AWS SDK for PHP 3.x

Client: Aws\S3Control\S3ControlClient

Service ID: s3control

Version: 2018-08-20

This page describes the parameters and results for the operations of the AWS S3 Control (2018-08-20), and shows how to use the Aws\S3Control\S3ControlClient object to call the described operations. This documentation is specific to the 2018-08-20 API version of the service.

Operation Summary

Each of the following operations can be created from a client using $client->getCommand('CommandName'), where "CommandName" is the name of one of the following operations. Note: a command is a value that encapsulates an operation and the parameters used to create an HTTP request.

You can also create and send a command immediately using the magic methods available on a client object: $client->commandName(/* parameters */). You can send the command asynchronously (returning a promise) by appending the word "Async" to the operation name: $client->commandNameAsync(/* parameters */).

AssociateAccessGrantsIdentityCenter ( array $params = [] ): Associate your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance.
CreateAccessGrant ( array $params = [] ): Creates an access grant that gives a grantee access to your S3 data.
CreateAccessGrantsInstance ( array $params = [] ): Creates an S3 Access Grants instance, which serves as a logical grouping for access grants.
CreateAccessGrantsLocation ( array $params = [] ): The S3 data location that you would like to register in your S3 Access Grants instance.
CreateAccessPoint ( array $params = [] ): This operation is not supported by directory buckets.
CreateAccessPointForObjectLambda ( array $params = [] ): This operation is not supported by directory buckets.
CreateBucket ( array $params = [] ): This action creates an Amazon S3 on Outposts bucket.
CreateJob ( array $params = [] ): This operation creates an S3 Batch Operations job.
CreateMultiRegionAccessPoint ( array $params = [] ): This operation is not supported by directory buckets.
CreateStorageLensGroup ( array $params = [] ): Creates a new S3 Storage Lens group and associates it with the specified Amazon Web Services account ID.
DeleteAccessGrant ( array $params = [] ): Deletes the access grant from the S3 Access Grants instance.
DeleteAccessGrantsInstance ( array $params = [] ): Deletes your S3 Access Grants instance.
DeleteAccessGrantsInstanceResourcePolicy ( array $params = [] ): Deletes the resource policy of the S3 Access Grants instance.
DeleteAccessGrantsLocation ( array $params = [] ): Deregisters a location from your S3 Access Grants instance.
DeleteAccessPoint ( array $params = [] ): This operation is not supported by directory buckets.
DeleteAccessPointForObjectLambda ( array $params = [] ): This operation is not supported by directory buckets.
DeleteAccessPointPolicy ( array $params = [] ): This operation is not supported by directory buckets.
DeleteAccessPointPolicyForObjectLambda ( array $params = [] ): This operation is not supported by directory buckets.
DeleteBucket ( array $params = [] ): This action deletes an Amazon S3 on Outposts bucket.
DeleteBucketLifecycleConfiguration ( array $params = [] ): This action deletes an Amazon S3 on Outposts bucket's lifecycle configuration.
DeleteBucketPolicy ( array $params = [] ): This action deletes an Amazon S3 on Outposts bucket policy.
DeleteBucketReplication ( array $params = [] ): This operation deletes an Amazon S3 on Outposts bucket's replication configuration.
DeleteBucketTagging ( array $params = [] ): This action deletes an Amazon S3 on Outposts bucket's tags.
DeleteJobTagging ( array $params = [] ): Removes the entire tag set from the specified S3 Batch Operations job.
DeleteMultiRegionAccessPoint ( array $params = [] ): This operation is not supported by directory buckets.
DeletePublicAccessBlock ( array $params = [] ): This operation is not supported by directory buckets.
DeleteStorageLensConfiguration ( array $params = [] ): This operation is not supported by directory buckets.
DeleteStorageLensConfigurationTagging ( array $params = [] ): This operation is not supported by directory buckets.
DeleteStorageLensGroup ( array $params = [] ): Deletes an existing S3 Storage Lens group.
DescribeJob ( array $params = [] ): Retrieves the configuration parameters and status for a Batch Operations job.
DescribeMultiRegionAccessPointOperation ( array $params = [] ): This operation is not supported by directory buckets.
DissociateAccessGrantsIdentityCenter ( array $params = [] ): Dissociates the Amazon Web Services IAM Identity Center instance from the S3 Access Grants instance.
GetAccessGrant ( array $params = [] ): Get the details of an access grant from your S3 Access Grants instance.
GetAccessGrantsInstance ( array $params = [] ): Retrieves the S3 Access Grants instance for a Region in your account.
GetAccessGrantsInstanceForPrefix ( array $params = [] ): Retrieve the S3 Access Grants instance that contains a particular prefix.
GetAccessGrantsInstanceResourcePolicy ( array $params = [] ): Returns the resource policy of the S3 Access Grants instance.
GetAccessGrantsLocation ( array $params = [] ): Retrieves the details of a particular location registered in your S3 Access Grants instance.
GetAccessPoint ( array $params = [] ): This operation is not supported by directory buckets.
GetAccessPointConfigurationForObjectLambda ( array $params = [] ): This operation is not supported by directory buckets.
GetAccessPointForObjectLambda ( array $params = [] ): This operation is not supported by directory buckets.
GetAccessPointPolicy ( array $params = [] ): This operation is not supported by directory buckets.
GetAccessPointPolicyForObjectLambda ( array $params = [] ): This operation is not supported by directory buckets.
GetAccessPointPolicyStatus ( array $params = [] ): This operation is not supported by directory buckets.
GetAccessPointPolicyStatusForObjectLambda ( array $params = [] ): This operation is not supported by directory buckets.
GetBucket ( array $params = [] ): Gets an Amazon S3 on Outposts bucket.
GetBucketLifecycleConfiguration ( array $params = [] ): This action gets an Amazon S3 on Outposts bucket's lifecycle configuration.
GetBucketPolicy ( array $params = [] ): This action gets a bucket policy for an Amazon S3 on Outposts bucket.
GetBucketReplication ( array $params = [] ): This operation gets an Amazon S3 on Outposts bucket's replication configuration.
GetBucketTagging ( array $params = [] ): This action gets an Amazon S3 on Outposts bucket's tags.
GetBucketVersioning ( array $params = [] ): This operation returns the versioning state for S3 on Outposts buckets only.
GetDataAccess ( array $params = [] ): Returns a temporary access credential from S3 Access Grants to the grantee or client application.
GetJobTagging ( array $params = [] ): Returns the tags on an S3 Batch Operations job.
GetMultiRegionAccessPoint ( array $params = [] ): This operation is not supported by directory buckets.
GetMultiRegionAccessPointPolicy ( array $params = [] ): This operation is not supported by directory buckets.
GetMultiRegionAccessPointPolicyStatus ( array $params = [] ): This operation is not supported by directory buckets.
GetMultiRegionAccessPointRoutes ( array $params = [] ): This operation is not supported by directory buckets.
GetPublicAccessBlock ( array $params = [] ): This operation is not supported by directory buckets.
GetStorageLensConfiguration ( array $params = [] ): This operation is not supported by directory buckets.
GetStorageLensConfigurationTagging ( array $params = [] ): This operation is not supported by directory buckets.
GetStorageLensGroup ( array $params = [] ): Retrieves the Storage Lens group configuration details.
ListAccessGrants ( array $params = [] ): Returns the list of access grants in your S3 Access Grants instance.
ListAccessGrantsInstances ( array $params = [] ): Returns a list of S3 Access Grants instances.
ListAccessGrantsLocations ( array $params = [] ): Returns a list of the locations registered in your S3 Access Grants instance.
ListAccessPoints ( array $params = [] ): This operation is not supported by directory buckets.
ListAccessPointsForObjectLambda ( array $params = [] ): This operation is not supported by directory buckets.
ListCallerAccessGrants ( array $params = [] ): Returns a list of the access grants that were given to the caller using S3 Access Grants and that allow the caller to access the S3 data of the Amazon Web Services account specified in the request.
ListJobs ( array $params = [] ): Lists current S3 Batch Operations jobs as well as the jobs that have ended within the last 90 days for the Amazon Web Services account making the request.
ListMultiRegionAccessPoints ( array $params = [] ): This operation is not supported by directory buckets.
ListRegionalBuckets ( array $params = [] ): This operation is not supported by directory buckets.
ListStorageLensConfigurations ( array $params = [] ): This operation is not supported by directory buckets.
ListStorageLensGroups ( array $params = [] ): Lists all the Storage Lens groups in the specified home Region.
ListTagsForResource ( array $params = [] ): This operation allows you to list all the Amazon Web Services resource tags for a specified resource.
PutAccessGrantsInstanceResourcePolicy ( array $params = [] ): Updates the resource policy of the S3 Access Grants instance.
PutAccessPointConfigurationForObjectLambda ( array $params = [] ): This operation is not supported by directory buckets.
PutAccessPointPolicy ( array $params = [] ): This operation is not supported by directory buckets.
PutAccessPointPolicyForObjectLambda ( array $params = [] ): This operation is not supported by directory buckets.
PutBucketLifecycleConfiguration ( array $params = [] ): This action puts a lifecycle configuration to an Amazon S3 on Outposts bucket.
PutBucketPolicy ( array $params = [] ): This action puts a bucket policy to an Amazon S3 on Outposts bucket.
PutBucketReplication ( array $params = [] ): This action creates an Amazon S3 on Outposts bucket's replication configuration.
PutBucketTagging ( array $params = [] ): This action puts tags on an Amazon S3 on Outposts bucket.
PutBucketVersioning ( array $params = [] ): This operation sets the versioning state for S3 on Outposts buckets only.
PutJobTagging ( array $params = [] ): Sets the supplied tag-set on an S3 Batch Operations job.
PutMultiRegionAccessPointPolicy ( array $params = [] ): This operation is not supported by directory buckets.
PutPublicAccessBlock ( array $params = [] ): This operation is not supported by directory buckets.
PutStorageLensConfiguration ( array $params = [] ): This operation is not supported by directory buckets.
PutStorageLensConfigurationTagging ( array $params = [] ): This operation is not supported by directory buckets.
SubmitMultiRegionAccessPointRoutes ( array $params = [] ): This operation is not supported by directory buckets.
TagResource ( array $params = [] ): Creates a new Amazon Web Services resource tag or updates an existing resource tag.
UntagResource ( array $params = [] ): This operation removes the specified Amazon Web Services resource tags from an S3 resource.
UpdateAccessGrantsLocation ( array $params = [] ): Updates the IAM role of a registered location in your S3 Access Grants instance.
UpdateJobPriority ( array $params = [] ): Updates an existing S3 Batch Operations job's priority.
UpdateJobStatus ( array $params = [] ): Updates the status for the specified job.
UpdateStorageLensGroup ( array $params = [] ): Updates the existing Storage Lens group.

Paginators

Paginators handle automatically iterating over paginated API results. Paginators are associated with specific API operations, and they accept the parameters that the corresponding API operation accepts. You can get a paginator from a client class using getPaginator($paginatorName, $operationParameters). This client supports the following paginators:

ListAccessGrants
ListAccessGrantsInstances
ListAccessGrantsLocations
ListAccessPoints
ListAccessPointsForObjectLambda
ListCallerAccessGrants
ListJobs
ListMultiRegionAccessPoints
ListRegionalBuckets
ListStorageLensConfigurations
ListStorageLensGroups

Operations

AssociateAccessGrantsIdentityCenter

$result = $client->associateAccessGrantsIdentityCenter([/* ... */]);
$promise = $client->associateAccessGrantsIdentityCenterAsync([/* ... */]);

Associate your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance. Use this action if you want to create access grants for users or groups from your corporate identity directory. First, you must add your corporate identity directory to Amazon Web Services IAM Identity Center. Then, you can associate this IAM Identity Center instance with your S3 Access Grants instance.

Permissions: You must have the s3:AssociateAccessGrantsIdentityCenter permission to use this operation.
Additional Permissions: You must also have the following permissions: sso:CreateApplication, sso:PutApplicationGrant, and sso:PutApplicationAuthenticationMethod.

Parameter Syntax

$result = $client->associateAccessGrantsIdentityCenter([
    'AccountId' => '<string>', // REQUIRED
    'IdentityCenterArn' => '<string>', // REQUIRED
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID of the S3 Access Grants instance.

IdentityCenterArn

: Required: Yes
: Type: string

The Amazon Resource Name (ARN) of the Amazon Web Services IAM Identity Center instance that you are associating with your S3 Access Grants instance. An IAM Identity Center instance is your corporate identity directory that you added to the IAM Identity Center. You can use the ListInstances API operation to retrieve a list of your Identity Center instances and their ARNs.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

CreateAccessGrant

$result = $client->createAccessGrant([/* ... */]);
$promise = $client->createAccessGrantAsync([/* ... */]);

Creates an access grant that gives a grantee access to your S3 data. The grantee can be an IAM user or role or a directory user, or group. Before you can create a grant, you must have an S3 Access Grants instance in the same Region as the S3 data. You can create an S3 Access Grants instance using the CreateAccessGrantsInstance. You must also have registered at least one S3 data location in your S3 Access Grants instance using CreateAccessGrantsLocation.

Permissions

You must have the s3:CreateAccessGrant permission to use this operation.

Additional Permissions

For any directory identity - sso:DescribeInstance and sso:DescribeApplication

For directory users - identitystore:DescribeUser

For directory groups - identitystore:DescribeGroup

Parameter Syntax

$result = $client->createAccessGrant([
    'AccessGrantsLocationConfiguration' => [
        'S3SubPrefix' => '<string>',
    ],
    'AccessGrantsLocationId' => '<string>', // REQUIRED
    'AccountId' => '<string>', // REQUIRED
    'ApplicationArn' => '<string>',
    'Grantee' => [ // REQUIRED
        'GranteeIdentifier' => '<string>',
        'GranteeType' => 'DIRECTORY_USER|DIRECTORY_GROUP|IAM',
    ],
    'Permission' => 'READ|WRITE|READWRITE', // REQUIRED
    'S3PrefixType' => 'Object',
    'Tags' => [
        [
            'Key' => '<string>', // REQUIRED
            'Value' => '<string>', // REQUIRED
        ],
        // ...
    ],
]);

Parameter Details

Members

AccessGrantsLocationConfiguration

: Type: AccessGrantsLocationConfiguration structure

The configuration options of the grant location. The grant location is the S3 path to the data to which you are granting access. It contains the S3SubPrefix field. The grant scope is the result of appending the subprefix to the location scope of the registered location.

AccessGrantsLocationId

: Required: Yes
: Type: string

The ID of the registered location to which you are granting access. S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID default to the default location s3:// and assigns an auto-generated ID to other locations that you register.

If you are passing the default location, you cannot create an access grant for the entire default location. You must also specify a bucket or a bucket and prefix in the Subprefix field.

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID of the S3 Access Grants instance.

ApplicationArn

: Type: string

The Amazon Resource Name (ARN) of an Amazon Web Services IAM Identity Center application associated with your Identity Center instance. If an application ARN is included in the request to create an access grant, the grantee can only access the S3 data through this application.

Grantee

: Required: Yes
: Type: Grantee structure

The user, group, or role to which you are granting access. You can grant access to an IAM user or role. If you have added your corporate directory to Amazon Web Services IAM Identity Center and associated your Identity Center instance with your S3 Access Grants instance, the grantee can also be a corporate directory user or group.

Permission

: Required: Yes
: Type: string

The type of access that you are granting to your S3 data, which can be set to one of the following values:

READ – Grant read-only access to the S3 data.
WRITE – Grant write-only access to the S3 data.
READWRITE – Grant both read and write access to the S3 data.

S3PrefixType

: Type: string

The type of S3SubPrefix. The only possible value is Object. Pass this value if the access grant scope is an object. Do not pass this value if the access grant scope is a bucket or a bucket and a prefix.

Tags

: Type: Array of Tag structures

The Amazon Web Services resource tags that you are adding to the access grant. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources.

Result Syntax

[
    'AccessGrantArn' => '<string>',
    'AccessGrantId' => '<string>',
    'AccessGrantsLocationConfiguration' => [
        'S3SubPrefix' => '<string>',
    ],
    'AccessGrantsLocationId' => '<string>',
    'ApplicationArn' => '<string>',
    'CreatedAt' => <DateTime>,
    'GrantScope' => '<string>',
    'Grantee' => [
        'GranteeIdentifier' => '<string>',
        'GranteeType' => 'DIRECTORY_USER|DIRECTORY_GROUP|IAM',
    ],
    'Permission' => 'READ|WRITE|READWRITE',
]

Result Details

Members

AccessGrantArn

: Type: string

The Amazon Resource Name (ARN) of the access grant.

AccessGrantId

: Type: string

The ID of the access grant. S3 Access Grants auto-generates this ID when you create the access grant.

AccessGrantsLocationConfiguration

: Type: AccessGrantsLocationConfiguration structure

The configuration options of the grant location. The grant location is the S3 path to the data to which you are granting access.

AccessGrantsLocationId

: Type: string

ApplicationArn

: Type: string

The Amazon Resource Name (ARN) of an Amazon Web Services IAM Identity Center application associated with your Identity Center instance. If the grant includes an application ARN, the grantee can only access the S3 data through this application.

CreatedAt

: Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time when you created the access grant.

GrantScope

: Type: string

The S3 path of the data to which you are granting access. It is the result of appending the Subprefix to the location scope.

Grantee

: Type: Grantee structure

Permission

: Type: string

The type of access that you are granting to your S3 data, which can be set to one of the following values:

READ – Grant read-only access to the S3 data.
WRITE – Grant write-only access to the S3 data.
READWRITE – Grant both read and write access to the S3 data.

Errors

There are no errors described for this operation.

CreateAccessGrantsInstance

$result = $client->createAccessGrantsInstance([/* ... */]);
$promise = $client->createAccessGrantsInstanceAsync([/* ... */]);

Creates an S3 Access Grants instance, which serves as a logical grouping for access grants. You can create one S3 Access Grants instance per Region per account.

Permissions: You must have the s3:CreateAccessGrantsInstance permission to use this operation.
Additional Permissions: To associate an IAM Identity Center instance with your S3 Access Grants instance, you must also have the sso:DescribeInstance, sso:CreateApplication, sso:PutApplicationGrant, and sso:PutApplicationAuthenticationMethod permissions.

Parameter Syntax

$result = $client->createAccessGrantsInstance([
    'AccountId' => '<string>', // REQUIRED
    'IdentityCenterArn' => '<string>',
    'Tags' => [
        [
            'Key' => '<string>', // REQUIRED
            'Value' => '<string>', // REQUIRED
        ],
        // ...
    ],
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID of the S3 Access Grants instance.

IdentityCenterArn

: Type: string

If you would like to associate your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance, use this field to pass the Amazon Resource Name (ARN) of the Amazon Web Services IAM Identity Center instance that you are associating with your S3 Access Grants instance. An IAM Identity Center instance is your corporate identity directory that you added to the IAM Identity Center. You can use the ListInstances API operation to retrieve a list of your Identity Center instances and their ARNs.

Tags

: Type: Array of Tag structures

The Amazon Web Services resource tags that you are adding to the S3 Access Grants instance. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources.

Result Syntax

[
    'AccessGrantsInstanceArn' => '<string>',
    'AccessGrantsInstanceId' => '<string>',
    'CreatedAt' => <DateTime>,
    'IdentityCenterApplicationArn' => '<string>',
    'IdentityCenterArn' => '<string>',
    'IdentityCenterInstanceArn' => '<string>',
]

Result Details

Members

AccessGrantsInstanceArn

: Type: string

AccessGrantsInstanceId

: Type: string

The ID of the S3 Access Grants instance. The ID is default. You can have one S3 Access Grants instance per Region per account.

CreatedAt

: Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time when you created the S3 Access Grants instance.

IdentityCenterApplicationArn

: Type: string

If you associated your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance, this field returns the Amazon Resource Name (ARN) of the IAM Identity Center instance application; a subresource of the original Identity Center instance. S3 Access Grants creates this Identity Center application for the specific S3 Access Grants instance.

IdentityCenterArn

: Type: string

IdentityCenterInstanceArn

: Type: string

Errors

There are no errors described for this operation.

CreateAccessGrantsLocation

$result = $client->createAccessGrantsLocation([/* ... */]);
$promise = $client->createAccessGrantsLocationAsync([/* ... */]);

The S3 data location that you would like to register in your S3 Access Grants instance. Your S3 data must be in the same Region as your S3 Access Grants instance. The location can be one of the following:

The default S3 location s3://
A bucket - S3://<bucket-name>
A bucket and prefix - S3://<bucket-name>/<prefix>

When you register a location, you must include the IAM role that has permission to manage the S3 location that you are registering. Give S3 Access Grants permission to assume this role using a policy. S3 Access Grants assumes this role to manage access to the location and to vend temporary credentials to grantees or client applications.

Permissions: You must have the s3:CreateAccessGrantsLocation permission to use this operation.
Additional Permissions: You must also have the following permission for the specified IAM role: iam:PassRole

Parameter Syntax

$result = $client->createAccessGrantsLocation([
    'AccountId' => '<string>', // REQUIRED
    'IAMRoleArn' => '<string>', // REQUIRED
    'LocationScope' => '<string>', // REQUIRED
    'Tags' => [
        [
            'Key' => '<string>', // REQUIRED
            'Value' => '<string>', // REQUIRED
        ],
        // ...
    ],
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID of the S3 Access Grants instance.

IAMRoleArn

: Required: Yes
: Type: string

The Amazon Resource Name (ARN) of the IAM role for the registered location. S3 Access Grants assumes this role to manage access to the registered location.

LocationScope

: Required: Yes
: Type: string

The S3 path to the location that you are registering. The location scope can be the default S3 location s3://, the S3 path to a bucket s3://<bucket>, or the S3 path to a bucket and prefix s3://<bucket>/<prefix>. A prefix in S3 is a string of characters at the beginning of an object key name used to organize the objects that you store in your S3 buckets. For example, object key names that start with the engineering/ prefix or object key names that start with the marketing/campaigns/ prefix.

Tags

: Type: Array of Tag structures

The Amazon Web Services resource tags that you are adding to the S3 Access Grants location. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources.

Result Syntax

[
    'AccessGrantsLocationArn' => '<string>',
    'AccessGrantsLocationId' => '<string>',
    'CreatedAt' => <DateTime>,
    'IAMRoleArn' => '<string>',
    'LocationScope' => '<string>',
]

Result Details

Members

AccessGrantsLocationArn

: Type: string

The Amazon Resource Name (ARN) of the location you are registering.

AccessGrantsLocationId

: Type: string

CreatedAt

: Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time when you registered the location.

IAMRoleArn

: Type: string

The Amazon Resource Name (ARN) of the IAM role for the registered location. S3 Access Grants assumes this role to manage access to the registered location.

LocationScope

: Type: string

The S3 URI path to the location that you are registering. The location scope can be the default S3 location s3://, the S3 path to a bucket, or the S3 path to a bucket and prefix. A prefix in S3 is a string of characters at the beginning of an object key name used to organize the objects that you store in your S3 buckets. For example, object key names that start with the engineering/ prefix or object key names that start with the marketing/campaigns/ prefix.

Errors

There are no errors described for this operation.

CreateAccessPoint

$result = $client->createAccessPoint([/* ... */]);
$promise = $client->createAccessPointAsync([/* ... */]);

This operation is not supported by directory buckets.

Creates an access point and associates it with the specified bucket. For more information, see Managing Data Access with Amazon S3 Access Points in the Amazon S3 User Guide.

S3 on Outposts only supports VPC-style access points.

For more information, see Accessing Amazon S3 on Outposts using virtual private cloud (VPC) only access points in the Amazon S3 User Guide.

All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

The following actions are related to CreateAccessPoint:

Parameter Syntax

$result = $client->createAccessPoint([
    'AccountId' => '<string>', // REQUIRED
    'Bucket' => '<string>', // REQUIRED
    'BucketAccountId' => '<string>',
    'Name' => '<string>', // REQUIRED
    'PublicAccessBlockConfiguration' => [
        'BlockPublicAcls' => true || false,
        'BlockPublicPolicy' => true || false,
        'IgnorePublicAcls' => true || false,
        'RestrictPublicBuckets' => true || false,
    ],
    'VpcConfiguration' => [
        'VpcId' => '<string>', // REQUIRED
    ],
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID for the account that owns the specified access point.

Bucket

: Required: Yes
: Type: string

The name of the bucket that you want to associate this access point with.

For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.

BucketAccountId

: Type: string

The Amazon Web Services account ID associated with the S3 bucket associated with this access point.

For same account access point when your bucket and access point belong to the same account owner, the BucketAccountId is not required. For cross-account access point when your bucket and access point are not in the same account, the BucketAccountId is required.

Name

: Required: Yes
: Type: string

The name you want to assign to this access point.

PublicAccessBlockConfiguration

: Type: PublicAccessBlockConfiguration structure

The PublicAccessBlock configuration that you want to apply to the access point.

VpcConfiguration

: Type: VpcConfiguration structure

If you include this field, Amazon S3 restricts access to this access point to requests from the specified virtual private cloud (VPC).

This is required for creating an access point for Amazon S3 on Outposts buckets.

Result Syntax

[
    'AccessPointArn' => '<string>',
    'Alias' => '<string>',
]

Result Details

Members

AccessPointArn

: Type: string

The ARN of the access point.

This is only supported by Amazon S3 on Outposts.

Alias

: Type: string

The name or alias of the access point.

Errors

There are no errors described for this operation.

CreateAccessPointForObjectLambda

$result = $client->createAccessPointForObjectLambda([/* ... */]);
$promise = $client->createAccessPointForObjectLambdaAsync([/* ... */]);

This operation is not supported by directory buckets.

Creates an Object Lambda Access Point. For more information, see Transforming objects with Object Lambda Access Points in the Amazon S3 User Guide.

The following actions are related to CreateAccessPointForObjectLambda:

Parameter Syntax

$result = $client->createAccessPointForObjectLambda([
    'AccountId' => '<string>', // REQUIRED
    'Configuration' => [ // REQUIRED
        'AllowedFeatures' => ['<string>', ...],
        'CloudWatchMetricsEnabled' => true || false,
        'SupportingAccessPoint' => '<string>', // REQUIRED
        'TransformationConfigurations' => [ // REQUIRED
            [
                'Actions' => ['<string>', ...], // REQUIRED
                'ContentTransformation' => [ // REQUIRED
                    'AwsLambda' => [
                        'FunctionArn' => '<string>', // REQUIRED
                        'FunctionPayload' => '<string>',
                    ],
                ],
            ],
            // ...
        ],
    ],
    'Name' => '<string>', // REQUIRED
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID for owner of the specified Object Lambda Access Point.

Configuration

: Required: Yes
: Type: ObjectLambdaConfiguration structure

Object Lambda Access Point configuration as a JSON document.

Name

: Required: Yes
: Type: string

The name you want to assign to this Object Lambda Access Point.

Result Syntax

[
    'Alias' => [
        'Status' => 'PROVISIONING|READY',
        'Value' => '<string>',
    ],
    'ObjectLambdaAccessPointArn' => '<string>',
]

Result Details

Members

Alias

: Type: ObjectLambdaAccessPointAlias structure

The alias of the Object Lambda Access Point.

ObjectLambdaAccessPointArn

: Type: string

Specifies the ARN for the Object Lambda Access Point.

Errors

There are no errors described for this operation.

CreateBucket

$result = $client->createBucket([/* ... */]);
$promise = $client->createBucketAsync([/* ... */]);

This action creates an Amazon S3 on Outposts bucket. To create an S3 bucket, see Create Bucket in the Amazon S3 API Reference.

Creates a new Outposts bucket. By creating the bucket, you become the bucket owner. To create an Outposts bucket, you must have S3 on Outposts. For more information, see Using Amazon S3 on Outposts in Amazon S3 User Guide.

Not every string is an acceptable bucket name. For information on bucket naming restrictions, see Working with Amazon S3 Buckets.

S3 on Outposts buckets support:

Tags
LifecycleConfigurations for deleting expired objects

For a complete list of restrictions and Amazon S3 feature limitations on S3 on Outposts, see Amazon S3 on Outposts Restrictions and Limitations.

For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and x-amz-outpost-id in your API request, see the Examples section.

The following actions are related to CreateBucket for Amazon S3 on Outposts:

Parameter Syntax

$result = $client->createBucket([
    'ACL' => 'private|public-read|public-read-write|authenticated-read',
    'Bucket' => '<string>', // REQUIRED
    'CreateBucketConfiguration' => [
        'LocationConstraint' => 'EU|eu-west-1|us-west-1|us-west-2|ap-south-1|ap-southeast-1|ap-southeast-2|ap-northeast-1|sa-east-1|cn-north-1|eu-central-1',
    ],
    'GrantFullControl' => '<string>',
    'GrantRead' => '<string>',
    'GrantReadACP' => '<string>',
    'GrantWrite' => '<string>',
    'GrantWriteACP' => '<string>',
    'ObjectLockEnabledForBucket' => true || false,
    'OutpostId' => '<string>',
]);

Parameter Details

Members

ACL

: Type: string

The canned ACL to apply to the bucket.

This is not supported by Amazon S3 on Outposts buckets.

Bucket

: Required: Yes
: Type: string

The name of the bucket.

CreateBucketConfiguration

: Type: CreateBucketConfiguration structure

The configuration information for the bucket.

This is not supported by Amazon S3 on Outposts buckets.

GrantFullControl

: Type: string

Allows grantee the read, write, read ACP, and write ACP permissions on the bucket.

This is not supported by Amazon S3 on Outposts buckets.

GrantRead

: Type: string

Allows grantee to list the objects in the bucket.

This is not supported by Amazon S3 on Outposts buckets.

GrantReadACP

: Type: string

Allows grantee to read the bucket ACL.

This is not supported by Amazon S3 on Outposts buckets.

GrantWrite

: Type: string

Allows grantee to create, overwrite, and delete any object in the bucket.

This is not supported by Amazon S3 on Outposts buckets.

GrantWriteACP

: Type: string

Allows grantee to write the ACL for the applicable bucket.

This is not supported by Amazon S3 on Outposts buckets.

ObjectLockEnabledForBucket

: Type: boolean

Specifies whether you want S3 Object Lock to be enabled for the new bucket.

This is not supported by Amazon S3 on Outposts buckets.

OutpostId

: Type: string

The ID of the Outposts where the bucket is being created.

This ID is required by Amazon S3 on Outposts buckets.

Result Syntax

[
    'BucketArn' => '<string>',
    'Location' => '<string>',
]

Result Details

Members

BucketArn

: Type: string

The Amazon Resource Name (ARN) of the bucket.

For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

Location

: Type: string

The location of the bucket.

Errors

BucketAlreadyExists:: The requested Outposts bucket name is not available. The bucket namespace is shared by all users of the Outposts in this Region. Select a different name and try again.
BucketAlreadyOwnedByYou:: The Outposts bucket you tried to create already exists, and you own it.

CreateJob

$result = $client->createJob([/* ... */]);
$promise = $client->createJobAsync([/* ... */]);

This operation creates an S3 Batch Operations job.

You can use S3 Batch Operations to perform large-scale batch actions on Amazon S3 objects. Batch Operations can run a single action on lists of Amazon S3 objects that you specify. For more information, see S3 Batch Operations in the Amazon S3 User Guide.

Permissions: For information about permissions required to use the Batch Operations, see Granting permissions for S3 Batch Operations in the Amazon S3 User Guide.

