Required: Yes
- Type: string
The type of access that you are granting to your S3 data, which can be set to one of the following values:
-
READ
– Grant read-only access to the S3 data. -
WRITE
– Grant write-only access to the S3 data. -
READWRITE
– Grant both read and write access to the S3 data.
- S3PrefixType
-
- Type: string
The type of
S3SubPrefix
. The only possible value isObject
. Pass this value if the access grant scope is an object. Do not pass this value if the access grant scope is a bucket or a bucket and a prefix. - Tags
-
- Type: Array of Tag structures
The Amazon Web Services resource tags that you are adding to the access grant. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources.
Result Syntax
[ 'AccessGrantArn' => '<string>', 'AccessGrantId' => '<string>', 'AccessGrantsLocationConfiguration' => [ 'S3SubPrefix' => '<string>', ], 'AccessGrantsLocationId' => '<string>', 'ApplicationArn' => '<string>', 'CreatedAt' => <DateTime>, 'GrantScope' => '<string>', 'Grantee' => [ 'GranteeIdentifier' => '<string>', 'GranteeType' => 'DIRECTORY_USER|DIRECTORY_GROUP|IAM', ], 'Permission' => 'READ|WRITE|READWRITE', ]
Result Details
Members
- AccessGrantArn
-
- Type: string
The Amazon Resource Name (ARN) of the access grant.
- AccessGrantId
-
- Type: string
The ID of the access grant. S3 Access Grants auto-generates this ID when you create the access grant.
- AccessGrantsLocationConfiguration
-
- Type: AccessGrantsLocationConfiguration structure
The configuration options of the grant location. The grant location is the S3 path to the data to which you are granting access.
- AccessGrantsLocationId
-
- Type: string
The ID of the registered location to which you are granting access. S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID
default
to the default locations3://
and assigns an auto-generated ID to other locations that you register. - ApplicationArn
-
- Type: string
The Amazon Resource Name (ARN) of an Amazon Web Services IAM Identity Center application associated with your Identity Center instance. If the grant includes an application ARN, the grantee can only access the S3 data through this application.
- CreatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time when you created the access grant.
- GrantScope
-
- Type: string
The S3 path of the data to which you are granting access. It is the result of appending the
Subprefix
to the location scope. - Grantee
-
- Type: Grantee structure
The user, group, or role to which you are granting access. You can grant access to an IAM user or role. If you have added your corporate directory to Amazon Web Services IAM Identity Center and associated your Identity Center instance with your S3 Access Grants instance, the grantee can also be a corporate directory user or group.
- Permission
-
- Type: string
The type of access that you are granting to your S3 data, which can be set to one of the following values:
-
READ
– Grant read-only access to the S3 data. -
WRITE
– Grant write-only access to the S3 data. -
READWRITE
– Grant both read and write access to the S3 data.
Errors
There are no errors described for this operation.
CreateAccessGrantsInstance
$result = $client->createAccessGrantsInstance
([/* ... */]); $promise = $client->createAccessGrantsInstanceAsync
([/* ... */]);
Creates an S3 Access Grants instance, which serves as a logical grouping for access grants. You can create one S3 Access Grants instance per Region per account.
- Permissions
-
You must have the
s3:CreateAccessGrantsInstance
permission to use this operation. - Additional Permissions
-
To associate an IAM Identity Center instance with your S3 Access Grants instance, you must also have the
sso:DescribeInstance
,sso:CreateApplication
,sso:PutApplicationGrant
, andsso:PutApplicationAuthenticationMethod
permissions.
Parameter Syntax
$result = $client->createAccessGrantsInstance([ 'AccountId' => '<string>', // REQUIRED 'IdentityCenterArn' => '<string>', 'Tags' => [ [ 'Key' => '<string>', // REQUIRED 'Value' => '<string>', // REQUIRED ], // ... ], ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the S3 Access Grants instance.
- IdentityCenterArn
-
- Type: string
If you would like to associate your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance, use this field to pass the Amazon Resource Name (ARN) of the Amazon Web Services IAM Identity Center instance that you are associating with your S3 Access Grants instance. An IAM Identity Center instance is your corporate identity directory that you added to the IAM Identity Center. You can use the ListInstances API operation to retrieve a list of your Identity Center instances and their ARNs.
- Tags
-
- Type: Array of Tag structures
The Amazon Web Services resource tags that you are adding to the S3 Access Grants instance. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources.
Result Syntax
[ 'AccessGrantsInstanceArn' => '<string>', 'AccessGrantsInstanceId' => '<string>', 'CreatedAt' => <DateTime>, 'IdentityCenterApplicationArn' => '<string>', 'IdentityCenterArn' => '<string>', 'IdentityCenterInstanceArn' => '<string>', ]
Result Details
Members
- AccessGrantsInstanceArn
-
- Type: string
The Amazon Resource Name (ARN) of the Amazon Web Services IAM Identity Center instance that you are associating with your S3 Access Grants instance. An IAM Identity Center instance is your corporate identity directory that you added to the IAM Identity Center. You can use the ListInstances API operation to retrieve a list of your Identity Center instances and their ARNs.
- AccessGrantsInstanceId
-
- Type: string
The ID of the S3 Access Grants instance. The ID is
default
. You can have one S3 Access Grants instance per Region per account. - CreatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time when you created the S3 Access Grants instance.
- IdentityCenterApplicationArn
-
- Type: string
If you associated your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance, this field returns the Amazon Resource Name (ARN) of the IAM Identity Center instance application; a subresource of the original Identity Center instance. S3 Access Grants creates this Identity Center application for the specific S3 Access Grants instance.
- IdentityCenterArn
-
- Type: string
If you associated your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance, this field returns the Amazon Resource Name (ARN) of the IAM Identity Center instance application; a subresource of the original Identity Center instance. S3 Access Grants creates this Identity Center application for the specific S3 Access Grants instance.
- IdentityCenterInstanceArn
-
- Type: string
The Amazon Resource Name (ARN) of the Amazon Web Services IAM Identity Center instance that you are associating with your S3 Access Grants instance. An IAM Identity Center instance is your corporate identity directory that you added to the IAM Identity Center. You can use the ListInstances API operation to retrieve a list of your Identity Center instances and their ARNs.
Errors
There are no errors described for this operation.
CreateAccessGrantsLocation
$result = $client->createAccessGrantsLocation
([/* ... */]); $promise = $client->createAccessGrantsLocationAsync
([/* ... */]);
The S3 data location that you would like to register in your S3 Access Grants instance. Your S3 data must be in the same Region as your S3 Access Grants instance. The location can be one of the following:
-
The default S3 location
s3://
-
A bucket -
S3://<bucket-name>
-
A bucket and prefix -
S3://<bucket-name>/<prefix>
When you register a location, you must include the IAM role that has permission to manage the S3 location that you are registering. Give S3 Access Grants permission to assume this role using a policy. S3 Access Grants assumes this role to manage access to the location and to vend temporary credentials to grantees or client applications.
- Permissions
-
You must have the
s3:CreateAccessGrantsLocation
permission to use this operation. - Additional Permissions
-
You must also have the following permission for the specified IAM role:
iam:PassRole
Parameter Syntax
$result = $client->createAccessGrantsLocation([ 'AccountId' => '<string>', // REQUIRED 'IAMRoleArn' => '<string>', // REQUIRED 'LocationScope' => '<string>', // REQUIRED 'Tags' => [ [ 'Key' => '<string>', // REQUIRED 'Value' => '<string>', // REQUIRED ], // ... ], ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the S3 Access Grants instance.
- IAMRoleArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the IAM role for the registered location. S3 Access Grants assumes this role to manage access to the registered location.
- LocationScope
-
- Required: Yes
- Type: string
The S3 path to the location that you are registering. The location scope can be the default S3 location
s3://
, the S3 path to a buckets3://<bucket>
, or the S3 path to a bucket and prefixs3://<bucket>/<prefix>
. A prefix in S3 is a string of characters at the beginning of an object key name used to organize the objects that you store in your S3 buckets. For example, object key names that start with theengineering/
prefix or object key names that start with themarketing/campaigns/
prefix. - Tags
-
- Type: Array of Tag structures
The Amazon Web Services resource tags that you are adding to the S3 Access Grants location. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources.
Result Syntax
[ 'AccessGrantsLocationArn' => '<string>', 'AccessGrantsLocationId' => '<string>', 'CreatedAt' => <DateTime>, 'IAMRoleArn' => '<string>', 'LocationScope' => '<string>', ]
Result Details
Members
- AccessGrantsLocationArn
-
- Type: string
The Amazon Resource Name (ARN) of the location you are registering.
- AccessGrantsLocationId
-
- Type: string
The ID of the registered location to which you are granting access. S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID
default
to the default locations3://
and assigns an auto-generated ID to other locations that you register. - CreatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time when you registered the location.
- IAMRoleArn
-
- Type: string
The Amazon Resource Name (ARN) of the IAM role for the registered location. S3 Access Grants assumes this role to manage access to the registered location.
- LocationScope
-
- Type: string
The S3 URI path to the location that you are registering. The location scope can be the default S3 location
s3://
, the S3 path to a bucket, or the S3 path to a bucket and prefix. A prefix in S3 is a string of characters at the beginning of an object key name used to organize the objects that you store in your S3 buckets. For example, object key names that start with theengineering/
prefix or object key names that start with themarketing/campaigns/
prefix.
Errors
There are no errors described for this operation.
CreateAccessPoint
$result = $client->createAccessPoint
([/* ... */]); $promise = $client->createAccessPointAsync
([/* ... */]);
This operation is not supported by directory buckets.
Creates an access point and associates it with the specified bucket. For more information, see Managing Data Access with Amazon S3 Access Points in the Amazon S3 User Guide.
S3 on Outposts only supports VPC-style access points.
For more information, see Accessing Amazon S3 on Outposts using virtual private cloud (VPC) only access points in the Amazon S3 User Guide.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples section.
The following actions are related to CreateAccessPoint
:
Parameter Syntax
$result = $client->createAccessPoint([ 'AccountId' => '<string>', // REQUIRED 'Bucket' => '<string>', // REQUIRED 'BucketAccountId' => '<string>', 'Name' => '<string>', // REQUIRED 'PublicAccessBlockConfiguration' => [ 'BlockPublicAcls' => true || false, 'BlockPublicPolicy' => true || false, 'IgnorePublicAcls' => true || false, 'RestrictPublicBuckets' => true || false, ], 'VpcConfiguration' => [ 'VpcId' => '<string>', // REQUIRED ], ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID for the account that owns the specified access point.
- Bucket
-
- Required: Yes
- Type: string
The name of the bucket that you want to associate this access point with.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format
arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>
. For example, to access the bucketreports
through Outpostmy-outpost
owned by account123456789012
in Regionus-west-2
, use the URL encoding ofarn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports
. The value must be URL encoded. - BucketAccountId
-
- Type: string
The Amazon Web Services account ID associated with the S3 bucket associated with this access point.
For same account access point when your bucket and access point belong to the same account owner, the
BucketAccountId
is not required. For cross-account access point when your bucket and access point are not in the same account, theBucketAccountId
is required. - Name
-
- Required: Yes
- Type: string
The name you want to assign to this access point.
- PublicAccessBlockConfiguration
-
- Type: PublicAccessBlockConfiguration structure
The
PublicAccessBlock
configuration that you want to apply to the access point. - VpcConfiguration
-
- Type: VpcConfiguration structure
If you include this field, Amazon S3 restricts access to this access point to requests from the specified virtual private cloud (VPC).
This is required for creating an access point for Amazon S3 on Outposts buckets.
Result Syntax
[ 'AccessPointArn' => '<string>', 'Alias' => '<string>', ]
Result Details
Members
- AccessPointArn
-
- Type: string
The ARN of the access point.
This is only supported by Amazon S3 on Outposts.
- Alias
-
- Type: string
The name or alias of the access point.
Errors
There are no errors described for this operation.
CreateAccessPointForObjectLambda
$result = $client->createAccessPointForObjectLambda
([/* ... */]); $promise = $client->createAccessPointForObjectLambdaAsync
([/* ... */]);
This operation is not supported by directory buckets.
Creates an Object Lambda Access Point. For more information, see Transforming objects with Object Lambda Access Points in the Amazon S3 User Guide.
The following actions are related to CreateAccessPointForObjectLambda
:
Parameter Syntax
$result = $client->createAccessPointForObjectLambda([ 'AccountId' => '<string>', // REQUIRED 'Configuration' => [ // REQUIRED 'AllowedFeatures' => ['<string>', ...], 'CloudWatchMetricsEnabled' => true || false, 'SupportingAccessPoint' => '<string>', // REQUIRED 'TransformationConfigurations' => [ // REQUIRED [ 'Actions' => ['<string>', ...], // REQUIRED 'ContentTransformation' => [ // REQUIRED 'AwsLambda' => [ 'FunctionArn' => '<string>', // REQUIRED 'FunctionPayload' => '<string>', ], ], ], // ... ], ], 'Name' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID for owner of the specified Object Lambda Access Point.
- Configuration
-
- Required: Yes
- Type: ObjectLambdaConfiguration structure
Object Lambda Access Point configuration as a JSON document.
- Name
-
- Required: Yes
- Type: string
The name you want to assign to this Object Lambda Access Point.
Result Syntax
[ 'Alias' => [ 'Status' => 'PROVISIONING|READY', 'Value' => '<string>', ], 'ObjectLambdaAccessPointArn' => '<string>', ]
Result Details
Members
- Alias
-
- Type: ObjectLambdaAccessPointAlias structure
The alias of the Object Lambda Access Point.
- ObjectLambdaAccessPointArn
-
- Type: string
Specifies the ARN for the Object Lambda Access Point.
Errors
There are no errors described for this operation.
CreateBucket
$result = $client->createBucket
([/* ... */]); $promise = $client->createBucketAsync
([/* ... */]);
This action creates an Amazon S3 on Outposts bucket. To create an S3 bucket, see Create Bucket in the Amazon S3 API Reference.
Creates a new Outposts bucket. By creating the bucket, you become the bucket owner. To create an Outposts bucket, you must have S3 on Outposts. For more information, see Using Amazon S3 on Outposts in Amazon S3 User Guide.
Not every string is an acceptable bucket name. For information on bucket naming restrictions, see Working with Amazon S3 Buckets.
S3 on Outposts buckets support:
-
Tags
-
LifecycleConfigurations for deleting expired objects
For a complete list of restrictions and Amazon S3 feature limitations on S3 on Outposts, see Amazon S3 on Outposts Restrictions and Limitations.
For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and x-amz-outpost-id
in your API request, see the Examples section.
The following actions are related to CreateBucket
for Amazon S3 on Outposts:
Parameter Syntax
$result = $client->createBucket([ 'ACL' => 'private|public-read|public-read-write|authenticated-read', 'Bucket' => '<string>', // REQUIRED 'CreateBucketConfiguration' => [ 'LocationConstraint' => 'EU|eu-west-1|us-west-1|us-west-2|ap-south-1|ap-southeast-1|ap-southeast-2|ap-northeast-1|sa-east-1|cn-north-1|eu-central-1', ], 'GrantFullControl' => '<string>', 'GrantRead' => '<string>', 'GrantReadACP' => '<string>', 'GrantWrite' => '<string>', 'GrantWriteACP' => '<string>', 'ObjectLockEnabledForBucket' => true || false, 'OutpostId' => '<string>', ]);
Parameter Details
Members
- ACL
-
- Type: string
The canned ACL to apply to the bucket.
This is not supported by Amazon S3 on Outposts buckets.
- Bucket
-
- Required: Yes
- Type: string
The name of the bucket.
- CreateBucketConfiguration
-
- Type: CreateBucketConfiguration structure
The configuration information for the bucket.
This is not supported by Amazon S3 on Outposts buckets.
- GrantFullControl
-
- Type: string
Allows grantee the read, write, read ACP, and write ACP permissions on the bucket.
This is not supported by Amazon S3 on Outposts buckets.
- GrantRead
-
- Type: string
Allows grantee to list the objects in the bucket.
This is not supported by Amazon S3 on Outposts buckets.
- GrantReadACP
-
- Type: string
Allows grantee to read the bucket ACL.
This is not supported by Amazon S3 on Outposts buckets.
- GrantWrite
-
- Type: string
Allows grantee to create, overwrite, and delete any object in the bucket.
This is not supported by Amazon S3 on Outposts buckets.
- GrantWriteACP
-
- Type: string
Allows grantee to write the ACL for the applicable bucket.
This is not supported by Amazon S3 on Outposts buckets.
- ObjectLockEnabledForBucket
-
- Type: boolean
Specifies whether you want S3 Object Lock to be enabled for the new bucket.
This is not supported by Amazon S3 on Outposts buckets.
- OutpostId
-
- Type: string
The ID of the Outposts where the bucket is being created.
This ID is required by Amazon S3 on Outposts buckets.
Result Syntax
[ 'BucketArn' => '<string>', 'Location' => '<string>', ]
Result Details
Members
- BucketArn
-
- Type: string
The Amazon Resource Name (ARN) of the bucket.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format
arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>
. For example, to access the bucketreports
through Outpostmy-outpost
owned by account123456789012
in Regionus-west-2
, use the URL encoding ofarn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports
. The value must be URL encoded. - Location
-
- Type: string
The location of the bucket.
Errors
- BucketAlreadyExists:
The requested Outposts bucket name is not available. The bucket namespace is shared by all users of the Outposts in this Region. Select a different name and try again.
- BucketAlreadyOwnedByYou:
The Outposts bucket you tried to create already exists, and you own it.
CreateJob
$result = $client->createJob
([/* ... */]); $promise = $client->createJobAsync
([/* ... */]);
This operation creates an S3 Batch Operations job.
You can use S3 Batch Operations to perform large-scale batch actions on Amazon S3 objects. Batch Operations can run a single action on lists of Amazon S3 objects that you specify. For more information, see S3 Batch Operations in the Amazon S3 User Guide.
- Permissions
-
For information about permissions required to use the Batch Operations, see Granting permissions for S3 Batch Operations in the Amazon S3 User Guide.
Related actions include:
Parameter Syntax
$result = $client->createJob([ 'AccountId' => '<string>', // REQUIRED 'ClientRequestToken' => '<string>', // REQUIRED 'ConfirmationRequired' => true || false, 'Description' => '<string>', 'Manifest' => [ 'Location' => [ // REQUIRED 'ETag' => '<string>', // REQUIRED 'ObjectArn' => '<string>', // REQUIRED 'ObjectVersionId' => '<string>', ], 'Spec' => [ // REQUIRED 'Fields' => ['<string>', ...], 'Format' => 'S3BatchOperations_CSV_20180820|S3InventoryReport_CSV_20161130', // REQUIRED ], ], 'ManifestGenerator' => [ 'S3JobManifestGenerator' => [ 'EnableManifestOutput' => true || false, // REQUIRED 'ExpectedBucketOwner' => '<string>', 'Filter' => [ 'CreatedAfter' => <integer || string || DateTime>, 'CreatedBefore' => <integer || string || DateTime>, 'EligibleForReplication' => true || false, 'KeyNameConstraint' => [ 'MatchAnyPrefix' => ['<string>', ...], 'MatchAnySubstring' => ['<string>', ...], 'MatchAnySuffix' => ['<string>', ...], ], 'MatchAnyStorageClass' => ['<string>', ...], 'ObjectReplicationStatuses' => ['<string>', ...], 'ObjectSizeGreaterThanBytes' => <integer>, 'ObjectSizeLessThanBytes' => <integer>, ], 'ManifestOutputLocation' => [ 'Bucket' => '<string>', // REQUIRED 'ExpectedManifestBucketOwner' => '<string>', 'ManifestEncryption' => [ 'SSEKMS' => [ 'KeyId' => '<string>', // REQUIRED ], 'SSES3' => [ ], ], 'ManifestFormat' => 'S3InventoryReport_CSV_20211130', // REQUIRED 'ManifestPrefix' => '<string>', ], 'SourceBucket' => '<string>', // REQUIRED ], ], 'Operation' => [ // REQUIRED 'LambdaInvoke' => [ 'FunctionArn' => '<string>', 'InvocationSchemaVersion' => '<string>', 'UserArguments' => ['<string>', ...], ], 'S3DeleteObjectTagging' => [ ], 'S3InitiateRestoreObject' => [ 'ExpirationInDays' => <integer>, 'GlacierJobTier' => 'BULK|STANDARD', ], 'S3PutObjectAcl' => [ 'AccessControlPolicy' => [ 'AccessControlList' => [ 'Grants' => [ [ 'Grantee' => [ 'DisplayName' => '<string>', 'Identifier' => '<string>', 'TypeIdentifier' => 'id|emailAddress|uri', ], 'Permission' => 'FULL_CONTROL|READ|WRITE|READ_ACP|WRITE_ACP', ], // ... ], 'Owner' => [ // REQUIRED 'DisplayName' => '<string>', 'ID' => '<string>', ], ], 'CannedAccessControlList' => 'private|public-read|public-read-write|aws-exec-read|authenticated-read|bucket-owner-read|bucket-owner-full-control', ], ], 'S3PutObjectCopy' => [ 'AccessControlGrants' => [ [ 'Grantee' => [ 'DisplayName' => '<string>', 'Identifier' => '<string>', 'TypeIdentifier' => 'id|emailAddress|uri', ], 'Permission' => 'FULL_CONTROL|READ|WRITE|READ_ACP|WRITE_ACP', ], // ... ], 'BucketKeyEnabled' => true || false, 'CannedAccessControlList' => 'private|public-read|public-read-write|aws-exec-read|authenticated-read|bucket-owner-read|bucket-owner-full-control', 'ChecksumAlgorithm' => 'CRC32|CRC32C|SHA1|SHA256|CRC64NVME', 'MetadataDirective' => 'COPY|REPLACE', 'ModifiedSinceConstraint' => <integer || string || DateTime>, 'NewObjectMetadata' => [ 'CacheControl' => '<string>', 'ContentDisposition' => '<string>', 'ContentEncoding' => '<string>', 'ContentLanguage' => '<string>', 'ContentLength' => <integer>, 'ContentMD5' => '<string>', 'ContentType' => '<string>', 'HttpExpiresDate' => <integer || string || DateTime>, 'RequesterCharged' => true || false, 'SSEAlgorithm' => 'AES256|KMS', 'UserMetadata' => ['<string>', ...], ], 'NewObjectTagging' => [ [ 'Key' => '<string>', // REQUIRED 'Value' => '<string>', // REQUIRED ], // ... ], 'ObjectLockLegalHoldStatus' => 'OFF|ON', 'ObjectLockMode' => 'COMPLIANCE|GOVERNANCE', 'ObjectLockRetainUntilDate' => <integer || string || DateTime>, 'RedirectLocation' => '<string>', 'RequesterPays' => true || false, 'SSEAwsKmsKeyId' => '<string>', 'StorageClass' => 'STANDARD|STANDARD_IA|ONEZONE_IA|GLACIER|INTELLIGENT_TIERING|DEEP_ARCHIVE|GLACIER_IR', 'TargetKeyPrefix' => '<string>', 'TargetResource' => '<string>', 'UnModifiedSinceConstraint' => <integer || string || DateTime>, ], 'S3PutObjectLegalHold' => [ 'LegalHold' => [ // REQUIRED 'Status' => 'OFF|ON', // REQUIRED ], ], 'S3PutObjectRetention' => [ 'BypassGovernanceRetention' => true || false, 'Retention' => [ // REQUIRED 'Mode' => 'COMPLIANCE|GOVERNANCE', 'RetainUntilDate' => <integer || string || DateTime>, ], ], 'S3PutObjectTagging' => [ 'TagSet' => [ [ 'Key' => '<string>', // REQUIRED 'Value' => '<string>', // REQUIRED ], // ... ], ], 'S3ReplicateObject' => [ ], ], 'Priority' => <integer>, // REQUIRED 'Report' => [ // REQUIRED 'Bucket' => '<string>', 'Enabled' => true || false, // REQUIRED 'Format' => 'Report_CSV_20180820', 'Prefix' => '<string>', 'ReportScope' => 'AllTasks|FailedTasksOnly', ], 'RoleArn' => '<string>', // REQUIRED 'Tags' => [ [ 'Key' => '<string>', // REQUIRED 'Value' => '<string>', // REQUIRED ], // ... ], ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID that creates the job.
- ClientRequestToken
-
- Required: Yes
- Type: string
An idempotency token to ensure that you don't accidentally submit the same request twice. You can use any string up to the maximum length.
- ConfirmationRequired
-
- Type: boolean
Indicates whether confirmation is required before Amazon S3 runs the job. Confirmation is only required for jobs created through the Amazon S3 console.
- Description
-
- Type: string
A description for this job. You can use any string within the permitted length. Descriptions don't need to be unique and can be used for multiple jobs.
- Manifest
-
- Type: JobManifest structure
Configuration parameters for the manifest.
- ManifestGenerator
-
- Type: JobManifestGenerator structure
The attribute container for the ManifestGenerator details. Jobs must be created with either a manifest file or a ManifestGenerator, but not both.
- Operation
-
- Required: Yes
- Type: JobOperation structure
The action that you want this job to perform on every object listed in the manifest. For more information about the available actions, see Operations in the Amazon S3 User Guide.
- Priority
-
- Required: Yes
- Type: int
The numerical priority for this job. Higher numbers indicate higher priority.
- Report
-
- Required: Yes
- Type: JobReport structure
Configuration parameters for the optional job-completion report.
- RoleArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) for the Identity and Access Management (IAM) role that Batch Operations will use to run this job's action on every object in the manifest.
- Tags
-
- Type: Array of S3Tag structures
A set of tags to associate with the S3 Batch Operations job. This is an optional parameter.
Result Syntax
[ 'JobId' => '<string>', ]
Result Details
Members
- JobId
-
- Type: string
The ID for this job. Amazon S3 generates this ID automatically and returns it after a successful
Create Job
request.
Errors
CreateMultiRegionAccessPoint
$result = $client->createMultiRegionAccessPoint
([/* ... */]); $promise = $client->createMultiRegionAccessPointAsync
([/* ... */]);
This operation is not supported by directory buckets.
Creates a Multi-Region Access Point and associates it with the specified buckets. For more information about creating Multi-Region Access Points, see Creating Multi-Region Access Points in the Amazon S3 User Guide.
This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point restrictions and limitations in the Amazon S3 User Guide.
This request is asynchronous, meaning that you might receive a response before the command has completed. When this request provides a response, it provides a token that you can use to monitor the status of the request with DescribeMultiRegionAccessPointOperation
.
The following actions are related to CreateMultiRegionAccessPoint
:
Parameter Syntax
$result = $client->createMultiRegionAccessPoint([ 'AccountId' => '<string>', // REQUIRED 'ClientToken' => '<string>', // REQUIRED 'Details' => [ // REQUIRED 'Name' => '<string>', // REQUIRED 'PublicAccessBlock' => [ 'BlockPublicAcls' => true || false, 'BlockPublicPolicy' => true || false, 'IgnorePublicAcls' => true || false, 'RestrictPublicBuckets' => true || false, ], 'Regions' => [ // REQUIRED [ 'Bucket' => '<string>', // REQUIRED 'BucketAccountId' => '<string>', ], // ... ], ], ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID for the owner of the Multi-Region Access Point. The owner of the Multi-Region Access Point also must own the underlying buckets.
- ClientToken
-
- Required: Yes
- Type: string
An idempotency token used to identify the request and guarantee that requests are unique.
- Details
-
- Required: Yes
- Type: CreateMultiRegionAccessPointInput structure
A container element containing details about the Multi-Region Access Point.
Result Syntax
[ 'RequestTokenARN' => '<string>', ]
Result Details
Members
- RequestTokenARN
-
- Type: string
The request token associated with the request. You can use this token with DescribeMultiRegionAccessPointOperation to determine the status of asynchronous requests.
Errors
There are no errors described for this operation.
CreateStorageLensGroup
$result = $client->createStorageLensGroup
([/* ... */]); $promise = $client->createStorageLensGroupAsync
([/* ... */]);
Creates a new S3 Storage Lens group and associates it with the specified Amazon Web Services account ID. An S3 Storage Lens group is a custom grouping of objects based on prefix, suffix, object tags, object size, object age, or a combination of these filters. For each Storage Lens group that you’ve created, you can also optionally add Amazon Web Services resource tags. For more information about S3 Storage Lens groups, see Working with S3 Storage Lens groups.
To use this operation, you must have the permission to perform the s3:CreateStorageLensGroup
action. If you’re trying to create a Storage Lens group with Amazon Web Services resource tags, you must also have permission to perform the s3:TagResource
action. For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups.
For information about Storage Lens groups errors, see List of Amazon S3 Storage Lens error codes.
Parameter Syntax
$result = $client->createStorageLensGroup([ 'AccountId' => '<string>', // REQUIRED 'StorageLensGroup' => [ // REQUIRED 'Filter' => [ // REQUIRED 'And' => [ 'MatchAnyPrefix' => ['<string>', ...], 'MatchAnySuffix' => ['<string>', ...], 'MatchAnyTag' => [ [ 'Key' => '<string>', // REQUIRED 'Value' => '<string>', // REQUIRED ], // ... ], 'MatchObjectAge' => [ 'DaysGreaterThan' => <integer>, 'DaysLessThan' => <integer>, ], 'MatchObjectSize' => [ 'BytesGreaterThan' => <integer>, 'BytesLessThan' => <integer>, ], ], 'MatchAnyPrefix' => ['<string>', ...], 'MatchAnySuffix' => ['<string>', ...], 'MatchAnyTag' => [ [ 'Key' => '<string>', // REQUIRED 'Value' => '<string>', // REQUIRED ], // ... ], 'MatchObjectAge' => [ 'DaysGreaterThan' => <integer>, 'DaysLessThan' => <integer>, ], 'MatchObjectSize' => [ 'BytesGreaterThan' => <integer>, 'BytesLessThan' => <integer>, ], 'Or' => [ 'MatchAnyPrefix' => ['<string>', ...], 'MatchAnySuffix' => ['<string>', ...], 'MatchAnyTag' => [ [ 'Key' => '<string>', // REQUIRED 'Value' => '<string>', // REQUIRED ], // ... ], 'MatchObjectAge' => [ 'DaysGreaterThan' => <integer>, 'DaysLessThan' => <integer>, ], 'MatchObjectSize' => [ 'BytesGreaterThan' => <integer>, 'BytesLessThan' => <integer>, ], ], ], 'Name' => '<string>', // REQUIRED 'StorageLensGroupArn' => '<string>', ], 'Tags' => [ [ 'Key' => '<string>', // REQUIRED 'Value' => '<string>', // REQUIRED ], // ... ], ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID that the Storage Lens group is created from and associated with.
- StorageLensGroup
-
- Required: Yes
- Type: StorageLensGroup structure
The Storage Lens group configuration.
- Tags
-
- Type: Array of Tag structures
The Amazon Web Services resource tags that you're adding to your Storage Lens group. This parameter is optional.
Result Syntax
[]
Result Details
Errors
There are no errors described for this operation.
DeleteAccessGrant
$result = $client->deleteAccessGrant
([/* ... */]); $promise = $client->deleteAccessGrantAsync
([/* ... */]);
Deletes the access grant from the S3 Access Grants instance. You cannot undo an access grant deletion and the grantee will no longer have access to the S3 data.
- Permissions
-
You must have the
s3:DeleteAccessGrant
permission to use this operation.
Parameter Syntax
$result = $client->deleteAccessGrant([ 'AccessGrantId' => '<string>', // REQUIRED 'AccountId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AccessGrantId
-
- Required: Yes
- Type: string
The ID of the access grant. S3 Access Grants auto-generates this ID when you create the access grant.
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the S3 Access Grants instance.
Result Syntax
[]
Result Details
Errors
There are no errors described for this operation.
DeleteAccessGrantsInstance
$result = $client->deleteAccessGrantsInstance
([/* ... */]); $promise = $client->deleteAccessGrantsInstanceAsync
([/* ... */]);
Deletes your S3 Access Grants instance. You must first delete the access grants and locations before S3 Access Grants can delete the instance. See DeleteAccessGrant and DeleteAccessGrantsLocation. If you have associated an IAM Identity Center instance with your S3 Access Grants instance, you must first dissassociate the Identity Center instance from the S3 Access Grants instance before you can delete the S3 Access Grants instance. See AssociateAccessGrantsIdentityCenter and DissociateAccessGrantsIdentityCenter.
- Permissions
-
You must have the
s3:DeleteAccessGrantsInstance
permission to use this operation.
Parameter Syntax
$result = $client->deleteAccessGrantsInstance([ 'AccountId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the S3 Access Grants instance.
Result Syntax
[]
Result Details
Errors
There are no errors described for this operation.
DeleteAccessGrantsInstanceResourcePolicy
$result = $client->deleteAccessGrantsInstanceResourcePolicy
([/* ... */]); $promise = $client->deleteAccessGrantsInstanceResourcePolicyAsync
([/* ... */]);
Deletes the resource policy of the S3 Access Grants instance. The resource policy is used to manage cross-account access to your S3 Access Grants instance. By deleting the resource policy, you delete any cross-account permissions to your S3 Access Grants instance.
- Permissions
-
You must have the
s3:DeleteAccessGrantsInstanceResourcePolicy
permission to use this operation.
Parameter Syntax
$result = $client->deleteAccessGrantsInstanceResourcePolicy([ 'AccountId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the S3 Access Grants instance.
Result Syntax
[]
Result Details
Errors
There are no errors described for this operation.
DeleteAccessGrantsLocation
$result = $client->deleteAccessGrantsLocation
([/* ... */]); $promise = $client->deleteAccessGrantsLocationAsync
([/* ... */]);
Deregisters a location from your S3 Access Grants instance. You can only delete a location registration from an S3 Access Grants instance if there are no grants associated with this location. See Delete a grant for information on how to delete grants. You need to have at least one registered location in your S3 Access Grants instance in order to create access grants.
- Permissions
-
You must have the
s3:DeleteAccessGrantsLocation
permission to use this operation.