Related actions include:

Parameter Syntax

$result = $client->createJob([
    'AccountId' => '<string>', // REQUIRED
    'ClientRequestToken' => '<string>', // REQUIRED
    'ConfirmationRequired' => true || false,
    'Description' => '<string>',
    'Manifest' => [
        'Location' => [ // REQUIRED
            'ETag' => '<string>', // REQUIRED
            'ObjectArn' => '<string>', // REQUIRED
            'ObjectVersionId' => '<string>',
        ],
        'Spec' => [ // REQUIRED
            'Fields' => ['<string>', ...],
            'Format' => 'S3BatchOperations_CSV_20180820|S3InventoryReport_CSV_20161130', // REQUIRED
        ],
    ],
    'ManifestGenerator' => [
        'S3JobManifestGenerator' => [
            'EnableManifestOutput' => true || false, // REQUIRED
            'ExpectedBucketOwner' => '<string>',
            'Filter' => [
                'CreatedAfter' => <integer || string || DateTime>,
                'CreatedBefore' => <integer || string || DateTime>,
                'EligibleForReplication' => true || false,
                'KeyNameConstraint' => [
                    'MatchAnyPrefix' => ['<string>', ...],
                    'MatchAnySubstring' => ['<string>', ...],
                    'MatchAnySuffix' => ['<string>', ...],
                ],
                'MatchAnyStorageClass' => ['<string>', ...],
                'ObjectReplicationStatuses' => ['<string>', ...],
                'ObjectSizeGreaterThanBytes' => <integer>,
                'ObjectSizeLessThanBytes' => <integer>,
            ],
            'ManifestOutputLocation' => [
                'Bucket' => '<string>', // REQUIRED
                'ExpectedManifestBucketOwner' => '<string>',
                'ManifestEncryption' => [
                    'SSEKMS' => [
                        'KeyId' => '<string>', // REQUIRED
                    ],
                    'SSES3' => [
                    ],
                ],
                'ManifestFormat' => 'S3InventoryReport_CSV_20211130', // REQUIRED
                'ManifestPrefix' => '<string>',
            ],
            'SourceBucket' => '<string>', // REQUIRED
        ],
    ],
    'Operation' => [ // REQUIRED
        'LambdaInvoke' => [
            'FunctionArn' => '<string>',
            'InvocationSchemaVersion' => '<string>',
            'UserArguments' => ['<string>', ...],
        ],
        'S3DeleteObjectTagging' => [
        ],
        'S3InitiateRestoreObject' => [
            'ExpirationInDays' => <integer>,
            'GlacierJobTier' => 'BULK|STANDARD',
        ],
        'S3PutObjectAcl' => [
            'AccessControlPolicy' => [
                'AccessControlList' => [
                    'Grants' => [
                        [
                            'Grantee' => [
                                'DisplayName' => '<string>',
                                'Identifier' => '<string>',
                                'TypeIdentifier' => 'id|emailAddress|uri',
                            ],
                            'Permission' => 'FULL_CONTROL|READ|WRITE|READ_ACP|WRITE_ACP',
                        ],
                        // ...
                    ],
                    'Owner' => [ // REQUIRED
                        'DisplayName' => '<string>',
                        'ID' => '<string>',
                    ],
                ],
                'CannedAccessControlList' => 'private|public-read|public-read-write|aws-exec-read|authenticated-read|bucket-owner-read|bucket-owner-full-control',
            ],
        ],
        'S3PutObjectCopy' => [
            'AccessControlGrants' => [
                [
                    'Grantee' => [
                        'DisplayName' => '<string>',
                        'Identifier' => '<string>',
                        'TypeIdentifier' => 'id|emailAddress|uri',
                    ],
                    'Permission' => 'FULL_CONTROL|READ|WRITE|READ_ACP|WRITE_ACP',
                ],
                // ...
            ],
            'BucketKeyEnabled' => true || false,
            'CannedAccessControlList' => 'private|public-read|public-read-write|aws-exec-read|authenticated-read|bucket-owner-read|bucket-owner-full-control',
            'ChecksumAlgorithm' => 'CRC32|CRC32C|SHA1|SHA256',
            'MetadataDirective' => 'COPY|REPLACE',
            'ModifiedSinceConstraint' => <integer || string || DateTime>,
            'NewObjectMetadata' => [
                'CacheControl' => '<string>',
                'ContentDisposition' => '<string>',
                'ContentEncoding' => '<string>',
                'ContentLanguage' => '<string>',
                'ContentLength' => <integer>,
                'ContentMD5' => '<string>',
                'ContentType' => '<string>',
                'HttpExpiresDate' => <integer || string || DateTime>,
                'RequesterCharged' => true || false,
                'SSEAlgorithm' => 'AES256|KMS',
                'UserMetadata' => ['<string>', ...],
            ],
            'NewObjectTagging' => [
                [
                    'Key' => '<string>', // REQUIRED
                    'Value' => '<string>', // REQUIRED
                ],
                // ...
            ],
            'ObjectLockLegalHoldStatus' => 'OFF|ON',
            'ObjectLockMode' => 'COMPLIANCE|GOVERNANCE',
            'ObjectLockRetainUntilDate' => <integer || string || DateTime>,
            'RedirectLocation' => '<string>',
            'RequesterPays' => true || false,
            'SSEAwsKmsKeyId' => '<string>',
            'StorageClass' => 'STANDARD|STANDARD_IA|ONEZONE_IA|GLACIER|INTELLIGENT_TIERING|DEEP_ARCHIVE|GLACIER_IR',
            'TargetKeyPrefix' => '<string>',
            'TargetResource' => '<string>',
            'UnModifiedSinceConstraint' => <integer || string || DateTime>,
        ],
        'S3PutObjectLegalHold' => [
            'LegalHold' => [ // REQUIRED
                'Status' => 'OFF|ON', // REQUIRED
            ],
        ],
        'S3PutObjectRetention' => [
            'BypassGovernanceRetention' => true || false,
            'Retention' => [ // REQUIRED
                'Mode' => 'COMPLIANCE|GOVERNANCE',
                'RetainUntilDate' => <integer || string || DateTime>,
            ],
        ],
        'S3PutObjectTagging' => [
            'TagSet' => [
                [
                    'Key' => '<string>', // REQUIRED
                    'Value' => '<string>', // REQUIRED
                ],
                // ...
            ],
        ],
        'S3ReplicateObject' => [
        ],
    ],
    'Priority' => <integer>, // REQUIRED
    'Report' => [ // REQUIRED
        'Bucket' => '<string>',
        'Enabled' => true || false, // REQUIRED
        'Format' => 'Report_CSV_20180820',
        'Prefix' => '<string>',
        'ReportScope' => 'AllTasks|FailedTasksOnly',
    ],
    'RoleArn' => '<string>', // REQUIRED
    'Tags' => [
        [
            'Key' => '<string>', // REQUIRED
            'Value' => '<string>', // REQUIRED
        ],
        // ...
    ],
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID that creates the job.

ClientRequestToken

: Required: Yes
: Type: string

An idempotency token to ensure that you don't accidentally submit the same request twice. You can use any string up to the maximum length.

ConfirmationRequired

: Type: boolean

Indicates whether confirmation is required before Amazon S3 runs the job. Confirmation is only required for jobs created through the Amazon S3 console.

Description

: Type: string

A description for this job. You can use any string within the permitted length. Descriptions don't need to be unique and can be used for multiple jobs.

Manifest

: Type: JobManifest structure

Configuration parameters for the manifest.

ManifestGenerator

: Type: JobManifestGenerator structure

The attribute container for the ManifestGenerator details. Jobs must be created with either a manifest file or a ManifestGenerator, but not both.

Operation

: Required: Yes
: Type: JobOperation structure

The action that you want this job to perform on every object listed in the manifest. For more information about the available actions, see Operations in the Amazon S3 User Guide.

Priority

: Required: Yes
: Type: int

The numerical priority for this job. Higher numbers indicate higher priority.

Report

: Required: Yes
: Type: JobReport structure

Configuration parameters for the optional job-completion report.

RoleArn

: Required: Yes
: Type: string

The Amazon Resource Name (ARN) for the Identity and Access Management (IAM) role that Batch Operations will use to run this job's action on every object in the manifest.

Tags

: Type: Array of S3Tag structures

A set of tags to associate with the S3 Batch Operations job. This is an optional parameter.

Result Syntax

[
    'JobId' => '<string>',
]

Result Details

Members

JobId

: Type: string

The ID for this job. Amazon S3 generates this ID automatically and returns it after a successful Create Job request.

Errors

TooManyRequestsException:
BadRequestException:
IdempotencyException:
InternalServiceException:

CreateMultiRegionAccessPoint

$result = $client->createMultiRegionAccessPoint([/* ... */]);
$promise = $client->createMultiRegionAccessPointAsync([/* ... */]);

This operation is not supported by directory buckets.

Creates a Multi-Region Access Point and associates it with the specified buckets. For more information about creating Multi-Region Access Points, see Creating Multi-Region Access Points in the Amazon S3 User Guide.

This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point restrictions and limitations in the Amazon S3 User Guide.

This request is asynchronous, meaning that you might receive a response before the command has completed. When this request provides a response, it provides a token that you can use to monitor the status of the request with DescribeMultiRegionAccessPointOperation.

The following actions are related to CreateMultiRegionAccessPoint:

Parameter Syntax

$result = $client->createMultiRegionAccessPoint([
    'AccountId' => '<string>', // REQUIRED
    'ClientToken' => '<string>', // REQUIRED
    'Details' => [ // REQUIRED
        'Name' => '<string>', // REQUIRED
        'PublicAccessBlock' => [
            'BlockPublicAcls' => true || false,
            'BlockPublicPolicy' => true || false,
            'IgnorePublicAcls' => true || false,
            'RestrictPublicBuckets' => true || false,
        ],
        'Regions' => [ // REQUIRED
            [
                'Bucket' => '<string>', // REQUIRED
                'BucketAccountId' => '<string>',
            ],
            // ...
        ],
    ],
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID for the owner of the Multi-Region Access Point. The owner of the Multi-Region Access Point also must own the underlying buckets.

ClientToken

: Required: Yes
: Type: string

An idempotency token used to identify the request and guarantee that requests are unique.

Details

: Required: Yes
: Type: CreateMultiRegionAccessPointInput structure

A container element containing details about the Multi-Region Access Point.

Result Syntax

[
    'RequestTokenARN' => '<string>',
]

Result Details

Members

RequestTokenARN

: Type: string

The request token associated with the request. You can use this token with DescribeMultiRegionAccessPointOperation to determine the status of asynchronous requests.

Errors

There are no errors described for this operation.

CreateStorageLensGroup

$result = $client->createStorageLensGroup([/* ... */]);
$promise = $client->createStorageLensGroupAsync([/* ... */]);

Creates a new S3 Storage Lens group and associates it with the specified Amazon Web Services account ID. An S3 Storage Lens group is a custom grouping of objects based on prefix, suffix, object tags, object size, object age, or a combination of these filters. For each Storage Lens group that you’ve created, you can also optionally add Amazon Web Services resource tags. For more information about S3 Storage Lens groups, see Working with S3 Storage Lens groups.

To use this operation, you must have the permission to perform the s3:CreateStorageLensGroup action. If you’re trying to create a Storage Lens group with Amazon Web Services resource tags, you must also have permission to perform the s3:TagResource action. For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups.

For information about Storage Lens groups errors, see List of Amazon S3 Storage Lens error codes.

Parameter Syntax

$result = $client->createStorageLensGroup([
    'AccountId' => '<string>', // REQUIRED
    'StorageLensGroup' => [ // REQUIRED
        'Filter' => [ // REQUIRED
            'And' => [
                'MatchAnyPrefix' => ['<string>', ...],
                'MatchAnySuffix' => ['<string>', ...],
                'MatchAnyTag' => [
                    [
                        'Key' => '<string>', // REQUIRED
                        'Value' => '<string>', // REQUIRED
                    ],
                    // ...
                ],
                'MatchObjectAge' => [
                    'DaysGreaterThan' => <integer>,
                    'DaysLessThan' => <integer>,
                ],
                'MatchObjectSize' => [
                    'BytesGreaterThan' => <integer>,
                    'BytesLessThan' => <integer>,
                ],
            ],
            'MatchAnyPrefix' => ['<string>', ...],
            'MatchAnySuffix' => ['<string>', ...],
            'MatchAnyTag' => [
                [
                    'Key' => '<string>', // REQUIRED
                    'Value' => '<string>', // REQUIRED
                ],
                // ...
            ],
            'MatchObjectAge' => [
                'DaysGreaterThan' => <integer>,
                'DaysLessThan' => <integer>,
            ],
            'MatchObjectSize' => [
                'BytesGreaterThan' => <integer>,
                'BytesLessThan' => <integer>,
            ],
            'Or' => [
                'MatchAnyPrefix' => ['<string>', ...],
                'MatchAnySuffix' => ['<string>', ...],
                'MatchAnyTag' => [
                    [
                        'Key' => '<string>', // REQUIRED
                        'Value' => '<string>', // REQUIRED
                    ],
                    // ...
                ],
                'MatchObjectAge' => [
                    'DaysGreaterThan' => <integer>,
                    'DaysLessThan' => <integer>,
                ],
                'MatchObjectSize' => [
                    'BytesGreaterThan' => <integer>,
                    'BytesLessThan' => <integer>,
                ],
            ],
        ],
        'Name' => '<string>', // REQUIRED
        'StorageLensGroupArn' => '<string>',
    ],
    'Tags' => [
        [
            'Key' => '<string>', // REQUIRED
            'Value' => '<string>', // REQUIRED
        ],
        // ...
    ],
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID that the Storage Lens group is created from and associated with.

StorageLensGroup

: Required: Yes
: Type: StorageLensGroup structure

The Storage Lens group configuration.

Tags

: Type: Array of Tag structures

The Amazon Web Services resource tags that you're adding to your Storage Lens group. This parameter is optional.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

DeleteAccessGrant

$result = $client->deleteAccessGrant([/* ... */]);
$promise = $client->deleteAccessGrantAsync([/* ... */]);

Deletes the access grant from the S3 Access Grants instance. You cannot undo an access grant deletion and the grantee will no longer have access to the S3 data.

Permissions: You must have the s3:DeleteAccessGrant permission to use this operation.

Parameter Syntax

$result = $client->deleteAccessGrant([
    'AccessGrantId' => '<string>', // REQUIRED
    'AccountId' => '<string>', // REQUIRED
]);

Parameter Details

Members

AccessGrantId

: Required: Yes
: Type: string

The ID of the access grant. S3 Access Grants auto-generates this ID when you create the access grant.

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID of the S3 Access Grants instance.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

DeleteAccessGrantsInstance

$result = $client->deleteAccessGrantsInstance([/* ... */]);
$promise = $client->deleteAccessGrantsInstanceAsync([/* ... */]);

Deletes your S3 Access Grants instance. You must first delete the access grants and locations before S3 Access Grants can delete the instance. See DeleteAccessGrant and DeleteAccessGrantsLocation. If you have associated an IAM Identity Center instance with your S3 Access Grants instance, you must first dissassociate the Identity Center instance from the S3 Access Grants instance before you can delete the S3 Access Grants instance. See AssociateAccessGrantsIdentityCenter and DissociateAccessGrantsIdentityCenter.

Permissions: You must have the s3:DeleteAccessGrantsInstance permission to use this operation.

Parameter Syntax

$result = $client->deleteAccessGrantsInstance([
    'AccountId' => '<string>', // REQUIRED
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID of the S3 Access Grants instance.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

DeleteAccessGrantsInstanceResourcePolicy

$result = $client->deleteAccessGrantsInstanceResourcePolicy([/* ... */]);
$promise = $client->deleteAccessGrantsInstanceResourcePolicyAsync([/* ... */]);

Deletes the resource policy of the S3 Access Grants instance. The resource policy is used to manage cross-account access to your S3 Access Grants instance. By deleting the resource policy, you delete any cross-account permissions to your S3 Access Grants instance.

Permissions: You must have the s3:DeleteAccessGrantsInstanceResourcePolicy permission to use this operation.

Parameter Syntax

$result = $client->deleteAccessGrantsInstanceResourcePolicy([
    'AccountId' => '<string>', // REQUIRED
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID of the S3 Access Grants instance.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

DeleteAccessGrantsLocation

$result = $client->deleteAccessGrantsLocation([/* ... */]);
$promise = $client->deleteAccessGrantsLocationAsync([/* ... */]);

Deregisters a location from your S3 Access Grants instance. You can only delete a location registration from an S3 Access Grants instance if there are no grants associated with this location. See Delete a grant for information on how to delete grants. You need to have at least one registered location in your S3 Access Grants instance in order to create access grants.

Permissions: You must have the s3:DeleteAccessGrantsLocation permission to use this operation.

Parameter Syntax

$result = $client->deleteAccessGrantsLocation([
    'AccessGrantsLocationId' => '<string>', // REQUIRED
    'AccountId' => '<string>', // REQUIRED
]);

Parameter Details

Members

AccessGrantsLocationId

: Required: Yes
: Type: string

The ID of the registered location that you are deregistering from your S3 Access Grants instance. S3 Access Grants assigned this ID when you registered the location. S3 Access Grants assigns the ID default to the default location s3:// and assigns an auto-generated ID to other locations that you register.

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID of the S3 Access Grants instance.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

DeleteAccessPoint

$result = $client->deleteAccessPoint([/* ... */]);
$promise = $client->deleteAccessPointAsync([/* ... */]);

This operation is not supported by directory buckets.

Deletes the specified access point.

The following actions are related to DeleteAccessPoint:

Parameter Syntax

$result = $client->deleteAccessPoint([
    'AccountId' => '<string>', // REQUIRED
    'Name' => '<string>', // REQUIRED
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID for the account that owns the specified access point.

Name

: Required: Yes
: Type: string

The name of the access point you want to delete.

For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the access point accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/accesspoint/<my-accesspoint-name>. For example, to access the access point reports-ap through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap. The value must be URL encoded.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

DeleteAccessPointForObjectLambda

$result = $client->deleteAccessPointForObjectLambda([/* ... */]);
$promise = $client->deleteAccessPointForObjectLambdaAsync([/* ... */]);

This operation is not supported by directory buckets.

Deletes the specified Object Lambda Access Point.

The following actions are related to DeleteAccessPointForObjectLambda:

Parameter Syntax

$result = $client->deleteAccessPointForObjectLambda([
    'AccountId' => '<string>', // REQUIRED
    'Name' => '<string>', // REQUIRED
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The account ID for the account that owns the specified Object Lambda Access Point.

Name

: Required: Yes
: Type: string

The name of the access point you want to delete.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

DeleteAccessPointPolicy

$result = $client->deleteAccessPointPolicy([/* ... */]);
$promise = $client->deleteAccessPointPolicyAsync([/* ... */]);

This operation is not supported by directory buckets.

Deletes the access point policy for the specified access point.

The following actions are related to DeleteAccessPointPolicy:

Parameter Syntax

$result = $client->deleteAccessPointPolicy([
    'AccountId' => '<string>', // REQUIRED
    'Name' => '<string>', // REQUIRED
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The account ID for the account that owns the specified access point.

Name

: Required: Yes
: Type: string

The name of the access point whose policy you want to delete.

For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

DeleteAccessPointPolicyForObjectLambda

$result = $client->deleteAccessPointPolicyForObjectLambda([/* ... */]);
$promise = $client->deleteAccessPointPolicyForObjectLambdaAsync([/* ... */]);

This operation is not supported by directory buckets.

Removes the resource policy for an Object Lambda Access Point.

The following actions are related to DeleteAccessPointPolicyForObjectLambda:

Parameter Syntax

$result = $client->deleteAccessPointPolicyForObjectLambda([
    'AccountId' => '<string>', // REQUIRED
    'Name' => '<string>', // REQUIRED
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The account ID for the account that owns the specified Object Lambda Access Point.

Name

: Required: Yes
: Type: string

The name of the Object Lambda Access Point you want to delete the policy for.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

DeleteBucket

$result = $client->deleteBucket([/* ... */]);
$promise = $client->deleteBucketAsync([/* ... */]);

This action deletes an Amazon S3 on Outposts bucket. To delete an S3 bucket, see DeleteBucket in the Amazon S3 API Reference.

Deletes the Amazon S3 on Outposts bucket. All objects (including all object versions and delete markers) in the bucket must be deleted before the bucket itself can be deleted. For more information, see Using Amazon S3 on Outposts in Amazon S3 User Guide.

Related Resources

Parameter Syntax

$result = $client->deleteBucket([
    'AccountId' => '<string>', // REQUIRED
    'Bucket' => '<string>', // REQUIRED
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The account ID that owns the Outposts bucket.

Bucket

: Required: Yes
: Type: string

Specifies the bucket being deleted.

For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

DeleteBucketLifecycleConfiguration

$result = $client->deleteBucketLifecycleConfiguration([/* ... */]);
$promise = $client->deleteBucketLifecycleConfigurationAsync([/* ... */]);

This action deletes an Amazon S3 on Outposts bucket's lifecycle configuration. To delete an S3 bucket's lifecycle configuration, see DeleteBucketLifecycle in the Amazon S3 API Reference.

Deletes the lifecycle configuration from the specified Outposts bucket. Amazon S3 on Outposts removes all the lifecycle configuration rules in the lifecycle subresource associated with the bucket. Your objects never expire, and Amazon S3 on Outposts no longer automatically deletes any objects on the basis of rules contained in the deleted lifecycle configuration. For more information, see Using Amazon S3 on Outposts in Amazon S3 User Guide.

To use this operation, you must have permission to perform the s3-outposts:PutLifecycleConfiguration action. By default, the bucket owner has this permission and the Outposts bucket owner can grant this permission to others.

For more information about object expiration, see Elements to Describe Lifecycle Actions.

Related actions include:

Parameter Syntax

$result = $client->deleteBucketLifecycleConfiguration([
    'AccountId' => '<string>', // REQUIRED
    'Bucket' => '<string>', // REQUIRED
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The account ID of the lifecycle configuration to delete.

Bucket

: Required: Yes
: Type: string

Specifies the bucket.

For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

DeleteBucketPolicy

$result = $client->deleteBucketPolicy([/* ... */]);
$promise = $client->deleteBucketPolicyAsync([/* ... */]);

This action deletes an Amazon S3 on Outposts bucket policy. To delete an S3 bucket policy, see DeleteBucketPolicy in the Amazon S3 API Reference.

This implementation of the DELETE action uses the policy subresource to delete the policy of a specified Amazon S3 on Outposts bucket. If you are using an identity other than the root user of the Amazon Web Services account that owns the bucket, the calling identity must have the s3-outposts:DeleteBucketPolicy permissions on the specified Outposts bucket and belong to the bucket owner's account to use this action. For more information, see Using Amazon S3 on Outposts in Amazon S3 User Guide.

If you don't have DeleteBucketPolicy permissions, Amazon S3 returns a 403 Access Denied error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 405 Method Not Allowed error.

As a security precaution, the root user of the Amazon Web Services account that owns a bucket can always use this action, even if the policy explicitly denies the root user the ability to perform this action.

For more information about bucket policies, see Using Bucket Policies and User Policies.

The following actions are related to DeleteBucketPolicy:

Parameter Syntax

$result = $client->deleteBucketPolicy([
    'AccountId' => '<string>', // REQUIRED
    'Bucket' => '<string>', // REQUIRED
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The account ID of the Outposts bucket.

Bucket

: Required: Yes
: Type: string

Specifies the bucket.

For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

DeleteBucketReplication

$result = $client->deleteBucketReplication([/* ... */]);
$promise = $client->deleteBucketReplicationAsync([/* ... */]);

This operation deletes an Amazon S3 on Outposts bucket's replication configuration. To delete an S3 bucket's replication configuration, see DeleteBucketReplication in the Amazon S3 API Reference.

Deletes the replication configuration from the specified S3 on Outposts bucket.

To use this operation, you must have permissions to perform the s3-outposts:PutReplicationConfiguration action. The Outposts bucket owner has this permission by default and can grant it to others. For more information about permissions, see Setting up IAM with S3 on Outposts and Managing access to S3 on Outposts buckets in the Amazon S3 User Guide.

It can take a while to propagate PUT or DELETE requests for a replication configuration to all S3 on Outposts systems. Therefore, the replication configuration that's returned by a GET request soon after a PUT or DELETE request might return a more recent result than what's on the Outpost. If an Outpost is offline, the delay in updating the replication configuration on that Outpost can be significant.

For information about S3 replication on Outposts configuration, see Replicating objects for S3 on Outposts in the Amazon S3 User Guide.

The following operations are related to DeleteBucketReplication:

Parameter Syntax

$result = $client->deleteBucketReplication([
    'AccountId' => '<string>', // REQUIRED
    'Bucket' => '<string>', // REQUIRED
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID of the Outposts bucket to delete the replication configuration for.

Bucket

: Required: Yes
: Type: string

Specifies the S3 on Outposts bucket to delete the replication configuration for.

For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

DeleteBucketTagging

$result = $client->deleteBucketTagging([/* ... */]);
$promise = $client->deleteBucketTaggingAsync([/* ... */]);

This action deletes an Amazon S3 on Outposts bucket's tags. To delete an S3 bucket tags, see DeleteBucketTagging in the Amazon S3 API Reference.

Deletes the tags from the Outposts bucket. For more information, see Using Amazon S3 on Outposts in Amazon S3 User Guide.

To use this action, you must have permission to perform the PutBucketTagging action. By default, the bucket owner has this permission and can grant this permission to others.

The following actions are related to DeleteBucketTagging:

Parameter Syntax

$result = $client->deleteBucketTagging([
    'AccountId' => '<string>', // REQUIRED
    'Bucket' => '<string>', // REQUIRED
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID of the Outposts bucket tag set to be removed.

Bucket

: Required: Yes
: Type: string

The bucket ARN that has the tag set to be removed.

For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

DeleteJobTagging

$result = $client->deleteJobTagging([/* ... */]);
$promise = $client->deleteJobTaggingAsync([/* ... */]);

Removes the entire tag set from the specified S3 Batch Operations job.

Permissions: To use the DeleteJobTagging operation, you must have permission to perform the s3:DeleteJobTagging action. For more information, see Controlling access and labeling jobs using tags in the Amazon S3 User Guide.

Related actions include:

Parameter Syntax

$result = $client->deleteJobTagging([
    'AccountId' => '<string>', // REQUIRED
    'JobId' => '<string>', // REQUIRED
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID associated with the S3 Batch Operations job.

JobId

: Required: Yes
: Type: string

The ID for the S3 Batch Operations job whose tags you want to delete.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InternalServiceException:
TooManyRequestsException:
NotFoundException:

DeleteMultiRegionAccessPoint

$result = $client->deleteMultiRegionAccessPoint([/* ... */]);
$promise = $client->deleteMultiRegionAccessPointAsync([/* ... */]);

This operation is not supported by directory buckets.

Deletes a Multi-Region Access Point. This action does not delete the buckets associated with the Multi-Region Access Point, only the Multi-Region Access Point itself.

The following actions are related to DeleteMultiRegionAccessPoint:

Parameter Syntax

$result = $client->deleteMultiRegionAccessPoint([
    'AccountId' => '<string>', // REQUIRED
    'ClientToken' => '<string>', // REQUIRED
    'Details' => [ // REQUIRED
        'Name' => '<string>', // REQUIRED
    ],
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID for the owner of the Multi-Region Access Point.

ClientToken

: Required: Yes
: Type: string

An idempotency token used to identify the request and guarantee that requests are unique.

Details

: Required: Yes
: Type: DeleteMultiRegionAccessPointInput structure

A container element containing details about the Multi-Region Access Point.

Result Syntax

[
    'RequestTokenARN' => '<string>',
]

Result Details

Members

RequestTokenARN

: Type: string

The request token associated with the request. You can use this token with DescribeMultiRegionAccessPointOperation to determine the status of asynchronous requests.

Errors

There are no errors described for this operation.

DeletePublicAccessBlock

$result = $client->deletePublicAccessBlock([/* ... */]);
$promise = $client->deletePublicAccessBlockAsync([/* ... */]);

This operation is not supported by directory buckets.

Removes the PublicAccessBlock configuration for an Amazon Web Services account. For more information, see Using Amazon S3 block public access.

Related actions include:

Parameter Syntax

$result = $client->deletePublicAccessBlock([
    'AccountId' => '<string>', // REQUIRED
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The account ID for the Amazon Web Services account whose PublicAccessBlock configuration you want to remove.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

DeleteStorageLensConfiguration

$result = $client->deleteStorageLensConfiguration([/* ... */]);
$promise = $client->deleteStorageLensConfigurationAsync([/* ... */]);

This operation is not supported by directory buckets.

Deletes the Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon S3 User Guide.

To use this action, you must have permission to perform the s3:DeleteStorageLensConfiguration action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide.

Parameter Syntax

$result = $client->deleteStorageLensConfiguration([
    'AccountId' => '<string>', // REQUIRED
    'ConfigId' => '<string>', // REQUIRED
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The account ID of the requester.

ConfigId

: Required: Yes
: Type: string

The ID of the S3 Storage Lens configuration.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

DeleteStorageLensConfigurationTagging

$result = $client->deleteStorageLensConfigurationTagging([/* ... */]);
$promise = $client->deleteStorageLensConfigurationTaggingAsync([/* ... */]);

This operation is not supported by directory buckets.

Deletes the Amazon S3 Storage Lens configuration tags. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon S3 User Guide.

To use this action, you must have permission to perform the s3:DeleteStorageLensConfigurationTagging action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide.

Parameter Syntax

$result = $client->deleteStorageLensConfigurationTagging([
    'AccountId' => '<string>', // REQUIRED
    'ConfigId' => '<string>', // REQUIRED
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The account ID of the requester.

ConfigId

: Required: Yes
: Type: string

The ID of the S3 Storage Lens configuration.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

DeleteStorageLensGroup

$result = $client->deleteStorageLensGroup([/* ... */]);
$promise = $client->deleteStorageLensGroupAsync([/* ... */]);

Deletes an existing S3 Storage Lens group.

To use this operation, you must have the permission to perform the s3:DeleteStorageLensGroup action. For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups.

For information about Storage Lens groups errors, see List of Amazon S3 Storage Lens error codes.

Parameter Syntax

$result = $client->deleteStorageLensGroup([
    'AccountId' => '<string>', // REQUIRED
    'Name' => '<string>', // REQUIRED
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID used to create the Storage Lens group that you're trying to delete.

Name

: Required: Yes
: Type: string

The name of the Storage Lens group that you're trying to delete.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

DescribeJob

$result = $client->describeJob([/* ... */]);
$promise = $client->describeJobAsync([/* ... */]);

Retrieves the configuration parameters and status for a Batch Operations job. For more information, see S3 Batch Operations in the Amazon S3 User Guide.

Permissions: To use the DescribeJob operation, you must have permission to perform the s3:DescribeJob action.

Related actions include:

Parameter Syntax

$result = $client->describeJob([
    'AccountId' => '<string>', // REQUIRED
    'JobId' => '<string>', // REQUIRED
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID associated with the S3 Batch Operations job.

JobId

: Required: Yes
: Type: string

The ID for the job whose information you want to retrieve.

Result Syntax

[
    'Job' => [
        'ConfirmationRequired' => true || false,
        'CreationTime' => <DateTime>,
        'Description' => '<string>',
        'FailureReasons' => [
            [
                'FailureCode' => '<string>',
                'FailureReason' => '<string>',
            ],
            // ...
        ],
        'GeneratedManifestDescriptor' => [
            'Format' => 'S3InventoryReport_CSV_20211130',
            'Location' => [
                'ETag' => '<string>',
                'ObjectArn' => '<string>',
                'ObjectVersionId' => '<string>',
            ],
        ],
        'JobArn' => '<string>',
        'JobId' => '<string>',
        'Manifest' => [
            'Location' => [
                'ETag' => '<string>',
                'ObjectArn' => '<string>',
                'ObjectVersionId' => '<string>',
            ],
            'Spec' => [
                'Fields' => ['<string>', ...],
                'Format' => 'S3BatchOperations_CSV_20180820|S3InventoryReport_CSV_20161130',
            ],
        ],
        'ManifestGenerator' => [
            'S3JobManifestGenerator' => [
                'EnableManifestOutput' => true || false,
                'ExpectedBucketOwner' => '<string>',
                'Filter' => [
                    'CreatedAfter' => <DateTime>,
                    'CreatedBefore' => <DateTime>,
                    'EligibleForReplication' => true || false,
                    'KeyNameConstraint' => [
                        'MatchAnyPrefix' => ['<string>', ...],
                        'MatchAnySubstring' => ['<string>', ...],
                        'MatchAnySuffix' => ['<string>', ...],
                    ],
                    'MatchAnyStorageClass' => ['<string>', ...],
                    'ObjectReplicationStatuses' => ['<string>', ...],
                    'ObjectSizeGreaterThanBytes' => <integer>,
                    'ObjectSizeLessThanBytes' => <integer>,
                ],
                'ManifestOutputLocation' => [
                    'Bucket' => '<string>',
                    'ExpectedManifestBucketOwner' => '<string>',
                    'ManifestEncryption' => [
                        'SSEKMS' => [
                            'KeyId' => '<string>',
                        ],
                        'SSES3' => [
                        ],
                    ],
                    'ManifestFormat' => 'S3InventoryReport_CSV_20211130',
                    'ManifestPrefix' => '<string>',
                ],
                'SourceBucket' => '<string>',
            ],
        ],
        'Operation' => [
            'LambdaInvoke' => [
                'FunctionArn' => '<string>',
                'InvocationSchemaVersion' => '<string>',
                'UserArguments' => ['<string>', ...],
            ],
            'S3DeleteObjectTagging' => [
            ],
            'S3InitiateRestoreObject' => [
                'ExpirationInDays' => <integer>,
                'GlacierJobTier' => 'BULK|STANDARD',
            ],
            'S3PutObjectAcl' => [
                'AccessControlPolicy' => [
                    'AccessControlList' => [
                        'Grants' => [
                            [
                                'Grantee' => [
                                    'DisplayName' => '<string>',
                                    'Identifier' => '<string>',
                                    'TypeIdentifier' => 'id|emailAddress|uri',
                                ],
                                'Permission' => 'FULL_CONTROL|READ|WRITE|READ_ACP|WRITE_ACP',
                            ],
                            // ...
                        ],
                        'Owner' => [
                            'DisplayName' => '<string>',
                            'ID' => '<string>',
                        ],
                    ],
                    'CannedAccessControlList' => 'private|public-read|public-read-write|aws-exec-read|authenticated-read|bucket-owner-read|bucket-owner-full-control',
                ],
            ],
            'S3PutObjectCopy' => [
                'AccessControlGrants' => [
                    [
                        'Grantee' => [
                            'DisplayName' => '<string>',
                            'Identifier' => '<string>',
                            'TypeIdentifier' => 'id|emailAddress|uri',
                        ],
                        'Permission' => 'FULL_CONTROL|READ|WRITE|READ_ACP|WRITE_ACP',
                    ],
                    // ...
                ],
                'BucketKeyEnabled' => true || false,
                'CannedAccessControlList' => 'private|public-read|public-read-write|aws-exec-read|authenticated-read|bucket-owner-read|bucket-owner-full-control',
                'ChecksumAlgorithm' => 'CRC32|CRC32C|SHA1|SHA256',
                'MetadataDirective' => 'COPY|REPLACE',
                'ModifiedSinceConstraint' => <DateTime>,
                'NewObjectMetadata' => [
                    'CacheControl' => '<string>',
                    'ContentDisposition' => '<string>',
                    'ContentEncoding' => '<string>',
                    'ContentLanguage' => '<string>',
                    'ContentLength' => <integer>,
                    'ContentMD5' => '<string>',
                    'ContentType' => '<string>',
                    'HttpExpiresDate' => <DateTime>,
                    'RequesterCharged' => true || false,
                    'SSEAlgorithm' => 'AES256|KMS',
                    'UserMetadata' => ['<string>', ...],
                ],
                'NewObjectTagging' => [
                    [
                        'Key' => '<string>',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ObjectLockLegalHoldStatus' => 'OFF|ON',
                'ObjectLockMode' => 'COMPLIANCE|GOVERNANCE',
                'ObjectLockRetainUntilDate' => <DateTime>,
                'RedirectLocation' => '<string>',
                'RequesterPays' => true || false,
                'SSEAwsKmsKeyId' => '<string>',
                'StorageClass' => 'STANDARD|STANDARD_IA|ONEZONE_IA|GLACIER|INTELLIGENT_TIERING|DEEP_ARCHIVE|GLACIER_IR',
                'TargetKeyPrefix' => '<string>',
                'TargetResource' => '<string>',
                'UnModifiedSinceConstraint' => <DateTime>,
            ],
            'S3PutObjectLegalHold' => [
                'LegalHold' => [
                    'Status' => 'OFF|ON',
                ],
            ],
            'S3PutObjectRetention' => [
                'BypassGovernanceRetention' => true || false,
                'Retention' => [
                    'Mode' => 'COMPLIANCE|GOVERNANCE',
                    'RetainUntilDate' => <DateTime>,
                ],
            ],
            'S3PutObjectTagging' => [
                'TagSet' => [
                    [
                        'Key' => '<string>',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
            ],
            'S3ReplicateObject' => [
            ],
        ],
        'Priority' => <integer>,
        'ProgressSummary' => [
            'NumberOfTasksFailed' => <integer>,
            'NumberOfTasksSucceeded' => <integer>,
            'Timers' => [
                'ElapsedTimeInActiveSeconds' => <integer>,
            ],
            'TotalNumberOfTasks' => <integer>,
        ],
        'Report' => [
            'Bucket' => '<string>',
            'Enabled' => true || false,
            'Format' => 'Report_CSV_20180820',
            'Prefix' => '<string>',
            'ReportScope' => 'AllTasks|FailedTasksOnly',
        ],
        'RoleArn' => '<string>',
        'Status' => 'Active|Cancelled|Cancelling|Complete|Completing|Failed|Failing|New|Paused|Pausing|Preparing|Ready|Suspended',
        'StatusUpdateReason' => '<string>',
        'SuspendedCause' => '<string>',
        'SuspendedDate' => <DateTime>,
        'TerminationDate' => <DateTime>,
    ],
]

Result Details

Members

Job

: Type: JobDescriptor structure

Contains the configuration parameters and status for the job specified in the Describe Job request.