Parameter Syntax
$result = $client->deleteAccessGrantsLocation([ 'AccessGrantsLocationId' => '<string>', // REQUIRED 'AccountId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AccessGrantsLocationId
-
- Required: Yes
- Type: string
The ID of the registered location that you are deregistering from your S3 Access Grants instance. S3 Access Grants assigned this ID when you registered the location. S3 Access Grants assigns the ID
default
to the default locations3://
and assigns an auto-generated ID to other locations that you register. - AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the S3 Access Grants instance.
Result Syntax
[]
Result Details
Errors
There are no errors described for this operation.
DeleteAccessPoint
$result = $client->deleteAccessPoint
([/* ... */]); $promise = $client->deleteAccessPointAsync
([/* ... */]);
This operation is not supported by directory buckets.
Deletes the specified access point.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples section.
The following actions are related to DeleteAccessPoint
:
Parameter Syntax
$result = $client->deleteAccessPoint([ 'AccountId' => '<string>', // REQUIRED 'Name' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID for the account that owns the specified access point.
- Name
-
- Required: Yes
- Type: string
The name of the access point you want to delete.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the access point accessed in the format
arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/accesspoint/<my-accesspoint-name>
. For example, to access the access pointreports-ap
through Outpostmy-outpost
owned by account123456789012
in Regionus-west-2
, use the URL encoding ofarn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap
. The value must be URL encoded.
Result Syntax
[]
Result Details
Errors
There are no errors described for this operation.
DeleteAccessPointForObjectLambda
$result = $client->deleteAccessPointForObjectLambda
([/* ... */]); $promise = $client->deleteAccessPointForObjectLambdaAsync
([/* ... */]);
This operation is not supported by directory buckets.
Deletes the specified Object Lambda Access Point.
The following actions are related to DeleteAccessPointForObjectLambda
:
Parameter Syntax
$result = $client->deleteAccessPointForObjectLambda([ 'AccountId' => '<string>', // REQUIRED 'Name' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The account ID for the account that owns the specified Object Lambda Access Point.
- Name
-
- Required: Yes
- Type: string
The name of the access point you want to delete.
Result Syntax
[]
Result Details
Errors
There are no errors described for this operation.
DeleteAccessPointPolicy
$result = $client->deleteAccessPointPolicy
([/* ... */]); $promise = $client->deleteAccessPointPolicyAsync
([/* ... */]);
This operation is not supported by directory buckets.
Deletes the access point policy for the specified access point.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples section.
The following actions are related to DeleteAccessPointPolicy
:
Parameter Syntax
$result = $client->deleteAccessPointPolicy([ 'AccountId' => '<string>', // REQUIRED 'Name' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The account ID for the account that owns the specified access point.
- Name
-
- Required: Yes
- Type: string
The name of the access point whose policy you want to delete.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the access point accessed in the format
arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/accesspoint/<my-accesspoint-name>
. For example, to access the access pointreports-ap
through Outpostmy-outpost
owned by account123456789012
in Regionus-west-2
, use the URL encoding ofarn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap
. The value must be URL encoded.
Result Syntax
[]
Result Details
Errors
There are no errors described for this operation.
DeleteAccessPointPolicyForObjectLambda
$result = $client->deleteAccessPointPolicyForObjectLambda
([/* ... */]); $promise = $client->deleteAccessPointPolicyForObjectLambdaAsync
([/* ... */]);
This operation is not supported by directory buckets.
Removes the resource policy for an Object Lambda Access Point.
The following actions are related to DeleteAccessPointPolicyForObjectLambda
:
Parameter Syntax
$result = $client->deleteAccessPointPolicyForObjectLambda([ 'AccountId' => '<string>', // REQUIRED 'Name' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The account ID for the account that owns the specified Object Lambda Access Point.
- Name
-
- Required: Yes
- Type: string
The name of the Object Lambda Access Point you want to delete the policy for.
Result Syntax
[]
Result Details
Errors
There are no errors described for this operation.
DeleteBucket
$result = $client->deleteBucket
([/* ... */]); $promise = $client->deleteBucketAsync
([/* ... */]);
This action deletes an Amazon S3 on Outposts bucket. To delete an S3 bucket, see DeleteBucket in the Amazon S3 API Reference.
Deletes the Amazon S3 on Outposts bucket. All objects (including all object versions and delete markers) in the bucket must be deleted before the bucket itself can be deleted. For more information, see Using Amazon S3 on Outposts in Amazon S3 User Guide.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples section.
Related Resources
Parameter Syntax
$result = $client->deleteBucket([ 'AccountId' => '<string>', // REQUIRED 'Bucket' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The account ID that owns the Outposts bucket.
- Bucket
-
- Required: Yes
- Type: string
Specifies the bucket being deleted.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format
arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>
. For example, to access the bucketreports
through Outpostmy-outpost
owned by account123456789012
in Regionus-west-2
, use the URL encoding ofarn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports
. The value must be URL encoded.
Result Syntax
[]
Result Details
Errors
There are no errors described for this operation.
DeleteBucketLifecycleConfiguration
$result = $client->deleteBucketLifecycleConfiguration
([/* ... */]); $promise = $client->deleteBucketLifecycleConfigurationAsync
([/* ... */]);
This action deletes an Amazon S3 on Outposts bucket's lifecycle configuration. To delete an S3 bucket's lifecycle configuration, see DeleteBucketLifecycle in the Amazon S3 API Reference.
Deletes the lifecycle configuration from the specified Outposts bucket. Amazon S3 on Outposts removes all the lifecycle configuration rules in the lifecycle subresource associated with the bucket. Your objects never expire, and Amazon S3 on Outposts no longer automatically deletes any objects on the basis of rules contained in the deleted lifecycle configuration. For more information, see Using Amazon S3 on Outposts in Amazon S3 User Guide.
To use this operation, you must have permission to perform the s3-outposts:PutLifecycleConfiguration
action. By default, the bucket owner has this permission and the Outposts bucket owner can grant this permission to others.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples section.
For more information about object expiration, see Elements to Describe Lifecycle Actions.
Related actions include:
Parameter Syntax
$result = $client->deleteBucketLifecycleConfiguration([ 'AccountId' => '<string>', // REQUIRED 'Bucket' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The account ID of the lifecycle configuration to delete.
- Bucket
-
- Required: Yes
- Type: string
Specifies the bucket.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format
arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>
. For example, to access the bucketreports
through Outpostmy-outpost
owned by account123456789012
in Regionus-west-2
, use the URL encoding ofarn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports
. The value must be URL encoded.
Result Syntax
[]
Result Details
Errors
There are no errors described for this operation.
DeleteBucketPolicy
$result = $client->deleteBucketPolicy
([/* ... */]); $promise = $client->deleteBucketPolicyAsync
([/* ... */]);
This action deletes an Amazon S3 on Outposts bucket policy. To delete an S3 bucket policy, see DeleteBucketPolicy in the Amazon S3 API Reference.
This implementation of the DELETE action uses the policy subresource to delete the policy of a specified Amazon S3 on Outposts bucket. If you are using an identity other than the root user of the Amazon Web Services account that owns the bucket, the calling identity must have the s3-outposts:DeleteBucketPolicy
permissions on the specified Outposts bucket and belong to the bucket owner's account to use this action. For more information, see Using Amazon S3 on Outposts in Amazon S3 User Guide.
If you don't have DeleteBucketPolicy
permissions, Amazon S3 returns a 403 Access Denied
error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 405 Method Not Allowed
error.
As a security precaution, the root user of the Amazon Web Services account that owns a bucket can always use this action, even if the policy explicitly denies the root user the ability to perform this action.
For more information about bucket policies, see Using Bucket Policies and User Policies.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples section.
The following actions are related to DeleteBucketPolicy
:
Parameter Syntax
$result = $client->deleteBucketPolicy([ 'AccountId' => '<string>', // REQUIRED 'Bucket' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The account ID of the Outposts bucket.
- Bucket
-
- Required: Yes
- Type: string
Specifies the bucket.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format
arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>
. For example, to access the bucketreports
through Outpostmy-outpost
owned by account123456789012
in Regionus-west-2
, use the URL encoding ofarn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports
. The value must be URL encoded.
Result Syntax
[]
Result Details
Errors
There are no errors described for this operation.
DeleteBucketReplication
$result = $client->deleteBucketReplication
([/* ... */]); $promise = $client->deleteBucketReplicationAsync
([/* ... */]);
This operation deletes an Amazon S3 on Outposts bucket's replication configuration. To delete an S3 bucket's replication configuration, see DeleteBucketReplication in the Amazon S3 API Reference.
Deletes the replication configuration from the specified S3 on Outposts bucket.
To use this operation, you must have permissions to perform the s3-outposts:PutReplicationConfiguration
action. The Outposts bucket owner has this permission by default and can grant it to others. For more information about permissions, see Setting up IAM with S3 on Outposts and Managing access to S3 on Outposts buckets in the Amazon S3 User Guide.
It can take a while to propagate PUT
or DELETE
requests for a replication configuration to all S3 on Outposts systems. Therefore, the replication configuration that's returned by a GET
request soon after a PUT
or DELETE
request might return a more recent result than what's on the Outpost. If an Outpost is offline, the delay in updating the replication configuration on that Outpost can be significant.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples section.
For information about S3 replication on Outposts configuration, see Replicating objects for S3 on Outposts in the Amazon S3 User Guide.
The following operations are related to DeleteBucketReplication
:
Parameter Syntax
$result = $client->deleteBucketReplication([ 'AccountId' => '<string>', // REQUIRED 'Bucket' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the Outposts bucket to delete the replication configuration for.
- Bucket
-
- Required: Yes
- Type: string
Specifies the S3 on Outposts bucket to delete the replication configuration for.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format
arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>
. For example, to access the bucketreports
through Outpostmy-outpost
owned by account123456789012
in Regionus-west-2
, use the URL encoding ofarn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports
. The value must be URL encoded.
Result Syntax
[]
Result Details
Errors
There are no errors described for this operation.
DeleteBucketTagging
$result = $client->deleteBucketTagging
([/* ... */]); $promise = $client->deleteBucketTaggingAsync
([/* ... */]);
This action deletes an Amazon S3 on Outposts bucket's tags. To delete an S3 bucket tags, see DeleteBucketTagging in the Amazon S3 API Reference.
Deletes the tags from the Outposts bucket. For more information, see Using Amazon S3 on Outposts in Amazon S3 User Guide.
To use this action, you must have permission to perform the PutBucketTagging
action. By default, the bucket owner has this permission and can grant this permission to others.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples section.
The following actions are related to DeleteBucketTagging
:
Parameter Syntax
$result = $client->deleteBucketTagging([ 'AccountId' => '<string>', // REQUIRED 'Bucket' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the Outposts bucket tag set to be removed.
- Bucket
-
- Required: Yes
- Type: string
The bucket ARN that has the tag set to be removed.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format
arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>
. For example, to access the bucketreports
through Outpostmy-outpost
owned by account123456789012
in Regionus-west-2
, use the URL encoding ofarn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports
. The value must be URL encoded.
Result Syntax
[]
Result Details
Errors
There are no errors described for this operation.
DeleteJobTagging
$result = $client->deleteJobTagging
([/* ... */]); $promise = $client->deleteJobTaggingAsync
([/* ... */]);
Removes the entire tag set from the specified S3 Batch Operations job.
- Permissions
-
To use the
DeleteJobTagging
operation, you must have permission to perform thes3:DeleteJobTagging
action. For more information, see Controlling access and labeling jobs using tags in the Amazon S3 User Guide.
Related actions include:
Parameter Syntax
$result = $client->deleteJobTagging([ 'AccountId' => '<string>', // REQUIRED 'JobId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID associated with the S3 Batch Operations job.
- JobId
-
- Required: Yes
- Type: string
The ID for the S3 Batch Operations job whose tags you want to delete.
Result Syntax
[]
Result Details
Errors
DeleteMultiRegionAccessPoint
$result = $client->deleteMultiRegionAccessPoint
([/* ... */]); $promise = $client->deleteMultiRegionAccessPointAsync
([/* ... */]);
This operation is not supported by directory buckets.
Deletes a Multi-Region Access Point. This action does not delete the buckets associated with the Multi-Region Access Point, only the Multi-Region Access Point itself.
This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point restrictions and limitations in the Amazon S3 User Guide.
This request is asynchronous, meaning that you might receive a response before the command has completed. When this request provides a response, it provides a token that you can use to monitor the status of the request with DescribeMultiRegionAccessPointOperation
.
The following actions are related to DeleteMultiRegionAccessPoint
:
Parameter Syntax
$result = $client->deleteMultiRegionAccessPoint([ 'AccountId' => '<string>', // REQUIRED 'ClientToken' => '<string>', // REQUIRED 'Details' => [ // REQUIRED 'Name' => '<string>', // REQUIRED ], ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID for the owner of the Multi-Region Access Point.
- ClientToken
-
- Required: Yes
- Type: string
An idempotency token used to identify the request and guarantee that requests are unique.
- Details
-
- Required: Yes
- Type: DeleteMultiRegionAccessPointInput structure
A container element containing details about the Multi-Region Access Point.
Result Syntax
[ 'RequestTokenARN' => '<string>', ]
Result Details
Members
- RequestTokenARN
-
- Type: string
The request token associated with the request. You can use this token with DescribeMultiRegionAccessPointOperation to determine the status of asynchronous requests.
Errors
There are no errors described for this operation.
DeletePublicAccessBlock
$result = $client->deletePublicAccessBlock
([/* ... */]); $promise = $client->deletePublicAccessBlockAsync
([/* ... */]);
This operation is not supported by directory buckets.
Removes the PublicAccessBlock
configuration for an Amazon Web Services account. For more information, see Using Amazon S3 block public access.
Related actions include:
Parameter Syntax
$result = $client->deletePublicAccessBlock([ 'AccountId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The account ID for the Amazon Web Services account whose
PublicAccessBlock
configuration you want to remove.
Result Syntax
[]
Result Details
Errors
There are no errors described for this operation.
DeleteStorageLensConfiguration
$result = $client->deleteStorageLensConfiguration
([/* ... */]); $promise = $client->deleteStorageLensConfigurationAsync
([/* ... */]);
This operation is not supported by directory buckets.
Deletes the Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon S3 User Guide.
To use this action, you must have permission to perform the s3:DeleteStorageLensConfiguration
action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide.
Parameter Syntax
$result = $client->deleteStorageLensConfiguration([ 'AccountId' => '<string>', // REQUIRED 'ConfigId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The account ID of the requester.
- ConfigId
-
- Required: Yes
- Type: string
The ID of the S3 Storage Lens configuration.
Result Syntax
[]
Result Details
Errors
There are no errors described for this operation.
DeleteStorageLensConfigurationTagging
$result = $client->deleteStorageLensConfigurationTagging
([/* ... */]); $promise = $client->deleteStorageLensConfigurationTaggingAsync
([/* ... */]);
This operation is not supported by directory buckets.
Deletes the Amazon S3 Storage Lens configuration tags. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon S3 User Guide.
To use this action, you must have permission to perform the s3:DeleteStorageLensConfigurationTagging
action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide.
Parameter Syntax
$result = $client->deleteStorageLensConfigurationTagging([ 'AccountId' => '<string>', // REQUIRED 'ConfigId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The account ID of the requester.
- ConfigId
-
- Required: Yes
- Type: string
The ID of the S3 Storage Lens configuration.
Result Syntax
[]
Result Details
Errors
There are no errors described for this operation.
DeleteStorageLensGroup
$result = $client->deleteStorageLensGroup
([/* ... */]); $promise = $client->deleteStorageLensGroupAsync
([/* ... */]);
Deletes an existing S3 Storage Lens group.
To use this operation, you must have the permission to perform the s3:DeleteStorageLensGroup
action. For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups.
For information about Storage Lens groups errors, see List of Amazon S3 Storage Lens error codes.
Parameter Syntax
$result = $client->deleteStorageLensGroup([ 'AccountId' => '<string>', // REQUIRED 'Name' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID used to create the Storage Lens group that you're trying to delete.
- Name
-
- Required: Yes
- Type: string
The name of the Storage Lens group that you're trying to delete.
Result Syntax
[]
Result Details
Errors
There are no errors described for this operation.
DescribeJob
$result = $client->describeJob
([/* ... */]); $promise = $client->describeJobAsync
([/* ... */]);
Retrieves the configuration parameters and status for a Batch Operations job. For more information, see S3 Batch Operations in the Amazon S3 User Guide.
- Permissions
-
To use the
DescribeJob
operation, you must have permission to perform thes3:DescribeJob
action.
Related actions include:
Parameter Syntax
$result = $client->describeJob([ 'AccountId' => '<string>', // REQUIRED 'JobId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID associated with the S3 Batch Operations job.
- JobId
-
- Required: Yes
- Type: string
The ID for the job whose information you want to retrieve.
Result Syntax
[ 'Job' => [ 'ConfirmationRequired' => true || false, 'CreationTime' => <DateTime>, 'Description' => '<string>', 'FailureReasons' => [ [ 'FailureCode' => '<string>', 'FailureReason' => '<string>', ], // ... ], 'GeneratedManifestDescriptor' => [ 'Format' => 'S3InventoryReport_CSV_20211130', 'Location' => [ 'ETag' => '<string>', 'ObjectArn' => '<string>', 'ObjectVersionId' => '<string>', ], ], 'JobArn' => '<string>', 'JobId' => '<string>', 'Manifest' => [ 'Location' => [ 'ETag' => '<string>', 'ObjectArn' => '<string>', 'ObjectVersionId' => '<string>', ], 'Spec' => [ 'Fields' => ['<string>', ...], 'Format' => 'S3BatchOperations_CSV_20180820|S3InventoryReport_CSV_20161130', ], ], 'ManifestGenerator' => [ 'S3JobManifestGenerator' => [ 'EnableManifestOutput' => true || false, 'ExpectedBucketOwner' => '<string>', 'Filter' => [ 'CreatedAfter' => <DateTime>, 'CreatedBefore' => <DateTime>, 'EligibleForReplication' => true || false, 'KeyNameConstraint' => [ 'MatchAnyPrefix' => ['<string>', ...], 'MatchAnySubstring' => ['<string>', ...], 'MatchAnySuffix' => ['<string>', ...], ], 'MatchAnyStorageClass' => ['<string>', ...], 'ObjectReplicationStatuses' => ['<string>', ...], 'ObjectSizeGreaterThanBytes' => <integer>, 'ObjectSizeLessThanBytes' => <integer>, ], 'ManifestOutputLocation' => [ 'Bucket' => '<string>', 'ExpectedManifestBucketOwner' => '<string>', 'ManifestEncryption' => [ 'SSEKMS' => [ 'KeyId' => '<string>', ], 'SSES3' => [ ], ], 'ManifestFormat' => 'S3InventoryReport_CSV_20211130', 'ManifestPrefix' => '<string>', ], 'SourceBucket' => '<string>', ], ], 'Operation' => [ 'LambdaInvoke' => [ 'FunctionArn' => '<string>', 'InvocationSchemaVersion' => '<string>', 'UserArguments' => ['<string>', ...], ], 'S3DeleteObjectTagging' => [ ], 'S3InitiateRestoreObject' => [ 'ExpirationInDays' => <integer>, 'GlacierJobTier' => 'BULK|STANDARD', ], 'S3PutObjectAcl' => [ 'AccessControlPolicy' => [ 'AccessControlList' => [ 'Grants' => [ [ 'Grantee' => [ 'DisplayName' => '<string>', 'Identifier' => '<string>', 'TypeIdentifier' => 'id|emailAddress|uri', ], 'Permission' => 'FULL_CONTROL|READ|WRITE|READ_ACP|WRITE_ACP', ], // ... ], 'Owner' => [ 'DisplayName' => '<string>', 'ID' => '<string>', ], ], 'CannedAccessControlList' => 'private|public-read|public-read-write|aws-exec-read|authenticated-read|bucket-owner-read|bucket-owner-full-control', ], ], 'S3PutObjectCopy' => [ 'AccessControlGrants' => [ [ 'Grantee' => [ 'DisplayName' => '<string>', 'Identifier' => '<string>', 'TypeIdentifier' => 'id|emailAddress|uri', ], 'Permission' => 'FULL_CONTROL|READ|WRITE|READ_ACP|WRITE_ACP', ], // ... ], 'BucketKeyEnabled' => true || false, 'CannedAccessControlList' => 'private|public-read|public-read-write|aws-exec-read|authenticated-read|bucket-owner-read|bucket-owner-full-control', 'ChecksumAlgorithm' => 'CRC32|CRC32C|SHA1|SHA256|CRC64NVME', 'MetadataDirective' => 'COPY|REPLACE', 'ModifiedSinceConstraint' => <DateTime>, 'NewObjectMetadata' => [ 'CacheControl' => '<string>', 'ContentDisposition' => '<string>', 'ContentEncoding' => '<string>', 'ContentLanguage' => '<string>', 'ContentLength' => <integer>, 'ContentMD5' => '<string>', 'ContentType' => '<string>', 'HttpExpiresDate' => <DateTime>, 'RequesterCharged' => true || false, 'SSEAlgorithm' => 'AES256|KMS', 'UserMetadata' => ['<string>', ...], ], 'NewObjectTagging' => [ [ 'Key' => '<string>', 'Value' => '<string>', ], // ... ], 'ObjectLockLegalHoldStatus' => 'OFF|ON', 'ObjectLockMode' => 'COMPLIANCE|GOVERNANCE', 'ObjectLockRetainUntilDate' => <DateTime>, 'RedirectLocation' => '<string>', 'RequesterPays' => true || false, 'SSEAwsKmsKeyId' => '<string>', 'StorageClass' => 'STANDARD|STANDARD_IA|ONEZONE_IA|GLACIER|INTELLIGENT_TIERING|DEEP_ARCHIVE|GLACIER_IR', 'TargetKeyPrefix' => '<string>', 'TargetResource' => '<string>', 'UnModifiedSinceConstraint' => <DateTime>, ], 'S3PutObjectLegalHold' => [ 'LegalHold' => [ 'Status' => 'OFF|ON', ], ], 'S3PutObjectRetention' => [ 'BypassGovernanceRetention' => true || false, 'Retention' => [ 'Mode' => 'COMPLIANCE|GOVERNANCE', 'RetainUntilDate' => <DateTime>, ], ], 'S3PutObjectTagging' => [ 'TagSet' => [ [ 'Key' => '<string>', 'Value' => '<string>', ], // ... ], ], 'S3ReplicateObject' => [ ], ], 'Priority' => <integer>, 'ProgressSummary' => [ 'NumberOfTasksFailed' => <integer>, 'NumberOfTasksSucceeded' => <integer>, 'Timers' => [ 'ElapsedTimeInActiveSeconds' => <integer>, ], 'TotalNumberOfTasks' => <integer>, ], 'Report' => [ 'Bucket' => '<string>', 'Enabled' => true || false, 'Format' => 'Report_CSV_20180820', 'Prefix' => '<string>', 'ReportScope' => 'AllTasks|FailedTasksOnly', ], 'RoleArn' => '<string>', 'Status' => 'Active|Cancelled|Cancelling|Complete|Completing|Failed|Failing|New|Paused|Pausing|Preparing|Ready|Suspended', 'StatusUpdateReason' => '<string>', 'SuspendedCause' => '<string>', 'SuspendedDate' => <DateTime>, 'TerminationDate' => <DateTime>, ], ]
Result Details
Members
- Job
-
- Type: JobDescriptor structure
Contains the configuration parameters and status for the job specified in the
Describe Job
request.
Errors
DescribeMultiRegionAccessPointOperation
$result = $client->describeMultiRegionAccessPointOperation
([/* ... */]); $promise = $client->describeMultiRegionAccessPointOperationAsync
([/* ... */]);
This operation is not supported by directory buckets.
Retrieves the status of an asynchronous request to manage a Multi-Region Access Point. For more information about managing Multi-Region Access Points and how asynchronous requests work, see Using Multi-Region Access Points in the Amazon S3 User Guide.
The following actions are related to GetMultiRegionAccessPoint
:
Parameter Syntax
$result = $client->describeMultiRegionAccessPointOperation([ 'AccountId' => '<string>', // REQUIRED 'RequestTokenARN' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID for the owner of the Multi-Region Access Point.
- RequestTokenARN
-
- Required: Yes
- Type: string
The request token associated with the request you want to know about. This request token is returned as part of the response when you make an asynchronous request. You provide this token to query about the status of the asynchronous action.
Result Syntax
[ 'AsyncOperation' => [ 'CreationTime' => <DateTime>, 'Operation' => 'CreateMultiRegionAccessPoint|DeleteMultiRegionAccessPoint|PutMultiRegionAccessPointPolicy', 'RequestParameters' => [ 'CreateMultiRegionAccessPointRequest' => [ 'Name' => '<string>', 'PublicAccessBlock' => [ 'BlockPublicAcls' => true || false, 'BlockPublicPolicy' => true || false, 'IgnorePublicAcls' => true || false, 'RestrictPublicBuckets' => true || false, ], 'Regions' => [ [ 'Bucket' => '<string>', 'BucketAccountId' => '<string>', ], // ... ], ], 'DeleteMultiRegionAccessPointRequest' => [ 'Name' => '<string>', ], 'PutMultiRegionAccessPointPolicyRequest' => [ 'Name' => '<string>', 'Policy' => '<string>', ], ], 'RequestStatus' => '<string>', 'RequestTokenARN' => '<string>', 'ResponseDetails' => [ 'ErrorDetails' => [ 'Code' => '<string>', 'Message' => '<string>', 'RequestId' => '<string>', 'Resource' => '<string>', ], 'MultiRegionAccessPointDetails' => [ 'Regions' => [ [ 'Name' => '<string>', 'RequestStatus' => '<string>', ], // ... ], ], ], ], ]
Result Details
Members
- AsyncOperation
-
- Type: AsyncOperation structure
A container element containing the details of the asynchronous operation.
Errors
There are no errors described for this operation.
DissociateAccessGrantsIdentityCenter
$result = $client->dissociateAccessGrantsIdentityCenter
([/* ... */]); $promise = $client->dissociateAccessGrantsIdentityCenterAsync
([/* ... */]);
Dissociates the Amazon Web Services IAM Identity Center instance from the S3 Access Grants instance.
- Permissions
-
You must have the
s3:DissociateAccessGrantsIdentityCenter
permission to use this operation. - Additional Permissions
-
You must have the
sso:DeleteApplication
permission to use this operation.
Parameter Syntax
$result = $client->dissociateAccessGrantsIdentityCenter([ 'AccountId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the S3 Access Grants instance.
Result Syntax
[]
Result Details
Errors
There are no errors described for this operation.
GetAccessGrant
$result = $client->getAccessGrant
([/* ... */]); $promise = $client->getAccessGrantAsync
([/* ... */]);
Get the details of an access grant from your S3 Access Grants instance.
- Permissions
-
You must have the
s3:GetAccessGrant
permission to use this operation.
Parameter Syntax
$result = $client->getAccessGrant([ 'AccessGrantId' => '<string>', // REQUIRED 'AccountId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AccessGrantId
-
- Required: Yes
- Type: string
The ID of the access grant. S3 Access Grants auto-generates this ID when you create the access grant.
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the S3 Access Grants instance.
Result Syntax
[ 'AccessGrantArn' => '<string>', 'AccessGrantId' => '<string>', 'AccessGrantsLocationConfiguration' => [ 'S3SubPrefix' => '<string>', ], 'AccessGrantsLocationId' => '<string>', 'ApplicationArn' => '<string>', 'CreatedAt' => <DateTime>, 'GrantScope' => '<string>', 'Grantee' => [ 'GranteeIdentifier' => '<string>', 'GranteeType' => 'DIRECTORY_USER|DIRECTORY_GROUP|IAM', ], 'Permission' => 'READ|WRITE|READWRITE', ]
Result Details
Members
- AccessGrantArn
-
- Type: string
The Amazon Resource Name (ARN) of the access grant.
- AccessGrantId
-
- Type: string
The ID of the access grant. S3 Access Grants auto-generates this ID when you create the access grant.
- AccessGrantsLocationConfiguration
-
- Type: AccessGrantsLocationConfiguration structure
The configuration options of the grant location. The grant location is the S3 path to the data to which you are granting access.
- AccessGrantsLocationId
-
- Type: string
The ID of the registered location to which you are granting access. S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID
default
to the default locations3://
and assigns an auto-generated ID to other locations that you register. - ApplicationArn
-
- Type: string
The Amazon Resource Name (ARN) of an Amazon Web Services IAM Identity Center application associated with your Identity Center instance. If the grant includes an application ARN, the grantee can only access the S3 data through this application.
- CreatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time when you created the access grant.
- GrantScope
-
- Type: string
The S3 path of the data to which you are granting access. It is the result of appending the
Subprefix
to the location scope. - Grantee
-
- Type: Grantee structure
The user, group, or role to which you are granting access. You can grant access to an IAM user or role. If you have added a corporate directory to Amazon Web Services IAM Identity Center and associated this Identity Center instance with the S3 Access Grants instance, the grantee can also be a corporate directory user or group.
- Permission
-
- Type: string
The type of permission that was granted in the access grant. Can be one of the following values:
-
READ
– Grant read-only access to the S3 data. -
WRITE
– Grant write-only access to the S3 data. -
READWRITE
– Grant both read and write access to the S3 data.
Errors
There are no errors described for this operation.
GetAccessGrantsInstance
$result = $client->getAccessGrantsInstance
([/* ... */]); $promise = $client->getAccessGrantsInstanceAsync
([/* ... */]);
Retrieves the S3 Access Grants instance for a Region in your account.
- Permissions
-
You must have the
s3:GetAccessGrantsInstance
permission to use this operation.
GetAccessGrantsInstance
is not supported for cross-account access. You can only call the API from the account that owns the S3 Access Grants instance.
Parameter Syntax
$result = $client->getAccessGrantsInstance([ 'AccountId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the S3 Access Grants instance.
Result Syntax
[ 'AccessGrantsInstanceArn' => '<string>', 'AccessGrantsInstanceId' => '<string>', 'CreatedAt' => <DateTime>, 'IdentityCenterApplicationArn' => '<string>', 'IdentityCenterArn' => '<string>', 'IdentityCenterInstanceArn' => '<string>', ]
Result Details
Members
- AccessGrantsInstanceArn
-
- Type: string
The Amazon Resource Name (ARN) of the S3 Access Grants instance.
- AccessGrantsInstanceId
-
- Type: string
The ID of the S3 Access Grants instance. The ID is
default
. You can have one S3 Access Grants instance per Region per account. - CreatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time when you created the S3 Access Grants instance.
- IdentityCenterApplicationArn
-
- Type: string
If you associated your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance, this field returns the Amazon Resource Name (ARN) of the IAM Identity Center instance application; a subresource of the original Identity Center instance. S3 Access Grants creates this Identity Center application for the specific S3 Access Grants instance.
- IdentityCenterArn
-
- Type: string
If you associated your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance, this field returns the Amazon Resource Name (ARN) of the IAM Identity Center instance application; a subresource of the original Identity Center instance. S3 Access Grants creates this Identity Center application for the specific S3 Access Grants instance.
- IdentityCenterInstanceArn
-
- Type: string
The Amazon Resource Name (ARN) of the Amazon Web Services IAM Identity Center instance that you are associating with your S3 Access Grants instance. An IAM Identity Center instance is your corporate identity directory that you added to the IAM Identity Center. You can use the ListInstances API operation to retrieve a list of your Identity Center instances and their ARNs.
Errors
There are no errors described for this operation.
GetAccessGrantsInstanceForPrefix
$result = $client->getAccessGrantsInstanceForPrefix
([/* ... */]); $promise = $client->getAccessGrantsInstanceForPrefixAsync
([/* ... */]);
Retrieve the S3 Access Grants instance that contains a particular prefix.
- Permissions
-
You must have the
s3:GetAccessGrantsInstanceForPrefix
permission for the caller account to use this operation. - Additional Permissions
-
The prefix owner account must grant you the following permissions to their S3 Access Grants instance:
s3:GetAccessGrantsInstanceForPrefix
.
Parameter Syntax
$result = $client->getAccessGrantsInstanceForPrefix([ 'AccountId' => '<string>', // REQUIRED 'S3Prefix' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The ID of the Amazon Web Services account that is making this request.
- S3Prefix
-
- Required: Yes
- Type: string
The S3 prefix of the access grants that you would like to retrieve.
Result Syntax
[ 'AccessGrantsInstanceArn' => '<string>', 'AccessGrantsInstanceId' => '<string>', ]
Result Details
Members
- AccessGrantsInstanceArn
-
- Type: string
The Amazon Resource Name (ARN) of the S3 Access Grants instance.
- AccessGrantsInstanceId
-
- Type: string
The ID of the S3 Access Grants instance. The ID is
default
. You can have one S3 Access Grants instance per Region per account.
Errors
There are no errors described for this operation.
GetAccessGrantsInstanceResourcePolicy
$result = $client->getAccessGrantsInstanceResourcePolicy
([/* ... */]); $promise = $client->getAccessGrantsInstanceResourcePolicyAsync
([/* ... */]);
Returns the resource policy of the S3 Access Grants instance.
- Permissions
-
You must have the
s3:GetAccessGrantsInstanceResourcePolicy
permission to use this operation.
Parameter Syntax
$result = $client->getAccessGrantsInstanceResourcePolicy([ 'AccountId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the S3 Access Grants instance.
Result Syntax
[ 'CreatedAt' => <DateTime>, 'Organization' => '<string>', 'Policy' => '<string>', ]
Result Details
Members
- CreatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time when you created the S3 Access Grants instance resource policy.
- Organization
-
- Type: string
The Organization of the resource policy of the S3 Access Grants instance.
- Policy
-
- Type: string
The resource policy of the S3 Access Grants instance.
Errors
There are no errors described for this operation.