Errors

BadRequestException:
TooManyRequestsException:
NotFoundException:
InternalServiceException:

DescribeMultiRegionAccessPointOperation

$result = $client->describeMultiRegionAccessPointOperation([/* ... */]);
$promise = $client->describeMultiRegionAccessPointOperationAsync([/* ... */]);

This operation is not supported by directory buckets.

Retrieves the status of an asynchronous request to manage a Multi-Region Access Point. For more information about managing Multi-Region Access Points and how asynchronous requests work, see Using Multi-Region Access Points in the Amazon S3 User Guide.

The following actions are related to GetMultiRegionAccessPoint:

Parameter Syntax

$result = $client->describeMultiRegionAccessPointOperation([
    'AccountId' => '<string>', // REQUIRED
    'RequestTokenARN' => '<string>', // REQUIRED
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID for the owner of the Multi-Region Access Point.

RequestTokenARN

: Required: Yes
: Type: string

The request token associated with the request you want to know about. This request token is returned as part of the response when you make an asynchronous request. You provide this token to query about the status of the asynchronous action.

Result Syntax

[
    'AsyncOperation' => [
        'CreationTime' => <DateTime>,
        'Operation' => 'CreateMultiRegionAccessPoint|DeleteMultiRegionAccessPoint|PutMultiRegionAccessPointPolicy',
        'RequestParameters' => [
            'CreateMultiRegionAccessPointRequest' => [
                'Name' => '<string>',
                'PublicAccessBlock' => [
                    'BlockPublicAcls' => true || false,
                    'BlockPublicPolicy' => true || false,
                    'IgnorePublicAcls' => true || false,
                    'RestrictPublicBuckets' => true || false,
                ],
                'Regions' => [
                    [
                        'Bucket' => '<string>',
                        'BucketAccountId' => '<string>',
                    ],
                    // ...
                ],
            ],
            'DeleteMultiRegionAccessPointRequest' => [
                'Name' => '<string>',
            ],
            'PutMultiRegionAccessPointPolicyRequest' => [
                'Name' => '<string>',
                'Policy' => '<string>',
            ],
        ],
        'RequestStatus' => '<string>',
        'RequestTokenARN' => '<string>',
        'ResponseDetails' => [
            'ErrorDetails' => [
                'Code' => '<string>',
                'Message' => '<string>',
                'RequestId' => '<string>',
                'Resource' => '<string>',
            ],
            'MultiRegionAccessPointDetails' => [
                'Regions' => [
                    [
                        'Name' => '<string>',
                        'RequestStatus' => '<string>',
                    ],
                    // ...
                ],
            ],
        ],
    ],
]

Result Details

Members

AsyncOperation

: Type: AsyncOperation structure

A container element containing the details of the asynchronous operation.

Errors

There are no errors described for this operation.

DissociateAccessGrantsIdentityCenter

$result = $client->dissociateAccessGrantsIdentityCenter([/* ... */]);
$promise = $client->dissociateAccessGrantsIdentityCenterAsync([/* ... */]);

Dissociates the Amazon Web Services IAM Identity Center instance from the S3 Access Grants instance.

Permissions: You must have the s3:DissociateAccessGrantsIdentityCenter permission to use this operation.
Additional Permissions: You must have the sso:DeleteApplication permission to use this operation.

Parameter Syntax

$result = $client->dissociateAccessGrantsIdentityCenter([
    'AccountId' => '<string>', // REQUIRED
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID of the S3 Access Grants instance.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

GetAccessGrant

$result = $client->getAccessGrant([/* ... */]);
$promise = $client->getAccessGrantAsync([/* ... */]);

Get the details of an access grant from your S3 Access Grants instance.

Permissions: You must have the s3:GetAccessGrant permission to use this operation.

Parameter Syntax

$result = $client->getAccessGrant([
    'AccessGrantId' => '<string>', // REQUIRED
    'AccountId' => '<string>', // REQUIRED
]);

Parameter Details

Members

AccessGrantId

: Required: Yes
: Type: string

The ID of the access grant. S3 Access Grants auto-generates this ID when you create the access grant.

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID of the S3 Access Grants instance.

Result Syntax

[
    'AccessGrantArn' => '<string>',
    'AccessGrantId' => '<string>',
    'AccessGrantsLocationConfiguration' => [
        'S3SubPrefix' => '<string>',
    ],
    'AccessGrantsLocationId' => '<string>',
    'ApplicationArn' => '<string>',
    'CreatedAt' => <DateTime>,
    'GrantScope' => '<string>',
    'Grantee' => [
        'GranteeIdentifier' => '<string>',
        'GranteeType' => 'DIRECTORY_USER|DIRECTORY_GROUP|IAM',
    ],
    'Permission' => 'READ|WRITE|READWRITE',
]

Result Details

Members

AccessGrantArn

: Type: string

The Amazon Resource Name (ARN) of the access grant.

AccessGrantId

: Type: string

The ID of the access grant. S3 Access Grants auto-generates this ID when you create the access grant.

AccessGrantsLocationConfiguration

: Type: AccessGrantsLocationConfiguration structure

The configuration options of the grant location. The grant location is the S3 path to the data to which you are granting access.

AccessGrantsLocationId

: Type: string

ApplicationArn

: Type: string

CreatedAt

: Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time when you created the access grant.

GrantScope

: Type: string

The S3 path of the data to which you are granting access. It is the result of appending the Subprefix to the location scope.

Grantee

: Type: Grantee structure

The user, group, or role to which you are granting access. You can grant access to an IAM user or role. If you have added a corporate directory to Amazon Web Services IAM Identity Center and associated this Identity Center instance with the S3 Access Grants instance, the grantee can also be a corporate directory user or group.

Permission

: Type: string

The type of permission that was granted in the access grant. Can be one of the following values:

READ – Grant read-only access to the S3 data.
WRITE – Grant write-only access to the S3 data.
READWRITE – Grant both read and write access to the S3 data.

Errors

There are no errors described for this operation.

GetAccessGrantsInstance

$result = $client->getAccessGrantsInstance([/* ... */]);
$promise = $client->getAccessGrantsInstanceAsync([/* ... */]);

Retrieves the S3 Access Grants instance for a Region in your account.

Permissions: You must have the s3:GetAccessGrantsInstance permission to use this operation.

GetAccessGrantsInstance is not supported for cross-account access. You can only call the API from the account that owns the S3 Access Grants instance.

Parameter Syntax

$result = $client->getAccessGrantsInstance([
    'AccountId' => '<string>', // REQUIRED
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID of the S3 Access Grants instance.

Result Syntax

[
    'AccessGrantsInstanceArn' => '<string>',
    'AccessGrantsInstanceId' => '<string>',
    'CreatedAt' => <DateTime>,
    'IdentityCenterApplicationArn' => '<string>',
    'IdentityCenterArn' => '<string>',
    'IdentityCenterInstanceArn' => '<string>',
]

Result Details

Members

AccessGrantsInstanceArn

: Type: string

The Amazon Resource Name (ARN) of the S3 Access Grants instance.

AccessGrantsInstanceId

: Type: string

The ID of the S3 Access Grants instance. The ID is default. You can have one S3 Access Grants instance per Region per account.

CreatedAt

: Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time when you created the S3 Access Grants instance.

IdentityCenterApplicationArn

: Type: string

IdentityCenterArn

: Type: string

IdentityCenterInstanceArn

: Type: string

Errors

There are no errors described for this operation.

GetAccessGrantsInstanceForPrefix

$result = $client->getAccessGrantsInstanceForPrefix([/* ... */]);
$promise = $client->getAccessGrantsInstanceForPrefixAsync([/* ... */]);

Retrieve the S3 Access Grants instance that contains a particular prefix.

Permissions: You must have the s3:GetAccessGrantsInstanceForPrefix permission for the caller account to use this operation.
Additional Permissions: The prefix owner account must grant you the following permissions to their S3 Access Grants instance: s3:GetAccessGrantsInstanceForPrefix.

Parameter Syntax

$result = $client->getAccessGrantsInstanceForPrefix([
    'AccountId' => '<string>', // REQUIRED
    'S3Prefix' => '<string>', // REQUIRED
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The ID of the Amazon Web Services account that is making this request.

S3Prefix

: Required: Yes
: Type: string

The S3 prefix of the access grants that you would like to retrieve.

Result Syntax

[
    'AccessGrantsInstanceArn' => '<string>',
    'AccessGrantsInstanceId' => '<string>',
]

Result Details

Members

AccessGrantsInstanceArn

: Type: string

The Amazon Resource Name (ARN) of the S3 Access Grants instance.

AccessGrantsInstanceId

: Type: string

The ID of the S3 Access Grants instance. The ID is default. You can have one S3 Access Grants instance per Region per account.

Errors

There are no errors described for this operation.

GetAccessGrantsInstanceResourcePolicy

$result = $client->getAccessGrantsInstanceResourcePolicy([/* ... */]);
$promise = $client->getAccessGrantsInstanceResourcePolicyAsync([/* ... */]);

Returns the resource policy of the S3 Access Grants instance.

Permissions: You must have the s3:GetAccessGrantsInstanceResourcePolicy permission to use this operation.

Parameter Syntax

$result = $client->getAccessGrantsInstanceResourcePolicy([
    'AccountId' => '<string>', // REQUIRED
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID of the S3 Access Grants instance.

Result Syntax

[
    'CreatedAt' => <DateTime>,
    'Organization' => '<string>',
    'Policy' => '<string>',
]

Result Details

Members

CreatedAt

: Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time when you created the S3 Access Grants instance resource policy.

Organization

: Type: string

The Organization of the resource policy of the S3 Access Grants instance.

Policy

: Type: string

The resource policy of the S3 Access Grants instance.

Errors

There are no errors described for this operation.

GetAccessGrantsLocation

$result = $client->getAccessGrantsLocation([/* ... */]);
$promise = $client->getAccessGrantsLocationAsync([/* ... */]);

Retrieves the details of a particular location registered in your S3 Access Grants instance.

Permissions: You must have the s3:GetAccessGrantsLocation permission to use this operation.

Parameter Syntax

$result = $client->getAccessGrantsLocation([
    'AccessGrantsLocationId' => '<string>', // REQUIRED
    'AccountId' => '<string>', // REQUIRED
]);

Parameter Details

Members

AccessGrantsLocationId

: Required: Yes
: Type: string

The ID of the registered location that you are retrieving. S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID default to the default location s3:// and assigns an auto-generated ID to other locations that you register.

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID of the S3 Access Grants instance.

Result Syntax

[
    'AccessGrantsLocationArn' => '<string>',
    'AccessGrantsLocationId' => '<string>',
    'CreatedAt' => <DateTime>,
    'IAMRoleArn' => '<string>',
    'LocationScope' => '<string>',
]

Result Details

Members

AccessGrantsLocationArn

: Type: string

The Amazon Resource Name (ARN) of the registered location.

AccessGrantsLocationId

: Type: string

CreatedAt

: Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time when you registered the location.

IAMRoleArn

: Type: string

The Amazon Resource Name (ARN) of the IAM role for the registered location. S3 Access Grants assumes this role to manage access to the registered location.

LocationScope

: Type: string

The S3 URI path to the registered location. The location scope can be the default S3 location s3://, the S3 path to a bucket, or the S3 path to a bucket and prefix. A prefix in S3 is a string of characters at the beginning of an object key name used to organize the objects that you store in your S3 buckets. For example, object key names that start with the engineering/ prefix or object key names that start with the marketing/campaigns/ prefix.

Errors

There are no errors described for this operation.

GetAccessPoint

$result = $client->getAccessPoint([/* ... */]);
$promise = $client->getAccessPointAsync([/* ... */]);

This operation is not supported by directory buckets.

Returns configuration information about the specified access point.

The following actions are related to GetAccessPoint:

Parameter Syntax

$result = $client->getAccessPoint([
    'AccountId' => '<string>', // REQUIRED
    'Name' => '<string>', // REQUIRED
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID for the account that owns the specified access point.

Name

: Required: Yes
: Type: string

The name of the access point whose configuration information you want to retrieve.

For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

Result Syntax

[
    'AccessPointArn' => '<string>',
    'Alias' => '<string>',
    'Bucket' => '<string>',
    'BucketAccountId' => '<string>',
    'CreationDate' => <DateTime>,
    'Endpoints' => ['<string>', ...],
    'Name' => '<string>',
    'NetworkOrigin' => 'Internet|VPC',
    'PublicAccessBlockConfiguration' => [
        'BlockPublicAcls' => true || false,
        'BlockPublicPolicy' => true || false,
        'IgnorePublicAcls' => true || false,
        'RestrictPublicBuckets' => true || false,
    ],
    'VpcConfiguration' => [
        'VpcId' => '<string>',
    ],
]

Result Details

Members

AccessPointArn

: Type: string

The ARN of the access point.

Alias

: Type: string

The name or alias of the access point.

Bucket

: Type: string

The name of the bucket associated with the specified access point.

BucketAccountId

: Type: string

The Amazon Web Services account ID associated with the S3 bucket associated with this access point.

CreationDate

: Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time when the specified access point was created.

Endpoints

: Type: Associative array of custom strings keys (NonEmptyMaxLength64String) to strings

The VPC endpoint for the access point.

Name

: Type: string

The name of the specified access point.

NetworkOrigin

: Type: string

Indicates whether this access point allows access from the public internet. If VpcConfiguration is specified for this access point, then NetworkOrigin is VPC, and the access point doesn't allow access from the public internet. Otherwise, NetworkOrigin is Internet, and the access point allows access from the public internet, subject to the access point and bucket access policies.

This will always be true for an Amazon S3 on Outposts access point

PublicAccessBlockConfiguration

: Type: PublicAccessBlockConfiguration structure

The PublicAccessBlock configuration that you want to apply to this Amazon S3 account. You can enable the configuration options in any combination. For more information about when Amazon S3 considers a bucket or object public, see The Meaning of "Public" in the Amazon S3 User Guide.

This data type is not supported for Amazon S3 on Outposts.

VpcConfiguration

: Type: VpcConfiguration structure

Contains the virtual private cloud (VPC) configuration for the specified access point.

This element is empty if this access point is an Amazon S3 on Outposts access point that is used by other Amazon Web Services services.

Errors

There are no errors described for this operation.

GetAccessPointConfigurationForObjectLambda

$result = $client->getAccessPointConfigurationForObjectLambda([/* ... */]);
$promise = $client->getAccessPointConfigurationForObjectLambdaAsync([/* ... */]);

This operation is not supported by directory buckets.

Returns configuration for an Object Lambda Access Point.

The following actions are related to GetAccessPointConfigurationForObjectLambda:

PutAccessPointConfigurationForObjectLambda

Parameter Syntax

$result = $client->getAccessPointConfigurationForObjectLambda([
    'AccountId' => '<string>', // REQUIRED
    'Name' => '<string>', // REQUIRED
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The account ID for the account that owns the specified Object Lambda Access Point.

Name

: Required: Yes
: Type: string

The name of the Object Lambda Access Point you want to return the configuration for.

Result Syntax

[
    'Configuration' => [
        'AllowedFeatures' => ['<string>', ...],
        'CloudWatchMetricsEnabled' => true || false,
        'SupportingAccessPoint' => '<string>',
        'TransformationConfigurations' => [
            [
                'Actions' => ['<string>', ...],
                'ContentTransformation' => [
                    'AwsLambda' => [
                        'FunctionArn' => '<string>',
                        'FunctionPayload' => '<string>',
                    ],
                ],
            ],
            // ...
        ],
    ],
]

Result Details

Members

Configuration

: Type: ObjectLambdaConfiguration structure

Object Lambda Access Point configuration document.

Errors

There are no errors described for this operation.

GetAccessPointForObjectLambda

$result = $client->getAccessPointForObjectLambda([/* ... */]);
$promise = $client->getAccessPointForObjectLambdaAsync([/* ... */]);

This operation is not supported by directory buckets.

Returns configuration information about the specified Object Lambda Access Point

The following actions are related to GetAccessPointForObjectLambda:

Parameter Syntax

$result = $client->getAccessPointForObjectLambda([
    'AccountId' => '<string>', // REQUIRED
    'Name' => '<string>', // REQUIRED
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The account ID for the account that owns the specified Object Lambda Access Point.

Name

: Required: Yes
: Type: string

The name of the Object Lambda Access Point.

Result Syntax

[
    'Alias' => [
        'Status' => 'PROVISIONING|READY',
        'Value' => '<string>',
    ],
    'CreationDate' => <DateTime>,
    'Name' => '<string>',
    'PublicAccessBlockConfiguration' => [
        'BlockPublicAcls' => true || false,
        'BlockPublicPolicy' => true || false,
        'IgnorePublicAcls' => true || false,
        'RestrictPublicBuckets' => true || false,
    ],
]

Result Details

Members

Alias

: Type: ObjectLambdaAccessPointAlias structure

The alias of the Object Lambda Access Point.

CreationDate

: Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time when the specified Object Lambda Access Point was created.

Name

: Type: string

The name of the Object Lambda Access Point.

PublicAccessBlockConfiguration

: Type: PublicAccessBlockConfiguration structure

Configuration to block all public access. This setting is turned on and can not be edited.

Errors

There are no errors described for this operation.

GetAccessPointPolicy

$result = $client->getAccessPointPolicy([/* ... */]);
$promise = $client->getAccessPointPolicyAsync([/* ... */]);

This operation is not supported by directory buckets.

Returns the access point policy associated with the specified access point.

The following actions are related to GetAccessPointPolicy:

Parameter Syntax

$result = $client->getAccessPointPolicy([
    'AccountId' => '<string>', // REQUIRED
    'Name' => '<string>', // REQUIRED
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The account ID for the account that owns the specified access point.

Name

: Required: Yes
: Type: string

The name of the access point whose policy you want to retrieve.

For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

Result Syntax

[
    'Policy' => '<string>',
]

Result Details

Members

Policy

: Type: string

The access point policy associated with the specified access point.

Errors

There are no errors described for this operation.

GetAccessPointPolicyForObjectLambda

$result = $client->getAccessPointPolicyForObjectLambda([/* ... */]);
$promise = $client->getAccessPointPolicyForObjectLambdaAsync([/* ... */]);

This operation is not supported by directory buckets.

Returns the resource policy for an Object Lambda Access Point.

The following actions are related to GetAccessPointPolicyForObjectLambda:

Parameter Syntax

$result = $client->getAccessPointPolicyForObjectLambda([
    'AccountId' => '<string>', // REQUIRED
    'Name' => '<string>', // REQUIRED
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The account ID for the account that owns the specified Object Lambda Access Point.

Name

: Required: Yes
: Type: string

The name of the Object Lambda Access Point.

Result Syntax

[
    'Policy' => '<string>',
]

Result Details

Members

Policy

: Type: string

Object Lambda Access Point resource policy document.

Errors

There are no errors described for this operation.

GetAccessPointPolicyStatus

$result = $client->getAccessPointPolicyStatus([/* ... */]);
$promise = $client->getAccessPointPolicyStatusAsync([/* ... */]);

This operation is not supported by directory buckets.

Indicates whether the specified access point currently has a policy that allows public access. For more information about public access through access points, see Managing Data Access with Amazon S3 access points in the Amazon S3 User Guide.

Parameter Syntax

$result = $client->getAccessPointPolicyStatus([
    'AccountId' => '<string>', // REQUIRED
    'Name' => '<string>', // REQUIRED
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The account ID for the account that owns the specified access point.

Name

: Required: Yes
: Type: string

The name of the access point whose policy status you want to retrieve.

Result Syntax

[
    'PolicyStatus' => [
        'IsPublic' => true || false,
    ],
]

Result Details

Members

PolicyStatus

: Type: PolicyStatus structure

Indicates the current policy status of the specified access point.

Errors

There are no errors described for this operation.

GetAccessPointPolicyStatusForObjectLambda

$result = $client->getAccessPointPolicyStatusForObjectLambda([/* ... */]);
$promise = $client->getAccessPointPolicyStatusForObjectLambdaAsync([/* ... */]);

This operation is not supported by directory buckets.

Returns the status of the resource policy associated with an Object Lambda Access Point.

Parameter Syntax

$result = $client->getAccessPointPolicyStatusForObjectLambda([
    'AccountId' => '<string>', // REQUIRED
    'Name' => '<string>', // REQUIRED
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The account ID for the account that owns the specified Object Lambda Access Point.

Name

: Required: Yes
: Type: string

The name of the Object Lambda Access Point.

Result Syntax

[
    'PolicyStatus' => [
        'IsPublic' => true || false,
    ],
]

Result Details

Members

PolicyStatus

: Type: PolicyStatus structure

Indicates whether this access point policy is public. For more information about how Amazon S3 evaluates policies to determine whether they are public, see The Meaning of "Public" in the Amazon S3 User Guide.

Errors

There are no errors described for this operation.

GetBucket

$result = $client->getBucket([/* ... */]);
$promise = $client->getBucketAsync([/* ... */]);

Gets an Amazon S3 on Outposts bucket. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.

If you are using an identity other than the root user of the Amazon Web Services account that owns the Outposts bucket, the calling identity must have the s3-outposts:GetBucket permissions on the specified Outposts bucket and belong to the Outposts bucket owner's account in order to use this action. Only users from Outposts bucket owner account with the right permissions can perform actions on an Outposts bucket.

If you don't have s3-outposts:GetBucket permissions or you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 403 Access Denied error.

The following actions are related to GetBucket for Amazon S3 on Outposts:

Parameter Syntax

$result = $client->getBucket([
    'AccountId' => '<string>', // REQUIRED
    'Bucket' => '<string>', // REQUIRED
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID of the Outposts bucket.

Bucket

: Required: Yes
: Type: string

Specifies the bucket.

For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

Result Syntax

[
    'Bucket' => '<string>',
    'CreationDate' => <DateTime>,
    'PublicAccessBlockEnabled' => true || false,
]

Result Details

Members

Bucket

: Type: string

The Outposts bucket requested.

CreationDate

: Type: timestamp (string|DateTime or anything parsable by strtotime)

The creation date of the Outposts bucket.

PublicAccessBlockEnabled

: Type: boolean

Errors

There are no errors described for this operation.

GetBucketLifecycleConfiguration

$result = $client->getBucketLifecycleConfiguration([/* ... */]);
$promise = $client->getBucketLifecycleConfigurationAsync([/* ... */]);

This action gets an Amazon S3 on Outposts bucket's lifecycle configuration. To get an S3 bucket's lifecycle configuration, see GetBucketLifecycleConfiguration in the Amazon S3 API Reference.

Returns the lifecycle configuration information set on the Outposts bucket. For more information, see Using Amazon S3 on Outposts and for information about lifecycle configuration, see Object Lifecycle Management in Amazon S3 User Guide.

To use this action, you must have permission to perform the s3-outposts:GetLifecycleConfiguration action. The Outposts bucket owner has this permission, by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.

GetBucketLifecycleConfiguration has the following special error:

Error code: NoSuchLifecycleConfiguration
- Description: The lifecycle configuration does not exist.
- HTTP Status Code: 404 Not Found
- SOAP Fault Code Prefix: Client

The following actions are related to GetBucketLifecycleConfiguration:

Parameter Syntax

$result = $client->getBucketLifecycleConfiguration([
    'AccountId' => '<string>', // REQUIRED
    'Bucket' => '<string>', // REQUIRED
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID of the Outposts bucket.

Bucket

: Required: Yes
: Type: string

The Amazon Resource Name (ARN) of the bucket.

For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

Result Syntax

[
    'Rules' => [
        [
            'AbortIncompleteMultipartUpload' => [
                'DaysAfterInitiation' => <integer>,
            ],
            'Expiration' => [
                'Date' => <DateTime>,
                'Days' => <integer>,
                'ExpiredObjectDeleteMarker' => true || false,
            ],
            'Filter' => [
                'And' => [
                    'ObjectSizeGreaterThan' => <integer>,
                    'ObjectSizeLessThan' => <integer>,
                    'Prefix' => '<string>',
                    'Tags' => [
                        [
                            'Key' => '<string>',
                            'Value' => '<string>',
                        ],
                        // ...
                    ],
                ],
                'ObjectSizeGreaterThan' => <integer>,
                'ObjectSizeLessThan' => <integer>,
                'Prefix' => '<string>',
                'Tag' => [
                    'Key' => '<string>',
                    'Value' => '<string>',
                ],
            ],
            'ID' => '<string>',
            'NoncurrentVersionExpiration' => [
                'NewerNoncurrentVersions' => <integer>,
                'NoncurrentDays' => <integer>,
            ],
            'NoncurrentVersionTransitions' => [
                [
                    'NoncurrentDays' => <integer>,
                    'StorageClass' => 'GLACIER|STANDARD_IA|ONEZONE_IA|INTELLIGENT_TIERING|DEEP_ARCHIVE',
                ],
                // ...
            ],
            'Status' => 'Enabled|Disabled',
            'Transitions' => [
                [
                    'Date' => <DateTime>,
                    'Days' => <integer>,
                    'StorageClass' => 'GLACIER|STANDARD_IA|ONEZONE_IA|INTELLIGENT_TIERING|DEEP_ARCHIVE',
                ],
                // ...
            ],
        ],
        // ...
    ],
]

Result Details

Members

Rules

: Type: Array of LifecycleRule structures

Container for the lifecycle rule of the Outposts bucket.

Errors

There are no errors described for this operation.

GetBucketPolicy

$result = $client->getBucketPolicy([/* ... */]);
$promise = $client->getBucketPolicyAsync([/* ... */]);

This action gets a bucket policy for an Amazon S3 on Outposts bucket. To get a policy for an S3 bucket, see GetBucketPolicy in the Amazon S3 API Reference.

Returns the policy of a specified Outposts bucket. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.

If you are using an identity other than the root user of the Amazon Web Services account that owns the bucket, the calling identity must have the GetBucketPolicy permissions on the specified bucket and belong to the bucket owner's account in order to use this action.

Only users from Outposts bucket owner account with the right permissions can perform actions on an Outposts bucket. If you don't have s3-outposts:GetBucketPolicy permissions or you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 403 Access Denied error.

For more information about bucket policies, see Using Bucket Policies and User Policies.

The following actions are related to GetBucketPolicy:

Parameter Syntax

$result = $client->getBucketPolicy([
    'AccountId' => '<string>', // REQUIRED
    'Bucket' => '<string>', // REQUIRED
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID of the Outposts bucket.

Bucket

: Required: Yes
: Type: string

Specifies the bucket.

For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

Result Syntax

[
    'Policy' => '<string>',
]

Result Details

Members

Policy

: Type: string

The policy of the Outposts bucket.

Errors

There are no errors described for this operation.

GetBucketReplication

$result = $client->getBucketReplication([/* ... */]);
$promise = $client->getBucketReplicationAsync([/* ... */]);

This operation gets an Amazon S3 on Outposts bucket's replication configuration. To get an S3 bucket's replication configuration, see GetBucketReplication in the Amazon S3 API Reference.

Returns the replication configuration of an S3 on Outposts bucket. For more information about S3 on Outposts, see Using Amazon S3 on Outposts in the Amazon S3 User Guide. For information about S3 replication on Outposts configuration, see Replicating objects for S3 on Outposts in the Amazon S3 User Guide.

This action requires permissions for the s3-outposts:GetReplicationConfiguration action. The Outposts bucket owner has this permission by default and can grant it to others. For more information about permissions, see Setting up IAM with S3 on Outposts and Managing access to S3 on Outposts bucket in the Amazon S3 User Guide.

If you include the Filter element in a replication configuration, you must also include the DeleteMarkerReplication, Status, and Priority elements. The response also returns those elements.

For information about S3 on Outposts replication failure reasons, see Replication failure reasons in the Amazon S3 User Guide.

The following operations are related to GetBucketReplication:

Parameter Syntax

$result = $client->getBucketReplication([
    'AccountId' => '<string>', // REQUIRED
    'Bucket' => '<string>', // REQUIRED
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID of the Outposts bucket.

Bucket

: Required: Yes
: Type: string

Specifies the bucket to get the replication information for.

For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

Result Syntax

[
    'ReplicationConfiguration' => [
        'Role' => '<string>',
        'Rules' => [
            [
                'Bucket' => '<string>',
                'DeleteMarkerReplication' => [
                    'Status' => 'Enabled|Disabled',
                ],
                'Destination' => [
                    'AccessControlTranslation' => [
                        'Owner' => 'Destination',
                    ],
                    'Account' => '<string>',
                    'Bucket' => '<string>',
                    'EncryptionConfiguration' => [
                        'ReplicaKmsKeyID' => '<string>',
                    ],
                    'Metrics' => [
                        'EventThreshold' => [
                            'Minutes' => <integer>,
                        ],
                        'Status' => 'Enabled|Disabled',
                    ],
                    'ReplicationTime' => [
                        'Status' => 'Enabled|Disabled',
                        'Time' => [
                            'Minutes' => <integer>,
                        ],
                    ],
                    'StorageClass' => 'STANDARD|REDUCED_REDUNDANCY|STANDARD_IA|ONEZONE_IA|INTELLIGENT_TIERING|GLACIER|DEEP_ARCHIVE|OUTPOSTS|GLACIER_IR',
                ],
                'ExistingObjectReplication' => [
                    'Status' => 'Enabled|Disabled',
                ],
                'Filter' => [
                    'And' => [
                        'Prefix' => '<string>',
                        'Tags' => [
                            [
                                'Key' => '<string>',
                                'Value' => '<string>',
                            ],
                            // ...
                        ],
                    ],
                    'Prefix' => '<string>',
                    'Tag' => [
                        'Key' => '<string>',
                        'Value' => '<string>',
                    ],
                ],
                'ID' => '<string>',
                'Prefix' => '<string>',
                'Priority' => <integer>,
                'SourceSelectionCriteria' => [
                    'ReplicaModifications' => [
                        'Status' => 'Enabled|Disabled',
                    ],
                    'SseKmsEncryptedObjects' => [
                        'Status' => 'Enabled|Disabled',
                    ],
                ],
                'Status' => 'Enabled|Disabled',
            ],
            // ...
        ],
    ],
]

Result Details

Members

ReplicationConfiguration

: Type: ReplicationConfiguration structure

A container for one or more replication rules. A replication configuration must have at least one rule and you can add up to 100 rules. The maximum size of a replication configuration is 128 KB.