GetAccessGrantsLocation
$result = $client->getAccessGrantsLocation
([/* ... */]); $promise = $client->getAccessGrantsLocationAsync
([/* ... */]);
Retrieves the details of a particular location registered in your S3 Access Grants instance.
- Permissions
-
You must have the
s3:GetAccessGrantsLocation
permission to use this operation.
Parameter Syntax
$result = $client->getAccessGrantsLocation([ 'AccessGrantsLocationId' => '<string>', // REQUIRED 'AccountId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AccessGrantsLocationId
-
- Required: Yes
- Type: string
The ID of the registered location that you are retrieving. S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID
default
to the default locations3://
and assigns an auto-generated ID to other locations that you register. - AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the S3 Access Grants instance.
Result Syntax
[ 'AccessGrantsLocationArn' => '<string>', 'AccessGrantsLocationId' => '<string>', 'CreatedAt' => <DateTime>, 'IAMRoleArn' => '<string>', 'LocationScope' => '<string>', ]
Result Details
Members
- AccessGrantsLocationArn
-
- Type: string
The Amazon Resource Name (ARN) of the registered location.
- AccessGrantsLocationId
-
- Type: string
The ID of the registered location to which you are granting access. S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID
default
to the default locations3://
and assigns an auto-generated ID to other locations that you register. - CreatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time when you registered the location.
- IAMRoleArn
-
- Type: string
The Amazon Resource Name (ARN) of the IAM role for the registered location. S3 Access Grants assumes this role to manage access to the registered location.
- LocationScope
-
- Type: string
The S3 URI path to the registered location. The location scope can be the default S3 location
s3://
, the S3 path to a bucket, or the S3 path to a bucket and prefix. A prefix in S3 is a string of characters at the beginning of an object key name used to organize the objects that you store in your S3 buckets. For example, object key names that start with theengineering/
prefix or object key names that start with themarketing/campaigns/
prefix.
Errors
There are no errors described for this operation.
GetAccessPoint
$result = $client->getAccessPoint
([/* ... */]); $promise = $client->getAccessPointAsync
([/* ... */]);
This operation is not supported by directory buckets.
Returns configuration information about the specified access point.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples section.
The following actions are related to GetAccessPoint
:
Parameter Syntax
$result = $client->getAccessPoint([ 'AccountId' => '<string>', // REQUIRED 'Name' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID for the account that owns the specified access point.
- Name
-
- Required: Yes
- Type: string
The name of the access point whose configuration information you want to retrieve.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the access point accessed in the format
arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/accesspoint/<my-accesspoint-name>
. For example, to access the access pointreports-ap
through Outpostmy-outpost
owned by account123456789012
in Regionus-west-2
, use the URL encoding ofarn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap
. The value must be URL encoded.
Result Syntax
[ 'AccessPointArn' => '<string>', 'Alias' => '<string>', 'Bucket' => '<string>', 'BucketAccountId' => '<string>', 'CreationDate' => <DateTime>, 'Endpoints' => ['<string>', ...], 'Name' => '<string>', 'NetworkOrigin' => 'Internet|VPC', 'PublicAccessBlockConfiguration' => [ 'BlockPublicAcls' => true || false, 'BlockPublicPolicy' => true || false, 'IgnorePublicAcls' => true || false, 'RestrictPublicBuckets' => true || false, ], 'VpcConfiguration' => [ 'VpcId' => '<string>', ], ]
Result Details
Members
- AccessPointArn
-
- Type: string
The ARN of the access point.
- Alias
-
- Type: string
The name or alias of the access point.
- Bucket
-
- Type: string
The name of the bucket associated with the specified access point.
- BucketAccountId
-
- Type: string
The Amazon Web Services account ID associated with the S3 bucket associated with this access point.
- CreationDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time when the specified access point was created.
- Endpoints
-
- Type: Associative array of custom strings keys (NonEmptyMaxLength64String) to strings
The VPC endpoint for the access point.
- Name
-
- Type: string
The name of the specified access point.
- NetworkOrigin
-
- Type: string
Indicates whether this access point allows access from the public internet. If
VpcConfiguration
is specified for this access point, thenNetworkOrigin
isVPC
, and the access point doesn't allow access from the public internet. Otherwise,NetworkOrigin
isInternet
, and the access point allows access from the public internet, subject to the access point and bucket access policies.This will always be true for an Amazon S3 on Outposts access point
- PublicAccessBlockConfiguration
-
- Type: PublicAccessBlockConfiguration structure
The
PublicAccessBlock
configuration that you want to apply to this Amazon S3 account. You can enable the configuration options in any combination. For more information about when Amazon S3 considers a bucket or object public, see The Meaning of "Public" in the Amazon S3 User Guide.This data type is not supported for Amazon S3 on Outposts.
- VpcConfiguration
-
- Type: VpcConfiguration structure
Contains the virtual private cloud (VPC) configuration for the specified access point.
This element is empty if this access point is an Amazon S3 on Outposts access point that is used by other Amazon Web Services services.
Errors
There are no errors described for this operation.
GetAccessPointConfigurationForObjectLambda
$result = $client->getAccessPointConfigurationForObjectLambda
([/* ... */]); $promise = $client->getAccessPointConfigurationForObjectLambdaAsync
([/* ... */]);
This operation is not supported by directory buckets.
Returns configuration for an Object Lambda Access Point.
The following actions are related to GetAccessPointConfigurationForObjectLambda
:
Parameter Syntax
$result = $client->getAccessPointConfigurationForObjectLambda([ 'AccountId' => '<string>', // REQUIRED 'Name' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The account ID for the account that owns the specified Object Lambda Access Point.
- Name
-
- Required: Yes
- Type: string
The name of the Object Lambda Access Point you want to return the configuration for.
Result Syntax
[ 'Configuration' => [ 'AllowedFeatures' => ['<string>', ...], 'CloudWatchMetricsEnabled' => true || false, 'SupportingAccessPoint' => '<string>', 'TransformationConfigurations' => [ [ 'Actions' => ['<string>', ...], 'ContentTransformation' => [ 'AwsLambda' => [ 'FunctionArn' => '<string>', 'FunctionPayload' => '<string>', ], ], ], // ... ], ], ]
Result Details
Members
- Configuration
-
- Type: ObjectLambdaConfiguration structure
Object Lambda Access Point configuration document.
Errors
There are no errors described for this operation.
GetAccessPointForObjectLambda
$result = $client->getAccessPointForObjectLambda
([/* ... */]); $promise = $client->getAccessPointForObjectLambdaAsync
([/* ... */]);
This operation is not supported by directory buckets.
Returns configuration information about the specified Object Lambda Access Point
The following actions are related to GetAccessPointForObjectLambda
:
Parameter Syntax
$result = $client->getAccessPointForObjectLambda([ 'AccountId' => '<string>', // REQUIRED 'Name' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The account ID for the account that owns the specified Object Lambda Access Point.
- Name
-
- Required: Yes
- Type: string
The name of the Object Lambda Access Point.
Result Syntax
[ 'Alias' => [ 'Status' => 'PROVISIONING|READY', 'Value' => '<string>', ], 'CreationDate' => <DateTime>, 'Name' => '<string>', 'PublicAccessBlockConfiguration' => [ 'BlockPublicAcls' => true || false, 'BlockPublicPolicy' => true || false, 'IgnorePublicAcls' => true || false, 'RestrictPublicBuckets' => true || false, ], ]
Result Details
Members
- Alias
-
- Type: ObjectLambdaAccessPointAlias structure
The alias of the Object Lambda Access Point.
- CreationDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time when the specified Object Lambda Access Point was created.
- Name
-
- Type: string
The name of the Object Lambda Access Point.
- PublicAccessBlockConfiguration
-
- Type: PublicAccessBlockConfiguration structure
Configuration to block all public access. This setting is turned on and can not be edited.
Errors
There are no errors described for this operation.
GetAccessPointPolicy
$result = $client->getAccessPointPolicy
([/* ... */]); $promise = $client->getAccessPointPolicyAsync
([/* ... */]);
This operation is not supported by directory buckets.
Returns the access point policy associated with the specified access point.
The following actions are related to GetAccessPointPolicy
:
Parameter Syntax
$result = $client->getAccessPointPolicy([ 'AccountId' => '<string>', // REQUIRED 'Name' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The account ID for the account that owns the specified access point.
- Name
-
- Required: Yes
- Type: string
The name of the access point whose policy you want to retrieve.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the access point accessed in the format
arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/accesspoint/<my-accesspoint-name>
. For example, to access the access pointreports-ap
through Outpostmy-outpost
owned by account123456789012
in Regionus-west-2
, use the URL encoding ofarn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap
. The value must be URL encoded.
Result Syntax
[ 'Policy' => '<string>', ]
Result Details
Members
- Policy
-
- Type: string
The access point policy associated with the specified access point.
Errors
There are no errors described for this operation.
GetAccessPointPolicyForObjectLambda
$result = $client->getAccessPointPolicyForObjectLambda
([/* ... */]); $promise = $client->getAccessPointPolicyForObjectLambdaAsync
([/* ... */]);
This operation is not supported by directory buckets.
Returns the resource policy for an Object Lambda Access Point.
The following actions are related to GetAccessPointPolicyForObjectLambda
:
Parameter Syntax
$result = $client->getAccessPointPolicyForObjectLambda([ 'AccountId' => '<string>', // REQUIRED 'Name' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The account ID for the account that owns the specified Object Lambda Access Point.
- Name
-
- Required: Yes
- Type: string
The name of the Object Lambda Access Point.
Result Syntax
[ 'Policy' => '<string>', ]
Result Details
Members
- Policy
-
- Type: string
Object Lambda Access Point resource policy document.
Errors
There are no errors described for this operation.
GetAccessPointPolicyStatus
$result = $client->getAccessPointPolicyStatus
([/* ... */]); $promise = $client->getAccessPointPolicyStatusAsync
([/* ... */]);
This operation is not supported by directory buckets.
Indicates whether the specified access point currently has a policy that allows public access. For more information about public access through access points, see Managing Data Access with Amazon S3 access points in the Amazon S3 User Guide.
Parameter Syntax
$result = $client->getAccessPointPolicyStatus([ 'AccountId' => '<string>', // REQUIRED 'Name' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The account ID for the account that owns the specified access point.
- Name
-
- Required: Yes
- Type: string
The name of the access point whose policy status you want to retrieve.
Result Syntax
[ 'PolicyStatus' => [ 'IsPublic' => true || false, ], ]
Result Details
Members
- PolicyStatus
-
- Type: PolicyStatus structure
Indicates the current policy status of the specified access point.
Errors
There are no errors described for this operation.
GetAccessPointPolicyStatusForObjectLambda
$result = $client->getAccessPointPolicyStatusForObjectLambda
([/* ... */]); $promise = $client->getAccessPointPolicyStatusForObjectLambdaAsync
([/* ... */]);
This operation is not supported by directory buckets.
Returns the status of the resource policy associated with an Object Lambda Access Point.
Parameter Syntax
$result = $client->getAccessPointPolicyStatusForObjectLambda([ 'AccountId' => '<string>', // REQUIRED 'Name' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The account ID for the account that owns the specified Object Lambda Access Point.
- Name
-
- Required: Yes
- Type: string
The name of the Object Lambda Access Point.
Result Syntax
[ 'PolicyStatus' => [ 'IsPublic' => true || false, ], ]
Result Details
Members
- PolicyStatus
-
- Type: PolicyStatus structure
Indicates whether this access point policy is public. For more information about how Amazon S3 evaluates policies to determine whether they are public, see The Meaning of "Public" in the Amazon S3 User Guide.
Errors
There are no errors described for this operation.
GetBucket
$result = $client->getBucket
([/* ... */]); $promise = $client->getBucketAsync
([/* ... */]);
Gets an Amazon S3 on Outposts bucket. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.
If you are using an identity other than the root user of the Amazon Web Services account that owns the Outposts bucket, the calling identity must have the s3-outposts:GetBucket
permissions on the specified Outposts bucket and belong to the Outposts bucket owner's account in order to use this action. Only users from Outposts bucket owner account with the right permissions can perform actions on an Outposts bucket.
If you don't have s3-outposts:GetBucket
permissions or you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 403 Access Denied
error.
The following actions are related to GetBucket
for Amazon S3 on Outposts:
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples section.
Parameter Syntax
$result = $client->getBucket([ 'AccountId' => '<string>', // REQUIRED 'Bucket' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the Outposts bucket.
- Bucket
-
- Required: Yes
- Type: string
Specifies the bucket.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format
arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>
. For example, to access the bucketreports
through Outpostmy-outpost
owned by account123456789012
in Regionus-west-2
, use the URL encoding ofarn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports
. The value must be URL encoded.
Result Syntax
[ 'Bucket' => '<string>', 'CreationDate' => <DateTime>, 'PublicAccessBlockEnabled' => true || false, ]
Result Details
Members
- Bucket
-
- Type: string
The Outposts bucket requested.
- CreationDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The creation date of the Outposts bucket.
- PublicAccessBlockEnabled
-
- Type: boolean
Errors
There are no errors described for this operation.
GetBucketLifecycleConfiguration
$result = $client->getBucketLifecycleConfiguration
([/* ... */]); $promise = $client->getBucketLifecycleConfigurationAsync
([/* ... */]);
This action gets an Amazon S3 on Outposts bucket's lifecycle configuration. To get an S3 bucket's lifecycle configuration, see GetBucketLifecycleConfiguration in the Amazon S3 API Reference.
Returns the lifecycle configuration information set on the Outposts bucket. For more information, see Using Amazon S3 on Outposts and for information about lifecycle configuration, see Object Lifecycle Management in Amazon S3 User Guide.
To use this action, you must have permission to perform the s3-outposts:GetLifecycleConfiguration
action. The Outposts bucket owner has this permission, by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples section.
GetBucketLifecycleConfiguration
has the following special error:
-
Error code:
NoSuchLifecycleConfiguration
-
Description: The lifecycle configuration does not exist.
-
HTTP Status Code: 404 Not Found
-
SOAP Fault Code Prefix: Client
-
The following actions are related to GetBucketLifecycleConfiguration
:
Parameter Syntax
$result = $client->getBucketLifecycleConfiguration([ 'AccountId' => '<string>', // REQUIRED 'Bucket' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the Outposts bucket.
- Bucket
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the bucket.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format
arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>
. For example, to access the bucketreports
through Outpostmy-outpost
owned by account123456789012
in Regionus-west-2
, use the URL encoding ofarn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports
. The value must be URL encoded.
Result Syntax
[ 'Rules' => [ [ 'AbortIncompleteMultipartUpload' => [ 'DaysAfterInitiation' => <integer>, ], 'Expiration' => [ 'Date' => <DateTime>, 'Days' => <integer>, 'ExpiredObjectDeleteMarker' => true || false, ], 'Filter' => [ 'And' => [ 'ObjectSizeGreaterThan' => <integer>, 'ObjectSizeLessThan' => <integer>, 'Prefix' => '<string>', 'Tags' => [ [ 'Key' => '<string>', 'Value' => '<string>', ], // ... ], ], 'ObjectSizeGreaterThan' => <integer>, 'ObjectSizeLessThan' => <integer>, 'Prefix' => '<string>', 'Tag' => [ 'Key' => '<string>', 'Value' => '<string>', ], ], 'ID' => '<string>', 'NoncurrentVersionExpiration' => [ 'NewerNoncurrentVersions' => <integer>, 'NoncurrentDays' => <integer>, ], 'NoncurrentVersionTransitions' => [ [ 'NoncurrentDays' => <integer>, 'StorageClass' => 'GLACIER|STANDARD_IA|ONEZONE_IA|INTELLIGENT_TIERING|DEEP_ARCHIVE', ], // ... ], 'Status' => 'Enabled|Disabled', 'Transitions' => [ [ 'Date' => <DateTime>, 'Days' => <integer>, 'StorageClass' => 'GLACIER|STANDARD_IA|ONEZONE_IA|INTELLIGENT_TIERING|DEEP_ARCHIVE', ], // ... ], ], // ... ], ]
Result Details
Members
- Rules
-
- Type: Array of LifecycleRule structures
Container for the lifecycle rule of the Outposts bucket.
Errors
There are no errors described for this operation.
GetBucketPolicy
$result = $client->getBucketPolicy
([/* ... */]); $promise = $client->getBucketPolicyAsync
([/* ... */]);
This action gets a bucket policy for an Amazon S3 on Outposts bucket. To get a policy for an S3 bucket, see GetBucketPolicy in the Amazon S3 API Reference.
Returns the policy of a specified Outposts bucket. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.
If you are using an identity other than the root user of the Amazon Web Services account that owns the bucket, the calling identity must have the GetBucketPolicy
permissions on the specified bucket and belong to the bucket owner's account in order to use this action.
Only users from Outposts bucket owner account with the right permissions can perform actions on an Outposts bucket. If you don't have s3-outposts:GetBucketPolicy
permissions or you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 403 Access Denied
error.
As a security precaution, the root user of the Amazon Web Services account that owns a bucket can always use this action, even if the policy explicitly denies the root user the ability to perform this action.
For more information about bucket policies, see Using Bucket Policies and User Policies.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples section.
The following actions are related to GetBucketPolicy
:
Parameter Syntax
$result = $client->getBucketPolicy([ 'AccountId' => '<string>', // REQUIRED 'Bucket' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the Outposts bucket.
- Bucket
-
- Required: Yes
- Type: string
Specifies the bucket.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format
arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>
. For example, to access the bucketreports
through Outpostmy-outpost
owned by account123456789012
in Regionus-west-2
, use the URL encoding ofarn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports
. The value must be URL encoded.
Result Syntax
[ 'Policy' => '<string>', ]
Result Details
Members
- Policy
-
- Type: string
The policy of the Outposts bucket.
Errors
There are no errors described for this operation.
GetBucketReplication
$result = $client->getBucketReplication
([/* ... */]); $promise = $client->getBucketReplicationAsync
([/* ... */]);
This operation gets an Amazon S3 on Outposts bucket's replication configuration. To get an S3 bucket's replication configuration, see GetBucketReplication in the Amazon S3 API Reference.
Returns the replication configuration of an S3 on Outposts bucket. For more information about S3 on Outposts, see Using Amazon S3 on Outposts in the Amazon S3 User Guide. For information about S3 replication on Outposts configuration, see Replicating objects for S3 on Outposts in the Amazon S3 User Guide.
It can take a while to propagate PUT
or DELETE
requests for a replication configuration to all S3 on Outposts systems. Therefore, the replication configuration that's returned by a GET
request soon after a PUT
or DELETE
request might return a more recent result than what's on the Outpost. If an Outpost is offline, the delay in updating the replication configuration on that Outpost can be significant.
This action requires permissions for the s3-outposts:GetReplicationConfiguration
action. The Outposts bucket owner has this permission by default and can grant it to others. For more information about permissions, see Setting up IAM with S3 on Outposts and Managing access to S3 on Outposts bucket in the Amazon S3 User Guide.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples section.
If you include the Filter
element in a replication configuration, you must also include the DeleteMarkerReplication
, Status
, and Priority
elements. The response also returns those elements.
For information about S3 on Outposts replication failure reasons, see Replication failure reasons in the Amazon S3 User Guide.
The following operations are related to GetBucketReplication
:
Parameter Syntax
$result = $client->getBucketReplication([ 'AccountId' => '<string>', // REQUIRED 'Bucket' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the Outposts bucket.
- Bucket
-
- Required: Yes
- Type: string
Specifies the bucket to get the replication information for.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format
arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>
. For example, to access the bucketreports
through Outpostmy-outpost
owned by account123456789012
in Regionus-west-2
, use the URL encoding ofarn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports
. The value must be URL encoded.
Result Syntax
[ 'ReplicationConfiguration' => [ 'Role' => '<string>', 'Rules' => [ [ 'Bucket' => '<string>', 'DeleteMarkerReplication' => [ 'Status' => 'Enabled|Disabled', ], 'Destination' => [ 'AccessControlTranslation' => [ 'Owner' => 'Destination', ], 'Account' => '<string>', 'Bucket' => '<string>', 'EncryptionConfiguration' => [ 'ReplicaKmsKeyID' => '<string>', ], 'Metrics' => [ 'EventThreshold' => [ 'Minutes' => <integer>, ], 'Status' => 'Enabled|Disabled', ], 'ReplicationTime' => [ 'Status' => 'Enabled|Disabled', 'Time' => [ 'Minutes' => <integer>, ], ], 'StorageClass' => 'STANDARD|REDUCED_REDUNDANCY|STANDARD_IA|ONEZONE_IA|INTELLIGENT_TIERING|GLACIER|DEEP_ARCHIVE|OUTPOSTS|GLACIER_IR', ], 'ExistingObjectReplication' => [ 'Status' => 'Enabled|Disabled', ], 'Filter' => [ 'And' => [ 'Prefix' => '<string>', 'Tags' => [ [ 'Key' => '<string>', 'Value' => '<string>', ], // ... ], ], 'Prefix' => '<string>', 'Tag' => [ 'Key' => '<string>', 'Value' => '<string>', ], ], 'ID' => '<string>', 'Prefix' => '<string>', 'Priority' => <integer>, 'SourceSelectionCriteria' => [ 'ReplicaModifications' => [ 'Status' => 'Enabled|Disabled', ], 'SseKmsEncryptedObjects' => [ 'Status' => 'Enabled|Disabled', ], ], 'Status' => 'Enabled|Disabled', ], // ... ], ], ]
Result Details
Members
- ReplicationConfiguration
-
- Type: ReplicationConfiguration structure
A container for one or more replication rules. A replication configuration must have at least one rule and you can add up to 100 rules. The maximum size of a replication configuration is 128 KB.
Errors
There are no errors described for this operation.
GetBucketTagging
$result = $client->getBucketTagging
([/* ... */]); $promise = $client->getBucketTaggingAsync
([/* ... */]);
This action gets an Amazon S3 on Outposts bucket's tags. To get an S3 bucket tags, see GetBucketTagging in the Amazon S3 API Reference.
Returns the tag set associated with the Outposts bucket. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.
To use this action, you must have permission to perform the GetBucketTagging
action. By default, the bucket owner has this permission and can grant this permission to others.
GetBucketTagging
has the following special error:
-
Error code:
NoSuchTagSetError
-
Description: There is no tag set associated with the bucket.
-
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples section.
The following actions are related to GetBucketTagging
:
Parameter Syntax
$result = $client->getBucketTagging([ 'AccountId' => '<string>', // REQUIRED 'Bucket' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the Outposts bucket.
- Bucket
-
- Required: Yes
- Type: string
Specifies the bucket.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format
arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>
. For example, to access the bucketreports
through Outpostmy-outpost
owned by account123456789012
in Regionus-west-2
, use the URL encoding ofarn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports
. The value must be URL encoded.
Result Syntax
[ 'TagSet' => [ [ 'Key' => '<string>', 'Value' => '<string>', ], // ... ], ]
Result Details
Members
- TagSet
-
- Required: Yes
- Type: Array of S3Tag structures
The tags set of the Outposts bucket.
Errors
There are no errors described for this operation.
GetBucketVersioning
$result = $client->getBucketVersioning
([/* ... */]); $promise = $client->getBucketVersioningAsync
([/* ... */]);
This operation returns the versioning state for S3 on Outposts buckets only. To return the versioning state for an S3 bucket, see GetBucketVersioning in the Amazon S3 API Reference.
Returns the versioning state for an S3 on Outposts bucket. With S3 Versioning, you can save multiple distinct copies of your objects and recover from unintended user actions and application failures.
If you've never set versioning on your bucket, it has no versioning state. In that case, the GetBucketVersioning
request does not return a versioning state value.
For more information about versioning, see Versioning in the Amazon S3 User Guide.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples section.
The following operations are related to GetBucketVersioning
for S3 on Outposts.
Parameter Syntax
$result = $client->getBucketVersioning([ 'AccountId' => '<string>', // REQUIRED 'Bucket' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the S3 on Outposts bucket.
- Bucket
-
- Required: Yes
- Type: string
The S3 on Outposts bucket to return the versioning state for.
Result Syntax
[ 'MFADelete' => 'Enabled|Disabled', 'Status' => 'Enabled|Suspended', ]
Result Details
Members
- MFADelete
-
- Type: string
Specifies whether MFA delete is enabled in the bucket versioning configuration. This element is returned only if the bucket has been configured with MFA delete. If MFA delete has never been configured for the bucket, this element is not returned.
- Status
-
- Type: string
The versioning state of the S3 on Outposts bucket.
Errors
There are no errors described for this operation.
GetDataAccess
$result = $client->getDataAccess
([/* ... */]); $promise = $client->getDataAccessAsync
([/* ... */]);
Returns a temporary access credential from S3 Access Grants to the grantee or client application. The temporary credential is an Amazon Web Services STS token that grants them access to the S3 data.
- Permissions
-
You must have the
s3:GetDataAccess
permission to use this operation. - Additional Permissions
-
The IAM role that S3 Access Grants assumes must have the following permissions specified in the trust policy when registering the location:
sts:AssumeRole
, for directory users or groupssts:SetContext
, and for IAM users or rolessts:SetSourceIdentity
.
Parameter Syntax
$result = $client->getDataAccess([ 'AccountId' => '<string>', // REQUIRED 'DurationSeconds' => <integer>, 'Permission' => 'READ|WRITE|READWRITE', // REQUIRED 'Privilege' => 'Minimal|Default', 'Target' => '<string>', // REQUIRED 'TargetType' => 'Object', ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the S3 Access Grants instance.
- DurationSeconds
-
- Type: int
The session duration, in seconds, of the temporary access credential that S3 Access Grants vends to the grantee or client application. The default value is 1 hour, but the grantee can specify a range from 900 seconds (15 minutes) up to 43200 seconds (12 hours). If the grantee requests a value higher than this maximum, the operation fails.
- Permission
-
- Required: Yes
- Type: string
The type of permission granted to your S3 data, which can be set to one of the following values:
-
READ
– Grant read-only access to the S3 data. -
WRITE
– Grant write-only access to the S3 data. -
READWRITE
– Grant both read and write access to the S3 data.
- Privilege
-
- Type: string
The scope of the temporary access credential that S3 Access Grants vends to the grantee or client application.
-
Default
– The scope of the returned temporary access token is the scope of the grant that is closest to the target scope. -
Minimal
– The scope of the returned temporary access token is the same as the requested target scope as long as the requested scope is the same as or a subset of the grant scope.
- Target
-
- Required: Yes
- Type: string
The S3 URI path of the data to which you are requesting temporary access credentials. If the requesting account has an access grant for this data, S3 Access Grants vends temporary access credentials in the response.
- TargetType
-
- Type: string
The type of
Target
. The only possible value isObject
. Pass this value if the target data that you would like to access is a path to an object. Do not pass this value if the target data is a bucket or a bucket and a prefix.
Result Syntax
[ 'Credentials' => [ 'AccessKeyId' => '<string>', 'Expiration' => <DateTime>, 'SecretAccessKey' => '<string>', 'SessionToken' => '<string>', ], 'MatchedGrantTarget' => '<string>', ]
Result Details
Members
- Credentials
-
- Type: Credentials structure
The temporary credential token that S3 Access Grants vends.
- MatchedGrantTarget
-
- Type: string
The S3 URI path of the data to which you are being granted temporary access credentials.
Errors
There are no errors described for this operation.
GetJobTagging
$result = $client->getJobTagging
([/* ... */]); $promise = $client->getJobTaggingAsync
([/* ... */]);
Returns the tags on an S3 Batch Operations job.
- Permissions
-
To use the
GetJobTagging
operation, you must have permission to perform thes3:GetJobTagging
action. For more information, see Controlling access and labeling jobs using tags in the Amazon S3 User Guide.
Related actions include:
Parameter Syntax
$result = $client->getJobTagging([ 'AccountId' => '<string>', // REQUIRED 'JobId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID associated with the S3 Batch Operations job.
- JobId
-
- Required: Yes
- Type: string
The ID for the S3 Batch Operations job whose tags you want to retrieve.
Result Syntax
[ 'Tags' => [ [ 'Key' => '<string>', 'Value' => '<string>', ], // ... ], ]
Result Details
Members
- Tags
-
- Type: Array of S3Tag structures
The set of tags associated with the S3 Batch Operations job.
Errors
GetMultiRegionAccessPoint
$result = $client->getMultiRegionAccessPoint
([/* ... */]); $promise = $client->getMultiRegionAccessPointAsync
([/* ... */]);
This operation is not supported by directory buckets.
Returns configuration information about the specified Multi-Region Access Point.
This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point restrictions and limitations in the Amazon S3 User Guide.
The following actions are related to GetMultiRegionAccessPoint
:
Parameter Syntax
$result = $client->getMultiRegionAccessPoint([ 'AccountId' => '<string>', // REQUIRED 'Name' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID for the owner of the Multi-Region Access Point.
- Name
-
- Required: Yes
- Type: string
The name of the Multi-Region Access Point whose configuration information you want to receive. The name of the Multi-Region Access Point is different from the alias. For more information about the distinction between the name and the alias of an Multi-Region Access Point, see Rules for naming Amazon S3 Multi-Region Access Points in the Amazon S3 User Guide.
Result Syntax
[ 'AccessPoint' => [ 'Alias' => '<string>', 'CreatedAt' => <DateTime>, 'Name' => '<string>', 'PublicAccessBlock' => [ 'BlockPublicAcls' => true || false, 'BlockPublicPolicy' => true || false, 'IgnorePublicAcls' => true || false, 'RestrictPublicBuckets' => true || false, ], 'Regions' => [ [ 'Bucket' => '<string>', 'BucketAccountId' => '<string>', 'Region' => '<string>', ], // ... ], 'Status' => 'READY|INCONSISTENT_ACROSS_REGIONS|CREATING|PARTIALLY_CREATED|PARTIALLY_DELETED|DELETING', ], ]
Result Details
Members
- AccessPoint
-
- Type: MultiRegionAccessPointReport structure
A container element containing the details of the requested Multi-Region Access Point.
Errors
There are no errors described for this operation.
GetMultiRegionAccessPointPolicy
$result = $client->getMultiRegionAccessPointPolicy
([/* ... */]); $promise = $client->getMultiRegionAccessPointPolicyAsync
([/* ... */]);
This operation is not supported by directory buckets.
Returns the access control policy of the specified Multi-Region Access Point.
This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point restrictions and limitations in the Amazon S3 User Guide.
The following actions are related to GetMultiRegionAccessPointPolicy
:
Parameter Syntax
$result = $client->getMultiRegionAccessPointPolicy([ 'AccountId' => '<string>', // REQUIRED 'Name' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID for the owner of the Multi-Region Access Point.
- Name
-
- Required: Yes
- Type: string
Specifies the Multi-Region Access Point. The name of the Multi-Region Access Point is different from the alias. For more information about the distinction between the name and the alias of an Multi-Region Access Point, see Rules for naming Amazon S3 Multi-Region Access Points in the Amazon S3 User Guide.
Result Syntax
[ 'Policy' => [ 'Established' => [ 'Policy' => '<string>', ], 'Proposed' => [ 'Policy' => '<string>', ], ], ]
Result Details
Members
- Policy
-
- Type: MultiRegionAccessPointPolicyDocument structure
The policy associated with the specified Multi-Region Access Point.
Errors
There are no errors described for this operation.
GetMultiRegionAccessPointPolicyStatus
$result = $client->getMultiRegionAccessPointPolicyStatus
([/* ... */]); $promise = $client->getMultiRegionAccessPointPolicyStatusAsync
([/* ... */]);
This operation is not supported by directory buckets.
Indicates whether the specified Multi-Region Access Point has an access control policy that allows public access.
This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point restrictions and limitations in the Amazon S3 User Guide.
The following actions are related to GetMultiRegionAccessPointPolicyStatus
:
Parameter Syntax
$result = $client->getMultiRegionAccessPointPolicyStatus([ 'AccountId' => '<string>', // REQUIRED 'Name' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID for the owner of the Multi-Region Access Point.
- Name
-
- Required: Yes
- Type: string
Specifies the Multi-Region Access Point. The name of the Multi-Region Access Point is different from the alias. For more information about the distinction between the name and the alias of an Multi-Region Access Point, see Rules for naming Amazon S3 Multi-Region Access Points in the Amazon S3 User Guide.
Result Syntax
[ 'Established' => [ 'IsPublic' => true || false, ], ]
Result Details
Members
- Established
-
- Type: PolicyStatus structure
Indicates whether this access point policy is public. For more information about how Amazon S3 evaluates policies to determine whether they are public, see The Meaning of "Public" in the Amazon S3 User Guide.
Errors
There are no errors described for this operation.
GetMultiRegionAccessPointRoutes
$result = $client->getMultiRegionAccessPointRoutes
([/* ... */]); $promise = $client->getMultiRegionAccessPointRoutesAsync
([/* ... */]);
This operation is not supported by directory buckets.
Returns the routing configuration for a Multi-Region Access Point, indicating which Regions are active or passive.
To obtain routing control changes and failover requests, use the Amazon S3 failover control infrastructure endpoints in these five Amazon Web Services Regions:
-
us-east-1
-
us-west-2
-
ap-southeast-2
-
ap-northeast-1
-
eu-west-1
Parameter Syntax
$result = $client->getMultiRegionAccessPointRoutes([ 'AccountId' => '<string>', // REQUIRED 'Mrap' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID for the owner of the Multi-Region Access Point.
- Mrap
-
- Required: Yes
- Type: string
The Multi-Region Access Point ARN.
Result Syntax
[ 'Mrap' => '<string>', 'Routes' => [ [ 'Bucket' => '<string>', 'Region' => '<string>', 'TrafficDialPercentage' => <integer>, ], // ... ], ]
Result Details
Members
- Mrap
-
- Type: string
The Multi-Region Access Point ARN.
- Routes
-
- Type: Array of MultiRegionAccessPointRoute structures
The different routes that make up the route configuration. Active routes return a value of
100
, and passive routes return a value of0
.
Errors
There are no errors described for this operation.
GetPublicAccessBlock
$result = $client->getPublicAccessBlock
([/* ... */]); $promise = $client->getPublicAccessBlockAsync
([/* ... */]);
This operation is not supported by directory buckets.
Retrieves the PublicAccessBlock
configuration for an Amazon Web Services account. For more information, see Using Amazon S3 block public access.
Related actions include:
Parameter Syntax
$result = $client->getPublicAccessBlock([ 'AccountId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The account ID for the Amazon Web Services account whose
PublicAccessBlock
configuration you want to retrieve.
Result Syntax
[ 'PublicAccessBlockConfiguration' => [ 'BlockPublicAcls' => true || false, 'BlockPublicPolicy' => true || false, 'IgnorePublicAcls' => true || false, 'RestrictPublicBuckets' => true || false, ], ]
Result Details
Members
- PublicAccessBlockConfiguration
-
- Type: PublicAccessBlockConfiguration structure
The
PublicAccessBlock
configuration currently in effect for this Amazon Web Services account.
Errors
- NoSuchPublicAccessBlockConfiguration:
Amazon S3 throws this exception if you make a
GetPublicAccessBlock
request against an account that doesn't have aPublicAccessBlockConfiguration
set.
GetStorageLensConfiguration
$result = $client->getStorageLensConfiguration
([/* ... */]); $promise = $client->getStorageLensConfigurationAsync
([/* ... */]);
This operation is not supported by directory buckets.
Gets the Amazon S3 Storage Lens configuration. For more information, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon S3 User Guide. For a complete list of S3 Storage Lens metrics, see S3 Storage Lens metrics glossary in the Amazon S3 User Guide.
To use this action, you must have permission to perform the s3:GetStorageLensConfiguration
action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide.
Parameter Syntax
$result = $client->getStorageLensConfiguration([ 'AccountId' => '<string>', // REQUIRED 'ConfigId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The account ID of the requester.
- ConfigId
-
- Required: Yes
- Type: string
The ID of the Amazon S3 Storage Lens configuration.
Result Syntax
[ 'StorageLensConfiguration' => [ 'AccountLevel' => [ 'ActivityMetrics' => [ 'IsEnabled' => true || false, ], 'AdvancedCostOptimizationMetrics' => [ 'IsEnabled' => true || false, ], 'AdvancedDataProtectionMetrics' => [ 'IsEnabled' => true || false, ], 'BucketLevel' => [ 'ActivityMetrics' => [ 'IsEnabled' => true || false, ], 'AdvancedCostOptimizationMetrics' => [ 'IsEnabled' => true || false, ], 'AdvancedDataProtectionMetrics' => [ 'IsEnabled' => true || false, ], 'DetailedStatusCodesMetrics' => [ 'IsEnabled' => true || false, ], 'PrefixLevel' => [ 'StorageMetrics' => [ 'IsEnabled' => true || false, 'SelectionCriteria' => [ 'Delimiter' => '<string>', 'MaxDepth' => <integer>, 'MinStorageBytesPercentage' => <float>, ], ], ], ], 'DetailedStatusCodesMetrics' => [ 'IsEnabled' => true || false, ], 'StorageLensGroupLevel' => [ 'SelectionCriteria' => [ 'Exclude' => ['<string>', ...], 'Include' => ['<string>', ...], ], ], ], 'AwsOrg' => [ 'Arn' => '<string>', ], 'DataExport' => [ 'CloudWatchMetrics' => [ 'IsEnabled' => true || false, ], 'S3BucketDestination' => [ 'AccountId' => '<string>', 'Arn' => '<string>', 'Encryption' => [ 'SSEKMS' => [ 'KeyId' => '<string>', ], 'SSES3' => [ ], ], 'Format' => 'CSV|Parquet', 'OutputSchemaVersion' => 'V_1', 'Prefix' => '<string>', ], ], 'Exclude' => [ 'Buckets' => ['<string>', ...], 'Regions' => ['<string>', ...], ], 'Id' => '<string>', 'Include' => [ 'Buckets' => ['<string>', ...], 'Regions' => ['<string>', ...], ], 'IsEnabled' => true || false, 'StorageLensArn' => '<string>', ], ]
Result Details
Members
- StorageLensConfiguration
-
- Type: StorageLensConfiguration structure
The S3 Storage Lens configuration requested.
Errors
There are no errors described for this operation.
GetStorageLensConfigurationTagging
$result = $client->getStorageLensConfigurationTagging
([/* ... */]); $promise = $client->getStorageLensConfigurationTaggingAsync
([/* ... */]);
This operation is not supported by directory buckets.
Gets the tags of Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon S3 User Guide.
To use this action, you must have permission to perform the s3:GetStorageLensConfigurationTagging
action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide.
Parameter Syntax
$result = $client->getStorageLensConfigurationTagging([ 'AccountId' => '<string>', // REQUIRED 'ConfigId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The account ID of the requester.
- ConfigId
-
- Required: Yes
- Type: string
The ID of the Amazon S3 Storage Lens configuration.
Result Syntax
[ 'Tags' => [ [ 'Key' => '<string>', 'Value' => '<string>', ], // ... ], ]
Result Details
Members
- Tags
-
- Type: Array of StorageLensTag structures
The tags of S3 Storage Lens configuration requested.
Errors
There are no errors described for this operation.
GetStorageLensGroup
$result = $client->getStorageLensGroup
([/* ... */]); $promise = $client->getStorageLensGroupAsync
([/* ... */]);
Retrieves the Storage Lens group configuration details.
To use this operation, you must have the permission to perform the s3:GetStorageLensGroup
action. For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups.
For information about Storage Lens groups errors, see List of Amazon S3 Storage Lens error codes.
Parameter Syntax
$result = $client->getStorageLensGroup([ 'AccountId' => '<string>', // REQUIRED 'Name' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID associated with the Storage Lens group that you're trying to retrieve the details for.
- Name
-
- Required: Yes
- Type: string
The name of the Storage Lens group that you're trying to retrieve the configuration details for.
Result Syntax
[ 'StorageLensGroup' => [ 'Filter' => [ 'And' => [ 'MatchAnyPrefix' => ['<string>', ...], 'MatchAnySuffix' => ['<string>', ...], 'MatchAnyTag' => [ [ 'Key' => '<string>', 'Value' => '<string>', ], // ... ], 'MatchObjectAge' => [ 'DaysGreaterThan' => <integer>, 'DaysLessThan' => <integer>, ], 'MatchObjectSize' => [ 'BytesGreaterThan' => <integer>, 'BytesLessThan' => <integer>, ], ], 'MatchAnyPrefix' => ['<string>', ...], 'MatchAnySuffix' => ['<string>', ...], 'MatchAnyTag' => [ [ 'Key' => '<string>', 'Value' => '<string>', ], // ... ], 'MatchObjectAge' => [ 'DaysGreaterThan' => <integer>, 'DaysLessThan' => <integer>, ], 'MatchObjectSize' => [ 'BytesGreaterThan' => <integer>, 'BytesLessThan' => <integer>, ], 'Or' => [ 'MatchAnyPrefix' => ['<string>', ...], 'MatchAnySuffix' => ['<string>', ...], 'MatchAnyTag' => [ [ 'Key' => '<string>', 'Value' => '<string>', ], // ... ], 'MatchObjectAge' => [ 'DaysGreaterThan' => <integer>, 'DaysLessThan' => <integer>, ], 'MatchObjectSize' => [ 'BytesGreaterThan' => <integer>, 'BytesLessThan' => <integer>, ], ], ], 'Name' => '<string>', 'StorageLensGroupArn' => '<string>', ], ]
Result Details
Members
- StorageLensGroup
-
- Type: StorageLensGroup structure
The name of the Storage Lens group that you're trying to retrieve the configuration details for.
Errors
There are no errors described for this operation.
ListAccessGrants
$result = $client->listAccessGrants
([/* ... */]); $promise = $client->listAccessGrantsAsync
([/* ... */]);
Returns the list of access grants in your S3 Access Grants instance.
- Permissions
-
You must have the
s3:ListAccessGrants
permission to use this operation.
Parameter Syntax
$result = $client->listAccessGrants([ 'AccountId' => '<string>', // REQUIRED 'ApplicationArn' => '<string>', 'GrantScope' => '<string>', 'GranteeIdentifier' => '<string>', 'GranteeType' => 'DIRECTORY_USER|DIRECTORY_GROUP|IAM', 'MaxResults' => <integer>, 'NextToken' => '<string>', 'Permission' => 'READ|WRITE|READWRITE', ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the S3 Access Grants instance.
- ApplicationArn
-
- Type: string
The Amazon Resource Name (ARN) of an Amazon Web Services IAM Identity Center application associated with your Identity Center instance. If the grant includes an application ARN, the grantee can only access the S3 data through this application.
- GrantScope
-
- Type: string
The S3 path of the data to which you are granting access. It is the result of appending the
Subprefix
to the location scope. - GranteeIdentifier
-
- Type: string
The unique identifer of the
Grantee
. If the grantee type isIAM
, the identifier is the IAM Amazon Resource Name (ARN) of the user or role. If the grantee type is a directory user or group, the identifier is 128-bit universally unique identifier (UUID) in the formata1b2c3d4-5678-90ab-cdef-EXAMPLE11111
. You can obtain this UUID from your Amazon Web Services IAM Identity Center instance. - GranteeType
-
- Type: string
The type of the grantee to which access has been granted. It can be one of the following values:
-
IAM
- An IAM user or role. -
DIRECTORY_USER
- Your corporate directory user. You can use this option if you have added your corporate identity directory to IAM Identity Center and associated the IAM Identity Center instance with your S3 Access Grants instance. -
DIRECTORY_GROUP
- Your corporate directory group. You can use this option if you have added your corporate identity directory to IAM Identity Center and associated the IAM Identity Center instance with your S3 Access Grants instance.
- MaxResults
-
- Type: int
The maximum number of access grants that you would like returned in the
List Access Grants
response. If the results include the pagination tokenNextToken
, make another call using theNextToken
to determine if there are more results. - NextToken
-
- Type: string
A pagination token to request the next page of results. Pass this value into a subsequent
List Access Grants
request in order to retrieve the next page of results. - Permission
-
- Type: string
The type of permission granted to your S3 data, which can be set to one of the following values:
-
READ
– Grant read-only access to the S3 data. -
WRITE
– Grant write-only access to the S3 data. -
READWRITE
– Grant both read and write access to the S3 data.
Result Syntax
[ 'AccessGrantsList' => [ [ 'AccessGrantArn' => '<string>', 'AccessGrantId' => '<string>', 'AccessGrantsLocationConfiguration' => [ 'S3SubPrefix' => '<string>', ], 'AccessGrantsLocationId' => '<string>', 'ApplicationArn' => '<string>', 'CreatedAt' => <DateTime>, 'GrantScope' => '<string>', 'Grantee' => [ 'GranteeIdentifier' => '<string>', 'GranteeType' => 'DIRECTORY_USER|DIRECTORY_GROUP|IAM', ], 'Permission' => 'READ|WRITE|READWRITE', ], // ... ], 'NextToken' => '<string>', ]
Result Details
Members
- AccessGrantsList
-
- Type: Array of ListAccessGrantEntry structures
A container for a list of grants in an S3 Access Grants instance.
- NextToken
-
- Type: string
A pagination token to request the next page of results. Pass this value into a subsequent
List Access Grants
request in order to retrieve the next page of results.
Errors
There are no errors described for this operation.
ListAccessGrantsInstances
$result = $client->listAccessGrantsInstances
([/* ... */]); $promise = $client->listAccessGrantsInstancesAsync
([/* ... */]);
Returns a list of S3 Access Grants instances. An S3 Access Grants instance serves as a logical grouping for your individual access grants. You can only have one S3 Access Grants instance per Region per account.
- Permissions
-
You must have the
s3:ListAccessGrantsInstances
permission to use this operation.
Parameter Syntax
$result = $client->listAccessGrantsInstances([ 'AccountId' => '<string>', // REQUIRED 'MaxResults' => <integer>, 'NextToken' => '<string>', ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the S3 Access Grants instance.
- MaxResults
-
- Type: int
The maximum number of access grants that you would like returned in the
List Access Grants
response. If the results include the pagination tokenNextToken
, make another call using theNextToken
to determine if there are more results. - NextToken
-
- Type: string
A pagination token to request the next page of results. Pass this value into a subsequent
List Access Grants Instances
request in order to retrieve the next page of results.
Result Syntax
[ 'AccessGrantsInstancesList' => [ [ 'AccessGrantsInstanceArn' => '<string>', 'AccessGrantsInstanceId' => '<string>', 'CreatedAt' => <DateTime>, 'IdentityCenterApplicationArn' => '<string>', 'IdentityCenterArn' => '<string>', 'IdentityCenterInstanceArn' => '<string>', ], // ... ], 'NextToken' => '<string>', ]
Result Details
Members
- AccessGrantsInstancesList
-
- Type: Array of ListAccessGrantsInstanceEntry structures
A container for a list of S3 Access Grants instances.
- NextToken
-
- Type: string
A pagination token to request the next page of results. Pass this value into a subsequent
List Access Grants Instances
request in order to retrieve the next page of results.
Errors
There are no errors described for this operation.
ListAccessGrantsLocations
$result = $client->listAccessGrantsLocations
([/* ... */]); $promise = $client->listAccessGrantsLocationsAsync
([/* ... */]);
Returns a list of the locations registered in your S3 Access Grants instance.
- Permissions
-
You must have the
s3:ListAccessGrantsLocations
permission to use this operation.
Parameter Syntax
$result = $client->listAccessGrantsLocations([ 'AccountId' => '<string>', // REQUIRED 'LocationScope' => '<string>', 'MaxResults' => <integer>, 'NextToken' => '<string>', ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the S3 Access Grants instance.
- LocationScope
-
- Type: string
The S3 path to the location that you are registering. The location scope can be the default S3 location
s3://
, the S3 path to a buckets3://<bucket>
, or the S3 path to a bucket and prefixs3://<bucket>/<prefix>
. A prefix in S3 is a string of characters at the beginning of an object key name used to organize the objects that you store in your S3 buckets. For example, object key names that start with theengineering/
prefix or object key names that start with themarketing/campaigns/
prefix. - MaxResults
-
- Type: int
The maximum number of access grants that you would like returned in the
List Access Grants
response. If the results include the pagination tokenNextToken
, make another call using theNextToken
to determine if there are more results. - NextToken
-
- Type: string
A pagination token to request the next page of results. Pass this value into a subsequent
List Access Grants Locations
request in order to retrieve the next page of results.
Result Syntax
[ 'AccessGrantsLocationsList' => [ [ 'AccessGrantsLocationArn' => '<string>', 'AccessGrantsLocationId' => '<string>', 'CreatedAt' => <DateTime>, 'IAMRoleArn' => '<string>', 'LocationScope' => '<string>', ], // ... ], 'NextToken' => '<string>', ]
Result Details
Members
- AccessGrantsLocationsList
-
- Type: Array of ListAccessGrantsLocationsEntry structures
A container for a list of registered locations in an S3 Access Grants instance.
- NextToken
-
- Type: string
A pagination token to request the next page of results. Pass this value into a subsequent
List Access Grants Locations
request in order to retrieve the next page of results.
Errors
There are no errors described for this operation.
ListAccessPoints
$result = $client->listAccessPoints
([/* ... */]); $promise = $client->listAccessPointsAsync
([/* ... */]);
This operation is not supported by directory buckets.
Returns a list of the access points that are owned by the current account that's associated with the specified bucket. You can retrieve up to 1000 access points per call. If the specified bucket has more than 1,000 access points (or the number specified in maxResults
, whichever is less), the response will include a continuation token that you can use to list the additional access points.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples section.
The following actions are related to ListAccessPoints
:
Parameter Syntax
$result = $client->listAccessPoints([ 'AccountId' => '<string>', // REQUIRED 'Bucket' => '<string>', 'MaxResults' => <integer>, 'NextToken' => '<string>', ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID for the account that owns the specified access points.
- Bucket
-
- Type: string
The name of the bucket whose associated access points you want to list.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format
arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>
. For example, to access the bucketreports
through Outpostmy-outpost
owned by account123456789012
in Regionus-west-2
, use the URL encoding ofarn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports
. The value must be URL encoded. - MaxResults
-
- Type: int
The maximum number of access points that you want to include in the list. If the specified bucket has more than this number of access points, then the response will include a continuation token in the
NextToken
field that you can use to retrieve the next page of access points. - NextToken
-
- Type: string
A continuation token. If a previous call to
ListAccessPoints
returned a continuation token in theNextToken
field, then providing that value here causes Amazon S3 to retrieve the next page of results.
Result Syntax
[ 'AccessPointList' => [ [ 'AccessPointArn' => '<string>', 'Alias' => '<string>', 'Bucket' => '<string>', 'BucketAccountId' => '<string>', 'Name' => '<string>', 'NetworkOrigin' => 'Internet|VPC', 'VpcConfiguration' => [ 'VpcId' => '<string>', ], ], // ... ], 'NextToken' => '<string>', ]
Result Details
Members
- AccessPointList
-
- Type: Array of AccessPoint structures
Contains identification and configuration information for one or more access points associated with the specified bucket.
- NextToken
-
- Type: string
If the specified bucket has more access points than can be returned in one call to this API, this field contains a continuation token that you can provide in subsequent calls to this API to retrieve additional access points.
Errors
There are no errors described for this operation.
ListAccessPointsForObjectLambda
$result = $client->listAccessPointsForObjectLambda
([/* ... */]); $promise = $client->listAccessPointsForObjectLambdaAsync
([/* ... */]);
This operation is not supported by directory buckets.
Returns some or all (up to 1,000) access points associated with the Object Lambda Access Point per call. If there are more access points than what can be returned in one call, the response will include a continuation token that you can use to list the additional access points.
The following actions are related to ListAccessPointsForObjectLambda
:
Parameter Syntax
$result = $client->listAccessPointsForObjectLambda([ 'AccountId' => '<string>', // REQUIRED 'MaxResults' => <integer>, 'NextToken' => '<string>', ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The account ID for the account that owns the specified Object Lambda Access Point.
- MaxResults
-
- Type: int
The maximum number of access points that you want to include in the list. The response may contain fewer access points but will never contain more. If there are more than this number of access points, then the response will include a continuation token in the
NextToken
field that you can use to retrieve the next page of access points. - NextToken
-
- Type: string
If the list has more access points than can be returned in one call to this API, this field contains a continuation token that you can provide in subsequent calls to this API to retrieve additional access points.
Result Syntax
[ 'NextToken' => '<string>', 'ObjectLambdaAccessPointList' => [ [ 'Alias' => [ 'Status' => 'PROVISIONING|READY', 'Value' => '<string>', ], 'Name' => '<string>', 'ObjectLambdaAccessPointArn' => '<string>', ], // ... ], ]
Result Details
Members
- NextToken
-
- Type: string
If the list has more access points than can be returned in one call to this API, this field contains a continuation token that you can provide in subsequent calls to this API to retrieve additional access points.
- ObjectLambdaAccessPointList
-
- Type: Array of ObjectLambdaAccessPoint structures
Returns list of Object Lambda Access Points.
Errors
There are no errors described for this operation.
ListCallerAccessGrants
$result = $client->listCallerAccessGrants
([/* ... */]); $promise = $client->listCallerAccessGrantsAsync
([/* ... */]);
Use this API to list the access grants that grant the caller access to Amazon S3 data through S3 Access Grants. The caller (grantee) can be an Identity and Access Management (IAM) identity or Amazon Web Services Identity Center corporate directory identity. You must pass the Amazon Web Services account of the S3 data owner (grantor) in the request. You can, optionally, narrow the results by GrantScope
, using a fragment of the data's S3 path, and S3 Access Grants will return only the grants with a path that contains the path fragment. You can also pass the AllowedByApplication
filter in the request, which returns only the grants authorized for applications, whether the application is the caller's Identity Center application or any other application (ALL
). For more information, see List the caller's access grants in the Amazon S3 User Guide.
- Permissions
-
You must have the
s3:ListCallerAccessGrants
permission to use this operation.
Parameter Syntax
$result = $client->listCallerAccessGrants([ 'AccountId' => '<string>', // REQUIRED 'AllowedByApplication' => true || false, 'GrantScope' => '<string>', 'MaxResults' => <integer>, 'NextToken' => '<string>', ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the S3 Access Grants instance.
- AllowedByApplication
-
- Type: boolean
If this optional parameter is passed in the request, a filter is applied to the results. The results will include only the access grants for the caller's Identity Center application or for any other applications (
ALL
). - GrantScope
-
- Type: string
The S3 path of the data that you would like to access. Must start with
s3://
. You can optionally pass only the beginning characters of a path, and S3 Access Grants will search for all applicable grants for the path fragment. - MaxResults
-
- Type: int
The maximum number of access grants that you would like returned in the
List Caller Access Grants
response. If the results include the pagination tokenNextToken
, make another call using theNextToken
to determine if there are more results. - NextToken
-
- Type: string
A pagination token to request the next page of results. Pass this value into a subsequent
List Caller Access Grants
request in order to retrieve the next page of results.
Result Syntax
[ 'CallerAccessGrantsList' => [ [ 'ApplicationArn' => '<string>', 'GrantScope' => '<string>', 'Permission' => 'READ|WRITE|READWRITE', ], // ... ], 'NextToken' => '<string>', ]
Result Details
Members
- CallerAccessGrantsList
-
- Type: Array of ListCallerAccessGrantsEntry structures
A list of the caller's access grants that were created using S3 Access Grants and that grant the caller access to the S3 data of the Amazon Web Services account ID that was specified in the request.
- NextToken
-
- Type: string
A pagination token that you can use to request the next page of results. Pass this value into a subsequent
List Caller Access Grants
request in order to retrieve the next page of results.
Errors
There are no errors described for this operation.
ListJobs
$result = $client->listJobs
([/* ... */]); $promise = $client->listJobsAsync
([/* ... */]);
Lists current S3 Batch Operations jobs as well as the jobs that have ended within the last 90 days for the Amazon Web Services account making the request. For more information, see S3 Batch Operations in the Amazon S3 User Guide.
- Permissions
-
To use the
ListJobs
operation, you must have permission to perform thes3:ListJobs
action.
Related actions include:
Parameter Syntax
$result = $client->listJobs([ 'AccountId' => '<string>', // REQUIRED 'JobStatuses' => ['<string>', ...], 'MaxResults' => <integer>, 'NextToken' => '<string>', ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID associated with the S3 Batch Operations job.
- JobStatuses
-
- Type: Array of strings
The
List Jobs
request returns jobs that match the statuses listed in this element. - MaxResults
-
- Type: int
The maximum number of jobs that Amazon S3 will include in the
List Jobs
response. If there are more jobs than this number, the response will include a pagination token in theNextToken
field to enable you to retrieve the next page of results. - NextToken
-
- Type: string
A pagination token to request the next page of results. Use the token that Amazon S3 returned in the
NextToken
element of theListJobsResult
from the previousList Jobs
request.
Result Syntax
[ 'Jobs' => [ [ 'CreationTime' => <DateTime>, 'Description' => '<string>', 'JobId' => '<string>', 'Operation' => 'LambdaInvoke|S3PutObjectCopy|S3PutObjectAcl|S3PutObjectTagging|S3DeleteObjectTagging|S3InitiateRestoreObject|S3PutObjectLegalHold|S3PutObjectRetention|S3ReplicateObject', 'Priority' => <integer>, 'ProgressSummary' => [ 'NumberOfTasksFailed' => <integer>, 'NumberOfTasksSucceeded' => <integer>, 'Timers' => [ 'ElapsedTimeInActiveSeconds' => <integer>, ], 'TotalNumberOfTasks' => <integer>, ], 'Status' => 'Active|Cancelled|Cancelling|Complete|Completing|Failed|Failing|New|Paused|Pausing|Preparing|Ready|Suspended', 'TerminationDate' => <DateTime>, ], // ... ], 'NextToken' => '<string>', ]
Result Details
Members
- Jobs
-
- Type: Array of JobListDescriptor structures
The list of current jobs and jobs that have ended within the last 30 days.
- NextToken
-
- Type: string
If the
List Jobs
request produced more than the maximum number of results, you can pass this value into a subsequentList Jobs
request in order to retrieve the next page of results.
Errors
ListMultiRegionAccessPoints
$result = $client->listMultiRegionAccessPoints
([/* ... */]); $promise = $client->listMultiRegionAccessPointsAsync
([/* ... */]);
This operation is not supported by directory buckets.
Returns a list of the Multi-Region Access Points currently associated with the specified Amazon Web Services account. Each call can return up to 100 Multi-Region Access Points, the maximum number of Multi-Region Access Points that can be associated with a single account.
This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point restrictions and limitations in the Amazon S3 User Guide.
The following actions are related to ListMultiRegionAccessPoint
:
Parameter Syntax
$result = $client->listMultiRegionAccessPoints([ 'AccountId' => '<string>', // REQUIRED 'MaxResults' => <integer>, 'NextToken' => '<string>', ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID for the owner of the Multi-Region Access Point.
- MaxResults
-
- Type: int
Not currently used. Do not use this parameter.
- NextToken
-
- Type: string
Not currently used. Do not use this parameter.
Result Syntax
[ 'AccessPoints' => [ [ 'Alias' => '<string>', 'CreatedAt' => <DateTime>, 'Name' => '<string>', 'PublicAccessBlock' => [ 'BlockPublicAcls' => true || false, 'BlockPublicPolicy' => true || false, 'IgnorePublicAcls' => true || false, 'RestrictPublicBuckets' => true || false, ], 'Regions' => [ [ 'Bucket' => '<string>', 'BucketAccountId' => '<string>', 'Region' => '<string>', ], // ... ], 'Status' => 'READY|INCONSISTENT_ACROSS_REGIONS|CREATING|PARTIALLY_CREATED|PARTIALLY_DELETED|DELETING', ], // ... ], 'NextToken' => '<string>', ]
Result Details
Members
- AccessPoints
-
- Type: Array of MultiRegionAccessPointReport structures
The list of Multi-Region Access Points associated with the user.
- NextToken
-
- Type: string
If the specified bucket has more Multi-Region Access Points than can be returned in one call to this action, this field contains a continuation token. You can use this token tin subsequent calls to this action to retrieve additional Multi-Region Access Points.
Errors
There are no errors described for this operation.
ListRegionalBuckets
$result = $client->listRegionalBuckets
([/* ... */]); $promise = $client->listRegionalBucketsAsync
([/* ... */]);
This operation is not supported by directory buckets.
Returns a list of all Outposts buckets in an Outpost that are owned by the authenticated sender of the request. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.
For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and x-amz-outpost-id
in your request, see the Examples section.
Parameter Syntax
$result = $client->listRegionalBuckets([ 'AccountId' => '<string>', // REQUIRED 'MaxResults' => <integer>, 'NextToken' => '<string>', 'OutpostId' => '<string>', ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the Outposts bucket.
- MaxResults
-
- Type: int
- NextToken
-
- Type: string
- OutpostId
-
- Type: string
The ID of the Outposts resource.
This ID is required by Amazon S3 on Outposts buckets.
Result Syntax
[ 'NextToken' => '<string>', 'RegionalBucketList' => [ [ 'Bucket' => '<string>', 'BucketArn' => '<string>', 'CreationDate' => <DateTime>, 'OutpostId' => '<string>', 'PublicAccessBlockEnabled' => true || false, ], // ... ], ]
Result Details
Members
- NextToken
-
- Type: string
NextToken
is sent whenisTruncated
is true, which means there are more buckets that can be listed. The next list requests to Amazon S3 can be continued with thisNextToken
.NextToken
is obfuscated and is not a real key. - RegionalBucketList
-
- Type: Array of RegionalBucket structures
Errors
There are no errors described for this operation.
ListStorageLensConfigurations
$result = $client->listStorageLensConfigurations
([/* ... */]); $promise = $client->listStorageLensConfigurationsAsync
([/* ... */]);
This operation is not supported by directory buckets.
Gets a list of Amazon S3 Storage Lens configurations. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon S3 User Guide.
To use this action, you must have permission to perform the s3:ListStorageLensConfigurations
action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide.
Parameter Syntax
$result = $client->listStorageLensConfigurations([ 'AccountId' => '<string>', // REQUIRED 'NextToken' => '<string>', ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The account ID of the requester.
- NextToken
-
- Type: string
A pagination token to request the next page of results.
Result Syntax
[ 'NextToken' => '<string>', 'StorageLensConfigurationList' => [ [ 'HomeRegion' => '<string>', 'Id' => '<string>', 'IsEnabled' => true || false, 'StorageLensArn' => '<string>', ], // ... ], ]
Result Details
Members
- NextToken
-
- Type: string
If the request produced more than the maximum number of S3 Storage Lens configuration results, you can pass this value into a subsequent request to retrieve the next page of results.
- StorageLensConfigurationList
-
- Type: Array of ListStorageLensConfigurationEntry structures
A list of S3 Storage Lens configurations.
Errors
There are no errors described for this operation.
ListStorageLensGroups
$result = $client->listStorageLensGroups
([/* ... */]); $promise = $client->listStorageLensGroupsAsync
([/* ... */]);
Lists all the Storage Lens groups in the specified home Region.
To use this operation, you must have the permission to perform the s3:ListStorageLensGroups
action. For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups.
For information about Storage Lens groups errors, see List of Amazon S3 Storage Lens error codes.
Parameter Syntax
$result = $client->listStorageLensGroups([ 'AccountId' => '<string>', // REQUIRED 'NextToken' => '<string>', ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID that owns the Storage Lens groups.
- NextToken
-
- Type: string
The token for the next set of results, or
null
if there are no more results.
Result Syntax
[ 'NextToken' => '<string>', 'StorageLensGroupList' => [ [ 'HomeRegion' => '<string>', 'Name' => '<string>', 'StorageLensGroupArn' => '<string>', ], // ... ], ]
Result Details
Members
- NextToken
-
- Type: string
If
NextToken
is returned, there are more Storage Lens groups results available. The value ofNextToken
is a unique pagination token for each page. Make the call again using the returned token to retrieve the next page. Keep all other arguments unchanged. Each pagination token expires after 24 hours. - StorageLensGroupList
-
- Type: Array of ListStorageLensGroupEntry structures
The list of Storage Lens groups that exist in the specified home Region.
Errors
There are no errors described for this operation.
ListTagsForResource
$result = $client->listTagsForResource
([/* ... */]); $promise = $client->listTagsForResourceAsync
([/* ... */]);
This operation allows you to list all the Amazon Web Services resource tags for a specified resource. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources.
- Permissions
-
You must have the
s3:ListTagsForResource
permission to use this operation.
This operation is only supported for S3 Storage Lens groups and for S3 Access Grants. The tagged resource can be an S3 Storage Lens group or S3 Access Grants instance, registered location, or grant.
For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups.
For information about S3 Tagging errors, see List of Amazon S3 Tagging error codes.
Parameter Syntax
$result = $client->listTagsForResource([ 'AccountId' => '<string>', // REQUIRED 'ResourceArn' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the resource owner.
- ResourceArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the S3 resource that you want to list the tags for. The tagged resource can be an S3 Storage Lens group or S3 Access Grants instance, registered location, or grant.
Result Syntax
[ 'Tags' => [ [ 'Key' => '<string>', 'Value' => '<string>', ], // ... ], ]
Result Details
Members
- Tags
-
- Type: Array of Tag structures
The Amazon Web Services resource tags that are associated with the resource.
Errors
There are no errors described for this operation.
PutAccessGrantsInstanceResourcePolicy
$result = $client->putAccessGrantsInstanceResourcePolicy
([/* ... */]); $promise = $client->putAccessGrantsInstanceResourcePolicyAsync
([/* ... */]);
Updates the resource policy of the S3 Access Grants instance.
- Permissions
-
You must have the
s3:PutAccessGrantsInstanceResourcePolicy
permission to use this operation.
Parameter Syntax
$result = $client->putAccessGrantsInstanceResourcePolicy([ 'AccountId' => '<string>', // REQUIRED 'Organization' => '<string>', 'Policy' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the S3 Access Grants instance.
- Organization
-
- Type: string
The Organization of the resource policy of the S3 Access Grants instance.
- Policy
-
- Required: Yes
- Type: string
The resource policy of the S3 Access Grants instance that you are updating.
Result Syntax
[ 'CreatedAt' => <DateTime>, 'Organization' => '<string>', 'Policy' => '<string>', ]
Result Details
Members
- CreatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time when you created the S3 Access Grants instance resource policy.
- Organization
-
- Type: string
The Organization of the resource policy of the S3 Access Grants instance.
- Policy
-
- Type: string
The updated resource policy of the S3 Access Grants instance.
Errors
There are no errors described for this operation.
PutAccessPointConfigurationForObjectLambda
$result = $client->putAccessPointConfigurationForObjectLambda
([/* ... */]); $promise = $client->putAccessPointConfigurationForObjectLambdaAsync
([/* ... */]);
This operation is not supported by directory buckets.
Replaces configuration for an Object Lambda Access Point.
The following actions are related to PutAccessPointConfigurationForObjectLambda
:
Parameter Syntax
$result = $client->putAccessPointConfigurationForObjectLambda([ 'AccountId' => '<string>', // REQUIRED 'Configuration' => [ // REQUIRED 'AllowedFeatures' => ['<string>', ...], 'CloudWatchMetricsEnabled' => true || false, 'SupportingAccessPoint' => '<string>', // REQUIRED 'TransformationConfigurations' => [ // REQUIRED [ 'Actions' => ['<string>', ...], // REQUIRED 'ContentTransformation' => [ // REQUIRED 'AwsLambda' => [ 'FunctionArn' => '<string>', // REQUIRED 'FunctionPayload' => '<string>', ], ], ], // ... ], ], 'Name' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The account ID for the account that owns the specified Object Lambda Access Point.
- Configuration
-
- Required: Yes
- Type: ObjectLambdaConfiguration structure
Object Lambda Access Point configuration document.