Errors

There are no errors described for this operation.

GetBucketTagging

$result = $client->getBucketTagging([/* ... */]);
$promise = $client->getBucketTaggingAsync([/* ... */]);

This action gets an Amazon S3 on Outposts bucket's tags. To get an S3 bucket tags, see GetBucketTagging in the Amazon S3 API Reference.

Returns the tag set associated with the Outposts bucket. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.

To use this action, you must have permission to perform the GetBucketTagging action. By default, the bucket owner has this permission and can grant this permission to others.

GetBucketTagging has the following special error:

Error code: NoSuchTagSetError
- Description: There is no tag set associated with the bucket.

The following actions are related to GetBucketTagging:

Parameter Syntax

$result = $client->getBucketTagging([
    'AccountId' => '<string>', // REQUIRED
    'Bucket' => '<string>', // REQUIRED
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID of the Outposts bucket.

Bucket

: Required: Yes
: Type: string

Specifies the bucket.

For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

Result Syntax

[
    'TagSet' => [
        [
            'Key' => '<string>',
            'Value' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members

TagSet

: Required: Yes
: Type: Array of S3Tag structures

The tags set of the Outposts bucket.

Errors

There are no errors described for this operation.

GetBucketVersioning

$result = $client->getBucketVersioning([/* ... */]);
$promise = $client->getBucketVersioningAsync([/* ... */]);

This operation returns the versioning state for S3 on Outposts buckets only. To return the versioning state for an S3 bucket, see GetBucketVersioning in the Amazon S3 API Reference.

Returns the versioning state for an S3 on Outposts bucket. With S3 Versioning, you can save multiple distinct copies of your objects and recover from unintended user actions and application failures.

If you've never set versioning on your bucket, it has no versioning state. In that case, the GetBucketVersioning request does not return a versioning state value.

For more information about versioning, see Versioning in the Amazon S3 User Guide.

The following operations are related to GetBucketVersioning for S3 on Outposts.

Parameter Syntax

$result = $client->getBucketVersioning([
    'AccountId' => '<string>', // REQUIRED
    'Bucket' => '<string>', // REQUIRED
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID of the S3 on Outposts bucket.

Bucket

: Required: Yes
: Type: string

The S3 on Outposts bucket to return the versioning state for.

Result Syntax

[
    'MFADelete' => 'Enabled|Disabled',
    'Status' => 'Enabled|Suspended',
]

Result Details

Members

MFADelete

: Type: string

Specifies whether MFA delete is enabled in the bucket versioning configuration. This element is returned only if the bucket has been configured with MFA delete. If MFA delete has never been configured for the bucket, this element is not returned.

Status

: Type: string

The versioning state of the S3 on Outposts bucket.

Errors

There are no errors described for this operation.

GetDataAccess

$result = $client->getDataAccess([/* ... */]);
$promise = $client->getDataAccessAsync([/* ... */]);

Returns a temporary access credential from S3 Access Grants to the grantee or client application. The temporary credential is an Amazon Web Services STS token that grants them access to the S3 data.

Permissions: You must have the s3:GetDataAccess permission to use this operation.
Additional Permissions: The IAM role that S3 Access Grants assumes must have the following permissions specified in the trust policy when registering the location: sts:AssumeRole, for directory users or groups sts:SetContext, and for IAM users or roles sts:SetSourceIdentity.

Parameter Syntax

$result = $client->getDataAccess([
    'AccountId' => '<string>', // REQUIRED
    'DurationSeconds' => <integer>,
    'Permission' => 'READ|WRITE|READWRITE', // REQUIRED
    'Privilege' => 'Minimal|Default',
    'Target' => '<string>', // REQUIRED
    'TargetType' => 'Object',
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID of the S3 Access Grants instance.

DurationSeconds

: Type: int

The session duration, in seconds, of the temporary access credential that S3 Access Grants vends to the grantee or client application. The default value is 1 hour, but the grantee can specify a range from 900 seconds (15 minutes) up to 43200 seconds (12 hours). If the grantee requests a value higher than this maximum, the operation fails.

Permission

: Required: Yes
: Type: string

The type of permission granted to your S3 data, which can be set to one of the following values:

READ – Grant read-only access to the S3 data.
WRITE – Grant write-only access to the S3 data.
READWRITE – Grant both read and write access to the S3 data.

Privilege

: Type: string

The scope of the temporary access credential that S3 Access Grants vends to the grantee or client application.

Default – The scope of the returned temporary access token is the scope of the grant that is closest to the target scope.
Minimal – The scope of the returned temporary access token is the same as the requested target scope as long as the requested scope is the same as or a subset of the grant scope.

Target

: Required: Yes
: Type: string

The S3 URI path of the data to which you are requesting temporary access credentials. If the requesting account has an access grant for this data, S3 Access Grants vends temporary access credentials in the response.

TargetType

: Type: string

The type of Target. The only possible value is Object. Pass this value if the target data that you would like to access is a path to an object. Do not pass this value if the target data is a bucket or a bucket and a prefix.

Result Syntax

[
    'Credentials' => [
        'AccessKeyId' => '<string>',
        'Expiration' => <DateTime>,
        'SecretAccessKey' => '<string>',
        'SessionToken' => '<string>',
    ],
    'MatchedGrantTarget' => '<string>',
]

Result Details

Members

Credentials

: Type: Credentials structure

The temporary credential token that S3 Access Grants vends.

MatchedGrantTarget

: Type: string

The S3 URI path of the data to which you are being granted temporary access credentials.

Errors

There are no errors described for this operation.

GetJobTagging

$result = $client->getJobTagging([/* ... */]);
$promise = $client->getJobTaggingAsync([/* ... */]);

Returns the tags on an S3 Batch Operations job.

Permissions: To use the GetJobTagging operation, you must have permission to perform the s3:GetJobTagging action. For more information, see Controlling access and labeling jobs using tags in the Amazon S3 User Guide.

Related actions include:

Parameter Syntax

$result = $client->getJobTagging([
    'AccountId' => '<string>', // REQUIRED
    'JobId' => '<string>', // REQUIRED
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID associated with the S3 Batch Operations job.

JobId

: Required: Yes
: Type: string

The ID for the S3 Batch Operations job whose tags you want to retrieve.

Result Syntax

[
    'Tags' => [
        [
            'Key' => '<string>',
            'Value' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members

Tags

: Type: Array of S3Tag structures

The set of tags associated with the S3 Batch Operations job.

Errors

InternalServiceException:
TooManyRequestsException:
NotFoundException:

GetMultiRegionAccessPoint

$result = $client->getMultiRegionAccessPoint([/* ... */]);
$promise = $client->getMultiRegionAccessPointAsync([/* ... */]);

This operation is not supported by directory buckets.

Returns configuration information about the specified Multi-Region Access Point.

The following actions are related to GetMultiRegionAccessPoint:

Parameter Syntax

$result = $client->getMultiRegionAccessPoint([
    'AccountId' => '<string>', // REQUIRED
    'Name' => '<string>', // REQUIRED
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID for the owner of the Multi-Region Access Point.

Name

: Required: Yes
: Type: string

The name of the Multi-Region Access Point whose configuration information you want to receive. The name of the Multi-Region Access Point is different from the alias. For more information about the distinction between the name and the alias of an Multi-Region Access Point, see Rules for naming Amazon S3 Multi-Region Access Points in the Amazon S3 User Guide.

Result Syntax

[
    'AccessPoint' => [
        'Alias' => '<string>',
        'CreatedAt' => <DateTime>,
        'Name' => '<string>',
        'PublicAccessBlock' => [
            'BlockPublicAcls' => true || false,
            'BlockPublicPolicy' => true || false,
            'IgnorePublicAcls' => true || false,
            'RestrictPublicBuckets' => true || false,
        ],
        'Regions' => [
            [
                'Bucket' => '<string>',
                'BucketAccountId' => '<string>',
                'Region' => '<string>',
            ],
            // ...
        ],
        'Status' => 'READY|INCONSISTENT_ACROSS_REGIONS|CREATING|PARTIALLY_CREATED|PARTIALLY_DELETED|DELETING',
    ],
]

Result Details

Members

AccessPoint

: Type: MultiRegionAccessPointReport structure

A container element containing the details of the requested Multi-Region Access Point.

Errors

There are no errors described for this operation.

GetMultiRegionAccessPointPolicy

$result = $client->getMultiRegionAccessPointPolicy([/* ... */]);
$promise = $client->getMultiRegionAccessPointPolicyAsync([/* ... */]);

This operation is not supported by directory buckets.

Returns the access control policy of the specified Multi-Region Access Point.

The following actions are related to GetMultiRegionAccessPointPolicy:

Parameter Syntax

$result = $client->getMultiRegionAccessPointPolicy([
    'AccountId' => '<string>', // REQUIRED
    'Name' => '<string>', // REQUIRED
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID for the owner of the Multi-Region Access Point.

Name

: Required: Yes
: Type: string

Specifies the Multi-Region Access Point. The name of the Multi-Region Access Point is different from the alias. For more information about the distinction between the name and the alias of an Multi-Region Access Point, see Rules for naming Amazon S3 Multi-Region Access Points in the Amazon S3 User Guide.

Result Syntax

[
    'Policy' => [
        'Established' => [
            'Policy' => '<string>',
        ],
        'Proposed' => [
            'Policy' => '<string>',
        ],
    ],
]

Result Details

Members

Policy

: Type: MultiRegionAccessPointPolicyDocument structure

The policy associated with the specified Multi-Region Access Point.

Errors

There are no errors described for this operation.

GetMultiRegionAccessPointPolicyStatus

$result = $client->getMultiRegionAccessPointPolicyStatus([/* ... */]);
$promise = $client->getMultiRegionAccessPointPolicyStatusAsync([/* ... */]);

This operation is not supported by directory buckets.

Indicates whether the specified Multi-Region Access Point has an access control policy that allows public access.

The following actions are related to GetMultiRegionAccessPointPolicyStatus:

Parameter Syntax

$result = $client->getMultiRegionAccessPointPolicyStatus([
    'AccountId' => '<string>', // REQUIRED
    'Name' => '<string>', // REQUIRED
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID for the owner of the Multi-Region Access Point.

Name

: Required: Yes
: Type: string

Result Syntax

[
    'Established' => [
        'IsPublic' => true || false,
    ],
]

Result Details

Members

Established

: Type: PolicyStatus structure

Errors

There are no errors described for this operation.

GetMultiRegionAccessPointRoutes

$result = $client->getMultiRegionAccessPointRoutes([/* ... */]);
$promise = $client->getMultiRegionAccessPointRoutesAsync([/* ... */]);

This operation is not supported by directory buckets.

Returns the routing configuration for a Multi-Region Access Point, indicating which Regions are active or passive.

To obtain routing control changes and failover requests, use the Amazon S3 failover control infrastructure endpoints in these five Amazon Web Services Regions:

us-east-1
us-west-2
ap-southeast-2
ap-northeast-1
eu-west-1

Parameter Syntax

$result = $client->getMultiRegionAccessPointRoutes([
    'AccountId' => '<string>', // REQUIRED
    'Mrap' => '<string>', // REQUIRED
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID for the owner of the Multi-Region Access Point.

Mrap

: Required: Yes
: Type: string

The Multi-Region Access Point ARN.

Result Syntax

[
    'Mrap' => '<string>',
    'Routes' => [
        [
            'Bucket' => '<string>',
            'Region' => '<string>',
            'TrafficDialPercentage' => <integer>,
        ],
        // ...
    ],
]

Result Details

Members

Mrap

: Type: string

The Multi-Region Access Point ARN.

Routes

: Type: Array of MultiRegionAccessPointRoute structures

The different routes that make up the route configuration. Active routes return a value of 100, and passive routes return a value of 0.

Errors

There are no errors described for this operation.

GetPublicAccessBlock

$result = $client->getPublicAccessBlock([/* ... */]);
$promise = $client->getPublicAccessBlockAsync([/* ... */]);

This operation is not supported by directory buckets.

Retrieves the PublicAccessBlock configuration for an Amazon Web Services account. For more information, see Using Amazon S3 block public access.

Related actions include:

Parameter Syntax

$result = $client->getPublicAccessBlock([
    'AccountId' => '<string>', // REQUIRED
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The account ID for the Amazon Web Services account whose PublicAccessBlock configuration you want to retrieve.

Result Syntax

[
    'PublicAccessBlockConfiguration' => [
        'BlockPublicAcls' => true || false,
        'BlockPublicPolicy' => true || false,
        'IgnorePublicAcls' => true || false,
        'RestrictPublicBuckets' => true || false,
    ],
]

Result Details

Members

PublicAccessBlockConfiguration

: Type: PublicAccessBlockConfiguration structure

The PublicAccessBlock configuration currently in effect for this Amazon Web Services account.

Errors

NoSuchPublicAccessBlockConfiguration:: Amazon S3 throws this exception if you make a GetPublicAccessBlock request against an account that doesn't have a PublicAccessBlockConfiguration set.

GetStorageLensConfiguration

$result = $client->getStorageLensConfiguration([/* ... */]);
$promise = $client->getStorageLensConfigurationAsync([/* ... */]);

This operation is not supported by directory buckets.

Gets the Amazon S3 Storage Lens configuration. For more information, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon S3 User Guide. For a complete list of S3 Storage Lens metrics, see S3 Storage Lens metrics glossary in the Amazon S3 User Guide.

To use this action, you must have permission to perform the s3:GetStorageLensConfiguration action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide.

Parameter Syntax

$result = $client->getStorageLensConfiguration([
    'AccountId' => '<string>', // REQUIRED
    'ConfigId' => '<string>', // REQUIRED
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The account ID of the requester.

ConfigId

: Required: Yes
: Type: string

The ID of the Amazon S3 Storage Lens configuration.

Result Syntax

[
    'StorageLensConfiguration' => [
        'AccountLevel' => [
            'ActivityMetrics' => [
                'IsEnabled' => true || false,
            ],
            'AdvancedCostOptimizationMetrics' => [
                'IsEnabled' => true || false,
            ],
            'AdvancedDataProtectionMetrics' => [
                'IsEnabled' => true || false,
            ],
            'BucketLevel' => [
                'ActivityMetrics' => [
                    'IsEnabled' => true || false,
                ],
                'AdvancedCostOptimizationMetrics' => [
                    'IsEnabled' => true || false,
                ],
                'AdvancedDataProtectionMetrics' => [
                    'IsEnabled' => true || false,
                ],
                'DetailedStatusCodesMetrics' => [
                    'IsEnabled' => true || false,
                ],
                'PrefixLevel' => [
                    'StorageMetrics' => [
                        'IsEnabled' => true || false,
                        'SelectionCriteria' => [
                            'Delimiter' => '<string>',
                            'MaxDepth' => <integer>,
                            'MinStorageBytesPercentage' => <float>,
                        ],
                    ],
                ],
            ],
            'DetailedStatusCodesMetrics' => [
                'IsEnabled' => true || false,
            ],
            'StorageLensGroupLevel' => [
                'SelectionCriteria' => [
                    'Exclude' => ['<string>', ...],
                    'Include' => ['<string>', ...],
                ],
            ],
        ],
        'AwsOrg' => [
            'Arn' => '<string>',
        ],
        'DataExport' => [
            'CloudWatchMetrics' => [
                'IsEnabled' => true || false,
            ],
            'S3BucketDestination' => [
                'AccountId' => '<string>',
                'Arn' => '<string>',
                'Encryption' => [
                    'SSEKMS' => [
                        'KeyId' => '<string>',
                    ],
                    'SSES3' => [
                    ],
                ],
                'Format' => 'CSV|Parquet',
                'OutputSchemaVersion' => 'V_1',
                'Prefix' => '<string>',
            ],
        ],
        'Exclude' => [
            'Buckets' => ['<string>', ...],
            'Regions' => ['<string>', ...],
        ],
        'Id' => '<string>',
        'Include' => [
            'Buckets' => ['<string>', ...],
            'Regions' => ['<string>', ...],
        ],
        'IsEnabled' => true || false,
        'StorageLensArn' => '<string>',
    ],
]

Result Details

Members

StorageLensConfiguration

: Type: StorageLensConfiguration structure

The S3 Storage Lens configuration requested.

Errors

There are no errors described for this operation.

GetStorageLensConfigurationTagging

$result = $client->getStorageLensConfigurationTagging([/* ... */]);
$promise = $client->getStorageLensConfigurationTaggingAsync([/* ... */]);

This operation is not supported by directory buckets.

Gets the tags of Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon S3 User Guide.

To use this action, you must have permission to perform the s3:GetStorageLensConfigurationTagging action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide.

Parameter Syntax

$result = $client->getStorageLensConfigurationTagging([
    'AccountId' => '<string>', // REQUIRED
    'ConfigId' => '<string>', // REQUIRED
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The account ID of the requester.

ConfigId

: Required: Yes
: Type: string

The ID of the Amazon S3 Storage Lens configuration.

Result Syntax

[
    'Tags' => [
        [
            'Key' => '<string>',
            'Value' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members

Tags

: Type: Array of StorageLensTag structures

The tags of S3 Storage Lens configuration requested.

Errors

There are no errors described for this operation.

GetStorageLensGroup

$result = $client->getStorageLensGroup([/* ... */]);
$promise = $client->getStorageLensGroupAsync([/* ... */]);

Retrieves the Storage Lens group configuration details.

To use this operation, you must have the permission to perform the s3:GetStorageLensGroup action. For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups.

For information about Storage Lens groups errors, see List of Amazon S3 Storage Lens error codes.

Parameter Syntax

$result = $client->getStorageLensGroup([
    'AccountId' => '<string>', // REQUIRED
    'Name' => '<string>', // REQUIRED
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID associated with the Storage Lens group that you're trying to retrieve the details for.

Name

: Required: Yes
: Type: string

The name of the Storage Lens group that you're trying to retrieve the configuration details for.

Result Syntax

[
    'StorageLensGroup' => [
        'Filter' => [
            'And' => [
                'MatchAnyPrefix' => ['<string>', ...],
                'MatchAnySuffix' => ['<string>', ...],
                'MatchAnyTag' => [
                    [
                        'Key' => '<string>',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'MatchObjectAge' => [
                    'DaysGreaterThan' => <integer>,
                    'DaysLessThan' => <integer>,
                ],
                'MatchObjectSize' => [
                    'BytesGreaterThan' => <integer>,
                    'BytesLessThan' => <integer>,
                ],
            ],
            'MatchAnyPrefix' => ['<string>', ...],
            'MatchAnySuffix' => ['<string>', ...],
            'MatchAnyTag' => [
                [
                    'Key' => '<string>',
                    'Value' => '<string>',
                ],
                // ...
            ],
            'MatchObjectAge' => [
                'DaysGreaterThan' => <integer>,
                'DaysLessThan' => <integer>,
            ],
            'MatchObjectSize' => [
                'BytesGreaterThan' => <integer>,
                'BytesLessThan' => <integer>,
            ],
            'Or' => [
                'MatchAnyPrefix' => ['<string>', ...],
                'MatchAnySuffix' => ['<string>', ...],
                'MatchAnyTag' => [
                    [
                        'Key' => '<string>',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'MatchObjectAge' => [
                    'DaysGreaterThan' => <integer>,
                    'DaysLessThan' => <integer>,
                ],
                'MatchObjectSize' => [
                    'BytesGreaterThan' => <integer>,
                    'BytesLessThan' => <integer>,
                ],
            ],
        ],
        'Name' => '<string>',
        'StorageLensGroupArn' => '<string>',
    ],
]

Result Details

Members

StorageLensGroup

: Type: StorageLensGroup structure

The name of the Storage Lens group that you're trying to retrieve the configuration details for.

Errors

There are no errors described for this operation.

ListAccessGrants

$result = $client->listAccessGrants([/* ... */]);
$promise = $client->listAccessGrantsAsync([/* ... */]);

Returns the list of access grants in your S3 Access Grants instance.

Permissions: You must have the s3:ListAccessGrants permission to use this operation.

Parameter Syntax

$result = $client->listAccessGrants([
    'AccountId' => '<string>', // REQUIRED
    'ApplicationArn' => '<string>',
    'GrantScope' => '<string>',
    'GranteeIdentifier' => '<string>',
    'GranteeType' => 'DIRECTORY_USER|DIRECTORY_GROUP|IAM',
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'Permission' => 'READ|WRITE|READWRITE',
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID of the S3 Access Grants instance.

ApplicationArn

: Type: string

GrantScope

: Type: string

The S3 path of the data to which you are granting access. It is the result of appending the Subprefix to the location scope.

GranteeIdentifier

: Type: string

The unique identifer of the Grantee. If the grantee type is IAM, the identifier is the IAM Amazon Resource Name (ARN) of the user or role. If the grantee type is a directory user or group, the identifier is 128-bit universally unique identifier (UUID) in the format a1b2c3d4-5678-90ab-cdef-EXAMPLE11111. You can obtain this UUID from your Amazon Web Services IAM Identity Center instance.

GranteeType

: Type: string

The type of the grantee to which access has been granted. It can be one of the following values:

IAM - An IAM user or role.
DIRECTORY_USER - Your corporate directory user. You can use this option if you have added your corporate identity directory to IAM Identity Center and associated the IAM Identity Center instance with your S3 Access Grants instance.
DIRECTORY_GROUP - Your corporate directory group. You can use this option if you have added your corporate identity directory to IAM Identity Center and associated the IAM Identity Center instance with your S3 Access Grants instance.

MaxResults

: Type: int

The maximum number of access grants that you would like returned in the List Access Grants response. If the results include the pagination token NextToken, make another call using the NextToken to determine if there are more results.

NextToken

: Type: string

A pagination token to request the next page of results. Pass this value into a subsequent List Access Grants request in order to retrieve the next page of results.

Permission

: Type: string

The type of permission granted to your S3 data, which can be set to one of the following values:

READ – Grant read-only access to the S3 data.
WRITE – Grant write-only access to the S3 data.
READWRITE – Grant both read and write access to the S3 data.

Result Syntax

[
    'AccessGrantsList' => [
        [
            'AccessGrantArn' => '<string>',
            'AccessGrantId' => '<string>',
            'AccessGrantsLocationConfiguration' => [
                'S3SubPrefix' => '<string>',
            ],
            'AccessGrantsLocationId' => '<string>',
            'ApplicationArn' => '<string>',
            'CreatedAt' => <DateTime>,
            'GrantScope' => '<string>',
            'Grantee' => [
                'GranteeIdentifier' => '<string>',
                'GranteeType' => 'DIRECTORY_USER|DIRECTORY_GROUP|IAM',
            ],
            'Permission' => 'READ|WRITE|READWRITE',
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members

AccessGrantsList

: Type: Array of ListAccessGrantEntry structures

A container for a list of grants in an S3 Access Grants instance.

NextToken

: Type: string

A pagination token to request the next page of results. Pass this value into a subsequent List Access Grants request in order to retrieve the next page of results.

Errors

There are no errors described for this operation.

ListAccessGrantsInstances

$result = $client->listAccessGrantsInstances([/* ... */]);
$promise = $client->listAccessGrantsInstancesAsync([/* ... */]);

Returns a list of S3 Access Grants instances. An S3 Access Grants instance serves as a logical grouping for your individual access grants. You can only have one S3 Access Grants instance per Region per account.

Permissions: You must have the s3:ListAccessGrantsInstances permission to use this operation.

Parameter Syntax

$result = $client->listAccessGrantsInstances([
    'AccountId' => '<string>', // REQUIRED
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID of the S3 Access Grants instance.

MaxResults

: Type: int

NextToken

: Type: string

A pagination token to request the next page of results. Pass this value into a subsequent List Access Grants Instances request in order to retrieve the next page of results.

Result Syntax

[
    'AccessGrantsInstancesList' => [
        [
            'AccessGrantsInstanceArn' => '<string>',
            'AccessGrantsInstanceId' => '<string>',
            'CreatedAt' => <DateTime>,
            'IdentityCenterApplicationArn' => '<string>',
            'IdentityCenterArn' => '<string>',
            'IdentityCenterInstanceArn' => '<string>',
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members

AccessGrantsInstancesList

: Type: Array of ListAccessGrantsInstanceEntry structures

A container for a list of S3 Access Grants instances.

NextToken

: Type: string

A pagination token to request the next page of results. Pass this value into a subsequent List Access Grants Instances request in order to retrieve the next page of results.

Errors

There are no errors described for this operation.

ListAccessGrantsLocations

$result = $client->listAccessGrantsLocations([/* ... */]);
$promise = $client->listAccessGrantsLocationsAsync([/* ... */]);

Returns a list of the locations registered in your S3 Access Grants instance.

Permissions: You must have the s3:ListAccessGrantsLocations permission to use this operation.

Parameter Syntax

$result = $client->listAccessGrantsLocations([
    'AccountId' => '<string>', // REQUIRED
    'LocationScope' => '<string>',
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID of the S3 Access Grants instance.

LocationScope

: Type: string

MaxResults

: Type: int

NextToken

: Type: string

A pagination token to request the next page of results. Pass this value into a subsequent List Access Grants Locations request in order to retrieve the next page of results.

Result Syntax

[
    'AccessGrantsLocationsList' => [
        [
            'AccessGrantsLocationArn' => '<string>',
            'AccessGrantsLocationId' => '<string>',
            'CreatedAt' => <DateTime>,
            'IAMRoleArn' => '<string>',
            'LocationScope' => '<string>',
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members

AccessGrantsLocationsList

: Type: Array of ListAccessGrantsLocationsEntry structures

A container for a list of registered locations in an S3 Access Grants instance.

NextToken

: Type: string

A pagination token to request the next page of results. Pass this value into a subsequent List Access Grants Locations request in order to retrieve the next page of results.

Errors

There are no errors described for this operation.

ListAccessPoints

$result = $client->listAccessPoints([/* ... */]);
$promise = $client->listAccessPointsAsync([/* ... */]);

This operation is not supported by directory buckets.

Returns a list of the access points that are owned by the current account that's associated with the specified bucket. You can retrieve up to 1000 access points per call. If the specified bucket has more than 1,000 access points (or the number specified in maxResults, whichever is less), the response will include a continuation token that you can use to list the additional access points.

The following actions are related to ListAccessPoints:

Parameter Syntax

$result = $client->listAccessPoints([
    'AccountId' => '<string>', // REQUIRED
    'Bucket' => '<string>',
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID for the account that owns the specified access points.

Bucket

: Type: string

The name of the bucket whose associated access points you want to list.

For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

MaxResults

: Type: int

The maximum number of access points that you want to include in the list. If the specified bucket has more than this number of access points, then the response will include a continuation token in the NextToken field that you can use to retrieve the next page of access points.

NextToken

: Type: string

A continuation token. If a previous call to ListAccessPoints returned a continuation token in the NextToken field, then providing that value here causes Amazon S3 to retrieve the next page of results.

Result Syntax

[
    'AccessPointList' => [
        [
            'AccessPointArn' => '<string>',
            'Alias' => '<string>',
            'Bucket' => '<string>',
            'BucketAccountId' => '<string>',
            'Name' => '<string>',
            'NetworkOrigin' => 'Internet|VPC',
            'VpcConfiguration' => [
                'VpcId' => '<string>',
            ],
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members

AccessPointList

: Type: Array of AccessPoint structures

Contains identification and configuration information for one or more access points associated with the specified bucket.

NextToken

: Type: string

If the specified bucket has more access points than can be returned in one call to this API, this field contains a continuation token that you can provide in subsequent calls to this API to retrieve additional access points.

Errors

There are no errors described for this operation.

ListAccessPointsForObjectLambda

$result = $client->listAccessPointsForObjectLambda([/* ... */]);
$promise = $client->listAccessPointsForObjectLambdaAsync([/* ... */]);

This operation is not supported by directory buckets.

Returns some or all (up to 1,000) access points associated with the Object Lambda Access Point per call. If there are more access points than what can be returned in one call, the response will include a continuation token that you can use to list the additional access points.

The following actions are related to ListAccessPointsForObjectLambda:

Parameter Syntax

$result = $client->listAccessPointsForObjectLambda([
    'AccountId' => '<string>', // REQUIRED
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The account ID for the account that owns the specified Object Lambda Access Point.

MaxResults

: Type: int

The maximum number of access points that you want to include in the list. The response may contain fewer access points but will never contain more. If there are more than this number of access points, then the response will include a continuation token in the NextToken field that you can use to retrieve the next page of access points.

NextToken

: Type: string

If the list has more access points than can be returned in one call to this API, this field contains a continuation token that you can provide in subsequent calls to this API to retrieve additional access points.

Result Syntax

[
    'NextToken' => '<string>',
    'ObjectLambdaAccessPointList' => [
        [
            'Alias' => [
                'Status' => 'PROVISIONING|READY',
                'Value' => '<string>',
            ],
            'Name' => '<string>',
            'ObjectLambdaAccessPointArn' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members

NextToken

: Type: string

ObjectLambdaAccessPointList

: Type: Array of ObjectLambdaAccessPoint structures

Returns list of Object Lambda Access Points.

Errors

There are no errors described for this operation.

ListCallerAccessGrants

$result = $client->listCallerAccessGrants([/* ... */]);
$promise = $client->listCallerAccessGrantsAsync([/* ... */]);

Returns a list of the access grants that were given to the caller using S3 Access Grants and that allow the caller to access the S3 data of the Amazon Web Services account specified in the request.

Permissions: You must have the s3:ListCallerAccessGrants permission to use this operation.

Parameter Syntax

$result = $client->listCallerAccessGrants([
    'AccountId' => '<string>', // REQUIRED
    'AllowedByApplication' => true || false,
    'GrantScope' => '<string>',
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID of the S3 Access Grants instance.

AllowedByApplication

: Type: boolean

If this optional parameter is passed in the request, a filter is applied to the results. The results will include only the access grants for the caller's Identity Center application or for any other applications (ALL).

GrantScope

: Type: string

The S3 path of the data that you would like to access. Must start with s3://. You can optionally pass only the beginning characters of a path, and S3 Access Grants will search for all applicable grants for the path fragment.

MaxResults

: Type: int

The maximum number of access grants that you would like returned in the List Caller Access Grants response. If the results include the pagination token NextToken, make another call using the NextToken to determine if there are more results.

NextToken

: Type: string

A pagination token to request the next page of results. Pass this value into a subsequent List Caller Access Grants request in order to retrieve the next page of results.

Result Syntax

[
    'CallerAccessGrantsList' => [
        [
            'ApplicationArn' => '<string>',
            'GrantScope' => '<string>',
            'Permission' => 'READ|WRITE|READWRITE',
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members

CallerAccessGrantsList

: Type: Array of ListCallerAccessGrantsEntry structures

A list of the caller's access grants that were created using S3 Access Grants and that grant the caller access to the S3 data of the Amazon Web Services account ID that was specified in the request.

NextToken

: Type: string

A pagination token that you can use to request the next page of results. Pass this value into a subsequent List Caller Access Grants request in order to retrieve the next page of results.

Errors

There are no errors described for this operation.

ListJobs

$result = $client->listJobs([/* ... */]);
$promise = $client->listJobsAsync([/* ... */]);

Lists current S3 Batch Operations jobs as well as the jobs that have ended within the last 90 days for the Amazon Web Services account making the request. For more information, see S3 Batch Operations in the Amazon S3 User Guide.

Permissions: To use the ListJobs operation, you must have permission to perform the s3:ListJobs action.

Related actions include:

Parameter Syntax

$result = $client->listJobs([
    'AccountId' => '<string>', // REQUIRED
    'JobStatuses' => ['<string>', ...],
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID associated with the S3 Batch Operations job.

JobStatuses

: Type: Array of strings

The List Jobs request returns jobs that match the statuses listed in this element.

MaxResults

: Type: int

The maximum number of jobs that Amazon S3 will include in the List Jobs response. If there are more jobs than this number, the response will include a pagination token in the NextToken field to enable you to retrieve the next page of results.

NextToken

: Type: string

A pagination token to request the next page of results. Use the token that Amazon S3 returned in the NextToken element of the ListJobsResult from the previous List Jobs request.

Result Syntax

[
    'Jobs' => [
        [
            'CreationTime' => <DateTime>,
            'Description' => '<string>',
            'JobId' => '<string>',
            'Operation' => 'LambdaInvoke|S3PutObjectCopy|S3PutObjectAcl|S3PutObjectTagging|S3DeleteObjectTagging|S3InitiateRestoreObject|S3PutObjectLegalHold|S3PutObjectRetention|S3ReplicateObject',
            'Priority' => <integer>,
            'ProgressSummary' => [
                'NumberOfTasksFailed' => <integer>,
                'NumberOfTasksSucceeded' => <integer>,
                'Timers' => [
                    'ElapsedTimeInActiveSeconds' => <integer>,
                ],
                'TotalNumberOfTasks' => <integer>,
            ],
            'Status' => 'Active|Cancelled|Cancelling|Complete|Completing|Failed|Failing|New|Paused|Pausing|Preparing|Ready|Suspended',
            'TerminationDate' => <DateTime>,
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members

Jobs

: Type: Array of JobListDescriptor structures

The list of current jobs and jobs that have ended within the last 30 days.

NextToken

: Type: string

If the List Jobs request produced more than the maximum number of results, you can pass this value into a subsequent List Jobs request in order to retrieve the next page of results.

Errors

InvalidRequestException:
InternalServiceException:
InvalidNextTokenException:

ListMultiRegionAccessPoints

$result = $client->listMultiRegionAccessPoints([/* ... */]);
$promise = $client->listMultiRegionAccessPointsAsync([/* ... */]);

This operation is not supported by directory buckets.

Returns a list of the Multi-Region Access Points currently associated with the specified Amazon Web Services account. Each call can return up to 100 Multi-Region Access Points, the maximum number of Multi-Region Access Points that can be associated with a single account.

The following actions are related to ListMultiRegionAccessPoint:

Parameter Syntax

$result = $client->listMultiRegionAccessPoints([
    'AccountId' => '<string>', // REQUIRED
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID for the owner of the Multi-Region Access Point.

MaxResults

: Type: int

Not currently used. Do not use this parameter.

NextToken

: Type: string

Not currently used. Do not use this parameter.

Result Syntax

[
    'AccessPoints' => [
        [
            'Alias' => '<string>',
            'CreatedAt' => <DateTime>,
            'Name' => '<string>',
            'PublicAccessBlock' => [
                'BlockPublicAcls' => true || false,
                'BlockPublicPolicy' => true || false,
                'IgnorePublicAcls' => true || false,
                'RestrictPublicBuckets' => true || false,
            ],
            'Regions' => [
                [
                    'Bucket' => '<string>',
                    'BucketAccountId' => '<string>',
                    'Region' => '<string>',
                ],
                // ...
            ],
            'Status' => 'READY|INCONSISTENT_ACROSS_REGIONS|CREATING|PARTIALLY_CREATED|PARTIALLY_DELETED|DELETING',
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members

AccessPoints

: Type: Array of MultiRegionAccessPointReport structures

The list of Multi-Region Access Points associated with the user.

NextToken

: Type: string

If the specified bucket has more Multi-Region Access Points than can be returned in one call to this action, this field contains a continuation token. You can use this token tin subsequent calls to this action to retrieve additional Multi-Region Access Points.

Errors

There are no errors described for this operation.

ListRegionalBuckets

$result = $client->listRegionalBuckets([/* ... */]);
$promise = $client->listRegionalBucketsAsync([/* ... */]);

This operation is not supported by directory buckets.

Returns a list of all Outposts buckets in an Outpost that are owned by the authenticated sender of the request. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.

For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and x-amz-outpost-id in your request, see the Examples section.

Parameter Syntax

$result = $client->listRegionalBuckets([
    'AccountId' => '<string>', // REQUIRED
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'OutpostId' => '<string>',
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID of the Outposts bucket.

MaxResults

: Type: int

NextToken

: Type: string

OutpostId

: Type: string

The ID of the Outposts resource.

This ID is required by Amazon S3 on Outposts buckets.

Result Syntax

[
    'NextToken' => '<string>',
    'RegionalBucketList' => [
        [
            'Bucket' => '<string>',
            'BucketArn' => '<string>',
            'CreationDate' => <DateTime>,
            'OutpostId' => '<string>',
            'PublicAccessBlockEnabled' => true || false,
        ],
        // ...
    ],
]

Result Details

Members

NextToken

: Type: string

NextToken is sent when isTruncated is true, which means there are more buckets that can be listed. The next list requests to Amazon S3 can be continued with this NextToken. NextToken is obfuscated and is not a real key.

RegionalBucketList

: Type: Array of RegionalBucket structures

Errors

There are no errors described for this operation.

ListStorageLensConfigurations

$result = $client->listStorageLensConfigurations([/* ... */]);
$promise = $client->listStorageLensConfigurationsAsync([/* ... */]);

This operation is not supported by directory buckets.

Gets a list of Amazon S3 Storage Lens configurations. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon S3 User Guide.

To use this action, you must have permission to perform the s3:ListStorageLensConfigurations action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide.

Parameter Syntax

$result = $client->listStorageLensConfigurations([
    'AccountId' => '<string>', // REQUIRED
    'NextToken' => '<string>',
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The account ID of the requester.

NextToken

: Type: string

A pagination token to request the next page of results.

Result Syntax

[
    'NextToken' => '<string>',
    'StorageLensConfigurationList' => [
        [
            'HomeRegion' => '<string>',
            'Id' => '<string>',
            'IsEnabled' => true || false,
            'StorageLensArn' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members

NextToken

: Type: string

If the request produced more than the maximum number of S3 Storage Lens configuration results, you can pass this value into a subsequent request to retrieve the next page of results.

StorageLensConfigurationList

: Type: Array of ListStorageLensConfigurationEntry structures

A list of S3 Storage Lens configurations.

Errors

There are no errors described for this operation.

ListStorageLensGroups

$result = $client->listStorageLensGroups([/* ... */]);
$promise = $client->listStorageLensGroupsAsync([/* ... */]);

Lists all the Storage Lens groups in the specified home Region.

To use this operation, you must have the permission to perform the s3:ListStorageLensGroups action. For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups.

For information about Storage Lens groups errors, see List of Amazon S3 Storage Lens error codes.

Parameter Syntax

$result = $client->listStorageLensGroups([
    'AccountId' => '<string>', // REQUIRED
    'NextToken' => '<string>',
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID that owns the Storage Lens groups.

NextToken

: Type: string

The token for the next set of results, or null if there are no more results.

Result Syntax

[
    'NextToken' => '<string>',
    'StorageLensGroupList' => [
        [
            'HomeRegion' => '<string>',
            'Name' => '<string>',
            'StorageLensGroupArn' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members

NextToken

: Type: string

If NextToken is returned, there are more Storage Lens groups results available. The value of NextToken is a unique pagination token for each page. Make the call again using the returned token to retrieve the next page. Keep all other arguments unchanged. Each pagination token expires after 24 hours.

StorageLensGroupList

: Type: Array of ListStorageLensGroupEntry structures

The list of Storage Lens groups that exist in the specified home Region.

Errors

There are no errors described for this operation.

ListTagsForResource

$result = $client->listTagsForResource([/* ... */]);
$promise = $client->listTagsForResourceAsync([/* ... */]);

This operation allows you to list all the Amazon Web Services resource tags for a specified resource. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources.

Permissions: You must have the s3:ListTagsForResource permission to use this operation.

This operation is only supported for S3 Storage Lens groups and for S3 Access Grants. The tagged resource can be an S3 Storage Lens group or S3 Access Grants instance, registered location, or grant.

For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups.

For information about S3 Tagging errors, see List of Amazon S3 Tagging error codes.

Parameter Syntax

$result = $client->listTagsForResource([
    'AccountId' => '<string>', // REQUIRED
    'ResourceArn' => '<string>', // REQUIRED
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID of the resource owner.

ResourceArn

: Required: Yes
: Type: string

The Amazon Resource Name (ARN) of the S3 resource that you want to list the tags for. The tagged resource can be an S3 Storage Lens group or S3 Access Grants instance, registered location, or grant.

Result Syntax

[
    'Tags' => [
        [
            'Key' => '<string>',
            'Value' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members

Tags

: Type: Array of Tag structures

The Amazon Web Services resource tags that are associated with the resource.

Errors

There are no errors described for this operation.

PutAccessGrantsInstanceResourcePolicy

$result = $client->putAccessGrantsInstanceResourcePolicy([/* ... */]);
$promise = $client->putAccessGrantsInstanceResourcePolicyAsync([/* ... */]);

Updates the resource policy of the S3 Access Grants instance.

Permissions: You must have the s3:PutAccessGrantsInstanceResourcePolicy permission to use this operation.

Parameter Syntax

$result = $client->putAccessGrantsInstanceResourcePolicy([
    'AccountId' => '<string>', // REQUIRED
    'Organization' => '<string>',
    'Policy' => '<string>', // REQUIRED
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID of the S3 Access Grants instance.

Organization

: Type: string

The Organization of the resource policy of the S3 Access Grants instance.

Policy

: Required: Yes
: Type: string

The resource policy of the S3 Access Grants instance that you are updating.

Result Syntax

[
    'CreatedAt' => <DateTime>,
    'Organization' => '<string>',
    'Policy' => '<string>',
]

Result Details

Members

CreatedAt

: Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time when you created the S3 Access Grants instance resource policy.

Organization

: Type: string

The Organization of the resource policy of the S3 Access Grants instance.

Policy

: Type: string

The updated resource policy of the S3 Access Grants instance.

Errors

There are no errors described for this operation.

PutAccessPointConfigurationForObjectLambda

$result = $client->putAccessPointConfigurationForObjectLambda([/* ... */]);
$promise = $client->putAccessPointConfigurationForObjectLambdaAsync([/* ... */]);

This operation is not supported by directory buckets.

Replaces configuration for an Object Lambda Access Point.

The following actions are related to PutAccessPointConfigurationForObjectLambda:

GetAccessPointConfigurationForObjectLambda

Parameter Syntax

$result = $client->putAccessPointConfigurationForObjectLambda([
    'AccountId' => '<string>', // REQUIRED
    'Configuration' => [ // REQUIRED
        'AllowedFeatures' => ['<string>', ...],
        'CloudWatchMetricsEnabled' => true || false,
        'SupportingAccessPoint' => '<string>', // REQUIRED
        'TransformationConfigurations' => [ // REQUIRED
            [
                'Actions' => ['<string>', ...], // REQUIRED
                'ContentTransformation' => [ // REQUIRED
                    'AwsLambda' => [
                        'FunctionArn' => '<string>', // REQUIRED
                        'FunctionPayload' => '<string>',
                    ],
                ],
            ],
            // ...
        ],
    ],
    'Name' => '<string>', // REQUIRED
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The account ID for the account that owns the specified Object Lambda Access Point.

Configuration

: Required: Yes
: Type: ObjectLambdaConfiguration structure

Object Lambda Access Point configuration document.

Name

: Required: Yes
: Type: string

The name of the Object Lambda Access Point.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

PutAccessPointPolicy

$result = $client->putAccessPointPolicy([/* ... */]);
$promise = $client->putAccessPointPolicyAsync([/* ... */]);

This operation is not supported by directory buckets.

Associates an access policy with the specified access point. Each access point can have only one policy, so a request made to this API replaces any existing policy associated with the specified access point.

The following actions are related to PutAccessPointPolicy:

Parameter Syntax

$result = $client->putAccessPointPolicy([
    'AccountId' => '<string>', // REQUIRED
    'Name' => '<string>', // REQUIRED
    'Policy' => '<string>', // REQUIRED
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID for owner of the bucket associated with the specified access point.

Name

: Required: Yes
: Type: string

The name of the access point that you want to associate with the specified policy.

For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

Policy

: Required: Yes
: Type: string

The policy that you want to apply to the specified access point. For more information about access point policies, see Managing data access with Amazon S3 access points in the Amazon S3 User Guide.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

PutAccessPointPolicyForObjectLambda

$result = $client->putAccessPointPolicyForObjectLambda([/* ... */]);
$promise = $client->putAccessPointPolicyForObjectLambdaAsync([/* ... */]);

This operation is not supported by directory buckets.

Creates or replaces resource policy for an Object Lambda Access Point. For an example policy, see Creating Object Lambda Access Points in the Amazon S3 User Guide.

The following actions are related to PutAccessPointPolicyForObjectLambda:

Parameter Syntax

$result = $client->putAccessPointPolicyForObjectLambda([
    'AccountId' => '<string>', // REQUIRED
    'Name' => '<string>', // REQUIRED
    'Policy' => '<string>', // REQUIRED
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The account ID for the account that owns the specified Object Lambda Access Point.

Name

: Required: Yes
: Type: string

The name of the Object Lambda Access Point.

Policy

: Required: Yes
: Type: string

Object Lambda Access Point resource policy document.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

PutBucketLifecycleConfiguration

$result = $client->putBucketLifecycleConfiguration([/* ... */]);
$promise = $client->putBucketLifecycleConfigurationAsync([/* ... */]);

This action puts a lifecycle configuration to an Amazon S3 on Outposts bucket. To put a lifecycle configuration to an S3 bucket, see PutBucketLifecycleConfiguration in the Amazon S3 API Reference.

Creates a new lifecycle configuration for the S3 on Outposts bucket or replaces an existing lifecycle configuration. Outposts buckets only support lifecycle configurations that delete/expire objects after a certain period of time and abort incomplete multipart uploads.

The following actions are related to PutBucketLifecycleConfiguration:

Parameter Syntax

$result = $client->putBucketLifecycleConfiguration([
    'AccountId' => '<string>', // REQUIRED
    'Bucket' => '<string>', // REQUIRED
    'LifecycleConfiguration' => [
        'Rules' => [
            [
                'AbortIncompleteMultipartUpload' => [
                    'DaysAfterInitiation' => <integer>,
                ],
                'Expiration' => [
                    'Date' => <integer || string || DateTime>,
                    'Days' => <integer>,
                    'ExpiredObjectDeleteMarker' => true || false,
                ],
                'Filter' => [
                    'And' => [
                        'ObjectSizeGreaterThan' => <integer>,
                        'ObjectSizeLessThan' => <integer>,
                        'Prefix' => '<string>',
                        'Tags' => [
                            [
                                'Key' => '<string>', // REQUIRED
                                'Value' => '<string>', // REQUIRED
                            ],
                            // ...
                        ],
                    ],
                    'ObjectSizeGreaterThan' => <integer>,
                    'ObjectSizeLessThan' => <integer>,
                    'Prefix' => '<string>',
                    'Tag' => [
                        'Key' => '<string>', // REQUIRED
                        'Value' => '<string>', // REQUIRED
                    ],
                ],
                'ID' => '<string>',
                'NoncurrentVersionExpiration' => [
                    'NewerNoncurrentVersions' => <integer>,
                    'NoncurrentDays' => <integer>,
                ],
                'NoncurrentVersionTransitions' => [
                    [
                        'NoncurrentDays' => <integer>,
                        'StorageClass' => 'GLACIER|STANDARD_IA|ONEZONE_IA|INTELLIGENT_TIERING|DEEP_ARCHIVE',
                    ],
                    // ...
                ],
                'Status' => 'Enabled|Disabled', // REQUIRED
                'Transitions' => [
                    [
                        'Date' => <integer || string || DateTime>,
                        'Days' => <integer>,
                        'StorageClass' => 'GLACIER|STANDARD_IA|ONEZONE_IA|INTELLIGENT_TIERING|DEEP_ARCHIVE',
                    ],
                    // ...
                ],
            ],
            // ...
        ],
    ],
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID of the Outposts bucket.

Bucket

: Required: Yes
: Type: string

The name of the bucket for which to set the configuration.

LifecycleConfiguration

: Type: LifecycleConfiguration structure

Container for lifecycle rules. You can add as many as 1,000 rules.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

PutBucketPolicy

$result = $client->putBucketPolicy([/* ... */]);
$promise = $client->putBucketPolicyAsync([/* ... */]);

This action puts a bucket policy to an Amazon S3 on Outposts bucket. To put a policy on an S3 bucket, see PutBucketPolicy in the Amazon S3 API Reference.

Applies an Amazon S3 bucket policy to an Outposts bucket. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.

If you are using an identity other than the root user of the Amazon Web Services account that owns the Outposts bucket, the calling identity must have the PutBucketPolicy permissions on the specified Outposts bucket and belong to the bucket owner's account in order to use this action.

If you don't have PutBucketPolicy permissions, Amazon S3 returns a 403 Access Denied error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 405 Method Not Allowed error.

For more information about bucket policies, see Using Bucket Policies and User Policies.

The following actions are related to PutBucketPolicy:

Parameter Syntax

$result = $client->putBucketPolicy([
    'AccountId' => '<string>', // REQUIRED
    'Bucket' => '<string>', // REQUIRED
    'ConfirmRemoveSelfBucketAccess' => true || false,
    'Policy' => '<string>', // REQUIRED
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID of the Outposts bucket.

Bucket

: Required: Yes
: Type: string

Specifies the bucket.

For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

ConfirmRemoveSelfBucketAccess

: Type: boolean

Set this parameter to true to confirm that you want to remove your permissions to change this bucket policy in the future.

This is not supported by Amazon S3 on Outposts buckets.

Policy

: Required: Yes
: Type: string

The bucket policy as a JSON document.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

PutBucketReplication

$result = $client->putBucketReplication([/* ... */]);
$promise = $client->putBucketReplicationAsync([/* ... */]);

This action creates an Amazon S3 on Outposts bucket's replication configuration. To create an S3 bucket's replication configuration, see PutBucketReplication in the Amazon S3 API Reference.

Creates a replication configuration or replaces an existing one. For information about S3 replication on Outposts configuration, see Replicating objects for S3 on Outposts in the Amazon S3 User Guide.

Specify the replication configuration in the request body. In the replication configuration, you provide the following information:

The name of the destination bucket or buckets where you want S3 on Outposts to replicate objects
The Identity and Access Management (IAM) role that S3 on Outposts can assume to replicate objects on your behalf
Other relevant information, such as replication rules

A replication configuration must include at least one rule and can contain a maximum of 100. Each rule identifies a subset of objects to replicate by filtering the objects in the source Outposts bucket. To choose additional subsets of objects to replicate, add a rule for each subset.

To specify a subset of the objects in the source Outposts bucket to apply a replication rule to, add the Filter element as a child of the Rule element. You can filter objects based on an object key prefix, one or more object tags, or both. When you add the Filter element in the configuration, you must also add the following elements: DeleteMarkerReplication, Status, and Priority.

Using PutBucketReplication on Outposts requires that both the source and destination buckets must have versioning enabled. For information about enabling versioning on a bucket, see Managing S3 Versioning for your S3 on Outposts bucket.

For information about S3 on Outposts replication failure reasons, see Replication failure reasons in the Amazon S3 User Guide.

Handling Replication of Encrypted Objects

Outposts buckets are encrypted at all times. All the objects in the source Outposts bucket are encrypted and can be replicated. Also, all the replicas in the destination Outposts bucket are encrypted with the same encryption key as the objects in the source Outposts bucket.

Permissions

To create a PutBucketReplication request, you must have s3-outposts:PutReplicationConfiguration permissions for the bucket. The Outposts bucket owner has this permission by default and can grant it to others. For more information about permissions, see Setting up IAM with S3 on Outposts and Managing access to S3 on Outposts buckets.

To perform this operation, the user or role must also have the iam:CreateRole and iam:PassRole permissions. For more information, see Granting a user permissions to pass a role to an Amazon Web Services service.

The following operations are related to PutBucketReplication:

Parameter Syntax

$result = $client->putBucketReplication([
    'AccountId' => '<string>', // REQUIRED
    'Bucket' => '<string>', // REQUIRED
    'ReplicationConfiguration' => [ // REQUIRED
        'Role' => '<string>', // REQUIRED
        'Rules' => [ // REQUIRED
            [
                'Bucket' => '<string>', // REQUIRED
                'DeleteMarkerReplication' => [
                    'Status' => 'Enabled|Disabled', // REQUIRED
                ],
                'Destination' => [ // REQUIRED
                    'AccessControlTranslation' => [
                        'Owner' => 'Destination', // REQUIRED
                    ],
                    'Account' => '<string>',
                    'Bucket' => '<string>', // REQUIRED
                    'EncryptionConfiguration' => [
                        'ReplicaKmsKeyID' => '<string>',
                    ],
                    'Metrics' => [
                        'EventThreshold' => [
                            'Minutes' => <integer>,
                        ],
                        'Status' => 'Enabled|Disabled', // REQUIRED
                    ],
                    'ReplicationTime' => [
                        'Status' => 'Enabled|Disabled', // REQUIRED
                        'Time' => [ // REQUIRED
                            'Minutes' => <integer>,
                        ],
                    ],
                    'StorageClass' => 'STANDARD|REDUCED_REDUNDANCY|STANDARD_IA|ONEZONE_IA|INTELLIGENT_TIERING|GLACIER|DEEP_ARCHIVE|OUTPOSTS|GLACIER_IR',
                ],
                'ExistingObjectReplication' => [
                    'Status' => 'Enabled|Disabled', // REQUIRED
                ],
                'Filter' => [
                    'And' => [
                        'Prefix' => '<string>',
                        'Tags' => [
                            [
                                'Key' => '<string>', // REQUIRED
                                'Value' => '<string>', // REQUIRED
                            ],
                            // ...
                        ],
                    ],
                    'Prefix' => '<string>',
                    'Tag' => [
                        'Key' => '<string>', // REQUIRED
                        'Value' => '<string>', // REQUIRED
                    ],
                ],
                'ID' => '<string>',
                'Prefix' => '<string>',
                'Priority' => <integer>,
                'SourceSelectionCriteria' => [
                    'ReplicaModifications' => [
                        'Status' => 'Enabled|Disabled', // REQUIRED
                    ],
                    'SseKmsEncryptedObjects' => [
                        'Status' => 'Enabled|Disabled', // REQUIRED
                    ],
                ],
                'Status' => 'Enabled|Disabled', // REQUIRED
            ],
            // ...
        ],
    ],
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID of the Outposts bucket.

Bucket

: Required: Yes
: Type: string

Specifies the S3 on Outposts bucket to set the configuration for.

For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

ReplicationConfiguration

: Required: Yes
: Type: ReplicationConfiguration structure

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

PutBucketTagging

$result = $client->putBucketTagging([/* ... */]);
$promise = $client->putBucketTaggingAsync([/* ... */]);

This action puts tags on an Amazon S3 on Outposts bucket. To put tags on an S3 bucket, see PutBucketTagging in the Amazon S3 API Reference.

Sets the tags for an S3 on Outposts bucket. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.

Use tags to organize your Amazon Web Services bill to reflect your own cost structure. To do this, sign up to get your Amazon Web Services account bill with tag key values included. Then, to see the cost of combined resources, organize your billing information according to resources with the same tag key values. For example, you can tag several resources with a specific application name, and then organize your billing information to see the total cost of that application across several services. For more information, see Cost allocation and tagging.

Within a bucket, if you add a tag that has the same key as an existing tag, the new value overwrites the old value. For more information, see Using cost allocation in Amazon S3 bucket tags.

To use this action, you must have permissions to perform the s3-outposts:PutBucketTagging action. The Outposts bucket owner has this permission by default and can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing access permissions to your Amazon S3 resources.

PutBucketTagging has the following special errors:

Error code: InvalidTagError
- Description: The tag provided was not a valid tag. This error can occur if the tag did not pass input validation. For information about tag restrictions, see User-Defined Tag Restrictions and Amazon Web Services-Generated Cost Allocation Tag Restrictions.
Error code: MalformedXMLError
- Description: The XML provided does not match the schema.
Error code: OperationAbortedError
- Description: A conflicting conditional action is currently in progress against this resource. Try again.
Error code: InternalError
- Description: The service was unable to apply the provided tag to the bucket.

The following actions are related to PutBucketTagging:

Parameter Syntax

$result = $client->putBucketTagging([
    'AccountId' => '<string>', // REQUIRED
    'Bucket' => '<string>', // REQUIRED
    'Tagging' => [ // REQUIRED
        'TagSet' => [ // REQUIRED
            [
                'Key' => '<string>', // REQUIRED
                'Value' => '<string>', // REQUIRED
            ],
            // ...
        ],
    ],
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID of the Outposts bucket.

Bucket

: Required: Yes
: Type: string

The Amazon Resource Name (ARN) of the bucket.

For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

Tagging

: Required: Yes
: Type: Tagging structure

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

PutBucketVersioning

$result = $client->putBucketVersioning([/* ... */]);
$promise = $client->putBucketVersioningAsync([/* ... */]);

This operation sets the versioning state for S3 on Outposts buckets only. To set the versioning state for an S3 bucket, see PutBucketVersioning in the Amazon S3 API Reference.

Sets the versioning state for an S3 on Outposts bucket. With S3 Versioning, you can save multiple distinct copies of your objects and recover from unintended user actions and application failures.

You can set the versioning state to one of the following:

Enabled - Enables versioning for the objects in the bucket. All objects added to the bucket receive a unique version ID.
Suspended - Suspends versioning for the objects in the bucket. All objects added to the bucket receive the version ID null.

If you've never set versioning on your bucket, it has no versioning state. In that case, a GetBucketVersioning request does not return a versioning state value.

When you enable S3 Versioning, for each object in your bucket, you have a current version and zero or more noncurrent versions. You can configure your bucket S3 Lifecycle rules to expire noncurrent versions after a specified time period. For more information, see Creating and managing a lifecycle configuration for your S3 on Outposts bucket in the Amazon S3 User Guide.

If you have an object expiration lifecycle configuration in your non-versioned bucket and you want to maintain the same permanent delete behavior when you enable versioning, you must add a noncurrent expiration policy. The noncurrent expiration lifecycle configuration will manage the deletes of the noncurrent object versions in the version-enabled bucket. For more information, see Versioning in the Amazon S3 User Guide.

The following operations are related to PutBucketVersioning for S3 on Outposts.

Parameter Syntax

$result = $client->putBucketVersioning([
    'AccountId' => '<string>', // REQUIRED
    'Bucket' => '<string>', // REQUIRED
    'MFA' => '<string>',
    'VersioningConfiguration' => [ // REQUIRED
        'MFADelete' => 'Enabled|Disabled',
        'Status' => 'Enabled|Suspended',
    ],
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID of the S3 on Outposts bucket.

Bucket

: Required: Yes
: Type: string

The S3 on Outposts bucket to set the versioning state for.

MFA

: Type: string

The concatenation of the authentication device's serial number, a space, and the value that is displayed on your authentication device.

VersioningConfiguration

: Required: Yes
: Type: VersioningConfiguration structure

The root-level tag for the VersioningConfiguration parameters.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

PutJobTagging

$result = $client->putJobTagging([/* ... */]);
$promise = $client->putJobTaggingAsync([/* ... */]);

Sets the supplied tag-set on an S3 Batch Operations job.

A tag is a key-value pair. You can associate S3 Batch Operations tags with any job by sending a PUT request against the tagging subresource that is associated with the job. To modify the existing tag set, you can either replace the existing tag set entirely, or make changes within the existing tag set by retrieving the existing tag set using GetJobTagging, modify that tag set, and use this operation to replace the tag set with the one you modified. For more information, see Controlling access and labeling jobs using tags in the Amazon S3 User Guide.

If you send this request with an empty tag set, Amazon S3 deletes the existing tag set on the Batch Operations job. If you use this method, you are charged for a Tier 1 Request (PUT). For more information, see Amazon S3 pricing.
For deleting existing tags for your Batch Operations job, a DeleteJobTagging request is preferred because it achieves the same result without incurring charges.
A few things to consider about using tags:
- Amazon S3 limits the maximum number of tags to 50 tags per job.
- You can associate up to 50 tags with a job as long as they have unique tag keys.
- A tag key can be up to 128 Unicode characters in length, and tag values can be up to 256 Unicode characters in length.
- The key and values are case sensitive.
- For tagging-related restrictions related to characters and encodings, see User-Defined Tag Restrictions in the Billing and Cost Management User Guide.

Permissions: To use the PutJobTagging operation, you must have permission to perform the s3:PutJobTagging action.

Related actions include:

Parameter Syntax

$result = $client->putJobTagging([
    'AccountId' => '<string>', // REQUIRED
    'JobId' => '<string>', // REQUIRED
    'Tags' => [ // REQUIRED
        [
            'Key' => '<string>', // REQUIRED
            'Value' => '<string>', // REQUIRED
        ],
        // ...
    ],
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID associated with the S3 Batch Operations job.

JobId

: Required: Yes
: Type: string

The ID for the S3 Batch Operations job whose tags you want to replace.

Tags

: Required: Yes
: Type: Array of S3Tag structures

The set of tags to associate with the S3 Batch Operations job.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InternalServiceException:
TooManyRequestsException:
NotFoundException:
TooManyTagsException:: Amazon S3 throws this exception if you have too many tags in your tag set.

PutMultiRegionAccessPointPolicy

$result = $client->putMultiRegionAccessPointPolicy([/* ... */]);
$promise = $client->putMultiRegionAccessPointPolicyAsync([/* ... */]);

This operation is not supported by directory buckets.

Associates an access control policy with the specified Multi-Region Access Point. Each Multi-Region Access Point can have only one policy, so a request made to this action replaces any existing policy that is associated with the specified Multi-Region Access Point.

The following actions are related to PutMultiRegionAccessPointPolicy:

Parameter Syntax

$result = $client->putMultiRegionAccessPointPolicy([
    'AccountId' => '<string>', // REQUIRED
    'ClientToken' => '<string>', // REQUIRED
    'Details' => [ // REQUIRED
        'Name' => '<string>', // REQUIRED
        'Policy' => '<string>', // REQUIRED
    ],
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID for the owner of the Multi-Region Access Point.

ClientToken

: Required: Yes
: Type: string

An idempotency token used to identify the request and guarantee that requests are unique.

Details

: Required: Yes
: Type: PutMultiRegionAccessPointPolicyInput structure

A container element containing the details of the policy for the Multi-Region Access Point.

Result Syntax

[
    'RequestTokenARN' => '<string>',
]

Result Details

Members

RequestTokenARN

: Type: string

The request token associated with the request. You can use this token with DescribeMultiRegionAccessPointOperation to determine the status of asynchronous requests.

Errors

There are no errors described for this operation.

PutPublicAccessBlock

$result = $client->putPublicAccessBlock([/* ... */]);
$promise = $client->putPublicAccessBlockAsync([/* ... */]);

This operation is not supported by directory buckets.

Creates or modifies the PublicAccessBlock configuration for an Amazon Web Services account. For this operation, users must have the s3:PutAccountPublicAccessBlock permission. For more information, see Using Amazon S3 block public access.

Related actions include:

Parameter Syntax

$result = $client->putPublicAccessBlock([
    'AccountId' => '<string>', // REQUIRED
    'PublicAccessBlockConfiguration' => [ // REQUIRED
        'BlockPublicAcls' => true || false,
        'BlockPublicPolicy' => true || false,
        'IgnorePublicAcls' => true || false,
        'RestrictPublicBuckets' => true || false,
    ],
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The account ID for the Amazon Web Services account whose PublicAccessBlock configuration you want to set.

PublicAccessBlockConfiguration

: Required: Yes
: Type: PublicAccessBlockConfiguration structure

The PublicAccessBlock configuration that you want to apply to the specified Amazon Web Services account.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

PutStorageLensConfiguration

$result = $client->putStorageLensConfiguration([/* ... */]);
$promise = $client->putStorageLensConfigurationAsync([/* ... */]);

This operation is not supported by directory buckets.

Puts an Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Working with Amazon S3 Storage Lens in the Amazon S3 User Guide. For a complete list of S3 Storage Lens metrics, see S3 Storage Lens metrics glossary in the Amazon S3 User Guide.

To use this action, you must have permission to perform the s3:PutStorageLensConfiguration action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide.

Parameter Syntax

$result = $client->putStorageLensConfiguration([
    'AccountId' => '<string>', // REQUIRED
    'ConfigId' => '<string>', // REQUIRED
    'StorageLensConfiguration' => [ // REQUIRED
        'AccountLevel' => [ // REQUIRED
            'ActivityMetrics' => [
                'IsEnabled' => true || false,
            ],
            'AdvancedCostOptimizationMetrics' => [
                'IsEnabled' => true || false,
            ],
            'AdvancedDataProtectionMetrics' => [
                'IsEnabled' => true || false,
            ],
            'BucketLevel' => [ // REQUIRED
                'ActivityMetrics' => [
                    'IsEnabled' => true || false,
                ],
                'AdvancedCostOptimizationMetrics' => [
                    'IsEnabled' => true || false,
                ],
                'AdvancedDataProtectionMetrics' => [
                    'IsEnabled' => true || false,
                ],
                'DetailedStatusCodesMetrics' => [
                    'IsEnabled' => true || false,
                ],
                'PrefixLevel' => [
                    'StorageMetrics' => [ // REQUIRED
                        'IsEnabled' => true || false,
                        'SelectionCriteria' => [
                            'Delimiter' => '<string>',
                            'MaxDepth' => <integer>,
                            'MinStorageBytesPercentage' => <float>,
                        ],
                    ],
                ],
            ],
            'DetailedStatusCodesMetrics' => [
                'IsEnabled' => true || false,
            ],
            'StorageLensGroupLevel' => [
                'SelectionCriteria' => [
                    'Exclude' => ['<string>', ...],
                    'Include' => ['<string>', ...],
                ],
            ],
        ],
        'AwsOrg' => [
            'Arn' => '<string>', // REQUIRED
        ],
        'DataExport' => [
            'CloudWatchMetrics' => [
                'IsEnabled' => true || false, // REQUIRED
            ],
            'S3BucketDestination' => [
                'AccountId' => '<string>', // REQUIRED
                'Arn' => '<string>', // REQUIRED
                'Encryption' => [
                    'SSEKMS' => [
                        'KeyId' => '<string>', // REQUIRED
                    ],
                    'SSES3' => [
                    ],
                ],
                'Format' => 'CSV|Parquet', // REQUIRED
                'OutputSchemaVersion' => 'V_1', // REQUIRED
                'Prefix' => '<string>',
            ],
        ],
        'Exclude' => [
            'Buckets' => ['<string>', ...],
            'Regions' => ['<string>', ...],
        ],
        'Id' => '<string>', // REQUIRED
        'Include' => [
            'Buckets' => ['<string>', ...],
            'Regions' => ['<string>', ...],
        ],
        'IsEnabled' => true || false, // REQUIRED
        'StorageLensArn' => '<string>',
    ],
    'Tags' => [
        [
            'Key' => '<string>', // REQUIRED
            'Value' => '<string>', // REQUIRED
        ],
        // ...
    ],
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The account ID of the requester.