- Name
-
- Required: Yes
- Type: string
The name of the Object Lambda Access Point.
Result Syntax
[]
Result Details
Errors
There are no errors described for this operation.
PutAccessPointPolicy
$result = $client->putAccessPointPolicy
([/* ... */]); $promise = $client->putAccessPointPolicyAsync
([/* ... */]);
This operation is not supported by directory buckets.
Associates an access policy with the specified access point. Each access point can have only one policy, so a request made to this API replaces any existing policy associated with the specified access point.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples section.
The following actions are related to PutAccessPointPolicy
:
Parameter Syntax
$result = $client->putAccessPointPolicy([ 'AccountId' => '<string>', // REQUIRED 'Name' => '<string>', // REQUIRED 'Policy' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID for owner of the bucket associated with the specified access point.
- Name
-
- Required: Yes
- Type: string
The name of the access point that you want to associate with the specified policy.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the access point accessed in the format
arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/accesspoint/<my-accesspoint-name>
. For example, to access the access pointreports-ap
through Outpostmy-outpost
owned by account123456789012
in Regionus-west-2
, use the URL encoding ofarn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap
. The value must be URL encoded. - Policy
-
- Required: Yes
- Type: string
The policy that you want to apply to the specified access point. For more information about access point policies, see Managing data access with Amazon S3 access points in the Amazon S3 User Guide.
Result Syntax
[]
Result Details
Errors
There are no errors described for this operation.
PutAccessPointPolicyForObjectLambda
$result = $client->putAccessPointPolicyForObjectLambda
([/* ... */]); $promise = $client->putAccessPointPolicyForObjectLambdaAsync
([/* ... */]);
This operation is not supported by directory buckets.
Creates or replaces resource policy for an Object Lambda Access Point. For an example policy, see Creating Object Lambda Access Points in the Amazon S3 User Guide.
The following actions are related to PutAccessPointPolicyForObjectLambda
:
Parameter Syntax
$result = $client->putAccessPointPolicyForObjectLambda([ 'AccountId' => '<string>', // REQUIRED 'Name' => '<string>', // REQUIRED 'Policy' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The account ID for the account that owns the specified Object Lambda Access Point.
- Name
-
- Required: Yes
- Type: string
The name of the Object Lambda Access Point.
- Policy
-
- Required: Yes
- Type: string
Object Lambda Access Point resource policy document.
Result Syntax
[]
Result Details
Errors
There are no errors described for this operation.
PutBucketLifecycleConfiguration
$result = $client->putBucketLifecycleConfiguration
([/* ... */]); $promise = $client->putBucketLifecycleConfigurationAsync
([/* ... */]);
This action puts a lifecycle configuration to an Amazon S3 on Outposts bucket. To put a lifecycle configuration to an S3 bucket, see PutBucketLifecycleConfiguration in the Amazon S3 API Reference.
Creates a new lifecycle configuration for the S3 on Outposts bucket or replaces an existing lifecycle configuration. Outposts buckets only support lifecycle configurations that delete/expire objects after a certain period of time and abort incomplete multipart uploads.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples section.
The following actions are related to PutBucketLifecycleConfiguration
:
Parameter Syntax
$result = $client->putBucketLifecycleConfiguration([ 'AccountId' => '<string>', // REQUIRED 'Bucket' => '<string>', // REQUIRED 'LifecycleConfiguration' => [ 'Rules' => [ [ 'AbortIncompleteMultipartUpload' => [ 'DaysAfterInitiation' => <integer>, ], 'Expiration' => [ 'Date' => <integer || string || DateTime>, 'Days' => <integer>, 'ExpiredObjectDeleteMarker' => true || false, ], 'Filter' => [ 'And' => [ 'ObjectSizeGreaterThan' => <integer>, 'ObjectSizeLessThan' => <integer>, 'Prefix' => '<string>', 'Tags' => [ [ 'Key' => '<string>', // REQUIRED 'Value' => '<string>', // REQUIRED ], // ... ], ], 'ObjectSizeGreaterThan' => <integer>, 'ObjectSizeLessThan' => <integer>, 'Prefix' => '<string>', 'Tag' => [ 'Key' => '<string>', // REQUIRED 'Value' => '<string>', // REQUIRED ], ], 'ID' => '<string>', 'NoncurrentVersionExpiration' => [ 'NewerNoncurrentVersions' => <integer>, 'NoncurrentDays' => <integer>, ], 'NoncurrentVersionTransitions' => [ [ 'NoncurrentDays' => <integer>, 'StorageClass' => 'GLACIER|STANDARD_IA|ONEZONE_IA|INTELLIGENT_TIERING|DEEP_ARCHIVE', ], // ... ], 'Status' => 'Enabled|Disabled', // REQUIRED 'Transitions' => [ [ 'Date' => <integer || string || DateTime>, 'Days' => <integer>, 'StorageClass' => 'GLACIER|STANDARD_IA|ONEZONE_IA|INTELLIGENT_TIERING|DEEP_ARCHIVE', ], // ... ], ], // ... ], ], ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the Outposts bucket.
- Bucket
-
- Required: Yes
- Type: string
The name of the bucket for which to set the configuration.
- LifecycleConfiguration
-
- Type: LifecycleConfiguration structure
Container for lifecycle rules. You can add as many as 1,000 rules.
Result Syntax
[]
Result Details
Errors
There are no errors described for this operation.
PutBucketPolicy
$result = $client->putBucketPolicy
([/* ... */]); $promise = $client->putBucketPolicyAsync
([/* ... */]);
This action puts a bucket policy to an Amazon S3 on Outposts bucket. To put a policy on an S3 bucket, see PutBucketPolicy in the Amazon S3 API Reference.
Applies an Amazon S3 bucket policy to an Outposts bucket. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.
If you are using an identity other than the root user of the Amazon Web Services account that owns the Outposts bucket, the calling identity must have the PutBucketPolicy
permissions on the specified Outposts bucket and belong to the bucket owner's account in order to use this action.
If you don't have PutBucketPolicy
permissions, Amazon S3 returns a 403 Access Denied
error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 405 Method Not Allowed
error.
As a security precaution, the root user of the Amazon Web Services account that owns a bucket can always use this action, even if the policy explicitly denies the root user the ability to perform this action.
For more information about bucket policies, see Using Bucket Policies and User Policies.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples section.
The following actions are related to PutBucketPolicy
:
Parameter Syntax
$result = $client->putBucketPolicy([ 'AccountId' => '<string>', // REQUIRED 'Bucket' => '<string>', // REQUIRED 'ConfirmRemoveSelfBucketAccess' => true || false, 'Policy' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the Outposts bucket.
- Bucket
-
- Required: Yes
- Type: string
Specifies the bucket.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format
arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>
. For example, to access the bucketreports
through Outpostmy-outpost
owned by account123456789012
in Regionus-west-2
, use the URL encoding ofarn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports
. The value must be URL encoded. - ConfirmRemoveSelfBucketAccess
-
- Type: boolean
Set this parameter to true to confirm that you want to remove your permissions to change this bucket policy in the future.
This is not supported by Amazon S3 on Outposts buckets.
- Policy
-
- Required: Yes
- Type: string
The bucket policy as a JSON document.
Result Syntax
[]
Result Details
Errors
There are no errors described for this operation.
PutBucketReplication
$result = $client->putBucketReplication
([/* ... */]); $promise = $client->putBucketReplicationAsync
([/* ... */]);
This action creates an Amazon S3 on Outposts bucket's replication configuration. To create an S3 bucket's replication configuration, see PutBucketReplication in the Amazon S3 API Reference.
Creates a replication configuration or replaces an existing one. For information about S3 replication on Outposts configuration, see Replicating objects for S3 on Outposts in the Amazon S3 User Guide.
It can take a while to propagate PUT
or DELETE
requests for a replication configuration to all S3 on Outposts systems. Therefore, the replication configuration that's returned by a GET
request soon after a PUT
or DELETE
request might return a more recent result than what's on the Outpost. If an Outpost is offline, the delay in updating the replication configuration on that Outpost can be significant.
Specify the replication configuration in the request body. In the replication configuration, you provide the following information:
-
The name of the destination bucket or buckets where you want S3 on Outposts to replicate objects
-
The Identity and Access Management (IAM) role that S3 on Outposts can assume to replicate objects on your behalf
-
Other relevant information, such as replication rules
A replication configuration must include at least one rule and can contain a maximum of 100. Each rule identifies a subset of objects to replicate by filtering the objects in the source Outposts bucket. To choose additional subsets of objects to replicate, add a rule for each subset.
To specify a subset of the objects in the source Outposts bucket to apply a replication rule to, add the Filter
element as a child of the Rule
element. You can filter objects based on an object key prefix, one or more object tags, or both. When you add the Filter
element in the configuration, you must also add the following elements: DeleteMarkerReplication
, Status
, and Priority
.
Using PutBucketReplication
on Outposts requires that both the source and destination buckets must have versioning enabled. For information about enabling versioning on a bucket, see Managing S3 Versioning for your S3 on Outposts bucket.
For information about S3 on Outposts replication failure reasons, see Replication failure reasons in the Amazon S3 User Guide.
Handling Replication of Encrypted Objects
Outposts buckets are encrypted at all times. All the objects in the source Outposts bucket are encrypted and can be replicated. Also, all the replicas in the destination Outposts bucket are encrypted with the same encryption key as the objects in the source Outposts bucket.
Permissions
To create a PutBucketReplication
request, you must have s3-outposts:PutReplicationConfiguration
permissions for the bucket. The Outposts bucket owner has this permission by default and can grant it to others. For more information about permissions, see Setting up IAM with S3 on Outposts and Managing access to S3 on Outposts buckets.
To perform this operation, the user or role must also have the iam:CreateRole
and iam:PassRole
permissions. For more information, see Granting a user permissions to pass a role to an Amazon Web Services service.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples section.
The following operations are related to PutBucketReplication
:
Parameter Syntax
$result = $client->putBucketReplication([ 'AccountId' => '<string>', // REQUIRED 'Bucket' => '<string>', // REQUIRED 'ReplicationConfiguration' => [ // REQUIRED 'Role' => '<string>', // REQUIRED 'Rules' => [ // REQUIRED [ 'Bucket' => '<string>', // REQUIRED 'DeleteMarkerReplication' => [ 'Status' => 'Enabled|Disabled', // REQUIRED ], 'Destination' => [ // REQUIRED 'AccessControlTranslation' => [ 'Owner' => 'Destination', // REQUIRED ], 'Account' => '<string>', 'Bucket' => '<string>', // REQUIRED 'EncryptionConfiguration' => [ 'ReplicaKmsKeyID' => '<string>', ], 'Metrics' => [ 'EventThreshold' => [ 'Minutes' => <integer>, ], 'Status' => 'Enabled|Disabled', // REQUIRED ], 'ReplicationTime' => [ 'Status' => 'Enabled|Disabled', // REQUIRED 'Time' => [ // REQUIRED 'Minutes' => <integer>, ], ], 'StorageClass' => 'STANDARD|REDUCED_REDUNDANCY|STANDARD_IA|ONEZONE_IA|INTELLIGENT_TIERING|GLACIER|DEEP_ARCHIVE|OUTPOSTS|GLACIER_IR', ], 'ExistingObjectReplication' => [ 'Status' => 'Enabled|Disabled', // REQUIRED ], 'Filter' => [ 'And' => [ 'Prefix' => '<string>', 'Tags' => [ [ 'Key' => '<string>', // REQUIRED 'Value' => '<string>', // REQUIRED ], // ... ], ], 'Prefix' => '<string>', 'Tag' => [ 'Key' => '<string>', // REQUIRED 'Value' => '<string>', // REQUIRED ], ], 'ID' => '<string>', 'Prefix' => '<string>', 'Priority' => <integer>, 'SourceSelectionCriteria' => [ 'ReplicaModifications' => [ 'Status' => 'Enabled|Disabled', // REQUIRED ], 'SseKmsEncryptedObjects' => [ 'Status' => 'Enabled|Disabled', // REQUIRED ], ], 'Status' => 'Enabled|Disabled', // REQUIRED ], // ... ], ], ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the Outposts bucket.
- Bucket
-
- Required: Yes
- Type: string
Specifies the S3 on Outposts bucket to set the configuration for.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format
arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>
. For example, to access the bucketreports
through Outpostmy-outpost
owned by account123456789012
in Regionus-west-2
, use the URL encoding ofarn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports
. The value must be URL encoded. - ReplicationConfiguration
-
- Required: Yes
- Type: ReplicationConfiguration structure
Result Syntax
[]
Result Details
Errors
There are no errors described for this operation.
PutBucketTagging
$result = $client->putBucketTagging
([/* ... */]); $promise = $client->putBucketTaggingAsync
([/* ... */]);
This action puts tags on an Amazon S3 on Outposts bucket. To put tags on an S3 bucket, see PutBucketTagging in the Amazon S3 API Reference.
Sets the tags for an S3 on Outposts bucket. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.
Use tags to organize your Amazon Web Services bill to reflect your own cost structure. To do this, sign up to get your Amazon Web Services account bill with tag key values included. Then, to see the cost of combined resources, organize your billing information according to resources with the same tag key values. For example, you can tag several resources with a specific application name, and then organize your billing information to see the total cost of that application across several services. For more information, see Cost allocation and tagging.
Within a bucket, if you add a tag that has the same key as an existing tag, the new value overwrites the old value. For more information, see Using cost allocation in Amazon S3 bucket tags.
To use this action, you must have permissions to perform the s3-outposts:PutBucketTagging
action. The Outposts bucket owner has this permission by default and can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing access permissions to your Amazon S3 resources.
PutBucketTagging
has the following special errors:
-
Error code:
InvalidTagError
-
Description: The tag provided was not a valid tag. This error can occur if the tag did not pass input validation. For information about tag restrictions, see User-Defined Tag Restrictions and Amazon Web Services-Generated Cost Allocation Tag Restrictions.
-
-
Error code:
MalformedXMLError
-
Description: The XML provided does not match the schema.
-
-
Error code:
OperationAbortedError
-
Description: A conflicting conditional action is currently in progress against this resource. Try again.
-
-
Error code:
InternalError
-
Description: The service was unable to apply the provided tag to the bucket.
-
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples section.
The following actions are related to PutBucketTagging
:
Parameter Syntax
$result = $client->putBucketTagging([ 'AccountId' => '<string>', // REQUIRED 'Bucket' => '<string>', // REQUIRED 'Tagging' => [ // REQUIRED 'TagSet' => [ // REQUIRED [ 'Key' => '<string>', // REQUIRED 'Value' => '<string>', // REQUIRED ], // ... ], ], ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the Outposts bucket.
- Bucket
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the bucket.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format
arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>
. For example, to access the bucketreports
through Outpostmy-outpost
owned by account123456789012
in Regionus-west-2
, use the URL encoding ofarn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports
. The value must be URL encoded. - Tagging
-
- Required: Yes
- Type: Tagging structure
Result Syntax
[]
Result Details
Errors
There are no errors described for this operation.
PutBucketVersioning
$result = $client->putBucketVersioning
([/* ... */]); $promise = $client->putBucketVersioningAsync
([/* ... */]);
This operation sets the versioning state for S3 on Outposts buckets only. To set the versioning state for an S3 bucket, see PutBucketVersioning in the Amazon S3 API Reference.
Sets the versioning state for an S3 on Outposts bucket. With S3 Versioning, you can save multiple distinct copies of your objects and recover from unintended user actions and application failures.
You can set the versioning state to one of the following:
-
Enabled - Enables versioning for the objects in the bucket. All objects added to the bucket receive a unique version ID.
-
Suspended - Suspends versioning for the objects in the bucket. All objects added to the bucket receive the version ID
null
.
If you've never set versioning on your bucket, it has no versioning state. In that case, a GetBucketVersioning request does not return a versioning state value.
When you enable S3 Versioning, for each object in your bucket, you have a current version and zero or more noncurrent versions. You can configure your bucket S3 Lifecycle rules to expire noncurrent versions after a specified time period. For more information, see Creating and managing a lifecycle configuration for your S3 on Outposts bucket in the Amazon S3 User Guide.
If you have an object expiration lifecycle configuration in your non-versioned bucket and you want to maintain the same permanent delete behavior when you enable versioning, you must add a noncurrent expiration policy. The noncurrent expiration lifecycle configuration will manage the deletes of the noncurrent object versions in the version-enabled bucket. For more information, see Versioning in the Amazon S3 User Guide.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id
to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control
. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id
derived by using the access point ARN, see the Examples section.
The following operations are related to PutBucketVersioning
for S3 on Outposts.
Parameter Syntax
$result = $client->putBucketVersioning([ 'AccountId' => '<string>', // REQUIRED 'Bucket' => '<string>', // REQUIRED 'MFA' => '<string>', 'VersioningConfiguration' => [ // REQUIRED 'MFADelete' => 'Enabled|Disabled', 'Status' => 'Enabled|Suspended', ], ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the S3 on Outposts bucket.
- Bucket
-
- Required: Yes
- Type: string
The S3 on Outposts bucket to set the versioning state for.
- MFA
-
- Type: string
The concatenation of the authentication device's serial number, a space, and the value that is displayed on your authentication device.
- VersioningConfiguration
-
- Required: Yes
- Type: VersioningConfiguration structure
The root-level tag for the
VersioningConfiguration
parameters.
Result Syntax
[]
Result Details
Errors
There are no errors described for this operation.
PutJobTagging
$result = $client->putJobTagging
([/* ... */]); $promise = $client->putJobTaggingAsync
([/* ... */]);
Sets the supplied tag-set on an S3 Batch Operations job.
A tag is a key-value pair. You can associate S3 Batch Operations tags with any job by sending a PUT request against the tagging subresource that is associated with the job. To modify the existing tag set, you can either replace the existing tag set entirely, or make changes within the existing tag set by retrieving the existing tag set using GetJobTagging, modify that tag set, and use this operation to replace the tag set with the one you modified. For more information, see Controlling access and labeling jobs using tags in the Amazon S3 User Guide.
-
If you send this request with an empty tag set, Amazon S3 deletes the existing tag set on the Batch Operations job. If you use this method, you are charged for a Tier 1 Request (PUT). For more information, see Amazon S3 pricing.
-
For deleting existing tags for your Batch Operations job, a DeleteJobTagging request is preferred because it achieves the same result without incurring charges.
-
A few things to consider about using tags:
-
Amazon S3 limits the maximum number of tags to 50 tags per job.
-
You can associate up to 50 tags with a job as long as they have unique tag keys.
-
A tag key can be up to 128 Unicode characters in length, and tag values can be up to 256 Unicode characters in length.
-
The key and values are case sensitive.
-
For tagging-related restrictions related to characters and encodings, see User-Defined Tag Restrictions in the Billing and Cost Management User Guide.
-
- Permissions
-
To use the
PutJobTagging
operation, you must have permission to perform thes3:PutJobTagging
action.
Related actions include:
Parameter Syntax
$result = $client->putJobTagging([ 'AccountId' => '<string>', // REQUIRED 'JobId' => '<string>', // REQUIRED 'Tags' => [ // REQUIRED [ 'Key' => '<string>', // REQUIRED 'Value' => '<string>', // REQUIRED ], // ... ], ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID associated with the S3 Batch Operations job.
- JobId
-
- Required: Yes
- Type: string
The ID for the S3 Batch Operations job whose tags you want to replace.
- Tags
-
- Required: Yes
- Type: Array of S3Tag structures
The set of tags to associate with the S3 Batch Operations job.
Result Syntax
[]
Result Details
Errors
- InternalServiceException:
- TooManyRequestsException:
- NotFoundException:
- TooManyTagsException:
Amazon S3 throws this exception if you have too many tags in your tag set.
PutMultiRegionAccessPointPolicy
$result = $client->putMultiRegionAccessPointPolicy
([/* ... */]); $promise = $client->putMultiRegionAccessPointPolicyAsync
([/* ... */]);
This operation is not supported by directory buckets.
Associates an access control policy with the specified Multi-Region Access Point. Each Multi-Region Access Point can have only one policy, so a request made to this action replaces any existing policy that is associated with the specified Multi-Region Access Point.
This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point restrictions and limitations in the Amazon S3 User Guide.
The following actions are related to PutMultiRegionAccessPointPolicy
:
Parameter Syntax
$result = $client->putMultiRegionAccessPointPolicy([ 'AccountId' => '<string>', // REQUIRED 'ClientToken' => '<string>', // REQUIRED 'Details' => [ // REQUIRED 'Name' => '<string>', // REQUIRED 'Policy' => '<string>', // REQUIRED ], ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID for the owner of the Multi-Region Access Point.
- ClientToken
-
- Required: Yes
- Type: string
An idempotency token used to identify the request and guarantee that requests are unique.
- Details
-
- Required: Yes
- Type: PutMultiRegionAccessPointPolicyInput structure
A container element containing the details of the policy for the Multi-Region Access Point.
Result Syntax
[ 'RequestTokenARN' => '<string>', ]
Result Details
Members
- RequestTokenARN
-
- Type: string
The request token associated with the request. You can use this token with DescribeMultiRegionAccessPointOperation to determine the status of asynchronous requests.
Errors
There are no errors described for this operation.
PutPublicAccessBlock
$result = $client->putPublicAccessBlock
([/* ... */]); $promise = $client->putPublicAccessBlockAsync
([/* ... */]);
This operation is not supported by directory buckets.
Creates or modifies the PublicAccessBlock
configuration for an Amazon Web Services account. For this operation, users must have the s3:PutAccountPublicAccessBlock
permission. For more information, see Using Amazon S3 block public access.
Related actions include:
Parameter Syntax
$result = $client->putPublicAccessBlock([ 'AccountId' => '<string>', // REQUIRED 'PublicAccessBlockConfiguration' => [ // REQUIRED 'BlockPublicAcls' => true || false, 'BlockPublicPolicy' => true || false, 'IgnorePublicAcls' => true || false, 'RestrictPublicBuckets' => true || false, ], ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The account ID for the Amazon Web Services account whose
PublicAccessBlock
configuration you want to set. - PublicAccessBlockConfiguration
-
- Required: Yes
- Type: PublicAccessBlockConfiguration structure
The
PublicAccessBlock
configuration that you want to apply to the specified Amazon Web Services account.
Result Syntax
[]
Result Details
Errors
There are no errors described for this operation.
PutStorageLensConfiguration
$result = $client->putStorageLensConfiguration
([/* ... */]); $promise = $client->putStorageLensConfigurationAsync
([/* ... */]);
This operation is not supported by directory buckets.
Puts an Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Working with Amazon S3 Storage Lens in the Amazon S3 User Guide. For a complete list of S3 Storage Lens metrics, see S3 Storage Lens metrics glossary in the Amazon S3 User Guide.
To use this action, you must have permission to perform the s3:PutStorageLensConfiguration
action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide.
Parameter Syntax
$result = $client->putStorageLensConfiguration([ 'AccountId' => '<string>', // REQUIRED 'ConfigId' => '<string>', // REQUIRED 'StorageLensConfiguration' => [ // REQUIRED 'AccountLevel' => [ // REQUIRED 'ActivityMetrics' => [ 'IsEnabled' => true || false, ], 'AdvancedCostOptimizationMetrics' => [ 'IsEnabled' => true || false, ], 'AdvancedDataProtectionMetrics' => [ 'IsEnabled' => true || false, ], 'BucketLevel' => [ // REQUIRED 'ActivityMetrics' => [ 'IsEnabled' => true || false, ], 'AdvancedCostOptimizationMetrics' => [ 'IsEnabled' => true || false, ], 'AdvancedDataProtectionMetrics' => [ 'IsEnabled' => true || false, ], 'DetailedStatusCodesMetrics' => [ 'IsEnabled' => true || false, ], 'PrefixLevel' => [ 'StorageMetrics' => [ // REQUIRED 'IsEnabled' => true || false, 'SelectionCriteria' => [ 'Delimiter' => '<string>', 'MaxDepth' => <integer>, 'MinStorageBytesPercentage' => <float>, ], ], ], ], 'DetailedStatusCodesMetrics' => [ 'IsEnabled' => true || false, ], 'StorageLensGroupLevel' => [ 'SelectionCriteria' => [ 'Exclude' => ['<string>', ...], 'Include' => ['<string>', ...], ], ], ], 'AwsOrg' => [ 'Arn' => '<string>', // REQUIRED ], 'DataExport' => [ 'CloudWatchMetrics' => [ 'IsEnabled' => true || false, // REQUIRED ], 'S3BucketDestination' => [ 'AccountId' => '<string>', // REQUIRED 'Arn' => '<string>', // REQUIRED 'Encryption' => [ 'SSEKMS' => [ 'KeyId' => '<string>', // REQUIRED ], 'SSES3' => [ ], ], 'Format' => 'CSV|Parquet', // REQUIRED 'OutputSchemaVersion' => 'V_1', // REQUIRED 'Prefix' => '<string>', ], ], 'Exclude' => [ 'Buckets' => ['<string>', ...], 'Regions' => ['<string>', ...], ], 'Id' => '<string>', // REQUIRED 'Include' => [ 'Buckets' => ['<string>', ...], 'Regions' => ['<string>', ...], ], 'IsEnabled' => true || false, // REQUIRED 'StorageLensArn' => '<string>', ], 'Tags' => [ [ 'Key' => '<string>', // REQUIRED 'Value' => '<string>', // REQUIRED ], // ... ], ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The account ID of the requester.
- ConfigId
-
- Required: Yes
- Type: string
The ID of the S3 Storage Lens configuration.
- StorageLensConfiguration
-
- Required: Yes
- Type: StorageLensConfiguration structure
The S3 Storage Lens configuration.
- Tags
-
- Type: Array of StorageLensTag structures
The tag set of the S3 Storage Lens configuration.
You can set up to a maximum of 50 tags.
Result Syntax
[]
Result Details
Errors
There are no errors described for this operation.
PutStorageLensConfigurationTagging
$result = $client->putStorageLensConfigurationTagging
([/* ... */]); $promise = $client->putStorageLensConfigurationTaggingAsync
([/* ... */]);
This operation is not supported by directory buckets.
Put or replace tags on an existing Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon S3 User Guide.
To use this action, you must have permission to perform the s3:PutStorageLensConfigurationTagging
action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide.
Parameter Syntax
$result = $client->putStorageLensConfigurationTagging([ 'AccountId' => '<string>', // REQUIRED 'ConfigId' => '<string>', // REQUIRED 'Tags' => [ // REQUIRED [ 'Key' => '<string>', // REQUIRED 'Value' => '<string>', // REQUIRED ], // ... ], ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The account ID of the requester.
- ConfigId
-
- Required: Yes
- Type: string
The ID of the S3 Storage Lens configuration.
- Tags
-
- Required: Yes
- Type: Array of StorageLensTag structures
The tag set of the S3 Storage Lens configuration.
You can set up to a maximum of 50 tags.
Result Syntax
[]
Result Details
Errors
There are no errors described for this operation.
SubmitMultiRegionAccessPointRoutes
$result = $client->submitMultiRegionAccessPointRoutes
([/* ... */]); $promise = $client->submitMultiRegionAccessPointRoutesAsync
([/* ... */]);
This operation is not supported by directory buckets.
Submits an updated route configuration for a Multi-Region Access Point. This API operation updates the routing status for the specified Regions from active to passive, or from passive to active. A value of 0
indicates a passive status, which means that traffic won't be routed to the specified Region. A value of 100
indicates an active status, which means that traffic will be routed to the specified Region. At least one Region must be active at all times.
When the routing configuration is changed, any in-progress operations (uploads, copies, deletes, and so on) to formerly active Regions will continue to run to their final completion state (success or failure). The routing configurations of any Regions that aren’t specified remain unchanged.
Updated routing configurations might not be immediately applied. It can take up to 2 minutes for your changes to take effect.
To submit routing control changes and failover requests, use the Amazon S3 failover control infrastructure endpoints in these five Amazon Web Services Regions:
-
us-east-1
-
us-west-2
-
ap-southeast-2
-
ap-northeast-1
-
eu-west-1
Parameter Syntax
$result = $client->submitMultiRegionAccessPointRoutes([ 'AccountId' => '<string>', // REQUIRED 'Mrap' => '<string>', // REQUIRED 'RouteUpdates' => [ // REQUIRED [ 'Bucket' => '<string>', 'Region' => '<string>', 'TrafficDialPercentage' => <integer>, // REQUIRED ], // ... ], ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID for the owner of the Multi-Region Access Point.
- Mrap
-
- Required: Yes
- Type: string
The Multi-Region Access Point ARN.
- RouteUpdates
-
- Required: Yes
- Type: Array of MultiRegionAccessPointRoute structures
The different routes that make up the new route configuration. Active routes return a value of
100
, and passive routes return a value of0
.
Result Syntax
[]
Result Details
Errors
There are no errors described for this operation.
TagResource
$result = $client->tagResource
([/* ... */]); $promise = $client->tagResourceAsync
([/* ... */]);
Creates a new Amazon Web Services resource tag or updates an existing resource tag. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources. You can add up to 50 Amazon Web Services resource tags for each S3 resource.
This operation is only supported for S3 Storage Lens groups and for S3 Access Grants. The tagged resource can be an S3 Storage Lens group or S3 Access Grants instance, registered location, or grant.
- Permissions
-
You must have the
s3:TagResource
permission to use this operation.
For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups.
For information about S3 Tagging errors, see List of Amazon S3 Tagging error codes.
Parameter Syntax
$result = $client->tagResource([ 'AccountId' => '<string>', // REQUIRED 'ResourceArn' => '<string>', // REQUIRED 'Tags' => [ // REQUIRED [ 'Key' => '<string>', // REQUIRED 'Value' => '<string>', // REQUIRED ], // ... ], ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID that created the S3 resource that you're trying to add tags to or the requester's account ID.
- ResourceArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the S3 resource that you're trying to add tags to. The tagged resource can be an S3 Storage Lens group or S3 Access Grants instance, registered location, or grant.
- Tags
-
- Required: Yes
- Type: Array of Tag structures
The Amazon Web Services resource tags that you want to add to the specified S3 resource.
Result Syntax
[]
Result Details
Errors
There are no errors described for this operation.
UntagResource
$result = $client->untagResource
([/* ... */]); $promise = $client->untagResourceAsync
([/* ... */]);
This operation removes the specified Amazon Web Services resource tags from an S3 resource. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources.
This operation is only supported for S3 Storage Lens groups and for S3 Access Grants. The tagged resource can be an S3 Storage Lens group or S3 Access Grants instance, registered location, or grant.
- Permissions
-
You must have the
s3:UntagResource
permission to use this operation.
For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups.
For information about S3 Tagging errors, see List of Amazon S3 Tagging error codes.
Parameter Syntax
$result = $client->untagResource([ 'AccountId' => '<string>', // REQUIRED 'ResourceArn' => '<string>', // REQUIRED 'TagKeys' => ['<string>', ...], // REQUIRED ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID that owns the resource that you're trying to remove the tags from.
- ResourceArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the S3 resource that you're trying to remove the tags from.
- TagKeys
-
- Required: Yes
- Type: Array of strings
The array of tag key-value pairs that you're trying to remove from of the S3 resource.
Result Syntax
[]
Result Details
Errors
There are no errors described for this operation.
UpdateAccessGrantsLocation
$result = $client->updateAccessGrantsLocation
([/* ... */]); $promise = $client->updateAccessGrantsLocationAsync
([/* ... */]);
Updates the IAM role of a registered location in your S3 Access Grants instance.
- Permissions
-
You must have the
s3:UpdateAccessGrantsLocation
permission to use this operation. - Additional Permissions
-
You must also have the following permission:
iam:PassRole
Parameter Syntax
$result = $client->updateAccessGrantsLocation([ 'AccessGrantsLocationId' => '<string>', // REQUIRED 'AccountId' => '<string>', // REQUIRED 'IAMRoleArn' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AccessGrantsLocationId
-
- Required: Yes
- Type: string
The ID of the registered location that you are updating. S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID
default
to the default locations3://
and assigns an auto-generated ID to other locations that you register.The ID of the registered location to which you are granting access. S3 Access Grants assigned this ID when you registered the location. S3 Access Grants assigns the ID
default
to the default locations3://
and assigns an auto-generated ID to other locations that you register.If you are passing the
default
location, you cannot create an access grant for the entire default location. You must also specify a bucket or a bucket and prefix in theSubprefix
field. - AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the S3 Access Grants instance.
- IAMRoleArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the IAM role for the registered location. S3 Access Grants assumes this role to manage access to the registered location.
Result Syntax
[ 'AccessGrantsLocationArn' => '<string>', 'AccessGrantsLocationId' => '<string>', 'CreatedAt' => <DateTime>, 'IAMRoleArn' => '<string>', 'LocationScope' => '<string>', ]
Result Details
Members
- AccessGrantsLocationArn
-
- Type: string
The Amazon Resource Name (ARN) of the registered location that you are updating.
- AccessGrantsLocationId
-
- Type: string
The ID of the registered location to which you are granting access. S3 Access Grants assigned this ID when you registered the location. S3 Access Grants assigns the ID
default
to the default locations3://
and assigns an auto-generated ID to other locations that you register. - CreatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time when you registered the location.
- IAMRoleArn
-
- Type: string
The Amazon Resource Name (ARN) of the IAM role of the registered location. S3 Access Grants assumes this role to manage access to the registered location.
- LocationScope
-
- Type: string
The S3 URI path of the location that you are updating. You cannot update the scope of the registered location. The location scope can be the default S3 location
s3://
, the S3 path to a buckets3://<bucket>
, or the S3 path to a bucket and prefixs3://<bucket>/<prefix>
.
Errors
There are no errors described for this operation.
UpdateJobPriority
$result = $client->updateJobPriority
([/* ... */]); $promise = $client->updateJobPriorityAsync
([/* ... */]);
Updates an existing S3 Batch Operations job's priority. For more information, see S3 Batch Operations in the Amazon S3 User Guide.
- Permissions
-
To use the
UpdateJobPriority
operation, you must have permission to perform thes3:UpdateJobPriority
action.