ConfigId

: Required: Yes
: Type: string

The ID of the S3 Storage Lens configuration.

StorageLensConfiguration

: Required: Yes
: Type: StorageLensConfiguration structure

The S3 Storage Lens configuration.

Tags

: Type: Array of StorageLensTag structures

The tag set of the S3 Storage Lens configuration.

You can set up to a maximum of 50 tags.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

PutStorageLensConfigurationTagging

$result = $client->putStorageLensConfigurationTagging([/* ... */]);
$promise = $client->putStorageLensConfigurationTaggingAsync([/* ... */]);

This operation is not supported by directory buckets.

Put or replace tags on an existing Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon S3 User Guide.

To use this action, you must have permission to perform the s3:PutStorageLensConfigurationTagging action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide.

Parameter Syntax

$result = $client->putStorageLensConfigurationTagging([
    'AccountId' => '<string>', // REQUIRED
    'ConfigId' => '<string>', // REQUIRED
    'Tags' => [ // REQUIRED
        [
            'Key' => '<string>', // REQUIRED
            'Value' => '<string>', // REQUIRED
        ],
        // ...
    ],
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The account ID of the requester.

ConfigId

: Required: Yes
: Type: string

The ID of the S3 Storage Lens configuration.

Tags

: Required: Yes
: Type: Array of StorageLensTag structures

The tag set of the S3 Storage Lens configuration.

You can set up to a maximum of 50 tags.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

SubmitMultiRegionAccessPointRoutes

$result = $client->submitMultiRegionAccessPointRoutes([/* ... */]);
$promise = $client->submitMultiRegionAccessPointRoutesAsync([/* ... */]);

This operation is not supported by directory buckets.

Submits an updated route configuration for a Multi-Region Access Point. This API operation updates the routing status for the specified Regions from active to passive, or from passive to active. A value of 0 indicates a passive status, which means that traffic won't be routed to the specified Region. A value of 100 indicates an active status, which means that traffic will be routed to the specified Region. At least one Region must be active at all times.

When the routing configuration is changed, any in-progress operations (uploads, copies, deletes, and so on) to formerly active Regions will continue to run to their final completion state (success or failure). The routing configurations of any Regions that aren’t specified remain unchanged.

Updated routing configurations might not be immediately applied. It can take up to 2 minutes for your changes to take effect.

To submit routing control changes and failover requests, use the Amazon S3 failover control infrastructure endpoints in these five Amazon Web Services Regions:

us-east-1
us-west-2
ap-southeast-2
ap-northeast-1
eu-west-1

Parameter Syntax

$result = $client->submitMultiRegionAccessPointRoutes([
    'AccountId' => '<string>', // REQUIRED
    'Mrap' => '<string>', // REQUIRED
    'RouteUpdates' => [ // REQUIRED
        [
            'Bucket' => '<string>',
            'Region' => '<string>',
            'TrafficDialPercentage' => <integer>, // REQUIRED
        ],
        // ...
    ],
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID for the owner of the Multi-Region Access Point.

Mrap

: Required: Yes
: Type: string

The Multi-Region Access Point ARN.

RouteUpdates

: Required: Yes
: Type: Array of MultiRegionAccessPointRoute structures

The different routes that make up the new route configuration. Active routes return a value of 100, and passive routes return a value of 0.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

TagResource

$result = $client->tagResource([/* ... */]);
$promise = $client->tagResourceAsync([/* ... */]);

Creates a new Amazon Web Services resource tag or updates an existing resource tag. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources. You can add up to 50 Amazon Web Services resource tags for each S3 resource.

This operation is only supported for S3 Storage Lens groups and for S3 Access Grants. The tagged resource can be an S3 Storage Lens group or S3 Access Grants instance, registered location, or grant.

Permissions: You must have the s3:TagResource permission to use this operation.

For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups.

For information about S3 Tagging errors, see List of Amazon S3 Tagging error codes.

Parameter Syntax

$result = $client->tagResource([
    'AccountId' => '<string>', // REQUIRED
    'ResourceArn' => '<string>', // REQUIRED
    'Tags' => [ // REQUIRED
        [
            'Key' => '<string>', // REQUIRED
            'Value' => '<string>', // REQUIRED
        ],
        // ...
    ],
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID that created the S3 resource that you're trying to add tags to or the requester's account ID.

ResourceArn

: Required: Yes
: Type: string

The Amazon Resource Name (ARN) of the S3 resource that you're trying to add tags to. The tagged resource can be an S3 Storage Lens group or S3 Access Grants instance, registered location, or grant.

Tags

: Required: Yes
: Type: Array of Tag structures

The Amazon Web Services resource tags that you want to add to the specified S3 resource.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

UntagResource

$result = $client->untagResource([/* ... */]);
$promise = $client->untagResourceAsync([/* ... */]);

This operation removes the specified Amazon Web Services resource tags from an S3 resource. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources.

This operation is only supported for S3 Storage Lens groups and for S3 Access Grants. The tagged resource can be an S3 Storage Lens group or S3 Access Grants instance, registered location, or grant.

Permissions: You must have the s3:UntagResource permission to use this operation.

For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups.

For information about S3 Tagging errors, see List of Amazon S3 Tagging error codes.

Parameter Syntax

$result = $client->untagResource([
    'AccountId' => '<string>', // REQUIRED
    'ResourceArn' => '<string>', // REQUIRED
    'TagKeys' => ['<string>', ...], // REQUIRED
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID that owns the resource that you're trying to remove the tags from.

ResourceArn

: Required: Yes
: Type: string

The Amazon Resource Name (ARN) of the S3 resource that you're trying to remove the tags from.

TagKeys

: Required: Yes
: Type: Array of strings

The array of tag key-value pairs that you're trying to remove from of the S3 resource.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

UpdateAccessGrantsLocation

$result = $client->updateAccessGrantsLocation([/* ... */]);
$promise = $client->updateAccessGrantsLocationAsync([/* ... */]);

Updates the IAM role of a registered location in your S3 Access Grants instance.

Permissions: You must have the s3:UpdateAccessGrantsLocation permission to use this operation.
Additional Permissions: You must also have the following permission: iam:PassRole

Parameter Syntax

$result = $client->updateAccessGrantsLocation([
    'AccessGrantsLocationId' => '<string>', // REQUIRED
    'AccountId' => '<string>', // REQUIRED
    'IAMRoleArn' => '<string>', // REQUIRED
]);

Parameter Details

Members

AccessGrantsLocationId

: Required: Yes
: Type: string

The ID of the registered location that you are updating. S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID default to the default location s3:// and assigns an auto-generated ID to other locations that you register.

The ID of the registered location to which you are granting access. S3 Access Grants assigned this ID when you registered the location. S3 Access Grants assigns the ID default to the default location s3:// and assigns an auto-generated ID to other locations that you register.

If you are passing the default location, you cannot create an access grant for the entire default location. You must also specify a bucket or a bucket and prefix in the Subprefix field.

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID of the S3 Access Grants instance.

IAMRoleArn

: Required: Yes
: Type: string

The Amazon Resource Name (ARN) of the IAM role for the registered location. S3 Access Grants assumes this role to manage access to the registered location.

Result Syntax

[
    'AccessGrantsLocationArn' => '<string>',
    'AccessGrantsLocationId' => '<string>',
    'CreatedAt' => <DateTime>,
    'IAMRoleArn' => '<string>',
    'LocationScope' => '<string>',
]

Result Details

Members

AccessGrantsLocationArn

: Type: string

The Amazon Resource Name (ARN) of the registered location that you are updating.

AccessGrantsLocationId

: Type: string

CreatedAt

: Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time when you registered the location.

IAMRoleArn

: Type: string

The Amazon Resource Name (ARN) of the IAM role of the registered location. S3 Access Grants assumes this role to manage access to the registered location.

LocationScope

: Type: string

The S3 URI path of the location that you are updating. You cannot update the scope of the registered location. The location scope can be the default S3 location s3://, the S3 path to a bucket s3://<bucket>, or the S3 path to a bucket and prefix s3://<bucket>/<prefix>.

Errors

There are no errors described for this operation.

UpdateJobPriority

$result = $client->updateJobPriority([/* ... */]);
$promise = $client->updateJobPriorityAsync([/* ... */]);

Updates an existing S3 Batch Operations job's priority. For more information, see S3 Batch Operations in the Amazon S3 User Guide.

Permissions: To use the UpdateJobPriority operation, you must have permission to perform the s3:UpdateJobPriority action.

Related actions include:

Parameter Syntax

$result = $client->updateJobPriority([
    'AccountId' => '<string>', // REQUIRED
    'JobId' => '<string>', // REQUIRED
    'Priority' => <integer>, // REQUIRED
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID associated with the S3 Batch Operations job.

JobId

: Required: Yes
: Type: string

The ID for the job whose priority you want to update.

Priority

: Required: Yes
: Type: int

The priority you want to assign to this job.

Result Syntax

[
    'JobId' => '<string>',
    'Priority' => <integer>,
]

Result Details

Members

JobId

: Required: Yes
: Type: string

The ID for the job whose priority Amazon S3 updated.

Priority

: Required: Yes
: Type: int

The new priority assigned to the specified job.

Errors

BadRequestException:
TooManyRequestsException:
NotFoundException:
InternalServiceException:

UpdateJobStatus

$result = $client->updateJobStatus([/* ... */]);
$promise = $client->updateJobStatusAsync([/* ... */]);

Updates the status for the specified job. Use this operation to confirm that you want to run a job or to cancel an existing job. For more information, see S3 Batch Operations in the Amazon S3 User Guide.

Permissions: To use the UpdateJobStatus operation, you must have permission to perform the s3:UpdateJobStatus action.

Related actions include:

Parameter Syntax

$result = $client->updateJobStatus([
    'AccountId' => '<string>', // REQUIRED
    'JobId' => '<string>', // REQUIRED
    'RequestedJobStatus' => 'Cancelled|Ready', // REQUIRED
    'StatusUpdateReason' => '<string>',
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID associated with the S3 Batch Operations job.

JobId

: Required: Yes
: Type: string

The ID of the job whose status you want to update.

RequestedJobStatus

: Required: Yes
: Type: string

The status that you want to move the specified job to.

StatusUpdateReason

: Type: string

A description of the reason why you want to change the specified job's status. This field can be any string up to the maximum length.

Result Syntax

[
    'JobId' => '<string>',
    'Status' => 'Active|Cancelled|Cancelling|Complete|Completing|Failed|Failing|New|Paused|Pausing|Preparing|Ready|Suspended',
    'StatusUpdateReason' => '<string>',
]

Result Details

Members

JobId

: Type: string

The ID for the job whose status was updated.

Status

: Type: string

The current status for the specified job.

StatusUpdateReason

: Type: string

The reason that the specified job's status was updated.

Errors

BadRequestException:
TooManyRequestsException:
NotFoundException:
JobStatusException:
InternalServiceException:

UpdateStorageLensGroup

$result = $client->updateStorageLensGroup([/* ... */]);
$promise = $client->updateStorageLensGroupAsync([/* ... */]);

Updates the existing Storage Lens group.

To use this operation, you must have the permission to perform the s3:UpdateStorageLensGroup action. For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups.

For information about Storage Lens groups errors, see List of Amazon S3 Storage Lens error codes.

Parameter Syntax

$result = $client->updateStorageLensGroup([
    'AccountId' => '<string>', // REQUIRED
    'Name' => '<string>', // REQUIRED
    'StorageLensGroup' => [ // REQUIRED
        'Filter' => [ // REQUIRED
            'And' => [
                'MatchAnyPrefix' => ['<string>', ...],
                'MatchAnySuffix' => ['<string>', ...],
                'MatchAnyTag' => [
                    [
                        'Key' => '<string>', // REQUIRED
                        'Value' => '<string>', // REQUIRED
                    ],
                    // ...
                ],
                'MatchObjectAge' => [
                    'DaysGreaterThan' => <integer>,
                    'DaysLessThan' => <integer>,
                ],
                'MatchObjectSize' => [
                    'BytesGreaterThan' => <integer>,
                    'BytesLessThan' => <integer>,
                ],
            ],
            'MatchAnyPrefix' => ['<string>', ...],
            'MatchAnySuffix' => ['<string>', ...],
            'MatchAnyTag' => [
                [
                    'Key' => '<string>', // REQUIRED
                    'Value' => '<string>', // REQUIRED
                ],
                // ...
            ],
            'MatchObjectAge' => [
                'DaysGreaterThan' => <integer>,
                'DaysLessThan' => <integer>,
            ],
            'MatchObjectSize' => [
                'BytesGreaterThan' => <integer>,
                'BytesLessThan' => <integer>,
            ],
            'Or' => [
                'MatchAnyPrefix' => ['<string>', ...],
                'MatchAnySuffix' => ['<string>', ...],
                'MatchAnyTag' => [
                    [
                        'Key' => '<string>', // REQUIRED
                        'Value' => '<string>', // REQUIRED
                    ],
                    // ...
                ],
                'MatchObjectAge' => [
                    'DaysGreaterThan' => <integer>,
                    'DaysLessThan' => <integer>,
                ],
                'MatchObjectSize' => [
                    'BytesGreaterThan' => <integer>,
                    'BytesLessThan' => <integer>,
                ],
            ],
        ],
        'Name' => '<string>', // REQUIRED
        'StorageLensGroupArn' => '<string>',
    ],
]);

Parameter Details

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID of the Storage Lens group owner.

Name

: Required: Yes
: Type: string

The name of the Storage Lens group that you want to update.

StorageLensGroup

: Required: Yes
: Type: StorageLensGroup structure

The JSON file that contains the Storage Lens group configuration.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

Shapes

AbortIncompleteMultipartUpload

Description

The container for abort incomplete multipart upload

Members

DaysAfterInitiation

: Type: int

Specifies the number of days after which Amazon S3 aborts an incomplete multipart upload to the Outposts bucket.

AccessControlTranslation

Description

A container for information about access control for replicas.

This is not supported by Amazon S3 on Outposts buckets.

Members

Owner

: Required: Yes
: Type: string

Specifies the replica ownership.

AccessGrantsLocationConfiguration

Description

The configuration options of the S3 Access Grants location. It contains the S3SubPrefix field. The grant scope, the data to which you are granting access, is the result of appending the Subprefix field to the scope of the registered location.

Members

S3SubPrefix

: Type: string

The S3SubPrefix is appended to the location scope creating the grant scope. Use this field to narrow the scope of the grant to a subset of the location scope. This field is required if the location scope is the default location s3:// because you cannot create a grant for all of your S3 data in the Region and must narrow the scope. For example, if the location scope is the default location s3://, the S3SubPrefx can be a <bucket-name>/*, so the full grant scope path would be s3://<bucket-name>/*. Or the S3SubPrefx can be <bucket-name>/<prefix-name>*, so the full grant scope path would be or s3://<bucket-name>/<prefix-name>*.

If the S3SubPrefix includes a prefix, append the wildcard character * after the prefix to indicate that you want to include all object key names in the bucket that start with that prefix.

AccessPoint

Description

An access point used to access a bucket.

Members

AccessPointArn

: Type: string

The ARN for the access point.

Alias

: Type: string

The name or alias of the access point.

Bucket

: Required: Yes
: Type: string

The name of the bucket associated with this access point.

BucketAccountId

: Type: string

The Amazon Web Services account ID associated with the S3 bucket associated with this access point.

Name

: Required: Yes
: Type: string

The name of this access point.

NetworkOrigin

: Required: Yes
: Type: string

VpcConfiguration

: Type: VpcConfiguration structure

The virtual private cloud (VPC) configuration for this access point, if one exists.

This element is empty if this access point is an Amazon S3 on Outposts access point that is used by other Amazon Web Services services.

AccountLevel

Description

A container element for the account-level Amazon S3 Storage Lens configuration.

For more information about S3 Storage Lens, see Assessing your storage activity and usage with S3 Storage Lens in the Amazon S3 User Guide. For a complete list of S3 Storage Lens metrics, see S3 Storage Lens metrics glossary in the Amazon S3 User Guide.

Members

ActivityMetrics

: Type: ActivityMetrics structure

A container element for S3 Storage Lens activity metrics.

AdvancedCostOptimizationMetrics

: Type: AdvancedCostOptimizationMetrics structure

A container element for S3 Storage Lens advanced cost-optimization metrics.

AdvancedDataProtectionMetrics

: Type: AdvancedDataProtectionMetrics structure

A container element for S3 Storage Lens advanced data-protection metrics.

BucketLevel

: Required: Yes
: Type: BucketLevel structure

A container element for the S3 Storage Lens bucket-level configuration.

DetailedStatusCodesMetrics

: Type: DetailedStatusCodesMetrics structure

A container element for detailed status code metrics.

StorageLensGroupLevel

: Type: StorageLensGroupLevel structure

A container element for S3 Storage Lens groups metrics.

ActivityMetrics

Description

The container element for Amazon S3 Storage Lens activity metrics. Activity metrics show details about how your storage is requested, such as requests (for example, All requests, Get requests, Put requests), bytes uploaded or downloaded, and errors.

Members

IsEnabled

: Type: boolean

A container that indicates whether activity metrics are enabled.

AdvancedCostOptimizationMetrics

Description

The container element for Amazon S3 Storage Lens advanced cost-optimization metrics. Advanced cost-optimization metrics provide insights that you can use to manage and optimize your storage costs, for example, lifecycle rule counts for transitions, expirations, and incomplete multipart uploads.

Members

IsEnabled

: Type: boolean

A container that indicates whether advanced cost-optimization metrics are enabled.

AdvancedDataProtectionMetrics

Description

The container element for Amazon S3 Storage Lens advanced data-protection metrics. Advanced data-protection metrics provide insights that you can use to perform audits and protect your data, for example replication rule counts within and across Regions.

Members

IsEnabled

: Type: boolean

A container that indicates whether advanced data-protection metrics are enabled.

AssociateAccessGrantsIdentityCenterRequest

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID of the S3 Access Grants instance.

IdentityCenterArn

: Required: Yes
: Type: string

AsyncErrorDetails

Description

Error details for the failed asynchronous operation.

Members

Code

: Type: string

A string that uniquely identifies the error condition.

Message

: Type: string

A generic description of the error condition in English.

RequestId

: Type: string

The ID of the request associated with the error.

Resource

: Type: string

The identifier of the resource associated with the error.

AsyncOperation

Description

A container for the information about an asynchronous operation.

Members

CreationTime

: Type: timestamp (string|DateTime or anything parsable by strtotime)

The time that the request was sent to the service.

Operation

: Type: string

The specific operation for the asynchronous request.

RequestParameters

: Type: AsyncRequestParameters structure

The parameters associated with the request.

RequestStatus

: Type: string

The current status of the request.

RequestTokenARN

: Type: string

The request token associated with the request.

ResponseDetails

: Type: AsyncResponseDetails structure

The details of the response.

AsyncRequestParameters

Description

A container for the request parameters associated with an asynchronous request.

Members

CreateMultiRegionAccessPointRequest

: Type: CreateMultiRegionAccessPointInput structure

A container of the parameters for a CreateMultiRegionAccessPoint request.

DeleteMultiRegionAccessPointRequest

: Type: DeleteMultiRegionAccessPointInput structure

A container of the parameters for a DeleteMultiRegionAccessPoint request.

PutMultiRegionAccessPointPolicyRequest

: Type: PutMultiRegionAccessPointPolicyInput structure

A container of the parameters for a PutMultiRegionAccessPoint request.

AsyncResponseDetails

Description

A container for the response details that are returned when querying about an asynchronous request.

Members

ErrorDetails

: Type: AsyncErrorDetails structure

Error details for an asynchronous request.

MultiRegionAccessPointDetails

: Type: MultiRegionAccessPointsAsyncResponse structure

The details for the Multi-Region Access Point.

AwsLambdaTransformation

Description

Lambda function used to transform objects through an Object Lambda Access Point.

Members

FunctionArn

: Required: Yes
: Type: string

The Amazon Resource Name (ARN) of the Lambda function.

FunctionPayload

: Type: string

Additional JSON that provides supplemental data to the Lambda function used to transform objects.

BadRequestException

Description

Members

Message

: Type: string

BucketAlreadyExists

Description

The requested Outposts bucket name is not available. The bucket namespace is shared by all users of the Outposts in this Region. Select a different name and try again.

Members

BucketAlreadyOwnedByYou

Description

The Outposts bucket you tried to create already exists, and you own it.

Members

BucketLevel

Description

A container for the bucket-level configuration for Amazon S3 Storage Lens.

For more information about S3 Storage Lens, see Assessing your storage activity and usage with S3 Storage Lens in the Amazon S3 User Guide.

Members

ActivityMetrics

: Type: ActivityMetrics structure

A container for the bucket-level activity metrics for S3 Storage Lens.

AdvancedCostOptimizationMetrics

: Type: AdvancedCostOptimizationMetrics structure

A container for bucket-level advanced cost-optimization metrics for S3 Storage Lens.

AdvancedDataProtectionMetrics

: Type: AdvancedDataProtectionMetrics structure

A container for bucket-level advanced data-protection metrics for S3 Storage Lens.

DetailedStatusCodesMetrics

: Type: DetailedStatusCodesMetrics structure

A container for bucket-level detailed status code metrics for S3 Storage Lens.

PrefixLevel

: Type: PrefixLevel structure

A container for the prefix-level metrics for S3 Storage Lens.

CloudWatchMetrics

Description

A container for enabling Amazon CloudWatch publishing for S3 Storage Lens metrics.

For more information about publishing S3 Storage Lens metrics to CloudWatch, see Monitor S3 Storage Lens metrics in CloudWatch in the Amazon S3 User Guide.

Members

IsEnabled

: Required: Yes
: Type: boolean

A container that indicates whether CloudWatch publishing for S3 Storage Lens metrics is enabled. A value of true indicates that CloudWatch publishing for S3 Storage Lens metrics is enabled.

CreateAccessGrantRequest

Members

AccessGrantsLocationConfiguration

: Type: AccessGrantsLocationConfiguration structure

AccessGrantsLocationId

: Required: Yes
: Type: string

If you are passing the default location, you cannot create an access grant for the entire default location. You must also specify a bucket or a bucket and prefix in the Subprefix field.

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID of the S3 Access Grants instance.

ApplicationArn

: Type: string

Grantee

: Required: Yes
: Type: Grantee structure

Permission

: Required: Yes
: Type: string

The type of access that you are granting to your S3 data, which can be set to one of the following values:

READ – Grant read-only access to the S3 data.
WRITE – Grant write-only access to the S3 data.
READWRITE – Grant both read and write access to the S3 data.

S3PrefixType

: Type: string

Tags

: Type: Array of Tag structures

CreateAccessGrantsInstanceRequest

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID of the S3 Access Grants instance.

IdentityCenterArn

: Type: string

Tags

: Type: Array of Tag structures

CreateAccessGrantsLocationRequest

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID of the S3 Access Grants instance.

IAMRoleArn

: Required: Yes
: Type: string

The Amazon Resource Name (ARN) of the IAM role for the registered location. S3 Access Grants assumes this role to manage access to the registered location.

LocationScope

: Required: Yes
: Type: string

Tags

: Type: Array of Tag structures

CreateAccessPointForObjectLambdaRequest

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID for owner of the specified Object Lambda Access Point.

Configuration

: Required: Yes
: Type: ObjectLambdaConfiguration structure

Object Lambda Access Point configuration as a JSON document.

Name

: Required: Yes
: Type: string

The name you want to assign to this Object Lambda Access Point.

CreateAccessPointRequest

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID for the account that owns the specified access point.

Bucket

: Required: Yes
: Type: string

The name of the bucket that you want to associate this access point with.

For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

BucketAccountId

: Type: string

The Amazon Web Services account ID associated with the S3 bucket associated with this access point.

Name

: Required: Yes
: Type: string

The name you want to assign to this access point.

PublicAccessBlockConfiguration

: Type: PublicAccessBlockConfiguration structure

The PublicAccessBlock configuration that you want to apply to the access point.

VpcConfiguration

: Type: VpcConfiguration structure

If you include this field, Amazon S3 restricts access to this access point to requests from the specified virtual private cloud (VPC).

This is required for creating an access point for Amazon S3 on Outposts buckets.

CreateBucketConfiguration

Description

The container for the bucket configuration.

This is not supported by Amazon S3 on Outposts buckets.

Members

LocationConstraint

: Type: string

Specifies the Region where the bucket will be created. If you are creating a bucket on the US East (N. Virginia) Region (us-east-1), you do not need to specify the location.

This is not supported by Amazon S3 on Outposts buckets.

CreateJobRequest

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID that creates the job.

ClientRequestToken

: Required: Yes
: Type: string

An idempotency token to ensure that you don't accidentally submit the same request twice. You can use any string up to the maximum length.

ConfirmationRequired

: Type: boolean

Indicates whether confirmation is required before Amazon S3 runs the job. Confirmation is only required for jobs created through the Amazon S3 console.

Description

: Type: string

A description for this job. You can use any string within the permitted length. Descriptions don't need to be unique and can be used for multiple jobs.

Manifest

: Type: JobManifest structure

Configuration parameters for the manifest.

ManifestGenerator

: Type: JobManifestGenerator structure

The attribute container for the ManifestGenerator details. Jobs must be created with either a manifest file or a ManifestGenerator, but not both.

Operation

: Required: Yes
: Type: JobOperation structure

The action that you want this job to perform on every object listed in the manifest. For more information about the available actions, see Operations in the Amazon S3 User Guide.

Priority

: Required: Yes
: Type: int

The numerical priority for this job. Higher numbers indicate higher priority.

Report

: Required: Yes
: Type: JobReport structure

Configuration parameters for the optional job-completion report.

RoleArn

: Required: Yes
: Type: string

The Amazon Resource Name (ARN) for the Identity and Access Management (IAM) role that Batch Operations will use to run this job's action on every object in the manifest.

Tags

: Type: Array of S3Tag structures

A set of tags to associate with the S3 Batch Operations job. This is an optional parameter.

CreateMultiRegionAccessPointInput

Description

A container for the information associated with a CreateMultiRegionAccessPoint request.

Members

Name

: Required: Yes
: Type: string

The name of the Multi-Region Access Point associated with this request.

PublicAccessBlock

: Type: PublicAccessBlockConfiguration structure

This data type is not supported for Amazon S3 on Outposts.

Regions

: Required: Yes
: Type: Array of Region structures

The buckets in different Regions that are associated with the Multi-Region Access Point.

CreateMultiRegionAccessPointRequest

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID for the owner of the Multi-Region Access Point. The owner of the Multi-Region Access Point also must own the underlying buckets.

ClientToken

: Required: Yes
: Type: string

An idempotency token used to identify the request and guarantee that requests are unique.

Details

: Required: Yes
: Type: CreateMultiRegionAccessPointInput structure

A container element containing details about the Multi-Region Access Point.

CreateStorageLensGroupRequest

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID that the Storage Lens group is created from and associated with.

StorageLensGroup

: Required: Yes
: Type: StorageLensGroup structure

The Storage Lens group configuration.

Tags

: Type: Array of Tag structures

The Amazon Web Services resource tags that you're adding to your Storage Lens group. This parameter is optional.

Credentials

Description

The Amazon Web Services Security Token Service temporary credential that S3 Access Grants vends to grantees and client applications.

Members

AccessKeyId

: Type: string

The unique access key ID of the Amazon Web Services STS temporary credential that S3 Access Grants vends to grantees and client applications.

Expiration

: Type: timestamp (string|DateTime or anything parsable by strtotime)

The expiration date and time of the temporary credential that S3 Access Grants vends to grantees and client applications.

SecretAccessKey

: Type: string

The secret access key of the Amazon Web Services STS temporary credential that S3 Access Grants vends to grantees and client applications.

SessionToken

: Type: string

The Amazon Web Services STS temporary credential that S3 Access Grants vends to grantees and client applications.

DeleteMarkerReplication

Description

Specifies whether S3 on Outposts replicates delete markers. If you specify a Filter element in your replication configuration, you must also include a DeleteMarkerReplication element. If your Filter includes a Tag element, the DeleteMarkerReplication element's Status child element must be set to Disabled, because S3 on Outposts does not support replicating delete markers for tag-based rules.

For more information about delete marker replication, see How delete operations affect replication in the Amazon S3 User Guide.

Members

Status

: Required: Yes
: Type: string

Indicates whether to replicate delete markers.

DeleteMultiRegionAccessPointInput

Description

A container for the information associated with a DeleteMultiRegionAccessPoint request.

Members

Name

: Required: Yes
: Type: string

The name of the Multi-Region Access Point associated with this request.

DeleteMultiRegionAccessPointRequest

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID for the owner of the Multi-Region Access Point.

ClientToken

: Required: Yes
: Type: string

An idempotency token used to identify the request and guarantee that requests are unique.

Details

: Required: Yes
: Type: DeleteMultiRegionAccessPointInput structure

A container element containing details about the Multi-Region Access Point.

Destination

Description

Specifies information about the replication destination bucket and its settings for an S3 on Outposts replication configuration.

Members

AccessControlTranslation

: Type: AccessControlTranslation structure

Specify this property only in a cross-account scenario (where the source and destination bucket owners are not the same), and you want to change replica ownership to the Amazon Web Services account that owns the destination bucket. If this property is not specified in the replication configuration, the replicas are owned by same Amazon Web Services account that owns the source object.

This is not supported by Amazon S3 on Outposts buckets.

Account

: Type: string

The destination bucket owner's account ID.

Bucket

: Required: Yes
: Type: string

The Amazon Resource Name (ARN) of the access point for the destination bucket where you want S3 on Outposts to store the replication results.

EncryptionConfiguration

: Type: EncryptionConfiguration structure

A container that provides information about encryption. If SourceSelectionCriteria is specified, you must specify this element.

This is not supported by Amazon S3 on Outposts buckets.

Metrics

: Type: Metrics structure

A container that specifies replication metrics-related settings.

ReplicationTime

: Type: ReplicationTime structure

A container that specifies S3 Replication Time Control (S3 RTC) settings, including whether S3 RTC is enabled and the time when all objects and operations on objects must be replicated. Must be specified together with a Metrics block.

This is not supported by Amazon S3 on Outposts buckets.

StorageClass

: Type: string

The storage class to use when replicating objects. All objects stored on S3 on Outposts are stored in the OUTPOSTS storage class. S3 on Outposts uses the OUTPOSTS storage class to create the object replicas.

Values other than OUTPOSTS aren't supported by Amazon S3 on Outposts.

DetailedStatusCodesMetrics

Description

The container element for Amazon S3 Storage Lens detailed status code metrics. Detailed status code metrics generate metrics for HTTP status codes, such as 200 OK, 403 Forbidden, 503 Service Unavailable and others.

Members

IsEnabled

: Type: boolean

A container that indicates whether detailed status code metrics are enabled.

EncryptionConfiguration

Description

Specifies encryption-related information for an Amazon S3 bucket that is a destination for replicated objects. If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner.

This is not supported by Amazon S3 on Outposts buckets.

Members

ReplicaKmsKeyID

: Type: string

Specifies the ID of the customer managed KMS key that's stored in Key Management Service (KMS) for the destination bucket. This ID is either the Amazon Resource Name (ARN) for the KMS key or the alias ARN for the KMS key. Amazon S3 uses this KMS key to encrypt replica objects. Amazon S3 supports only symmetric encryption KMS keys. For more information, see Symmetric encryption KMS keys in the Amazon Web Services Key Management Service Developer Guide.

EstablishedMultiRegionAccessPointPolicy

Description

The last established access control policy for a Multi-Region Access Point.

When you update the policy, the update is first listed as the proposed policy. After the update is finished and all Regions have been updated, the proposed policy is listed as the established policy. If both policies have the same version number, the proposed policy is the established policy.

Members

Policy

: Type: string

The details of the last established policy.

Exclude

Description

A container for what Amazon S3 Storage Lens will exclude.

Members

Buckets

: Type: Array of strings

A container for the S3 Storage Lens bucket excludes.

Regions

: Type: Array of strings

A container for the S3 Storage Lens Region excludes.

ExistingObjectReplication

Description

An optional configuration to replicate existing source bucket objects.

This is not supported by Amazon S3 on Outposts buckets.

Members

Status

: Required: Yes
: Type: string

Specifies whether Amazon S3 replicates existing source bucket objects.

GeneratedManifestEncryption

Description

The encryption configuration to use when storing the generated manifest.

Members

SSEKMS

: Type: SSEKMSEncryption structure

Configuration details on how SSE-KMS is used to encrypt generated manifest objects.

SSES3

: Type: SSES3Encryption structure

Specifies the use of SSE-S3 to encrypt generated manifest objects.

Grantee

Description

Members

GranteeIdentifier

: Type: string

The unique identifier of the Grantee. If the grantee type is IAM, the identifier is the IAM Amazon Resource Name (ARN) of the user or role. If the grantee type is a directory user or group, the identifier is 128-bit universally unique identifier (UUID) in the format a1b2c3d4-5678-90ab-cdef-EXAMPLE11111. You can obtain this UUID from your Amazon Web Services IAM Identity Center instance.

GranteeType

: Type: string

The type of the grantee to which access has been granted. It can be one of the following values:

IAM - An IAM user or role.
DIRECTORY_USER - Your corporate directory user. You can use this option if you have added your corporate identity directory to IAM Identity Center and associated the IAM Identity Center instance with your S3 Access Grants instance.
DIRECTORY_GROUP - Your corporate directory group. You can use this option if you have added your corporate identity directory to IAM Identity Center and associated the IAM Identity Center instance with your S3 Access Grants instance.

IdempotencyException

Description

Members

Message

: Type: string

Include

Description

A container for what Amazon S3 Storage Lens configuration includes.

Members

Buckets

: Type: Array of strings

A container for the S3 Storage Lens bucket includes.

Regions

: Type: Array of strings

A container for the S3 Storage Lens Region includes.

InternalServiceException

Description

Members

Message

: Type: string

InvalidNextTokenException

Description

Members

Message

: Type: string

InvalidRequestException

Description

Members

Message

: Type: string

JobDescriptor

Description

A container element for the job configuration and status information returned by a Describe Job request.

Members

ConfirmationRequired

: Type: boolean

Indicates whether confirmation is required before Amazon S3 begins running the specified job. Confirmation is required only for jobs created through the Amazon S3 console.

CreationTime

: Type: timestamp (string|DateTime or anything parsable by strtotime)

A timestamp indicating when this job was created.

Description

: Type: string

The description for this job, if one was provided in this job's Create Job request.

FailureReasons

: Type: Array of JobFailure structures

If the specified job failed, this field contains information describing the failure.

GeneratedManifestDescriptor

: Type: S3GeneratedManifestDescriptor structure

The attribute of the JobDescriptor containing details about the job's generated manifest.

JobArn

: Type: string

The Amazon Resource Name (ARN) for this job.

JobId

: Type: string

The ID for the specified job.

Manifest

: Type: JobManifest structure

The configuration information for the specified job's manifest object.

ManifestGenerator

: Type: JobManifestGenerator structure

The manifest generator that was used to generate a job manifest for this job.

Operation

: Type: JobOperation structure

The operation that the specified job is configured to run on the objects listed in the manifest.

Priority

: Type: int

The priority of the specified job.

ProgressSummary

: Type: JobProgressSummary structure

Describes the total number of tasks that the specified job has run, the number of tasks that succeeded, and the number of tasks that failed.

Report

: Type: JobReport structure

Contains the configuration information for the job-completion report if you requested one in the Create Job request.

RoleArn

: Type: string

The Amazon Resource Name (ARN) for the Identity and Access Management (IAM) role assigned to run the tasks for this job.

Status

: Type: string

The current status of the specified job.

StatusUpdateReason

: Type: string

The reason for updating the job.

SuspendedCause

: Type: string

The reason why the specified job was suspended. A job is only suspended if you create it through the Amazon S3 console. When you create the job, it enters the Suspended state to await confirmation before running. After you confirm the job, it automatically exits the Suspended state.

SuspendedDate

: Type: timestamp (string|DateTime or anything parsable by strtotime)

The timestamp when this job was suspended, if it has been suspended.

TerminationDate

: Type: timestamp (string|DateTime or anything parsable by strtotime)

A timestamp indicating when this job terminated. A job's termination date is the date and time when it succeeded, failed, or was canceled.

JobFailure

Description

If this job failed, this element indicates why the job failed.

Members

FailureCode

: Type: string

The failure code, if any, for the specified job.

FailureReason

: Type: string

The failure reason, if any, for the specified job.

JobListDescriptor

Description

Contains the configuration and status information for a single job retrieved as part of a job list.

Members

CreationTime

: Type: timestamp (string|DateTime or anything parsable by strtotime)

A timestamp indicating when the specified job was created.

Description

: Type: string

The user-specified description that was included in the specified job's Create Job request.

JobId

: Type: string

The ID for the specified job.

Operation

: Type: string

The operation that the specified job is configured to run on every object listed in the manifest.

Priority

: Type: int

The current priority for the specified job.

ProgressSummary

: Type: JobProgressSummary structure

Describes the total number of tasks that the specified job has run, the number of tasks that succeeded, and the number of tasks that failed.

Status

: Type: string

The specified job's current status.

TerminationDate

: Type: timestamp (string|DateTime or anything parsable by strtotime)

A timestamp indicating when the specified job terminated. A job's termination date is the date and time when it succeeded, failed, or was canceled.

JobManifest

Description

Contains the configuration information for a job's manifest.

Members

Location

: Required: Yes
: Type: JobManifestLocation structure

Contains the information required to locate the specified job's manifest. Manifests can't be imported from directory buckets. For more information, see Directory buckets.

Spec

: Required: Yes
: Type: JobManifestSpec structure

Describes the format of the specified job's manifest. If the manifest is in CSV format, also describes the columns contained within the manifest.

JobManifestGenerator

Description

Configures the type of the job's ManifestGenerator.

Members

S3JobManifestGenerator

: Type: S3JobManifestGenerator structure

The S3 job ManifestGenerator's configuration details.

JobManifestGeneratorFilter

Description

The filter used to describe a set of objects for the job's manifest.

Members

CreatedAfter

: Type: timestamp (string|DateTime or anything parsable by strtotime)

If provided, the generated manifest includes only source bucket objects that were created after this time.

CreatedBefore

: Type: timestamp (string|DateTime or anything parsable by strtotime)

If provided, the generated manifest includes only source bucket objects that were created before this time.

EligibleForReplication

: Type: boolean

Include objects in the generated manifest only if they are eligible for replication according to the Replication configuration on the source bucket.

KeyNameConstraint

: Type: KeyNameConstraint structure

If provided, the generated manifest includes only source bucket objects whose object keys match the string constraints specified for MatchAnyPrefix, MatchAnySuffix, and MatchAnySubstring.

MatchAnyStorageClass

: Type: Array of strings

If provided, the generated manifest includes only source bucket objects that are stored with the specified storage class.

ObjectReplicationStatuses

: Type: Array of strings

If provided, the generated manifest includes only source bucket objects that have one of the specified Replication statuses.

ObjectSizeGreaterThanBytes

: Type: long (int|float)

If provided, the generated manifest includes only source bucket objects whose file size is greater than the specified number of bytes.

ObjectSizeLessThanBytes

: Type: long (int|float)

If provided, the generated manifest includes only source bucket objects whose file size is less than the specified number of bytes.

JobManifestLocation

Description

Contains the information required to locate a manifest object. Manifests can't be imported from directory buckets. For more information, see Directory buckets.

Members

ETag

: Required: Yes
: Type: string

The ETag for the specified manifest object.

ObjectArn

: Required: Yes
: Type: string

The Amazon Resource Name (ARN) for a manifest object.

When you're using XML requests, you must replace special characters (such as carriage returns) in object keys with their equivalent XML entity codes. For more information, see XML-related object key constraints in the Amazon S3 User Guide.

ObjectVersionId

: Type: string

The optional version ID to identify a specific version of the manifest object.

JobManifestSpec

Description

Describes the format of a manifest. If the manifest is in CSV format, also describes the columns contained within the manifest.

Members

Fields

: Type: Array of strings

If the specified manifest object is in the S3BatchOperations_CSV_20180820 format, this element describes which columns contain the required data.

Format

: Required: Yes
: Type: string

Indicates which of the available formats the specified manifest uses.

JobOperation

Description

The operation that you want this job to perform on every object listed in the manifest. For more information about the available operations, see Operations in the Amazon S3 User Guide.

Members

LambdaInvoke

: Type: LambdaInvokeOperation structure

Directs the specified job to invoke an Lambda function on every object in the manifest.

S3DeleteObjectTagging

: Type: S3DeleteObjectTaggingOperation structure

Directs the specified job to execute a DELETE Object tagging call on every object in the manifest.

This functionality is not supported by directory buckets.

S3InitiateRestoreObject

: Type: S3InitiateRestoreObjectOperation structure

Directs the specified job to initiate restore requests for every archived object in the manifest.

This functionality is not supported by directory buckets.

S3PutObjectAcl

: Type: S3SetObjectAclOperation structure

Directs the specified job to run a PutObjectAcl call on every object in the manifest.

This functionality is not supported by directory buckets.

S3PutObjectCopy

: Type: S3CopyObjectOperation structure

Directs the specified job to run a PUT Copy object call on every object in the manifest.

S3PutObjectLegalHold

: Type: S3SetObjectLegalHoldOperation structure

Contains the configuration for an S3 Object Lock legal hold operation that an S3 Batch Operations job passes to every object to the underlying PutObjectLegalHold API operation. For more information, see Using S3 Object Lock legal hold with S3 Batch Operations in the Amazon S3 User Guide.

This functionality is not supported by directory buckets.

S3PutObjectRetention

: Type: S3SetObjectRetentionOperation structure

Contains the configuration parameters for the Object Lock retention action for an S3 Batch Operations job. Batch Operations passes every object to the underlying PutObjectRetention API operation. For more information, see Using S3 Object Lock retention with S3 Batch Operations in the Amazon S3 User Guide.

This functionality is not supported by directory buckets.

S3PutObjectTagging

: Type: S3SetObjectTaggingOperation structure

Directs the specified job to run a PUT Object tagging call on every object in the manifest.

This functionality is not supported by directory buckets.

S3ReplicateObject

: Type: S3ReplicateObjectOperation structure

Directs the specified job to invoke ReplicateObject on every object in the job's manifest.

This functionality is not supported by directory buckets.

JobProgressSummary

Description

Describes the total number of tasks that the specified job has started, the number of tasks that succeeded, and the number of tasks that failed.

Members

NumberOfTasksFailed

: Type: long (int|float)

NumberOfTasksSucceeded

: Type: long (int|float)

Timers

: Type: JobTimers structure

The JobTimers attribute of a job's progress summary.

TotalNumberOfTasks

: Type: long (int|float)

JobReport

Description

Contains the configuration parameters for a job-completion report.

Members

Bucket

: Type: string

The Amazon Resource Name (ARN) for the bucket where specified job-completion report will be stored.

Directory buckets - Directory buckets aren't supported as a location for Batch Operations to store job completion reports.

Enabled

: Required: Yes
: Type: boolean

Indicates whether the specified job will generate a job-completion report.

Format

: Type: string

The format of the specified job-completion report.

Prefix

: Type: string

An optional prefix to describe where in the specified bucket the job-completion report will be stored. Amazon S3 stores the job-completion report at <prefix>/job-<job-id>/report.json.

ReportScope

: Type: string

Indicates whether the job-completion report will include details of all tasks or only failed tasks.

JobStatusException

Description

Members

Message

: Type: string

JobTimers

Description

Provides timing details for the job.

Members

ElapsedTimeInActiveSeconds

: Type: long (int|float)

Indicates the elapsed time in seconds the job has been in the Active job state.

KeyNameConstraint

Description

If provided, the generated manifest includes only source bucket objects whose object keys match the string constraints specified for MatchAnyPrefix, MatchAnySuffix, and MatchAnySubstring.

Members

MatchAnyPrefix

: Type: Array of strings

If provided, the generated manifest includes objects where the specified string appears at the start of the object key string. Each KeyNameConstraint filter accepts an array of strings with a length of 1 string.

MatchAnySubstring

: Type: Array of strings

If provided, the generated manifest includes objects where the specified string appears anywhere within the object key string. Each KeyNameConstraint filter accepts an array of strings with a length of 1 string.

MatchAnySuffix

: Type: Array of strings

If provided, the generated manifest includes objects where the specified string appears at the end of the object key string. Each KeyNameConstraint filter accepts an array of strings with a length of 1 string.

LambdaInvokeOperation

Description

Contains the configuration parameters for a Lambda Invoke operation.

Members

FunctionArn

: Type: string

The Amazon Resource Name (ARN) for the Lambda function that the specified job will invoke on every object in the manifest.

InvocationSchemaVersion

: Type: string

Specifies the schema version for the payload that Batch Operations sends when invoking an Lambda function. Version 1.0 is the default. Version 2.0 is required when you use Batch Operations to invoke Lambda functions that act on directory buckets, or if you need to specify UserArguments. For more information, see Automate object processing in Amazon S3 directory buckets with S3 Batch Operations and Lambda in the Amazon Web Services Storage Blog.

Ensure that your Lambda function code expects InvocationSchemaVersion 2.0 and uses bucket name rather than bucket ARN. If the InvocationSchemaVersion does not match what your Lambda function expects, your function might not work as expected.

Directory buckets - To initiate Amazon Web Services Lambda function to perform custom actions on objects in directory buckets, you must specify 2.0.

UserArguments

: Type: Associative array of custom strings keys (NonEmptyMaxLength64String) to strings

Key-value pairs that are passed in the payload that Batch Operations sends when invoking an Lambda function. You must specify InvocationSchemaVersion 2.0 for LambdaInvoke operations that include UserArguments. For more information, see Automate object processing in Amazon S3 directory buckets with S3 Batch Operations and Lambda in the Amazon Web Services Storage Blog.

LifecycleConfiguration

Description

The container for the Outposts bucket lifecycle configuration.

Members

Rules

: Type: Array of LifecycleRule structures

A lifecycle rule for individual objects in an Outposts bucket.

LifecycleExpiration

Description

The container of the Outposts bucket lifecycle expiration.

Members

Date

: Type: timestamp (string|DateTime or anything parsable by strtotime)

Indicates at what date the object is to be deleted. Should be in GMT ISO 8601 format.

Days

: Type: int

Indicates the lifetime, in days, of the objects that are subject to the rule. The value must be a non-zero positive integer.

ExpiredObjectDeleteMarker

: Type: boolean

Indicates whether Amazon S3 will remove a delete marker with no noncurrent versions. If set to true, the delete marker will be expired. If set to false, the policy takes no action. This cannot be specified with Days or Date in a Lifecycle Expiration Policy.

LifecycleRule

Description

The container for the Outposts bucket lifecycle rule.

Members

AbortIncompleteMultipartUpload

: Type: AbortIncompleteMultipartUpload structure

Specifies the days since the initiation of an incomplete multipart upload that Amazon S3 waits before permanently removing all parts of the upload. For more information, see Aborting Incomplete Multipart Uploads Using a Bucket Lifecycle Configuration in the Amazon S3 User Guide.

Expiration

: Type: LifecycleExpiration structure

Specifies the expiration for the lifecycle of the object in the form of date, days and, whether the object has a delete marker.

Filter

: Type: LifecycleRuleFilter structure

The container for the filter of lifecycle rule.

ID

: Type: string

Unique identifier for the rule. The value cannot be longer than 255 characters.

NoncurrentVersionExpiration

: Type: NoncurrentVersionExpiration structure

The noncurrent version expiration of the lifecycle rule.

NoncurrentVersionTransitions

: Type: Array of NoncurrentVersionTransition structures

Specifies the transition rule for the lifecycle rule that describes when noncurrent objects transition to a specific storage class. If your bucket is versioning-enabled (or versioning is suspended), you can set this action to request that Amazon S3 transition noncurrent object versions to a specific storage class at a set period in the object's lifetime.

This is not supported by Amazon S3 on Outposts buckets.

Status

: Required: Yes
: Type: string

If 'Enabled', the rule is currently being applied. If 'Disabled', the rule is not currently being applied.

Transitions

: Type: Array of Transition structures

Specifies when an Amazon S3 object transitions to a specified storage class.

This is not supported by Amazon S3 on Outposts buckets.

LifecycleRuleAndOperator

Description

The container for the Outposts bucket lifecycle rule and operator.

Members

ObjectSizeGreaterThan

: Type: long (int|float)

The non-inclusive minimum object size for the lifecycle rule. Setting this property to 7 means the rule applies to objects with a size that is greater than 7.

ObjectSizeLessThan

: Type: long (int|float)

The non-inclusive maximum object size for the lifecycle rule. Setting this property to 77 means the rule applies to objects with a size that is less than 77.

Prefix

: Type: string

Prefix identifying one or more objects to which the rule applies.

Tags

: Type: Array of S3Tag structures

All of these tags must exist in the object's tag set in order for the rule to apply.

LifecycleRuleFilter

Description

The container for the filter of the lifecycle rule.

Members

And

: Type: LifecycleRuleAndOperator structure

The container for the AND condition for the lifecycle rule.

ObjectSizeGreaterThan

: Type: long (int|float)

Minimum object size to which the rule applies.

ObjectSizeLessThan

: Type: long (int|float)

Maximum object size to which the rule applies.

Prefix

: Type: string

Prefix identifying one or more objects to which the rule applies.

Tag

: Type: S3Tag structure

A container for a key-value name pair.

ListAccessGrantEntry

Description

Information about the access grant.

Members

AccessGrantArn

: Type: string

The Amazon Resource Name (ARN) of the access grant.

AccessGrantId

: Type: string

The ID of the access grant. S3 Access Grants auto-generates this ID when you create the access grant.

AccessGrantsLocationConfiguration

: Type: AccessGrantsLocationConfiguration structure

The configuration options of the grant location. The grant location is the S3 path to the data to which you are granting access.

AccessGrantsLocationId

: Type: string

ApplicationArn

: Type: string

CreatedAt

: Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time when you created the S3 Access Grants instance.

GrantScope

: Type: string

The S3 path of the data to which you are granting access. It is the result of appending the Subprefix to the location scope.

Grantee

: Type: Grantee structure

Permission

: Type: string

The type of access granted to your S3 data, which can be set to one of the following values:

READ – Grant read-only access to the S3 data.
WRITE – Grant write-only access to the S3 data.
READWRITE – Grant both read and write access to the S3 data.

ListAccessGrantsInstanceEntry

Description

Information about the S3 Access Grants instance.

Members

AccessGrantsInstanceArn

: Type: string

The Amazon Resource Name (ARN) of the S3 Access Grants instance.

AccessGrantsInstanceId

: Type: string

The ID of the S3 Access Grants instance. The ID is default. You can have one S3 Access Grants instance per Region per account.

CreatedAt

: Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time when you created the S3 Access Grants instance.

IdentityCenterApplicationArn

: Type: string

IdentityCenterArn

: Type: string

IdentityCenterInstanceArn

: Type: string

ListAccessGrantsLocationsEntry

Description

A container for information about the registered location.

Members

AccessGrantsLocationArn

: Type: string

The Amazon Resource Name (ARN) of the registered location.

AccessGrantsLocationId

: Type: string

CreatedAt

: Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time when you registered the location.

IAMRoleArn

: Type: string

The Amazon Resource Name (ARN) of the IAM role for the registered location. S3 Access Grants assumes this role to manage access to the registered location.

LocationScope

: Type: string

ListCallerAccessGrantsEntry

Description

Part of ListCallerAccessGrantsResult. Each entry includes the permission level (READ, WRITE, or READWRITE) and the grant scope of the access grant. If the grant also includes an application ARN, the grantee can only access the S3 data through this application.

Members

ApplicationArn

: Type: string

GrantScope

: Type: string

The S3 path of the data to which you have been granted access.

Permission

: Type: string

The type of permission granted, which can be one of the following values:

READ - Grants read-only access to the S3 data.
WRITE - Grants write-only access to the S3 data.
READWRITE - Grants both read and write access to the S3 data.

ListStorageLensConfigurationEntry

Description

Part of ListStorageLensConfigurationResult. Each entry includes the description of the S3 Storage Lens configuration, its home Region, whether it is enabled, its Amazon Resource Name (ARN), and config ID.

Members

HomeRegion

: Required: Yes
: Type: string

A container for the S3 Storage Lens home Region. Your metrics data is stored and retained in your designated S3 Storage Lens home Region.

Id

: Required: Yes
: Type: string

A container for the S3 Storage Lens configuration ID.

IsEnabled

: Type: boolean

A container for whether the S3 Storage Lens configuration is enabled. This property is required.

StorageLensArn

: Required: Yes
: Type: string

The ARN of the S3 Storage Lens configuration. This property is read-only.

ListStorageLensGroupEntry

Description

Each entry contains a Storage Lens group that exists in the specified home Region.

Members

HomeRegion

: Required: Yes
: Type: string

Contains the Amazon Web Services Region where the Storage Lens group was created.

Name

: Required: Yes
: Type: string

Contains the name of the Storage Lens group that exists in the specified home Region.

StorageLensGroupArn

: Required: Yes
: Type: string

Contains the Amazon Resource Name (ARN) of the Storage Lens group. This property is read-only.

MatchObjectAge

Description

A filter condition that specifies the object age range of included objects in days. Only integers are supported.

Members

DaysGreaterThan

: Type: int

Specifies the maximum object age in days. Must be a positive whole number, greater than the minimum object age and less than or equal to 2,147,483,647.

DaysLessThan

: Type: int

Specifies the minimum object age in days. The value must be a positive whole number, greater than 0 and less than or equal to 2,147,483,647.

MatchObjectSize

Description

A filter condition that specifies the object size range of included objects in bytes. Only integers are supported.

Members

BytesGreaterThan

: Type: long (int|float)

Specifies the minimum object size in Bytes. The value must be a positive number, greater than 0 and less than 5 TB.

BytesLessThan

: Type: long (int|float)

Specifies the maximum object size in Bytes. The value must be a positive number, greater than the minimum object size and less than 5 TB.

Metrics

Description

A container that specifies replication metrics-related settings.

Members

EventThreshold

: Type: ReplicationTimeValue structure

A container that specifies the time threshold for emitting the s3:Replication:OperationMissedThreshold event.

This is not supported by Amazon S3 on Outposts buckets.

Status

: Required: Yes
: Type: string

Specifies whether replication metrics are enabled.

MultiRegionAccessPointPolicyDocument

Description

The Multi-Region Access Point access control policy.

Members

Established

: Type: EstablishedMultiRegionAccessPointPolicy structure

The last established policy for the Multi-Region Access Point.

Proposed

: Type: ProposedMultiRegionAccessPointPolicy structure

The proposed policy for the Multi-Region Access Point.

MultiRegionAccessPointRegionalResponse

Description

Status information for a single Multi-Region Access Point Region.

Members

Name

: Type: string

The name of the Region in the Multi-Region Access Point.

RequestStatus

: Type: string

The current status of the Multi-Region Access Point in this Region.

MultiRegionAccessPointReport

Description

A collection of statuses for a Multi-Region Access Point in the various Regions it supports.

Members

Alias

: Type: string

The alias for the Multi-Region Access Point. For more information about the distinction between the name and the alias of an Multi-Region Access Point, see Rules for naming Amazon S3 Multi-Region Access Points.

CreatedAt

: Type: timestamp (string|DateTime or anything parsable by strtotime)

When the Multi-Region Access Point create request was received.

Name

: Type: string

The name of the Multi-Region Access Point.

PublicAccessBlock

: Type: PublicAccessBlockConfiguration structure

This data type is not supported for Amazon S3 on Outposts.

Regions

: Type: Array of RegionReport structures

A collection of the Regions and buckets associated with the Multi-Region Access Point.

Status

: Type: string

The current status of the Multi-Region Access Point.

CREATING and DELETING are temporary states that exist while the request is propagating and being completed. If a Multi-Region Access Point has a status of PARTIALLY_CREATED, you can retry creation or send a request to delete the Multi-Region Access Point. If a Multi-Region Access Point has a status of PARTIALLY_DELETED, you can retry a delete request to finish the deletion of the Multi-Region Access Point.

MultiRegionAccessPointRoute

Description

A structure for a Multi-Region Access Point that indicates where Amazon S3 traffic can be routed. Routes can be either active or passive. Active routes can process Amazon S3 requests through the Multi-Region Access Point, but passive routes are not eligible to process Amazon S3 requests.

Each route contains the Amazon S3 bucket name and the Amazon Web Services Region that the bucket is located in. The route also includes the TrafficDialPercentage value, which shows whether the bucket and Region are active (indicated by a value of 100) or passive (indicated by a value of 0).

Members

Bucket

: Type: string

The name of the Amazon S3 bucket for which you'll submit a routing configuration change. Either the Bucket or the Region value must be provided. If both are provided, the bucket must be in the specified Region.

Region

: Type: string

The Amazon Web Services Region to which you'll be submitting a routing configuration change. Either the Bucket or the Region value must be provided. If both are provided, the bucket must be in the specified Region.

TrafficDialPercentage

: Required: Yes
: Type: int

The traffic state for the specified bucket or Amazon Web Services Region.

A value of 0 indicates a passive state, which means that no new traffic will be routed to the Region.

A value of 100 indicates an active state, which means that traffic will be routed to the specified Region.

When the routing configuration for a Region is changed from active to passive, any in-progress operations (uploads, copies, deletes, and so on) to the formerly active Region will continue to run to until a final success or failure status is reached.

If all Regions in the routing configuration are designated as passive, you'll receive an InvalidRequest error.

MultiRegionAccessPointsAsyncResponse

Description

The Multi-Region Access Point details that are returned when querying about an asynchronous request.

Members

Regions

: Type: Array of MultiRegionAccessPointRegionalResponse structures

A collection of status information for the different Regions that a Multi-Region Access Point supports.

NoSuchPublicAccessBlockConfiguration

Description

Amazon S3 throws this exception if you make a GetPublicAccessBlock request against an account that doesn't have a PublicAccessBlockConfiguration set.

Members

Message

: Type: string

NoncurrentVersionExpiration

Description

The container of the noncurrent version expiration.

Members

NewerNoncurrentVersions

: Type: int

Specifies how many noncurrent versions S3 on Outposts will retain. If there are this many more recent noncurrent versions, S3 on Outposts will take the associated action. For more information about noncurrent versions, see Lifecycle configuration elements in the Amazon S3 User Guide.

NoncurrentDays

: Type: int

Specifies the number of days an object is noncurrent before Amazon S3 can perform the associated action. For information about the noncurrent days calculations, see How Amazon S3 Calculates When an Object Became Noncurrent in the Amazon S3 User Guide.

NoncurrentVersionTransition

Description

The container for the noncurrent version transition.

Members

NoncurrentDays

: Type: int

Specifies the number of days an object is noncurrent before Amazon S3 can perform the associated action. For information about the noncurrent days calculations, see How Amazon S3 Calculates How Long an Object Has Been Noncurrent in the Amazon S3 User Guide.

StorageClass

: Type: string

The class of storage used to store the object.

NotFoundException

Description

Members

Message

: Type: string

ObjectLambdaAccessPoint

Description

An access point with an attached Lambda function used to access transformed data from an Amazon S3 bucket.

Members

Alias

: Type: ObjectLambdaAccessPointAlias structure

The alias of the Object Lambda Access Point.

Name

: Required: Yes
: Type: string

The name of the Object Lambda Access Point.

ObjectLambdaAccessPointArn

: Type: string

Specifies the ARN for the Object Lambda Access Point.

ObjectLambdaAccessPointAlias

Description

The alias of an Object Lambda Access Point. For more information, see How to use a bucket-style alias for your S3 bucket Object Lambda Access Point.

Members

Status

: Type: string

The status of the Object Lambda Access Point alias. If the status is PROVISIONING, the Object Lambda Access Point is provisioning the alias and the alias is not ready for use yet. If the status is READY, the Object Lambda Access Point alias is successfully provisioned and ready for use.

Value

: Type: string

The alias value of the Object Lambda Access Point.

ObjectLambdaConfiguration

Description

A configuration used when creating an Object Lambda Access Point.

Members

AllowedFeatures

: Type: Array of strings

A container for allowed features. Valid inputs are GetObject-Range, GetObject-PartNumber, HeadObject-Range, and HeadObject-PartNumber.

CloudWatchMetricsEnabled

: Type: boolean

A container for whether the CloudWatch metrics configuration is enabled.

SupportingAccessPoint

: Required: Yes
: Type: string

Standard access point associated with the Object Lambda Access Point.

TransformationConfigurations

: Required: Yes
: Type: Array of ObjectLambdaTransformationConfiguration structures

A container for transformation configurations for an Object Lambda Access Point.

ObjectLambdaContentTransformation

Description

A container for AwsLambdaTransformation.

Members

AwsLambda

: Type: AwsLambdaTransformation structure

A container for an Lambda function.

ObjectLambdaTransformationConfiguration

Description

A configuration used when creating an Object Lambda Access Point transformation.

Members

Actions

: Required: Yes
: Type: Array of strings

A container for the action of an Object Lambda Access Point configuration. Valid inputs are GetObject, ListObjects, HeadObject, and ListObjectsV2.

ContentTransformation

: Required: Yes
: Type: ObjectLambdaContentTransformation structure

A container for the content transformation of an Object Lambda Access Point configuration.

PolicyStatus

Description

Members

IsPublic

: Type: boolean

PrefixLevel

Description

A container for the prefix-level configuration.

Members

StorageMetrics

: Required: Yes
: Type: PrefixLevelStorageMetrics structure

A container for the prefix-level storage metrics for S3 Storage Lens.

PrefixLevelStorageMetrics

Description

A container for the prefix-level storage metrics for S3 Storage Lens.

Members

IsEnabled

: Type: boolean

A container for whether prefix-level storage metrics are enabled.

SelectionCriteria

: Type: SelectionCriteria structure

ProposedMultiRegionAccessPointPolicy

Description

The proposed access control policy for the Multi-Region Access Point.

Members

Policy

: Type: string

The details of the proposed policy.

PublicAccessBlockConfiguration

Description

This data type is not supported for Amazon S3 on Outposts.

Members

BlockPublicAcls

: Type: boolean

Specifies whether Amazon S3 should block public access control lists (ACLs) for buckets in this account. Setting this element to TRUE causes the following behavior:

PutBucketAcl and PutObjectAcl calls fail if the specified ACL is public.
PUT Object calls fail if the request includes a public ACL.
PUT Bucket calls fail if the request includes a public ACL.

Enabling this setting doesn't affect existing policies or ACLs.

This property is not supported for Amazon S3 on Outposts.

BlockPublicPolicy

: Type: boolean

Specifies whether Amazon S3 should block public bucket policies for buckets in this account. Setting this element to TRUE causes Amazon S3 to reject calls to PUT Bucket policy if the specified bucket policy allows public access.

Enabling this setting doesn't affect existing bucket policies.

This property is not supported for Amazon S3 on Outposts.

IgnorePublicAcls

: Type: boolean

Specifies whether Amazon S3 should ignore public ACLs for buckets in this account. Setting this element to TRUE causes Amazon S3 to ignore all public ACLs on buckets in this account and any objects that they contain.

Enabling this setting doesn't affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set.

This property is not supported for Amazon S3 on Outposts.

RestrictPublicBuckets

: Type: boolean

Specifies whether Amazon S3 should restrict public bucket policies for buckets in this account. Setting this element to TRUE restricts access to buckets with public policies to only Amazon Web Services service principals and authorized users within this account.

Enabling this setting doesn't affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked.

This property is not supported for Amazon S3 on Outposts.

PutAccessGrantsInstanceResourcePolicyRequest

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID of the S3 Access Grants instance.

Organization

: Type: string

The Organization of the resource policy of the S3 Access Grants instance.

Policy

: Required: Yes
: Type: string

The resource policy of the S3 Access Grants instance that you are updating.

PutAccessPointConfigurationForObjectLambdaRequest

Members

AccountId

: Required: Yes
: Type: string

The account ID for the account that owns the specified Object Lambda Access Point.

Configuration

: Required: Yes
: Type: ObjectLambdaConfiguration structure

Object Lambda Access Point configuration document.

Name

: Required: Yes
: Type: string

The name of the Object Lambda Access Point.

PutAccessPointPolicyForObjectLambdaRequest

Members

AccountId

: Required: Yes
: Type: string

The account ID for the account that owns the specified Object Lambda Access Point.

Name

: Required: Yes
: Type: string

The name of the Object Lambda Access Point.

Policy

: Required: Yes
: Type: string

Object Lambda Access Point resource policy document.

PutAccessPointPolicyRequest

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID for owner of the bucket associated with the specified access point.

Name

: Required: Yes
: Type: string

The name of the access point that you want to associate with the specified policy.

For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

Policy

: Required: Yes
: Type: string

The policy that you want to apply to the specified access point. For more information about access point policies, see Managing data access with Amazon S3 access points in the Amazon S3 User Guide.

PutBucketPolicyRequest

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID of the Outposts bucket.

Bucket

: Required: Yes
: Type: string

Specifies the bucket.

For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

ConfirmRemoveSelfBucketAccess

: Type: boolean

Set this parameter to true to confirm that you want to remove your permissions to change this bucket policy in the future.

This is not supported by Amazon S3 on Outposts buckets.

Policy

: Required: Yes
: Type: string

The bucket policy as a JSON document.

PutJobTaggingRequest

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID associated with the S3 Batch Operations job.

JobId

: Required: Yes
: Type: string

The ID for the S3 Batch Operations job whose tags you want to replace.

Tags

: Required: Yes
: Type: Array of S3Tag structures

The set of tags to associate with the S3 Batch Operations job.

PutMultiRegionAccessPointPolicyInput

Description

A container for the information associated with a PutMultiRegionAccessPoint request.

Members

Name

: Required: Yes
: Type: string

The name of the Multi-Region Access Point associated with the request.