Related actions include:
Parameter Syntax
$result = $client->updateJobPriority([ 'AccountId' => '<string>', // REQUIRED 'JobId' => '<string>', // REQUIRED 'Priority' => <integer>, // REQUIRED ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID associated with the S3 Batch Operations job.
- JobId
-
- Required: Yes
- Type: string
The ID for the job whose priority you want to update.
- Priority
-
- Required: Yes
- Type: int
The priority you want to assign to this job.
Result Syntax
[ 'JobId' => '<string>', 'Priority' => <integer>, ]
Result Details
Members
- JobId
-
- Required: Yes
- Type: string
The ID for the job whose priority Amazon S3 updated.
- Priority
-
- Required: Yes
- Type: int
The new priority assigned to the specified job.
Errors
UpdateJobStatus
$result = $client->updateJobStatus
([/* ... */]); $promise = $client->updateJobStatusAsync
([/* ... */]);
Updates the status for the specified job. Use this operation to confirm that you want to run a job or to cancel an existing job. For more information, see S3 Batch Operations in the Amazon S3 User Guide.
- Permissions
-
To use the
UpdateJobStatus
operation, you must have permission to perform thes3:UpdateJobStatus
action.
Related actions include:
Parameter Syntax
$result = $client->updateJobStatus([ 'AccountId' => '<string>', // REQUIRED 'JobId' => '<string>', // REQUIRED 'RequestedJobStatus' => 'Cancelled|Ready', // REQUIRED 'StatusUpdateReason' => '<string>', ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID associated with the S3 Batch Operations job.
- JobId
-
- Required: Yes
- Type: string
The ID of the job whose status you want to update.
- RequestedJobStatus
-
- Required: Yes
- Type: string
The status that you want to move the specified job to.
- StatusUpdateReason
-
- Type: string
A description of the reason why you want to change the specified job's status. This field can be any string up to the maximum length.
Result Syntax
[ 'JobId' => '<string>', 'Status' => 'Active|Cancelled|Cancelling|Complete|Completing|Failed|Failing|New|Paused|Pausing|Preparing|Ready|Suspended', 'StatusUpdateReason' => '<string>', ]
Result Details
Members
- JobId
-
- Type: string
The ID for the job whose status was updated.
- Status
-
- Type: string
The current status for the specified job.
- StatusUpdateReason
-
- Type: string
The reason that the specified job's status was updated.
Errors
UpdateStorageLensGroup
$result = $client->updateStorageLensGroup
([/* ... */]); $promise = $client->updateStorageLensGroupAsync
([/* ... */]);
Updates the existing Storage Lens group.
To use this operation, you must have the permission to perform the s3:UpdateStorageLensGroup
action. For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups.
For information about Storage Lens groups errors, see List of Amazon S3 Storage Lens error codes.
Parameter Syntax
$result = $client->updateStorageLensGroup([ 'AccountId' => '<string>', // REQUIRED 'Name' => '<string>', // REQUIRED 'StorageLensGroup' => [ // REQUIRED 'Filter' => [ // REQUIRED 'And' => [ 'MatchAnyPrefix' => ['<string>', ...], 'MatchAnySuffix' => ['<string>', ...], 'MatchAnyTag' => [ [ 'Key' => '<string>', // REQUIRED 'Value' => '<string>', // REQUIRED ], // ... ], 'MatchObjectAge' => [ 'DaysGreaterThan' => <integer>, 'DaysLessThan' => <integer>, ], 'MatchObjectSize' => [ 'BytesGreaterThan' => <integer>, 'BytesLessThan' => <integer>, ], ], 'MatchAnyPrefix' => ['<string>', ...], 'MatchAnySuffix' => ['<string>', ...], 'MatchAnyTag' => [ [ 'Key' => '<string>', // REQUIRED 'Value' => '<string>', // REQUIRED ], // ... ], 'MatchObjectAge' => [ 'DaysGreaterThan' => <integer>, 'DaysLessThan' => <integer>, ], 'MatchObjectSize' => [ 'BytesGreaterThan' => <integer>, 'BytesLessThan' => <integer>, ], 'Or' => [ 'MatchAnyPrefix' => ['<string>', ...], 'MatchAnySuffix' => ['<string>', ...], 'MatchAnyTag' => [ [ 'Key' => '<string>', // REQUIRED 'Value' => '<string>', // REQUIRED ], // ... ], 'MatchObjectAge' => [ 'DaysGreaterThan' => <integer>, 'DaysLessThan' => <integer>, ], 'MatchObjectSize' => [ 'BytesGreaterThan' => <integer>, 'BytesLessThan' => <integer>, ], ], ], 'Name' => '<string>', // REQUIRED 'StorageLensGroupArn' => '<string>', ], ]);
Parameter Details
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the Storage Lens group owner.
- Name
-
- Required: Yes
- Type: string
The name of the Storage Lens group that you want to update.
- StorageLensGroup
-
- Required: Yes
- Type: StorageLensGroup structure
The JSON file that contains the Storage Lens group configuration.
Result Syntax
[]
Result Details
Errors
There are no errors described for this operation.
Shapes
AbortIncompleteMultipartUpload
Description
The container for abort incomplete multipart upload
Members
- DaysAfterInitiation
-
- Type: int
Specifies the number of days after which Amazon S3 aborts an incomplete multipart upload to the Outposts bucket.
AccessControlTranslation
Description
A container for information about access control for replicas.
This is not supported by Amazon S3 on Outposts buckets.
Members
- Owner
-
- Required: Yes
- Type: string
Specifies the replica ownership.
AccessGrantsLocationConfiguration
Description
The configuration options of the S3 Access Grants location. It contains the S3SubPrefix
field. The grant scope, the data to which you are granting access, is the result of appending the Subprefix
field to the scope of the registered location.
Members
- S3SubPrefix
-
- Type: string
The
S3SubPrefix
is appended to the location scope creating the grant scope. Use this field to narrow the scope of the grant to a subset of the location scope. This field is required if the location scope is the default locations3://
because you cannot create a grant for all of your S3 data in the Region and must narrow the scope. For example, if the location scope is the default locations3://
, theS3SubPrefx
can be a <bucket-name>/*, so the full grant scope path would bes3://<bucket-name>/*
. Or theS3SubPrefx
can be<bucket-name>/<prefix-name>*
, so the full grant scope path would be ors3://<bucket-name>/<prefix-name>*
.If the
S3SubPrefix
includes a prefix, append the wildcard character*
after the prefix to indicate that you want to include all object key names in the bucket that start with that prefix.
AccessPoint
Description
An access point used to access a bucket.
Members
- AccessPointArn
-
- Type: string
The ARN for the access point.
- Alias
-
- Type: string
The name or alias of the access point.
- Bucket
-
- Required: Yes
- Type: string
The name of the bucket associated with this access point.
- BucketAccountId
-
- Type: string
The Amazon Web Services account ID associated with the S3 bucket associated with this access point.
- Name
-
- Required: Yes
- Type: string
The name of this access point.
- NetworkOrigin
-
- Required: Yes
- Type: string
Indicates whether this access point allows access from the public internet. If
VpcConfiguration
is specified for this access point, thenNetworkOrigin
isVPC
, and the access point doesn't allow access from the public internet. Otherwise,NetworkOrigin
isInternet
, and the access point allows access from the public internet, subject to the access point and bucket access policies. - VpcConfiguration
-
- Type: VpcConfiguration structure
The virtual private cloud (VPC) configuration for this access point, if one exists.
This element is empty if this access point is an Amazon S3 on Outposts access point that is used by other Amazon Web Services services.
AccountLevel
Description
A container element for the account-level Amazon S3 Storage Lens configuration.
For more information about S3 Storage Lens, see Assessing your storage activity and usage with S3 Storage Lens in the Amazon S3 User Guide. For a complete list of S3 Storage Lens metrics, see S3 Storage Lens metrics glossary in the Amazon S3 User Guide.
Members
- ActivityMetrics
-
- Type: ActivityMetrics structure
A container element for S3 Storage Lens activity metrics.
- AdvancedCostOptimizationMetrics
-
- Type: AdvancedCostOptimizationMetrics structure
A container element for S3 Storage Lens advanced cost-optimization metrics.
- AdvancedDataProtectionMetrics
-
- Type: AdvancedDataProtectionMetrics structure
A container element for S3 Storage Lens advanced data-protection metrics.
- BucketLevel
-
- Required: Yes
- Type: BucketLevel structure
A container element for the S3 Storage Lens bucket-level configuration.
- DetailedStatusCodesMetrics
-
- Type: DetailedStatusCodesMetrics structure
A container element for detailed status code metrics.
- StorageLensGroupLevel
-
- Type: StorageLensGroupLevel structure
A container element for S3 Storage Lens groups metrics.
ActivityMetrics
Description
The container element for Amazon S3 Storage Lens activity metrics. Activity metrics show details about how your storage is requested, such as requests (for example, All requests, Get requests, Put requests), bytes uploaded or downloaded, and errors.
For more information about S3 Storage Lens, see Assessing your storage activity and usage with S3 Storage Lens in the Amazon S3 User Guide. For a complete list of S3 Storage Lens metrics, see S3 Storage Lens metrics glossary in the Amazon S3 User Guide.
Members
- IsEnabled
-
- Type: boolean
A container that indicates whether activity metrics are enabled.
AdvancedCostOptimizationMetrics
Description
The container element for Amazon S3 Storage Lens advanced cost-optimization metrics. Advanced cost-optimization metrics provide insights that you can use to manage and optimize your storage costs, for example, lifecycle rule counts for transitions, expirations, and incomplete multipart uploads.
For more information about S3 Storage Lens, see Assessing your storage activity and usage with S3 Storage Lens in the Amazon S3 User Guide. For a complete list of S3 Storage Lens metrics, see S3 Storage Lens metrics glossary in the Amazon S3 User Guide.
Members
- IsEnabled
-
- Type: boolean
A container that indicates whether advanced cost-optimization metrics are enabled.
AdvancedDataProtectionMetrics
Description
The container element for Amazon S3 Storage Lens advanced data-protection metrics. Advanced data-protection metrics provide insights that you can use to perform audits and protect your data, for example replication rule counts within and across Regions.
For more information about S3 Storage Lens, see Assessing your storage activity and usage with S3 Storage Lens in the Amazon S3 User Guide. For a complete list of S3 Storage Lens metrics, see S3 Storage Lens metrics glossary in the Amazon S3 User Guide.
Members
- IsEnabled
-
- Type: boolean
A container that indicates whether advanced data-protection metrics are enabled.
AssociateAccessGrantsIdentityCenterRequest
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the S3 Access Grants instance.
- IdentityCenterArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the Amazon Web Services IAM Identity Center instance that you are associating with your S3 Access Grants instance. An IAM Identity Center instance is your corporate identity directory that you added to the IAM Identity Center. You can use the ListInstances API operation to retrieve a list of your Identity Center instances and their ARNs.
AsyncErrorDetails
Description
Error details for the failed asynchronous operation.
Members
- Code
-
- Type: string
A string that uniquely identifies the error condition.
- Message
-
- Type: string
A generic description of the error condition in English.
- RequestId
-
- Type: string
The ID of the request associated with the error.
- Resource
-
- Type: string
The identifier of the resource associated with the error.
AsyncOperation
Description
A container for the information about an asynchronous operation.
Members
- CreationTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time that the request was sent to the service.
- Operation
-
- Type: string
The specific operation for the asynchronous request.
- RequestParameters
-
- Type: AsyncRequestParameters structure
The parameters associated with the request.
- RequestStatus
-
- Type: string
The current status of the request.
- RequestTokenARN
-
- Type: string
The request token associated with the request.
- ResponseDetails
-
- Type: AsyncResponseDetails structure
The details of the response.
AsyncRequestParameters
Description
A container for the request parameters associated with an asynchronous request.
Members
- CreateMultiRegionAccessPointRequest
-
- Type: CreateMultiRegionAccessPointInput structure
A container of the parameters for a CreateMultiRegionAccessPoint request.
- DeleteMultiRegionAccessPointRequest
-
- Type: DeleteMultiRegionAccessPointInput structure
A container of the parameters for a DeleteMultiRegionAccessPoint request.
- PutMultiRegionAccessPointPolicyRequest
-
- Type: PutMultiRegionAccessPointPolicyInput structure
A container of the parameters for a PutMultiRegionAccessPoint request.
AsyncResponseDetails
Description
A container for the response details that are returned when querying about an asynchronous request.
Members
- ErrorDetails
-
- Type: AsyncErrorDetails structure
Error details for an asynchronous request.
- MultiRegionAccessPointDetails
-
- Type: MultiRegionAccessPointsAsyncResponse structure
The details for the Multi-Region Access Point.
AwsLambdaTransformation
Description
Lambda function used to transform objects through an Object Lambda Access Point.
Members
- FunctionArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the Lambda function.
- FunctionPayload
-
- Type: string
Additional JSON that provides supplemental data to the Lambda function used to transform objects.
BadRequestException
Description
Members
- Message
-
- Type: string
BucketAlreadyExists
Description
The requested Outposts bucket name is not available. The bucket namespace is shared by all users of the Outposts in this Region. Select a different name and try again.
Members
BucketAlreadyOwnedByYou
Description
The Outposts bucket you tried to create already exists, and you own it.
Members
BucketLevel
Description
A container for the bucket-level configuration for Amazon S3 Storage Lens.
For more information about S3 Storage Lens, see Assessing your storage activity and usage with S3 Storage Lens in the Amazon S3 User Guide.
Members
- ActivityMetrics
-
- Type: ActivityMetrics structure
A container for the bucket-level activity metrics for S3 Storage Lens.
- AdvancedCostOptimizationMetrics
-
- Type: AdvancedCostOptimizationMetrics structure
A container for bucket-level advanced cost-optimization metrics for S3 Storage Lens.
- AdvancedDataProtectionMetrics
-
- Type: AdvancedDataProtectionMetrics structure
A container for bucket-level advanced data-protection metrics for S3 Storage Lens.
- DetailedStatusCodesMetrics
-
- Type: DetailedStatusCodesMetrics structure
A container for bucket-level detailed status code metrics for S3 Storage Lens.
- PrefixLevel
-
- Type: PrefixLevel structure
A container for the prefix-level metrics for S3 Storage Lens.
CloudWatchMetrics
Description
A container for enabling Amazon CloudWatch publishing for S3 Storage Lens metrics.
For more information about publishing S3 Storage Lens metrics to CloudWatch, see Monitor S3 Storage Lens metrics in CloudWatch in the Amazon S3 User Guide.
Members
- IsEnabled
-
- Required: Yes
- Type: boolean
A container that indicates whether CloudWatch publishing for S3 Storage Lens metrics is enabled. A value of
true
indicates that CloudWatch publishing for S3 Storage Lens metrics is enabled.
CreateAccessGrantRequest
Members
- AccessGrantsLocationConfiguration
-
- Type: AccessGrantsLocationConfiguration structure
The configuration options of the grant location. The grant location is the S3 path to the data to which you are granting access. It contains the
S3SubPrefix
field. The grant scope is the result of appending the subprefix to the location scope of the registered location. - AccessGrantsLocationId
-
- Required: Yes
- Type: string
The ID of the registered location to which you are granting access. S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID
default
to the default locations3://
and assigns an auto-generated ID to other locations that you register.If you are passing the
default
location, you cannot create an access grant for the entire default location. You must also specify a bucket or a bucket and prefix in theSubprefix
field. - AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the S3 Access Grants instance.
- ApplicationArn
-
- Type: string
The Amazon Resource Name (ARN) of an Amazon Web Services IAM Identity Center application associated with your Identity Center instance. If an application ARN is included in the request to create an access grant, the grantee can only access the S3 data through this application.
- Grantee
-
- Required: Yes
- Type: Grantee structure
The user, group, or role to which you are granting access. You can grant access to an IAM user or role. If you have added your corporate directory to Amazon Web Services IAM Identity Center and associated your Identity Center instance with your S3 Access Grants instance, the grantee can also be a corporate directory user or group.
- Permission
-
- Required: Yes
- Type: string
The type of access that you are granting to your S3 data, which can be set to one of the following values:
-
READ
– Grant read-only access to the S3 data. -
WRITE
– Grant write-only access to the S3 data. -
READWRITE
– Grant both read and write access to the S3 data.
- S3PrefixType
-
- Type: string
The type of
S3SubPrefix
. The only possible value isObject
. Pass this value if the access grant scope is an object. Do not pass this value if the access grant scope is a bucket or a bucket and a prefix. - Tags
-
- Type: Array of Tag structures
The Amazon Web Services resource tags that you are adding to the access grant. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources.
CreateAccessGrantsInstanceRequest
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the S3 Access Grants instance.
- IdentityCenterArn
-
- Type: string
If you would like to associate your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance, use this field to pass the Amazon Resource Name (ARN) of the Amazon Web Services IAM Identity Center instance that you are associating with your S3 Access Grants instance. An IAM Identity Center instance is your corporate identity directory that you added to the IAM Identity Center. You can use the ListInstances API operation to retrieve a list of your Identity Center instances and their ARNs.
- Tags
-
- Type: Array of Tag structures
The Amazon Web Services resource tags that you are adding to the S3 Access Grants instance. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources.
CreateAccessGrantsLocationRequest
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the S3 Access Grants instance.
- IAMRoleArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the IAM role for the registered location. S3 Access Grants assumes this role to manage access to the registered location.
- LocationScope
-
- Required: Yes
- Type: string
The S3 path to the location that you are registering. The location scope can be the default S3 location
s3://
, the S3 path to a buckets3://<bucket>
, or the S3 path to a bucket and prefixs3://<bucket>/<prefix>
. A prefix in S3 is a string of characters at the beginning of an object key name used to organize the objects that you store in your S3 buckets. For example, object key names that start with theengineering/
prefix or object key names that start with themarketing/campaigns/
prefix. - Tags
-
- Type: Array of Tag structures
The Amazon Web Services resource tags that you are adding to the S3 Access Grants location. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources.
CreateAccessPointForObjectLambdaRequest
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID for owner of the specified Object Lambda Access Point.
- Configuration
-
- Required: Yes
- Type: ObjectLambdaConfiguration structure
Object Lambda Access Point configuration as a JSON document.
- Name
-
- Required: Yes
- Type: string
The name you want to assign to this Object Lambda Access Point.
CreateAccessPointRequest
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID for the account that owns the specified access point.
- Bucket
-
- Required: Yes
- Type: string
The name of the bucket that you want to associate this access point with.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format
arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>
. For example, to access the bucketreports
through Outpostmy-outpost
owned by account123456789012
in Regionus-west-2
, use the URL encoding ofarn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports
. The value must be URL encoded. - BucketAccountId
-
- Type: string
The Amazon Web Services account ID associated with the S3 bucket associated with this access point.
For same account access point when your bucket and access point belong to the same account owner, the
BucketAccountId
is not required. For cross-account access point when your bucket and access point are not in the same account, theBucketAccountId
is required. - Name
-
- Required: Yes
- Type: string
The name you want to assign to this access point.
- PublicAccessBlockConfiguration
-
- Type: PublicAccessBlockConfiguration structure
The
PublicAccessBlock
configuration that you want to apply to the access point. - VpcConfiguration
-
- Type: VpcConfiguration structure
If you include this field, Amazon S3 restricts access to this access point to requests from the specified virtual private cloud (VPC).
This is required for creating an access point for Amazon S3 on Outposts buckets.
CreateBucketConfiguration
Description
The container for the bucket configuration.
This is not supported by Amazon S3 on Outposts buckets.
Members
- LocationConstraint
-
- Type: string
Specifies the Region where the bucket will be created. If you are creating a bucket on the US East (N. Virginia) Region (us-east-1), you do not need to specify the location.
This is not supported by Amazon S3 on Outposts buckets.
CreateJobRequest
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID that creates the job.
- ClientRequestToken
-
- Required: Yes
- Type: string
An idempotency token to ensure that you don't accidentally submit the same request twice. You can use any string up to the maximum length.
- ConfirmationRequired
-
- Type: boolean
Indicates whether confirmation is required before Amazon S3 runs the job. Confirmation is only required for jobs created through the Amazon S3 console.
- Description
-
- Type: string
A description for this job. You can use any string within the permitted length. Descriptions don't need to be unique and can be used for multiple jobs.
- Manifest
-
- Type: JobManifest structure
Configuration parameters for the manifest.
- ManifestGenerator
-
- Type: JobManifestGenerator structure
The attribute container for the ManifestGenerator details. Jobs must be created with either a manifest file or a ManifestGenerator, but not both.
- Operation
-
- Required: Yes
- Type: JobOperation structure
The action that you want this job to perform on every object listed in the manifest. For more information about the available actions, see Operations in the Amazon S3 User Guide.
- Priority
-
- Required: Yes
- Type: int
The numerical priority for this job. Higher numbers indicate higher priority.
- Report
-
- Required: Yes
- Type: JobReport structure
Configuration parameters for the optional job-completion report.
- RoleArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) for the Identity and Access Management (IAM) role that Batch Operations will use to run this job's action on every object in the manifest.
- Tags
-
- Type: Array of S3Tag structures
A set of tags to associate with the S3 Batch Operations job. This is an optional parameter.
CreateMultiRegionAccessPointInput
Description
A container for the information associated with a CreateMultiRegionAccessPoint request.
Members
- Name
-
- Required: Yes
- Type: string
The name of the Multi-Region Access Point associated with this request.
- PublicAccessBlock
-
- Type: PublicAccessBlockConfiguration structure
The
PublicAccessBlock
configuration that you want to apply to this Amazon S3 account. You can enable the configuration options in any combination. For more information about when Amazon S3 considers a bucket or object public, see The Meaning of "Public" in the Amazon S3 User Guide.This data type is not supported for Amazon S3 on Outposts.
- Regions
-
- Required: Yes
- Type: Array of Region structures
The buckets in different Regions that are associated with the Multi-Region Access Point.
CreateMultiRegionAccessPointRequest
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID for the owner of the Multi-Region Access Point. The owner of the Multi-Region Access Point also must own the underlying buckets.
- ClientToken
-
- Required: Yes
- Type: string
An idempotency token used to identify the request and guarantee that requests are unique.
- Details
-
- Required: Yes
- Type: CreateMultiRegionAccessPointInput structure
A container element containing details about the Multi-Region Access Point.
CreateStorageLensGroupRequest
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID that the Storage Lens group is created from and associated with.
- StorageLensGroup
-
- Required: Yes
- Type: StorageLensGroup structure
The Storage Lens group configuration.
- Tags
-
- Type: Array of Tag structures
The Amazon Web Services resource tags that you're adding to your Storage Lens group. This parameter is optional.
Credentials
Description
The Amazon Web Services Security Token Service temporary credential that S3 Access Grants vends to grantees and client applications.
Members
- AccessKeyId
-
- Type: string
The unique access key ID of the Amazon Web Services STS temporary credential that S3 Access Grants vends to grantees and client applications.
- Expiration
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The expiration date and time of the temporary credential that S3 Access Grants vends to grantees and client applications.
- SecretAccessKey
-
- Type: string
The secret access key of the Amazon Web Services STS temporary credential that S3 Access Grants vends to grantees and client applications.
- SessionToken
-
- Type: string
The Amazon Web Services STS temporary credential that S3 Access Grants vends to grantees and client applications.
DeleteMarkerReplication
Description
Specifies whether S3 on Outposts replicates delete markers. If you specify a Filter
element in your replication configuration, you must also include a DeleteMarkerReplication
element. If your Filter
includes a Tag
element, the DeleteMarkerReplication
element's Status
child element must be set to Disabled
, because S3 on Outposts does not support replicating delete markers for tag-based rules.
For more information about delete marker replication, see How delete operations affect replication in the Amazon S3 User Guide.
Members
- Status
-
- Required: Yes
- Type: string
Indicates whether to replicate delete markers.
DeleteMultiRegionAccessPointInput
Description
A container for the information associated with a DeleteMultiRegionAccessPoint request.
Members
- Name
-
- Required: Yes
- Type: string
The name of the Multi-Region Access Point associated with this request.
DeleteMultiRegionAccessPointRequest
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID for the owner of the Multi-Region Access Point.
- ClientToken
-
- Required: Yes
- Type: string
An idempotency token used to identify the request and guarantee that requests are unique.
- Details
-
- Required: Yes
- Type: DeleteMultiRegionAccessPointInput structure
A container element containing details about the Multi-Region Access Point.
Destination
Description
Specifies information about the replication destination bucket and its settings for an S3 on Outposts replication configuration.
Members
- AccessControlTranslation
-
- Type: AccessControlTranslation structure
Specify this property only in a cross-account scenario (where the source and destination bucket owners are not the same), and you want to change replica ownership to the Amazon Web Services account that owns the destination bucket. If this property is not specified in the replication configuration, the replicas are owned by same Amazon Web Services account that owns the source object.
This is not supported by Amazon S3 on Outposts buckets.
- Account
-
- Type: string
The destination bucket owner's account ID.
- Bucket
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the access point for the destination bucket where you want S3 on Outposts to store the replication results.
- EncryptionConfiguration
-
- Type: EncryptionConfiguration structure
A container that provides information about encryption. If
SourceSelectionCriteria
is specified, you must specify this element.This is not supported by Amazon S3 on Outposts buckets.
- Metrics
-
- Type: Metrics structure
A container that specifies replication metrics-related settings.
- ReplicationTime
-
- Type: ReplicationTime structure
A container that specifies S3 Replication Time Control (S3 RTC) settings, including whether S3 RTC is enabled and the time when all objects and operations on objects must be replicated. Must be specified together with a
Metrics
block.This is not supported by Amazon S3 on Outposts buckets.
- StorageClass
-
- Type: string
The storage class to use when replicating objects. All objects stored on S3 on Outposts are stored in the
OUTPOSTS
storage class. S3 on Outposts uses theOUTPOSTS
storage class to create the object replicas.Values other than
OUTPOSTS
aren't supported by Amazon S3 on Outposts.
DetailedStatusCodesMetrics
Description
The container element for Amazon S3 Storage Lens detailed status code metrics. Detailed status code metrics generate metrics for HTTP status codes, such as 200 OK
, 403 Forbidden
, 503 Service Unavailable
and others.
For more information about S3 Storage Lens, see Assessing your storage activity and usage with S3 Storage Lens in the Amazon S3 User Guide. For a complete list of S3 Storage Lens metrics, see S3 Storage Lens metrics glossary in the Amazon S3 User Guide.
Members
- IsEnabled
-
- Type: boolean
A container that indicates whether detailed status code metrics are enabled.
EncryptionConfiguration
Description
Specifies encryption-related information for an Amazon S3 bucket that is a destination for replicated objects. If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner.
This is not supported by Amazon S3 on Outposts buckets.
Members
- ReplicaKmsKeyID
-
- Type: string
Specifies the ID of the customer managed KMS key that's stored in Key Management Service (KMS) for the destination bucket. This ID is either the Amazon Resource Name (ARN) for the KMS key or the alias ARN for the KMS key. Amazon S3 uses this KMS key to encrypt replica objects. Amazon S3 supports only symmetric encryption KMS keys. For more information, see Symmetric encryption KMS keys in the Amazon Web Services Key Management Service Developer Guide.
EstablishedMultiRegionAccessPointPolicy
Description
The last established access control policy for a Multi-Region Access Point.
When you update the policy, the update is first listed as the proposed policy. After the update is finished and all Regions have been updated, the proposed policy is listed as the established policy. If both policies have the same version number, the proposed policy is the established policy.
Members
- Policy
-
- Type: string
The details of the last established policy.
Exclude
Description
A container for what Amazon S3 Storage Lens will exclude.
Members
- Buckets
-
- Type: Array of strings
A container for the S3 Storage Lens bucket excludes.
- Regions
-
- Type: Array of strings
A container for the S3 Storage Lens Region excludes.
ExistingObjectReplication
Description
An optional configuration to replicate existing source bucket objects.
This is not supported by Amazon S3 on Outposts buckets.
Members
- Status
-
- Required: Yes
- Type: string
Specifies whether Amazon S3 replicates existing source bucket objects.
GeneratedManifestEncryption
Description
The encryption configuration to use when storing the generated manifest.
Members
- SSEKMS
-
- Type: SSEKMSEncryption structure
Configuration details on how SSE-KMS is used to encrypt generated manifest objects.
- SSES3
-
- Type: SSES3Encryption structure
Specifies the use of SSE-S3 to encrypt generated manifest objects.
Grantee
Description
The user, group, or role to which you are granting access. You can grant access to an IAM user or role. If you have added your corporate directory to Amazon Web Services IAM Identity Center and associated your Identity Center instance with your S3 Access Grants instance, the grantee can also be a corporate directory user or group.
Members
- GranteeIdentifier
-
- Type: string
The unique identifier of the
Grantee
. If the grantee type isIAM
, the identifier is the IAM Amazon Resource Name (ARN) of the user or role. If the grantee type is a directory user or group, the identifier is 128-bit universally unique identifier (UUID) in the formata1b2c3d4-5678-90ab-cdef-EXAMPLE11111
. You can obtain this UUID from your Amazon Web Services IAM Identity Center instance. - GranteeType
-
- Type: string
The type of the grantee to which access has been granted. It can be one of the following values:
-
IAM
- An IAM user or role. -
DIRECTORY_USER
- Your corporate directory user. You can use this option if you have added your corporate identity directory to IAM Identity Center and associated the IAM Identity Center instance with your S3 Access Grants instance. -
DIRECTORY_GROUP
- Your corporate directory group. You can use this option if you have added your corporate identity directory to IAM Identity Center and associated the IAM Identity Center instance with your S3 Access Grants instance.
IdempotencyException
Description
Members
- Message
-
- Type: string
Include
Description
A container for what Amazon S3 Storage Lens configuration includes.
Members
- Buckets
-
- Type: Array of strings
A container for the S3 Storage Lens bucket includes.
- Regions
-
- Type: Array of strings
A container for the S3 Storage Lens Region includes.
InternalServiceException
Description
Members
- Message
-
- Type: string
InvalidNextTokenException
Description
Members
- Message
-
- Type: string
InvalidRequestException
Description
Members
- Message
-
- Type: string
JobDescriptor
Description
A container element for the job configuration and status information returned by a Describe Job
request.
Members
- ConfirmationRequired
-
- Type: boolean
Indicates whether confirmation is required before Amazon S3 begins running the specified job. Confirmation is required only for jobs created through the Amazon S3 console.
- CreationTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
A timestamp indicating when this job was created.
- Description
-
- Type: string
The description for this job, if one was provided in this job's
Create Job
request. - FailureReasons
-
- Type: Array of JobFailure structures
If the specified job failed, this field contains information describing the failure.
- GeneratedManifestDescriptor
-
- Type: S3GeneratedManifestDescriptor structure
The attribute of the JobDescriptor containing details about the job's generated manifest.
- JobArn
-
- Type: string
The Amazon Resource Name (ARN) for this job.
- JobId
-
- Type: string
The ID for the specified job.
- Manifest
-
- Type: JobManifest structure
The configuration information for the specified job's manifest object.
- ManifestGenerator
-
- Type: JobManifestGenerator structure
The manifest generator that was used to generate a job manifest for this job.
- Operation
-
- Type: JobOperation structure
The operation that the specified job is configured to run on the objects listed in the manifest.
- Priority
-
- Type: int
The priority of the specified job.
- ProgressSummary
-
- Type: JobProgressSummary structure
Describes the total number of tasks that the specified job has run, the number of tasks that succeeded, and the number of tasks that failed.
- Report
-
- Type: JobReport structure
Contains the configuration information for the job-completion report if you requested one in the
Create Job
request. - RoleArn
-
- Type: string
The Amazon Resource Name (ARN) for the Identity and Access Management (IAM) role assigned to run the tasks for this job.
- Status
-
- Type: string
The current status of the specified job.
- StatusUpdateReason
-
- Type: string
The reason for updating the job.
- SuspendedCause
-
- Type: string
The reason why the specified job was suspended. A job is only suspended if you create it through the Amazon S3 console. When you create the job, it enters the
Suspended
state to await confirmation before running. After you confirm the job, it automatically exits theSuspended
state. - SuspendedDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when this job was suspended, if it has been suspended.
- TerminationDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
A timestamp indicating when this job terminated. A job's termination date is the date and time when it succeeded, failed, or was canceled.
JobFailure
Description
If this job failed, this element indicates why the job failed.
Members
- FailureCode
-
- Type: string
The failure code, if any, for the specified job.
- FailureReason
-
- Type: string
The failure reason, if any, for the specified job.
JobListDescriptor
Description
Contains the configuration and status information for a single job retrieved as part of a job list.
Members
- CreationTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
A timestamp indicating when the specified job was created.
- Description
-
- Type: string
The user-specified description that was included in the specified job's
Create Job
request. - JobId
-
- Type: string
The ID for the specified job.
- Operation
-
- Type: string
The operation that the specified job is configured to run on every object listed in the manifest.
- Priority
-
- Type: int
The current priority for the specified job.
- ProgressSummary
-
- Type: JobProgressSummary structure
Describes the total number of tasks that the specified job has run, the number of tasks that succeeded, and the number of tasks that failed.
- Status
-
- Type: string
The specified job's current status.
- TerminationDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
A timestamp indicating when the specified job terminated. A job's termination date is the date and time when it succeeded, failed, or was canceled.
JobManifest
Description
Contains the configuration information for a job's manifest.
Members
- Location
-
- Required: Yes
- Type: JobManifestLocation structure
Contains the information required to locate the specified job's manifest. Manifests can't be imported from directory buckets. For more information, see Directory buckets.
- Spec
-
- Required: Yes
- Type: JobManifestSpec structure
Describes the format of the specified job's manifest. If the manifest is in CSV format, also describes the columns contained within the manifest.
JobManifestGenerator
Description
Configures the type of the job's ManifestGenerator.
Members
- S3JobManifestGenerator
-
- Type: S3JobManifestGenerator structure
The S3 job ManifestGenerator's configuration details.