Policy

: Required: Yes
: Type: string

The policy details for the PutMultiRegionAccessPoint request.

PutMultiRegionAccessPointPolicyRequest

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID for the owner of the Multi-Region Access Point.

ClientToken

: Required: Yes
: Type: string

An idempotency token used to identify the request and guarantee that requests are unique.

Details

: Required: Yes
: Type: PutMultiRegionAccessPointPolicyInput structure

A container element containing the details of the policy for the Multi-Region Access Point.

PutStorageLensConfigurationRequest

Members

AccountId

: Required: Yes
: Type: string

The account ID of the requester.

ConfigId

: Required: Yes
: Type: string

The ID of the S3 Storage Lens configuration.

StorageLensConfiguration

: Required: Yes
: Type: StorageLensConfiguration structure

The S3 Storage Lens configuration.

Tags

: Type: Array of StorageLensTag structures

The tag set of the S3 Storage Lens configuration.

You can set up to a maximum of 50 tags.

PutStorageLensConfigurationTaggingRequest

Members

AccountId

: Required: Yes
: Type: string

The account ID of the requester.

ConfigId

: Required: Yes
: Type: string

The ID of the S3 Storage Lens configuration.

Tags

: Required: Yes
: Type: Array of StorageLensTag structures

The tag set of the S3 Storage Lens configuration.

You can set up to a maximum of 50 tags.

Region

Description

A Region that supports a Multi-Region Access Point as well as the associated bucket for the Region.

Members

Bucket

: Required: Yes
: Type: string

The name of the associated bucket for the Region.

BucketAccountId

: Type: string

The Amazon Web Services account ID that owns the Amazon S3 bucket that's associated with this Multi-Region Access Point.

RegionReport

Description

A combination of a bucket and Region that's part of a Multi-Region Access Point.

Members

Bucket

: Type: string

The name of the bucket.

BucketAccountId

: Type: string

The Amazon Web Services account ID that owns the Amazon S3 bucket that's associated with this Multi-Region Access Point.

Region

: Type: string

The name of the Region.

RegionalBucket

Description

The container for the regional bucket.

Members

Bucket

: Required: Yes
: Type: string

BucketArn

: Type: string

The Amazon Resource Name (ARN) for the regional bucket.

CreationDate

: Required: Yes
: Type: timestamp (string|DateTime or anything parsable by strtotime)

The creation date of the regional bucket

OutpostId

: Type: string

The Outposts ID of the regional bucket.

PublicAccessBlockEnabled

: Required: Yes
: Type: boolean

ReplicaModifications

Description

A filter that you can use to specify whether replica modification sync is enabled. S3 on Outposts replica modification sync can help you keep object metadata synchronized between replicas and source objects. By default, S3 on Outposts replicates metadata from the source objects to the replicas only. When replica modification sync is enabled, S3 on Outposts replicates metadata changes made to the replica copies back to the source object, making the replication bidirectional.

To replicate object metadata modifications on replicas, you can specify this element and set the Status of this element to Enabled.

You must enable replica modification sync on the source and destination buckets to replicate replica metadata changes between the source and the replicas.

Members

Status

: Required: Yes
: Type: string

Specifies whether S3 on Outposts replicates modifications to object metadata on replicas.

ReplicationConfiguration

Description

A container for one or more replication rules. A replication configuration must have at least one rule and you can add up to 100 rules. The maximum size of a replication configuration is 128 KB.

Members

Role

: Required: Yes
: Type: string

The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that S3 on Outposts assumes when replicating objects. For information about S3 replication on Outposts configuration, see Setting up replication in the Amazon S3 User Guide.

Rules

: Required: Yes
: Type: Array of ReplicationRule structures

A container for one or more replication rules. A replication configuration must have at least one rule and can contain an array of 100 rules at the most.

ReplicationRule

Description

Specifies which S3 on Outposts objects to replicate and where to store the replicas.

Members

Bucket

: Required: Yes
: Type: string

The Amazon Resource Name (ARN) of the access point for the source Outposts bucket that you want S3 on Outposts to replicate the objects from.

DeleteMarkerReplication

: Type: DeleteMarkerReplication structure

Specifies whether S3 on Outposts replicates delete markers. If you specify a Filter element in your replication configuration, you must also include a DeleteMarkerReplication element. If your Filter includes a Tag element, the DeleteMarkerReplication element's Status child element must be set to Disabled, because S3 on Outposts doesn't support replicating delete markers for tag-based rules.

For more information about delete marker replication, see How delete operations affect replication in the Amazon S3 User Guide.

Destination

: Required: Yes
: Type: Destination structure

A container for information about the replication destination and its configurations.

ExistingObjectReplication

: Type: ExistingObjectReplication structure

An optional configuration to replicate existing source bucket objects.

This is not supported by Amazon S3 on Outposts buckets.

Filter

: Type: ReplicationRuleFilter structure

A filter that identifies the subset of objects to which the replication rule applies. A Filter element must specify exactly one Prefix, Tag, or And child element.

ID

: Type: string

A unique identifier for the rule. The maximum value is 255 characters.

Prefix

: Type: string

An object key name prefix that identifies the object or objects to which the rule applies. The maximum prefix length is 1,024 characters. To include all objects in an Outposts bucket, specify an empty string.

Priority

: Type: int

The priority indicates which rule has precedence whenever two or more replication rules conflict. S3 on Outposts attempts to replicate objects according to all replication rules. However, if there are two or more rules with the same destination Outposts bucket, then objects will be replicated according to the rule with the highest priority. The higher the number, the higher the priority.

For more information, see Creating replication rules on Outposts in the Amazon S3 User Guide.

SourceSelectionCriteria

: Type: SourceSelectionCriteria structure

A container that describes additional filters for identifying the source Outposts objects that you want to replicate. You can choose to enable or disable the replication of these objects.

Status

: Required: Yes
: Type: string

Specifies whether the rule is enabled.

ReplicationRuleAndOperator

Description

A container for specifying rule filters. The filters determine the subset of objects to which the rule applies. This element is required only if you specify more than one filter.

For example:

If you specify both a Prefix and a Tag filter, wrap these filters in an And element.
If you specify a filter based on multiple tags, wrap the Tag elements in an And element.

Members

Prefix

: Type: string

An object key name prefix that identifies the subset of objects that the rule applies to.

Tags

: Type: Array of S3Tag structures

An array of tags that contain key and value pairs.

ReplicationRuleFilter

Description

A filter that identifies the subset of objects to which the replication rule applies. A Filter element must specify exactly one Prefix, Tag, or And child element.

Members

And

: Type: ReplicationRuleAndOperator structure

A container for specifying rule filters. The filters determine the subset of objects that the rule applies to. This element is required only if you specify more than one filter. For example:

If you specify both a Prefix and a Tag filter, wrap these filters in an And element.
If you specify a filter based on multiple tags, wrap the Tag elements in an And element.

Prefix

: Type: string

An object key name prefix that identifies the subset of objects that the rule applies to.

Tag

: Type: S3Tag structure

A container for a key-value name pair.

ReplicationTime

Description

A container that specifies S3 Replication Time Control (S3 RTC) related information, including whether S3 RTC is enabled and the time when all objects and operations on objects must be replicated.

This is not supported by Amazon S3 on Outposts buckets.

Members

Status

: Required: Yes
: Type: string

Specifies whether S3 Replication Time Control (S3 RTC) is enabled.

Time

: Required: Yes
: Type: ReplicationTimeValue structure

A container that specifies the time by which replication should be complete for all objects and operations on objects.

ReplicationTimeValue

Description

A container that specifies the time value for S3 Replication Time Control (S3 RTC). This value is also used for the replication metrics EventThreshold element.

This is not supported by Amazon S3 on Outposts buckets.

Members

Minutes

: Type: int

Contains an integer that specifies the time period in minutes.

Valid value: 15

S3AccessControlList

Description

Members

Grants

: Type: Array of S3Grant structures

Owner

: Required: Yes
: Type: S3ObjectOwner structure

S3AccessControlPolicy

Description

Members

AccessControlList

: Type: S3AccessControlList structure

CannedAccessControlList

: Type: string

S3BucketDestination

Description

A container for the bucket where the Amazon S3 Storage Lens metrics export files are located.

Members

AccountId

: Required: Yes
: Type: string

The account ID of the owner of the S3 Storage Lens metrics export bucket.

Arn

: Required: Yes
: Type: string

The Amazon Resource Name (ARN) of the bucket. This property is read-only and follows the following format: arn:aws:s3:us-east-1:example-account-id:bucket/your-destination-bucket-name

Encryption

: Type: StorageLensDataExportEncryption structure

The container for the type encryption of the metrics exports in this bucket.

Format

: Required: Yes
: Type: string

OutputSchemaVersion

: Required: Yes
: Type: string

The schema version of the export file.

Prefix

: Type: string

The prefix of the destination bucket where the metrics export will be delivered.

S3CopyObjectOperation

Description

Contains the configuration parameters for a PUT Copy object operation. S3 Batch Operations passes every object to the underlying CopyObject API operation. For more information about the parameters for this operation, see CopyObject.

Members

AccessControlGrants

: Type: Array of S3Grant structures

This functionality is not supported by directory buckets.

BucketKeyEnabled

: Type: boolean

Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption with server-side encryption using Amazon Web Services KMS (SSE-KMS). Setting this header to true causes Amazon S3 to use an S3 Bucket Key for object encryption with SSE-KMS.

Specifying this header with an object action doesn’t affect bucket-level settings for S3 Bucket Key.

This functionality is not supported by directory buckets.

CannedAccessControlList

: Type: string

This functionality is not supported by directory buckets.

ChecksumAlgorithm

: Type: string

Indicates the algorithm that you want Amazon S3 to use to create the checksum. For more information, see Checking object integrity in the Amazon S3 User Guide.

MetadataDirective

: Type: string

ModifiedSinceConstraint

: Type: timestamp (string|DateTime or anything parsable by strtotime)

NewObjectMetadata

: Type: S3ObjectMetadata structure

If you don't provide this parameter, Amazon S3 copies all the metadata from the original objects. If you specify an empty set, the new objects will have no tags. Otherwise, Amazon S3 assigns the supplied tags to the new objects.

NewObjectTagging

: Type: Array of S3Tag structures

Specifies a list of tags to add to the destination objects after they are copied. If NewObjectTagging is not specified, the tags of the source objects are copied to destination objects by default.

Directory buckets - Tags aren't supported by directory buckets. If your source objects have tags and your destination bucket is a directory bucket, specify an empty tag set in the NewObjectTagging field to prevent copying the source object tags to the directory bucket.

ObjectLockLegalHoldStatus

: Type: string

The legal hold status to be applied to all objects in the Batch Operations job.

This functionality is not supported by directory buckets.

ObjectLockMode

: Type: string

The retention mode to be applied to all objects in the Batch Operations job.

This functionality is not supported by directory buckets.

ObjectLockRetainUntilDate

: Type: timestamp (string|DateTime or anything parsable by strtotime)

The date when the applied object retention configuration expires on all objects in the Batch Operations job.

This functionality is not supported by directory buckets.

RedirectLocation

: Type: string

If the destination bucket is configured as a website, specifies an optional metadata property for website redirects, x-amz-website-redirect-location. Allows webpage redirects if the object copy is accessed through a website endpoint.

This functionality is not supported by directory buckets.

RequesterPays

: Type: boolean

This functionality is not supported by directory buckets.

SSEAwsKmsKeyId

: Type: string

This functionality is not supported by directory buckets.

StorageClass

: Type: string

Specify the storage class for the destination objects in a Copy operation.

Directory buckets - This functionality is not supported by directory buckets.

TargetKeyPrefix

: Type: string

Specifies the folder prefix that you want the objects to be copied into. For example, to copy objects into a folder named Folder1 in the destination bucket, set the TargetKeyPrefix property to Folder1.

TargetResource

: Type: string

Specifies the destination bucket Amazon Resource Name (ARN) for the batch copy operation.

General purpose buckets - For example, to copy objects to a general purpose bucket named destinationBucket, set the TargetResource property to arn:aws:s3:::destinationBucket.
Directory buckets - For example, to copy objects to a directory bucket named destinationBucket in the Availability Zone; identified by the AZ ID usw2-az1, set the TargetResource property to arn:aws:s3express:region:account_id:/bucket/destination_bucket_base_name--usw2-az1--x-s3.

UnModifiedSinceConstraint

: Type: timestamp (string|DateTime or anything parsable by strtotime)

S3DeleteObjectTaggingOperation

Description

Contains no configuration parameters because the DELETE Object tagging (DeleteObjectTagging) API operation accepts only the bucket name and key name as parameters, which are defined in the job's manifest.

Members

S3GeneratedManifestDescriptor

Description

Describes the specified job's generated manifest. Batch Operations jobs created with a ManifestGenerator populate details of this descriptor after execution of the ManifestGenerator.

Members

Format

: Type: string

The format of the generated manifest.

Location

: Type: JobManifestLocation structure

Contains the information required to locate a manifest object. Manifests can't be imported from directory buckets. For more information, see Directory buckets.

S3Grant

Description

Members

Grantee

: Type: S3Grantee structure

Permission

: Type: string

S3Grantee

Description

Members

DisplayName

: Type: string

Identifier

: Type: string

TypeIdentifier

: Type: string

S3InitiateRestoreObjectOperation

Description

Contains the configuration parameters for a POST Object restore job. S3 Batch Operations passes every object to the underlying RestoreObject API operation. For more information about the parameters for this operation, see RestoreObject.

Members

ExpirationInDays

: Type: int

This argument specifies how long the S3 Glacier or S3 Glacier Deep Archive object remains available in Amazon S3. S3 Initiate Restore Object jobs that target S3 Glacier and S3 Glacier Deep Archive objects require ExpirationInDays set to 1 or greater.

Conversely, do not set ExpirationInDays when creating S3 Initiate Restore Object jobs that target S3 Intelligent-Tiering Archive Access and Deep Archive Access tier objects. Objects in S3 Intelligent-Tiering archive access tiers are not subject to restore expiry, so specifying ExpirationInDays results in restore request failure.

S3 Batch Operations jobs can operate either on S3 Glacier and S3 Glacier Deep Archive storage class objects or on S3 Intelligent-Tiering Archive Access and Deep Archive Access storage tier objects, but not both types in the same job. If you need to restore objects of both types you must create separate Batch Operations jobs.

GlacierJobTier

: Type: string

S3 Batch Operations supports STANDARD and BULK retrieval tiers, but not the EXPEDITED retrieval tier.

S3JobManifestGenerator

Description

The container for the service that will create the S3 manifest.

Members

EnableManifestOutput

: Required: Yes
: Type: boolean

Determines whether or not to write the job's generated manifest to a bucket.

ExpectedBucketOwner

: Type: string

The Amazon Web Services account ID that owns the bucket the generated manifest is written to. If provided the generated manifest bucket's owner Amazon Web Services account ID must match this value, else the job fails.

Filter

: Type: JobManifestGeneratorFilter structure

Specifies rules the S3JobManifestGenerator should use to decide whether an object in the source bucket should or should not be included in the generated job manifest.

ManifestOutputLocation

: Type: S3ManifestOutputLocation structure

Specifies the location the generated manifest will be written to. Manifests can't be written to directory buckets. For more information, see Directory buckets.

SourceBucket

: Required: Yes
: Type: string

The ARN of the source bucket used by the ManifestGenerator.

Directory buckets - Directory buckets aren't supported as the source buckets used by S3JobManifestGenerator to generate the job manifest.

S3ManifestOutputLocation

Description

Location details for where the generated manifest should be written.

Members

Bucket

: Required: Yes
: Type: string

The bucket ARN the generated manifest should be written to.

Directory buckets - Directory buckets aren't supported as the buckets to store the generated manifest.

ExpectedManifestBucketOwner

: Type: string

The Account ID that owns the bucket the generated manifest is written to.

ManifestEncryption

: Type: GeneratedManifestEncryption structure

Specifies what encryption should be used when the generated manifest objects are written.

ManifestFormat

: Required: Yes
: Type: string

The format of the generated manifest.

ManifestPrefix

: Type: string

Prefix identifying one or more objects to which the manifest applies.

S3ObjectLockLegalHold

Description

Whether S3 Object Lock legal hold will be applied to objects in an S3 Batch Operations job.

Members

Status

: Required: Yes
: Type: string

The Object Lock legal hold status to be applied to all objects in the Batch Operations job.

S3ObjectMetadata

Description

Members

CacheControl

: Type: string

ContentDisposition

: Type: string

ContentEncoding

: Type: string

ContentLanguage

: Type: string

ContentLength

: Type: long (int|float)

This member has been deprecated.

ContentMD5

: Type: string

This member has been deprecated.

ContentType

: Type: string

HttpExpiresDate

: Type: timestamp (string|DateTime or anything parsable by strtotime)

RequesterCharged

: Type: boolean

This member has been deprecated.

SSEAlgorithm

: Type: string

For directory buckets, only the server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) is supported.

UserMetadata

: Type: Associative array of custom strings keys (NonEmptyMaxLength1024String) to strings

S3ObjectOwner

Description

Members

DisplayName

: Type: string

ID

: Type: string

S3ReplicateObjectOperation

Description

Directs the specified job to invoke ReplicateObject on every object in the job's manifest.

Members

S3Retention

Description

Contains the S3 Object Lock retention mode to be applied to all objects in the S3 Batch Operations job. If you don't provide Mode and RetainUntilDate data types in your operation, you will remove the retention from your objects. For more information, see Using S3 Object Lock retention with S3 Batch Operations in the Amazon S3 User Guide.

Members

Mode

: Type: string

The Object Lock retention mode to be applied to all objects in the Batch Operations job.

RetainUntilDate

: Type: timestamp (string|DateTime or anything parsable by strtotime)

The date when the applied Object Lock retention will expire on all objects set by the Batch Operations job.

S3SetObjectAclOperation

Description

Contains the configuration parameters for a PUT Object ACL operation. S3 Batch Operations passes every object to the underlying PutObjectAcl API operation. For more information about the parameters for this operation, see PutObjectAcl.

Members

AccessControlPolicy

: Type: S3AccessControlPolicy structure

S3SetObjectLegalHoldOperation

Description

This functionality is not supported by directory buckets.

Members

LegalHold

: Required: Yes
: Type: S3ObjectLockLegalHold structure

Contains the Object Lock legal hold status to be applied to all objects in the Batch Operations job.

S3SetObjectRetentionOperation

Description

This functionality is not supported by directory buckets.

Members

BypassGovernanceRetention

: Type: boolean

Indicates if the action should be applied to objects in the Batch Operations job even if they have Object Lock GOVERNANCE type in place.

Retention

: Required: Yes
: Type: S3Retention structure

Contains the Object Lock retention mode to be applied to all objects in the Batch Operations job. For more information, see Using S3 Object Lock retention with S3 Batch Operations in the Amazon S3 User Guide.

S3SetObjectTaggingOperation

Description

Contains the configuration parameters for a PUT Object Tagging operation. S3 Batch Operations passes every object to the underlying PutObjectTagging API operation. For more information about the parameters for this operation, see PutObjectTagging.

Members

TagSet

: Type: Array of S3Tag structures

S3Tag

Description

A container for a key-value name pair.

Members

Key

: Required: Yes
: Type: string

Key of the tag

Value

: Required: Yes
: Type: string

Value of the tag

SSEKMS

Description

Members

KeyId

: Required: Yes
: Type: string

A container for the ARN of the SSE-KMS encryption. This property is read-only and follows the following format: arn:aws:kms:us-east-1:example-account-id:key/example-9a73-4afc-8d29-8f5900cef44e

SSEKMSEncryption

Description

Configuration for the use of SSE-KMS to encrypt generated manifest objects.

Members

KeyId

: Required: Yes
: Type: string

Specifies the ID of the Amazon Web Services Key Management Service (Amazon Web Services KMS) symmetric encryption customer managed key to use for encrypting generated manifest objects.

SSES3

Description

Members

SSES3Encryption

Description

Configuration for the use of SSE-S3 to encrypt generated manifest objects.

Members

SelectionCriteria

Description

Members

Delimiter

: Type: string

A container for the delimiter of the selection criteria being used.

MaxDepth

: Type: int

The max depth of the selection criteria

MinStorageBytesPercentage

: Type: double

The minimum number of storage bytes percentage whose metrics will be selected.

You must choose a value greater than or equal to 1.0.

SourceSelectionCriteria

Description

A container that describes additional filters for identifying the source objects that you want to replicate. You can choose to enable or disable the replication of these objects.

Members

ReplicaModifications

: Type: ReplicaModifications structure

To replicate object metadata modifications on replicas, you can specify this element and set the Status of this element to Enabled.

You must enable replica modification sync on the source and destination buckets to replicate replica metadata changes between the source and the replicas.

SseKmsEncryptedObjects

: Type: SseKmsEncryptedObjects structure

A filter that you can use to select Amazon S3 objects that are encrypted with server-side encryption by using Key Management Service (KMS) keys. If you include SourceSelectionCriteria in the replication configuration, this element is required.

This is not supported by Amazon S3 on Outposts buckets.

SseKmsEncryptedObjects

Description

A container for filter information that you can use to select S3 objects that are encrypted with Key Management Service (KMS).

This is not supported by Amazon S3 on Outposts buckets.

Members

Status

: Required: Yes
: Type: string

Specifies whether Amazon S3 replicates objects that are created with server-side encryption by using an KMS key stored in Key Management Service.

StorageLensAwsOrg

Description

The Amazon Web Services organization for your S3 Storage Lens.

Members

Arn

: Required: Yes
: Type: string

A container for the Amazon Resource Name (ARN) of the Amazon Web Services organization. This property is read-only and follows the following format: arn:aws:organizations:us-east-1:example-account-id:organization/o-ex2l495dck

StorageLensConfiguration

Description

A container for the Amazon S3 Storage Lens configuration.

Members

AccountLevel

: Required: Yes
: Type: AccountLevel structure

A container for all the account-level configurations of your S3 Storage Lens configuration.

AwsOrg

: Type: StorageLensAwsOrg structure

A container for the Amazon Web Services organization for this S3 Storage Lens configuration.

DataExport

: Type: StorageLensDataExport structure

A container to specify the properties of your S3 Storage Lens metrics export including, the destination, schema and format.

Exclude

: Type: Exclude structure

A container for what is excluded in this configuration. This container can only be valid if there is no Include container submitted, and it's not empty.

Id

: Required: Yes
: Type: string

A container for the Amazon S3 Storage Lens configuration ID.

Include

: Type: Include structure

A container for what is included in this configuration. This container can only be valid if there is no Exclude container submitted, and it's not empty.

IsEnabled

: Required: Yes
: Type: boolean

A container for whether the S3 Storage Lens configuration is enabled.

StorageLensArn

: Type: string

The Amazon Resource Name (ARN) of the S3 Storage Lens configuration. This property is read-only and follows the following format: arn:aws:s3:us-east-1:example-account-id:storage-lens/your-dashboard-name

StorageLensDataExport

Description

A container to specify the properties of your S3 Storage Lens metrics export, including the destination, schema, and format.

Members

CloudWatchMetrics

: Type: CloudWatchMetrics structure

A container for enabling Amazon CloudWatch publishing for S3 Storage Lens metrics.

S3BucketDestination

: Type: S3BucketDestination structure

A container for the bucket where the S3 Storage Lens metrics export will be located.

This bucket must be located in the same Region as the storage lens configuration.

StorageLensDataExportEncryption

Description

A container for the encryption of the S3 Storage Lens metrics exports.

Members

SSEKMS

: Type: SSEKMS structure

SSES3

: Type: SSES3 structure

StorageLensGroup

Description

A custom grouping of objects that include filters for prefixes, suffixes, object tags, object size, or object age. You can create an S3 Storage Lens group that includes a single filter or multiple filter conditions. To specify multiple filter conditions, you use AND or OR logical operators.

Members

Filter

: Required: Yes
: Type: StorageLensGroupFilter structure

Sets the criteria for the Storage Lens group data that is displayed. For multiple filter conditions, the AND or OR logical operator is used.

Name

: Required: Yes
: Type: string

Contains the name of the Storage Lens group.

StorageLensGroupArn

: Type: string

Contains the Amazon Resource Name (ARN) of the Storage Lens group. This property is read-only.

StorageLensGroupAndOperator

Description

A logical operator that allows multiple filter conditions to be joined for more complex comparisons of Storage Lens group data.

Members

MatchAnyPrefix

: Type: Array of strings

Contains a list of prefixes. At least one prefix must be specified. Up to 10 prefixes are allowed.

MatchAnySuffix

: Type: Array of strings

Contains a list of suffixes. At least one suffix must be specified. Up to 10 suffixes are allowed.

MatchAnyTag

: Type: Array of S3Tag structures

Contains the list of object tags. At least one object tag must be specified. Up to 10 object tags are allowed.

MatchObjectAge

: Type: MatchObjectAge structure

Contains DaysGreaterThan and DaysLessThan to define the object age range (minimum and maximum number of days).

MatchObjectSize

: Type: MatchObjectSize structure

Contains BytesGreaterThan and BytesLessThan to define the object size range (minimum and maximum number of Bytes).

StorageLensGroupFilter

Description

The filter element sets the criteria for the Storage Lens group data that is displayed. For multiple filter conditions, the AND or OR logical operator is used.

Members

And

: Type: StorageLensGroupAndOperator structure

A logical operator that allows multiple filter conditions to be joined for more complex comparisons of Storage Lens group data. Objects must match all of the listed filter conditions that are joined by the And logical operator. Only one of each filter condition is allowed.

MatchAnyPrefix

: Type: Array of strings

Contains a list of prefixes. At least one prefix must be specified. Up to 10 prefixes are allowed.

MatchAnySuffix

: Type: Array of strings

Contains a list of suffixes. At least one suffix must be specified. Up to 10 suffixes are allowed.

MatchAnyTag

: Type: Array of S3Tag structures

Contains the list of S3 object tags. At least one object tag must be specified. Up to 10 object tags are allowed.

MatchObjectAge

: Type: MatchObjectAge structure

Contains DaysGreaterThan and DaysLessThan to define the object age range (minimum and maximum number of days).

MatchObjectSize

: Type: MatchObjectSize structure

Contains BytesGreaterThan and BytesLessThan to define the object size range (minimum and maximum number of Bytes).

Or

: Type: StorageLensGroupOrOperator structure

A single logical operator that allows multiple filter conditions to be joined. Objects can match any of the listed filter conditions, which are joined by the Or logical operator. Only one of each filter condition is allowed.

StorageLensGroupLevel

Description

Specifies the Storage Lens groups to include in the Storage Lens group aggregation.

Members

SelectionCriteria

: Type: StorageLensGroupLevelSelectionCriteria structure

Indicates which Storage Lens group ARNs to include or exclude in the Storage Lens group aggregation. If this value is left null, then all Storage Lens groups are selected.

StorageLensGroupLevelSelectionCriteria

Description

Indicates which Storage Lens group ARNs to include or exclude in the Storage Lens group aggregation. You can only attach Storage Lens groups to your Storage Lens dashboard if they're included in your Storage Lens group aggregation. If this value is left null, then all Storage Lens groups are selected.

Members

Exclude

: Type: Array of strings

Indicates which Storage Lens group ARNs to exclude from the Storage Lens group aggregation.

Include

: Type: Array of strings

Indicates which Storage Lens group ARNs to include in the Storage Lens group aggregation.

StorageLensGroupOrOperator

Description

A container element for specifying Or rule conditions. The rule conditions determine the subset of objects to which the Or rule applies. Objects can match any of the listed filter conditions, which are joined by the Or logical operator. Only one of each filter condition is allowed.

Members

MatchAnyPrefix

: Type: Array of strings

Filters objects that match any of the specified prefixes.

MatchAnySuffix

: Type: Array of strings

Filters objects that match any of the specified suffixes.

MatchAnyTag

: Type: Array of S3Tag structures

Filters objects that match any of the specified S3 object tags.

MatchObjectAge

: Type: MatchObjectAge structure

Filters objects that match the specified object age range.

MatchObjectSize

: Type: MatchObjectSize structure

Filters objects that match the specified object size range.

StorageLensTag

Description

Members

Key

: Required: Yes
: Type: string

Value

: Required: Yes
: Type: string

SubmitMultiRegionAccessPointRoutesRequest

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID for the owner of the Multi-Region Access Point.

Mrap

: Required: Yes
: Type: string

The Multi-Region Access Point ARN.

RouteUpdates

: Required: Yes
: Type: Array of MultiRegionAccessPointRoute structures

The different routes that make up the new route configuration. Active routes return a value of 100, and passive routes return a value of 0.

Tag

Description

An Amazon Web Services resource tag that's associated with your S3 resource. You can add tags to new objects when you upload them, or you can add object tags to existing objects.

This operation is only supported for S3 Storage Lens groups and for S3 Access Grants. The tagged resource can be an S3 Storage Lens group or S3 Access Grants instance, registered location, or grant.

Members

Key

: Required: Yes
: Type: string

The key of the key-value pair of a tag added to your Amazon Web Services resource. A tag key can be up to 128 Unicode characters in length and is case-sensitive. System created tags that begin with aws: aren’t supported.

Value

: Required: Yes
: Type: string

The value of the key-value pair of a tag added to your Amazon Web Services resource. A tag value can be up to 256 Unicode characters in length and is case-sensitive.

TagResourceRequest

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID that created the S3 resource that you're trying to add tags to or the requester's account ID.

ResourceArn

: Required: Yes
: Type: string

The Amazon Resource Name (ARN) of the S3 resource that you're trying to add tags to. The tagged resource can be an S3 Storage Lens group or S3 Access Grants instance, registered location, or grant.

Tags

: Required: Yes
: Type: Array of Tag structures

The Amazon Web Services resource tags that you want to add to the specified S3 resource.

Tagging

Description

Members

TagSet

: Required: Yes
: Type: Array of S3Tag structures

A collection for a set of tags.

TooManyRequestsException

Description

Members

Message

: Type: string

TooManyTagsException

Description

Amazon S3 throws this exception if you have too many tags in your tag set.

Members

Message

: Type: string

Transition

Description

Specifies when an object transitions to a specified storage class. For more information about Amazon S3 Lifecycle configuration rules, see Transitioning objects using Amazon S3 Lifecycle in the Amazon S3 User Guide.

Members

Date

: Type: timestamp (string|DateTime or anything parsable by strtotime)

Indicates when objects are transitioned to the specified storage class. The date value must be in ISO 8601 format. The time is always midnight UTC.

Days

: Type: int

Indicates the number of days after creation when objects are transitioned to the specified storage class. The value must be a positive integer.

StorageClass

: Type: string

The storage class to which you want the object to transition.

UpdateAccessGrantsLocationRequest

Members

AccessGrantsLocationId

: Required: Yes
: Type: string

If you are passing the default location, you cannot create an access grant for the entire default location. You must also specify a bucket or a bucket and prefix in the Subprefix field.

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID of the S3 Access Grants instance.

IAMRoleArn

: Required: Yes
: Type: string

The Amazon Resource Name (ARN) of the IAM role for the registered location. S3 Access Grants assumes this role to manage access to the registered location.

UpdateStorageLensGroupRequest

Members

AccountId

: Required: Yes
: Type: string

The Amazon Web Services account ID of the Storage Lens group owner.

Name

: Required: Yes
: Type: string

The name of the Storage Lens group that you want to update.

StorageLensGroup

: Required: Yes
: Type: StorageLensGroup structure

The JSON file that contains the Storage Lens group configuration.

VersioningConfiguration

Description

Describes the versioning state of an Amazon S3 on Outposts bucket. For more information, see PutBucketVersioning.

Members

MFADelete

: Type: string

Specifies whether MFA delete is enabled or disabled in the bucket versioning configuration for the S3 on Outposts bucket.

Status

: Type: string

Sets the versioning state of the S3 on Outposts bucket.

VpcConfiguration

Description

The virtual private cloud (VPC) configuration for an access point.

Members

VpcId

: Required: Yes
: Type: string

If this field is specified, this access point will only allow connections from the specified VPC ID.

AWS S3 Control 2018-08-20

Operation Summary

Paginators

Operations

AssociateAccessGrantsIdentityCenter

Parameter Syntax

Parameter Details

Members

Result Syntax

Result Details

Errors

CreateAccessGrant

Parameter Syntax

Parameter Details

Members

Result Syntax

Result Details

Members

Errors

CreateAccessGrantsInstance

Parameter Syntax

Parameter Details

Members

Result Syntax

Result Details

Members

Errors

CreateAccessGrantsLocation

Parameter Syntax

Parameter Details

Members

Result Syntax

Result Details

Members

Errors

CreateAccessPoint

Parameter Syntax

Parameter Details

Members

Result Syntax

Result Details

Members

Errors

CreateAccessPointForObjectLambda

Parameter Syntax

Parameter Details

Members

Result Syntax

Result Details

Members

Errors

CreateBucket

Parameter Syntax

Parameter Details

Members

Result Syntax

Result Details

Members

Errors

CreateJob

Parameter Syntax

Parameter Details

Members

Result Syntax

Result Details

Members

Errors

CreateMultiRegionAccessPoint

Parameter Syntax

Parameter Details

Members

Result Syntax

Result Details

Members

Errors

CreateStorageLensGroup

Parameter Syntax

Parameter Details

Members

Result Syntax