JobManifestGeneratorFilter
Description
The filter used to describe a set of objects for the job's manifest.
Members
- CreatedAfter
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
If provided, the generated manifest includes only source bucket objects that were created after this time.
- CreatedBefore
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
If provided, the generated manifest includes only source bucket objects that were created before this time.
- EligibleForReplication
-
- Type: boolean
Include objects in the generated manifest only if they are eligible for replication according to the Replication configuration on the source bucket.
- KeyNameConstraint
-
- Type: KeyNameConstraint structure
If provided, the generated manifest includes only source bucket objects whose object keys match the string constraints specified for
MatchAnyPrefix
,MatchAnySuffix
, andMatchAnySubstring
. - MatchAnyStorageClass
-
- Type: Array of strings
If provided, the generated manifest includes only source bucket objects that are stored with the specified storage class.
- ObjectReplicationStatuses
-
- Type: Array of strings
If provided, the generated manifest includes only source bucket objects that have one of the specified Replication statuses.
- ObjectSizeGreaterThanBytes
-
- Type: long (int|float)
If provided, the generated manifest includes only source bucket objects whose file size is greater than the specified number of bytes.
- ObjectSizeLessThanBytes
-
- Type: long (int|float)
If provided, the generated manifest includes only source bucket objects whose file size is less than the specified number of bytes.
JobManifestLocation
Description
Contains the information required to locate a manifest object. Manifests can't be imported from directory buckets. For more information, see Directory buckets.
Members
- ETag
-
- Required: Yes
- Type: string
The ETag for the specified manifest object.
- ObjectArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) for a manifest object.
When you're using XML requests, you must replace special characters (such as carriage returns) in object keys with their equivalent XML entity codes. For more information, see XML-related object key constraints in the Amazon S3 User Guide.
- ObjectVersionId
-
- Type: string
The optional version ID to identify a specific version of the manifest object.
JobManifestSpec
Description
Describes the format of a manifest. If the manifest is in CSV format, also describes the columns contained within the manifest.
Members
- Fields
-
- Type: Array of strings
If the specified manifest object is in the
S3BatchOperations_CSV_20180820
format, this element describes which columns contain the required data. - Format
-
- Required: Yes
- Type: string
Indicates which of the available formats the specified manifest uses.
JobOperation
Description
The operation that you want this job to perform on every object listed in the manifest. For more information about the available operations, see Operations in the Amazon S3 User Guide.
Members
- LambdaInvoke
-
- Type: LambdaInvokeOperation structure
Directs the specified job to invoke an Lambda function on every object in the manifest.
- S3DeleteObjectTagging
-
- Type: S3DeleteObjectTaggingOperation structure
Directs the specified job to execute a DELETE Object tagging call on every object in the manifest.
This functionality is not supported by directory buckets.
- S3InitiateRestoreObject
-
- Type: S3InitiateRestoreObjectOperation structure
Directs the specified job to initiate restore requests for every archived object in the manifest.
This functionality is not supported by directory buckets.
- S3PutObjectAcl
-
- Type: S3SetObjectAclOperation structure
Directs the specified job to run a
PutObjectAcl
call on every object in the manifest.This functionality is not supported by directory buckets.
- S3PutObjectCopy
-
- Type: S3CopyObjectOperation structure
Directs the specified job to run a PUT Copy object call on every object in the manifest.
- S3PutObjectLegalHold
-
- Type: S3SetObjectLegalHoldOperation structure
Contains the configuration for an S3 Object Lock legal hold operation that an S3 Batch Operations job passes to every object to the underlying
PutObjectLegalHold
API operation. For more information, see Using S3 Object Lock legal hold with S3 Batch Operations in the Amazon S3 User Guide.This functionality is not supported by directory buckets.
- S3PutObjectRetention
-
- Type: S3SetObjectRetentionOperation structure
Contains the configuration parameters for the Object Lock retention action for an S3 Batch Operations job. Batch Operations passes every object to the underlying
PutObjectRetention
API operation. For more information, see Using S3 Object Lock retention with S3 Batch Operations in the Amazon S3 User Guide.This functionality is not supported by directory buckets.
- S3PutObjectTagging
-
- Type: S3SetObjectTaggingOperation structure
Directs the specified job to run a PUT Object tagging call on every object in the manifest.
This functionality is not supported by directory buckets.
- S3ReplicateObject
-
- Type: S3ReplicateObjectOperation structure
Directs the specified job to invoke
ReplicateObject
on every object in the job's manifest.This functionality is not supported by directory buckets.
JobProgressSummary
Description
Describes the total number of tasks that the specified job has started, the number of tasks that succeeded, and the number of tasks that failed.
Members
- NumberOfTasksFailed
-
- Type: long (int|float)
- NumberOfTasksSucceeded
-
- Type: long (int|float)
- Timers
-
- Type: JobTimers structure
The JobTimers attribute of a job's progress summary.
- TotalNumberOfTasks
-
- Type: long (int|float)
JobReport
Description
Contains the configuration parameters for a job-completion report.
Members
- Bucket
-
- Type: string
The Amazon Resource Name (ARN) for the bucket where specified job-completion report will be stored.
Directory buckets - Directory buckets aren't supported as a location for Batch Operations to store job completion reports.
- Enabled
-
- Required: Yes
- Type: boolean
Indicates whether the specified job will generate a job-completion report.
- Format
-
- Type: string
The format of the specified job-completion report.
- Prefix
-
- Type: string
An optional prefix to describe where in the specified bucket the job-completion report will be stored. Amazon S3 stores the job-completion report at
<prefix>/job-<job-id>/report.json
. - ReportScope
-
- Type: string
Indicates whether the job-completion report will include details of all tasks or only failed tasks.
JobStatusException
Description
Members
- Message
-
- Type: string
JobTimers
Description
Provides timing details for the job.
Members
- ElapsedTimeInActiveSeconds
-
- Type: long (int|float)
Indicates the elapsed time in seconds the job has been in the Active job state.
KeyNameConstraint
Description
If provided, the generated manifest includes only source bucket objects whose object keys match the string constraints specified for MatchAnyPrefix
, MatchAnySuffix
, and MatchAnySubstring
.
Members
- MatchAnyPrefix
-
- Type: Array of strings
If provided, the generated manifest includes objects where the specified string appears at the start of the object key string. Each KeyNameConstraint filter accepts an array of strings with a length of 1 string.
- MatchAnySubstring
-
- Type: Array of strings
If provided, the generated manifest includes objects where the specified string appears anywhere within the object key string. Each KeyNameConstraint filter accepts an array of strings with a length of 1 string.
- MatchAnySuffix
-
- Type: Array of strings
If provided, the generated manifest includes objects where the specified string appears at the end of the object key string. Each KeyNameConstraint filter accepts an array of strings with a length of 1 string.
LambdaInvokeOperation
Description
Contains the configuration parameters for a Lambda Invoke
operation.
Members
- FunctionArn
-
- Type: string
The Amazon Resource Name (ARN) for the Lambda function that the specified job will invoke on every object in the manifest.
- InvocationSchemaVersion
-
- Type: string
Specifies the schema version for the payload that Batch Operations sends when invoking an Lambda function. Version
1.0
is the default. Version2.0
is required when you use Batch Operations to invoke Lambda functions that act on directory buckets, or if you need to specifyUserArguments
. For more information, see Automate object processing in Amazon S3 directory buckets with S3 Batch Operations and Lambda in the Amazon Web Services Storage Blog.Ensure that your Lambda function code expects
InvocationSchemaVersion
2.0 and uses bucket name rather than bucket ARN. If theInvocationSchemaVersion
does not match what your Lambda function expects, your function might not work as expected.Directory buckets - To initiate Amazon Web Services Lambda function to perform custom actions on objects in directory buckets, you must specify
2.0
. - UserArguments
-
- Type: Associative array of custom strings keys (NonEmptyMaxLength64String) to strings
Key-value pairs that are passed in the payload that Batch Operations sends when invoking an Lambda function. You must specify
InvocationSchemaVersion
2.0 forLambdaInvoke
operations that includeUserArguments
. For more information, see Automate object processing in Amazon S3 directory buckets with S3 Batch Operations and Lambda in the Amazon Web Services Storage Blog.
LifecycleConfiguration
Description
The container for the Outposts bucket lifecycle configuration.
Members
- Rules
-
- Type: Array of LifecycleRule structures
A lifecycle rule for individual objects in an Outposts bucket.
LifecycleExpiration
Description
The container of the Outposts bucket lifecycle expiration.
Members
- Date
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
Indicates at what date the object is to be deleted. Should be in GMT ISO 8601 format.
- Days
-
- Type: int
Indicates the lifetime, in days, of the objects that are subject to the rule. The value must be a non-zero positive integer.
- ExpiredObjectDeleteMarker
-
- Type: boolean
Indicates whether Amazon S3 will remove a delete marker with no noncurrent versions. If set to true, the delete marker will be expired. If set to false, the policy takes no action. This cannot be specified with Days or Date in a Lifecycle Expiration Policy.
LifecycleRule
Description
The container for the Outposts bucket lifecycle rule.
Members
- AbortIncompleteMultipartUpload
-
- Type: AbortIncompleteMultipartUpload structure
Specifies the days since the initiation of an incomplete multipart upload that Amazon S3 waits before permanently removing all parts of the upload. For more information, see Aborting Incomplete Multipart Uploads Using a Bucket Lifecycle Configuration in the Amazon S3 User Guide.
- Expiration
-
- Type: LifecycleExpiration structure
Specifies the expiration for the lifecycle of the object in the form of date, days and, whether the object has a delete marker.
- Filter
-
- Type: LifecycleRuleFilter structure
The container for the filter of lifecycle rule.
- ID
-
- Type: string
Unique identifier for the rule. The value cannot be longer than 255 characters.
- NoncurrentVersionExpiration
-
- Type: NoncurrentVersionExpiration structure
The noncurrent version expiration of the lifecycle rule.
- NoncurrentVersionTransitions
-
- Type: Array of NoncurrentVersionTransition structures
Specifies the transition rule for the lifecycle rule that describes when noncurrent objects transition to a specific storage class. If your bucket is versioning-enabled (or versioning is suspended), you can set this action to request that Amazon S3 transition noncurrent object versions to a specific storage class at a set period in the object's lifetime.
This is not supported by Amazon S3 on Outposts buckets.
- Status
-
- Required: Yes
- Type: string
If 'Enabled', the rule is currently being applied. If 'Disabled', the rule is not currently being applied.
- Transitions
-
- Type: Array of Transition structures
Specifies when an Amazon S3 object transitions to a specified storage class.
This is not supported by Amazon S3 on Outposts buckets.
LifecycleRuleAndOperator
Description
The container for the Outposts bucket lifecycle rule and operator.
Members
- ObjectSizeGreaterThan
-
- Type: long (int|float)
The non-inclusive minimum object size for the lifecycle rule. Setting this property to 7 means the rule applies to objects with a size that is greater than 7.
- ObjectSizeLessThan
-
- Type: long (int|float)
The non-inclusive maximum object size for the lifecycle rule. Setting this property to 77 means the rule applies to objects with a size that is less than 77.
- Prefix
-
- Type: string
Prefix identifying one or more objects to which the rule applies.
- Tags
-
- Type: Array of S3Tag structures
All of these tags must exist in the object's tag set in order for the rule to apply.
LifecycleRuleFilter
Description
The container for the filter of the lifecycle rule.
Members
- And
-
- Type: LifecycleRuleAndOperator structure
The container for the
AND
condition for the lifecycle rule. - ObjectSizeGreaterThan
-
- Type: long (int|float)
Minimum object size to which the rule applies.
- ObjectSizeLessThan
-
- Type: long (int|float)
Maximum object size to which the rule applies.
- Prefix
-
- Type: string
Prefix identifying one or more objects to which the rule applies.
When you're using XML requests, you must replace special characters (such as carriage returns) in object keys with their equivalent XML entity codes. For more information, see XML-related object key constraints in the Amazon S3 User Guide.
- Tag
-
- Type: S3Tag structure
A container for a key-value name pair.
ListAccessGrantEntry
Description
Information about the access grant.
Members
- AccessGrantArn
-
- Type: string
The Amazon Resource Name (ARN) of the access grant.
- AccessGrantId
-
- Type: string
The ID of the access grant. S3 Access Grants auto-generates this ID when you create the access grant.
- AccessGrantsLocationConfiguration
-
- Type: AccessGrantsLocationConfiguration structure
The configuration options of the grant location. The grant location is the S3 path to the data to which you are granting access.
- AccessGrantsLocationId
-
- Type: string
The ID of the registered location to which you are granting access. S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID
default
to the default locations3://
and assigns an auto-generated ID to other locations that you register. - ApplicationArn
-
- Type: string
The Amazon Resource Name (ARN) of an Amazon Web Services IAM Identity Center application associated with your Identity Center instance. If the grant includes an application ARN, the grantee can only access the S3 data through this application.
- CreatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time when you created the S3 Access Grants instance.
- GrantScope
-
- Type: string
The S3 path of the data to which you are granting access. It is the result of appending the
Subprefix
to the location scope. - Grantee
-
- Type: Grantee structure
The user, group, or role to which you are granting access. You can grant access to an IAM user or role. If you have added your corporate directory to Amazon Web Services IAM Identity Center and associated your Identity Center instance with your S3 Access Grants instance, the grantee can also be a corporate directory user or group.
- Permission
-
- Type: string
The type of access granted to your S3 data, which can be set to one of the following values:
-
READ
– Grant read-only access to the S3 data. -
WRITE
– Grant write-only access to the S3 data. -
READWRITE
– Grant both read and write access to the S3 data.
ListAccessGrantsInstanceEntry
Description
Information about the S3 Access Grants instance.
Members
- AccessGrantsInstanceArn
-
- Type: string
The Amazon Resource Name (ARN) of the S3 Access Grants instance.
- AccessGrantsInstanceId
-
- Type: string
The ID of the S3 Access Grants instance. The ID is
default
. You can have one S3 Access Grants instance per Region per account. - CreatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time when you created the S3 Access Grants instance.
- IdentityCenterApplicationArn
-
- Type: string
If you associated your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance, this field returns the Amazon Resource Name (ARN) of the IAM Identity Center instance application; a subresource of the original Identity Center instance. S3 Access Grants creates this Identity Center application for the specific S3 Access Grants instance.
- IdentityCenterArn
-
- Type: string
If you associated your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance, this field returns the Amazon Resource Name (ARN) of the IAM Identity Center instance application; a subresource of the original Identity Center instance. S3 Access Grants creates this Identity Center application for the specific S3 Access Grants instance.
- IdentityCenterInstanceArn
-
- Type: string
The Amazon Resource Name (ARN) of the Amazon Web Services IAM Identity Center instance that you are associating with your S3 Access Grants instance. An IAM Identity Center instance is your corporate identity directory that you added to the IAM Identity Center. You can use the ListInstances API operation to retrieve a list of your Identity Center instances and their ARNs.
ListAccessGrantsLocationsEntry
Description
A container for information about the registered location.
Members
- AccessGrantsLocationArn
-
- Type: string
The Amazon Resource Name (ARN) of the registered location.
- AccessGrantsLocationId
-
- Type: string
The ID of the registered location to which you are granting access. S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID
default
to the default locations3://
and assigns an auto-generated ID to other locations that you register. - CreatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time when you registered the location.
- IAMRoleArn
-
- Type: string
The Amazon Resource Name (ARN) of the IAM role for the registered location. S3 Access Grants assumes this role to manage access to the registered location.
- LocationScope
-
- Type: string
The S3 path to the location that you are registering. The location scope can be the default S3 location
s3://
, the S3 path to a buckets3://<bucket>
, or the S3 path to a bucket and prefixs3://<bucket>/<prefix>
. A prefix in S3 is a string of characters at the beginning of an object key name used to organize the objects that you store in your S3 buckets. For example, object key names that start with theengineering/
prefix or object key names that start with themarketing/campaigns/
prefix.
ListCallerAccessGrantsEntry
Description
Part of ListCallerAccessGrantsResult
. Each entry includes the permission level (READ, WRITE, or READWRITE) and the grant scope of the access grant. If the grant also includes an application ARN, the grantee can only access the S3 data through this application.
Members
- ApplicationArn
-
- Type: string
The Amazon Resource Name (ARN) of an Amazon Web Services IAM Identity Center application associated with your Identity Center instance. If the grant includes an application ARN, the grantee can only access the S3 data through this application.
- GrantScope
-
- Type: string
The S3 path of the data to which you have been granted access.
- Permission
-
- Type: string
The type of permission granted, which can be one of the following values:
-
READ
- Grants read-only access to the S3 data. -
WRITE
- Grants write-only access to the S3 data. -
READWRITE
- Grants both read and write access to the S3 data.
ListStorageLensConfigurationEntry
Description
Part of ListStorageLensConfigurationResult
. Each entry includes the description of the S3 Storage Lens configuration, its home Region, whether it is enabled, its Amazon Resource Name (ARN), and config ID.
Members
- HomeRegion
-
- Required: Yes
- Type: string
A container for the S3 Storage Lens home Region. Your metrics data is stored and retained in your designated S3 Storage Lens home Region.
- Id
-
- Required: Yes
- Type: string
A container for the S3 Storage Lens configuration ID.
- IsEnabled
-
- Type: boolean
A container for whether the S3 Storage Lens configuration is enabled. This property is required.
- StorageLensArn
-
- Required: Yes
- Type: string
The ARN of the S3 Storage Lens configuration. This property is read-only.
ListStorageLensGroupEntry
Description
Each entry contains a Storage Lens group that exists in the specified home Region.
Members
- HomeRegion
-
- Required: Yes
- Type: string
Contains the Amazon Web Services Region where the Storage Lens group was created.
- Name
-
- Required: Yes
- Type: string
Contains the name of the Storage Lens group that exists in the specified home Region.
- StorageLensGroupArn
-
- Required: Yes
- Type: string
Contains the Amazon Resource Name (ARN) of the Storage Lens group. This property is read-only.
MatchObjectAge
Description
A filter condition that specifies the object age range of included objects in days. Only integers are supported.
Members
- DaysGreaterThan
-
- Type: int
Specifies the maximum object age in days. Must be a positive whole number, greater than the minimum object age and less than or equal to 2,147,483,647.
- DaysLessThan
-
- Type: int
Specifies the minimum object age in days. The value must be a positive whole number, greater than 0 and less than or equal to 2,147,483,647.
MatchObjectSize
Description
A filter condition that specifies the object size range of included objects in bytes. Only integers are supported.
Members
- BytesGreaterThan
-
- Type: long (int|float)
Specifies the minimum object size in Bytes. The value must be a positive number, greater than 0 and less than 5 TB.
- BytesLessThan
-
- Type: long (int|float)
Specifies the maximum object size in Bytes. The value must be a positive number, greater than the minimum object size and less than 5 TB.
Metrics
Description
A container that specifies replication metrics-related settings.
Members
- EventThreshold
-
- Type: ReplicationTimeValue structure
A container that specifies the time threshold for emitting the
s3:Replication:OperationMissedThreshold
event.This is not supported by Amazon S3 on Outposts buckets.
- Status
-
- Required: Yes
- Type: string
Specifies whether replication metrics are enabled.
MultiRegionAccessPointPolicyDocument
Description
The Multi-Region Access Point access control policy.
When you update the policy, the update is first listed as the proposed policy. After the update is finished and all Regions have been updated, the proposed policy is listed as the established policy. If both policies have the same version number, the proposed policy is the established policy.
Members
- Established
-
- Type: EstablishedMultiRegionAccessPointPolicy structure
The last established policy for the Multi-Region Access Point.
- Proposed
-
- Type: ProposedMultiRegionAccessPointPolicy structure
The proposed policy for the Multi-Region Access Point.
MultiRegionAccessPointRegionalResponse
Description
Status information for a single Multi-Region Access Point Region.
Members
- Name
-
- Type: string
The name of the Region in the Multi-Region Access Point.
- RequestStatus
-
- Type: string
The current status of the Multi-Region Access Point in this Region.
MultiRegionAccessPointReport
Description
A collection of statuses for a Multi-Region Access Point in the various Regions it supports.
Members
- Alias
-
- Type: string
The alias for the Multi-Region Access Point. For more information about the distinction between the name and the alias of an Multi-Region Access Point, see Rules for naming Amazon S3 Multi-Region Access Points.
- CreatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
When the Multi-Region Access Point create request was received.
- Name
-
- Type: string
The name of the Multi-Region Access Point.
- PublicAccessBlock
-
- Type: PublicAccessBlockConfiguration structure
The
PublicAccessBlock
configuration that you want to apply to this Amazon S3 account. You can enable the configuration options in any combination. For more information about when Amazon S3 considers a bucket or object public, see The Meaning of "Public" in the Amazon S3 User Guide.This data type is not supported for Amazon S3 on Outposts.
- Regions
-
- Type: Array of RegionReport structures
A collection of the Regions and buckets associated with the Multi-Region Access Point.
- Status
-
- Type: string
The current status of the Multi-Region Access Point.
CREATING
andDELETING
are temporary states that exist while the request is propagating and being completed. If a Multi-Region Access Point has a status ofPARTIALLY_CREATED
, you can retry creation or send a request to delete the Multi-Region Access Point. If a Multi-Region Access Point has a status ofPARTIALLY_DELETED
, you can retry a delete request to finish the deletion of the Multi-Region Access Point.
MultiRegionAccessPointRoute
Description
A structure for a Multi-Region Access Point that indicates where Amazon S3 traffic can be routed. Routes can be either active or passive. Active routes can process Amazon S3 requests through the Multi-Region Access Point, but passive routes are not eligible to process Amazon S3 requests.
Each route contains the Amazon S3 bucket name and the Amazon Web Services Region that the bucket is located in. The route also includes the TrafficDialPercentage
value, which shows whether the bucket and Region are active (indicated by a value of 100
) or passive (indicated by a value of 0
).
Members
- Bucket
-
- Type: string
The name of the Amazon S3 bucket for which you'll submit a routing configuration change. Either the
Bucket
or theRegion
value must be provided. If both are provided, the bucket must be in the specified Region. - Region
-
- Type: string
The Amazon Web Services Region to which you'll be submitting a routing configuration change. Either the
Bucket
or theRegion
value must be provided. If both are provided, the bucket must be in the specified Region. - TrafficDialPercentage
-
- Required: Yes
- Type: int
The traffic state for the specified bucket or Amazon Web Services Region.
A value of
0
indicates a passive state, which means that no new traffic will be routed to the Region.A value of
100
indicates an active state, which means that traffic will be routed to the specified Region.When the routing configuration for a Region is changed from active to passive, any in-progress operations (uploads, copies, deletes, and so on) to the formerly active Region will continue to run to until a final success or failure status is reached.
If all Regions in the routing configuration are designated as passive, you'll receive an
InvalidRequest
error.
MultiRegionAccessPointsAsyncResponse
Description
The Multi-Region Access Point details that are returned when querying about an asynchronous request.
Members
- Regions
-
- Type: Array of MultiRegionAccessPointRegionalResponse structures
A collection of status information for the different Regions that a Multi-Region Access Point supports.
NoSuchPublicAccessBlockConfiguration
Description
Amazon S3 throws this exception if you make a GetPublicAccessBlock
request against an account that doesn't have a PublicAccessBlockConfiguration
set.
Members
- Message
-
- Type: string
NoncurrentVersionExpiration
Description
The container of the noncurrent version expiration.
Members
- NewerNoncurrentVersions
-
- Type: int
Specifies how many noncurrent versions S3 on Outposts will retain. If there are this many more recent noncurrent versions, S3 on Outposts will take the associated action. For more information about noncurrent versions, see Lifecycle configuration elements in the Amazon S3 User Guide.
- NoncurrentDays
-
- Type: int
Specifies the number of days an object is noncurrent before Amazon S3 can perform the associated action. For information about the noncurrent days calculations, see How Amazon S3 Calculates When an Object Became Noncurrent in the Amazon S3 User Guide.
NoncurrentVersionTransition
Description
The container for the noncurrent version transition.
Members
- NoncurrentDays
-
- Type: int
Specifies the number of days an object is noncurrent before Amazon S3 can perform the associated action. For information about the noncurrent days calculations, see How Amazon S3 Calculates How Long an Object Has Been Noncurrent in the Amazon S3 User Guide.
- StorageClass
-
- Type: string
The class of storage used to store the object.
NotFoundException
Description
Members
- Message
-
- Type: string
ObjectLambdaAccessPoint
Description
An access point with an attached Lambda function used to access transformed data from an Amazon S3 bucket.
Members
- Alias
-
- Type: ObjectLambdaAccessPointAlias structure
The alias of the Object Lambda Access Point.
- Name
-
- Required: Yes
- Type: string
The name of the Object Lambda Access Point.
- ObjectLambdaAccessPointArn
-
- Type: string
Specifies the ARN for the Object Lambda Access Point.
ObjectLambdaAccessPointAlias
Description
The alias of an Object Lambda Access Point. For more information, see How to use a bucket-style alias for your S3 bucket Object Lambda Access Point.
Members
- Status
-
- Type: string
The status of the Object Lambda Access Point alias. If the status is
PROVISIONING
, the Object Lambda Access Point is provisioning the alias and the alias is not ready for use yet. If the status isREADY
, the Object Lambda Access Point alias is successfully provisioned and ready for use. - Value
-
- Type: string
The alias value of the Object Lambda Access Point.
ObjectLambdaConfiguration
Description
A configuration used when creating an Object Lambda Access Point.
Members
- AllowedFeatures
-
- Type: Array of strings
A container for allowed features. Valid inputs are
GetObject-Range
,GetObject-PartNumber
,HeadObject-Range
, andHeadObject-PartNumber
. - CloudWatchMetricsEnabled
-
- Type: boolean
A container for whether the CloudWatch metrics configuration is enabled.
- SupportingAccessPoint
-
- Required: Yes
- Type: string
Standard access point associated with the Object Lambda Access Point.
- TransformationConfigurations
-
- Required: Yes
- Type: Array of ObjectLambdaTransformationConfiguration structures
A container for transformation configurations for an Object Lambda Access Point.
ObjectLambdaContentTransformation
Description
A container for AwsLambdaTransformation.
Members
- AwsLambda
-
- Type: AwsLambdaTransformation structure
A container for an Lambda function.
ObjectLambdaTransformationConfiguration
Description
A configuration used when creating an Object Lambda Access Point transformation.
Members
- Actions
-
- Required: Yes
- Type: Array of strings
A container for the action of an Object Lambda Access Point configuration. Valid inputs are
GetObject
,ListObjects
,HeadObject
, andListObjectsV2
. - ContentTransformation
-
- Required: Yes
- Type: ObjectLambdaContentTransformation structure
A container for the content transformation of an Object Lambda Access Point configuration.
PolicyStatus
Description
Indicates whether this access point policy is public. For more information about how Amazon S3 evaluates policies to determine whether they are public, see The Meaning of "Public" in the Amazon S3 User Guide.
Members
- IsPublic
-
- Type: boolean
PrefixLevel
Description
A container for the prefix-level configuration.
Members
- StorageMetrics
-
- Required: Yes
- Type: PrefixLevelStorageMetrics structure
A container for the prefix-level storage metrics for S3 Storage Lens.
PrefixLevelStorageMetrics
Description
A container for the prefix-level storage metrics for S3 Storage Lens.
Members
- IsEnabled
-
- Type: boolean
A container for whether prefix-level storage metrics are enabled.
- SelectionCriteria
-
- Type: SelectionCriteria structure
ProposedMultiRegionAccessPointPolicy
Description
The proposed access control policy for the Multi-Region Access Point.
When you update the policy, the update is first listed as the proposed policy. After the update is finished and all Regions have been updated, the proposed policy is listed as the established policy. If both policies have the same version number, the proposed policy is the established policy.
Members
- Policy
-
- Type: string
The details of the proposed policy.
PublicAccessBlockConfiguration
Description
The PublicAccessBlock
configuration that you want to apply to this Amazon S3 account. You can enable the configuration options in any combination. For more information about when Amazon S3 considers a bucket or object public, see The Meaning of "Public" in the Amazon S3 User Guide.
This data type is not supported for Amazon S3 on Outposts.
Members
- BlockPublicAcls
-
- Type: boolean
Specifies whether Amazon S3 should block public access control lists (ACLs) for buckets in this account. Setting this element to
TRUE
causes the following behavior:-
PutBucketAcl
andPutObjectAcl
calls fail if the specified ACL is public. -
PUT Object calls fail if the request includes a public ACL.
-
PUT Bucket calls fail if the request includes a public ACL.
Enabling this setting doesn't affect existing policies or ACLs.
This property is not supported for Amazon S3 on Outposts.
- BlockPublicPolicy
-
- Type: boolean
Specifies whether Amazon S3 should block public bucket policies for buckets in this account. Setting this element to
TRUE
causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access.Enabling this setting doesn't affect existing bucket policies.
This property is not supported for Amazon S3 on Outposts.
- IgnorePublicAcls
-
- Type: boolean
Specifies whether Amazon S3 should ignore public ACLs for buckets in this account. Setting this element to
TRUE
causes Amazon S3 to ignore all public ACLs on buckets in this account and any objects that they contain.Enabling this setting doesn't affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set.
This property is not supported for Amazon S3 on Outposts.
- RestrictPublicBuckets
-
- Type: boolean
Specifies whether Amazon S3 should restrict public bucket policies for buckets in this account. Setting this element to
TRUE
restricts access to buckets with public policies to only Amazon Web Services service principals and authorized users within this account.Enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked.
This property is not supported for Amazon S3 on Outposts.
PutAccessGrantsInstanceResourcePolicyRequest
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the S3 Access Grants instance.
- Organization
-
- Type: string
The Organization of the resource policy of the S3 Access Grants instance.
- Policy
-
- Required: Yes
- Type: string
The resource policy of the S3 Access Grants instance that you are updating.
PutAccessPointConfigurationForObjectLambdaRequest
Members
- AccountId
-
- Required: Yes
- Type: string
The account ID for the account that owns the specified Object Lambda Access Point.
- Configuration
-
- Required: Yes
- Type: ObjectLambdaConfiguration structure
Object Lambda Access Point configuration document.
- Name
-
- Required: Yes
- Type: string
The name of the Object Lambda Access Point.
PutAccessPointPolicyForObjectLambdaRequest
Members
- AccountId
-
- Required: Yes
- Type: string
The account ID for the account that owns the specified Object Lambda Access Point.
- Name
-
- Required: Yes
- Type: string
The name of the Object Lambda Access Point.
- Policy
-
- Required: Yes
- Type: string
Object Lambda Access Point resource policy document.
PutAccessPointPolicyRequest
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID for owner of the bucket associated with the specified access point.
- Name
-
- Required: Yes
- Type: string
The name of the access point that you want to associate with the specified policy.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the access point accessed in the format
arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/accesspoint/<my-accesspoint-name>
. For example, to access the access pointreports-ap
through Outpostmy-outpost
owned by account123456789012
in Regionus-west-2
, use the URL encoding ofarn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap
. The value must be URL encoded. - Policy
-
- Required: Yes
- Type: string
The policy that you want to apply to the specified access point. For more information about access point policies, see Managing data access with Amazon S3 access points in the Amazon S3 User Guide.
PutBucketPolicyRequest
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the Outposts bucket.
- Bucket
-
- Required: Yes
- Type: string
Specifies the bucket.
For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format
arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>
. For example, to access the bucketreports
through Outpostmy-outpost
owned by account123456789012
in Regionus-west-2
, use the URL encoding ofarn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports
. The value must be URL encoded. - ConfirmRemoveSelfBucketAccess
-
- Type: boolean
Set this parameter to true to confirm that you want to remove your permissions to change this bucket policy in the future.
This is not supported by Amazon S3 on Outposts buckets.
- Policy
-
- Required: Yes
- Type: string
The bucket policy as a JSON document.
PutJobTaggingRequest
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID associated with the S3 Batch Operations job.
- JobId
-
- Required: Yes
- Type: string
The ID for the S3 Batch Operations job whose tags you want to replace.
- Tags
-
- Required: Yes
- Type: Array of S3Tag structures
The set of tags to associate with the S3 Batch Operations job.
PutMultiRegionAccessPointPolicyInput
Description
A container for the information associated with a PutMultiRegionAccessPoint request.
Members
- Name
-
- Required: Yes
- Type: string
The name of the Multi-Region Access Point associated with the request.
- Policy
-
- Required: Yes
- Type: string
The policy details for the
PutMultiRegionAccessPoint
request.
PutMultiRegionAccessPointPolicyRequest
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID for the owner of the Multi-Region Access Point.
- ClientToken
-
- Required: Yes
- Type: string
An idempotency token used to identify the request and guarantee that requests are unique.
- Details
-
- Required: Yes
- Type: PutMultiRegionAccessPointPolicyInput structure
A container element containing the details of the policy for the Multi-Region Access Point.
PutStorageLensConfigurationRequest
Members
- AccountId
-
- Required: Yes
- Type: string
The account ID of the requester.
- ConfigId
-
- Required: Yes
- Type: string
The ID of the S3 Storage Lens configuration.
- StorageLensConfiguration
-
- Required: Yes
- Type: StorageLensConfiguration structure
The S3 Storage Lens configuration.
- Tags
-
- Type: Array of StorageLensTag structures
The tag set of the S3 Storage Lens configuration.
You can set up to a maximum of 50 tags.
PutStorageLensConfigurationTaggingRequest
Members
- AccountId
-
- Required: Yes
- Type: string
The account ID of the requester.
- ConfigId
-
- Required: Yes
- Type: string
The ID of the S3 Storage Lens configuration.
- Tags
-
- Required: Yes
- Type: Array of StorageLensTag structures
The tag set of the S3 Storage Lens configuration.
You can set up to a maximum of 50 tags.
Region
Description
A Region that supports a Multi-Region Access Point as well as the associated bucket for the Region.
Members
- Bucket
-
- Required: Yes
- Type: string
The name of the associated bucket for the Region.
- BucketAccountId
-
- Type: string
The Amazon Web Services account ID that owns the Amazon S3 bucket that's associated with this Multi-Region Access Point.
RegionReport
Description
A combination of a bucket and Region that's part of a Multi-Region Access Point.
Members
- Bucket
-
- Type: string
The name of the bucket.
- BucketAccountId
-
- Type: string
The Amazon Web Services account ID that owns the Amazon S3 bucket that's associated with this Multi-Region Access Point.
- Region
-
- Type: string
The name of the Region.
RegionalBucket
Description
The container for the regional bucket.
Members
- Bucket
-
- Required: Yes
- Type: string
- BucketArn
-
- Type: string
The Amazon Resource Name (ARN) for the regional bucket.
- CreationDate
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The creation date of the regional bucket
- OutpostId
-
- Type: string
The Outposts ID of the regional bucket.
- PublicAccessBlockEnabled
-
- Required: Yes
- Type: boolean
ReplicaModifications
Description
A filter that you can use to specify whether replica modification sync is enabled. S3 on Outposts replica modification sync can help you keep object metadata synchronized between replicas and source objects. By default, S3 on Outposts replicates metadata from the source objects to the replicas only. When replica modification sync is enabled, S3 on Outposts replicates metadata changes made to the replica copies back to the source object, making the replication bidirectional.
To replicate object metadata modifications on replicas, you can specify this element and set the Status
of this element to Enabled
.
You must enable replica modification sync on the source and destination buckets to replicate replica metadata changes between the source and the replicas.
Members
- Status
-
- Required: Yes
- Type: string
Specifies whether S3 on Outposts replicates modifications to object metadata on replicas.
ReplicationConfiguration
Description
A container for one or more replication rules. A replication configuration must have at least one rule and you can add up to 100 rules. The maximum size of a replication configuration is 128 KB.
Members
- Role
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that S3 on Outposts assumes when replicating objects. For information about S3 replication on Outposts configuration, see Setting up replication in the Amazon S3 User Guide.
- Rules
-
- Required: Yes
- Type: Array of ReplicationRule structures
A container for one or more replication rules. A replication configuration must have at least one rule and can contain an array of 100 rules at the most.
ReplicationRule
Description
Specifies which S3 on Outposts objects to replicate and where to store the replicas.
Members
- Bucket
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the access point for the source Outposts bucket that you want S3 on Outposts to replicate the objects from.
- DeleteMarkerReplication
-
- Type: DeleteMarkerReplication structure
Specifies whether S3 on Outposts replicates delete markers. If you specify a
Filter
element in your replication configuration, you must also include aDeleteMarkerReplication
element. If yourFilter
includes aTag
element, theDeleteMarkerReplication
element'sStatus
child element must be set toDisabled
, because S3 on Outposts doesn't support replicating delete markers for tag-based rules.For more information about delete marker replication, see How delete operations affect replication in the Amazon S3 User Guide.
- Destination
-
- Required: Yes
- Type: Destination structure
A container for information about the replication destination and its configurations.
- ExistingObjectReplication
-
- Type: ExistingObjectReplication structure
An optional configuration to replicate existing source bucket objects.
This is not supported by Amazon S3 on Outposts buckets.
- Filter
-
- Type: ReplicationRuleFilter structure
A filter that identifies the subset of objects to which the replication rule applies. A
Filter
element must specify exactly onePrefix
,Tag
, orAnd
child element. - ID
-
- Type: string
A unique identifier for the rule. The maximum value is 255 characters.
- Prefix
-
- Type: string
An object key name prefix that identifies the object or objects to which the rule applies. The maximum prefix length is 1,024 characters. To include all objects in an Outposts bucket, specify an empty string.
When you're using XML requests, you must replace special characters (such as carriage returns) in object keys with their equivalent XML entity codes. For more information, see XML-related object key constraints in the Amazon S3 User Guide.
- Priority
-
- Type: int
The priority indicates which rule has precedence whenever two or more replication rules conflict. S3 on Outposts attempts to replicate objects according to all replication rules. However, if there are two or more rules with the same destination Outposts bucket, then objects will be replicated according to the rule with the highest priority. The higher the number, the higher the priority.
For more information, see Creating replication rules on Outposts in the Amazon S3 User Guide.
- SourceSelectionCriteria
-
- Type: SourceSelectionCriteria structure
A container that describes additional filters for identifying the source Outposts objects that you want to replicate. You can choose to enable or disable the replication of these objects.
- Status
-
- Required: Yes
- Type: string
Specifies whether the rule is enabled.
ReplicationRuleAndOperator
Description
A container for specifying rule filters. The filters determine the subset of objects to which the rule applies. This element is required only if you specify more than one filter.
For example:
-
If you specify both a
Prefix
and aTag
filter, wrap these filters in anAnd
element. -
If you specify a filter based on multiple tags, wrap the
Tag
elements in anAnd
element.
Members
- Prefix
-
- Type: string
An object key name prefix that identifies the subset of objects that the rule applies to.
- Tags
-
- Type: Array of S3Tag structures
An array of tags that contain key and value pairs.
ReplicationRuleFilter
Description
A filter that identifies the subset of objects to which the replication rule applies. A Filter
element must specify exactly one Prefix
, Tag
, or And
child element.
Members
- And
-
- Type: ReplicationRuleAndOperator structure
A container for specifying rule filters. The filters determine the subset of objects that the rule applies to. This element is required only if you specify more than one filter. For example:
-
If you specify both a
Prefix
and aTag
filter, wrap these filters in anAnd
element. -
If you specify a filter based on multiple tags, wrap the
Tag
elements in anAnd
element.
- Prefix
-
- Type: string
An object key name prefix that identifies the subset of objects that the rule applies to.
When you're using XML requests, you must replace special characters (such as carriage returns) in object keys with their equivalent XML entity codes. For more information, see XML-related object key constraints in the Amazon S3 User Guide.
- Tag
-
- Type: S3Tag structure
A container for a key-value name pair.
ReplicationTime
Description
A container that specifies S3 Replication Time Control (S3 RTC) related information, including whether S3 RTC is enabled and the time when all objects and operations on objects must be replicated.
This is not supported by Amazon S3 on Outposts buckets.
Members
- Status
-
- Required: Yes
- Type: string
Specifies whether S3 Replication Time Control (S3 RTC) is enabled.
- Time
-
- Required: Yes
- Type: ReplicationTimeValue structure
A container that specifies the time by which replication should be complete for all objects and operations on objects.
ReplicationTimeValue
Description
A container that specifies the time value for S3 Replication Time Control (S3 RTC). This value is also used for the replication metrics EventThreshold
element.
This is not supported by Amazon S3 on Outposts buckets.
Members
- Minutes
-
- Type: int
Contains an integer that specifies the time period in minutes.
Valid value: 15
S3AccessControlList
Description
Members
- Grants
-
- Type: Array of S3Grant structures
- Owner
-
- Required: Yes
- Type: S3ObjectOwner structure
S3AccessControlPolicy
Description
Members
- AccessControlList
-
- Type: S3AccessControlList structure
- CannedAccessControlList
-
- Type: string
S3BucketDestination
Description
A container for the bucket where the Amazon S3 Storage Lens metrics export files are located.
Members
- AccountId
-
- Required: Yes
- Type: string
The account ID of the owner of the S3 Storage Lens metrics export bucket.
- Arn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the bucket. This property is read-only and follows the following format:
arn:aws:s3:us-east-1:example-account-id:bucket/your-destination-bucket-name
- Encryption
-
- Type: StorageLensDataExportEncryption structure
The container for the type encryption of the metrics exports in this bucket.
- Format
-
- Required: Yes
- Type: string
- OutputSchemaVersion
-
- Required: Yes
- Type: string
The schema version of the export file.
- Prefix
-
- Type: string
The prefix of the destination bucket where the metrics export will be delivered.
S3CopyObjectOperation
Description
Contains the configuration parameters for a PUT Copy object operation. S3 Batch Operations passes every object to the underlying CopyObject
API operation. For more information about the parameters for this operation, see CopyObject.
Members
- AccessControlGrants
-
- Type: Array of S3Grant structures
This functionality is not supported by directory buckets.
- BucketKeyEnabled
-
- Type: boolean
Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption with server-side encryption using Amazon Web Services KMS (SSE-KMS). Setting this header to
true
causes Amazon S3 to use an S3 Bucket Key for object encryption with SSE-KMS.Specifying this header with an Copy action doesn’t affect bucket-level settings for S3 Bucket Key.
Directory buckets - S3 Bucket Keys aren't supported, when you copy SSE-KMS encrypted objects from general purpose buckets to directory buckets, from directory buckets to general purpose buckets, or between directory buckets, through the Copy operation in Batch Operations. In this case, Amazon S3 makes a call to KMS every time a copy request is made for a KMS-encrypted object.
- CannedAccessControlList
-
- Type: string
This functionality is not supported by directory buckets.
- ChecksumAlgorithm
-
- Type: string
Indicates the algorithm that you want Amazon S3 to use to create the checksum. For more information, see Checking object integrity in the Amazon S3 User Guide.
- MetadataDirective
-
- Type: string
- ModifiedSinceConstraint
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
- NewObjectMetadata
-
- Type: S3ObjectMetadata structure
If you don't provide this parameter, Amazon S3 copies all the metadata from the original objects. If you specify an empty set, the new objects will have no tags. Otherwise, Amazon S3 assigns the supplied tags to the new objects.
- NewObjectTagging
-
- Type: Array of S3Tag structures
Specifies a list of tags to add to the destination objects after they are copied. If
NewObjectTagging
is not specified, the tags of the source objects are copied to destination objects by default.Directory buckets - Tags aren't supported by directory buckets. If your source objects have tags and your destination bucket is a directory bucket, specify an empty tag set in the
NewObjectTagging
field to prevent copying the source object tags to the directory bucket. - ObjectLockLegalHoldStatus
-
- Type: string
The legal hold status to be applied to all objects in the Batch Operations job.
This functionality is not supported by directory buckets.
- ObjectLockMode
-
- Type: string
The retention mode to be applied to all objects in the Batch Operations job.
This functionality is not supported by directory buckets.
- ObjectLockRetainUntilDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date when the applied object retention configuration expires on all objects in the Batch Operations job.
This functionality is not supported by directory buckets.
- RedirectLocation
-
- Type: string
If the destination bucket is configured as a website, specifies an optional metadata property for website redirects,
x-amz-website-redirect-location
. Allows webpage redirects if the object copy is accessed through a website endpoint.This functionality is not supported by directory buckets.
- RequesterPays
-
- Type: boolean
This functionality is not supported by directory buckets.
- SSEAwsKmsKeyId
-
- Type: string
Specifies the KMS key ID (Key ID, Key ARN, or Key Alias) to use for object encryption. If the KMS key doesn't exist in the same account that's issuing the command, you must use the full Key ARN not the Key ID.
Directory buckets - If you specify
SSEAlgorithm
withKMS
, you must specify theSSEAwsKmsKeyId
parameter with the ID (Key ID or Key ARN) of the KMS symmetric encryption customer managed key to use. Otherwise, you get an HTTP400 Bad Request
error. The key alias format of the KMS key isn't supported. To encrypt new object copies in a directory bucket with SSE-KMS, you must specify SSE-KMS as the directory bucket's default encryption configuration with a KMS key (specifically, a customer managed key). The Amazon Web Services managed key (aws/s3
) isn't supported. Your SSE-KMS configuration can only support 1 customer managed key per directory bucket for the lifetime of the bucket. After you specify a customer managed key for SSE-KMS as the bucket default encryption, you can't override the customer managed key for the bucket's SSE-KMS configuration. Then, when you specify server-side encryption settings for new object copies with SSE-KMS, you must make sure the encryption key is the same customer managed key that you specified for the directory bucket's default encryption configuration. - StorageClass
-
- Type: string
Specify the storage class for the destination objects in a
Copy
operation.Directory buckets - This functionality is not supported by directory buckets.
- TargetKeyPrefix
-
- Type: string
Specifies the folder prefix that you want the objects to be copied into. For example, to copy objects into a folder named
Folder1
in the destination bucket, set theTargetKeyPrefix
property toFolder1
. - TargetResource
-
- Type: string
Specifies the destination bucket Amazon Resource Name (ARN) for the batch copy operation.
-
General purpose buckets - For example, to copy objects to a general purpose bucket named
destinationBucket
, set theTargetResource
property toarn:aws:s3:::destinationBucket
. -
Directory buckets - For example, to copy objects to a directory bucket named
destinationBucket
in the Availability Zone; identified by the AZ IDusw2-az1
, set theTargetResource
property toarn:aws:s3express:region:account_id:/bucket/destination_bucket_base_name--usw2-az1--x-s3
.
- UnModifiedSinceConstraint
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
S3DeleteObjectTaggingOperation
Description
Contains no configuration parameters because the DELETE Object tagging (DeleteObjectTagging
) API operation accepts only the bucket name and key name as parameters, which are defined in the job's manifest.
Members
S3GeneratedManifestDescriptor
Description
Describes the specified job's generated manifest. Batch Operations jobs created with a ManifestGenerator populate details of this descriptor after execution of the ManifestGenerator.
Members
- Format
-
- Type: string
The format of the generated manifest.
- Location
-
- Type: JobManifestLocation structure
Contains the information required to locate a manifest object. Manifests can't be imported from directory buckets. For more information, see Directory buckets.
S3Grant
S3Grantee
Description
Members
- DisplayName
-
- Type: string
- Identifier
-
- Type: string
- TypeIdentifier
-
- Type: string
S3InitiateRestoreObjectOperation
Description
Contains the configuration parameters for a POST Object restore job. S3 Batch Operations passes every object to the underlying RestoreObject
API operation. For more information about the parameters for this operation, see RestoreObject.
Members
- ExpirationInDays
-
- Type: int
This argument specifies how long the S3 Glacier or S3 Glacier Deep Archive object remains available in Amazon S3. S3 Initiate Restore Object jobs that target S3 Glacier and S3 Glacier Deep Archive objects require
ExpirationInDays
set to 1 or greater.Conversely, do not set
ExpirationInDays
when creating S3 Initiate Restore Object jobs that target S3 Intelligent-Tiering Archive Access and Deep Archive Access tier objects. Objects in S3 Intelligent-Tiering archive access tiers are not subject to restore expiry, so specifyingExpirationInDays
results in restore request failure.S3 Batch Operations jobs can operate either on S3 Glacier and S3 Glacier Deep Archive storage class objects or on S3 Intelligent-Tiering Archive Access and Deep Archive Access storage tier objects, but not both types in the same job. If you need to restore objects of both types you must create separate Batch Operations jobs.
- GlacierJobTier
-
- Type: string
S3 Batch Operations supports
STANDARD
andBULK
retrieval tiers, but not theEXPEDITED
retrieval tier.
S3JobManifestGenerator
Description
The container for the service that will create the S3 manifest.
Members
- EnableManifestOutput
-
- Required: Yes
- Type: boolean
Determines whether or not to write the job's generated manifest to a bucket.
- ExpectedBucketOwner
-
- Type: string
The Amazon Web Services account ID that owns the bucket the generated manifest is written to. If provided the generated manifest bucket's owner Amazon Web Services account ID must match this value, else the job fails.
- Filter
-
- Type: JobManifestGeneratorFilter structure
Specifies rules the S3JobManifestGenerator should use to decide whether an object in the source bucket should or should not be included in the generated job manifest.
- ManifestOutputLocation
-
- Type: S3ManifestOutputLocation structure
Specifies the location the generated manifest will be written to. Manifests can't be written to directory buckets. For more information, see Directory buckets.
- SourceBucket
-
- Required: Yes
- Type: string
The ARN of the source bucket used by the ManifestGenerator.
Directory buckets - Directory buckets aren't supported as the source buckets used by
S3JobManifestGenerator
to generate the job manifest.
S3ManifestOutputLocation
Description
Location details for where the generated manifest should be written.
Members
- Bucket
-
- Required: Yes
- Type: string
The bucket ARN the generated manifest should be written to.
Directory buckets - Directory buckets aren't supported as the buckets to store the generated manifest.
- ExpectedManifestBucketOwner
-
- Type: string
The Account ID that owns the bucket the generated manifest is written to.
- ManifestEncryption
-
- Type: GeneratedManifestEncryption structure
Specifies what encryption should be used when the generated manifest objects are written.
- ManifestFormat
-
- Required: Yes
- Type: string
The format of the generated manifest.
- ManifestPrefix
-
- Type: string
Prefix identifying one or more objects to which the manifest applies.
S3ObjectLockLegalHold
Description
Whether S3 Object Lock legal hold will be applied to objects in an S3 Batch Operations job.
Members
- Status
-
- Required: Yes
- Type: string
The Object Lock legal hold status to be applied to all objects in the Batch Operations job.
S3ObjectMetadata
Description
Members
- CacheControl
-
- Type: string
- ContentDisposition
-
- Type: string
- ContentEncoding
-
- Type: string
- ContentLanguage
-
- Type: string
- ContentLength
-
- Type: long (int|float)
This member has been deprecated.
- ContentMD5
-
- Type: string
This member has been deprecated.
- ContentType
-
- Type: string
- HttpExpiresDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
- RequesterCharged
-
- Type: boolean
This member has been deprecated.
- SSEAlgorithm
-
- Type: string
The server-side encryption algorithm used when storing objects in Amazon S3.
Directory buckets - For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (
AES256
) and server-side encryption with KMS keys (SSE-KMS) (KMS
). For more information, see Protecting data with server-side encryption in the Amazon S3 User Guide. For the Copy operation in Batch Operations, see S3CopyObjectOperation. - UserMetadata
-
- Type: Associative array of custom strings keys (NonEmptyMaxLength1024String) to strings
S3ObjectOwner
Description
Members
- DisplayName
-
- Type: string
- ID
-
- Type: string
S3ReplicateObjectOperation
Description
Directs the specified job to invoke ReplicateObject
on every object in the job's manifest.
Members
S3Retention
Description
Contains the S3 Object Lock retention mode to be applied to all objects in the S3 Batch Operations job. If you don't provide Mode
and RetainUntilDate
data types in your operation, you will remove the retention from your objects. For more information, see Using S3 Object Lock retention with S3 Batch Operations in the Amazon S3 User Guide.
Members
- Mode
-
- Type: string
The Object Lock retention mode to be applied to all objects in the Batch Operations job.
- RetainUntilDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date when the applied Object Lock retention will expire on all objects set by the Batch Operations job.
S3SetObjectAclOperation
Description
Contains the configuration parameters for a PUT Object ACL operation. S3 Batch Operations passes every object to the underlying PutObjectAcl
API operation. For more information about the parameters for this operation, see PutObjectAcl.
Members
- AccessControlPolicy
-
- Type: S3AccessControlPolicy structure
S3SetObjectLegalHoldOperation
Description
Contains the configuration for an S3 Object Lock legal hold operation that an S3 Batch Operations job passes to every object to the underlying PutObjectLegalHold
API operation. For more information, see Using S3 Object Lock legal hold with S3 Batch Operations in the Amazon S3 User Guide.
This functionality is not supported by directory buckets.
Members
- LegalHold
-
- Required: Yes
- Type: S3ObjectLockLegalHold structure
Contains the Object Lock legal hold status to be applied to all objects in the Batch Operations job.
S3SetObjectRetentionOperation
Description
Contains the configuration parameters for the Object Lock retention action for an S3 Batch Operations job. Batch Operations passes every object to the underlying PutObjectRetention
API operation. For more information, see Using S3 Object Lock retention with S3 Batch Operations in the Amazon S3 User Guide.
This functionality is not supported by directory buckets.
Members
- BypassGovernanceRetention
-
- Type: boolean
Indicates if the action should be applied to objects in the Batch Operations job even if they have Object Lock
GOVERNANCE
type in place. - Retention
-
- Required: Yes
- Type: S3Retention structure
Contains the Object Lock retention mode to be applied to all objects in the Batch Operations job. For more information, see Using S3 Object Lock retention with S3 Batch Operations in the Amazon S3 User Guide.
S3SetObjectTaggingOperation
Description
Contains the configuration parameters for a PUT Object Tagging operation. S3 Batch Operations passes every object to the underlying PutObjectTagging
API operation. For more information about the parameters for this operation, see PutObjectTagging.
Members
- TagSet
-
- Type: Array of S3Tag structures
S3Tag
Description
A container for a key-value name pair.
Members
- Key
-
- Required: Yes
- Type: string
Key of the tag
- Value
-
- Required: Yes
- Type: string
Value of the tag
SSEKMS
Description
Members
- KeyId
-
- Required: Yes
- Type: string
A container for the ARN of the SSE-KMS encryption. This property is read-only and follows the following format:
arn:aws:kms:us-east-1:example-account-id:key/example-9a73-4afc-8d29-8f5900cef44e
SSEKMSEncryption
Description
Configuration for the use of SSE-KMS to encrypt generated manifest objects.
Members
- KeyId
-
- Required: Yes
- Type: string
Specifies the ID of the Amazon Web Services Key Management Service (Amazon Web Services KMS) symmetric encryption customer managed key to use for encrypting generated manifest objects.
SSES3
Description
Members
SSES3Encryption
Description
Configuration for the use of SSE-S3 to encrypt generated manifest objects.
Members
SelectionCriteria
Description
Members
- Delimiter
-
- Type: string
A container for the delimiter of the selection criteria being used.
- MaxDepth
-
- Type: int
The max depth of the selection criteria
- MinStorageBytesPercentage
-
- Type: double
The minimum number of storage bytes percentage whose metrics will be selected.
You must choose a value greater than or equal to
1.0
.
SourceSelectionCriteria
Description
A container that describes additional filters for identifying the source objects that you want to replicate. You can choose to enable or disable the replication of these objects.
Members
- ReplicaModifications
-
- Type: ReplicaModifications structure
A filter that you can use to specify whether replica modification sync is enabled. S3 on Outposts replica modification sync can help you keep object metadata synchronized between replicas and source objects. By default, S3 on Outposts replicates metadata from the source objects to the replicas only. When replica modification sync is enabled, S3 on Outposts replicates metadata changes made to the replica copies back to the source object, making the replication bidirectional.
To replicate object metadata modifications on replicas, you can specify this element and set the
Status
of this element toEnabled
.You must enable replica modification sync on the source and destination buckets to replicate replica metadata changes between the source and the replicas.
- SseKmsEncryptedObjects
-
- Type: SseKmsEncryptedObjects structure
A filter that you can use to select Amazon S3 objects that are encrypted with server-side encryption by using Key Management Service (KMS) keys. If you include
SourceSelectionCriteria
in the replication configuration, this element is required.This is not supported by Amazon S3 on Outposts buckets.
SseKmsEncryptedObjects
Description
A container for filter information that you can use to select S3 objects that are encrypted with Key Management Service (KMS).
This is not supported by Amazon S3 on Outposts buckets.
Members
- Status
-
- Required: Yes
- Type: string
Specifies whether Amazon S3 replicates objects that are created with server-side encryption by using an KMS key stored in Key Management Service.
StorageLensAwsOrg
Description
The Amazon Web Services organization for your S3 Storage Lens.
Members
- Arn
-
- Required: Yes
- Type: string
A container for the Amazon Resource Name (ARN) of the Amazon Web Services organization. This property is read-only and follows the following format:
arn:aws:organizations:us-east-1:example-account-id:organization/o-ex2l495dck
StorageLensConfiguration
Description
A container for the Amazon S3 Storage Lens configuration.
Members
- AccountLevel
-
- Required: Yes
- Type: AccountLevel structure
A container for all the account-level configurations of your S3 Storage Lens configuration.
- AwsOrg
-
- Type: StorageLensAwsOrg structure
A container for the Amazon Web Services organization for this S3 Storage Lens configuration.
- DataExport
-
- Type: StorageLensDataExport structure
A container to specify the properties of your S3 Storage Lens metrics export including, the destination, schema and format.
- Exclude
-
- Type: Exclude structure
A container for what is excluded in this configuration. This container can only be valid if there is no
Include
container submitted, and it's not empty. - Id
-
- Required: Yes
- Type: string
A container for the Amazon S3 Storage Lens configuration ID.
- Include
-
- Type: Include structure
A container for what is included in this configuration. This container can only be valid if there is no
Exclude
container submitted, and it's not empty. - IsEnabled
-
- Required: Yes
- Type: boolean
A container for whether the S3 Storage Lens configuration is enabled.
- StorageLensArn
-
- Type: string
The Amazon Resource Name (ARN) of the S3 Storage Lens configuration. This property is read-only and follows the following format:
arn:aws:s3:us-east-1:example-account-id:storage-lens/your-dashboard-name
StorageLensDataExport
Description
A container to specify the properties of your S3 Storage Lens metrics export, including the destination, schema, and format.
Members
- CloudWatchMetrics
-
- Type: CloudWatchMetrics structure
A container for enabling Amazon CloudWatch publishing for S3 Storage Lens metrics.
- S3BucketDestination
-
- Type: S3BucketDestination structure
A container for the bucket where the S3 Storage Lens metrics export will be located.
This bucket must be located in the same Region as the storage lens configuration.
StorageLensDataExportEncryption
StorageLensGroup
Description
A custom grouping of objects that include filters for prefixes, suffixes, object tags, object size, or object age. You can create an S3 Storage Lens group that includes a single filter or multiple filter conditions. To specify multiple filter conditions, you use AND
or OR
logical operators.
Members
- Filter
-
- Required: Yes
- Type: StorageLensGroupFilter structure
Sets the criteria for the Storage Lens group data that is displayed. For multiple filter conditions, the
AND
orOR
logical operator is used. - Name
-
- Required: Yes
- Type: string
Contains the name of the Storage Lens group.
- StorageLensGroupArn
-
- Type: string
Contains the Amazon Resource Name (ARN) of the Storage Lens group. This property is read-only.
StorageLensGroupAndOperator
Description
A logical operator that allows multiple filter conditions to be joined for more complex comparisons of Storage Lens group data.
Members
- MatchAnyPrefix
-
- Type: Array of strings
Contains a list of prefixes. At least one prefix must be specified. Up to 10 prefixes are allowed.
- MatchAnySuffix
-
- Type: Array of strings
Contains a list of suffixes. At least one suffix must be specified. Up to 10 suffixes are allowed.
- MatchAnyTag
-
- Type: Array of S3Tag structures
Contains the list of object tags. At least one object tag must be specified. Up to 10 object tags are allowed.
- MatchObjectAge
-
- Type: MatchObjectAge structure
Contains
DaysGreaterThan
andDaysLessThan
to define the object age range (minimum and maximum number of days). - MatchObjectSize
-
- Type: MatchObjectSize structure
Contains
BytesGreaterThan
andBytesLessThan
to define the object size range (minimum and maximum number of Bytes).
StorageLensGroupFilter
Description
The filter element sets the criteria for the Storage Lens group data that is displayed. For multiple filter conditions, the AND
or OR
logical operator is used.
Members
- And
-
- Type: StorageLensGroupAndOperator structure
A logical operator that allows multiple filter conditions to be joined for more complex comparisons of Storage Lens group data. Objects must match all of the listed filter conditions that are joined by the
And
logical operator. Only one of each filter condition is allowed. - MatchAnyPrefix
-
- Type: Array of strings
Contains a list of prefixes. At least one prefix must be specified. Up to 10 prefixes are allowed.
- MatchAnySuffix
-
- Type: Array of strings
Contains a list of suffixes. At least one suffix must be specified. Up to 10 suffixes are allowed.
- MatchAnyTag
-
- Type: Array of S3Tag structures
Contains the list of S3 object tags. At least one object tag must be specified. Up to 10 object tags are allowed.
- MatchObjectAge
-
- Type: MatchObjectAge structure
Contains
DaysGreaterThan
andDaysLessThan
to define the object age range (minimum and maximum number of days). - MatchObjectSize
-
- Type: MatchObjectSize structure
Contains
BytesGreaterThan
andBytesLessThan
to define the object size range (minimum and maximum number of Bytes). - Or
-
- Type: StorageLensGroupOrOperator structure
A single logical operator that allows multiple filter conditions to be joined. Objects can match any of the listed filter conditions, which are joined by the
Or
logical operator. Only one of each filter condition is allowed.
StorageLensGroupLevel
Description
Specifies the Storage Lens groups to include in the Storage Lens group aggregation.
Members
- SelectionCriteria
-
- Type: StorageLensGroupLevelSelectionCriteria structure
Indicates which Storage Lens group ARNs to include or exclude in the Storage Lens group aggregation. If this value is left null, then all Storage Lens groups are selected.
StorageLensGroupLevelSelectionCriteria
Description
Indicates which Storage Lens group ARNs to include or exclude in the Storage Lens group aggregation. You can only attach Storage Lens groups to your Storage Lens dashboard if they're included in your Storage Lens group aggregation. If this value is left null, then all Storage Lens groups are selected.
Members
- Exclude
-
- Type: Array of strings
Indicates which Storage Lens group ARNs to exclude from the Storage Lens group aggregation.
- Include
-
- Type: Array of strings
Indicates which Storage Lens group ARNs to include in the Storage Lens group aggregation.
StorageLensGroupOrOperator
Description
A container element for specifying Or
rule conditions. The rule conditions determine the subset of objects to which the Or
rule applies. Objects can match any of the listed filter conditions, which are joined by the Or
logical operator. Only one of each filter condition is allowed.
Members
- MatchAnyPrefix
-
- Type: Array of strings
Filters objects that match any of the specified prefixes.
- MatchAnySuffix
-
- Type: Array of strings
Filters objects that match any of the specified suffixes.
- MatchAnyTag
-
- Type: Array of S3Tag structures
Filters objects that match any of the specified S3 object tags.
- MatchObjectAge
-
- Type: MatchObjectAge structure
Filters objects that match the specified object age range.
- MatchObjectSize
-
- Type: MatchObjectSize structure
Filters objects that match the specified object size range.
StorageLensTag
Description
Members
- Key
-
- Required: Yes
- Type: string
- Value
-
- Required: Yes
- Type: string
SubmitMultiRegionAccessPointRoutesRequest
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID for the owner of the Multi-Region Access Point.
- Mrap
-
- Required: Yes
- Type: string
The Multi-Region Access Point ARN.
- RouteUpdates
-
- Required: Yes
- Type: Array of MultiRegionAccessPointRoute structures
The different routes that make up the new route configuration. Active routes return a value of
100
, and passive routes return a value of0
.
Tag
Description
An Amazon Web Services resource tag that's associated with your S3 resource. You can add tags to new objects when you upload them, or you can add object tags to existing objects.
This operation is only supported for S3 Storage Lens groups and for S3 Access Grants. The tagged resource can be an S3 Storage Lens group or S3 Access Grants instance, registered location, or grant.
Members
- Key
-
- Required: Yes
- Type: string
The key of the key-value pair of a tag added to your Amazon Web Services resource. A tag key can be up to 128 Unicode characters in length and is case-sensitive. System created tags that begin with
aws:
aren’t supported. - Value
-
- Required: Yes
- Type: string
The value of the key-value pair of a tag added to your Amazon Web Services resource. A tag value can be up to 256 Unicode characters in length and is case-sensitive.
TagResourceRequest
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID that created the S3 resource that you're trying to add tags to or the requester's account ID.
- ResourceArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the S3 resource that you're trying to add tags to. The tagged resource can be an S3 Storage Lens group or S3 Access Grants instance, registered location, or grant.
- Tags
-
- Required: Yes
- Type: Array of Tag structures
The Amazon Web Services resource tags that you want to add to the specified S3 resource.
Tagging
Description
Members
- TagSet
-
- Required: Yes
- Type: Array of S3Tag structures
A collection for a set of tags.
TooManyRequestsException
Description
Members
- Message
-
- Type: string
TooManyTagsException
Description
Amazon S3 throws this exception if you have too many tags in your tag set.
Members
- Message
-
- Type: string
Transition
Description
Specifies when an object transitions to a specified storage class. For more information about Amazon S3 Lifecycle configuration rules, see Transitioning objects using Amazon S3 Lifecycle in the Amazon S3 User Guide.
Members
- Date
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
Indicates when objects are transitioned to the specified storage class. The date value must be in ISO 8601 format. The time is always midnight UTC.
- Days
-
- Type: int
Indicates the number of days after creation when objects are transitioned to the specified storage class. The value must be a positive integer.
- StorageClass
-
- Type: string
The storage class to which you want the object to transition.
UpdateAccessGrantsLocationRequest
Members
- AccessGrantsLocationId
-
- Required: Yes
- Type: string
The ID of the registered location that you are updating. S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID
default
to the default locations3://
and assigns an auto-generated ID to other locations that you register.The ID of the registered location to which you are granting access. S3 Access Grants assigned this ID when you registered the location. S3 Access Grants assigns the ID
default
to the default locations3://
and assigns an auto-generated ID to other locations that you register.If you are passing the
default
location, you cannot create an access grant for the entire default location. You must also specify a bucket or a bucket and prefix in theSubprefix
field. - AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the S3 Access Grants instance.
- IAMRoleArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the IAM role for the registered location. S3 Access Grants assumes this role to manage access to the registered location.
UpdateStorageLensGroupRequest
Members
- AccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the Storage Lens group owner.
- Name
-
- Required: Yes
- Type: string
The name of the Storage Lens group that you want to update.
- StorageLensGroup
-
- Required: Yes
- Type: StorageLensGroup structure
The JSON file that contains the Storage Lens group configuration.
VersioningConfiguration
Description
Describes the versioning state of an Amazon S3 on Outposts bucket. For more information, see PutBucketVersioning.
Members
- MFADelete
-
- Type: string
Specifies whether MFA delete is enabled or disabled in the bucket versioning configuration for the S3 on Outposts bucket.
- Status
-
- Type: string
Sets the versioning state of the S3 on Outposts bucket.
VpcConfiguration
Description
The virtual private cloud (VPC) configuration for an access point.
Members
- VpcId
-
- Required: Yes
- Type: string
If this field is specified, this access point will only allow connections from the specified VPC ID.